Antivirus – Microsoft Safety Scanner

I would like to mention Microsoft Safety Scanner.

It is a scan tool that permit to find and remove malware.

Usage is really simple, after downloading you simple need to run it to start scanning threat search.

It can be launched only on demand and is available only for 10 days after being downloaded.

BE AWARE to download allways the latest web version

REMARK: For real-time protection with automatic updates, use Windows Defender Antivirus on Windows 10 and Windows 8 or Microsoft Security Essentials on Windows 7. These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on removing difficult threats.

About troubleshooting related to Microsoft Safety Scanner you can review this article too:

https://support.microsoft.com/en-us/help/2520970/how-to-troubleshoot-an-error-when-you-run-the-microsoft-safety-scanner

Veeam - Direct SAN Access

I would like to mention this Veeam Article that was useful in the past to configure Direct SAN Access feature to enhance Backup Veeam Speed and workload.

Direct SAN Access

The Direct SAN access transport mode is recommended for VMs whose disks are located on shared VMFS SAN LUNs that are connected to ESX(i) hosts over FC, FCoE, iSCSI, and on shared SAS storage.

In the Direct SAN access transport mode, Veeam Backup & Replication leverages VMware VADP to transport VM data directly from and to FC and iSCSI storage over the SAN. VM data travels over the SAN, bypassing ESX(i) hosts and the LAN. The Direct SAN access transport method provides the fastest data transfer speed and produces no load on the production network.

The Direct SAN access transport mode can be used for all operations where the backup proxy is engaged:

Backup
Replication
VM copy
Quick migration
Full VM restore
VM disk restore
Replica failback

Azure - How to install Azure Powershell modules on Windows/Linux/macOS

I would like to mention this Microsoft article that easily explain how to install Azure Powershell module on Windows/Linux/MacOS.

Here it is step by step Microsoft article

Install and configure Azure PowerShell

If you want to take confidence with Azure powershell here it is an introduction web guide:

Getting started with Azure PowerShell

With Azure powershell you can easily create Lan Settings, virtual Machines and relative resources, define users, Firewall rules....

Be aware that Azure powershell could be used on web browser too (Cloud Shell)




Windows 10 - SMBv1 disabled by default on Windows 10 Fall Creators Update

About SMBv1 is no longer installed and, if after 15 days is no longer used, it is uninstalled automatically. This is due security problems (that raised at first with Wannacry), you can review these old blog articles as well:

Hacker - MS17-010 patch KB4012598 against Wannacry Ramsoware

Antivirus - WannaCry Free Decryptor tool

Official Microsoft article is:

SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709

Be aware that shared folder using SMBv1 would no longer accessible from computer using Windows 10 1079.

You can re-enable SMBv1 as temporary solution before upgrading shared folder to a newer SMB protocol version.

Related articles:

https://www.devadmin.it/2017/12/11/windows-10-1709-e-smbv1/


Tool - DNS Query Sniffer di Nirsoft

Today I would like to mention this NirSoft Tool (DNS Query Sniffer) that shows DNS queries sent from your PC/Server.

For each query several information are available (Host Name, Port Number, Query ID, Request Type (A, AAAA, NS, MX, and so on), Request Time, Response Time, Duration, Response Code, Number of records, and the content of the returned DNS records).

It is possible to export DNS queries in csv format.

These information are useful for troubleshooting purpose too.

REMARK: On some systems, capturing packets with the 'Raw Sockets' method may not work properly, and thus you'll need to install the WinPcap capture driver or the Network Monitor driver
Even if the 'Raw Sockets' method works properly on your system, it's recommended to install the WinPcap capture driver or Microsoft Network Monitor driver (version 3.4 or later) in order to get more accurate date/time information ('Request Time', 'Response Time', and 'Duration' columns).



DNS - new record CAA CAA (Certificate Authority Authorization)

Today I would like to mention taht since January 2013 (RFC 6844) it was defined a new DNS entry.

This entry it permit to define a Certification Authorities (CAs) authorized to grant certificates for specific domain.

This DNS entry it permit to avoid to have released certificates from not approved CA.

You can use this web link to test if a specific domain has already configured a specific CAA Record:

https://caatest.co.uk/

From 8th September 2017 it has been decided (ballot 187) that CAA checks are mandatory during CA certification releasing process.

