Restricting Access to Directory in Windows Shares

– Only allow Admins write access to root folders
– NTFS permissions at root directory for the “Everyone” group: Traverse Folder, List Folder
– Enable access based enumeration on the share to allow users to view ONLY folders in which they can access
– Create and apply security domain local groups with explicit permission semantics such as:
— FILESERVER1_Global_Accounting_ReadOnly or SHAREPOINT_Accounting_ReadOnly
FILESERVER1 _Global_Accounting_Modify
FILESERVER1 _Global_Accounting_FullControl
– Create a Global Deny group and add all disabled accounts into it
– Apply Global Deny group to root directory with Deny Full control permissions

How to Setup Microsoft Failover Cluster with PowerShell

First-time Setup:

New-Cluster -Name {CLUSTERNAME} -Node SERVER1,SERVER2 -NoStorage -StaticAddress IP1,IP2

# Add CLUSTERNAME$ into the NTFS permissions list of \\FILESERVER1\SHARE1 before this next command

Set-ClusterQuorum -NodeAndFileShareMajority “\\FILESERVER1\SHARE1”
Remove Cluster:Get-Cluster    #Check clustername on a particular host$nodes=”SERVER1″,”SERVER2″foreach ($node in $nodes){Remove-ClusterNode -Name $node -Force}

# Run this command on each node SERVER1 and SERVER2

Clear-Clusternode #on each node
Rebuild cluster:

New-Cluster -Name CLUSTER1-Node SERVER1,SERVER2,SERVER3-NoStorage -StaticAddress IP1,IP2

# Run this command on a DC to replicate changes immediately:  

repadmin /syncall on DC2

# Add CLUSTERNAME$ into the NTFS Permissions List of: \\FILESERVER1\ QUORUM

Set-ClusterQuorum -NodeAndFileShareMajority “\\FILESERVER1 \QUORUM”

# Place all nodes into same AD OU

# Check CLUSTERNAME to ensure that it has IPs for each subnet of its nodes.

# Add SecondIP to ClusterAdd-ClusterResource -Name SecondIP -ResourceType “IP Address” -Group “Cluster Group”

# Manually configure this new item using Failover Cluster Manager# On Dependencies tab of CLUSTERNAME, set OR conditions to depend on both IPs

# Edit each IP on Advanced Properties with appropriate owner(s) that are in the correct subnet

# Test Failover:

Move-ClusterGroup “Cluster Group” -node SERVER1

Move-ClusterGroup “Cluster Group” -node SERVER2

Move-ClusterGroup “Cluster Group” -node SERVER3

DD for Ubuntu & Windows

  • DD on Ubuntu

kdoan-admin@kdoan-laptop:~$ sudo dd if=’/home/kdoan/Downloads/CentOS-7-x86_64-Minimal-1804.iso’ of=/dev/sdb[sudo] password for kdoan-admin:1855488+0 records in1855488+0 records out950009856 bytes (950 MB, 906 MiB) copied, 294.921 s, 3.2 MB/s

  • How to Use Windows Disk Partition:

C:\Windows\system32>diskpart
Microsoft DiskPart version 6.1.7601Copyright (C) 1999-2008 Microsoft Corporation.On computer: GAMING-PC
DISKPART> list disk
Disk ### Status Size Free Dyn Gpt——– ————- ——- ——- — —Disk 0 Online 238 GB 0 B* Disk 1 Online 1898 MB 1897 MB
DISKPART> select disk 1
Disk 1 is now the selected disk.
# Note: sometimes disk must be cleaned several times for OS to recognize it
DISKPART> clean
DiskPart succeeded in cleaning the disk.
DISKPART> create partition primary
DiskPart succeeded in creating the specified partition.
DISKPART> active
DiskPart marked the current partition as active.
DISKPART> format fs=fat32 quick
100 percent completed
DiskPart successfully formatted the volume.
DISKPART> assign
DiskPart successfully assigned the drive letter or mount point.
DISKPART> exit
Leaving DiskPart…

  • How use DD for Windows

# Find the removable media path:C:\Windows\system32>dd –listrawwrite dd for windows version 1.0beta1 WIN64.Written by John Newbigin <jnewbigin@chrysocome.net>This program is covered by terms of the GPL Version 2.
Win32 Available Volume Information\\.\Volume{679e0884-4c68-11e5-b15e-806e6f6e6963}\link to \\?\Device\HarddiskVolume1fixed mediaNot mounted
\\.\Volume{2ea37b2c-9a5a-11e8-92dd-7824af3a405d}\link to \\?\Device\HarddiskVolume3removeable mediaMounted on \\.\d:
\\.\Volume{679e0885-4c68-11e5-b15e-806e6f6e6963}\link to \\?\Device\HarddiskVolume2fixed mediaMounted on \\.\c:

