Skip to content
Technote
Search for:
Search
Home
Microsoft
EMS MDM
Windows Fundamental
Windows Server
Powershell
Group Policy
Cisco
Web
Linux
Networking
Networking
Cyber Security
Web Coding
CATEGORIES
Microsoft
Microsoft Server and Related exames
READ MORE
Networking
Networking, Cisco, Juniper, security
READ MORE
Coding
Hosting, database, Python, WordPress
READ MORE
Security
Penetration test and defend
READ MORE
Linux
Releash the power of Penguin
READ MORE
Database
There are enough fishes here~
READ MORE
Latest posts
monitor Aruba AP status With PRTG
September 21, 2022
With the PRTG you can check if the APs are online and their CPU usage. First add a device with the controller’s IP address. Under the device, add a sensor. Type SNMP in the search box, then find “SNMP Custom Table” The OID can be found in this doc: https://www.arubanetworks.com/techdocs/Instant_423_WebHelp/Content/Aruba%20Instant%20MIB%20Reference%20Guide.pdf The table is called “ai Access Point Table”, and the OID is 1.3.6.1.4.1.14823.2.3.3.1.2.1 After the search, you will see the table below, the 1.1 is the MAC address, 1.2 is the name, and 1.3 is the IP address. What I really care about is the 1.7 CPU usage: Select below and edit: Identification Column: 1.3.6.1.4.1.14823.2.3.3.1.2.1.1.2 , which is the AP name Channel #1 Name: CPU% Channel #1 column: 1.3.6.1.4.1.14823.2.3.3.1.2.1.1.7 Channel #1 Unit: Percent Leave other fields as default, and click “Create” Now you can create a map and add those sensors to the location. ...
Read more...
Windows log with Graylog 4
September 15, 2022
Config in graylog Go to System > Inputs, click “Select input” dropdown, and select “GELF UDP.” Tick “Global”. Give it a Title: windows Events Bind address, leave it as 0.0.0.0 Port: give it anything legal, I will choose 3514, which prepends a 3 to syslog port 514. leave others as default. Since your graylog is listening to port 3514, you need to allow it on firewall: on Centos: type: firewall-cmd --zone=public --permanent --add-port=3514/udp firewall-cmd --reload Config on Windows: Download and install nxlog, navigate to C:\Program Files\nxlog\conf\nxlog.conf Panic Soft #NoFreeOnExit TRUE define ROOT C:\Program Files\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf\nxlog.d define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data <Extension _syslog> Module xm_syslog </Extension> <Extension _charconv> Module xm_charconv AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32 </Extension> <Extension _exec> Module xm_exec </Extension> #<Extension _fileop> # Module xm_fileop # Check the size of our log file hourly, rotate if larger than 5MB # <Schedule> # Every 1 hour # Exec if (file_exists('%LOGFILE%') and \ # (file_size('%LOGFILE%') >= 5M)) \ # file_cycle('%LOGFILE%', 8); # </Schedule> #Below for windows event viewer <Extension _gelf> Module xm_gelf </Extension> <Input eventlog> Module im_msvistalog <Schedule> Every 5 min First 2022-09-14 09:00:00 Exec log_info("scheduled execution at " + now()); </Schedule> ##Below query can be copied from event viewer,"filter current custom view" > under filter tab, select the filter, go to XML tab, and copy. <QueryXML> <QueryList> <Query Id='1'> <Select Path='Application'>*]</Select> <Select Path="Security">*]</Select> <Select Path="System">*]</Select> </Query> </QueryList> </QueryXML> </Input> <Output graylog> #Enter the IP address and the the port on which the syslog server is listening to. Module om_udp Host 192.168.61.116 Port 3514 OutputType GELF </Output> #the path here is from the name of the <Input> above to the name of the <Output> , so it is eventlog =>graylog <Route graylog_route> Path eventlog => graylog </Route> After you save the config file, restart the nxlog service. Email notification: Email transport sudo vi /etc/graylog/server/server.conf transport_email_enabled = true #This is important! transport_email_hostname = smtp.gmail.com 319 #Take note of this address! transport_email_port = 465 #Yours may vary transport_email_use_auth = true transport_email_use_tls = true transport_email_use_ssl = true transport_email_auth_username = specialaccount@yourdomain.tld #This is an account you’ve created for the purpose of sending