Report Bad Actor Emails
article #1413, updated 1 day ago

If (when) anyone gets a bad actor email, i.e., a “phishing” scam trying to produce misdirection of funds and/or identity theft, those emails should be sent here:

reportphishing@apwg.com

and if it was sent from or arrived into a Microsoft mailbox, also here:

phish@office365.microsoft.com

Categories:      

==============

Speed Up Watchguard Firewalls
article #1412, updated 2 days ago

Here are two ways:

  1. If IPS is in use, set it to Fast Scan. This is in Policy Manager —> Subscription Services —> Intrusion Prevention Service..
  2. By default, internal certificates are not updated. If they are not up to date, they can cause slowdowns. This is in Policy Manager —> Setup —> Certificates —> Trusted CA Certificates.

Categories:      

==============

Find which servers hold FSMO roles
article #1411, updated 13 days ago

Try this:

netdom query fsmo

Categories:      

==============

Increase those wifi bars as inexpensively as you can!
article #1410, updated 19 days ago

I live in a rather congested wifi neighborhood, there are strong active wifi signals in every house in front and back and next door etcetera. Our wireless routers have all sat next to the exterior wall through which the Cox coax comes through, and for about ten years, through three different wireless router upgrades, I relied on an aluminum flashing sheet placed between the wall and the wireless router, to keep everything as good as possible. Just one room away, line-of-sight through a double doorway without doors, I’d get 3-4 bars only without that sheet. This occurred even though I would check and usually change wifi channels every 3-6 months! The wireless-only Roku is in that room next door, so problems are easy to spot.

Anyway, about a year and a half ago it was wireless-router-buying time again (it has been historically a matter of frustration factor…), and I bought one of these off of eBay:



Initially it was simply a nice, reasonably well-behaved, one-notch improvement over the previous, like all of my previous upgrades. It’s recommendable, but not the purpose of this article. I got four solid bars to the next room over despite the neighborhood, using the flashing, which is what I expected. Still only 2-3 to the bedroom to my sweet wife’s tablet, and worse upstairs. And then I remembered something. Some years before I had bought this pair:



which are standard +9 Dbi wifi antennas, for $20. I had bought them and then realized my router of the time did not have removables. They fit this one. I bought one more, a +12 DBi, to make it three. The originals were the usual stubbies about six inches long, these are more like fourteen.

Five bars in line of sight. Four bars steady everywhere else in the house, including upstairs, and just outside. No flashing anymore. And I haven’t had cause to check wifi environment at all since the better antennas went in.

Wifi devices that have removable antennas, use a very standard connector for those antennas. There are rare exceptions, but the standard is very widespread, especially for indoor models. I will not be buying wireless routers without removable antennas ever again if I have any say in it, and we’ll see if I ever need to replace these antennas!

Categories:      

==============

Time synchronization (NTP, SNTP) setup
article #37, updated 19 days ago

In Windows Server 2012 R1/2, 2008 R1/2, 7, Vista, and 2003 SP2 and later, whenever time is out of sync, it’s good to run the following two commands in an administrative command prompt (an ordinary command prompt for 2003SP2+):

w32tm /config "/manualpeerlist:north-america.pool.ntp.org 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org 2.north-america.pool.ntp.org" /syncfromflags:MANUAL /update 
w32tm /resync

If the service has not been registered, the whole canole is:

w32tm /register
net start w32time
w32tm /config "/manualpeerlist:north-america.pool.ntp.org 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org 2.north-america.pool.ntp.org" /syncfromflags:MANUAL /update 
w32tm /resync

Under Windows 2000, we need to go a bit more archaic:

net time /setsntp:north-america.pool.ntp.org
net time /querysntp

Two addenda:

  • We used to recommend just pool.ntp.org , but geoblocking has become quite common, so a more geographically appropriate setup is now the rule.
  • Do the above for domain controllers, standalone PCs, and mobile laptops. Add the domain controller’s IP to “Time Server” in DHCP, to reach desktops.

Categories:      

==============

StorageCraft Cloud Services Port Checking Utility
article #1409, updated 30 days ago

This tool, is how to make sure your firewall is set up correctly to allow StorageCraft cloud services:

https://support.storagecraft.com/s/article/StorageCraft-Cloud-Services-port-checking-utility?language=en_US

Categories:      

==============

QoS within Windows
article #637, updated 36 days ago

There are QoS settings which can be made within Windows! They work with desktop and server OSes, to set priorities on either network traffic of specific binaries, or by port and type. If you see programs or services stopping unexpectedly, stuttering, et cetera, this is good to try. Here is a basic guide in PDF:

http://notes.ponderworthy.com/file_download/12/Basic_PC_QoS.pdf

The steps:

  1. Load up MMC.EXE.
  2. Open the File menu
  3. Choose Add/Remove Snap-In.
  4. Click Group Policy Object Editor on the left.
  5. Click Add.
  6. Click Finish.
  7. Click OK.
  8. Open up Local Computer Policy, Computer Configuration, Windows Settings, Policy-based QoS. You’ll see the following, with the policy list being blank if you haven’t done this yet.