NT Block Device Objects\\?\Device\Harddisk0\Partition0link to \\?\Device\Harddisk0\DR0Fixed hard disk media. Block size = 512size is 256060514304 bytes\\?\Device\Harddisk0\Partition1link to \\?\Device\HarddiskVolume1\\?\Device\Harddisk0\Partition2link to \\?\Device\HarddiskVolume2\\?\Device\Harddisk1\Partition0link to \\?\Device\Harddisk1\DR1Removable media other than floppy. Block size = 512size is 1990197248 bytes\\?\Device\Harddisk1\Partition1link to \\?\Device\HarddiskVolume3Removable media other than floppy. Block size = 512size is 1990131712 bytes
Virtual input devices/dev/zero (null data)/dev/random (pseudo-random data)- (standard input)
Virtual output devices- (standard output)/dev/null (discard the data)
# Write onto D volumeC:\Windows\system32>dd if=C:\Users\Adrian\Desktop\CentOS-7-x86_64-Minimal-1804.iso of=\\.\d: bs=512rawwrite dd for windows version 1.0beta1 WIN64.Written by John Newbigin <jnewbigin@chrysocome.net>This program is covered by terms of the GPL Version 2.

Installing Team Foundation Server

1. Installation
a. All in one
b. Separate TFS and database (advanced)

2. Setup reporting
a. Warehouse database
b. Analysis servicesc. Reports

3. Configure Extension for Sharepoint
TFS Administration Console > {servername} > Application Tier > Extensions for Sharepoint Products > Grant Access > URL for TFS = http://{servername}:8080/tfs , Sharepoint web application = http://{sharepointservername}/ > OK

4. Configure TFS Build Service
Run tfs_server.exe > Configuration Center opens > select Configure Team Foundation Build Service > Start Wizard > Next > Select Team Project Collection = browse toward the correct Team Project Collection > Next > Build Services opens, User the default setting > Next > Run Team Foundation Service as User a user account = {Domain_Name}\{Service_Account} > Next > Next > Configure

5. Create Team Project Collection
TFS Administration Console > Team Project Collections > DefaultCollection would appear > Click Create Collection > give new collection a name do describe its purpose > fill in Description > Next > Enter the data tier where Team Project Collection will reside > Create a new database for this collection > Next > click Next to accept the predefined Reports configuration > Next > Verify > Complete > Close

How to Install SSL Certificate(s) on Various Web Servers

Public facing websites often become become targets of attacks such as eavesdropping, denial of service, spoofing, etc. In the case of eavesdropping, an SSL certificate can be installed so that the hosting server and each client browser can reasonably form a secure communication channel. Hence, it is becoming a common practice for web administrators to implement this technology.


IIS 5 & 6Legacy OS such as Windows 2000 & 2003 are still being serve as production servers today. Thus, it would serve an administrator’s interest to know how to assign an SSL cert into these machines.
Step 1: obtain a publicly signed certificateThere are many public SSL certificate providers on the Internet. An example of a free service would be from StartSSL, and a paid subscription would be from GeoTrust. The formats of a certificate should be with the extension of *.key, *.crt, *.der, *.pem, or *.pfx (IIS-5’s default).
Step 2: Apply the certificate to a websiteStart >> All Programs >> Administrative Tools >> Internet Information Service (IIS) Manager >> browse to {server_name} >> Web Sites >> right-click on the correct {website_name} >> properties >> select the Directory Security tab >> click on Server Certificate >> Next >> select the radio button next to Assign an existing certificate >> Next >> select the correct certificate (one may choose to add a new certificate to this server if this list does not present a valid item) >> Next >> input the port number as 443 >> Next >> Next >> Finish >> click on Edit >> put a check mark next to “Require secure channel (SSL)” and “Require 128-bit encryption” >> select any or all item(s) if there is pop-up list >> click OK >> Apply >> OK


IIS 7 & 7.5There are two type of certificates that could be installed on an IIS: a site certificate or an intermediate certificate. The former is a normal cert that should be applied directly on the server hosts contents, while the latter should be installed on an IIS that behaves as a relay or proxy to complete the chain of trust between a web host, a proxy, and a client browser.
Start >> Internet Information Services (IIS) Manager >> expand to select the correct server >> double-click on Server Certificates >> click Complete Certificate Request from the right hand side panel >> click … to browse toward the location of the certificate file >> click Open >> input a Friendly Name for this cert >> to bind this new cert, navigate back to the server where the cert has been installed within the Internet Information Services (IIS) Manager >> expand Sites >> select the desired site to be secured with SSL >> click Bindings from the Action Panel on the right hand side >> Add >> a Site Binding window appears >> select HTTPS as type, choose Select All Unassigned as IP Address, input 443 as port the port number or type, and pick the correct cert that has been installed previously >> OK >> OK


IIS 8 & 8.5Windows Server 2012 is bundled with IIS 8, and Windows 2012 R2 comes with IIS 8.5. The administration process between these two versions are very similar. 
Right-click on the Windows icon >> Run >> INETMGR.exe >> Enter >> locate the desired server by its icon >> double-click “Server Certificates” >> click Complete Certificate Request from the right side (Actions Menu) >> click … >> browse to the path of the cert >> OK >> input the Friendly name such as {domain-name.com} >> click on the drop-down menu to choose the certificate store type (i.e. Web Hosting) >> OK >> to bind this new cert, navigate back to the server where the cert has been installed within the Internet Information Services (IIS) Manager >> click on Bindings from the right side Action Menu >> Add >> choose HTTS as Type, All Unassigned as IP address, and {domain-name.com} as SSL certificate >> OK >> repeat this process to install additional certificates for other sites being hosted by this server