[original article: https://www.devadmin.it/2017/11/27/dns-caa-resource-record/]

Freeware - ControlMyMonitor v1.05 Monitor change setting tool

I would like to mention this Nirsoft Software that permit to change, at lower level, several monitor settings. 

http://www.nirsoft.net/utils/control_my_monitor.html


Cloud - Azure Exam 70-533 and 30 days trial link

Considering that companies are moving slightly to hybrid cloud I would like to mention this Microsoft that permit to gain following certification:

https://www.microsoft.com/en-us/learning/exam-70-533.aspx

At precedent link several resources link and exam information are available.

About precedent exam it would be useful evaluate Azure 30 Days trial period account creation.

https://azure.microsoft.com/en-us/offers/ms-azr-0044p/

We offer eligible customers $200 in Azure credits (“Credits”) to be used within the first 30 days of sign-up and 12 months of select free services (services subject to change)

Here they are some old blog articles related to cloud:

Microsoft - Azure and Veeam Connect

HyperV 2012 - Free Download Ebook

[update 2018.06.17]

Here it is link to have a new free trial 30 days account on Azure:

https://azure.microsoft.com/en-us/free/?CR_CC=200246113&WT.mc_id=A062BFFBA

Video Audio - Online free converter

I would like to mention this website that permit online convertion about these Audiovideo formats:

https://www.apowersoft.it/convertitore-video-gratuito

MP4, MOV, AVI, WMV, MKV, SWF, ASF, FLV, VOB, RM, 3GP, WEBM, MPG, DV, M4A, M4R, MP3, WAV, FLAC, WMA, AC3, AAC, OGG e RA

4K, 3D, HD, AVCHD, HEVC


Program - Brute Force Wordpress Plugin

About Wordpress I would like to mention this Wordpress plugin that work with .htaccess file.

Brute Force Login Protection  can be found/downloaded here:

https://wordpress.org/plugins/brute-force-login-protection/

Here they are major features:


  1. Limit the number of allowed login attempts using normal login form/Auth Cookies
  2. Manually block/unblock/(whitelist trusted)  IP addresses
  3. Delay execution after a failed login attempt (to slow down brute force attack)
  4. Option to inform user about remaining attempts on login page
  5. Option to email administrator when an IP has been blocked
  6. Custom message to show to blocked users

about plugin installation it is decisevely straight:


1. Install the plugin either via the WordPress.org plugin directory, or by uploading the files to your wp-content/plugin directory.
2. Activate the plugin through the WordPress admin panel.
3. Customize the settings on the settings page.

Hacker - WPA2 password crack

We are all aware about security weakness that Wi-Fi it has, that does not dipend from protocol used.

Infact Wifi it has allways some risks that could never become equal to 0.

Vulnerability found it is related to Wi-fi Protected Access 2 (WPA2). It does not permit to acquire WPA2 password but man in the middle


The idea it is that each person that is near to Wi-Fi could implement  Key Reinstallation AttaCK (KRACK) and read trassferred data between PCs and router/access point (man in the middle attack with password, email, sensitive date reading...).

this kind of attack is really efficace against Android/Linux that use wpa_supplican during wi-fi connection process  (but it could be applied to all O.S./devices as well)

You can take a look to this article that better explain an example on how to get this result.


These results could be reached using these tools:

Kali Linux, la suite per gli attacchi WiFi Aircrack-ng, il software per eliminare la protezione HTTPS denominato SSLstrip e WireShark.

Summarizing attack procedure steps:

  1. Using vulnerability it create a Wifi fake with same SSID but on different channel.
  2. It switch remote device to connect to new fake Wifi and decript all traffick that became in clear mode.
To solve issue you should:

1. Upgrade Router/access point firmware 
2. pcs/mobile devices o.s. (more urgently)

It is available this Python Script to understand if your devices is vulnerable:

Vackup - Veeam Alternative Vembu BDR Suite

Today I would like to mention this Veeam Backup Alternative.

https://www.vembu.com/

I did not have time to try it yet but here some charactheristic that make it interesting:


