Author Archive

Microsoft Windows Server User CAL – LS-40627 vs R18-05766

Research

Recently looking at some charity licensing where I found 2 sets of Windows Server User Cals

https://www.connectingup.org/donations/content/microsoft-windows-server-user-cal-includes-software-assurance ( SKU: LS-40627 ) 

https://www.connectingup.org/discount/microsoft-discount-volume-licence-program/microsoft-windows-server-user-cal-licence-only-0?action ( SKU: R18-05766 ) 

The first one was nearly half the cost of the other , turns out SKU: LS-40627 you have a limit of 50, so you will need to purchase these before purchasing anymore of R18-05766  ( Can be purchased in parallel ) 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

How to backup and restore a SQL Database

Research

If the SQL databases are in simple recovery

Backup

ALTER DATABASE dbname

SET READ_ONLY;

GO
 

Backup database dbname

to disk = 'C:\...\dbname.bak'

 
Restore


Restore database dbname

from disk =  'C:\...\dbname.bak'

with recovery, replace

 

ALTER DATABASE dbname

SET MULTI_USER;

GO

If the databases are in full recovery model

Backup

Backup database dbname

to disk = 'C:\...\dbname.bak'

Backup log dbname

to disk = 'C:\...\dbname.trn'

with norecovery

 
Restore

 
Restore database dbname

from disk = 'C:\...\dbname.bak'

with norecovery, replace

Restore log test2

from disk = 'C:\...\dbname.trn'

with recovery
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

delete fortigate hardware switch

Research

By default Fortigates come with all their LAN interfaces on a hardware switch. You might want to change this so you can use these as seperate interfaces

  1. Delete all the policies attaches to the LAN network
  2. Removed DHCP from the Lan Network

Next in CLI run the below

configure system virtualswitch

delete lan
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

How to detect Disk Data change on Vmware VM ( write rate )

Research

 
Enabling vCenter Server Data Collection
 
To enable vCenter Server data collection:
1.Connect to the vCenter Server.
2 In the Administration menu item, selectvCenter Server Settings  The vCenter Server Settings dialog is displayed.
3. Select Statistics.

 
4. Make sure that the Statistics Level value for all interval durations up to and including the one day duration is at least 2. If any of the durations have a value less than 2, do the following, starting with the smallest interval:
a) Select the interval and clickEdit
b) Change Statistics Level to Level 2
c) Click OK

 
5. Repeat step 4 for all the values up to and including the 1 day interval duration.
6. Click OK and wait for at least a day before using the aggregate usage data. Collecting Data Characteristics for VMs
You can collect data characteristics for the virtual machines in a VPG in one of the following ways:
 
Via vSphere Client console performance statistics.
 
By running a script to collect the data characteristics.
 
Note: The script samples supplied with the download, require vSphere PowerCLI and permissions to access the vCenter Server using the script.
 
8 By using operating system performance monitors, such as the Microsoft Performance Monitor utility for Windows operating systems or the iostat command for Linux operating systems. Collect data for a minimum of one day. Collecting this information impacts on performance and therefore the collection period should be long enough to gather a true representation of usage but not too long. The first procedure described below, to collect data characteristics for the VMs via the vSphere Client console performance statistics, uses
a timeframe of one day and the second procedure, to collect data characteristics for the VMs by running a scri pt to collect the data characteristics uses a timeframe of seven days.
 
Note: When running vCenter Server versions before version 5.x, if any of the virtual machines use NFS storage, metrics for the
NFS storage are not generated by the vCenter Server. To collect data characteristics for the VMs via the vSphere Client console performance statistics:
1. In the vSphere Client console select the VM and open the Performance tab.
2. Click Advanced
3 . Click the Charts Options link. The Customize Performance Chart dialog is displayed.

4. In Chart Options , drill-down in Disk and select Past day
5. In Counters , click None to clear all the selections and then select Disk Write Rate or Write Rate
6. Click OK
 
9 A chart similar to the following is generated:

Use the chart for the average write rate of the VM.
To collect data characteristics for the VMs via a script:
Note:
The following script and the samples supplied with the download, require vSphere PowerCLI and permissions to access
the vCenter Server using the script.
 
Run a script similar to the following:
 
$report = @()
Get-VM | %{
$stats = Get-Stat -Entity $ -Stat disk.write.average -Start (Get-Date).adddays(-7) –
ErrorAction SilentlyContinue
if($stats){
$statsGrouped = $stats | Group-Object -Property MetricId
$row = “” | Select Name, WriteAvgKBps, WriteAvgMBps
$row.Name = $_.Name
$row.WriteAvgKBps = ($statsGrouped |
where {$_.Name -eq “disk.write.average”} |
%{$_.Group | Measure-Object -Property Value -Average}).Average
$row.WriteAvgMBps = $row.WriteAvgKBps/1024
$row.WriteAvgKBps = “{0:N2}” -f $row.WriteAvgKbps
$row.WriteAvgMBps = “{0:N2}” -f $row.WriteAvgMBps
$report += $row
}
}
$report | Export-Csv “C:\ZertoOutput.csv”
 
