Windows 7/8.X/10 - Installation Media creation

If you have necessity to reinstall your operative system on your pc but you are unable to find original installation media you can easily refer to following Microsoft article.

Make sure you have:

  1. Your Windows product key (xxxxx-xxxxx-xxxxx-xxxxx-xxxxx). 
  2. An internet connection.
  3. Sufficient data storage available on a computer, USB or external drive for the download.
  4. A blank USB or DVD (and DVD burner) with at least 4 GB of space if you want to create media. We recommend using a blank USB or blank DVD, because any content on it will be deleted.

https://support.microsoft.com/en-us/help/15088/windows-create-installation-media

Powershell - PSScriptAnalyzer Microsoft tool to verify code meets best practises

PSScriptAnalyzer is a PowerShell module created by Microsoft to be used as a litmus test to figure out if PowerShell code meets certain best practices. It contains various rules that have been created by Microsoft and the open source community as an attempt to ensure all code meets a certain defined standard. If you're wondering how "good" your PowerShell code is, PSScriptAnalyzer is a great tool to use.

PSScriptAnalyzer can be downloaded from the PowerShell Gallery by using the Install-Module command


Install-Module -Name PSScriptAnalyzer

It has only two commands:

Get-ScriptAnalyzerRule 
Invoke-ScriptAnalyzer

Invoke-ScriptAnalyzer -Path C:script_name.ps1



If you have more than a single script to test, Invoke-ScriptAnalyzer can also be pointed at entire folders and can recursively check each script inside.

If you want to go deeper on this tool usage you can review this Microsoft article too:

https://blogs.technet.microsoft.com/heyscriptingguy/2017/01/31/psscriptanalyzer-deep-dive-part-1-of-4/

Download:

https://www.powershellgallery.com/packages/PSScriptAnalyzer/1.11.1

Antivirus - WannaCry Free Decryptor tool

If you got your PC infected, your data have been encrypted and PC is not rebooted yet you can use following tool to help you on decrypt files.

This tool is able to find encrypting key that virus maintained in PC memory.


https://github.com/gentilkiwi/wanakiwi/releases


More details about Wannycry can be found reviewing following article:


http://www.alessandromazzanti.com/2017/05/hacker-emergency-patch-kb4012598.html


[update 2017.06.11]


1) Considering that wanncry encrypt files and delete originals here it is recovery free tool:


https://www.easeus.com/data-recovery/recover-decrypt-wannacrypt-encrypted-files.html


2) Downloading and Using the Trend Micro Ransomware File Decryptor

Download Link

3) Welcome to No Ransom, the place to find the latest decryptors, ransomware removal tools, and information on ransomware protection.

What is ransomware? It’s a malware (a Trojan or another type of virus) that locks your device or encrypts your files, and then tells you that you have to pay ransom to get your data back. It’s not cheap, and there’s no guarantee of success. If you become a victim of ransomware, try our free decryption tools and get your digital life back.

https://noransom.kaspersky.com/

[update 2017.08.16]

new link:


https://www.microsoft.com/it-it/download/malicious-software-removal-tool-details.aspx 


About some tools I would suggest these:

Malwarebytes and Bitdefender.

Here they are some free MAC Antivirus:

About Wannacry and similar ramsoware you can review this blog article, consider these toos to:

Antivirus - WannaCry Free Decryptor tool

Hacker - MS17-010 patch KB4012598 against Wannacry Ramsoware

Vaccinator
-  immunizer against Petya and other ransomware. 

Some precedently information was taken reviewing this interesting article:

Tips - Incompatibility between Windows 8 roaming user profiles and roaming profiles in other versions of Windows

Symptons:

Roaming user profiles on Windows 8-based or Windows Server 2012-based computers are incompatible with roaming user profiles in other versions of Windows. 

Profiles are compatible only between the following client and server operating system pairs: 
  • Windows 8.1 and Windows Server 2012 R2
  • Windows 8 and Windows Server 2012 
  • Windows 7 and Windows Server 2008 R2
  • Windows Vista and Windows Server 2008  
Note In this article, when the client operating system is referenced, the same issue applies to its corollary server operating system. 

