Check Whether an Entity Has Access to a Directory or Its Children

Write-Host "This script just be ran in the context of a File Server Administrators member"
Write-Host "It only checks whether an account has explicit permissions to access to a directory and it's contents"

Do{
#$path=Read-Host -Prompt 'Enter a UNC path';
#$entity=Read-Host -Prompt 'Username or Groupname'
$path="\\FILESERVER01\SHARE01"
$entity="Everyone"
$directories=@{path=$path};
$exclusion

"Running as: "+(whoami)

    try{
        # Change into the filesystem's current location
        Push-Location (Get-Location -PSProvider FileSystem)
        @( $directories ) | ForEach-Object {
            $items=Get-ChildItem $_.path -recurse
            
            foreach ($item in $items){
                #$result+=,($item,(($item | get-acl).Access | ?{$_.IdentityReference -match $entity}).FileSystemRights)
                #Split-Path $item.pspath -Resolve -Leaf
                Convert-Path $item.pspath
                #Remove-NTFSAccess -Path (Convert-Path $item.pspath) -Account $entity -AccessRights FullControl -AccessType Allow
                #Remove-NTFSAccess -Path (Convert-Path $item.pspath) -Account $entity -AccessRights FullControl -AccessType Deny 
                }
            }
        }
    finally {
       # Revert to the previous location
       Pop-Location
       #$result
        }

$flag = Read-Host -Prompt 'Press Any Key = exit; R = Repeat...'} while ($flag -match '[Rr]')

Check Servers NSLookup of a Listener to Match Active Node IP

$servers="SQL01","SQL02","SQL03","SQL04"
$listener="halistener01"
$activeNode="10.10.10.5"

# Dynamic Credential method 1
$who = whoami
	if ($who.Substring($who.length-2, 2)="-admin"){$username=$who;}
    else {$username=$who+"-admin";}
$password = Read-Host -Prompt "Input the password for account $username" -AsSecureString
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username,$password
$elevate = New-PSSession -ComputerName localhost -Credential $cred

foreach ($server in $servers){
    #$ip=(invoke-command -Session $elevate -ScriptBlock {(nslookup $Args[0] | Select-String Address | Where-Object LineNumber -eq 5).ToString().Split(' ')[-1];} -Args $listener) 
    $ip=(invoke-command -Session $elevate -ScriptBlock {(Resolve-DnsName $Args[0]).IPAddress;} -Args $listener)
    $result= if ([IPAddress]$ip.Trim() -eq [IPAddress]$activeNode.Trim()){"Pass";}else{"fail";};
    $server+": $result"    
}

Check a List of Servers to Find Currently Stopped Autorun Services

$username = (Get-ADDomain).name+'\USERNAME'
$Password = 'PASSWORD'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username,$pass 



function checkServices($x){
# Setup trap to catch exceptions
trap [Exception]
{
	write-error $("TRAPPED: " + $_.Exception.Message);
} 
 
$computers = $x;
$start = $true;

# Setup the Service array with the service names we want to check are running. Please note that these services should be retrieved from a .txt or .cvs file for more robust implementation.
$serviceArray = "AppHostSvc","CryptSvc","DcomLaunch","Dhcp","DiagTrack","Dnscache","eventlog","EventSystem","FontCache","LanmanServer","LanmanWorkstation","lmhosts","macmnsvc","masvc","MSDTC","mvagtsvc","Netlogon","NlaSvc","nsi","PlugPlay","Power","ProfSvc","RemoteRegistry","RpcEptMapper","RpcSs","RServer3","SamSs","Schedule","SNMP","Spooler","VMTools","W3SVC","Winmgmt","WinRM","wuauserv"
 
foreach($computer in $computers)
{
	Write-Host "---------------------------`nChecking $computer for Expected Autorun Services`n---------------------------";
	$objWMIService = Get-WmiObject -Class win32_service -computer $computer
 
