Made sure I could ping the machine

  1. Windows Firewall was off
  2. Ran through these checks – https://www.poweradmin.com/help/faqs/how-to-enable-wmi-for-remote-access/
  3. Ran this on the converter machine : WMIC /node:”172.16.1.9″ /user:”localmachine\usernane” /password:”password” computersystem get totalphysicalmemory

    ERROR:
    Description = Access is denied.
  4. Started Service WinRM
  5. Ran winrm quickconfig as administrator and press Y to “Configure LocalAccountTokenFilterPolicy to greant administrative rights remotely to local users.”
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Login to the Virtual Appliance with the root user you setup during the wizard ( https://techexpert.tips/apc/powerchute-network-shutdown-installation-on-vmware-esxi/

ls /opt/apc/powerchute/group1/

sudo vi pcnsconfig.ini

Under NetworkManagementCard press the insert key and enter the below

Press Escape , then press

!wq!

Now restart the service


sudo /etc/init.d/PowerChute stop

sudo /etc/init.d/PowerChute start
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Per information here : https://www.4armed.com/blog/llmnr-nbtns-poisoning-using-responder/ , in a Pentest you might fail this unless you do the below

  • Disabling LLMNR:
    • Open the Group Policy Editor in your version of Windows
    • Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Network > DNS Client
    • Under DNS Client, make sure that “Turn OFF Multicast Name Resolution” is set to Enabled
  • Netbios over TCPIP disabled
    • DHCP option “001 Microsoft Disable Netbios Option” configured for all scopes with value of 0x2
    • NetbiosOptions value changed to 2 in registry for all interfaces with PS script
    • LLMNR disabled using GPO
    • Configured Secure only dynamic updates for all DNS zones
  • WPAD
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

When you join a Cisco Spark Hub Device to your Webex account , you need to use this trust to create a new local user and password. You need to use the cloud account to login to the device to create a local username and password

On the same network as the device , login to https://admin.webex.com/devices with your webex Administrator details

Select your device and click on Device Web Portal – Launch Web Portal per below which will login to the device as your cloud details

Set a local Username and password here

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Sharepoint’s “Open with File Explorer” uses the WebDav Protocol ( Web Client Service ) in windows to map through the Directory to Windows

This is not installed by default

Install-WindowsFeature WebDAV-Redirector

The Server will then need to be restarted
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently trying to install Exchange 2016 CU 15 , the setup stopped for 1 hour at 

8 of 17 Languages

The last line in C:\ExchangeSetupLogs\ExchangeSetup.log

Was

 [1] Finished updating performance counter strings

If you see this in your environment, just wait! This process took 4 hours in my environment in the end

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

I’ve seen documentation online about password resets for AD Self Service but nothing for ADAudit Plus

The process is similiar : 

a) Browse “<installation dir.>\bin” location (e.g. C:\Program Files\ManageEngine\ADSelfService Plus\bin).
b) Execute “resetADSSPPassword.bat” file from command prompt to reset admin password.
 
But you need a login which 
 
Username : apap
Password : apap
 
Then run through the prompts it gives you on the screen for the reset
 
1. Login to ADAP CmdUtil using credentials username : adap , password : adap
2. Type “account reset-password -u admin” and press Enter
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
  • control smscfgrc (for ConfigMgr Client applet)
  • control printers (for devices & printers)
  • sysdm.cpl (for System Properties, joining workgroup/domain)
  • mstsc -v:<serverName> (for RDP session)
  • dsa.msc (for ADUC)
  • gpmc.msc (for Group Pol Mgmt Console)
  • gpedit.msc (for Local Grou Pol Console)
  • devmgmt.msc (Device Management)
  • lusrmgr.msc (local users mgmt console)
  • mmc.exe (blank mmc console – add your snap-ins)
  • ncpa.cpl (Network Connections) 
  • appwiz.cpl opens add/remove programs
  • certmgr.msc opens certificate manager
  • certlm.msc Local computer certificate management instead of going through MMC to add it
  • diskmgmt.msc (Disk Management)
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Install 2019-11 Cumulative Update (either for 1903 or for 1909), this will uninstall the problem KB4517389

The update breaks something on the user profile  , you will need to backup and delete faulty profile from workstation and rebuild

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)