For example, if you try to deploy Windows 8 in an environment that uses roaming, mandatory, super-mandatory, or domain default profiles in Windows 7, you experience the following:
  • After you use a user account that has an existing Windows 7 profile to log on to a Windows 8-based computer for the first time, the components from Windows 8 read and modify the profile state.
  • Certain Windows 8.1 features may not work as expected because the expected profile state is not present.
  • When you try to use the same user account to log on to a Windows 7-based computer, the user profile modification that was performed in Windows 8 may not work as expected in Windows 7.
The issues occur because the profile will contain values that are used differently between the versions of Windows. The user profile will be missing default profile configuration information that is expected by the operating system, and could contain unexpected values that are set by a different operating system version. Therefore, the operating system will not behave as expected. Additionally, profile corruption may occur.

Hotfix download:

https://support.microsoft.com/en-us/help/2887239/incompatibility-between-windows-8-roaming-user-profiles-and-roaming-profiles-in-other-versions-of-windows

Monitor - Veeam One free edition 9.5

In blog monitor section you can find several monitor tools/way.

http://www.alessandromazzanti.com/search/label/Monitoring

Other than that today I would like highlight again Veeam One free edition tool (obviously paid version is better but just to start) useful to monitor entirely Vmware/HyperV infrastructure is really a good beginning.

https://www.veeam.com/virtual-server-management-one-free.html

Product Overview Veeam ONE: Free vs Paid What's New in 9.5 (ONE) 
DOWNLOAD FREE
Free forever – unlimited VMs


Following you can review some screen shots, consider that this product has several features, most important and straights are real time dashboard, statistician and report capability (for historian purpose and view top VM/hosts/ram/disk massive usage), real time alerting..
it can monitor Veeam Backup&Replication infrastructure with single backup job monitoring in conjunction with any other related issue.


Gain Your business actual status overview:







Building custom reports

Antivirus - Check files/Website/email in real time on all Antivirus vendors

During these years I often had necessity to check files/emails/Url to understand if they had any sort of infection that was not yet discovered from latter antivirus definitions.

To get this result often I connect through this website that query all major AV versions and relative latter definitions.

Decisively useful.

https://www.virustotal.com/it/

VirusTotal

Backup - Veeam Direct Restore to Microsoft Azure

Here it is interesting Veeam article:

https://www.veeam.com/cloud-direct-restore-azure.html



Direct Restore to Microsoft Azure, included in NEW Veeam Availability Suite 9.5, delivers cloud restore for Veeam backups to Microsoft Azure cloud. Veeam’s Direct Restore to Microsoft Azure enables admins to restore or migrate physical (P2V) or virtual (V2V) workloads to Azure 

The Azure Virtual Machine Agent is installed automatically (on Windows-based VMs only), and sequential, parallel disk and VM-restore options are available.

Now se can easily execute planned workload migrations of VMware and Hyper-V VMs or remaining legacy physical servers to the cloud.

Azure can be very used as a test environment. Since it is created from your backups, it mirrors your production environment, and you can safely test patches and critical updates before rolling them out to production.

REMARK: Veeam recommends installation of a gateway server (optional), running on an Azure VM, for improved performance.

Meanwhile I would like to highlight this Veeam product too:

Veeam FastSCP for Microsoft Azure

Veeam FastSCP™ for Microsoft Azure delivers easy-to-use, reliable and fast file copy for Azure VMs. This free standalone utility provides secure file copy over HTTPS with built-in encryption (no VPN needed), scheduled file copy jobs and a wizard-driven UI to transfer files in just a few clicks — with no scripting knowledge required.