NGINX
Step 1: Edit the server block to enable SSL support. Please note that if NGINX has been manually compiled, it must be compiled with the option to support SSL.(A) stop NGINX with this command: killall -9 nginx(B)  Add the following sample script into the server blockserver {listen 443;server_name <FQDN>;ssl on;ssl_certificate <Path_to_Certificate>;ssl_certificate_key <Path_to_SSL_Key>;root <EMPTY DIRECTORY>location / {…}}
Step 2: Restart NGINX with one of these commands, depending on the Linux flavor and NGINX installation method/usr/local/nginx/sbin/nginx -s reload/etc/init.d/nginx restartservice nginx restartsudo service nginx restartsudo /etc/init.d/nginx restartnginx -s reload


Apache
Step 1: Copy the file to the server as a *.crt file name extension. Two types of certs are required. Those are the Intermediate and the Primary certificates. There is also a private key file being required. Thus, the total number of files to be transferred are three (3). FTP, SFTP, SAMBA, or SCP could be used to transfer these files. For instance, this is a syntax of the SCP method
To copy a file from B to A while logged into B:scp /path/to/file username@a:/path/to/destination
To copy a file from B to A while logged into A:scp username@b:/path/to/file /path/to/destinationStep 2: edit the httpd.conf or httpd-ssl.conf (depending on the server’s predisposition)(A) Locate the SSL Configurationgrep -i -r “SSLCertificateFile” /etc/httpd/                          # where /etc/httpd/ is the base directory of Apache(B) Edit the file by adding the following block<VirtualHost 443>DocumentRoot /var/www/htmlServerName www.domain-name.comSSLEngine onSSLCertificateFile /path/to/primary-cert.crtSSLCertificateKeyFile /path/to/ssl-private.keySSLCertificateChainFile /path/to/intermediate-cert.crt</VirtualHost>
Step 3: reload ApacheVarious Linux flavors have different commands to accomplish this task. Also, whether Apache has been compiled from source would affect the actual command line to restart HTTPD. The Linux server administrator would know which of these commands to be used:apachectl restart/sbin/service httpd restartsudo restart apache2/usr/sbin/rcapache2 restart

IIS Mime Types

One of the features of IIS security is to enforce file access by its associated extensions. As such, objects that are not set in IIS with a specific type association such as .zhp (Swiftview proprietary extension) would not be rendered by a client browser. To resolve such quirk, one would need to manually add a new entry onto the “MIME types” using the convention as recommended by the software vendor. The procedure to accomplish similar task is as follows:

Step 1: open IIS >> browse to the specific “site” such as the one below >> double-click on the “MIME Types” icon

Step 2: click on the “Add” button from the right hand side of Actions menu >> type in the information below

Step 3: on a Windows client, open Internet Explorer and browse toward the site via its FQDN to verify the application’s successful execution

Arrays and Objects

Array.prototype– Allows additional properties of all array objects
Array.from– Creates a new array from an array-like object- newArr = Array.from(arrX);
Array.isArray– Return true or false as test result of an object- Format: Array.isArray(objectX);
Array.of– Creates a new instance basing of the original object- Format: Array.of(arrX);
Array.prototype.toString– Since the Array type is a derivative of the Object type, this method overrides the Object.prototype.toString one. The function is as named.- Format: Array.prototype.toString(arr);
Array.prototype.values()–  Returns a new Array Iterator object that contains the values for each index in the array.
find– Returns the value of the first found element in the array. Result equals undefined if not found.- Format: arr.find(callback[, thisArg])- Available in ES6- Returns one element value
findIndex– Returns the found index in the array, if an element in the array satisfies the provided testing function or -1 if not found.
indexOf– Find the matching item in the array and return its index position- Format: arr.indexOf(searchItem)
lastIndexOf– Return the index position of the last matching item- Format: arr.lastIndexOf(searchElement, fromIndex)
include– Return true of false value indicating a matching element in the array- Format: arr.include(searchItem);
some–  Returns true if at least one element in this array satisfies the provided testing function.
keys– Returns index positions of the elements in the array- Format: Object.keys(arr)  or arr.keys()- The first format ignore holes, while the second format doesn’t
filter– Creates a new array with all of the elements of this array for which the provided filtering function returns true.
reduce– Creates a new array with the results of calling a provided function on every element in this array.- Format: (function(accumulator, currentElement, indexOfCurrentElement) {}, startingIndex)- The return of the function above will become the value of the accumulator
reduceRight–  Apply a function against an accumulator and each value of the array (from right-to-left) as to reduce it to a single value.
exec– Execute RegExp statement toward an object- Format: specialChars.exec(object)    where specialChars=/d(b+)(d)/i;  and testObj={[‘abcd’],[‘effasd’]}
call– Calls the object, parses it into the method with a provided function- This method is generic, and it is being phased out in newer versions of Javascript. Thus, Array.prototypes,method can be called directly into (object,function) without using call.- Format: Array.prototype.{method}.call(object,function)- Example: if (Array.prototype.every.call(str, function isLetter (char) {return char >= ‘a’ && char <= ‘z’; })) {  console.log(“The string ‘” + str + “‘ contains only letters!”);}
apply– Used as “Array.prototype.{method}.apply(objects)” where method shall be applied toward the inside objects- This method is also generic, which will disappear.- 
each
forEach– This is very useful to replace for loops to make the codes more clean.- Reference to original collection- Default ‘this’ value in the callback- Returns ‘undefined’- Each iteration of this method has an immediate impact on the elements of the affected array.- Format: arr.forEach(function(item,index,array){ some codes})- Example of usage:  arr2.forEach(function(newItem){    var flag=0;    // Loops through current inventory to update inventory. If item is new, set the flag    arr1.forEach(function(existingItem){      if (newItem[1]===existingItem[1]) {existingItem[0]+=newItem[0]; flag=1;}   });      // item[0] holds the value and item[1] holds the label    // Insert item if it’s new    if (flag===0){      arr1.push(newItem);    }     });
every– Returns true if every element in this array satisfies the provided testing function.
slice– Extracts elements of an existing array into a new copy- Format: arr.slice(begin,end)- The begin position is included, while the end marker element will not be included in the extraction
splice– Format: splice(startingIndex, removeItemCount, addItem1…)- If the starting index is a negative number, that is interpreted as the element index counting from the last item of the array- How to remove an element and its index from the array:    arr.splice(arr.indexOf(elementToRemove),1,NaN);- How to remove last two elements of an array: arr.slice(-2);- How to remove first two elements of an array: arr.slice(2);
concat– Concatenate the result or elements into base array-  Format: arr1.concat(arr2)
join– Joints all elements within the array into a string- Format: arr.join(separator);- The separator is often “” (no-space), ” ” (space), ‘-‘ (dash), ‘\n’ (new line)
map– Calling a provided function on every element in this array.- Different from the ‘forEach’ method in the way the this function returns the results of all iterations into a new array of the same size as the original.- Example of an alternative to running two ‘for’ loops:arr1.map(function(item1) {    return arr2.map(function(item2) {      if (item1[1] === item2[1]) {   item1[0] = item1[0] + item2[0];  }    });  });
pop– remove the last element in the array- Format: arr.pop()
push– insert an element into the last position of the array- arr.push(newElement)
shift– Remove the first item in the array- Format: arr.shift()
unshift– Add an item to the front in the array- Format arr.unshift(item)
reverse– Reverse the elements of an array- Format: arr.reverse();
sort– Sort elements within an array- Example of sorting numerical values:arr.sort(function (a,b){return a-b;});- Example of sorting by alphabets:items.sort(function(a, b) {  var nameA = a.name.toUpperCase(); // ignore upper and lowercase  var nameB = b.name.toUpperCase(); // ignore upper and lowercase  if (nameA < nameB) {    return -1;  }  if (nameA > nameB) {    return 1;  }  return 0; // when names are equal});- Example sorting nested arrays, where arr[…][0] contains the labels to be sortedarr.sort(function(currItem, nextItem) {     return currItem[0] > nextItem[0];   });
length– return a number representing the count of array elements

Useful lines:

  • Convert arguments into array:   var arr = Array.prototype.slice.call(arguments);
  • Remove duplicates within an array:   .filter(function(elem, index, self) { return index == self.indexOf(elem);})
  • Sum values in a one-dimensional array: .reduce(function (a, b) {return a + b;}, 0)     OR    .reduce((a, b) => a + b, 0).toFixed(2);  where 2 is the #’s of trailing digits desired
  • Flatten nested arrays: var flattened = [].concat.apply([], nestedArrays);
  • Remove all non-numerical values from an array: .filter(function(element) {return !isNaN(parseFloat(element)) && isFinite(element );});
  • Remove an element and its index from the array:    arr.splice(arr.indexOf(elementToRemove),1,NaN);

Notes:

  • To access an object inside an array, one must use notations inside a brackets such as: USA[‘California’] NOT USA[California]
  • […{object}] — the “spread operator” gathers up all elements within the object

CSS

position: absolute | relative
This is referencing the first parent element. Absolute means it’s removed from the normal flow of contents, while relative can float elsewhere while its reserved space remains intact

float: left | right; (There are only two options for an element to be floated)

Example

img{
float: right;
margin-left: 10px;
width: 100;
}

p{
float: left;
width: 100;
}

If both elements ‘img’ and ‘p’ are to float side by side, they should have the same width. The float properties should be opposite, and the ‘img’ margin should be set to that element ‘p’ doesn’t get too close.

