Skip to content
Technote
Search for:
Search
Home
Microsoft
EMS MDM
Windows Fundamental
Windows Server
Powershell
Group Policy
Cisco
Web
Linux
Networking
Networking
Cyber Security
Web Coding
CATEGORIES
Microsoft
Microsoft Server and Related exames
READ MORE
Networking
Networking, Cisco, Juniper, security
READ MORE
Coding
Hosting, database, Python, WordPress
READ MORE
Security
Penetration test and defend
READ MORE
Linux
Releash the power of Penguin
READ MORE
Database
There are enough fishes here~
READ MORE
Latest posts
WordPress wp-config options
April 6, 2022
The most important file in any WordPress installation is the wp-config.php file. The wp-config.php file was originally named wp-config-sample.php. Renaming the file to wp-config.php is one of the first steps to installing WordPress. The wp-config file is typically stored in the root directory of WordPress. Alternatively, you can move the wp-config file out of the WordPress root directory and into the parent directory. So if your WordPress directory is located here, /public_html/my_website/wp-config.php you can safely move the file to here: /public_html/wp-config.php WordPress looks for the wp-config file in the root directory first, and if it can’t find that file it looks in the parent directory. This happens automatically so no settings need to be changed for this to work. Some options in WordPress are stored as constants and these can be seen in the wp-config.php file.The constraints all have the same format: define( 'OPTION_NAME', 'value' ); When adding new options to the wp-config.php file, it’s important the options are added above the line that reads: /* That's all, stop editing! Happy blogging. */ Installation When you install WordPress, make sure DB_NAME, DB_USER, and DB_PASSWORD options are correctly set for your database server. Also, verify that the DB_HOST name is set to the correct host for your server. Typically, this is set to localhost, but some hosting companies configure WordPress packages with web servers and MySQL servers on different machines, necessitating a hosting company-specific configuration option to locate the MySQL database. You can change the database character set (charset) by changing the DB_CHARSET option value. By default, this is set to utf8 (Unicode UTF-8), which supports any language, and is almost always the best option. Since WordPress 2.2, the DB_COLLATE option has allowed the designation of the database collation, that is, the sort order of the character set. (A character set is a collection of symbols that represents words in a language. The collation determines the order to use when sorting the character set, usually alphabetical order.) This option, by default, is blank and should typically stay that way. If you would like to change the database collation, just add the appropriate value for your language. Security Another security feature included in wp-config.php is the ability to define the database table prefix for WordPress. By default, this option value is set to wp_. You can change this value by setting the $table_prefix variable value to any prefi x, like so: $table_prefix = ‘onlinestore_’; WordPress security can be strengthened by setting secret keys in your wp-config.php fi le. A secret key is a hashing salt, which makes your site harder to hack by adding random elements (the salt) to the password you set. These keys aren’t required for WordPress to function, but they add an extra layer of security on your website. If you want to stop the WordPress from automatic update: require_once ABSPATH . 'wp-settings.php'; define( 'WP_AUTO_UPDATE_CORE', false ); WordPress Troubleshooting define( ‘WP_DEBUG’, false ); /** Absolute path to the WordPress directory. */ if ( ! defined( 'ABSPATH' ) ) { define( 'ABSPATH', __DIR__ . '/' ); } Advanced wp-config Options You can set additional advanced options in your wp-config file. These options are not in the wp-config file by default so you will need to manually add them to the file. To set your WordPress address and blog address, use the following two options: define( 'WP_SITEURL', 'http://example.com/wordpress' ); define( 'WP_HOME', 'http://example.com/wordpress' ); The WP_SITEURL option allows you to temporarily change the WordPress site URL. This does not alter the database option value for siteurl, but instead temporarily changes the value. If this option is removed, WordPress reverts back to using the siteurl database setting. The WP_HOME option works the exact same way, letting you temporarily change the home value for WordPress. Both values should include the full URL including http://. Version 2.6 introduced an option that allows you to move the wp-content directory. The two required options are: define( 'WP_CONTENT_DIR', $_SERVER .'/wordpress/blog/wp-content' ); define( 'WP_CONTENT_URL', 'http://domain.com/wordpress/blog/wp-content'); The WP_CONTENT_DIR option value is the full local path to your wp-content directory. The WP_CONTENT_URL is the full URI of this directory. Optionally, you can set the path to your plugins directory like so: define( 'WP_PLUGIN_DIR', $_SERVER . '/blog/wp-content/plugins' ); define( 'WP_PLUGIN_URL', 'http://example/blog/wp-content/plugins'); WP_PLUGIN_DIR and WP_PLUGIN_URL are options used by plugin developers to determine where your plugin folder resides. If a plugin developer is not using these constants, there is a very good chance their plugin will break if you move your wp-content directory. ...
Read more...