	foreach($service in $objWMIService)
	{
		# Check each service specicfied in the $serviceArray
		foreach($srv in $serviceArray)
		{
			if($service.name -eq $srv)
			{
				if($service.state -eq "running")
				{
					Write-Host "$srv is running";
				}
				else
				{
					Write-Host "$srv is NOT running on $computer";
					# If $start is true the script will attempt to start the service if it is stopped
					if($start -eq $true)
					{
						# Attempt to start the current service on the current computer
						$serviceInstance = (Get-WmiObject -computer $computer Win32_Service -Filter "Name='$srv'");
						$name = $serviceInstance.Name;
						Write-Host "Attempting to start $name  on $computer."
						$serviceInstance.StartService() | Out-Null;
						# Refresh the object instance so we get new data
						$serviceInstance = (Get-WmiObject -computer $computer Win32_Service -Filter "Name='$srv'");
						$state = $serviceInstance.State;
						Write-Host "$name is ""$state"" on  $computer.";
					}
				}
			}
		}
	}
}
}

Invoke-Command -ComputerName "JUMPBOX01" -credential $cred -ScriptBlock ${function:checkServices}

Add a Domain Group to Local Administrators Group

$checkGroup="Administrators"
$addMember="KIMCONNECT\Desktop Admins"

# Dynamic Credential
$who = whoami
	if ($who.substring($who.length-2, 2) -eq "-admin"){$username=$who;}
    else {$username=$who+"-admin";}
$password = Read-Host -Prompt "Input the password for account $username" -AsSecureString
#$password=convertto-securestring "PASSWORD" -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username,$password

$servers=Read-Host -Prompt 'Please copy/paste servers list'
$servers= $servers -split '\r\n'
#$servers="localhost"

$servers | foreach {
    Invoke-command -Credential $cred -ComputerName $_ -ScriptBlock {
        
        Import-Module ActiveDirectory
        
        $person=$Args[0]
        $add=$Args[1]
        $targetGroup=$Args[2]
        $computer=$Args[3]
        "Invoked from $person and Running as: "+ (whoami)+" on target: "+(hostname)+"`n"
        
        $members=Get-LocalGroupMember -Name $targetGroup
        #$members = Get-ADGroupMember -Identity $Args[2] -Recursive | Select -ExpandProperty Name
        #net localgroup [string]$tGroup | select -Skip 6 | select -SkipLast 2
        #$groupMembers=(net localgroup $Args[2] | select -Skip 6 | select -SkipLast 2)
     
        if ($members.Name -contains $add){"$computer`: $add already exists in group $targetGroup`n";}
        else{
            "$Args[1] is not a member of group $targetGroup. It is now being added...`n"
            NET USER $add /ADD /Y
            NET LOCALGROUP $targetGroup $add /ADD /Y
            $members=Get-LocalGroupMember -Name $targetGroup
            }
        "$computer`: Group $targetGroup now has these members..."
        $members.Name

        # These lines only work in PowerShell 5.1
        #New-LocalUser $Args[1] -Password $Args[2] -FullName $Args[3] -Description $Args[4]
        #Add-LocalGroupMember -Group $Args[5] -Member $Args[1]
        
    } -Args $who,$addMember,$checkGroup,$_
}

Add Local Windows User



# Dynamic Credential
$who = whoami
if ($who.substring($who.length-2, 2) -eq "-admin"){$username=$who;}
else {$username=$who+"-admin";}
$password = Read-Host -Prompt "Input the password for account $username" -AsSecureString
#$password=convertto-securestring "PASSWORD" -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username,$password



#$servers="SERVER01","SERVER02"
$servers=Read-Host -Prompt "Please paste the server Name(s) here"
$newUser="testAdmin"
$newUserPass='PASSWORD'
$newUserName="Test Admin"
$newUserDesc="Account to Be Deleted After Migration."
$newUserGroup="Administrators"



foreach ($server in $servers) {

Invoke-command -Credential $cred -ComputerName $server -ScriptBlock {
$person=$Args[0]
"Invoked from $person and Running as: "+ (whoami)+" on:"+(hostname)

# Using legacy commands for maximum compatibility
NET USER $Args[1] $Args[2] /ADD /Y
NET LOCALGROUP $Args[5] $Args[1] /ADD /Y
# These lines only work in PowerShell 5.1
#New-LocalUser $Args[1] -Password $Args[2] -FullName $Args[3] -Description $Args[4]
#Add-LocalGroupMember -Group $Args[5] -Member $Args[1]
} -Args $who,$newUser,$newUserPass,$newUserName,$newUserDesc,$newUserGroup
}

Windows Time Service Configuration

Update 12/27/2019: use this script to set Windows time automatically 
 
It has been a known item that NTP.org has been more reliable than windows.com in providing the time synchronization. Hence, a good practice to set up Windows machines is to point Windows Time sources toward this external source.
 
The Primary Domain Controller (PDC) is often the authoritative time source for the entire domain. Hence, it should be using NTP as its peers to keep its timing accurate. The command below would configure the PDC to only check the pooled sources for NTP. It will not look to any other internal machines for synchronization.
 
w32tm /config /update /manualpeerlist:"0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8 3.pool.ntp.org,0x8" /syncfromflags:MANUAL
All Other Domain Joined Windows Machines should follow the domain hierachy to update their clocks. Hence, “DOMHIER” keyword is specified to enable this behavior
 
w32tm /config /update /manualpeerlist:"0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8 3.pool.ntp.org,0x8" /syncfromflags:MANUAL,DOMHIER
After a command above has been issued, it’s also necessary to set the poll interval to 1 hour per sync activity:
 
reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient /v SpecialPollInterval /t reg_dword /d 3600 /f

net stop w32time

sleep 4

net start w32time

w32tm /resync /rediscover
 

 
Some of the raw commands in dealing with this NTP beast:
 
taskkill /F /IM mmc.exe
pushd %SystemRoot%\system32
.\net stop w32time
.\w32tm /unregister
.\regsvr32 /u w32time.dll
.\shutdown -r -t 0
 
# Wait for the reboot to finish
 
pushd %SystemRoot%\system32
.\regsvr32 /u w32time.dll
.\w32tm /register
.\sc config w32time type= own
.\net start w32time
.\w32tm /config /update /manualpeerlist:”0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org”,0x8 /syncfromflags:MANUAL /reliable:yes
.\w32tm /resync /rediscover
popd

Troubleshooting:
 
C:\Users\admin>net start w32time
System error 1058 has occurred.
 
The service cannot be started, either because it is disabled or because it has n
o enabled devices associated with it.
 
 
C:\Users\admin >w32tm /register
The following error occurred: The specified service has been marked for deletion
. (0x80070430)
 
C:\Users\admin >taskkill /F /IM mmc.exe
SUCCESS: The process “mmc.exe” with PID 2760 has been terminated.
SUCCESS: The process “mmc.exe” with PID 8620 has been terminated.
SUCCESS: The process “mmc.exe” with PID 1608 has been terminated.
SUCCESS: The process “mmc.exe” with PID 9508 has been terminated.
SUCCESS: The process “mmc.exe” with PID 10072 has been terminated.
SUCCESS: The process “mmc.exe” with PID 9248 has been terminated.
SUCCESS: The process “mmc.exe” with PID 8376 has been terminated.
 
System error 1290 has occurred.
 
The service start failed since one or more services in the same process have an
incompatible service SID type setting. A service with restricted service SID typ
e can only coexist in the same process with other services with a restricted SID
type. If the service SID type for this service was just configured, the hosting
process must be restarted in order to start this service.
 
C:\Users\admin >sc config w32time type= own
[SC] ChangeServiceConfig SUCCESS
 
C:\Users\admin >net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.
 
 
C:\Users\admin >w32tm /resync
Sending resync command to local computer
The following error occurred: Access is denied. (0x80070005)
 

OLD INFORMATION:
 
Manual Method
 
Step 1: Check to see whether current DC is the time source
———————-
c:\> netdom /query fsmo
Schema master SERVER1.domain.com
Domain naming master SERVER1.domain.com
PDC SERVER1.domain.com <== verify this record to locate the PDC Emulator
RID pool manager SERVER1.domain.com
Infrastructure master SERVER1.domain.com
The command completed successfully.
———————–
C:\> w32tm /query /source
SERVER2.domain.com <== indicates that this server is the upstream time source for this local machine
 
Step 2: Set PDC Master as root with external time source
 
w32tm /config /update /manualpeerlist:”0.us.pool.ntp.org.0x1 1.us.pool.ntp.org.0x1 2.us.pool.ntp.org.0x1 3.us.pool.ntp.org.0x1″ /syncfromflags:manual /reliable:YES
reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0 /f
w32tm /resync /rediscover /nowait
net stop w32time && net start w32time
 