How to clear float settings:

.floating{
float: right | left;
}
.clearFloat {
clear: both | left | right;
}

Note: Since float will affect elements after its

marker, a
breaker can be issued to protect the downstream elements from the floats

Handling the overflow of content:

div {
width: 100px;
height: 100px;
overflow: visible (default) | scroll | hidden | auto (only show scroll bars if overflowing)
}

z-index

Works when elements are set with position

.box1{
width: 100px;
height: 100px;
color: blue;
z-index: 5;
position: relative;
}
.box2{
width: 100px;
height: 100px;
color: red;
z-index: 4;
position: relative;
}

match

– The match() method retrieves the matches when matching a string against a regular expression. Returns a Array of matches or null of none is found.
– Format: str.match(regex)
– Same as RegExp.exe() if regexp doesn’t have the /g flag
– Example:
var regex = /(.)\1+/g;
var str = “aab”;
console.log(str.match(regex));

logs [ ‘aa’, index: 0, input: ‘aab’ ]

Kerberos “Second Hop” Problem

Issue

Sometimes, there’s a need to run WinRM into a “Jump Box” (trusted host in the domain) to run commands from that machine. What would happen if those commands are to issue executions to other machines (2nd hops)? By default this error would be raised:

# Error caused by Kerberos “second hop” problem: 1st hope is the invoke, 2nd hop is the connection to target server

ERROR: Access is denied.
+ CategoryInfo : NotSpecified: (ERROR: Access is denied.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : localhost

NotSpecified: (:) [], RemoteException

Resolution

This prohibition is by design. Imagine a Windows domain where one can hop from one host to the next without any traces. That would be very insecure. To selectively enable the ability for 2nd hops, there are a few alternatives:

1. The permanent solution is to configure Constrained Delegations on Windows Server 2012 or new (https://www.itprotoday.com/windows-server/how-windows-server-2012-eases-pain-kerberos-constrained-delegation-part-1)

2. Credential Security Service Provider (CredSSP) protocol

Run this command on JUMPBOX01 to delegate CredSSP to DC01

JUMPBOX01 #> Enable-WSManCredSSPRole ClientDelegateComputer dc01.kimconnect.com -Force

Run this command on DC01 to enable the CredSSP role

Enable-WSManCredSSPRole Server -Force

Enter-PSSession from the JumpBox01 with as Zero Hop

# Credentials section
$username= "KIMCONNECT\"+Read-Host -Prompt "Input the username"
$password = Read-Host -Prompt "Input the password for account $username" -AsSecureString
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username,$password

# Authenticate to the CredSSP server
$elevate = Enter-PSSession
ComputerName DC01.kimconnect.com -Credential $credAuthentication CredSSP

This is effective in elevating the current shell privilege level, without running into the constraint of not being able to run commands on 2nd hop target machines. Hence, this elevated session can be issued such as:

# Elevate PowerShell Session to collect Scheduled Tasks information from a target server
Invoke-Command -session $elevate -ScriptBlock{
$target="webserver01"
schtasks.exe /query /s $target /V /FO CSV | ConvertFrom-Csv | Where { $_.TaskName -ne "TaskName"}
}

Network Zones

Corporate Head-Quarter:
DMZ:

  1. Extranet: Vendors
  2. Web: Front-end Sites (a) Web (b) Application (c) Data
  3. Public: Public, satellite VPN connections 

Internal:

  1. Warehouse: (a) scanners ( b) guests (c) 
  2. Offices (departmental VLAN seggregation): (a) Executives (b) Accounting (c) Sales-Marketing (d) Customer-Service (e) IT-Infrastructure (f) DEV (g) InfoSec (h) Returns (j) R-and-D (k) Production
  3. Servers: (a) Data (b) Application (c) Front-End
  4. Printers

Cloud Amazon Web Services & Microsoft Azure:       
1. Web Tier: Availability Zone 1 & 2
2. App Tier:  Availability Zone 1 & 2      
3. Data Tier Availability Zone 1 & 2

Fixing ‘RPC Server Not Available’

Overview: RPC requires these follow ports to function properly:

  • RPC TCP 135
  • RPC randomly allocated high TCP ports¹ TCP 1024 – 5000 | 49152 – 65535²
  • SMB (RPC dependency) TCP 445

Troubleshooting Sequence:

Use wbemtest to perform layer-7 validation of RPC functionality:
Run > Start > wbemtest.exe > click Connect > Input the value for Server Name in this format: {serverName}\root\cimv2 > Connect

Alternatively, we can also use Perfmon for this validation:
Run > Start > perfmon.exe > press Enter > right-click Performance node > click on “Connect to another computer…” > input {serverName} > OK > if there’s no error in connectivity, we may generalize that WMI Access for RPC is accessible from this current client to the remote server

Another useful tool from Systernals:
RDP or VNC into target Server > click on Run > Start > tcpview.exe > press Enter > sort “Local Port” numerically to locate connectivities on the RPC port numbers as cited previously

Test connectivity to server at specified port using psping utility. Below is a true-positive result:
C:\WINDOWS>psping {serverName}:135
TCP connect to ::1:135:
5 iterations (warmup 1) ping test:
Connecting to ::1:135 (warmup): from ::1:7496: 0.26ms
Connecting to ::1:135: from ::1:7497: 0.35ms
Connecting to ::1:135: from ::1:7498: 0.27ms
Connecting to ::1:135: from ::1:7499: 0.31ms

