Download.bat

"C:\Program Files (x86)\WinSCP\WinSCP.com" /script="C:\Scripts\DownloadSFTP.txt"
if %ERRORLEVEL% neq 0 goto error
 
echo Download succeeded, Do nothing

REM Rename Files to put date on the end , 3 Double Quote each variable as Quotes inside command
powershell -command "Get-ChildItem """\\files\Test*.csv""" | ren -NewName { """$($_.BaseName)$(get-date -format """_yyyyMMddhhmmss""")$($_.extension) """}"


exit /b 0
 
:error
echo Download failed, keeping local files
exit /b 1

C:\Scripts\DownloadSFTP.txt


open sftp://username:[email protected]:22/ 

#Open Local Folder
lcd "\\files\download"

#Open Remote Folder
cd outbound

#Download all folders and delete when done to not download same files
get -delete *

# Exit WinSCP
exit
GD Star Rating
loading...
GD Star Rating
loading...

Upload.bat

"C:\Program Files (x86)\WinSCP\WinSCP.com" /script="C:\FTP\Connection.txt"
if %ERRORLEVEL% neq 0 goto error
 
echo Upload succeeded, Moving Files to Uploaded folder or they will reupload

REM Move Files
powershell -command "move-item """\\files\test*.csv""" """\\files\Uploaded\test*.csv""" -Force"

exit /b 0
 
:error
echo Upload failed, keeping local files
exit /b 1

C:\FTP\Connection.txt


open sftp://username:[email protected]:22/
#Open Local Folder
lcd "\\files\"

#Upload Test*.csv
put Test*.csv


# Exit WinSCP
exit
GD Star Rating
loading...
GD Star Rating
loading...

Connect-MicrosoftTeams

Get-CsOnlineUser | Where-Object {($_.EnterpriseVoiceEnabled -eq "True")}  | Select UserPrincipalName,TenantDialPlan,OnlineVoiceRoutingPolicy,TeamsEmergencyCallRoutingPolicy
How to check all users
Set-CsPhoneNumberAssignment -Identity [email protected] -PhoneNumber +61987654321 -PhoneNumberType DirectRouting
Assigning Numbers in Powershell
Get-CsOnlineUser | Where-Object {($_.EnterpriseVoiceEnabled -eq "True")}  | Grant-CsTenantDialPlan -PolicyName "02 Local"

Get-CsOnlineUser | Where-Object {($_.EnterpriseVoiceEnabled -eq "True")}  | Grant-CsOnlineVoiceRoutingPolicy -PolicyName "XXXXXX"

Get-CsOnlineUser | Where-Object {($_.EnterpriseVoiceEnabled -eq "True")}  | Grant-CsTeamsEmergencyCallRoutingPolicy -PolicyName "xxxxx.teams.com.au"
How to assign users DialPlanVoiceRoutingPolicy and EmergencyCallRoutingPolicy
GD Star Rating
loading...
GD Star Rating
loading...

C:\ProgramData\ssh\sshd_config

 

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# GSSAPI options
#GSSAPIAuthentication no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
#Subsystem	sftp	sftp-server.exe
#Subsystem	sftp	sftp-server.exe -d E:\SFTP\

#Locldown commands

Subsystem	sftp	internal-sftp

AllowUsers domain\user 

#case sensitive make sure User is lowercase
Match User atlasarteria\user
ChrootDirectory E:\SFTP\

# Disable tunneling, authentication agent, TCP and X11 forwarding.
# Below parameters are recommended as best practice to prevent certain security bypassing
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
GatewayPorts no


Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
GD Star Rating
loading...
GD Star Rating
loading...

If you get the below issue , when trying to add a number , this is a ** Microsoft Outage ** 

Set-CsPhoneNumberAssignment -Identity “XXXXXXXXXXXX” -PhoneNumber “612XXXXXXXXXXX” -PhoneNumberType DirectRouting 


Microsoft.Teams.ConfigAPI.Cmdlets.internal\Set-CsPhoneNumberAssignment : LocalizationKey 'Assignment.ErrorResultCode.Mas.RequiredAssignedPlanMissing' was not found
At C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\4.3.0\net472\custom\PsExt\Merged_custom_PsExt.ps1:5858 char:9
+ Microsoft.Teams.ConfigAPI.Cmdlets.internal\Set-CsPhoneNumberA ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ Identity = ro...iceEnabled = }:<>f__AnonymousType89`5) [Set-CsPhoneNumberAssignment_Set], Exception
+ FullyQualifiedErrorId : InvalidLocale,Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Cmdlets.SetCsPhoneNumberAssignment_Set
GD Star Rating
loading...
GD Star Rating
loading...

sporadic issues where remote users on the VPN cannot browse the root domain  \\domain.local however child shares are accessible such as \\domain.local\NETLOGON

Re-configured the VPN to not use split-tunnelling which improved access to root directories but didn’t resolve the issue entirely

Noticed that the original rule from the SSL-VPN > Internal LAN was behind a NAT, disabled that and it seems to have resolved problems.

