Skip to content
Technote
Search for:
Search
Home
Microsoft
EMS MDM
Windows Fundamental
Windows Server
Powershell
Group Policy
Cisco
Cisco Voice
Web
Linux
Networking
Networking
Cyber Security
Web Coding
CATEGORIES
Microsoft
Microsoft Server and Related exames
READ MORE
Networking
Networking, Cisco, Juniper, security
READ MORE
Coding
Hosting, database, Python, WordPress
READ MORE
Security
Penetration test and defend
READ MORE
Linux
Releash the power of Penguin
READ MORE
Database
There are enough fishes here~
READ MORE
Latest posts
Add Radhat Linux to Active Directory Authentication
July 17, 2023
Packages to install For this configuration, the essential package to install is realmd. Aside from realmd, there are a host of packages that need to be installed to make this work. # yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python Realmd provides a simplified way to discover and interact with Active Directory domains. It employs sssd to do the actual lookups required for remote authentication and other heavy work of interacting with the domain. In the interest of brevity, I won’t dwell on the other packages in the list. Realmd (interacting with the domain) Now that all packages have been installed, the first thing to do is to join the CentOS system to the Active Directory domain. We use the realm application for that. The realm client is installed at the same time as realmd. It is used to join, remove, control access, and accomplish many other tasks. Here is the expected syntax for a simple domain join: realm join --user= The space between the user account and the domain account is not a typo. By inserting the corresponding details, we get the following command: # realm join --user=fkorea hope.net Supply the password when the prompt appears and wait for the process to end. Don’t let the short absence of output deceive you. There are a number of operations that go on as part of the process. You can tack on the -v switch for more verbose output. However, the best way to check if the computer is now a member of the domain is by running the realm list command. The command attempts to display the current state of the server with regard to the domain. It is a quick and dirty way to know which groups or users can access the server. It is also quite trivial to place the newly-created AD computer object in a specific Organizational Unit (OU) from the onset. I’ll leave that for further reading, but, as a tip, you can consult the man page. Using the realm client, you can grant or revoke access to domain users and groups. A deep dive on using realmd in a more fine-grained way is enough to make another article. However, I will not be out of order to pick out a few parameters for your attention, namely client-software and the server-software. By now, you should understand why we had to install so many packages. To leave the domain altogether, you need two words: realm leave Visudo (granting admin privileges) Users that are granted access have unprivileged access to the Linux server. For all intents and purposes, all Active Directory accounts are now accessible to the Linux system, in the same way natively-created local accounts are accessible to the system. You can now do the regular sysadmin tasks of adding them to groups, making them owners of resources, and configure other needed settings. If the user tries any activity that requires sudo access, the familiar error is presented. As can be seen in the inset, our user is not in the sudoers file. In that light, we can edit the sudoers file directly to grant them superuser privileges. This is not an article on granting superuser privileges, but we can use the visudo tool to interact safely with the sudoers file. sudo visudo add below groups to the end of the file: %frankfu\group1 ALL=(ALL) ALL %frankfu\group2 ALL=(ALL) ALL Alternatively, we could have just added the user to the wheel group. The point is the user account is now available to be used by the system. Allow SSH login: In the /etc/ssh/sshd_config , add below line AllowGroups root wheel frankfu\group1 frankfu\group2 Ref: https://www.redhat.com/sysadmin/linux-active-directory...
Read more...
