Server - REBOOT IDRAC and fix email sending problem (on dell Server)

In case you need to restart server idrac (or reset it) you can follow this youtube video explanation

otherwise if you are facing email sending errors you should fix putting:

emailname@emaildomain

A) Static DNS Domain Name: emaildomain

B) DNS iDRAC Name: emailname

Here it is relative screenshot

Security - Sophos AV stop definitions updates #WORKAROUND & #DETAILS **JULY 2023**

During these latter weeks Sophos released new AV version. (Core Agent 2023.1/Server Core Agent 2023.1 )

PROBLEM

• This letter Sophos version require that these O.S. have propter September 2021 patches installed.
• In case you are not on track with MS updates or Windows version it will occur this problem
• End point Sophos definition updates will stop working
• Client: Early of July 2023
• Server: End of July 2023

AFFECTED SYSTEMS AND DEVICES

• Windows computers:
• From early-June 2023, Windows 10 (x64) operating systems and above that don't support Azure Code Signing (ACS) will fail to complete the upgrade process to Core Agent 2023.1 and above.
• Windows servers:
• From late-July 2023, Windows 2016 operating systems and above that don't support Azure Code Signing (ACS) will fail to complete the upgrade process to Server Core Agent 2023.1 and above.

  WORKAROUND APPLICABLE TO POSTPONE PROBLEM

• The Software Packages functionality in Sophos Central can be used to assign devices to a Fixed term support (FTS) version.
• The current version for Windows computers and servers is FTS 2022.4.3.2 and can be assigned to devices for the duration of time it takes to apply the Windows Security Updates.
• Note: There is an expiry date for all software package versions after which devices will stop updating.
• The expiry date for FTS 2022.4.3.2 on Windows computers is October 10, 2023.
• The expiry date for FTS 2022.4.3.2 on Windows servers is November 14, 2023.
• To achieve this goal you must modify Update Management policy as indicated in below screenshots.

 

APPENDIX

Full details on required updates can be found in Microsoft’s official KB5022661 on this topic. 
https://support.microsoft.com/en-gb/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-fa1e-4ea6-85dd-6630229e8ef4

In addition to having the required Windows Security Updates to verify modules signed by Azure Code Signing, devices must have the "Microsoft Identity Verification Root Certificate Authority 2020" certificate authority (CA) installed.

Generally impacted O.S. are Windows 10/11 and Windows 2016/2019/2021 server versions.

Legacy O.S. are not impacted:

Windows 8.1

1. Windows Server 2012 R2
2. Windows Server 2012
3. Windows 7.0 SP1
4. Windows Server 2008 R2
5. Windows Server 2008 SP2 

New Installation

From the 18th of April 2023, new installations to operating systems that don't support Azure Code Signing (ACS) will fail.

CITRIX #PVS Machine Account Password

On PVS Citrix servers you have to do this configuration avoiding that provisioned server, using VHDX technology, will face Machine Account password misalignement.

https://support.citrix.com/article/CTX132289/how-to-troubleshoot-provisioning-services-server-machine-account-password

Command line - findstr paramater

There is an easy way to find string internally command output.

This command is Findstr known.

systeminfo | findstr /i "system model" 

To find local server/pc network connection in plase below command it could be very useful

nestat -ano | findstr /i "x.y.z.w"

Security #How to encrypt 7zip folders using as repository

If you have necessity to protect some folders using passwords/encryption using as single repository (where copy/modify/delete folders/Files) consider that 7zip has a simple feature that permit to get this result.

An alternative way is using EFS (more secure) or attaching .VHD file and proceeding, furthermore, to apply bitlocker encryption.

Here they are related articles useful to go deeper on this topic.

7zip, EFS

 https://helpdeskgeek.com/windows-10/how-to-password-protect-a-folder-in-windows-10/

Bitlocker e VHD

https://www.tenforums.com/tutorials/138500-create-bitlocker-encrypted-container-file-vhd-vhdx-windows.html

Server - MMC GPO Security Options errors - MMC cannot initialize the snap-in

Using MMC snapin, on windows server (in my case on 2016 version), basically managing GPOs, you might face below errors.

I get the error message stated in the subject line whenever I try to open Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> from GPO.

I found three alternatives to manage this error:

Option 1

1. This was broken with the September 8, 2020—KB4577015 update. currently the only solution is to uninstall it.
   
   https://community.spiceworks.com/topic/2291581-windows-2016-mmc-snap-in-error
   
   
2. Then install KB4571694, reboot and try again or patch KB4580346 (I did not investigate at 100%)
   
   https://community.spiceworks.com/topic/2291581-windows-2016-mmc-snap-in-error
   
   https://learn.microsoft.com/en-us/answers/questions/124913/server-2016-mmc-has-detected-an-error-in-a-snap-in
   

Option 2

1. Export REG key:
   
   reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId" C:\Temp\DontDisplayLockedUserId.reg
   
   
2. Deleting REG key
   
   reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId" /f
   
   
3. Change GPO 
   
   
4. Reimport Register key
   Double clicking here
   C:\Temp\DontDisplayLockedUserId.reg
5. Original article: 
   
   https://learn.microsoft.com/en-us/answers/questions/124913/server-2016-mmc-has-detected-an-error-in-a-snap-in

Option 3

1. On a full patched server or PC install RSAT and solve problem in this way
   https://www.alessandromazzanti.com/2019/05/windows-10-how-to-install-rsat-on.html
   
   
2. Server - How to Execute RSAT snapins with different users without server/client logon necessity
   https://www.alessandromazzanti.com/2017/10/server-how-to-execute-rsat-snapins-with.html
   

REFERENCES

• "The crash can be avoided by deleting the following registry key. Please make sure to export the reg key before deleting anything. Deleting the key will cause the “Interactive logon: Display user information when the session is locked” policy to not appear in the console. (The policy is still effective, but you can’t see it in the UI to edit it). You will need to import the key back later, after the fix has been released.
  
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId"
  
  
• Alternatively follow below article https://learn.microsoft.com/en-us/answers/questions/124913/server-2016-mmc-has-detected-an-error-in-a-snap-in
  
  
• https://community.spiceworks.com/topic/2291581-windows-2016-mmc-snap-in-error