Server - Active Directory migration Tool guide

There is an interesting Microsoft tool that give you the ability to migrate users from a domain to another (that is not present on destination)

For that purpose I am indicating relative microsoft guide and tool download link:

Active Directory Migration Tool (ADMT) Guide: Migrating and Restructuring Active Directory Domains Download

ADMT v3.2 has been updated and re-released at https://connect.microsoft.com/site1164. 

Download the Windows Server Active Directory Migration Tool (ADMT) V3.2.

Windows 10 - Multilanguage download and procedure

If you want to install windows 10 multilanguage you need to:


  1. start --> run –> lpksetup
  2. Install Display Languages
  3. browse following cab that you downloaded

here they are full download links:

Windows 10 32-bit language packs direct download links


Windows 10 64-bit language packs direct download links

Vmware - Certificate renew and Hostname or IP has changed. Regenerating the self-signed certificates.

I was not able to connect to vCenter Server Appliance, so I restarted it.

 After that it showed that it will be renewed ssl certificates because VCSA wasn´t restarted for a long period (more than one year in this case).

Later in console I got stuck on:

Hostname or IP has changed. Regenerating the self-signed certificates.
Starting VMware vPostgres: ok
Waiting for the embedded database to start up: .[OK]

Issue was solved using this article: 

Veeam - B&R 7/8/9 stopped to work when renamed server name how to solve

With Veeam 7/8/9 B&R stop to work if you rename server.

To restore functionality you need to change and analyze these register fields putting new server name.

I suggest to eviscerate every single key, could you have more subfolder than in my case

HKLM\SOFTWARE\
Veeam\Veeam Backup and Replication\SqlServerName
Veeam\Veeam Backup Catalog\CatalogSharedFolderPath


HKLM\SOFTWARE\Wow6432Node
\Veeam\Veeam Backup and Replication\SqlServerName
\Veeam\Veeam Backup Catalog\CatalogSharedFolderPath
\Veeam\Veeam Backup Packages\{06C5CCDE-FB93-4566-A13F-75C8A2AFABDC}\{564d7967-2024-de0e-f087-bc2e39fba624}\name


It's important that you will change registry keys that are related to sql istances:

\\HKLM\Software\VeeaM\Veeam Backup Catalog\SqlServerName (Should be local)
\\HKLM\Software\VeeaM\Veeam Backup Reporting\SqlServerName (Should be local)

Tips - How to forcely remove printer driver

If you need to forcely remove printer driver this article would be suitable for that purpose:

http://www.devadmin.it/2016/03/01/rimozione-forzata-driver-stampante/

Virus - Cryptlocker and Ramsoware mitigation actions

From this article I proceed to highlight main activities to mitigate Cryptlocker. 

More details on original italian article.

http://www.devadmin.it/2016/02/15/crypto-ransomware-mitigations/

<------->

Considering that this kind of virus can not be solved with normal AV definition here they are some mitigation approaches:

1. Using a product like Sophos UTM (Unified threat management)

2. Proceed to block these files extension going over extension itself but analyzing file header too (this task should be done from antispam provider/tools)


  • Applications Files: *.exe, *.lnk, *.pif, *.dll, *.ocx, *.sys, *.scr, *.msi, *.msp, *.gadget, *.application, *.com, *.hta, *.html, *.htm, *.jar, *.cpl, *.msc, *.hlp
  • File VBScript e JavaScript: *.vb, *.vbs, *.vbe, *.js, *.jse
  • File script Monhad (rinominato poi in ProwerShell): *.msh, *.msh1, *.msh2, *.mshxml, *.msh1xml, *.msh2xml
  • File script PowerShell: *.ps1, *.ps1xml, *.ps2, *.ps2xml, *.psc1, *.psc2
  • File script DOS: *.bat, *.cmd
  • File Windows Script: *.ws, *.wsf, *.wsc, *.wsh
  • File di collegamento e configurazione: *.lnk, *.pif, *.sfc, *.inf, *.reg
  • *.zip, *.rar, *.7z.

3. With outlook you could filter precedents attachment extentions using these articles:

Blocked attachments in Outlook

KB829982 You may receive an “Outlook blocked access to the following potentially unsafe attachments” message in Outlook

4. Turnoff hyperlink inside Outlook


5. Block application running inside user profile (could create problems)

You can utilize this article to create suitable GPO to prevent this kind of problem:

http://www.mcbsys.com/blog/2013/10/block-user-folder-executables/

6. Enabling File extension view creating a GPO for that

image

Alternatively using Folder Options Extension


7. Using The Enhanced Mitigation Experience Toolkit a Microsoft tool that was created against Zero Day vulnerabilities.

8 . Verifying that each user has minimal permissions on pc/shares to maximum reduce attack surface utilizing these tools too:

9.  Enabling server auditing on shares and files to quickly identify infection location searching for technet Microsoft article, otherwise there is this script 

Auditing File Access on File Servers


Here is Netwrix free tool ( Netwrix Change Notifier for File Servers)

[udate 2016.05.16]

Very intersting Microsoft Article.

I am highlighting more important sections:

https://blogs.technet.microsoft.com/mmpc/2016/05/18/the-5ws-and-1h-of-ransomware/

Tips - Office 2007/201x email search problem

If you are facing search problem on Outlook 2007/2010 a possible solution it could be:

1. Windows 7 --> control panel --> Indexing Options --> Advanced --> TroubleShoogint (Delete and rebuild index) --> REBUILT





2.  If you do not find email you should:


  • Stop windows Search service.
  • cmd with Administrative rights
    net stop wsearch
  • Set to 0 this key:

    HKLM\Software\Microsoft\Windows Search\SetupCompletedSuccessfully
  • restart Outlook
    Related article 

3. About Outlook search returns No matches found you can review following KB 2769551 Microsoft article with all step by step procedures:

https://support.microsoft.com/en-us/kb/2769651

720check