Recently taken on a new environment and needed to check support for existing keys and move them to an account we control

The below you can enter the keys to find out if they are in current support

https://kb.vmware.com/s/article/2144006?lang=en_US&queryTerm=How+to+find+PAC

https://www.vmware.com/support/tracksn.portal?vmware=trackSN

To move them into your account you will need to raise Vmware support case , and they can give you the email address of the current user to contact to delegate access

T

• No Comments

Login to Azure Active Directory. Locate Usage & insights , under Monitoring

Select “Users registerd for Multi-Factor Authentication”

Can also be done in powershell : https://dirteam.com/sander/2020/05/14/todo-optimize-the-azure-multi-factor-authentication-methods-used-throughout-your-organization/

Monitoring with PowerShell: Monitoring the used MFA type for O365/Azure.

• No Comments

Find users who have physically logged into a machine 7001

param(
    [alias("CN")]
    $ComputerName="localhost"
)

$UserProperty = @{n="User";e={(New-Object System.Security.Principal.SecurityIdentifier $_.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])}}
$TypeProperty = @{n="Action";e={if($_.EventID -eq 7001) {"Logon"} else {"Logoff"}}}
$TimeProperty = @{n="Time";e={$_.TimeGenerated}}
$MachineNameProperty = @{n="MachinenName";e={$_.MachineName}}

foreach ($computer in $ComputerName) {
    Get-EventLog System -Source Microsoft-Windows-Winlogon -ComputerName $computer | select $UserProperty,$TypeProperty,$TimeProperty,$MachineNameProperty
}

Find users who have authenticated with different login types

get-eventlog -ComputerName "localhost" -logname 'security' -instanceid 4624 -after (get-date).adddays(-10) | % {
 
    [array] $login += [pscustomobject] @{
    
        account = $_.replacementstrings[5]
        time = $_.timewritten
        type = $_.replacementstrings[8]
        ip = $_.replacementstrings[18]
}}
 
$login | ft -auto 

• No Comments

FYI – https://support.citrix.com/article/CTX253754

User called to say Audio/Video devices were failing to pass through to MS Teams. Under Settings > Devices listed “None” across the board:

Checked the local workstation and found the HDXTeams.exe was not running (should start automatically when Teams in Citrix launches)

Logs are here: %userprofile%\AppData\Local\Temp\HDXTeams

 

Refer to : https://discussions.citrix.com/topic/407820-ms-teams-not-pulling-through-audio-devices/page/2/

Solution: I had to disable built-in microphone and speakers – one or both of these were the problem:

• No Comments

Run Locally

Test and Download App

#Downloads the Docker File from Dock Hub

dock pull %dockerusername%/%dockername%:latest 

#Runs the Docker File on port 80 if the container is active on port 3000 ( Test go to http://localhost ) 

docker run -p 80:3000 %dockerusername%/%dockername%:latest

#List current dockers running

docker ps -a

#Stop the container by id ( found from above )

docker stop ad5b49ba5476

#Clear Stopped Containers

docker container prune

Upload App to Azure

**Create an Azure Container or reuse an existing one** 

**Run the below in Azure Shell**

#Show credentials for login and save username and password

az acr credential show --name %azurecontainer%

**Run on Docker PC**

#Login to Azure Docker

docker login %azurecontainer%.azurecr.io --username name %azurecontainer%

#Tag docker for upload

docker tag %dockerusername%/%dockername% name %azurecontainer%.azurecr.io/%dockername%:latest

#Push Docker to Azure

docker push name %azurecontainer%.azurecr.io/%dockerusername%/%dockername%:latest

Run in Azure

#Create Azure Service plan

az appservice plan create --name %serviceplanname% --resource-group %azureresourcegroup% --sku S1 --is-linux

#Add Docker App to Azure Service Plan

az webapp create --resource-group %azureresourcegroup% --plan %serviceplanname% --name %appname% --deployment-container-image-name %azurecontainer%.azurecr.io/%dockername%:latest

