As Google is decommissioning their Google Play Music service you have to transfer to YouTubeMusic

Upon selecting the Transfer link I got 

YouTube channel you’re currently using isn’t supported for the Google Play Music transfer.

This is because my Youtube was a brand account

You can move your Brand account to a Google account so that all your music history data is there: https://support.google.com/youtube/answer/3056283?hl=en

if you go to your advanced account settings: http://youtube.com/account_advanced

And choose

After this it will let you transfer

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Trying to deploy a MAM policy and the Teams app asked to sign into the Intune Portal App which would not let the user.

  1. Uninstall Intune app (Company Policy)
  2. Clear Android Settings | Accounts of all work accounts, including any reference to my personal MS account
  3. When opening Teams, rather than saying “switch accounts”, I just logged in using my personal account (the username for which was pre-filled)
  4. I added the Teams account to the Teams app – prompting the flow of:
    1. Installing the Intune app
    2. Granting device administrator privileges (including giving access to Contacts!)
    3. Getting the message that there is no administrator policy (or some such thing)
    4. Adding a PIN to Teams
  5. Getting back to Teams and signing out of my personal account

This seemed to have worked. I went on to test whether the security worked.

  1. Anything I downloaded to my device I couldn’t open (format incorrect)
  2. I could view stuff in Teams but I couldn’t open it on a native app.

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently got a second-hand washing machine, upon running through a test wash, the Hot water ran , but never shut off which could have flooded the area.

A washing machine has two inlet valves, one for the hot water and one for cold water. The water inlets on this obviously fails to closed position when shut off ( or it would of started to fill up when I turned the tap on ) but the electronics could not shut the valve to off when needed to only let a certain amount of water in. 

You can swap inlet valves yourself with a screwdriver and pliers and they cost around 20USD delivered, you can find them on eBay for the right model Make sure you get the right one , hot and cold water inlets are different

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

SSL 64-bit Block Size Cipher Suites Supported ( 3DES -CBCSHA Ciphers, RC4-MD5, RC4-SHA ) 

Legacy block ciphers having a block size of 64 bits are affected by a vulnerability, known as SWEET32. A man-in-the-middle attacker who has sufficient resources can exploit this
vulnerability via “birthday” attack By misusing the SWEET32 vulnerability, an attacker can send in a large volume of dummy data and get blocks of ciphertext that matches
that of the organisation.
Attack Process
1. The attacker sniffs all data sent to your customer (external user).
2. The attacker sends dummy data to your server until a key used for a customer matches the attacker’ssession key.
3. Once there’s a match, sensitive data can be decrypted by determining how the key was chosen.

Fix

 https://gallery.technet.microsoft.com/Solve-SWEET32-Birthday-d2df9cf1

And

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56

“Enabled”=dword:00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168

“Enabled”=dword:00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128

“Enabled”=dword:00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128

“Enabled”=dword:00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128

“Enabled”=dword:00000000

Server Version Disclosure

Default or misconfigured web servers often disclose the version at multiple locations like HTTP response headers, and at error pages. Attackers can perform banner-grabbing against the webserver by using netcat or telnet, which reveals the webserver, version, and operating system.

On IIS 7

Using the Registry key.

Create a DWORD entry called DisableServerHeader in the following Registry key and set the value to 1.

HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters

On IIS 6 

2) 1. Install URLScan (this is a free tool available from Microsoft)
2. Open the URLScan.ini file with a text editor. The file is usually located in the
%WINDIR%System32InetsrvURLscan directory.
3. Search for the key RemoveServerHeader, which by default, is set to 0. Set the value to 1 in order to
remove the Server header.

SSLv3, TLS 1.0 protocols

If Poodle SSLv3 is enabled on any website, then it is vulnerable to a poodlebleed attack. The remote service accepts connections encrypted using SSL 3.0. These versions of SSL reportedly suffer from several cryptographic flaws.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Server]
“Enabled”=dword:00000000

Disable SSL V2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Server]
“Enabled”=dword:00000000

Webserver HTTP Header Internal IP Disclosure

A string matching an internal IPv4 address was found on this page. This may disclose information about the IP addressing scheme of the internal network. This information can be used to conduct further targeted attacks. Internal IP addresses are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server. This may also affect other web servers, web applications, web proxies, load balancers, and a variety of misconfigurations related to redirection.

IIS 7.0

appcmd.exe set config -section:system.webServer/serverRuntime /alternateHostName:”remote.server.domain.com”  /commit:apphost

IIS 6.0

To prevent internal IP address disclosure, take the following steps.
1. Open a command prompt and change the current directory to c:\inetpub\adminscripts or to where the adminscripts can be found.
2. Run the commands
adsutil set w3svc/UseHostName True
net stop iisadmin /y
net start w3svc
This will cause the IIS server to use the machine’s hostname rather than its IP address.