Hyper V – Set the VM replication schedule
March 27, 2022
# Manual resync Set-VMReplication -VMName “RESYNC VM” -AutoResynchronizeEnabled 0 # Automatic resync Set-VMReplication –VMName “RESYNC VM” -AutoResynchronizeEnabled 1 -AutoResynchronizeIntervalStart 00:00:00 -AutoResynchronizeIntervalEnd 23:59:59 # Scheduled resync Set-VMReplication –VMName “RESYNC VM” -AutoResynchronizeEnabled 1 -AutoResynchronizeIntervalStart 00:00:00 -AutoResynchronizeIntervalEnd 06:00:00...
Read more...
Hyper V
March 27, 2022
...
Read more...
Enable Hyper-V replication between two workgroup servers
March 27, 2022
Hyper-V replication is an essential ‘server availability’ tool for any organization. Whilst it is not a substitute for good backups; it will allow you to restore an up-to-date copy of your virtual servers very quickly, should your primary host hardware fail. In this tutorial, i have built two Windows 2012 R2 servers using a pair of old Dell Optiplex 580’s (AMD Phenom CPU, upgraded to 8GB RAM each), and a single 8 port Netgear GB switch. The Primary server name is: Truro The Secondary server name is: Exeter Lets get started… Step 1: Build your host servers Build two physical host servers – they need to be running the same version of Windows Server 2016, 2012 R2, or 2012 (which has less functionality). Install the Hyper-V role on both. Make sure both servers are fully patched though Windows update. See if any of the hyper-v hotfixes apply to your situation If you are doing this in a clustered environment, you will need to know the replication broker name on each cluster. Step 2: Download MakeCert Download makecert (extract from the full SDK), http://www.microsoft.com/en-us/download/details.aspx?id=8279 or, download both 32bit and 64bit versions from here (you’ll want 64bit): https://1drv.ms/u/s!AqcygLZtv7MtlbUm6aQj-b460K1ncw Step 3: Prepare the server directories On both servers, make the following file structure: C:\makecert C:\makecert\copy C:\makecert\import Copy makecert.exe to c:\makecert on both servers Step 4: Making the certificates Using an admin command prompt (do not use Powershell on server 2012 R2, or 2012). Run the following commands on the Primary Server: c:\makecert\makecert -pe -n "CN=PrimaryTestRootCA" -ss root -sr LocalMachine -sky signature -r "c:\makecert\PrimaryTestRootCA.cer" Then run this command (change the text in bold to match your server name); c:\makecert\makecert -pe -n "CN=TRURO" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "PrimaryTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 "c:\makecert\PrimaryTestCert.cer" If you’re using certificates in a domain environment, you will need to replace “CN=TRURO” with “CN=TRURO.DOMAIN.LOCAL” for this to work correctly. reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f On the primary server you will see the following: Next, run these commands on the Replica Server: c:\makecert\makecert -pe -n "CN=ReplicaTestRootCA" -ss root -sr LocalMachine -sky signature -r c:\makecert\ReplicaTestRootCA.cer" c:\makecert\makecert -pe -n "CN=EXETER" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "ReplicaTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 C:\makecert\ReplicaTestCert.cer If you’re using certificates in a domain environment, you will need to replace “CN=EXETER” with “CN=EXETER.DOMAIN.LOCAL” for this to work correctly. reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f On the replica server you will see the following: If you hit any issues at this stage; you can open a new mmc console, add the certificates snap in (local computer), head to Trusted Root Certification Authorities, Certificates. Find the ReplicaTestRootCA or PrimaryTestRootCA certificate and delete them, then re-running the above commands once corrected. Step 5: Export the certificates On both the primary and replica servers Launch an MMC click File > Add/Remove Snap-in… In the Add or Remove Snap-ins window, select Certificates from the Available Snap-ins list; Click Add >; the Certificates snap-in window will appear; In the Certificates snap-in window, click the Computer account radio button; click Next to continue; In the Select Computer window, make sure the Local computer radio button is clicked; then click Finish; In the Add or Remove Snap-ins window, click OK. In the Microsoft Management Console on the primary server, expose the contents of Certificates (Local Computer), which can be found under the Console Root directory: Expose the contents of the Personal directory; click the Certificates directory; Right-click on the Truro certificate – PrimaryTestRootCA.cer; in the context menu that appears, mouse over All Tasks >; In the sub-menu that appears, click Export… In the wizard, click next In the Certificate Export Wizard that appears, click the Yes, Export the private key radio button and click Next; Check and click next Enter a password, click next Export the key to to c:\makecert\copy\truroserver.pfx Click finish click ok Repeat the above steps for the Replica