Preventing System Volume Information buildup
article #1507, updated 138 days ago

The overall cause of buildup of orphan shadows in “System Volume Information” folders, is physical storage not being able to keep up with demand.

The best first steps I have, are to run what I sometimes call general cleanup. After that, I run PrivaZer without checking traces in free space, which saves time and does not affect performance results. PrivaZer cleans up an amazing variety of NTFS issues, even new installs often benefit.

And after that, three registry entries. Here’s Powershell code to get them in and engaged.

$NewMaxShadowCopies = 8
$NewMinDiffAreaFileSize = 128

# http://www.tomsitpro.com/articles/powershell_registry-powershell_command_line,2-152.html

function setupDWORD {
    param( [string]$regPath, [string]$nameForDWORD, [long]$valueForDWORD )

    ##############
    # Error out if cannot touch the registry area at all
    If ( !(Test-Path $regPath) ) {
        Try {
            New-Item $regPath -Force -ErrorAction SilentlyContinue
            }
        Catch {
            Write-Error ("Could not visit or create registry path " + $regPath)
            Return
            }
        }

    #############
    # If an existing registry entry exists, store its value to report later
    Try {
        $oldValueProperty = Get-ItemProperty -Path $regPath -Name $nameForDWORD -ErrorAction SilentlyContinue
        $oldValue = $oldValueProperty.$nameforDWORD
        }
    Catch {
        $oldValue = ""
        }

    #############
    # Report the changes to make
    Write-Output ("DWORD to write: " + $nameForDWORD)
    Write-Output ("at registry path " + $regPath)
    If ($oldValue -ne "") {
        Write-Output ("Original value is " + $oldValue)
        }
    else {
        Write-Output "No original present."
        }
    Write-Output ("New value is " + $valueforDWORD)

    ############
    # Report no changes to make, set new registry entry, or error out
	If ($oldValue -eq $valueforDWORD) {
		Write-Output "No change to make."
		""
		Return
		}
    Try {
        New-ItemProperty -Path $regPath -Name $nameForDWORD -Value $valueForDWORD -PropertyType DWORD -Force -ErrorAction SilentlyContinue > $null
        }
    Catch {
        Write-Error "Failed!"
        ""
        Return
        }

    "Succeeded!"
    ""
    }

setupDWORD "HKLM:\System\CurrentControlSet\Services\VSS\Settings" "MaxShadowCopies" $NewMaxShadowCopies

setupDWORD "HKLM:\System\CurrentControlSet\Services\VolSnap" "MinDiffAreaFileSize" $NewMinDiffAreaFileSize

setupDWORD 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows' 'DeleteStaleTaskCache' 1

""

"Restarting VSS..."

Restart-Service -Force -Name "VSS"

""

"Complete!"
""

Categories:      

==============

IP Reputation Checks
article #1563, updated 140 days ago

Recently, one site has been blocked from multiple web-based services. All of the services were using Amazon CloudFront as backend. One by one, when the vendors were contacted, they all found that CloudFront was blocking their site’s external Internet IP. This was happening despite the fact that a large number of blacklist checks were coming up green. Eventually, I found these:

talosintelligence.com/reputation_center

www.ipqualityscore.com

www.apivoid.com/tools/ip-reputation-check/

which do a lot more. Not sure how timely some of the reporting is. And they still did not explain the CloudFront issues.

Categories:      

==============

Reestablish Windows Domain Relationship in Powershell
article #1562, updated 143 days ago

If you can get to an administrative or system shell:

Reset-ComputerMachinePassword -Server DC.domain.local -Credential (Get-Credential)

Categories:      

==============

Watchguard CLI to restart BOVPN processes
article #1560, updated 160 days ago

This can be very useful; apparently Watchguard is documenting some CLI data publicly:

techsearch.watchguard.com/KB/WGKnowledgeBase?lang=en_US&SFDCID=kA10H000000g2wFSAQ&type=Article

Categories:      

==============

Silent install of SentinelOne
article #1559, updated 162 days ago

This works rather well with the .EXE installer:

installer.exe --dont_fail_on_config_preserving_failures -t "site-token-in-quotes" /qn

Do make sure the site token is in quotes.

Categories:      

==============

Apple services ports and hosts, for firewalls
article #1433, updated 163 days ago

Ports:

support.apple.com/en-us/HT202944

Hosts:

support.apple.com/en-us/HT210060

Categories:      

==============

UPS software for Emerson, Liebert, Vertiv
article #1542, updated 164 days ago

Works well, much better than the old Liebert/Emerson. Register for the web site to download the free-of-charge version. USB and Ethernet.

www.vertiv.com/en-us/products-catalog/monitoring-control-and-management/software/vertiv-power-assist/

Categories:      

==============

Sync AD to DCs and Azure
article #1346, updated 164 days ago

In one swell foop, sync your AD to other domain controllers and Azure. Paste this into administrative Powershell, on the domain controller which does your Azure sync:

repadmin /syncall /AdeP
Import-Module ADSync
Start-ADSyncSyncCycle -PolicyType Initial

And here is the same command set, suitable for a batch file to be run as administrator:

repadmin /syncall /AdeP
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command ^
"Import-Module ADSync; Start-ADSyncSyncCycle -PolicyType Initial"

And one more, also a batch file, transmitting only to Azure, without the LAN-LAN AD sync. Needed when the synchronizer is not run on a domain controller:

@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command ^
"Import-Module ADSync; Start-ADSyncSyncCycle -PolicyType Initial"

Categories:      

==============

A new Windows TCP/IP standard, preventing Windows Port Exhaustion
article #1556, updated 178 days ago

It appears that there is a new standard of Microsoft Windows TCP/UDP port setup. Their doc is here:

learn.microsoft.com/en-us/troubleshoot/windows-client/networking/tcp-ip-port-exhaustion-troubleshooting

I landed there because I saw event log items 4227, tcpip, “TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate…”

If you see lots of those events, or don’t, this paste gets us to the new standard:

netsh int ipv4 set dynamic tcp start=49152 num=16384
netsh int ipv4 set dynamic udp start=49152 num=16384

To see your current settings:

netsh int ipv4 show dynamicport tcp
netsh int ipv4 show dynamicport udp

And if you want to combine the above with full disable of NETBIOS and related:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }
Get-WmiObject Win32_NetworkAdapterConfiguration | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')
$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
$nicall.enablewins($false,$false)
netsh int ipv4 set dynamic tcp start=49152 num=16384
netsh int ipv4 set dynamic udp start=49152 num=16384

Categories:      

==============

Waydroid: Android in a Linux container
article #1558, updated 180 days ago

Haven’t tried it yet, but frankly, this is rather extremely cool if you do Linux:

waydro.id/

Categories: