Cisco - How to enable custom SNMP community on SF200

Here it is a simple and straight article that guide you through SNMP custom community configuration on Cisco SF200 and other models like (Cisco Small Business devices)

https://support.auvik.com/hc/en-us/articles/204310474-How-to-enable-SNMP-and-login-on-Cisco-Small-Business-devices

Cloud - Microsoft Tutorial

Today I would like to share this Microsoft Training that explain cloud concepts and principles:

https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/

SCCM - Video Tutorial about Microsoft Edge pushing to Hundreds/Thousands of Devices

Here it is an interesting tutorial that explain how to massive push Edge to several devices.

Edge download must be launched using below link:

https://www.microsoft.com/it-it/edge/ 

But for enteprise and massive pushing here it is correct download link:

https://www.microsoft.com/it-it/edge/business/download

Server - USB Anywhere

Today I would like to focalize on USB Anywhere devices that permit to connect USB devices over the network in virtualized environments such as Vmware.


This solution is ideal for connecting USB devices over the network in virtualized environments such as VMware.

• AnywhereUSB 24 Plus is rack mountable with two power supplies and Ethernet connections for failover redundancy (2x Ethernet and 2 x SFP+).
• Access and monitor USB and serial devices over TCP/IP connection.
• Supports multi-host connectivity for each USB port or group independently.
• USB 3.1 Gen 1 Type A.
• Charging ability.
• Connection encrypted with TLS 1.2.

Videos and documentations are here located:

https://www.digi.com/products/networking/usb-connectivity/usb-over-ip/anywhereusb#resources

 

Here it is datasheet:

https://www.digi.com/pdf/anywhereusb-plus-ds

 

Here they are some screenshots:

Original link:

https://www.digi.com/products/networking/usb-connectivity/usb-over-ip/anywhereusb

NETWORK - CISCO how to open a case #TAC

If you need to open a Cisco CASE hou need to:

1.) Logon here:

https://www.cisco.com/c/en/us/index.html

Support --> Contact Support --> Open New Case

Or using below link

https://mycase.cloudapps.cisco.com/case 

2.) Open a new case

3.) Insert Serial Number, click on search button and then Next

4.) Final next page you need to fullfill case required fields (like title, problem description, email contacts etc. etc.)

Windows 10 - Version 20H2 & Windows Update for Business

Here it is a direct link about new features available on Windows 10 Version 20H2,

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-new-for-it-pros-in-windows-10-version-20h2/ba-p/1800132

I would like to mention  an alternative patch management tool to Windows Server Update Services (WSUS) named Windows Update for Business:

1. https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb
   
2. https://techcommunity.microsoft.com/t5/windows-blog-archive/what-is-windows-update-for-business/ba-p/167033
   
3. https://techcommunity.microsoft.com/t5/configuration-manager-blog/third-party-updates-and-windows-update-for-business/ba-p/1660970
   

SERVER - How to enable printed documents logs (PRINT SERVER)

Print server role, installed on Windows Server, does not automatically logs, in event viewer, each printed document.

You need to proceed as below to keep track, in event viewer, about this information (Disable Log/Enable Log)

Windows 10 - How to increase Jump list number (pinned items)

 

More details at below blog article link:

https://www.alessandromazzanti.com/2018/09/windows-10-how-to-increase-jump-list.html

Please review below article if you like to increase jump list show items:

Windows 10 - How to increase Jump list items number

Vmware - Installing Cisco ISE VM on ESX farm using OVF tool

Cisco ISE is an excellent product in conjuntion with cisco devices (such as Switches, core switches, WLC, AP and so on)

About VM installation we faced a situation where Cisco ISE 2.6 .OVA file was necessary to be imported in ESX 6.X (6.7 U3) Vmware farm.

We used OVF tool to do that, here there they are actions done about ISE 2.60 .OVA:

1. Download Cisco ISE:
   
   https://software.cisco.com/download/home/283801620/type/283802505/release/2.6.0
   
2. Follow below Cisco articles:
   
   https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/installation_guide/b_ise_InstallationGuide20/Installing_ISE_on_a_VMware_Virtual_Machine.html#task_326DAB6CBB544238B05768EAB3C18C6E
   
   https://www.lookingpoint.com/blog/ise-getting-started
   
3. You must download and install OVF tools:
   
   https://my.vmware.com/web/vmware/details?downloadGroup=OVFTOOL400&productId=353
   
   https://code.vmware.com/web/tool/4.4.0/ovf
   
4. start --> command prompt with administrative rights.
   
