Pagine

SCCM - How to disable local Administrator Account

If you need to disable local Administrator account, change/set password or create new local Admin/user you can review previously article about GPO approach.

GPO - How to create local Administrator account using Group policies
http://www.alessandromazzanti.com/2017/04/gpo-how-to-create-local-administrator.html

Otherwise you can do that using SCCM.

Summarizing you would need to create a simple CI checking on specific collection verifyng thereshold relatively devices that have local Administrator account enabled, apply remediation (account disabling) and finally have available reports/alerts.

Here it is more verbosely article:

https://4sysops.com/archives/disable-the-local-administrator-account-with-sccm/

Windows 10 - Pro Workstation announcement about new release

Microsoft is going to release, during next months, following win 10 version:

https://blogs.windows.com/business/2017/08/10/microsoft-announces-windows-10-pro-workstations/

This announcement due to fact actually Windows 10 has this hardware limitation and often for particular activities on Workstation Microsoft server edition are installed as welle: 

  •  2 CPU, 256 cores and up to 2TB. RAM.
Windows 10 pro for Workstation is going to have these features:


  • ReFS (Resilient file system) support. (new Microsoft file system)
    ReFS provides cloud-grade resiliency for data on fault-tolerant storage spaces and manages very large volumes with ease. ReFS is designed to be resilient to data corruption, optimized for handling large data volumes, auto-correcting and more. It protects your data with integrity streams on your mirrored storage spaces. Using its integrity streams, ReFS detects when data becomes corrupt on one of the mirrored drives and uses a healthy copy of your data on the other drive to correct and protect your precious data.
  • Persistent memory support: 
    Windows 10 Pro for Workstations provides the most demanding apps and data with the performance they require with non-volatile memory modules (NVDIMM-N) hardware. NVDIMM-N enables you to read and write your files with the fastest speed possible, the speed of the computer’s main memory. Because NVDIMM-N is non-volatile memory, your files will still be there, even when you switch your workstation off.
  • SMB Direct support and lan card based on Remote Direct Memory Access (RDMA)
  • CPU Intel Xeon and AMD Opteron support till 4 CPU and  6 TB RAM.
Actually Windows 10 versions are going to become 12 (from 10):

  1. Windows 10 Home
  2. Windows 10 Pro
  3. Windows 10 Enterprise
  4. Windows 10 Education
  5. Windows 10 Pro Education
  6. Windows 10 Enterprise LTSB
  7. Windows 10 Mobile Enterprise
  8. Windows 10 Mobile
  9. Windows 10 IoT
  10. Windows 10 S
  11. Windows 10 Team
  12. Windows 10 Pro for Workstations

Here it is relative recap:

GPO - Wifi pcs and policy applying problems

Company laptop that connect to domain via WiFi could not apply correctly policies due to WiFi connection unavailability.

There are two alternatives to solve issue customizing properly GPO:

You can do this with Group Policy, using the Always wait for the network at computer startup and logon policy setting.  

https://technet.microsoft.com/en-us/library/gg486839.aspx

gplogon.jpg

Alternatively adding a delay during policy appling this policy:

Policy Location: Computer Configuration > Policies > Admin Templates > System > Group Policy
Setting Name: Startup policy processing wait time
Registry Key: HKLM\Software\Policies\Microsoft\Windows\System!GpNetworkStartTimeoutPolicyValue

https://support.microsoft.com/it-it/help/2421599/windows-7-clients-intermittently-fail-to-apply-group-policy-at-startup

Tips - Fix network connection issues in Windows 10

Here it is an interesting Microsoft article that well explain several easy workaround useful to reset windows 10 network issues.

you can use this command line syntax executing command prompt with Administrative rights:

ipconfig /flushdns
netsh winsock reset

netsh winsock reset proxy

https://support.microsoft.com/en-us/help/10741/windows-10-fix-network-connection-issues


<------------>
Using network reset should be the last step you try. Consider using it if the steps above don’t help to get you connected.
This can help solve connection problems you might have after upgrading from a previous version of Windows to Windows 10, as well as fix problems where you can connect to the Internet but not to shared network drives. It removes any network adapters you have installed and the settings for them. After your PC restarts, any network adapters are reinstalled, and the settings for them are set to the defaults.
  1. Select the Start  button, then select Settings  > Network & Internet  > Status > Network reset.
  2. On the Network reset screen, select Reset now > Yes to confirm.
    Wait for your PC to restart and see if that fixes the problem.


wnr_2

Freeware - Teracopy and RichCopy two GUI tools for coping files

I would like to highlight two software that should be allways in your IT tool collection.