Configure Server’s Windows Firewall to allow RPC services:

Set Windows Firewall to allow some static ports:
netsh advfirewall firewall add rule name=”RPC” dir=in action=allow protocol=tcp localport=135
netsh advfirewall firewall add rule name=”SMB” dir=in action=allow protocol=tcp localport=445

Set Windows Firewall to allow some dynamic ports:
netsh int ipv4 set dynamicport tcp start=1024 num=5000
netsh int ipv4 set dynamicport tcp start=49152 num=65535
netsh int ipv4 show dynamicport tcp #verify

Alternative method: use PowerShell Commands to open appropriate static ports:
Net-NetFirewallRule -DisplayName “RPC” -Direction Inbound -Action Allow -Protocol TCP -LocalPort 135
Net-NetFirewallRule -DisplayName “SMB” -Direction Inbound -Action Allow -Protocol TCP -LocalPort 445
New-NetTransportFilter -SettingName “RPC-Dynamic-Range1” -LocalPortStart 1024 -LocalPortEnd 5000 -RemotePortStart 0 -RemotePortEnd 65535
New-NetTransportFilter -SettingName “RPC-Dynamic-Range2” -LocalPortStart 49152 -LocalPortEnd 65535 -RemotePortStart 0 -RemotePortEnd 65535

Up to now, this instruction only applies to the SysAdmin side. On the Network Admin side, enterprise firewalls would need to allow Ingress traffic of the aforementioned ports to the target host. Most likely, Egress traffic would already be unfiltered from the Zone where this target server resides toward the Zone(s) where its clients exist.

Symantec Antivirus 10.1: How to delete a Quarantined file

  Double-click on the SAV shield icon in your Notification Area (lower right-hand corner of screen).
From the View menu choose Quarantine.
Select the file you want to delete.
NOTE: If in.mbx is listed Do NOT delete this file. This is your Eudora inbox. Contact Computer Support.
To select all files, click on the first file. Scroll to the end of the Quarantined files list. Hold down the SHIFT key and click on the last file.
Click the Delete button in the toolbar (looks like a red x).
In the take action dialog box, click Start Delete.
When status has changed to succeeded click Close button.
If more documents appear in the list, repeat steps 3 - 6 until finished.
When done, click Close. Click Exit to exit SAV.

Symantec Antivirus 11 Installation Notes

- Endpoint protection manager is dependent on IIS, make sure that the "Default Website" "Directory Security" "IP Address and Domain Name Restrictions" are set to "Granted Access" to all. Also, authentication and access control allows "anonymous access"
- For manual reconfiguration of clients to connect to Endpoint Protection Manager, use SylinkDrop.exe and browse to the Sylink.xml file located inside of " C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\{some code here}"
- 12-month subscriptions license is automatically applied - there's no need to install any licensing file

How to increase the database size limit on Exchange 2003 SP2

Connect to the Server that is running Exchange 2003 SP2
Click Start > Run > type regedit > input Admin credentials > click OK
Click one of the following registry subkeys, as appropriate for the store that you want to increase:
For a mailbox store, edit the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Server name\Private-Mailbox Store GUID
For a public folder store, edit this subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Server name\Public-Public Store GUID
The following sequence would set Exchange database size to its allowable maximum of 75 Gigabytes: Edit > New > DWORD > name the new key as "Database Size Limit in Gb" > set value = 75 > OK
Restart the Microsoft Exchange Information Store service: Start > Run > type "cmd" > press Enter > type in these lines...
net stop msexchangeis
net start msexchangeis
Examine the Application log to verify that the database size has been set successfully. To do this, follow these steps: Start > Run > type "eventvwr.exe" > press Enter > navigate to the Application hive > locate event ID 1216 > verify that the database size has been set as configured within the registry

“Simon” Piano Game JavaScript Code

Demo: https://kimconnect.com/pianogame.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<link rel="stylesheet" type="text/css" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.0.0-alpha.6/css/bootstrap.min.css">
<style>
body{ 
  background-image: url(http://wallup.net/wp-content/uploads/2016/01/167565-abstract-dark-black_background-digital_art-artwork.png);
  text-align: center;
  background-size: 100%;
  font-family: 'VT323', monospace;
}

ul {
	height:360px; width:540px;
  margin:auto auto; padding:20px 45px 0 45px; position:relative; 
  border:1px solid #160801; border-radius:16px; 
  background:-webkit-gradient(linear, right bottom, left top, color-stop(0%,grey), color-stop(100%,grey)), grey;
box-shadow:0 0 50px rgba(0,0,0,0.5) inset, 0 1px rgba(212,152,125,0.2) inset,0 5px 15px rgba(0,0,0,0.5); }
li { margin:0; padding:0; list-style:none; position:relative; float:left; cursor:pointer;}

ul .white {
	height:256px; width:64px; z-index:1;
	border-left:1px solid #bbb;
	border-bottom:1px solid #bbb;
	border-radius:0 0 5px 5px;
  background: white;
  box-shadow:-1px -1px 2px rgba(255,255,255,0) inset, 0 -5px 2px 3px rgba(0,0,0,0.6) inset, 0 2px 4px rgba(0,0,0,1);
  