Tools - EventLogChannelsView Nirsoft tool to view all event channels in your pc/server

EventLogChannelsView is a simple tool for Windows 10/8/7/Vista that shows the list of all event log channels on your system, including the channel name, event log filename, enabled/disabled status, current number of events in the channel, and more... 
It also allows you to easily make some actions on multiple channels at once: enable/disable channels, set their maximum file size, and clear all events stored in the channels.

http://www.nirsoft.net/utils/event_log_channels_view.html


Backup - Veeam Backup for free v.2.0 for Client/Laptop

Veeam - 57 restore scenarioVeeam Agent for  Windows easily back up  PC to an external hard drive, NAS (network-attached storage) share or a Veeam Backup & Replicatio repository, here they are more details:

https://www.veeam.com/windows-endpoint-server-backup-free.html

Product Overview Free Product Overview Editions Comparison User Guide Veeam Agent Configurator | FAQ


Download Link

Windows servers and workstations can be saved in this way too:


Major v.2 features:

  • Direct Restore to Microsoft Azure: Restore or migrate on-premises, Windows-based physical server and endpoint backups directly into Microsoft Azure
  • Synthetic full backups: Eliminate the need for periodic full backups by creating forever-incremental backups that save time and storage
  • Windows 10 & Windows 2016 Server full support
  • CryptoLocker protection for USB Storage: Protect USB-based storage targets from potential CryptoLocker threats by automatically ejecting them after a successful job run
  • Recovery options: Bare-metal restore: Restore your entire system to the same or different hardware
  • Volume-level restore: Restore a failed hard drive or corrupted partition.
  • File-level restore: Restore individual files from ANY backup type few minutes.





Bootable recovery media:


  • Reset password: Reset the password for the built-in administrator account.
  • Startup repair: Fix system problems that might prevent Windows from starting (e.g., missing or damaged system files, corrupted boot sector, etc.) Learn more
  • Memory diagnostics: Check the system memory of your computer and detect potential problems after the next system reboot. Learn more
  • Command prompt: Start the Microsoft Windows command prompt (cmd.exe)




Integration with Veeam Backup & Replication

  • If you’re using Veeam Backup & Replication in your VMware vSphere or Microsoft Hyper-V virtual environment, you’ll be able to take full advantage of Veeam backup repositories as target locations for your Veeam Agent for Microsoft Windows jobs.
  • In this way you could get endpoint backups off site to disk, tape or even the cloud with Backup Copy and Backup to Tape jobs




Here they are more Veeam blog articles:

Backup - Veeam free e-book: Conversational Ransomware Defense and Survival

Veeam - Incremental vs. differential methods compare

Veeam Explorer for Active Directory and Group policy Object Restore procedure

Microsoft - Azure and Veeam Connect

Veeam - Backing up Domain Controller: Best practices for AD protection (Part 1,2,3 and 4)

Monitoring - VirtualWin with Autoswitcher plugin

Server - how to expose QNAP iscsi storage to Vmware based system

[update 2019.05.13]

Here they are updated links to all QNAP Storage products:

https://www.qnap.com/it-it/product/

Hacker - MS17-010 patch KB4012598 against Wannacry Ramsoware

Before starting reading I proceeding to indicate Microsoft articles, I hope companies will realize to invest more and more on security, IT Infrastructure and high professional IT guys.

Here it is Microsoft patch that was released, as zero days patch, description:


Customer Guidance for WannaCrypt attacks

Consider that WannaCry code use National Security Agency malware used to steal data using Microsoft vulnerabilities. The worst news is that NSA used that vulnerabilities withouth advicing microsoft.

<----------->
Wannacry uses precedent patch Microsoft vulnerabilities to attack windows pc that are exposed through internet with 445 port opened. (at least 1 Millions)

Once worm attach shared folder, it is in LAN and highly speed wormable.

Microsoft took unusual decision providing security patch users and customers with unsupported O.S. versions ( XP/Vista/2008/2003)


Here it is Patch Download link about all O.S. versions :



If you want view actual WannaCry diffustion through map you need to go here:




If you're running a vulnerable system and can't install the patch for some reason, Microsoft has two pieces of advice:

a. Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 and this ones.