server (Exeter). Step 6: Import the certificates On the primary server (Truro) Copy: PrimaryTestCert PrimaryTestRootCA.cer TruroServer.pfx To the replica servers (Exeter) c:\makecert\import directory On the replica server (Exeter) Copy: ReplicaTestCert ReplicaTestRootCA.cer ExeterServer.pfx To the replica servers (Truro) c:\makecert\import directory This is what you should now see on your Primary server (Truro): run in admin cmd on Primary Server certutil -addstore -f Root C:\makecert\import\ReplicaTestRootCA.cer In the MMC on the primary server, make sure your still in Certificates (Local Computer) Personal directory; On the wizard that appears, click next. Advertisements REPORT THIS AD Navigate and select the exeterserver.pfx file (you’ll need to select the dropdown menu to all items before it will appear). Enter the password you set during the export Advertisements REPORT THIS AD Click next Click finish Advertisements REPORT THIS AD Click ok. Repeat for the Replica server (summary below): run in admin cmd on Replica Server certutil -addstore -f Root C:\makecert\import\PrimaryTestRootCA.cer In the MMC on the replica server, make sure your still in Certificates (Local Computer) Personal directory; Right click on Personal directory, mouse over All Tasks >; in the submenu that appears, click Import…; Locate the TruroServer.pfx file. enter the password (as per the export section) Step 7: Configuring Hyper-V replication On both primary and replica servers: In Hyper-V manager, right click on the host server and select Hyper-V settings (in a cluster, open Failover Cluster Manager, rmb on the Hyper-V Replica Broker and select replication settings). Advertisements REPORT THIS AD Select Replication Configuration Enabled as a Replica Server Check the box – Enable this computer as a replica server Select Use certificate-based Authentication (HTTPS) Select the Allow replication from any authenticated server check box. Then choose “Select Certificate…” Make sure Truro is selected. On the next screen, click ok. Step 8: Check the firewall settings Check the firewall rules are configured to allow hyperv replication. (Control Panel, Windows Firewall, Advanced). – both should have green ticks (if not, right click and enable). Repeat on the replica server. Step 9: Configuring the VM Configure replication on the VM (right click, enable replication) In the wizard, click next Enter the name of the replica server (ie Exeter) Select Certificate Select the vhds you wish to replicate (you may wish to exclude swap partition drives if you have those configured) Choose the replication frequency (30 seconds, 5 minutes or 15 minutes). choose whether you need any recovery points (useful if you need to roll back the server to a previous state). you may wish to seed the initial replica if your working on slow links. Review and confirm Step 10: Checking replication status and health Primary server status: Normal Right click on the VM – select view replication health Replication should be normal Original Post: Enable Hyper-V replication between two workgroup servers...
Read more...
Get password age and add user to group
March 17, 2022
##First we import the school provisioned with Laptop Model in the pager field function MSOLConnected { Get-MsolDomain -ErrorAction SilentlyContinue | out-null $result = $? return $result } Import-Module MSOnline if (-not (MSOLConnected)) { Connect-MSOLService } $Students_BYOD = Get-ADUser -Filter * -SearchBase “OU=2025,OU=Students,OU=NHS Users,DC=curric,DC=domain,DC=wan” $time_limit=(get-date).Date.AddDays(-54) #below foreach will export the users with password age larger than 54 days to a csv file. foreach($student_BYOD in $Students_BYOD){ #Get-MsolUser -UserPrincipalName $student_BYOD.userPrincipalName | select userprincipalname,LastPasswordChangeTimestamp,@{Name=”PasswordAge”;Expression={(Get-Date)-$_.LastPasswordChangeTimeStamp}} | sort-object PasswordAge -descending | Export-CSV D:\tmp\LastPasswordChange.csv -NoTypeInformation -Append #Get-MsolUser -UserPrincipalName $student_BYOD.userPrincipalName | select userprincipalname,LastPasswordChangeTimestamp,@{Name=”PasswordAge”;Expression={(Get-Date)-$_.LastPasswordChangeTimeStamp}} | Where-Object { $_.LastPasswordChangeTimeStamp -lt $time_limit} | Export-CSV D:\tmp\LastPasswordChange_17Mar.csv -NoTypeInformation -Append } #below foreach will add the users with password age larger than 54 days to a group. foreach($student_BYOD in $Students_BYOD){ # $student_BYOD = Get-MsolUser -UserPrincipalName $student_BYOD.userPrincipalName | Where-Object { $_.LastPasswordChangeTimeStamp -lt $time_limit} # $UPN = $student_BYOD.UserPrincipalName # echo $UPN # $student_BYOD_exp = Get-ADUser -Filter { UserPrincipalName -Eq $UPN } -Properties * # echo $student_BYOD_exp # Add-ADGroupMember -Identity “CN=Password_needs_reset,OU=Students,OU=NHS Groups,OU=Nossal HS,DC=curric,DC=domain,DC=wan” -Members $student_BYOD_exp } #Remove the session #Remove-PSSession $Session ...
Read more...