automated emails transport_email_auth_password = Y0urPassw0rd! transport_email_subject_prefix = transport_email_from_email = graylog@example.com Once you finish the above, close the text file and run: $ sudo systemctl graylog-server restart Modify field let’s say you want to modify the hostname from DC01.mydomain.com.au to DC01, given that you only have a single domain, and want the dashboard to be nice and neat. System > inputs click “manage extractors” button. Then click “Get started” button, select an input, select an input you created before, click button “Load Message” Then click “select extractor type” after the source message field, then click “Regular expression”. On the top it will show the original message: DC01.mydomain.com.au. modify below. In the regular expression box, type: (.*?)\. Store as field: source Extractor title: Extract Hostname from FQDN Click “Create extractor” Configure Pipelines Pipelines can be used to drop messages, remove field, and much more, see here for the functions: https://archivedocs.graylog.org/en/2.2/pages/pipelines/functions.html#drop-message I will use a drop message as an example here: I want to drop message with full_message field containing keywords “CN=ADFS ProxyTrust – NHSADFSWAP” Create a rule To do so, Click System > pipelines, then click the “Manage Rules” button, then click “Create Rule” button. In the description box, type a descriptive title. In the Rule source, type below: rule "Drop ADFS ProxyTrust - NHSADFSWAP Messages" when contains(to_string($message.full_message),"CN=ADFS ProxyTrust - NHSADFSWAP") then drop_message(); end Then click Save & Close. Add pipelines Click Manage Pipelines button at the top right corner, Then click “Add new pipeline”, type a Title and description, click save, now you are in the pipeline edit page. Click the “edit connections” button, select a stream, by default it is “All messages”, click save. Then click “Add new stage”, and select the “Stage rules”, find the rule you created above, click save. ...
Read more...
VLANs for Wireless controller, AP, and switches in Ubiquiti
September 6, 2022
Tagging and Untagging Traffic So, how does VLAN traffic get tagged on UniFi? In short, the UniFi access point (AP) tags packets when they go out from WLAN to wire. When tagged traffic comes in from the wire, it will untag it and forward it to WLAN. Take in consideration the following points: Traffic initiated from the AP is untagged and sent through br0 (or bond0 if link aggregation is enabled). This includes management traffic and RADIUS traffic, as described below: AP <-> UniFi Network application (management traffic) AP <-> RADIUS (when WPA-EAP is used) Traffic from WLAN without VLAN configured is untagged (the athX is bridged to br0). Traffic from WLAN with VLAN configured is always tagged (athX bridged to br0.VLAN to eth0.VLAN): AP <-> RADIUS (when WPA Enterprise is used) Station -> AP (tags) -> switch Station <- AP (untags) <- switch Whether it’s redirected (to the guest portal) doesn’t matter. When WLAN is configured with VLAN, the traffic will be tagged when it leaves the AP. However, after traffic is tagged by the AP, it’s up to you where it should be passed upstream. EXAMPLE Management network: 10.1.0.0/24 Guest VLAN network: 10.2.0.0/24 Switch AP connected to port 5 (VLAN 1-untagged and VLAN 5-tagged) Ubuntu connected to port 1 (VLAN 1-untagged and VLAN 5-tagged) UniFi Network application connected to port 8 (VLAN 1-untagged): usually a windows/linux machine, which pushes out the configure to AP via vlan1 (management network) Ubuntu (acting as a Router) eth0: 10.1.0.2/24, routable to the Internet (gateway 10.1.0.1) eth0.5: 10.2.0.1/24, NATed to eth0 UniFi Network application is at 10.1.0.26. Guest Portals and VLANs It’s natural to think of a VLAN when guest access is mentioned since guests placed in their own VLAN, are isolated from other parts of the network. However, there are a few technical details worth mentioning talk about. Let’s start with the basic VLAN deployment where the guest portal is not enabled: UniFi AP tags WLAN->wire traffic. AP-UniFi Network application is untagged. UniFi Network application is likely running on untagged interface. ...