  1. Right-click on Policy-based QoS, and choose Create new policy. Set a name, and then set the DSCP value:



The DSCP value is the priority level for the policy. The range is zero through 63. Here is one common DSCP value set:

0 …………………..General Traffic, unprioritized
10 …………………Backups, file transfers, non-business applications
25 …………………Mission-critical data, including SQL, video streaming
34 …………………Video conferencing
46 …………………VoIP

Another set, not quite the same, standardized within the WMM wifi standard:

8-23 ………………Background (BK)
24-31, 0-7 ………Best effort (BE)
32-47 …………….Video (VI)
48-63 …………….Voice (VO)

The above are far from a coherent standard everywhere; one can even find lists which peak at 30. For my needs within PCs, I have been setting my critical apps at 31, important apps at 24, and not bothering with anything else. And it is needful to be conservative. If you QoS some things too high, Windows won’t be able to do background things which keep it running…like, say, the Windows desktop ☺

  1. At this point you need to decide on the type of QoS policy you are creating. You create them to work by TCP/UDP port for all applications, for application binaries of specific names, and for HTTP/HTTPS URLs.

  1. You may now choose IP address(es) to which the policy applies.

  1. And then TCP and/or UDP ports to which the policy applies. Default is TCP only.

And now you’re done with that policy, and you can create as many more as desired.

Categories:      

==============

Run CMD as SYSTEM to get around lots of different installer bugs etcetera
article #1408, updated 57 days ago

If you get PsTools, and do this:

psexec -i -s CMD.exe

you’ll get another CMD box, where the username is SYSTEM, that is to say, the hostname of the machine with a dollar sign on the right end. If the machine is on a domain, it is DOMAIN\hostname$, have not tested it on a non-domain machine yet.

One software installer recently, required that the folder containing its installer package be TAKEOWNed and ICACLSed, as that system user, before it would run to completion, it must have some odd permissions bug in it.

There are likely to be quite a few circumstances in which this special CMD can be useful.

Categories:      

==============

Export Office 365 Mailboxes to PST using eDiscovery
article #1052, updated 58 days ago

These steps change quite often, fair warning!

Steps below are as of 2021-01-04. Please note this has to be done in Internet Explorer or Edge.

First, set permissions.

  1. Browse to protection.office.com/homepage , log in as tenant administrator
  2. Click eDiscovery Manager.
  3. Open eDiscovery Administrator, and add your current admin user.

It takes one hour (as of Microsoft support 2021-01-04) for the permissions to take effect. Used to be up to 24. Afterwards, perform the export.

  1. Browse to protection.office.com/homepage , log in as tenant administrator
  2. In left pane, click Search, then click Content Search
  3. Click New Search
  4. At bottom, item Specific locations, click Modify
  5. At top left, Exchange email, click “Choose users, groups, or teams”
  6. Click “Choose users, groups, or teams” in the new window
  7. Enter mailbox email address, wait until the search results come
  8. Check the mailbox, and click Choose, then Done
  9. Click Save
  10. Click Save & run
  11. Name the query (and PST), click Save. The query will run. Don’t continue until it’s done. It will say “Status: completed” at the lower left.
  12. Click on the word “More” at the top, just to the left of the word “Sort”.
  13. Click on “Export results”. Choose options appropriately. Click Export.
  14. Click on “Exports” above that area, to the right of “Searches”. If the export does not appear, click on Refresh.
  15. Click on the export item.
  16. Click on “Download results”. A download applet will start, requiring an export key which can be copied from the browser. Paste it in, choose your download destination, and go! It can take a very long time to start, there is a long preparation phase.

Categories:      

==============

DISM Cleans Up Windows Updates and Cache
article #1158, updated 64 days ago

To see if there is cleanup to be done:

DISM /Online /Cleanup-Image /AnalyzeComponentStore

To remove obsolete and unused system files:

DISM /Online /Cleanup-Image /StartComponentCleanup

To remove obsolete and unused system files and also service pack uninstallation files:

dism /online /Cleanup-Image /SPSuperseded

To remove obsolete and unused system files and everything prior, making it impossible to reverse any patches:

dism /online /Cleanup-Image /StartComponentCleanup /ResetBase

Categories: