Author Archives: Dom

About Dom

This is the biographical bit about myself! Well I'm a slave to technology and this it were I'm putting all the stuff I didn't quite figure out by-my-self at the time, so I have posted all the fixes!

SQL Firewall Rules | PowerShell

Add Windows Firewall exclusions for Microsoft SQL using PowerShell

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
#Enabling SQL Server Ports
New-NetFirewallRule -DisplayName “SQL Server” -Direction Inbound –Protocol TCP –LocalPort 1433 -Action allow
New-NetFirewallRule -DisplayName “SQL Admin Connection” -Direction Inbound –Protocol TCP –LocalPort 1434 -Action allow
New-NetFirewallRule -DisplayName “SQL Database Management” -Direction Inbound –Protocol UDP –LocalPort 1434 -Action allow
New-NetFirewallRule -DisplayName “SQL Service Broker” -Direction Inbound –Protocol TCP –LocalPort 4022 -Action allow
New-NetFirewallRule -DisplayName “SQL Debugger/RPC” -Direction Inbound –Protocol TCP –LocalPort 135 -Action allow
#Enabling SQL Analysis Ports
New-NetFirewallRule -DisplayName “SQL Analysis Services” -Direction Inbound –Protocol TCP –LocalPort 2383 -Action allow
New-NetFirewallRule -DisplayName “SQL Browser” -Direction Inbound –Protocol TCP –LocalPort 2382 -Action allow
#Enabling Misc. Applications
New-NetFirewallRule -DisplayName “HTTP” -Direction Inbound –Protocol TCP –LocalPort 80 -Action allow
New-NetFirewallRule -DisplayName “SSL” -Direction Inbound –Protocol TCP –LocalPort 443 -Action allow
New-NetFirewallRule -DisplayName “SQL Server Browse Button Service” -Direction Inbound –Protocol UDP –LocalPort 1433 -Action allow
#Enable Windows Firewall
Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow -NotifyOnListen True -AllowUnicastResponseToMulticast True

Windows Server 2016 | Remove WSUS (Completely)

Trying to completely remove WSUS isn’t as straight forward as uninstalling the role.
These steps are based on WSUS using the WID database (Not SQL)

In Summary:

  • Remove Windows Update Servers (WSUS) role & Windows Internal Database (WID)
  • Remove WSUS cache & Update Services directories
  • Remove WSUS website in IIS
  • Reboot

PowerShell:

Uninstall-WindowsFeature -Name UpdateServices,Windows-Internal-Database
Remove-Item –path D:\WSUS, C:\Windows\WID –recurse
Remove-Item –path C:\Users\MSSQL$MICROSOFT##WID
Remove-Item –path C:\Scripts, C:\Temp –recurse

Remove-Item –path C:\Program Files\Update Services –recurse 

Remove-WebSite -Name "WSUS Administration"
Restart-Computer

References: ServerFault

DFS | DFSR Removal of Staging Directory

After removing DFS shares on a server there may be some leftover files in the “DFSR” cache, this is a hidden location within the “System Volume Information”. This can be a tricky one to delete but can be completed using some CLI.

Take Ownership of folder

icacls "e:\system volume information" /grant Administrator:F

Remove Directory (Silent & whole directory tree)

rd "e:\system volume information\dfsr" /s /q

Dell PowerEdge Servers | Internal Dual SD Module (IDSDM) Failure

We are running Dell R620/630 servers with “Internal Dual SD Module” (IDSDM) for the VMware ESX installation.
Unfortunately SD card 1 recently developed a fault.
As the IDSDM is configured in a fail-over SD1 copies to SD2 therefore we had to swap the cards before performing the rebuild.

It is important to note a few IDSDM module behaviors: IDSDM White Paper

Mirror State Stored on the IDSDM module

The SD cards mirror state, along with the Disabled or Mirror mode for modular servers, is stored on the IDSDM module itself. This means that it is possible to move an IDSDM module between two systems and preserve the mirror; the BIOS will read the states from the cards during boot up and will reflect the state of the card in setup.