APP installation – Registry Detection
July 10, 2023
Registry This detection rule verify the application existense based on windows registry key, value existance, string, Integer or version comparison. Key path: The full path of the registry key that contains the value to detect. Value name: The name of the registry value to detect. If this value is empty, the detection will happen on the key. The (default) value of a key will be used as detection value if the detection method is other than file or folder existence. Detection method: Select the type of detection method that’s used to validate the presence of the app. The following detection methods are available in registry based detection rules. Key exists Key does not exist String comparision Version comparision Integer comparision Example of Registry based detection: Check for registry value existance: Let’s take app installation for example: Key path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++ Value name: DisplayName Detection method: Value Exists Check for string comparison: Key path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++ Value name: DisplayName Detection method: String comparison Operator: Equals Value: Notepad++ (64-bit x64) Check for version Key path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++ Value name: DisplayVersion Detection method: String comparison Operator: Equals Value: 8.5.4 Version comparison can be used with file check to confirm the app installation. Client side activities: Similar to MSI & File based detection rule, you will the details of registry based detection rule in the policy downladed at client. The DetectionType 0 represent registry based detection rule Get policies = ,"DetectionRule":"","InstallCommandLine":"visioviewer_4339-1001_x64_en-us.exe /quiet","UninstallCommandLine":"visioviewer_4339-1001_x64_en-us /uninstall /quiet","RequirementRules":" Client start processing the deployment once it’s receive the policy. You can see all activities related with app detection in below log snippest from Intune extension manager log. <! Start detectionManager SideCarRegistryDetectionManager]LOG]!><time="19:36:29.8759872" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <!LOG]!><time="19:36:30.0071701" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <!LOG]!><time="19:36:30.0121586" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <!LOG]!><time="19:36:30.0121586" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <!LOG]!><time="19:36:30.0121586" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <! Got reg value path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95160000-0052-0409-1000-0000000FF1CE}, name: DisplayName, value: Microsoft Visio Viewer 2016]LOG]!><time="19:36:30.0121586" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <! Equal: actualValue: Microsoft Visio Viewer 2016, DetectionValue: Microsoft Visio Viewer 2016, applicationDetected: True]LOG]!><time="19:36:30.0121586" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <! Checked reg path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95160000-0052-0409-1000-0000000FF1CE}, name: DisplayName, operator: 1, type: 3, value: Microsoft Visio Viewer 2016 , result of applicationDetected: True]LOG]!><time="19:36:30.0131559" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <! detectionManager SideCarRegistryDetectionManager got applicationDetectedByCurrentRule: True as system]LOG]!><time="19:36:30.0131559" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <! Completed detectionManager SideCarRegistryDetectionManager, applicationDetectedByCurrentRule: True]LOG]!><time="19:36:30.0131559" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> Use custom detection script The custom detection script method use PowerShell script to detect the app presence. The following details are required for this detection method. Script file: Select a PowerShell script that will detect the presence of the app on the client. The app will be detected when the script both returns a 0 value exit code and writes a string value to STDOUT. Run script as 32-bit process on 64-bit clients: Select Yes to run the script in a 32-bit process on 64-bit clients. Select No (default) to run the script in a 64-bit process on 64-bit clients. 32-bit clients run the script in a 32-bit process. Enforce script signature check: Select Yes to verify that a trusted publisher has signed the script, which will allow the script to run with no warnings or prompts displayed. The script will run unblocked. Select No (default) to run the script with user confirmation without signature verification. The Intune agent checks the results from the script. It reads the values written by the script to the STDOUT stream, the standard error (STDERR) stream, and the exit code. If the script exits with a nonzero value, the script fails and the application detection status is not installed. If the exit code is zero and STDOUT has data, the application detection status is installed. Exit Code and STDOUT stream Exit Code STDOUT Stream Detection State 0 Not Empty Detected, Application installed 0 Empty Not detected, Application not installed Non zero Empty Not detected, Application not installed Non zero Not Empty Not detected, Application not installed Source: https://www.petervanderwoude.nl/post/working-with-custom-detection-rules-for-win32-apps/ Sample detection script: Here is a sample script to use with Custom detection script rule with Win32 App. The script will check for file existance and it’s version. It will return Exit code 0 and write string value in STDOUT if condition mathced. Else, it will return Exit code 0. The intune extension manager will capture the output written to STDOUT ( using Write-host ) and show that in the log file. $AppName = "Winzip ver 26.0" $File = "D:\Program Files\WinZip26\winzip64.exe" $FileVersion = "50.260.14610 (64-bit)" Write-Host "Custom script based detection : $AppName" if (Test-path $File) { $ActualVersion = (Get-ItemProperty -Path $File).VersionInfo.FileVersion If ($ActualVersion -eq $FileVersion) { Write-host "Actual version: $Actualversion, Compared version: $FileVersion" Write-host "Same version of application installed" Exit 0} else { Write-host "Actual version: $Actualversion, Compared version: $FileVersion" Write-host "Different Version of application installed" Exit 0} } else { Write-Host "File $file not found. Application not installed" Exit 1 }...
Read more...