  1. Backups could be saved on-site, off-site and on cloud.
  2. Item Level Backup for Exchange, Sharepoint, SQL, My SQL, Office 365 available.
  3. Two licensing types:
    1. Unlimited functionalities only for 3 VMs.
    2. Unlimited VMs but functionalities limited.
  4. 30 days trial full feature download possible.
  5. If you are interested to view full compare between license type you could review this .pdf:
    https://www.vembu.com/pdf/datasheet/vembu-bdr-suite-free-vs-paid-edition.pdf
  6. HyperV (2008 R2 up to 2016),  Vmware (4.x up to 6.x) , workstation and physical server are supported.
  7. Full and granular restore supported.
  8. CRC, encryption (backup) and compression are supported.
  9. No agent software is installed on VMs.
  10. Storage pools aggregations are supported like on Veeam.
  11. Direct SAN feature permits backup tool to communicate directly to SAN (exposing with iScsi) without necessity to pass through to Vmware/HyperV hypervisors.
  12. Cross Platform Migration tool support (v2v) between different hyper-visor.
  13. VSS - Application-aware image backup compatibility.
  14. Log Truncation.
  15. Backup data could be downloaded from user in different file formats (vmdk, vhdx, image ....)
  16. Backup encryption (AES 256 bit)
  17. About exchange (2003, 2007, 2010, 2013 and 2016) Vembu Explorer for Microsoft Exchange Instantly restores Exchange user mailboxes, emails, contacts and etc., from backed up VMware VMs without restoring entire Exchange server.
  18. Vembu Explorer for Microsoft Active Directory: Instantly restores Active Directory objects and GPOs and etc., without restoring entire MS Active Directory VM.Supports Active Directory Server 2008 R2 STD, 2012 DC, 2012 R2 DC.
  19. Vembu Explorer for Microsoft SQL Server: Instantly restores SQL database and tables without restoring entire SQL VM. Supports MS SQL Server 2005, 2008, 2008 R2, 2012, 2014, 2016.
  20. Vembu Explorer for Microsoft Sharepoint: Instantly restores SharePoint site collections, documents and etc. without restoring entire SharePoint VM. Supports Microsoft SharePoint Portal Server 2003,2007,2010,2013.
  21. Bare-metal Recorery it is supported restoring to same hardware or new RAW hardware using Vembu Recovery CD.
    Supported O.S.: 
    (2016, 2012 R2, 2012, 2008 R2, 2008,2003 R2 SP2, 2003 SP2, Windows 10 , Windows 8, Windows 7,Windows Vista,  Windows XP SP2)
Here they are useful documentation to aim to view all features/capabilities:




Indeed about Veeam Backup tool you could review this link with all related blog articles:

http://www.alessandromazzanti.com/search/label/Veeam


Tips - First WWW web page 1990, 20th December

I would like to indicate here the first web page that was published in WWW.

It is a curiosity useful to remember that the www beginning only 27 years far, in temporal sense, from today.

It was infact 1990, 20th of December

The first drop of water of our IT "sea"

http://info.cern.ch/hypertext/WWW/TheProject.html

Server - How to Execute RSAT snapins with different users without server/client logon necessity

If you need to launch some mmc snapins with different AD account (without logging on server/pc with that credentials) you could follow these steps:


  1. Execute command prompt start --> cmd.exe
  2. Copy and paste this command text:
    C:\Windows\System32\runas.exe /netonly /user:aduser@domain.suffix "mmc %SystemRoot%\system32\xxxx_command.msc
  3. where command.msc is any command with .msc.
    Usually any .msc command that is included in your RSAT tool (win 7, Win 10)  installed on your pc 

You can review these blog articles too:


Scripting - Tutti i comandi .cpl, .msc ed altri dal menu start --> Esegui


2012 Server – RSAT anche in 2008 R2 SP1 e 2008 SP2


Scripting - Lista di comandi di start --> Esegui di Microsoft Windows

Scripting - Silent install SQL Studio Management Console Studio 17.2

If you need to silent install SQL Studio Management Console Studio 17.2 you can do that through command line and using properly command switches.

I took note on this quickly post about this settings for future purposes.


Install Program – “SSMS-Setup-ENU.exe” /install /quiet /norestart

Uninstall Program – “%programfiles(x86)%\Microsoft SQL Server\140\tools\binn\managementstudio\ssms.exe” /uninstall /quiet

Download SQL Server Management Studio (SSMS)

https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms

direct Links:

2016 Server - Windows Server 2016 Security Guide free download

Today I would like to share information that Windows Server 2016 Security Guide can be downloaded for Free from Miscrosoft web site:

http://download.microsoft.com/download/6/7/3/673E651E-C5B3-4C93-A69A-94042EB6DE22/Windows_Server_2016_Security_Better_protection_begins_at_the_OS_Whitepaper_EN_US.pdf

Precedent .pdf ncludes general guidance for helping secure servers in your environment and how you can utilize new security features in Windows Server 2016.

About other windows 2016 articles you can review this link:

http://www.alessandromazzanti.com/search/label/Windows%202016%20Server

SCCM - How to disable local Administrator Account

If you need to disable local Administrator account, change/set password or create new local Admin/user you can review previously article about GPO approach.