Read more...
Monitor user presence with Microsoft graph and powershell.
September 2, 2022
Install the module: Install-Module -Name MSAL.PS First get the access token: #Provide your Office 365 Tenant Domain Name or Tenant Id $TenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" #Used the Microsoft Graph PowerShell app id. You can create and use your own Azure AD App id if needed. $AppClientId="14d82eec-204b-4c2f-b7e8-xxxxxxxx" $MsalParams = @{ ClientId = $AppClientId TenantId = $TenantId Scopes = "https://graph.microsoft.com/Presence.Read.All" } $MsalResponse = Get-MsalToken @MsalParams $AccessToken = $MsalResponse.AccessToken Copy the token and use it for later use, which looks like eyJ0eXAiOxxxxxxxxxxxxxxxx $AccessToken="eyJ0eXAiOxxxxxxxxxxxxxxxx" #Form request headers with the acquired $AccessToken $headers = @{'Content-Type'="application\json";'Authorization'="Bearer $AccessToken"} #Provide the required user's ObjectId to check the presence status, which can be find in the Azure AD $UserId = "2856880d-8a22-4f72-b05e-810879dfd7fc" #This request gets the online presence status of the given user $ApiUrl = "https://graph.microsoft.com/v1.0/users/$UserId/presence" #Get the presence status $Response = Invoke-RestMethod -Method GET -Uri $ApiUrl -ContentType "application\json" -Headers $headers if($Response -ne $null){ write-host "THe status is: " $Response.availability Exit 0 } This script can also be used to check if Teams service is available Reference https://developer.microsoft.com/en-us/graph/graph-explorer...
Read more...
Adjust Wifi Roaming sensitivity with Intel wifi adopters
August 2, 2022
With Intel wifi adopters, you can adjust the roaming sensitivity. Open Device Manager. Locate Network Adapters. Select your network or wireless device Right-click > Properties > Select the Advanced tab. Scroll down the Property list till you see Roaming Aggressiveness or Roaming Sensitivity. Next, under the Value drop-down, you will see the following options: Lowest: Your device will not roam. Medium-Low: Roaming is allowed. Medium: It is a balanced setting between roaming and performance. Medium-High: Roaming is more frequent. Highest: The device continuously tracks the WiFi quality. If any degradation occurs, it tries to find and roam to a better access point. Select Medium-High or High. to improve your Wi-Fi performance. With enterprise, you may want to configure this with Powershell, and then deploy with GPO or Intune: $WifiNetworks = Get-NetAdapter | Where-Object PhysicalMediaType -eq "Native 802.11" foreach($net in $WifiNetworks){ Set-NetAdapterAdvancedProperty -Name $net.Name -DisplayName "Roaming Aggressiveness" -DisplayValue "4. Medium-High" } With the similar method, you can set the preferred band to 5GHZ: Set-NetAdapterAdvancedProperty -Name $net.Name -DisplayName “Preferred Band” -DisplayValue “3. Prefer 5GHz band” Keep in mind there is a space between the full stop and Medium-High....
Read more...
Export Teams membership to a CSV file
July 12, 2022
As teams is a popular collaboration tool in many companies’ schools, reporting on the team’s membership has become necessary. Properties of member: UserId: 32 chars User: the UPN format, such as frank@frankfu.click Name: display name, usually in the format of Firstname lastname Role: could be owner, member, guest below script generate a CSV file for each team. $userid = "admin@yourdomain.com" $Creds = Get-Credential $userid Connect-MicrosoftTeams -Credential $Creds #generate array for custom object $teamsinfo = @() #get all teams from organisation $teams = Get-Team | where-object {$_.DisplayName -like ("2022*")} ForEach ($team in $teams) { $displayname = ($team.DisplayName) $Description = ($team.Description) $groupid = $team.groupid $displayname = ($team.DisplayName) $members = Get-TeamUser -GroupId $groupid -Role Member $CSVPath = "C:\Temp\"+$displayname +".csv" Write-Host "Group Name:" $displayname -ForegroundColor Green $OutArray = @() foreach ($member in $members) { $member_name = $member.Name.ToString() echo $member_name $member = $member.User.ToString() echo $member $OutArray += New-Object PsObject -Property @{ 'Display name' = $member_name 'EmailAddress' = $member } } $OutArray | Export-Csv $CSVPath -NoTypeInformation } #Remove the session Remove-PSSession $Session...