Master SD Card

The module design allows that either SD card slot can be the master; in the event of a tie between the two cards, then SD1 is picked as the master. For example, if two new SD cards are installed in the IDSDM while AC power is removed from the system, SD1 is considered the Active or master card in the mirror. SD2 is the backup card, and all file system IDSDM writes will go to both cards, but reads will occur only on SD1. If at any time SD1 fails or is removed, SD2 will automatically become the Active (master) card. The IDSDM module should not be serviced while AC power is present.

 


Continue reading

Windows 7/10 | Remotely logoff user (Instantly)

Useful in the event of having to log someone off remotely. (i.e. if a users AD account has been disabled and you want to prevent them from using the system urgently)

You must have local administrator access to complete this. This process will logoff the user instantly.

Run CMD (As Administrator)
Obtain the session ID:

quser /server:COMPUTERNAMEHERE

Logoff session ID:

logoff ID /server:COMPUTERNAMEHERE

Example

Creating AD Trust Relationship

Ports required for trust relationship:

  • 389 (TCP and UDP) – Directory, Replication, User and Computer Authentication, Group Policy, Trusts – LDAP
  • 636 (TCP) – Directory, Replication, User and Computer Authentication, Group Policy, Trusts – LDAP SSL
  • 3268 (TCP) – Directory, Replication, User and Computer Authentication, Group Policy, Trusts – LDAP GC
  • 3269 (TCP) – Directory, Replication, User and Computer Authentication, Group Policy, Trusts – LDAP GC SSL
  • 88 (TCP and UDP) – User and Computer Authentication, Forest Level Trusts – Kerberos
  • 53 (TCP and UDP) – User and Computer Authentication, Name Resolution, Trusts – DNS
  • 445 (TCP and UDP) – Replication, User and Computer Authentication, Group Policy, Trusts – SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc

Reference:

  • https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
    https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts

Draytek VPN to iPhone/iOS Setup

There’s a fairly quick and simple method to configure VPN from the Draytek to iPhone.

I’m configuring this on a Draytek 2860n-Plus but the same process applies to most Draytek interfaces.

If you don’t have a static IP then you can configure using a free DynDNS name from no-ip.org (Other dynamic DNS providers are also available)

This method is using L2TP with IPSEC. A guide to the various VPN types can be found on HowtoGeek

Draytek 2860 Setup

VPN and Remote Access -> VPN and Remote Access -> Remote Access Control”

Enable “IPsec” & “L2TP” VPN Services (These may already be enabled by default)

Continue reading

Windows 7 | Delete Offline File Cache CSC Folder

After carrying out a domain migration on a PC the “offline files cache” still retains a local cache for the previous domain.

Within “Offline Files” (Control Panel) there is an option to “Delete temporary files” but this does not remove the “All offline files” cache located in the “C:\Windows\CSC” folder

The workaround to fully remove these files (and start a new offline sync) is to add the “FormatDatabase” registry entry which forces deletion.

This command will add the registry entry. After which reboot the system and all offline files will be removed:

reg add HKLM\SYSTEM\CurrentControlSet\services\CSC\Parameters /v FormatDatabase /t REG_DWORD /d 1

DFS | Site Links, Server Target Prioritization & Reference Info

DFS Setup and Configuration Notes

I like DFS, the main issue I found is setting it up, tailoring it to your needs, debugging and configuring which can be a bit troublesome. I’ve spent a while trying to implement and tweak it for a large scale network (17 x Sites using DFS-N & DFS-R) I’ve list a number of articles/URLs which have proven useful on my DFS internet travels…


Continue reading

Obtaining local Passwords from Memory Dump

Outputting memory dump of Windows security sessions. (Obtaining passwords stored locally in cache). This can be run against a remote system to obtain password credential information. This requires “local administrator” rights on the remote PC being targeted.

Requires: PsExec & ProcDump

psexec \\computername -accepteula -s -c procdump -accepteula -ma -o lsass.exe \\server\logs\computername.log

Reference: https://cyberarms.wordpress.com/2015/03/16/grabbing-passwords-from-memory-using-procdump-and-mimikatz/

Remove Sharepoint Login Prompt in IE

We have a company SharePoint site which requires authentication information before logging on. This is a pain as the information displayed on the initial screen of SharePoint does not need to be restricted (Company Intranet).