C:\Windows\system32>w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 3 (secondary reference – syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 10.0000000s
ReferenceId: 0xC632EE9C (source IP: 198.50.238.156) <== this outside IP indicates NTP in effect
Last Successful Sync Time: 7/26/2017 11:15:16 AM
Source: 0.us.pool.ntp.org,1.us.pool.ntp.org,2.us.pool.ntp.org,3.us.pool.ntp.org
Poll Interval: 6 (64s)
 
——————— Experimental NTP.reg (DO NOT USE) ——————————
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
“NtpServer”=”0.us.pool.ntp.org.0x1 1.us.pool.ntp.org.0x1 2.us.pool.ntp.org.0x1 3.us.pool.ntp.org.0x1”
“Type”=”NTP”
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]
“AnnounceFlags”=”5”
“MaxPosPhaseCorrection”=”1800”
“MaxNegPhaseCorrection”=”1800”
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders]
“NtpServer”=”1”
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider]
“Enabled”=”0”
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient]
“SpecialPollInterval”=”900”
——————— Registry Key ——————————
 
———————————–
0x1 Instead of following the NTP specification, wait for the interval specified in the SpecialPollInterval entry before attempting to recontact this time source. Setting this flag decreases network usage, but it also decreases accuracy.
 
0x2 Use this time source only as a fallback. If all time sources that are not fallbacks have failed, then the system selects one fallback time source at random and uses it.
 
0x4 Set the local computer to operate in symmetric active mode in the association with this source.
 
0x8 Set the local computer to operate in client mode in the association with this source.
———————————–
 
Step 3 (optional): Run commands on domain computers
 
Method 1: automatic
w32tm /config /syncfromflags:domhier /update
net stop w32time && net start w32time
 
Method 2: manual
w32tm /config /manualpeerlist:PDC_SERVER /syncfromflags:manual /reliable:yes /update
 
On older version of Windows, use this command to check time on PDC
w32tm /stripchart /computer:PDC_SERVER /samples:1
 
Optional: fix mistakes by reseting the time service to default
net stop w32time
w32tm /unregister
w32tm /register
net start w32time

Raw Output:

Microsoft Windows [Version 10.0.16299.125]
(c) 2017 Microsoft Corporation. All rights reserved.

C:\Windows\system32>w32tm /config /update /manualpeerlist:"0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8 3.pool.ntp.org,0x" /syncfromflags:MANUAL
The command completed successfully.

C:\Windows\system32>reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient /v SpecialPollInterval /t reg_dword /d 3600 /f
The operation completed successfully.

C:\Windows\system32>net stop w32time && net start w32time
The Windows Time service is not started.

More help is available by typing NET HELPMSG 3521.


C:\Windows\system32>w32tm /resync /rediscover
The following error occurred: The service has not been started. (0x80070426)

C:\Windows\system32>net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.


C:\Windows\system32>w32tm /resync /rediscover
Sending resync command to local computer
The command completed successfully.

C:\Windows\system32>w32tm /resync /rediscover /nowait
Sending resync command to local computer
The command completed successfully.

C:\Windows\system32>w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 2 (secondary reference - syncd by (S)NTP)
Precision: -23 (119.209ns per tick)
Root Delay: 0.0419570s
Root Dispersion: 7.7792697s
ReferenceId: 0x6298A526 (source IP: 98.152.165.38)
Last Successful Sync Time: 4/21/2019 12:24:36 PM
Source: 2.pool.ntp.org,0x8
Poll Interval: 10 (1024s)

How to Install ‘Compass’ Program

Copy Compass from \\FILE02\Apps\Compass to C:\Compass
 
Script:
 
Create shortcut on desktop with target of: C:\Compass\OMNIS7.EXE agy2000.lbr
 
install_compass.bat:
————-
@echo off
robocopy \\srvifile02\ISI\sys1\Compass c:\compass /E /R:0 /NP 
set SCRIPT=”%TEMP%\%RANDOM%-%RANDOM%-%RANDOM%-%RANDOM%.vbs”
echo Set oWS = WScript.CreateObject(“WScript.Shell”) >> %SCRIPT%
echo sLinkFile = “%USERPROFILE%\Desktop\myshortcut.lnk” >> %SCRIPT%
echo Set oLink = oWS.CreateShortcut(sLinkFile) >> %SCRIPT%
echo oLink.TargetPath = “C:\Compass\OMNIS7.EXE” >> %SCRIPT%
echo oLink.Save >> %SCRIPT%
cscript %SCRIPT%
del %SCRIPT%
exit