 
 
 
Note: If you want a value other than seven days, change the value of the adddays() function. For example to collect data
for three days, use adddays(-3)
 
Use the resulting file, C:\ZertoOutput.csv , for the average write rate of the VM.
Note: Versions of this script are included in the download with this document
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

xmlrpc.php

Wordpress

Recently in the server logs I saw lots of attempts to /xmlrpc.php

/xmlrpc.php is the file used for Pingbacks, so if someone links to my blog , they can add my blog article and WordPress will check in then create a link to the users site. This actually opens up wordpress sites to be used for DOS’ people

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/wordpress-xml-rpc-pingback-vulnerability-analysis/

 

You can disable access to this file via updating .htaccess

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Measuring Hyper V Disk Rate Change

Research

You can collect data characteristics for the virtual
machines in a VPG in one of the following ways:
 
  • By using operating system performance monitors, such as the Microsoft Performance Monitor utility for Windows operating systems or the iostat command for Linux operating systems.
  • By using Windows PowerShell in Windows Server 2012 to collect network utilization (and other information). When using metering ACLs, you can measure the total network traffic sent and received by a virtual mach ine. To collect performance characteristics for the virtual machines in a VPG, using PowerShell, do the following:
 
Turn on resource metering for the relevant virtual machines, if it is not already enabled
Adjust the collection frequency, if necessary.
 
Collect the relevant statistics. Zerto recommends that you collect data for a minimum of one day. When you have enough statistics, you may want to turn off resource metering since data collection can impact performance.
 
Turning on Resource Metering 
By default, resource metering is not enabled. To turn on resource metering for one virtual machine, enter the following
PowerShell command:
 
Get-VM <VM-name > | Enable-VMResourceMetering
 
To turn on monitoring for all virtual machines on a server at one time, enter the following PowerShell command:
 
Get-VM | Enable-VMResourceMetering
 
Once you enable resource metering, Hyper-V begins to collect data. You can reset metering at any time, which discards the data that has been collected up to that point.
If resource metering is enabled but no NetworkAdapterAcls are configured, Hyper-V configures them to measure total network traffic. To measure network traffic throug h an IP range, configure the NetworkAdapterAcls for the IP range before runningEnable-VMResourceMetering
.
Adjusting the Collection Frequency
By default, the collection frequency is once every hour. You can change the collection frequency, but understand that datacollection can impact performance. To change the
collection frequency, enter the following command:
 
Set-VMHost –ComputerName <host-server-name> -ResourceMeteringSaveInterval <HH:MM:SS>
 
The collection frequency is always set at the host server level.You cannot adjust the collection frequency per virtual machine
.For example, if you enter 01:30:00, resource consumption will be ollected every hour and a half.
 
Collecting and Viewing the Relevant Statistics
To view resource usage for one virtual machine, enter the following command:
 
Get-VM <VM-name> | Measure-VM
 
Resource metering data can be displayed for all of the virtual machines that are running on a host. To see data for all of thevirtual machines on a host, enter the following command:
 
Get-VM | Measure-VM
 
You can configure PowerShell to display only certain statistics. To do this, you must know the object names that PowerShell
assigns to each statistic. You can see the object names by entering the following command:
 
Get-VM | Measure-VM | Select-Object *
 
For example, when working with Zerto Virtual Replication, you are interested in network traffic.To list the network traffic foreach virtual machine, enter the following command:
 
Get-VM | Measure-VM | Select-Object VMName, NetworkMeteredTrafficReport
 
You can use VM Network Adapter ACLs to measure network activity to and from a specific network. For example, to meter
network traffic for a special subnet or IP address:
 
Add-VMNetworkAdapterAcl -VMName <VM-name> -Action Meter -RemoteIPAddress 10.10.0.0/16 -Direction Outbound
 
Turning off Resource Metering
To disable the collection of performance statistics, enter the following PowerShell command:
Disable-VMResourceMetering -VMName <VM-name>
 
 
 
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Administrator trying to access other users Onedrive – Loading Access Link – Access File nothing happening

Research

When trying to access another user Onedrive via the Admin portal of 365 , the new gui shows

“Loading Access Link” and no link is shown 

The old Classic view you cannot click on the Access Files

 

This is due to the Administrator not have an Office 365 License , make sure one is assigned to get access to the App ( onedrive ) 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

How to find Local Administrator Password Set in MDT

Research

Naviate to your DeploymentShare and Open up the Task Sequence in the Control Directory

C:\DeploymentShare\Control\TaskSequence1

Open 

Unattend.xml 

Search for AdministratorPassword in this file

You should see the password in plaintext

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

Research

Trying to diagnose an issue of a reason why an NPS server would not let a user in and come back with Access-Reject produces the following Reason in the event log

An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

I recommend uninstalling the NPS Extension for Azure MFA Plugin 

Retrying the access which should give you some better reason in the event log e.g. The RADIUS request did not match any configured connection request policy (CRP).

Once this is fixed you can reinstall the Plugin and re-authenticate it

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)