A quick way to do that is going to this register key:

HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 and setting up it equal to 0


Otherwise you can review this article:

https://www.saotn.org/disable-smbv1-windows-10-windows-server/

b. Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445



[update 2017.05.18]

Some malware versions to be enable "kill Switch" need to have traffic enabled versus following URLs ( that is in some malware versions)
hxxp://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com
hxxp://www[.]ifferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com


indeed, to verify that pc is infected you need to search files with following extention:


 .wncry

Worm has a kill-switch that block work once domain query is succesfully (www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) and was blocked due to a guy that registered domain name after reverse engineering, we suspect that next software version will no longer have this Kill-Switch command.

https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r/

https://www.achab.it//achab.cfm/it/blog/achablog/cryptovirus-wannacry-finalmente-e-arrivato

[update 2017.08.16]

new link:


https://www.microsoft.com/it-it/download/malicious-software-removal-tool-details.aspx  

About some tools I would suggest these:

Malwarebytes and Bitdefender.

Here they are some free MAC Antivirus:

About Wannacry and similar ramsoware you can review this blog article, consider these toos to:

Antivirus - WannaCry Free Decryptor tool

Hacker - MS17-010 patch KB4012598 against Wannacry Ramsoware

Vaccinator
-  immunizer against Petya and other ransomware. 

Some precedently information was taken reviewing this interesting article:

Backup - Veeam free e-book: Conversational Ransomware Defense and Survival

I would like to highlight this Veeam article that permit to download following e-book

https://www.veeam.com/blog/why-ransomware-threat-is-important.html

Conversational Ransomware Defense and Survival introduces ransomware and explains how it evolved into such a dangerous digital threat. Ransomware doesn’t discriminate, so this guide is useful to everyone: IT pros, IT decision makers and executives, from small businesses to large enterprises and across all verticals.

Ransomware has become one of the most feared threats for IT environments, reaching $1B in payments in 2016. The malware produces damage not only by the actual cost of ransom, but also by causing revenue decreases due to loss of productivity and a seriously affected reputation. There’s no mercy in ransomware attacks and affected targets can be businesses of any size and shape — even personal computers aren’t skipped.

But why is ransomware gaining notoriety instead of being vanquished? There are many factors that favored the ascension of ransomware, and unfortunately, it’s not going away anytime soon. Ransomware has been developing like an actual software product, with upgrades and enhancements being pushed really fast. This level of organization requires big budgets and R&D teams, which many legit organizations don’t have. Ransomware built its success on the weakness of the human element in IT environments, and by using social engineering, cybercriminals trick their targets into opening email attachments or clicking harmful URLs. The bad news is that cybercriminals are getting better and better at extorting money from their victims. The real solution is to be fully prepared.

Conversational Ransomware Defense and Survival

Download Link:

https://www.veeam.com/conversational-ransomware-defense-survival_wpp.pdf


<============>

Hacker - Ransomware CryptON decryptor tools

http://www.alessandromazzanti.com/2017/03/hacker-ransomware-crypton-decryptor.html

Virus - Cryptlocker and Ramsoware mitigation actions

http://www.alessandromazzanti.com/2016/04/virus-crypto-ransomware-mitigations.html

Tips - How to remove Teslacopy Virus

http://www.alessandromazzanti.com/2015/04/tips-how-to-remove-teslacopy-virus.html

Antivirus - How to remove/block Cryptlocker

http://www.alessandromazzanti.com/2013/11/antivirus-how-to-removeblock-cryptlocker.html

Drivers - How to backup windows 10 drivers

Here they are two ways to backup Windows 10 drivers:

1. Start --> Cmd -->

dism /online /export-driver /destination:d:\drivers-backup


2. Start PowerShell as Administrator -->

Export-WindowsDriver -Online -Destination D:\Drivers-Backup


Driver backup restore can be done from  device manager:

start --> devmgmt.msc --> right click on device where you need to update driver --> update Driver Software ... ---> Browse my computer for driver software

Windows 2016 - How to convert evaluation to licensed version

You can verify if your windows 2016 version is in evaluation mode:

start --> cmd (Administrative permissions) --> DISM /online /Get-CurrentEdition

"Currrent Edition : ServerStandardEval "

start --> cmd (Administrative permissions) -->  winver

If you want to convert license:

start --> cmd (Administrative permissions) --> DISM /online /Get-TargetEditions

You will have these options:

ServerStandard
ServerDatacenter

start --> cmd (Administrative permissions) --> DISM /online /Set-Edition: /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula

REMARK: This procedure work only if a KMS host server is working in the lan (and KMS role correctly configured)