}

ul .white:active {
	border-top:1px solid grey;
	border-left:1px solid grey;
	border-bottom:1px solid grey;
  background: red!important;
}

.black {
	height:128px; width:32px; margin:0 0 0 -16px; z-index:2;
	border:1px solid #000;
	border-radius:0 0 3px 3px;
	box-shadow:-1px -1px 2px rgba(255,255,255,0) inset, 0 -5px 2px 3px rgba(0,0,0,0.6) inset, 0 2px 4px rgba(0,0,0,1);
  background: black;
}

.black:active {
  background: yellow!important;
}

.d,.e,.g,.a,.b { margin:0 0 0 -16px;  }

ul li:first-child { border-radius:5px 0 5px 5px; }
ul li:last-child { border-radius:0 5px 5px 5px; }

.display{
  width: 200px;
  height: 40px;
  display: inline-block;
  font-weight: bold;
  background: #99997d;
  box-shadow: inset 10px 10px 20px 1px #99997d,inset -10px -10px 10px 1px #99997d;
  border-radius: 5px;
  overflow: auto;
}

.displayLight{
  background: #cccc00;
  box-shadow: inset 10px 10px 20px 1px #ffff33,inset -10px -10px 10px 1px #ffff33;
}

.button{
  cursor:pointer;
  box-shadow:-1px -1px 3px rgba(255,255,255,0.2) inset, 0 -2px 3px 3px rgba(0,0,0,0.6) inset, 0 1px 2px rgba(0,0,0,0.5);
}

.pressed{
  cursor:pointer;
  box-shadow:-1px -1px 1px rgba(255,255,255,0.2) inset , 0 -1px 1px 1px rgba(0,0,0,0.6) inset, 0 1px 1px rgba(0,0,0,0.5);
  font-weight: bold;
}

</style>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function () {
var a = new Audio('./piano/a.mp3');
var as = new Audio('./piano/as.mp3');
var b = new Audio('./piano/b.mp3');
var c = new Audio('./piano/c.mp3');
var cs = new Audio('./piano/cs.mp3');
var d = new Audio('./piano/d.mp3');
var ds = new Audio('./piano/ds.mp3');
var e = new Audio('./piano/e.mp3');
var f = new Audio('./piano/f.mp3');
var fs = new Audio('./piano/fs.mp3');
var g = new Audio('./piano/g.mp3');
var gs = new Audio('./piano/gs.mp3');
var bell= new Audio('./piano/bellsound.mp3');
  
$a = $(".a");
$as = $(".as");
$b = $(".b");
$c = $(".c");
$cs = $(".cs");
$d = $(".d");
$ds = $(".ds");
$e = $(".e");
$f = $(".f");
$fs = $(".fs");
$g = $(".g");
$gs = $(".gs");
$key=$(".key");
$display=$(".display");
$onoff=$(".onoff");
$strict=$(".strict");  
  
  var status=0;
  var strict=0;
  var sequence, notes;
  var speed;  // 1:1200ms, 2:750ms, 3:300ms
  var level;
  var input;
  var noteCount;
  var repeat;
  
$onoff.click(function(){
  if (!status){
    status=1;
    $onoff.removeClass("button");
    $onoff.addClass("pressed");
    $display.text("STARTING...");
    $display.addClass("displayLight");
    initGame();    
  } else {
    status=0;
    $onoff.addClass("button");
    $onoff.removeClass("pressed");
    $display.text("STATUS: OFF");
    $display.removeClass("displayLight");
  }
});

  $strict.click(function(){
      if (!strict){
      strict=1;
      $strict.removeClass("button");
      $strict.addClass("pressed");
    } else {
      strict=0;
      $strict.addClass("button");
      $strict.removeClass("pressed");
    }
  });
  
  function initGame(){
    speed=1250;
    level=1;
    input=[];
    noteCount=0;
    sequence=[];
    repeat=1;
    for (i=0;i<30;i++){
        sequence.push(Math.floor(Math.random() * 12) + 1);
    }
  challenge(level);
  }
  
  function challenge(levelNumber){
    notes=sequence.slice(0,levelNumber);
    play(notes);
//    waitInput();
  }

  function play(arr){
    $display.text("STATUS: LEVEL "+level+" OF 30");
    switch (level){
      case 2: speed=800; break;
      case 5: speed=650; break;
      case 8: speed=500; break;
      case 10: speed=350; break;
      case 12: speed=250; break;
      case 15: speed=200; break;
      case 20: speed=150; break;
      case 25: speed=100; break;
      case 27: speed=85; break;
      case 29: speed=70;
                 }
   //    The for loop requires a special function to make timed delays effective
    var i = 0;        
    function loopWait () {
       setTimeout(function () {         
          pickNote(arr[i],speed*0.9);         
          i++;
          if (i < arr.length) {    
             loopWait();            
          } 
       }, speed)        
    }
    loopWait(); 

    window.setTimeout(function() {
          repeat=0;
          }, (speed*0.9)*arr.length);    
    