If running the above on IIS 7 you will get : 

ErrNumber: -2147463162 (0x80005006)
Error Trying To SET the Property: UseHostName

SSL/TLS DiffieHellman Modulus <=1024 Bits (Logjam)

Diffie-Hellman key exchange is a popular cryptographic algorithm that allows Internet protocols to agree on a shared key and negotiate a secure connection. It is fundamental to many protocols, including HTTPS, SSH, IPsec, SMTPS, and protocols that rely on TLS. The current Modulus being used is a weak one and can be exploited by a determined hacker. Update to DHE-2048 Bits

Fix
Make sure that you have KB 3174644 installed on the affected server.
Run Regedit on the affected server
Navigate to the following Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SChannel\KeyExchangeAlgorithms
Create a new sub key named Diffie-Hellman (if it didn´t already exists)
Inside that create a new DWORD called “ServerMinKeyBitLength” with the value “00000800” (for 2048 bit)

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Problem Description:

  1. [FSM:FAILED]: Cap the power consumption of chassis 1(FSM:sam:dme:EquipmentChassisPowerCap). Remote-Invocation-Error: Error in setting power cap budget-MC Error(-5): Error Executing Command
  2. Warning: there are pending management I/O errors on one or more devices, failover may not complete.

UCS-FI-M-6324

UCSM:Package-Vers: 3.1(3a)A

Action Taken:

+ Tried changing the power cap policy from Chassis level to blade level and back to chassis level, fault did not clear.

 

Rebooted FI-IOM B, all faults are cleared.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Server 2008 and prior domain controllers create two Domain Admin accounts with permissions on the GPOs.  We could not see both in the GUI but when we ran icacls {GPO UID} on the Server 2008 domain controller you see both Domain Admin accounts.

Server 2012 and newer domain controllers only create a single Domain Admin account with access.  In the 2018.6C (June 21 Rollup, links below) patch for 2016 and 2012R2, a new function was introduced to remove duplicate ACEs in order to reduce the NTFS Security Descriptor stream size. Machines with this patch will no longer write that duplicate ACE, thereby making them inconsistent with the unpatched ones.

To fix we logged into the Server 2008 domain controller and ran the following command against all the GPOs to remove both domain admin account

icacls “{GPO UID}” /remove:g “<localdomain>\Domain Admins”

Then the following command to add a single Domain Admin account back to the GPO

icacls “{GPO UID}” /grant “<localdomain>\Domain Admins”:(OI)(CI)(F)

We then we forced replication again with these two commands

repadmin /syncall

repadmin /syncall /AdePq

After that we re-ran the Detect Now on the server 2016 and all servers were green.

IMPORTANT NOTE:

If you create a new policy on Server 2008 it will get the second domain admin account again.  So to prevent it from happening going forward you should create the GPOs on Server 2016.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

After enabling Mimecast for Inbound routing , Threat Protection Re-Writes the URLs for Safety. When this is enabled with the following 365 Spam Check : Image links to remote sites

Which : Messages that contain <Img> HTML tag links to remote sites (for example, using http) are marked as spam.

All Inbound emails with Images with Hyperlinks get marked as Spam by Office365. Make sure this is turned off!

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

The compact is the recommendation from iManage Support. Ideally, you can stop connector and the ingestion due to it not being used anymore and start the services after DRECOMPACT

You will need 30% free disk space to run DRECompact Successfully.

 

STEPS TO RESOLVE

  1. Stop Worksite Connector and Work Ingestion Server services
  2. Expand Content Engine disks to a point that there is more than 30% capacity free 
  3. Run a DRECOMPACT task against both engines

    http://127.0.0.1:11001/DRECOMPACT
    http://127.0.0.1:12001/DRECOMPACT

    Make a note of the INDEXID number returned to your browser.
  4. Wait until completed

    YOU CANNOT STOP THIS PROCESS AND IT MAY TAKE A CONSIDERABLE AMOUNT OF TIME


  5. You can monitor the status from the IndexerBrowser

    “The compaction is complete when the IndexerGetStatus action reports that the job (INDEXID number) is finished (status=-1, description = Finished).”

 

  1. Restart the Connector and Ingestion Server services once the job has completed and the content engine disks are looking a little emptier

 

To set up a schedule for compaction

  1. Open the Content server configuration file in a text editor.
  2. Find the [Schedule] section. If the configuration file does not contain a [Schedule] section, add one.
  3. Set the following parameters in the [Schedule] section:

 

Compact:                         

Type true to enable a compacting schedule.

 

CompactTime:                

The time (hh:mm) when you want the Compact operation to start.

 

CompactInterval:           

The number of hours between DRECOMPACT operations. Specify the time in the 24-hour clock and the format hh:mm. When you start WorkSite Indexer, the specified CompactInterval must elapse (after the specified CompactTime) before the first  DRECOMPACT

operation takes place. Type 0 to schedule daily compactions.

 

For example:

[Schedule]

Compact=true

CompactTime=01:00

CompactInterval=168

 

This configures a compaction every 168 hours (once a week) at 1:00 a.m.

 

      1. Save and close the configuration file.
      2. Restart the Content server for your changes to take effect.
      3. Repeat Step 1 to Step 5 for all your Content servers.

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Exempting the App means the app will allow to be able to access and share company data 

Get-AppLockerFileInformation -Path "C:\Program Files\Windows NT\Accessories\wordpad.exe"

Name : Firefox

Product Name : O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US

Publisher : *

File : firefox.exe

Min Verison : *

Max Version : *

 

Name : Chrome

Product Name : O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US

Publisher : *

File : chrome.exe

Min Verison : *

Max Version : *

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)