Upgrade Server 2019 Evaluation Edition to Standard Edition

DISM /Online /Set-Edition:ServerStandard /ProductKey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx /AcceptEula

Load MS Exchange Powershell snapin

Open regular POwershell and run:
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn

How to enable NETBIOS on Fortigate VPN

From the console:

config system interface
edit wan1
set netbios-forward enable

How To Know Which Process is Using a File or Folder in Windows

Resource Monitor

For Windows 7 and above, you can use the built-in Resource Monitor.

Open Resource Monitor, which can be found

  • By searching for resmon.exe in the start menu, or
  • As a button on the Performance tab in your Task Manager

From CPU tab, use the search field in the Associated Handles section

When you’ve found the handle, you can identify the process by looking at the Image and/or PID column. You can then close the application if you are able to do that, or just right-click the row and you’ll get the option of killing the process (End Process) right there.

Kill a process using PowerShell

Open PowerShell. If required, run it as Administrator.

Type the command Get-Process to see the list of running processes

To kill a process by its name, execute the following cmdlet: Stop-Process -Name “ProcessName” -Force

To kill a process by its PID, run the command: Stop-Process -ID PID -Force

Windows Server 2019 Activation from Evaluation

Activate and change the edition with the command on Power Shell:
DISM /online /Set-Edition:ServerStandard /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula

Enable the Password Reset Option in Exchange Server 2016

The easiest way to change the password of a user’s Microsoft Exchange mailbox is to use the Active Directory User and Computer (ADUC) console. You can also reset the password from the Exchange Admin Center, but this option is disabled by default. This article describes how to enable the password reset option in the Exchange Admin Center in Microsoft Exchange Server 2016.

1. Log in to exchange server with your admin credentials.

2. Open PowerShell with administrative privileges and execute the following three commands.

Add-pssnapin microsoft*



3. Log in to the Exchange Admin Center and click on Permissions.

Right-click ‘Organization Management’ and then click Edit.

Click the ‘+’ sign on the roles section. Select ‘Reset Password’ and then click Add. Click OK and then click Save.

4. Log out from the Exchange Admin Center.

5. When you log in again to the Exchange Admin Center and open any existing user mailbox properties, you should see the reset password option. 

Remotely update Ubiquiti AP

SSH to the device. You can get the IP addres from the controller screen. The default username/password is ubnt/ubnt.

upgrade https://dl.ui.com/unifi/firmware/U7PG2/

You can get the latest firmware from https://www.ui.com/download/

Remote Desktop (RDP) shortcut keys

Shortcut key Description
CTRL+ALT+HOME Activates the connection bar.
CTRL+ALT+BREAK or one of these shortcuts:

Switches the client between full-screen mode and window mode.
If these shortcuts don’t work, or the keys aren’t available, you can try the following alternative:

  • Press CTRL+ALT+HOME, TAB, TAB, TAB, TAB, TAB, ENTER. This activates the connection bar, and then presses the Restore down button.
CTRL+ALT+END Brings up the Windows Security dialog box for the Remote Desktop Session Host (RD Session Host) (provides the same functionality as pressing CTRL+ALT+DEL on the local computer).

The following table describes the standard Windows shortcut keys and their equivalent Remote Desktop shortcuts that are different. (For example, Ctrl+Z is generally the ‘Undo’ shortcut on both standard Windows and Remote Desktop.)

Table 2
Windows shortcut Remote Desktop shortcut Description
ALT+TAB ALT+PAGE UP Switches between programs from left to right.
ALT+SHIFT+TAB ALT+PAGE DOWN Switches between programs from right to left.
ALT+INSERT Cycles through the programs in the order they were started.
Windows key
ALT+HOME Displays the Start menu.
ALT+SPACE BAR ALT+DELETE Displays the system menu.
ALT+PRINT SCREEN CTRL+ALT+MINUS SIGN (-) Places a snapshot of the active window, within the client, on the clipboard.
PRINT SCREEN CTRL+ALT+PLUS SIGN (+) Places a snapshot of the entire client windows area on the clipboard .


Who is logged on to Windows RDP?

Open a command prompt and execute: query user /server:server-a


Windows backup drive is full

Windows does not manage backup space well. To manage the retained backups and not fill up the disk, run the following command from an elevated command prompt:

WBADMIN DELETE BACKUP -backuptarget:F: -keepVersions:30


To get the versions:

WBADMIN get versions


To delete the oldest backup version:


Examples of Phishing emails that could contain Ransomware

The FS-ISAC, or the Financial Services Information Sharing and Analysis Center, is the global financial industry’s go to resource for cyber and physical threat intelligence analysis and sharing. FS-ISAC is unique in that it was created by and for members and operates as a member-owned non profit entity.

Here are some examples of phishing emails that member banks have received over the past few days.  I’m sending them to you to familiarize you with the types of emails that you might receive.  If you DO receive any emails that appear suspicious, PLEASE notify the helpdesk, or Bill or myself.  Thank you.

YOU HAVE A PACKAGE WITH DHL  – DHL / Adobe Themed Phishing Email

An FS-ISAC member reported receiving a phishing e-mail purporting to be from DHL with the subject “YOU HAVE A PACKAGE WITH DHL”, containing a .pdf file attachment with an embedded URL that leads to an Adobe Online-themed credential harvesting site.

Important Account Notification – Capital One-Themed Phishing E-mail

An FS-ISAC member reported receiving a phishing e-mail purporting to be from Capital One with subject “Important Account Notification”, containing an embedded URL.