  }

  function pickNote(val,delay){
    var sound, lightedKey;
    switch(val){ 
      case 1: sound=c; 
        $c.css("background",'red'); 
        window.setTimeout(function() {
          $c.css("background",'white');
          }, delay);
        break;
      case 2: sound=cs;$cs.css("background",'yellow'); 
        window.setTimeout(function() {
          $cs.css("background",'black');
          }, delay);
        break;
      case 3: sound=d;$d.css("background",'red'); 
        window.setTimeout(function() {
          $d.css("background",'white');
          }, delay);
        break;
      case 4: sound=ds;$ds.css("background",'yellow'); 
        window.setTimeout(function() {
          $ds.css("background",'black');
          }, delay);
        break;
      case 5: sound=e;$e.css("background",'red'); 
        window.setTimeout(function() {
          $e.css("background",'white');
          }, delay);
        break;
      case 6: sound=f;$f.css("background",'red');
        window.setTimeout(function() {
          $f.css("background",'white');
          }, delay);
        break;
      case 7: sound=fs;$fs.css("background",'yellow');
        window.setTimeout(function() {
          $fs.css("background",'black');
          }, delay);
        break;
      case 8: sound=g;$g.css("background",'red'); 
        window.setTimeout(function() {
          $g.css("background",'white');
          }, delay);
        break;
      case 9: sound=gs;$gs.css("background",'yellow');
        window.setTimeout(function() {
          $gs.css("background",'black');
          }, delay);
        break;
      case 10: sound=a;$a.css("background",'red');
        window.setTimeout(function() {
          $a.css("background",'white');
          }, delay);
        break;
      case 11: sound=as;$as.css("background",'yellow');
        window.setTimeout(function() {
          $as.css("background",'black');
          }, delay);
        break;
      case 12: sound=b;$b.css("background",'red');
        window.setTimeout(function() {
          $b.css("background",'white');
          }, delay);
    }    
    sound.pause(); 
    sound.currentTime = 0;
    sound.load(); 
    sound.play();     
  }

// Listening to user inputs  
$key.mousedown(function(event){
  var key= parseInt($(this).attr("value"));
  var audio;  
  if (!repeat){
  switch(key){
    case 1: audio=c;break;
      case 2: audio=cs;break;
      case 3: audio=d;break;
      case 4: audio=ds;break;
      case 5: audio=e;break;
      case 6: audio=f;break;
      case 7: audio=fs;break;
      case 8: audio=g;break;
      case 9: audio=gs;break;
      case 10: audio=a;break;
      case 11: audio=as;break;
      case 12: audio=b;
            };
  audio.pause(); 
  audio.currentTime = 0;
  audio.load(); 
  audio.play();  
  
  if (status){
  input.push(key);
  if(input.length==notes.length){ checkInput();} 
  else if (input[input.length-1]==notes[noteCount++]){
    $display.text("CORRECT!");
  }  else if (strict){
    window.setTimeout(function() {
      initGame();
    }, speed);    
  } else {
    bell.play();
    $display.text("TRY AGAIN...");
    input=[];
    noteCount=0;
    repeat=1;
    window.setTimeout(function() {
      challenge(level);
    }, speed);
       
  }
  }
  
  } // ends repeat check
}); // ends key.mousedown function 
  
  function checkInput(){
  if (JSON.stringify(notes)==JSON.stringify(input)){
    input=[];
    noteCount=0;
    $display.text("LEVELING UP!");    
    challenge(++level);       
  } 
    
    else if (strict){
    bell.play();
    $display.text("STRICT MODE: GAME RESETTING");
    window.setTimeout(function() {
    initGame();
    }, speed);    
  }    
  else {
    bell.play();
    $display.text("INCORRECT!");
    input=[];
    noteCount=0;
    challenge(level);         
  }
  
}  
  
}); // ends $(document).ready(function(){
</script>



</head>
<body>
<link href="https://fonts.googleapis.com/css?family=VT323" rel="stylesheet">
<ul class="set">
  <div><a class="button btn btn-danger onoff">ON / OFF</a>&nbsp&nbsp<a class="btn display">STATUS: OFF</a>&nbsp&nbsp<a class="button btn btn-primary strict">STRICT MODE</a></div>
  <hr>
  <div class="center">
  <li class="key white c" value="1">C</li>
  <li class="key black cs"value="2">C#</li>
  <li class="key white d"value="3">D</li>
  <li class="key black ds"value="4">D#</li>
  <li class="key white e"value="5">E</li>
  <li class="key white f"value="6">F</li>
  <li class="key black fs"value="7">F#</li>
  <li class="key white g"value="8">G</li>
  <li class="key black gs"value="9">G#</li>
  <li class="key white a"value="10">A</li>
  <li class="key black as"value="11">A#</li>
  <li class="key white b"value="12">B</li>
  </div>
</ul>
<h4>Piano Game - Prototype</h4>

</body>
</html>