   C:\WINDOWS\system32>CD C:\Program Files\VMware\VMware OVF Tool
   
   C:\Program Files\VMware\VMware OVF Tool\ovftool.exe --acceptAllEulas -ds=
   
5. To view .OVA content:
6. C:\Program Files\VMware\VMware OVF Tool>ovftool.exe C:\=UTILITY\=NETWORK\ISE\ISE-2.6.0.156-virtual-SNS3615-SNS3655-600.ova
   OVF version:   1.0
   VirtualApp:    falseName:          ISE-2.6.0.156-virtual-SNS3615-SNS3655-600
   Operating System:   rhel7_64guest
   Virtual Hardware:
   Families:         vmx-09
   Number of CPUs:   16
       Cores per socket: 4
       Memory:           32.00 GB
       Disks:
         Index:          0
         Instance ID:    9
         Capacity:       600.00 GB
         Disk Types:     SCSI-VirtualSCSI
       NICs:
         Adapter Type:   E1000
         Connection:     VM Network
   
         Adapter Type:   E1000
         Connection:     VM Network
   
         Adapter Type:   E1000
         Connection:     VM Network
   
         Adapter Type:   E1000
         Connection:     VM Network
   
         Adapter Type:   E1000
         Connection:     VM Network
   
         Adapter Type:   E1000
         Connection:     VM Network
   
   Deployment Options:
     Id:          small
     Label:       Small
     Description: Use this configuration for small deployments. This deployment
                  will need 16 vCPUs and 32768 Memory for the vApp.
   
     Id:          medium
     Label:       Medium
     Description: Use this configuration for small deployments. This deployment
                  will need 24 vCPUs and 98304 Memory for the vApp.
   
7. C:\Program Files\VMware\VMware OVF Tool>ovftool.exe --acceptAllEulas -ds="datastore1" --net:"VM Network"="VM Network" C:\=UTILITY\=NETWORK\ISE\ISE-2.6.0.156-virtual-SNS3615-SNS3655-600.ova vi://ip_esx
   
8. Opening OVA source: C:\=UTILITY\=NETWORK\ISE\ISE-2.6.0.156-virtual-SNS3615-SNS3655-600.ova
   The manifest validates
   Accept SSL fingerprint (xxxxxx) for host ip_esx as target type.
   Fingerprint will be added to the known host file
   Write 'yes' or 'no'
   yes
   Enter login information for target vi://ip_esx/
   Username: root
   Password: ********
   Opening VI target: vi://root@ip_esx:443/
   Warning:
    - Line 109: Unable to parse 'enableMPTSupport' for attribute 'key' on element 'Config'.
   Deploying to VI: vi://root@ip_esx:443/
   Transfer Completed
   Completed successfully
9. After this operation would be available on ESX Farm

Server - Domain Users can join computers to domain (up to 10) #It is a default domain policy

Few months I discovered that normal AD users are able to join computers to domain (up to 10) without particular grants or settings.

It was a very unexpected news for me.

Default limit to number of workstations a user can join to the domain

"By default, Windows 2000 allows authenticated users to join ten machine accounts to the domain.

This default was implemented to prevent misuse, but can be overridden by an administrator by making a change to an object in Active Directory.

Note that users in the Administrators or Domain Administrators groups, and those users who have delegated permissions on containers in Active Directory to create and delete computer accounts, are not restricted by this limitation."

Here it is AD attribute that define 10 maximum join numbers (you need to to use ADSIEdit.msc):

MS-DS-Machine-Account-Quota

https://docs.microsoft.com/en-us/windows/win32/adschema/a-ms-ds-machineaccountquota?redirectedfrom=MSDN

It is highly recommended to disable this features due to obviously security reasons:

https://docs.microsoft.com/en-us/archive/blogs/dubaisec/who-can-add-workstation-to-the-domain

REMEDIATION:

Due to security reasons is preferable that Authenticated Users cannot join domain computers.

You must modify "Default Domain Policy" permitting domain joins to specifics user or group.

Rafal Sosnowski (Microsoft Dubai Security PFE Team's member) says:

During my numerous Security Audits and Assessments I deliver to customers, I usually discover too wide permissions and user rights configured in Active Directory. One of them is “Add Workstation to the Domain”

It is important to control who can add new machines to our AD environment. Although we can enforce various security settings via GPO on newly added machines, user could join machine which is not configured according to our security standards and at the same time having ownership of various objects in the system (local admin account, ACLs on file system etc.).

<==================>

Here it is full article:

https://www.devadmin.it/2017/07/25/consentire-ad-utenti-non-amministratori-di-aggiungere-computer-a-dominio/