Add multiple proxyaddress to Ad Users
March 2, 2022
When you migrate to Office 365 from local AD, and keep a hybrid environment, you probably need to add proxyAddresses to all of AD users so that you can change my MX records. The below script will help you to add multiple records, such as SamAccountName@domain.name Get-ADUser -Filter * -SearchBase "OU=2024,OU=Students,OU=DC=domain,DC=name" | foreach-object { $Proxies = @("SMTP:$($_.sAMAccountName)@domain.name") $Proxies += "smtp:$($_.givenname).$($_.surname)@domain.name" $Proxies += "smtp:$($_.sAMAccountName)@domainname.mail.onmicrosoft.com" $Proxies += "smtp:$($_.sAMAccountName)@domainname.onmicrosoft.com" $_ | Set-ADuser -Replace @{ProxyAddresses = $Proxies} } ...
Read more...
Windows Service checker and start it on demand
February 23, 2022
Active Directory Federation Services and some other services like Zedmed API services are likely to stop after a power outage or accidental shutdown. We can create a script to check the status of it and start if required. Open Notepad, write below script, and change MyServiceName into your actual service name (such as adfssrv for Active Directory Federation Services): for /F "tokens=3 delims=: " %%H in ('sc query "MyServiceName" ^| findstr " STATE"') do ( if /I "%%H" NEQ "RUNNING" ( REM Put your code you want to execute here REM For example, the following line net start "MyServiceName" ) ) Step 1: Create a batch file you wish to run and place it under a folder where you have enough permissions, for example, under C drive. Step 2: Click on Start and under search, type in Task, and click open Task Scheduler. Step 3: Select Create Basic Task from the Action pane on the right of the window Step 4: Under Create Basic Task, type in the name you like and click Next. Step 5: From the Trigger, select the option you like and click Next. I chose Daily and clicked Next, which brought me to this screen. Step 6: Then click on Start a Program and click Next. Step 7: Now click on Browser and select the batch file you would like to run. Step 8: Finally, click on Finish to create the Task. Now that we have created a Task, we must make sure it runs with the highest privilege. Since we have UAC settings, we have to make sure that it should not fail if it does not bypass the UAC settings when you run the file. So click on Task Scheduler Library. Then double click on the Task you just created. Step 9: Click on Run with Highest privilege, Run whether user is logged on or not, and change user or group to an local admin by clicking Change User or Group… then click OK. Step 10: Go to Triggers tab, double click the new daily trigger you created. tick Repeat task every: , in the dropdown after it, select how often you want it to check ( I selected 5 minutes), and select 1 day after for a duration of: click OK, and Ok again, type the password for the admin user you selected in Step 9. Click Ok again to save the task. Now you can stop the service and see if it start in 5 minutes....
Read more...
Connect to Microsoft online if not connected
February 23, 2022
##First we create a function to check the response function MSOLConnected { Get-MsolDomain -ErrorAction SilentlyContinue | out-null $result = $? return $result } Install-module MSOnline #connect only if it’s not connected if (-not (MSOLConnected)) { Connect-MSOLService } Import-Module MSOnline ##your other code #Remove the session Remove-PSSession $Session...
Read more...
Connect to Azure Powershell
February 18, 2022
MSOnline Module Good old MSOL module (with cmdlets à la ‘Get-MsolUser‘). Good if you want to do basic Azure AD / O365 account or group management. It was the first PowerShell module and was often believed obsolete and soon depreciated. But it is still valid because it can do things all the others can’t. Like displaying or restoring deleted O365 accounts, getting MFA related properties for users, or getting group license assignment information. The official name for this module is Azure Active Directory Module for Windows PowerShell. Please remember that Microsoft encouraged admins to use the newer AzureAD module (see below) instead of this module. So whenever you can do the same task with the newer module, you should replace the MSOL script code. There is a detailed blog article “How to install and use the MSOL PowerShell module“. AzureAD Module This was intended as the successor to the MSOL, it has cmdlets like ‘Get-AzureADUser’. For environments with a large number of Azure AD user accounts or group objects, you get faster results from the cmdlets than in the MSOL module (I say three words: Server Side Filters). This module is technically based on the Graph API (see below), and in some cases, you get other properties and more info for some object types. The official name for this module is Azure Active Directory PowerShell for Graph. There is a preview version of this module named “AzureADPreview” which contains the most modern features available to play around with. There is a detailed blog article “How to install and use the AzureAD PowerShell module“. To connect to the MSonline. Install-module MSOnline > accept any prompts for untrusted repositories Connect-MSOLService –> then enter your O365 Global Admin details Import-Module MSOnline –> imports the commands Get-MsolUser -UserPrincipalName ‘User.Name@domain.com‘ |Select LastPasswordChangeTimestamp ...
Read more...
shipping
February 1, 2022
...
Read more...