Tips - How to Fix Pinned Jump List problems in Windows 7/8/8.1/10

If you are facing problems, using file explorer, and having this behavior you might review this article about related fixes.

image


you need to delete all files that you will find in this path:


%APPDATA%\Microsoft\Windows\Recent\AutomaticDestinations


https://www.howtogeek.com/howto/5245/fix-for-when-pinned-jump-list-items-get-stuck-in-windows-7/



[update 2020.04.29]

Please review below article if you like to increase jump list show items:

Windows 10 - How to increase Jump list items number

SQL- How to determine which version and edition of SQL Server Database Engine is running


If you want to determine which SQL version and edition is running on your server/client you can use this complete Microsoft article:

https://support.microsoft.com/en-us/help/321185/how-to-determine-the-version,-edition-and-update-level-of-sql-server-and-its-components

Here they are some articles parts that I copied and pasted below:

<--------------->

To determine the version of SQL Server, you can use any of the following methods.

Method 1: Connect to the server by using Object Explorer in SQL Server Management Studio. After Object Explorer is connected, it will show the version information in parentheses, together with the user name that is used to connect to the specific instance of SQL Server.

Method 2: Look at the first few lines of the Errorlog file for that instance. By default, the error log is located at Program Files\Microsoft SQL Server\MSSQL.n\MSSQL\LOG\ERRORLOG and ERRORLOG.n files. The entries may resemble the following:
 
2011-03-27 22:31:33.50 Server      Microsoft SQL Server 2008 (SP1) - 
10.0.2531.0 (X64)

                March 29 2009 10:11:52

                Copyright (c) 1988-2008 Microsoft Corporation

Express Edition (64-bit)
on Windows NT 6.1  (Build 7600: ) 
This entry provides all the necessary information about the product, such as version, product level, 64-bit versus 32-bit, the edition of SQL Server, and the OS version on which SQL Server is running.

Method 3: Connect to the instance of SQL Server, and then run the following query:

Select @@version 

Here it is a sample screenshot:

Example of changed output

Method 4: Connect to the instance of SQL Server, and then run the following query in SQL Server Management Studio (SSMS):

SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY ('productlevel'),


SERVERPROPERTY ('edition') 

Method 5

SQL Server Configuration Manager --> SQL Server Services --> Right-click SQL Server (PROFXENGAGEMENT), and click Properties.
Click on the Advanced tab.

Browse to Stock Keeping Unit Name and Version.

https://support.cch.com/kb/solution.aspx/sw1873

Method 6 This is a very well done sql version related blog:


http://sqlserverbuilds.blogspot.fr/

I copy and paste a quickly summary:

 RTM (no SP)SP1SP2SP3SP4
↓ SQL Server vNext
     codename Helsinki
not yet released
 
    
↓ SQL Server 201613.0.1601.513.0.4001.0
or 13.1.4001.0
↓ SQL Server 201412.0.2000.812.0.4100.1
or 12.1.4100.1
12.0.5000.0
or 12.2.5000.0
  
↓ SQL Server 2012
     codename Denali
11.0.2100.6011.0.3000.0
or 11.1.3000.0
11.0.5058.0
or 11.2.5058.0
11.0.6020.0
or 11.3.6020.0
 
↓ SQL Server 2008 R2
     codename Kilimanjaro
10.50.1600.110.50.2500.0
or 10.51.2500.0
10.50.4000.0
or 10.52.4000.0
10.50.6000.34
or 10.53.6000.34
 
↓ SQL Server 2008
     codename Katmai
10.0.1600.2210.0.2531.0
or 10.1.2531.0
10.0.4000.0
or 10.2.4000.0
10.0.5500.0
or 10.3.5500.0
10.0.6000.29
or 10.4.6000.29
↓ SQL Server 2005
     codename Yukon
9.0.1399.069.0.20479.0.30429.0.40359.0.5000
↓ SQL Server 2000
     codename Shiloh
8.0.1948.0.3848.0.5328.0.7608.0.2039
↓ SQL Server 7.0
     codename Sphinx
7.0.6237.0.6997.0.8427.0.9617.0.1063