Distributed File System DFS

Installation:
 
Public Folder:
FILE01 (primary) =>  FILE01 => DC01
 
Accounting Folder:
                
Claims Folder:
Corporate Folder:
Legal Folder:
Marketing Folder:
Public Folder:
Sales Folder:
Systems Folder:
Underwriting Folder:
Users Folder:
 

 
Troubleshooting:
1. Check for errors
  • Run Eventvwr.exe >> DFS Replication
  • Open DFS Management >> Create Diagnostic Report
2. Restart services
  • Run Services.msc >> restart Windows Management Instrumentation and DFS Replication services
3. Check Permissions
    • Run ADSIedit.msc >> verify the “Authenticated Users” is set with the default READ permission on the following object:
  • The computer object of the DFS server
  • The DFSR-LocalSettings object under the DFS server computer object
  • After the permissions is set correct, please run “DFSRDIAG POLLAD” to pick up the changes.
4. Check DFS blockage
  • Another possible reason is that FSRM is configured as some types of files are blocked from DFS replication. When the DFSR filters are not set to match FSRM screens by extension and the files exist on the server before screening, this can lead to degraded DFSR performance and the files will never replicate.
If possible, please remove file screening and reconfigure it to remove files by extension or set a comparable DFSR filter rule to prevent replication attempts.

Desktop Virtualization Consideration

  • Information security would greatly improve with centralized desktop and data management.
  • Early Launch Antimalware Detection, as recommended by the IT Auditors, can easily be implemented with terminal servers running Windows 2012 Server versions.
  • The cost of hardware purchase and maintenance would be much less.
  • We can re-use end-of-life hardware that is currently in production without compromising system reliability.
  • Maintenance will be extremely efficient with Terminal or Citrix Servers. Instead up installing a software, patching an update, or backing up data on various machines, there would only be a few centralized servers to service.

Domino Email Server Conversion

  • Lotus Notes has been considered legacy by IBM and the general IT world. It lacks many modern functionalities of a messaging system. This is evidenced in IBM software EOL support schedules.
  • 80% or more of Domino is messaging. As this function can safely be migrated from Domino without affecting current business logic (workflow), we should execute this project first.
  • Microsoft Exchange is currently the de facto standard as an enterprise messaging server. It is highly integrated into Windows Active Directory and other Microsoft frameworks. Most importantly, this technology has a clear future of robust support. The talent pool for personnel resource in-house is currently available.

Adjust Active Directory Traffic Distribution Among Domain Controllers

Change LdapSrvWeight to proportionally distribute AD referral traffic (default 100)
Regedit >> HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters >> New DWORD as LdapSrvWeight with value 50 (50% of 100 or half amount of traffic) >> OK >> Exit
 
Set LdapSrvPriority to halt traffic toward a certain DC by making its priority level to be higher (default 0)
How To:
Regedit >> HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters >> New DWORD as LdapSrvPriority with value 5 (higher than default of 0) >> OK >> Exit
 
Disable Global Catalog on a remote DC to force clients to authenticate on Hub DC
 
Install WINS on new DCs
Configure DHCP scopes to update new DNS/WINS addresses
DCPromo to demote retiring DC
Set DHCP server DC01 with loadbalance/failover partner DC02
 
Note:
When a cloned machine is being put into production without going through “sysprep,” it will cause machine password errors leading to Active Directory trust issues. In the case of an AD server failure, the procedure to fix this problem is to reboot the machine to Directory Services Restore Mode (Reboot with F8), log on with the “administrator” account, unjoin the DC from domain, reboot, and rejoin. (this sometimes does not result in a successful reboot). Thus, the faulted machine account must be manually deleted from ADUC, ADSS, DNS, and DHCP Reservation (if there’s any).
 