Read more...
Setup OutofOffice message on 3CX
June 15, 2022
To setup a central voice message, you can do following: Record a short message in wav format: Format: WAV Channel: Mono Bit rate: 8 kHz Sampling: 16 bit https://www.3cx.com/docs/converting-wav-file/ Create a digital receptionist Click Digital Receptionists, click Add button. Give it a name, click +Add and find the wav file you created. Under Menu options, leave nothing for all keys. If no input within seconds: type 1. Action select End Call. Click OK to save. Basically we don’t want anyone to have time to select, just want to leave a out of office message. Edit inbound rule Go to inbound rules, click the existing rule for your number. Destination for calls outside office hours: select the ext number you created for the digital receptionist above. Set up Specific Office Hours for this rule: setup your schedule....
Read more...
HP LaserJet Pro MFP scan to network folder not working
June 14, 2022
The scan to network folder stopped working since the weekend. No problem with printing. Could login the web interface 192.168.0.79 Thought would be the firmware update, so downloaded the utility from HP website. The scan showing the IP address of the printer is 169.254.219.115. which is really weird. So went to the network > wired (802.3) > IPv4 Configuration > select Manual IP, and fill in the identical 192.168.0.79/24 into the box. Click Apply. Retry the scan , problem resolved! ...
Read more...
Intune – Drive mapping
June 7, 2022
How does it work The Microsoft Intune Management Extension is a service that runs on the device, just like any other service listed in the Services app (services.msc). After a device reboots, this service may also restart, and check for any assigned PowerShell scripts with the Intune service. For the shared drive mapping, it copy it to the location: c:\ProgramData\intune-drive-mapping-generator for most of the users. Then it will create a scheduled task, named IntuneDriveMapping, with below settings: Triggers: At log on, Any User, enabled. Actions: Start a program, Program/Script: c:\windows\system32\wscript.exe Add arguments: c:\ProgramData\intune-drive-mapping-generator\yourfilename.ps1 Create a script from this website: https://intunedrivemapping.azurewebsites.net/DriveMapping Don’t tick the remove stale drives, or else it will delete all other drives. Download the PowerShell script and name it as yourfilename.ps1. Then go to Microsoft Endpoint manager Admin Center. Go to Devices, Windows, Powershell Scripts. Click +Add: Basic: name, Example Drive mapping. click next Script settings: Script location, click Select a file, and upload the yourfilename.ps1. Leave the rest as No. Click next Assignment: under Included Groups, select the group you want to assign to. Click next Review + add: click add. Things you need to know: When scripts are set to user context and the end user has administrator rights, by default, the PowerShell script runs under the administrator privilege. End users aren’t required to sign in to the device to execute PowerShell scripts. The Intune management extension agent checks after every reboot for any new scripts or changes. After you assign the policy to the Azure AD groups, the PowerShell script runs, and the run results are reported. Once the script executes, it doesn’t execute again unless there’s a change in the script or policy. If the script fails, the Intune management extension agent retries the script three times for the next three consecutive Intune management extension agent check-ins. For shared devices, the PowerShell script will run for every new user that signs in. PowerShell scripts are executed before Win32 apps run. In other words, PowerShell scripts execute first. Then, Win32 apps execute. PowerShell scripts time out after 30 minutes....
Read more...