Login “Annoying” Prompt:

In order to remove this you can modify the option in I.E. to use local logon credential (domain PCs):

  1. Tools/Internet Options/Security/Local Intranet/Sites
  2. Add the site in the list, click OK.
  3. Still in Local Intranet, click on “Custom Level”, scroll all the way to the bottom to User Authentication/Logon
  4. Click on “Automatic Logon with current user name and password”
  5. When the user logs to the site, make sure to select the checkmark “remember username/password” when the site asks for credentials

Trent AV | Tools & Commands

Transferring Trend OfficeScan Client from One Trend Console to Another

\\TrendAV01.domain.com\ofcscan\Admin\Utility\IpXfer\ipxfer.exe -s TrendAV01.domain.com -m 1 -p 8080 -c 49831

Transferring Trend OfficeScan Client from One Trend Console to Another REMOTELY

Download PSEXEC and copy to to C:\Windows\System32

psexec \\LaptopName -u Domain\ADMUSER -p Passw0rd -i "\\TrendAV01.domain.com\Trend_Antivirus\Tools\TrendClientMove_x86.bat"

TrendClientMove_x86.bat

@ECHO OFF
REM Modifies Trend Update Policy Server to use TRENDAV01.domain.com
\\TrendAV01.domain.com\ofcscan\Admin\Utility\IpXfer\ipxfer.exe -s TrendAV01.domain.com -m 1 -p 8080 -c 49831
Echo Update is now Complete!
Echo Click to Close 
Pause

TrendClientMove_x64.bat

@ECHO OFF
REM Modifies Trend Update Policy Server to use TRENDAV01.domain.com
\\TrendAV01.domain.com\ofcscan\Admin\Utility\IpXfer\ipxfer.exe -s TrendAV01.domain.com -m 1 -p 8080 -c 49831
Echo Update is now Complete!
Echo Click to Close 
Pause

Reseting OfficeScan Password:

Reference: Reset Officescan Password

Trend Uninstall Tools:

VMWare | “Unable to locate the required Sysprep files”

Yes the year is 2016! and Yes we are still converting Server 2003 onto VMware! (I know Server 2003 is dead and 13 years behind the times, but there are still some instances in our organisation that still require it for old bespoke software that can’t be easily moved to Server 2013/2016)

When converting a physical “Server 2003” machine to a virtual machine using VMware Converter this error displays:

“Warning: Unable to locate the required Sysprep files. Upload them under ‘C:\ProgramData\VMware vCentre Converter Standalone\sysprep\svr2003’ on the Converter server machine. See ‘Help’ for more details”

Continue reading

Change Windows 7 “Logon” Background

There’s two types of background images.

  1. Windows Desktop Backgrounds
  2. Windows Logon Backgrounds

This script will add the required flags and permissions to the registry and create the “dummy” jpg files which are used to display the “Logon” background. This is the screen which displays the user logon details (At “Logon”).

echo OFF
set bgfolder=%windir%\system32\oobe\Info\backgrounds\

REM Creates the backgrounds folder
md %bgfolder%

REM Creates the dummy background files
FOR %%f IN (backgroundDefault.jpg background1280x960.jpg background1024x768.jpg background1600x1200.jpg background1440x900.jpg background1920x1200.jpg background1280x768.jpg background1360x768.jpg background1024x1280.jpg background960x1280.jpg background900x1440.jpg background768x1280.jpg background768x1360.jpg) DO echo 2> %bgfolder%%%f 1> NUL

REM Gives all authenticated users the right to write these files
FOR %%f IN (backgroundDefault.jpg background1280x960.jpg background1024x768.jpg background1600x1200.jpg background1440x900.jpg background1920x1200.jpg background1280x768.jpg background1360x768.jpg background1024x1280.jpg background960x1280.jpg background900x1440.jpg background768x1280.jpg background768x1360.jpg) DO icacls %bgfolder%%%f /grant *S-1-5-11:(R,W,M)

REM Forces the use of the custom background permanently
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background /v OEMBackground /t REG_DWORD /d 1 /f
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\System /v UseOEMBackground /t REG_DWORD /d 1 /f

All you then need to do is add the background image you want to this folder directory: %windir%\system32\oobe\Info\backgrounds\