Transfer DHCP Scopes Between Windows Servers

When a new DHCP server is introduced into the system, it’s often necessary to configure it with the existing scopes so that it could function jointly with existing authorized DHCP servers. The process to perform this task is simple:
  1. Export DHCP scopes from SERVER01
    netsh dhcp server export c:\dhcp-scopes.txt all
  2. Import DHCP scopes to SERVER02
    netsh dhcp server import c:\dhcp-scopes.txt all

Transfer Domain Controller Roles (Legacy Commands)

# Simple commands:
netdom query fsmo
ntdsutil
roles
connections
connect to server SRVI-DC01
q
transfer PDC
transfer naming master
transfer RID master
transfer schema master
transfer infrastructure master
q
q
Back up Domain Controller:
Login to your domain controller, and perform the following steps:
  1. Create a D:\Backup\ folder.
  2. Click Start >> All Programs >> Accessories >> System Tools >> Backup >> Click [Next] >> Select Backup Files and Settings >> [Next] >> Select Let me choose what to back up >> [Next] >> Expand My Computer >> Check System State >> [Next] >> Set the location of the backup file to D:\Backup\ folder >> Set the Name of the Backup to “PDC System State” >> Click [Next] >> [Advanced] >> Select Normal >> [Next] >> Check the Verify Data after Backup box >> [Next] >> Select Replace the existing backups >> [Next] >> Select Later >> Set the Job Name to “PDC System State}” >> Click [Set Schedule] >> Schedule the job to run Daily at 2:00am >> Click [OK] >> Enter a set of user credentials >> [OK] >> Click [Next] >> Enter a set of the user credentials >> [OK] >> [OK] >> [Finish]
  3. Run the scheduled task once to generate the first backup file
Transfer FSMO roles
 
To transfer the FSMO roles by using the Ntdsutil utility, follow these steps:
1. Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or domain controller that is located in the forest where FSMO roles are being transferred. We recommend that you log on to the domain controller that you are assigning FSMO roles to. The logged-on user should be a member of the Enterprise Administrators group to transfer Schema master or Domain naming master roles, or a member of the Domain Administrators group of the domain where the PDC emulator, RID master and the Infrastructure master roles are being transferred.
2. Click Start, click Run, type ntdsutil in the Open box, and then click OK.
3.
Type roles, and then press ENTER.
 
Note To see a list of available commands at any one of the prompts in the Ntdsutil utility, type ?, and then press ENTER.
4. Type connections, and then press ENTER.
5. Type connect to server servername, and then press ENTER, where servername is the name of the domain controller you want to assign the FSMO role to.
6. At the server connections prompt, type q, and then press ENTER.
7. Type transfer role, where role is the role that you want to transfer. For a list of roles that you can transfer, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of this article. For example, to transfer the RID master role, type transfer rid master. The one exception is for the PDC emulator role, whose syntax is transfer pdc, not transfer pdc emulator.
8. At the fsmo maintenance p
 Run this command on separate DOS to see the results
 NETDOM QUERY FSMO

Batch File to Copy Files Containing Agents’ Names

:: Set variables using system time and date
popd
 
Set today=%Date:~4,2%_%Date:~7,2%_%Date:~10,4%
 
IF “%today:~0,1%”==”0” ( SET today=%Date:~5,1%_%Date:~7,2%_%Date:~10,4%
IF “%today:~3,1%”==”0” ( SET today=%Date:~5,1%_%Date:~8,1%_%Date:~10,4%
)
)
echo %today%
pause
 
IF “%today:~2,1%”==”0” ( SET today=%Date:~4,2%_%Date:~8,1%_%Date:~10,4%
IF “%today:~0,1%”==”0” ( SET today=%Date:~5,1%_%Date:~8,1%_%Date:~10,4%
)
)
echo %today%
pause
 
 
:: Set P: to direct to the directory with the Agent files
net use P: \\FILESERVER01\Users\Recordings /persistent:yes /user:FILESERVER01\sysadmin {PASSWORD}
IF NOT EXIST P:\ THEN GOTO END
 
md “P:\person1\%today%”
md “P:\person2\%today%”
md “P:\person3\%today%”
 
pause
popd
:: Set directory to the folder where all the recordings are
pushd C:\Inetpub\ftproot\recordings\New Leads Campaign\%today%
 
:: Loop through each folder and it’s subfolders and do…
For /r %%G in (.) do (
pushd %%G
 