WordPress wp-config options
April 6, 2022
The most important file in any WordPress installation is the wp-config.php file. The wp-config.php file was originally named wp-config-sample.php. Renaming the file to wp-config.php is one of the first steps to installing WordPress. The wp-config file is typically stored in the root directory of WordPress. Alternatively, you can move the wp-config file out of the WordPress root directory and into the parent directory. So if your WordPress directory is located here, /public_html/my_website/wp-config.php you can safely move the file to here: /public_html/wp-config.php WordPress looks for the wp-config file in the root directory first, and if it can’t find that file it looks in the parent directory. This happens automatically so no settings need to be changed for this to work. Some options in WordPress are stored as constants and these can be seen in the wp-config.php file.The constraints all have the same format: define( 'OPTION_NAME', 'value' ); When adding new options to the wp-config.php file, it’s important the options are added above the line that reads: /* That's all, stop editing! Happy blogging. */ Installation When you install WordPress, make sure DB_NAME, DB_USER, and DB_PASSWORD options are correctly set for your database server. Also, verify that the DB_HOST name is set to the correct host for your server. Typically, this is set to localhost, but some hosting companies configure WordPress packages with web servers and MySQL servers on different machines, necessitating a hosting company-specific configuration option to locate the MySQL database. You can change the database character set (charset) by changing the DB_CHARSET option value. By default, this is set to utf8 (Unicode UTF-8), which supports any language, and is almost always the best option. Since WordPress 2.2, the DB_COLLATE option has allowed the designation of the database collation, that is, the sort order of the character set. (A character set is a collection of symbols that represents words in a language. The collation determines the order to use when sorting the character set, usually alphabetical order.) This option, by default, is blank and should typically stay that way. If you would like to change the database collation, just add the appropriate value for your language. Security Another security feature included in wp-config.php is the ability to define the database table prefix for WordPress. By default, this option value is set to wp_. You can change this value by setting the $table_prefix variable value to any prefi x, like so: $table_prefix = ‘onlinestore_’; WordPress security can be strengthened by setting secret keys in your wp-config.php fi le. A secret key is a hashing salt, which makes your site harder to hack by adding random elements (the salt) to the password you set. These keys aren’t required for WordPress to function, but they add an extra layer of security on your website. If you want to stop the WordPress from automatic update: require_once ABSPATH . 'wp-settings.php'; define( 'WP_AUTO_UPDATE_CORE', false ); WordPress Troubleshooting define( ‘WP_DEBUG’, false ); /** Absolute path to the WordPress directory. */ if ( ! defined( 'ABSPATH' ) ) { define( 'ABSPATH', __DIR__ . '/' ); } Advanced wp-config Options You can set additional advanced options in your wp-config file. These options are not in the wp-config file by default so you will need to manually add them to the file. To set your WordPress address and blog address, use the following two options: define( 'WP_SITEURL', 'http://example.com/wordpress' ); define( 'WP_HOME', 'http://example.com/wordpress' ); The WP_SITEURL option allows you to temporarily change the WordPress site URL. This does not alter the database option value for siteurl, but instead temporarily changes the value. If this option is removed, WordPress reverts back to using the siteurl database setting. The WP_HOME option works the exact same way, letting you temporarily change the home value for WordPress. Both values should include the full URL including http://. Version 2.6 introduced an option that allows you to move the wp-content directory. The two required options are: define( 'WP_CONTENT_DIR', $_SERVER .'/wordpress/blog/wp-content' ); define( 'WP_CONTENT_URL', 'http://domain.com/wordpress/blog/wp-content'); The WP_CONTENT_DIR option value is the full local path to your wp-content directory. The WP_CONTENT_URL is the full URI of this directory. Optionally, you can set the path to your plugins directory like so: define( 'WP_PLUGIN_DIR', $_SERVER . '/blog/wp-content/plugins' ); define( 'WP_PLUGIN_URL', 'http://example/blog/wp-content/plugins'); WP_PLUGIN_DIR and WP_PLUGIN_URL are options used by plugin developers to determine where your plugin folder resides. If a plugin developer is not using these constants, there is a very good chance their plugin will break if you move your wp-content directory. ...
Read more...