GD Star Rating
loading...
GD Star Rating
loading...

I believe this only affects server 2012 but I’m documenting in here so I can look it up later.

I use Openssl to create CSRs and merge my private key to my new certificate from digicert, this way I can reformat, keep a copy of everything separately and use it easily elsewhere. 

I usually merge my new certificate from digicert and my private key with this common command;

OpenSSL.exe pkcs12 –export –in certfile.cer –inkey certfile.key –out certfile.pfx

And twice now I’ve been getting errors when importing it to server 2012 servers where it tells me the import password is incorrect, even if I don’t use a password.

By using another non server 2012 server and use user security rather than Password security, which works IF the site has other non 2012 servers

 

I’ve found this article https://serverfault.com/questions/1097326/windows-certificate-import-not-accepting-private-key-password#:~:text=I%20finally%20found,import%20worked%20fine.

And apparently, windows doesn’t like the default OpenSSL encryption,

And instead, merge the certs with this command;

openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac –in certfile.cer –inkey certfile.key –out certfile.pfx

Windows will be much happier, I’m sure this is very useful for all the windows 2012 servers still out there.

GD Star Rating
loading...
GD Star Rating
loading...

Note that the use of the += addition operator on an array in powershell can run /very/ slowly if you’re working with a large array. This is because under the hood an array is allocated a fixed chunk of memory and modifying the array requires creating a newly sized fixed chunk of memory and copying all of the data into the new memory.

https://docs.microsoft.com/en-us/powershell/scripting/dev-cross-plat/performance/script-authoring-considerations?view=powershell-7.2#array-addition

There are two ways of working around this. Either by using a c# type System.Collection.ArrayList or by using a neat powershell trick (below). If you’re only working on small arrays the overhead of this is going to be negligible and may not warrant rewriting to an arraylist.

Slow Example

# an empty array is used as a bucket to collect results:

$bucket = @()




# use a stopwatch to measure performance

$stopwatch = [System.Diagnostics.Stopwatch]::StartNew()




# a loop does something, i.e. scans computers, processes database records,

# examines files, etc.:

1..10000 | Foreach-Object {

      # result are added to the bucket using the "+=" operator

      $bucket += "I am adding $_"

}




# all results end up in the array:

$report = '{0} elements collected in {1:n1} seconds'

$report -f $bucket.Count, $stopwatch.Elapsed.TotalSeconds




10000 elements collected in 5.2 seconds




Fast example




# an empty ArrayList is used as a bucket to collect results:

$bucket = [System.Collections.ArrayList]@()




# use a stopwatch to measure performance

$stopwatch = [System.Diagnostics.Stopwatch]::StartNew()




# a loop does something, i.e. scans computers, processes database records,

# examines files, etc.:

1..10000 | Foreach-Object {

      # result are added using the Add() method

      $null = $bucket.Add("I am adding $_")

}




# all results end up in the array:

$report = '{0} elements collected in {1:n1} seconds'

$report -f $bucket.Count, $stopwatch.Elapsed.TotalSeconds




10000 elements collected in 1.7 seconds




Even faster example

# use a stopwatch to measure performance

$stopwatch = [System.Diagnostics.Stopwatch]::StartNew()




# let PowerShell handle object creation

$bucket = 1..10000 | Foreach-Object {

      # simply return the result

    # PowerShell wraps all results in an array automatically

      "I am adding $_"

}




# all results end up in the array:

$report = '{0} elements collected in {1:n1} seconds'

$report -f $bucket.Count, $stopwatch.Elapsed.TotalSeconds




10000 elements collected in 0.8 seconds
GD Star Rating
loading...
GD Star Rating
loading...

Error:

Desktops showing activation errors randomly after 6 months or working fine.

This is possibly caused after the reimaging done late last year but no idea why it takes +6 months to show up.

Error message when trying to activate:

Devices are acting as if it’s trying to connect to a KMS server.

 Error 0x8007232B DNS name does not exist 

Fix:

Device must be activated with the ORIGINAL key

Find the original key with this command;  wmic path softwarelicensingservice get OA3xOriginalProductKey

Go to windows activation, Settings > Update & Security > Activation

And Change product key to this original key. (need to have admin permissions)

Activate windows and you’re golden!

Don’t be smart and try to change the key and activate through the “SLMGR /ipk” command, THIS FAILS!! And will lead you down a path of despair… Don’t follow me.

GD Star Rating
loading...
GD Star Rating
loading...