:: If there’s a file containing the word “Agent”, copy it to the folder “Trainee”
copy /y “*Agent*” “P:\Trainee\%today%”
 
:: If there’s a file containing the Agent’s name (fname letter + full lname), copy it to their folder
copy /y “*person1*” “P:\acyr\%today%”
copy /y “*person2*” “P:\gladalardo\%today%”
copy /y “*person3*” “P:\jcullen\%today%” )
 
popd
pushd C:\Inetpub\ftproot\recordings\Campaign1\%today%
For /r %%G in (.) do (
copy /y “*person4*” “P:\person4\%today%”
)
 
 
popd
pushd C:\Inetpub\ftproot\recordings\campaign2\%today%
For /r %%G in (.) do (
copy /y “*person5*” “P:\person5\%today%”
)
 
popd
:: Set directory to the folder where all the recordings are
pushd C:\Inetpub\ftproot\recordings\Recapture Campaign\%today%
:: Loop through each folder and it’s subfolders and do…
For /r %%G in (.) do (
 
pushd %%G
:: If there’s a file containing the word “Agent”, copy it to the folder “Trainee”
copy /y “*Agent*” “P:\Trainee\%date”
:: If there’s a file containing the Agent’s name (fname letter + full lname), copy it to their folder
copy /y “*person1*” “P:\person1\%today%”
copy /y “*person2*” “P:\person2\%today%”
copy /y “*person3*” “P:\person3\%today%”
)
net use P: /delete
 
:END

Open VPN Client Configuration Fix

OpenVPN client works very well on Windows 7 machines. However, its Windows 10 and Linux executables are lacking full functionality. Thus, these lines are required to workaround this handicap. 
 
# Windows 10 and Ubuntu
script-security 2
dhcp-option DNS 192.168.20.1
dhcp-option DNS 168.168.10.1
dhcp-option DOMAIN kimconnect.com
 
# Only on ubuntu client, ad the following directives:
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Restricting Access to Directory in Windows Shares

– Only allow Admins write access to root folders
– NTFS permissions at root directory for the “Everyone” group: Traverse Folder, List Folder
– Enable access based enumeration on the share to allow users to view ONLY folders in which they can access
– Create and apply security domain local groups with explicit permission semantics such as:
— FILESERVER1_Global_Accounting_ReadOnly or SHAREPOINT_Accounting_ReadOnly
FILESERVER1 _Global_Accounting_Modify
FILESERVER1 _Global_Accounting_FullControl
– Create a Global Deny group and add all disabled accounts into it
– Apply Global Deny group to root directory with Deny Full control permissions

How to Setup Microsoft Failover Cluster with PowerShell

First-time Setup:

New-Cluster -Name {CLUSTERNAME} -Node SERVER1,SERVER2 -NoStorage -StaticAddress IP1,IP2

# Add CLUSTERNAME$ into the NTFS permissions list of \\FILESERVER1\SHARE1 before this next command

Set-ClusterQuorum -NodeAndFileShareMajority “\\FILESERVER1\SHARE1”
Remove Cluster:Get-Cluster    #Check clustername on a particular host$nodes=”SERVER1″,”SERVER2″foreach ($node in $nodes){Remove-ClusterNode -Name $node -Force}

# Run this command on each node SERVER1 and SERVER2

Clear-Clusternode #on each node
Rebuild cluster:

New-Cluster -Name CLUSTER1-Node SERVER1,SERVER2,SERVER3-NoStorage -StaticAddress IP1,IP2

# Run this command on a DC to replicate changes immediately:  

repadmin /syncall on DC2

# Add CLUSTERNAME$ into the NTFS Permissions List of: \\FILESERVER1\ QUORUM

Set-ClusterQuorum -NodeAndFileShareMajority “\\FILESERVER1 \QUORUM”

# Place all nodes into same AD OU

# Check CLUSTERNAME to ensure that it has IPs for each subnet of its nodes.

# Add SecondIP to ClusterAdd-ClusterResource -Name SecondIP -ResourceType “IP Address” -Group “Cluster Group”

# Manually configure this new item using Failover Cluster Manager# On Dependencies tab of CLUSTERNAME, set OR conditions to depend on both IPs