#Set the details to access the Docker

az webapp config container set --name %appname% --resource-group %azureresourcegroup% --docker-custom-image-name %azurecontainer%.azurecr.io/%dockername%:latest --docker-registry-server-url https://%azurecontainer%.azurecr.io --docker-registry-server-user %azurecontainer% --docker-registry-server-password %passwordfromshowcredential%

#Make the app live on its specific port e.g. 3000

az webapp config appsettings set --resource-group %azureresourcegroup% --name %appname% --settings WEBSITES_PORT=3000

Test the app

http://%appname%.azurewebsites.net/

• No Comments

A SIEM Alert noticed lots of traffic transferring from a computer to IP’s in this range 52.85.43.0/24 ( amazon cloudfront) 

Tracing down the app on the computer using Netstat showed this was Chrome.exe

Tracing down the task manager inside of Chrome showed it was this process

Utility: Network Service Looks to be one of the process’ the chrome browser sends and receives network traffic through , But I can’t tell you exactly what , but it is needed ! 

• No Comments

• Install a new NPS Server ( cannot be existing as MFA will take over existing requests such as Wifi! ) 
• Installed Azure AD NPS Plugin and Enroll in Azure AD
• Add a Radius Client to the NPS server of the IP ( VIP ) of the Netscaler 
• Add the Radius server in Authentication – Set Timeout to 10Seconds , set Password to MsChapv2 Set NASID to MFA
• NPS Server Policies

• No Comments

I have been using this plugin to https://wordpress.org/plugins/pastacode/

highlight some of my programming. I write a bit in Powershell however this is not a supported markup. This is what to add to your functions file of your theme to add another library

/** pastcode plugin */
add_filter( 'pastacode_langs', '_pastacode_langs' );
function _pastacode_langs( $langs ) {
	$langs['powershell'] = 'Powershell';
	return $langs;
}

add_filter( 'pastacode_tinymcevars', '_pastacode_tinymcevars' );
function _pastacode_tinymcevars( $pvars ) {
	$pvars['scripts']['powershell']=get_template_directory_uri().'/js/powershell.js';
	$array=array(
			'libs'      => array('powershell'),
			'mode'      => 'application/x-powershell',
			);

	$pvars['language_mode']['powershell']=$array;
	return $pvars;
}

add_action('wp_enqueue_scripts', 'mytheme_scripts');

function mytheme_scripts() {
  wp_dequeue_script( 'prismjs' );
  wp_deregister_script( 'prismjs' );
  wp_enqueue_script( 'prismjs',  get_template_directory_uri().'/js/prism.js', false,PASTACODE_VERSION, true );
} 

You will also need to create a js folder and upload the new .js library from https://codemirror.net/mode/ and prism.js

• No Comments

Recently I got hold of a Fortinet Lab FG-100D. The Fan in this unit is around 50db and not suitable for a lounge. The device is not licensed and out of support so I could ‘tweak’ it!

The quietest 4-Pin ( sending feedback back to to the Fortinet of fan speed so it can adjust ) 40mmx 20mm fan I could find was a NF-A4x20 with 15db of noise , however much-reduced airflow!

The NF-A4x20 comes with a different fan plug then the Fortinet Socket. The connect should match the other size , however a little pressure helps the fortinet socket accept this! 

The good thing about this fan is it also comes with a LNA ( Low noise adapter ) a cable that drops down the (voltage) speed of the fan. The 100D also has two power fan points. I was able to put the LNA on the original fan, then readjust the fans like below. I ran both for a week however sometimes the old fan would whir up, so I ended up disconnecting the original and left the NF-A4x20 and it has been stable!

• No Comments

Trying to Run Docker on a Windows 10 Desktop VM in Vmware I got the following docker error

Failed to start the virtual machine ‘DockerDesktopVM’ because one of the Hyper-V components is not running.

Shutdown VM and tick this, start it back up

• No Comments