Generate VM resource report with powershell
July 6, 2023
This script will report on the RAM, cores, total disk space. #parameters $output_path = "c:\Users\frank\Documents\" $vmhost = "my-hyp1" $vms=get-vm -ComputerName $vmhost; # Loop through each VM found #path to save the result $outputfile = $output_path + "vms_report_" + $vmhost + ".csv" #"VMname,VMRAM(MB),VMcores,Total VMdisksize(GB)"> $outputfile echo "VMname, VMRAM(MB), VMcores, Total VMdisksize(GB)"; #new way to create csv part 1 - generate header ##this bit creates the CSV if it does not already exist $headers = "VMname", "VMRAM(MB)", "VMcores", "Total VMdisksize(GB)" $psObject = New-Object psobject foreach($header in $headers) { Add-Member -InputObject $psobject -MemberType noteproperty -Name $header -Value "" } $outputfile_tmp = $output_path + "vms_report_" + $vmhost + "temp.csv" $psObject | Export-Csv $outputfile_tmp -NoTypeInformation #remove the empty row Get-Content $outputfile_tmp | Select-Object -SkipLast 1 | Set-Content $outputfile -Encoding UTF8 Remove-item $outputfile_tmp #end of new way to create csv part 1 foreach ($vm in $vms) { # Get VM details $vmname = $vm.name; $vmram = ::round((($VM | get-vmmemory).Startup/1024/1024)) ; $totalcores = ($vm | Get-VMProcessor).Count; #get disk size $vmDisks = Get-VHD -ComputerName $vmhost -VMId $vm.VMId -ErrorAction SilentlyContinue -ErrorVariable getVhdErr $vmDisktotalsize = 0 foreach($vmDisk in $vmDisks) { $vmDiskMaxSize = ::round($vmDisk.Size/1024/1024/1024) $vmDisktotalsize=+$vmDiskMaxSize } # Build CSV output #$out = $vmname + "," + $vmram + "," + $totalcores + "," +$vmDisktotalsize; #echo $out # Output to file #$out >> $outputfile; ##new way to create csv part2 - append data #this bit appends a new row to the CSV file $hash = @{ "VMname" = $vmname "VMRAM(MB)" = $vmram "VMcores" = $totalcores "Total VMdisksize(GB)" = $vmDisktotalsize } $newRow = New-Object PsObject -Property $hash Export-Csv $outputfile -inputobject $newrow -append -Force ##end of new way part2 }...
Read more...
PRTG application API monitoring with powershell
April 12, 2023
PRTG provides versatile monitoring, from Server health to application API. today we will use powershell to monitor the API health. Below are the configurations in the PRTG sensor: Host IP: 10.34.50.56 URL: https:///stationery.webapi/Account/LogOn’ Postdata: {‘username’: ‘xxxx‘,’password’:’xxxx‘,’merchantNumber’:xxxx} Content Type: Custom Custom content type: application/json insert the Host IP after the second slash in the URL , you find the complet url: https://10.34.50.56/stationery.webapi/Account/LogOn To find out the “Response Must Include” area, run bellow powershell command (Postdata is used in the body area): ##below ignore the ssl cert trust isue: add-type @" using System.Net; using System.Security.Cryptography.X509Certificates; public class TrustAllCertsPolicy : ICertificatePolicy { public bool CheckValidationResult( ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) { return true; } } "@ ::CertificatePolicy = New-Object TrustAllCertsPolicy ## below pass the JSON data to the url, and get the response. invoke-webrequest -Uri 'https://10.34.50.56/stationery.webapi/Account/LogOn' -Method Post -ContentType "application/json" -Body "{'username': 'xxxx','password':'xxxx','merchantID':xxxx}" I found some code like: Content: {"data":{"user":{"countrycode":0, "Reload":31, "rolename":"Stationery Shop","username":xxxx,........ AllElements: .... RawContent : HTTP/1.1 200 OK Pragma: no-cache,no-cache Content-Length:1195 {"data":{"user":{"countrycode":0, "Reload":31, "rolename":"Stationery Shop","username":xxxx,........ "merchantID":"1234567890123" now I change the password to a wrong one on purpose,which is 12345, and try to get some other response just for comparison purpose: invoke-webrequest -Uri 'https://10.34.50.56/stationery.webapi/Account/LogOn' -Method Post -ContentType "application/json" -Body "{'username': 'xxxx','password':'12345','merchantID':xxxx}" now the response become: Server Error We're sorry, but an unexpected error occurred on the server. ..... So I will just pick a piece of data, such as merchantID from the first response and use it as the evidence of working API. Response Must Include: 1234567890123...
Read more...
MS IIS server (Web server)
March 15, 2023
Updated on 2023-03-15 IIS 10.0 version 1809 is the latest version of Internet Information Services (IIS) which shipped with the Windows 10 October 2018 Update and Windows Server 2019. Configuration file ApplicationHost.config This file is the root file of the configuration system when you are using IIS 7 and above. It includes definitions of all sites, applications, virtual directories and application pools, as well as global defaults for the web server settings, which means it controls the server itself. The location of the file is currently in the %windir%\system32\inetsrv\config directory. web.config Web.config file control configurations at the site and application levels....