# Edit each IP on Advanced Properties with appropriate owner(s) that are in the correct subnet

# Test Failover:

Move-ClusterGroup “Cluster Group” -node SERVER1

Move-ClusterGroup “Cluster Group” -node SERVER2

Move-ClusterGroup “Cluster Group” -node SERVER3

DD for Ubuntu & Windows

  • DD on Ubuntu
admin@laptop:~$ sudo dd if='/home/admin/Downloads/CentOS-7-x86_64-Minimal-1804.iso' of=/dev/sdb
[sudo] password for admin:
1855488+0 records in
1855488+0 records out
950009856 bytes (950 MB, 906 MiB) copied, 294.921 s, 3.2 MB/s
  • How to Use Windows Disk Partition:
C:\Windows\system32>diskpart
Microsoft DiskPart version 6.1.7601Copyright (C) 1999-2008 Microsoft Corporation.On computer: GAMING-PC
DISKPART> list disk
Disk ### Status Size Free Dyn Gpt-------- ------------- ------- ------- --- ---Disk 0 Online 238 GB 0 B* Disk 1 Online 1898 MB 1897 MB
DISKPART> select disk 1
Disk 1 is now the selected disk.
# Note: sometimes disk must be cleaned several times for OS to recognize it
DISKPART> clean
DiskPart succeeded in cleaning the disk.
DISKPART> create partition primary
DiskPart succeeded in creating the specified partition.
DISKPART> active
DiskPart marked the current partition as active.
DISKPART> format fs=fat32 quick
100 percent completed
DiskPart successfully formatted the volume.
DISKPART> assign
DiskPart successfully assigned the drive letter or mount point.
DISKPART> exit
Leaving DiskPart...
  • How use DD for Windows
# Find the removable media path:
C:\Windows\system32>dd --listrawwrite
 dd for windows version 1.0beta1 WIN64.
Written by John Newbigin <jnewbigin@chrysocome.net>
This program is covered by terms of the GPL Version 2.
Win32 Available Volume Information\\.\Volume{679e0884-4c68-11e5-b15e-806e6f6e6963}\link to \\?\Device\HarddiskVolume1fixed mediaNot mounted
\\.\Volume{2ea37b2c-9a5a-11e8-92dd-7824af3a405d}\link to \\?\Device\HarddiskVolume3removeable mediaMounted on \\.\d:
\\.\Volume{679e0885-4c68-11e5-b15e-806e6f6e6963}\link to \\?\Device\HarddiskVolume2fixed mediaMounted on \\.\c:
NT Block Device Objects\\?\Device\Harddisk0\Partition0link to \\?\Device\Harddisk0\DR0Fixed hard disk media. Block size = 512size is 256060514304 bytes\\?\Device\Harddisk0\Partition1link to \\?\Device\HarddiskVolume1\\?\Device\Harddisk0\Partition2link to \\?\Device\HarddiskVolume2\\?\Device\Harddisk1\Partition0link to \\?\Device\Harddisk1\DR1Removable media other than floppy. Block size = 512size is 1990197248 bytes\\?\Device\Harddisk1\Partition1link to \\?\Device\HarddiskVolume3Removable media other than floppy. Block size = 512size is 1990131712 bytes
Virtual input devices/dev/zero (null data)/dev/random (pseudo-random data)- (standard input)
Virtual output devices- (standard output)/dev/null (discard the data)

# Write onto D volume
C:\Windows\system32>dd if=C:\Users\Adrian\Desktop\CentOS-7-x86_64-Minimal-1804.iso of=\\.\d: bs=512
rawwrite dd for windows version 1.0beta1 WIN64.
Written by John Newbigin <jnewbigin@chrysocome.net>
This program is covered by terms of the GPL Version 2.

IIS Mime Types

One of the features of IIS security is to enforce file access by its associated extensions. As such, objects that are not set in IIS with a specific type association such as .zhp (Swiftview proprietary extension) would not be rendered by a client browser. To resolve such quirk, one would need to manually add a new entry onto the “MIME types” using the convention as recommended by the software vendor. The procedure to accomplish similar task is as follows:

Step 1: open IIS >> browse to the specific “site” such as the one below >> double-click on the “MIME Types” icon

Step 2: click on the “Add” button from the right hand side of Actions menu >> type in the information below

Step 3: on a Windows client, open Internet Explorer and browse toward the site via its FQDN to verify the application’s successful execution