GPO - How to create local Administrator account using Group policies
http://www.alessandromazzanti.com/2017/04/gpo-how-to-create-local-administrator.html

Otherwise you can do that using SCCM.

Summarizing you would need to create a simple CI checking on specific collection verifyng thereshold relatively devices that have local Administrator account enabled, apply remediation (account disabling) and finally have available reports/alerts.

Here it is more verbosely article:

https://4sysops.com/archives/disable-the-local-administrator-account-with-sccm/

Windows 10 - Pro Workstation announcement about new release

Microsoft is going to release, during next months, following win 10 version:

https://blogs.windows.com/business/2017/08/10/microsoft-announces-windows-10-pro-workstations/

This announcement due to fact actually Windows 10 has this hardware limitation and often for particular activities on Workstation Microsoft server edition are installed as welle: 

  •  2 CPU, 256 cores and up to 2TB. RAM.
Windows 10 pro for Workstation is going to have these features:


  • ReFS (Resilient file system) support. (new Microsoft file system)
    ReFS provides cloud-grade resiliency for data on fault-tolerant storage spaces and manages very large volumes with ease. ReFS is designed to be resilient to data corruption, optimized for handling large data volumes, auto-correcting and more. It protects your data with integrity streams on your mirrored storage spaces. Using its integrity streams, ReFS detects when data becomes corrupt on one of the mirrored drives and uses a healthy copy of your data on the other drive to correct and protect your precious data.
  • Persistent memory support: 
    Windows 10 Pro for Workstations provides the most demanding apps and data with the performance they require with non-volatile memory modules (NVDIMM-N) hardware. NVDIMM-N enables you to read and write your files with the fastest speed possible, the speed of the computer’s main memory. Because NVDIMM-N is non-volatile memory, your files will still be there, even when you switch your workstation off.
  • SMB Direct support and lan card based on Remote Direct Memory Access (RDMA)
  • CPU Intel Xeon and AMD Opteron support till 4 CPU and  6 TB RAM.
Actually Windows 10 versions are going to become 12 (from 10):

  1. Windows 10 Home
  2. Windows 10 Pro
  3. Windows 10 Enterprise
  4. Windows 10 Education
  5. Windows 10 Pro Education
  6. Windows 10 Enterprise LTSB
  7. Windows 10 Mobile Enterprise
  8. Windows 10 Mobile
  9. Windows 10 IoT
  10. Windows 10 S
  11. Windows 10 Team
  12. Windows 10 Pro for Workstations

Here it is relative recap:

GPO - Wifi pcs and policy applying problems

Company laptop that connect to domain via WiFi could not apply correctly policies due to WiFi connection unavailability.

There are two alternatives to solve issue customizing properly GPO:

You can do this with Group Policy, using the Always wait for the network at computer startup and logon policy setting.  

https://technet.microsoft.com/en-us/library/gg486839.aspx

gplogon.jpg

Alternatively adding a delay during policy appling this policy:

Policy Location: Computer Configuration > Policies > Admin Templates > System > Group Policy
Setting Name: Startup policy processing wait time
Registry Key: HKLM\Software\Policies\Microsoft\Windows\System!GpNetworkStartTimeoutPolicyValue

https://support.microsoft.com/it-it/help/2421599/windows-7-clients-intermittently-fail-to-apply-group-policy-at-startup

Tips - Fix network connection issues in Windows 10

Here it is an interesting Microsoft article that well explain several easy workaround useful to reset windows 10 network issues.

you can use this command line syntax executing command prompt with Administrative rights:

ipconfig /flushdns
netsh winsock reset

netsh winsock reset proxy

https://support.microsoft.com/en-us/help/10741/windows-10-fix-network-connection-issues


<------------>
Using network reset should be the last step you try. Consider using it if the steps above don’t help to get you connected.
This can help solve connection problems you might have after upgrading from a previous version of Windows to Windows 10, as well as fix problems where you can connect to the Internet but not to shared network drives. It removes any network adapters you have installed and the settings for them. After your PC restarts, any network adapters are reinstalled, and the settings for them are set to the defaults.
  1. Select the Start  button, then select Settings  > Network & Internet  > Status > Network reset.
  2. On the Network reset screen, select Reset now > Yes to confirm.
    Wait for your PC to restart and see if that fixes the problem.


wnr_2

Freeware - Teracopy and RichCopy two GUI tools for coping files

I would like to highlight two software that should be allways in your IT tool collection.