Here they are characteristic and explanations.

TeraCopy 3.1

It is a compact program designed to copy and move files at the maximum possible speed, providing the user a lot of features:

  • It uses dynamically adjusted buffers to reduce seek times. Asynchronous copy speeds up file transfer between two physical hard drives.
  • Pause and resume file transfers. 
  • Error recovery. In case of copy error, it will try several times and in the worse case just skips the file, not terminating the entire transfer.
  • Interactive file list. It shows failed file transfers and lets you fix the problem and recopy only problem files.
  • Shell integration. TeraCopy can completely replace Explorer copy and move functions, allowing you work with files as usual.
  • Full Unicode support.

Spotlight RichCopy


offers a number of granular controls that allow you to tailor file copying to your needs


Freeware - UninstallView from NirSoft

Today I would like to highlight UninstallView is a new tool for Windows that collects information about all programs installed on your system and displays the details of the installed programs in one table. 
You can use it to get installed programs information for your local system, for remote computer on your network, and for external hard-drive plugged to your computer. It also allows you to easily uninstall a software on your local computer and remote computer (Including quiet uninstall if the installer supports it).

Disaster Recovery - Ex-Admin Deletes All Customer Data and Wipes Servers of Dutch Hosting Provider

Today I would like to mention this incredible history about an ex-Administrator proceeded to delete and wipe all customers servers.

You can review following image that well explain what happened:

Verelox, a provider of dedicated KVM and VPS servers based in The Hague, Netherlands, suffered a catastrophic outage after a former administrator deleted all customer data and wiped most of the company's servers.



more details can be found here:

https://www.bleepingcomputer.com/news/security/ex-admin-deletes-all-customer-data-and-wipes-servers-of-dutch-hosting-provider/

Windows 10 - How to: Move from BIOS to UEFI with the new Windows 10 Creators Update

Microsoft Mechanics delivers a comprehensive yet concise explanation of how you can safely and non-destructively convert a Windows 10 machine from legacy BIOS to UEFI disk partitioning.

Windows Program Manager, Desmond Lee, demonstrates the new MBR2GPT disk conversion tool that’s part of Windows 10 Creators Update. 
This is a comprehensive yet concise overview that explains how you can safely and non-destructively convert a Windows 10 machine from legacy BIOS to UEFI disk partitioning; and how you can automate the conversion as part of your in-place upgrade process from Windows 7 to Windows 10. 

Importantly, unlike wipe and load methods, all of this can be achieved without having to move your data off the disk.
To learn more please also check out: http://aka.ms/mbr2gpt


Scripting - Nslookup and debugging mode

About Nslookup command you can review old blog articles.

Nslookup

I would like to highlight this interesting Microsoft article and debug switch to have more debug capability when nslookup is launched and there are some unknown DNS query problems.

Scripting - Il comando NSLOOKUP parte 2 (piu' DIG)

Scripting - comando nslookup

Server - How to verify that your mail server work properly

<-------->


Nslookup's debug mode is a useful troubleshooting feature; you can set the local computer into this mode by typing set debug , or for even greater detail, set d2 . In debug mode, Nslookup lists the steps being taken to complete its commands, as shown in this example:

C:\>nslookup
(null) testpc1.reskit.com
Address: 172.16.8.190
> set d2
> rain-city
(null) testpc1.reskit.com
Address: 172.16.8.190
------------
SendRequest(), len 49
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
rain-city.reskit.com, type = A, class = IN
------------
------------
Got answer (108 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 0, additional = 0
QUESTIONS:
rain-city.reskit.com, type = A, class = IN
ANSWERS:
-> rain-city.reskit.com
type = CNAME, class = IN, dlen = 31
canonical name = seattle.reskit.com
ttl = 86400 (1 day)
-> seattle.reskit.com
type = A, class = IN, dlen = 4
internet address = 172.16.2.3
ttl = 86400 (1 day)
------------
(null) seattle.reskit.com
Address: 172.16.2.3
Aliases: rain-city.reskit.com