Read more...
Get user last login [Azure, Intune]
February 9, 2023
We may need to get a list of the user with older passwords than we expecting. Use below script to get a report about the password age. ##Test if you are logged in. function MSOLConnected { Get-MsolDomain -ErrorAction SilentlyContinue | out-null $result = $? return $result } Import-Module MSOnline if (-not (MSOLConnected)) { Connect-MSOLService } $Students_BYOD = Get-ADUser -Filter * -SearchBase “OU=2026,OU=Students,OU=Users,DC=curric,DC=your_company,DC=com” $time_limit=(get-date).Date.AddDays(-68) foreach($student_BYOD in $Students_BYOD){ Get-MsolUser -UserPrincipalName $student_BYOD.userPrincipalName | select userprincipalname,LastPasswordChangeTimestamp,@{Name=”PasswordAge”;Expression={(Get-Date)-$_.LastPasswordChangeTimeStamp}} | Where-Object { $_.LastPasswordChangeTimeStamp -lt $time_limit} | Export-CSV D:\tmp\LastPasswordChange.csv -NoTypeInformation -Append }...
Read more...
Cisco CME Troubleshooting
February 2, 2023
To show debug message on telnet/ssl session: terminal monitor Common commands to troubleshoot sip: debug ccsip: This has various options, debug ccsip all: This command enables all ccsip type debugging. This debug command is very active, you should use it sparingly in a live network debug ccsip calls: This command displays all SIP call details as they are updated in the SIP call control block. You can use this debug command to monitor call records for suspicious clearing causes. debug ccsip errors: This command traces all errors that are encountered by the SIP subsystem. debug ccsip events: this command traces event, such as call setups, connections and disconnections. An events version of a debug command is often the best place to start because detailed debugs provide much useful information. debug ccsip info: This command enables tracing of general SIP security parameter index (SPI) information, including verification that call redirection is disabled. debug ccsip media: This command enables tracing of SIP media streams debug ccsip messages: This command shows the headers of SIP messages that are exchanged between a client and a server. debug ccsip preauth: This command enables diagnostic reporting of authentication, authorization, accounting (AAA) for SIP calls. debug ccsip states: This command displays the SIP states and state changes for sessions within the SIP subsytem. debug ccsip transport: This command enables tracing the SIP transport handler and the TCP or UDP process show the SIP register status, and the SIP trunk lines too UC560#show sip-ua register status Line peer expires(sec) registered P-Associ-URI =============== ========== ============ ========== ============ 613xxxxxxxx -1 1750 yes disable debugging: no debug all Reference https://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-border-element/white_paper_c11-613550.html...
Read more...
Bitlocker for Removable drive
January 13, 2023
You may see a notice like below saying “Before you can save files on this drive, you need to encrypt it using BitLocker. The way to disable this is the Group policy: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption> Removable Data Drives. find setting “Deny write access to removable drives not protected by Bitlocker” change state to “Disabled”. Note, don’t choose “Not configured”, this is a bug with this setting as of Jan 2023....
Read more...
Renew AD FS Service Communications certificate
January 10, 2023
SSL Certification renew If your communication with another APP is encrypted with a trusted third part CA cert, and the max validity for which is 397 days, so you have to do this job every year: Renew the cert from your CA authority, like Digicert Export the cert file in cer format with private key. Copy the cert file to AD FS server, open MMC.exe, Add snap-in > certificate > Computer account > local computer Import the cert file to certificate ( local computer) > personal > Certificates Double click the Cert imported, go to Details tab, select Show <All>, find thumbprint, copy the thumbprint to a text file without space in the middle, something like ‘7503ffb9da7ee64971e50a37fbe1b53dd7eeeef8’ On Ad FS server, run powershell with administrator privilege. Use following cmdlet to install the new SSL certificate: Set-AdfsSslCertificate -Thumbprint ‘7503ffb9da7ee64971e50a37fbe1b53dd7eeeef8’ Go to AD FS Management console, Expand Service > Certificates . In the Right Pane, click Set Service Communication Certificate… Choose the Certificate you imported, click OK. Restart the ADFS services....
Read more...
Give removable drive write access.
December 14, 2022
Administrative Templates, Find Computer configuration> Windows Components > BitLocker Drive Encryption > Removable Data Drives. Click Deny write access to removable drives not protected by BitLocker. Select Disabled....
Read more...