Category Microsoft

Configuration was :

ESXi 6.7 – vSphere handling all the port groups tagged with VLANs

Firewall – CISCO ASA

Problem : New ESXi 6.7 hosts. A virtual machine if on the same host and vSwitch could communicate no problem. However if a virtual machince was communincating with another virtual machine on another host on a different, subnet they were unable to communicate between subnets and hosts. Both virtual machines could ping their local gateways. Firewall, CISCO ASA was just dropping all packets and showing the following error

Error on the Firewall when capturing ping traffic “No source port  on ping “Error (Type 8, Code 0), Denied ICMP type=8, code=0”

Solution

Sometimes its the simple tick box on the Firewall / ASA config

“Enable traffic between two or more interfaces which are configured with the same security levels”

All traffic started communicating and the virtual machines could talk between the subnets as per the rules on the Firewall.

#DSQuery

dsquery user -name “*” -limit 0 | dsget user -samid -hmdir -hmdrv -profile >c:\temp\usersV2.txt

#PowerShell # More flexibility # Includes the state of the computer account (Enable or Disabled)

Get-ADUser -Filter * -Property Name,CanonicalName,CN,DisplayName,DistinguishedName,HomeDirectory, HomeDrive,SamAccountName,UserPrincipalName | export-csv -path (Join-Path $pwd HomeDrive.csv) -encoding ascii -NoTypeInformation

Challenge : How to make a backup of a SQL 2008 database without knowing any working credentials.

Log on to the Windows 2008 R2 server running SQL Server 2008 as a domain admin.

Launch SSMS (SQL Server Management Studio)

Issue the windows credentials have no permissions and there were no obvious groups in AD (Active Directory) which would have access.

So…back to basics…..

PS tools to the rescue

….………………………………………………………………..

Download PS Tools https://docs.microsoft.com/en-us/sysinternals/

Store in c:\temp\

The tool to use is PSexec

Launch command prompt

Browse to c:\temp

Type : psexec -i -s SSMS.exe

This will launch SSMS (SQL Server Management Studio) as system. By luck would have it, window auth under “system” has full SA rights in SQL 2008.

I can then connect to all databases and compete the backups. I can then also check the security permissions for users

#Remove directory in a batch file

#

rmdir /S /Q “C:\test\”

Map network drives to the correct locations

Run CMD as Administrator

Mirror file & directories and output detail to text file
robocopy E:\….. z:\…. /MIR /S >c:\temp\detail.txt

 import-module activedirectory

#List all users in the domain

# Display Name and Email Address

get-aduser -Filter *  -SearchBase “dc=Test,dc=com” -Properties Displayname,emailaddress | select displayname ,emailaddress | Export-Csv C:\temp\users_and_email.csv   

Troubleshooting Windows Updates #Windows 10 #Windows 2016

Windows Update Log

PowerShell command to check the Windows Update log

• Get-WindowsUpdateLog

Check Registry Keys

Run command prompt as adminitrator and paste these query registry keys in to see what your client has set for Windows Updates.

• reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /s

• reg query HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Update

• reg query HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings

Check CBS Log

Find the Component-Based Servicing log here.

• C:\Windows\Logs\CBS

# Get a list of users which have logged on to the domain in the last 7 days

$Date = (Get-Date).AddDays(-7)

Get-ADUser -Filter {LastLogonDate -gt $Date} | Select distinguishedName

# script to find all AD users who have the “cannot change password” box checked in a specific OU

# Windows Server 2016

# Powershell

Get-ADUser -Filter * -Properties CannotChangePassword -SearchBase “OU=specificOU,DC=TEST,DC=com” | where { $_.CannotChangePassword -eq “true” } | Format-Table Name, DistinguishedName

Script options

• Move only files under 60days old
• Move files older than 60days
• Move files back
• Move files older than 182 is number of days (6 months roughly)
• Move only files under 60days old

Parameters

• /MAXAGE:n :: MAXimum file AGE – exclude files older than n days/date.
• /MINAGE:n :: MINimum file AGE – exclude files newer than n days/date.
• /copyall /s  :: copys all sub folders and moves files to the folders
• /mov Moves files, and deletes them from the source after they are copied.
• /move Moves files and directories, and deletes them from the source after they are copied.  (note the MOVE option will fail if any files are open and locked)

Examples:
Move only files under 60days old
robocopy c:\temp c:\temparchive /mov /MAXAGE:60 /copyall /s >c:\temp\FileUnder60daysMoved.txt

Move only files under 60days old back 
robocopy c:\temparchive c:\temp /mov /MAXAGE:60 /copyall /s >c:\temp\FileUnder60daysMovedReturned.txt

Move files older than 60days
robocopy c:\temp c:\temparchive /mov /MINAGE:60 /copyall /s >c:\temp\FilesOver60daysMoved.txt

Move files older than 60days back
robocopy c:\temparchive c:\temp /mov /MINAGE:60 /copyall /s >c:\temp\FilesOver60daysMovedreturned.txt

182 number of days (6 months roughly)
robocopy c:\temp c:\temparchive /mov /MINAGE:182 /copyall /s >c:\temp\FilesOver182daysMoved.txt

Deletes the original directories after moving
robocopy c:\temp c:\temparchive /move /MINAGE:60 /copyall /s >c:\temp\FilesOver60daysMoved.txt

Microsoft examples in more detail
https://social.technet.microsoft.com/wiki/contents/articles/1073.robocopy-and-a-few-examples.aspx#Move_files_over_14_days_old