Here they are characteristic and explanations.

TeraCopy 3.1

It is a compact program designed to copy and move files at the maximum possible speed, providing the user a lot of features:

  • It uses dynamically adjusted buffers to reduce seek times. Asynchronous copy speeds up file transfer between two physical hard drives.
  • Pause and resume file transfers. 
  • Error recovery. In case of copy error, it will try several times and in the worse case just skips the file, not terminating the entire transfer.
  • Interactive file list. It shows failed file transfers and lets you fix the problem and recopy only problem files.
  • Shell integration. TeraCopy can completely replace Explorer copy and move functions, allowing you work with files as usual.
  • Full Unicode support.

Spotlight RichCopy


offers a number of granular controls that allow you to tailor file copying to your needs


Freeware - UninstallView from NirSoft

Today I would like to highlight UninstallView is a new tool for Windows that collects information about all programs installed on your system and displays the details of the installed programs in one table. 
You can use it to get installed programs information for your local system, for remote computer on your network, and for external hard-drive plugged to your computer. It also allows you to easily uninstall a software on your local computer and remote computer (Including quiet uninstall if the installer supports it).

Disaster Recovery - Ex-Admin Deletes All Customer Data and Wipes Servers of Dutch Hosting Provider

Today I would like to mention this incredible history about an ex-Administrator proceeded to delete and wipe all customers servers.

You can review following image that well explain what happened:

Verelox, a provider of dedicated KVM and VPS servers based in The Hague, Netherlands, suffered a catastrophic outage after a former administrator deleted all customer data and wiped most of the company's servers.



more details can be found here:

https://www.bleepingcomputer.com/news/security/ex-admin-deletes-all-customer-data-and-wipes-servers-of-dutch-hosting-provider/

Windows 10 - How to: Move from BIOS to UEFI with the new Windows 10 Creators Update

Microsoft Mechanics delivers a comprehensive yet concise explanation of how you can safely and non-destructively convert a Windows 10 machine from legacy BIOS to UEFI disk partitioning.

Windows Program Manager, Desmond Lee, demonstrates the new MBR2GPT disk conversion tool that’s part of Windows 10 Creators Update. 
This is a comprehensive yet concise overview that explains how you can safely and non-destructively convert a Windows 10 machine from legacy BIOS to UEFI disk partitioning; and how you can automate the conversion as part of your in-place upgrade process from Windows 7 to Windows 10. 

Importantly, unlike wipe and load methods, all of this can be achieved without having to move your data off the disk.
To learn more please also check out: http://aka.ms/mbr2gpt


Scripting - Nslookup and debugging mode

About Nslookup command you can review old blog articles.

Nslookup

I would like to highlight this interesting Microsoft article and debug switch to have more debug capability when nslookup is launched and there are some unknown DNS query problems.

Scripting - Il comando NSLOOKUP parte 2 (piu' DIG)

Scripting - comando nslookup

Server - How to verify that your mail server work properly

<-------->


Nslookup's debug mode is a useful troubleshooting feature; you can set the local computer into this mode by typing set debug , or for even greater detail, set d2 . In debug mode, Nslookup lists the steps being taken to complete its commands, as shown in this example:

C:\>nslookup
(null) testpc1.reskit.com
Address: 172.16.8.190
> set d2
> rain-city
(null) testpc1.reskit.com
Address: 172.16.8.190
------------
SendRequest(), len 49
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
rain-city.reskit.com, type = A, class = IN
------------
------------
Got answer (108 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 0, additional = 0
QUESTIONS:
rain-city.reskit.com, type = A, class = IN
ANSWERS:
-> rain-city.reskit.com
type = CNAME, class = IN, dlen = 31
canonical name = seattle.reskit.com
ttl = 86400 (1 day)
-> seattle.reskit.com
type = A, class = IN, dlen = 4
internet address = 172.16.2.3
ttl = 86400 (1 day)
------------
(null) seattle.reskit.com
Address: 172.16.2.3
Aliases: rain-city.reskit.com

SCOM - Backup - Veeam Management Pack for System Center v8

Today I would like to mention this Veeam Management Pack for System Center v8 that provides complete app-to-metal visibility for both your virtual and physical environments, creating the “big-picture” view of your entire virtualized infrastructure – and all from within the native System Center Management console.
This kind of monitor will include insights into Veeam Backup & Replication services.

https://www.veeam.com/system-center-management-pack-vmware-hyperv.html

What’s New in v8 Product Overview Editions Comparison Microsoft Solution Brief Veeam MP Differentiators