Closing Settlement Disclosure – Google Docs-Themed Phishing Email

An FS-ISAC member reported receiving a phishing e-mail with the subject “Helmsmortgage spreedsheet”, containing a .pdf file attachment with an embedded URL that leads to a Google Docs-themed credential harvesting site.

Electronic Shipping Documents Now Ready – NanoCore-RAT Phishing Email

An FS-ISAC member reported receiving a phishing e-mail with the subject “Electronic Shipping Documents Now Ready”, containing a malicious .ace file attachment that leads to Nanocore – Remote Access Trojan.

Inv <#####>  – Ursnif Phishing Emails

An FS-ISAC member reported receiving phishing e-mails with subject lines in the following format: “Inv <#####>”, containing a malicious .docx file attachment that leads to Ursnif malware.

Your Email Will Be Blocked. – Webmail-themed Phishing E-mail

An FS-ISAC member reported receiving phishing e-mails with the subject line “Your Email Will Be Blocked.”, containing an embedded URL that leads to a Webmail-themed credential harvesting site.

the exorcists list – Phishing E-mail

An FS-ISAC member reported receiving a phishing e-mail with the subject “the exorcists list” containing a suspicious .doc file attachement and URLs.

Re:invoice – Phishing E-mail

An FS-ISAC member reported receiving a phishing e-mail with the subject “Re:invoice”, containing a malicious .ace file attachment that leads to a Trojan.

Total messages: 23 – Phishing E-mail

An FS-ISAC member reported observing a phishing email with the subject “Total messages: 23” containing a malicious URL.

MyFax message from “<COMPANY NAME>” – 4 page(s), Caller-ID: 1-516-799-6300″ – Adwind – RAT Phishing E-mail

FS-ISAC members reported receiving phishing e-mails with the subject “MyFax message from “<COMPANY NAME>” – 4 page(s), Caller-ID: 1-516-799-6300″ containing a malicious .zip file attachment that leads to the Adwind – Remote Access Trojan.

Complaint Letter  – AutoIT Wrapped-Trojan Phishing Email

An FS-ISAC member received a phishing e-mail with the subject “Complaint Letter”, containing a malicious .zip file attachment that leads to AutoIT Wrapped – Trojan.

Active Partition Recovery

Accidentally deleted some files or even a partition? Has your data been lost due to a formatted drive? You will be able to retrieve pictures, music, movies and document files even if your drive letter has disappeared from the computer and need to get back all the files that resided there. Lsoft has several solutions to recover that very important data of yours: Active@ File Recovery,Active@ UNDELETE, Active@ Partition Recovery.

Active Partition Recovery

Active Partition Recovery

Use Robocopy to move shares with permissions.

robocopy source destination /E /ZB /DCOPY:T /COPYALL /R:1 /W:1 /V /TEE /LOG:Robocopy.log

Here’s what the switches mean:

source :: Source Directory (drive:\path or \\server\share\path).
destination :: Destination Dir (drive:\path or \\server\share\path).
/E :: copy subdirectories, including Empty ones.
/ZB :: use restartable mode; if access denied use Backup mode.
/DCOPY:T :: COPY Directory Timestamps.
/COPYALL :: COPY ALL file info (equivalent to /COPY:DATSOU). Copies the Data, Attributes, Timestamps, Ownser, Permissions and Auditing info
/R:n :: number of Retries on failed copies: default is 1 million but I set this to only retry once.
/W:n :: Wait time between retries: default is 30 seconds but I set this to 1 second.
/V :: produce Verbose output, showing skipped files.
/TEE :: output to console window, as well as the log file.
/LOG:file :: output status to LOG file (overwrite existing log).

Enable Remote Desktop Connection on Windows 7 Home Premium

Here’s the steps to get it working:

  1. Download W7-SP1-STM-RDP-v4.zip and extract it to a location on your PC.
  2. Navigate to the folder you just extracted and right click Install.cmd, then choose Run as administrator.
  3. You’ll get a window similar to the one below and you should now be good to go:

You can also enable multiple sessions per user, and the logging in of users with a blank password (although I wouldn’t recommend this). There are some switches that are available when running the program:

  • -? – Show this help
  • help – Same as -?
  • multi – Enable multiple sessions per user
  • blank – Enable remote log on for user accounts that are not password protected

So for example, if you wanted to enable multiple sessions per user:

  1. Go to start and find Command Prompt. Right click it and select Run as administrator.
  2. At the prompt type cd “c:\DIRECTORY\TO\EXTRACTED\FILES”
  3. The prompt should switch to c:\DIRECTORY\TO\EXTRACTED\FILES >
  4. Type: Install multi

Thanks to the guys over at Missing Remote for this hack.

Security lessons from the 2013 Verizon Data Breach Report

Verizon’s latest report on data breach statistics offers security pros a guide to the most persistent threats and where attention should be focused to defend against them.

Verizon has released the 2013 edition of their Data Breach Investigations Report (DBIR), an analysis of the data obtained from breach investigations that they and other organizations have performed during the previous year. The data for this report includes incidents from Verizon’s own investigations and 18 other organizations around the world, for a total of 621 confirmed data breaches and over 47,000 security incidents.

The report contains a wealth of information that paints a clear picture of the motives and techniques used by attackers to compromise their target organizations. It’s an interesting read and there are many lessons that can be found within.



Cyber attack on daily deal site

http://usat.ly/1214yE2 Cyber attack on popular daily deals site The attack impacts 50 million customers of the daily deal site.