James Haynes

Forum Replies Created

Viewing 30 posts - 1 through 30 (of 914 total)
  • Author
    Posts
  • Avatar
    James Haynes
    Member

    i will include a quote and a link that explains the subject quite exhaustively…

    The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller. If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners.

    http://techgenix.com/active-directory-insights-part1/

    Avatar
    James Haynes
    Member
    in reply to: Active Directory Assessment/Auditing Tool #252151

    yeah, i see how this goes now. its been a long time, but i do remember how this plays out now.

    Avatar
    James Haynes
    Member

    good call. i will check that. i have been trying to do this all from behind the curtain… the money people always make me nervous and i try to stay away from their stations altogether, but you’re right, i should see the archive show up in his instance…

    i will check and report back if i cant make any progress.

    thanks!

    Avatar
    James Haynes
    Member
    in reply to: How can I restore data saved under NTFS File System? #252149

    get an ubuntu iso and make a live disk.. boot to it with another drive in place (flash, ext hdd, even an open network share will work) and crank it up.

    linux doesnt care about NTFS permissions. you should be able to pull whatever you want assuming the drive wasnt bitlocker’d or some kind of drive encryption was used.

    i use this technique for pulling data off failing drives.. windows live disk will fail on the copy, but a debian disk will pull it without issues much faster and doesnt care who’s folder it is.

    Avatar
    James Haynes
    Member
    in reply to: How to add user a remote user #252148

    2003? i would skip that and get a tech preview or register for msdn and get a copy of something made within the last, say, 10 years? you’re doing yourself a disservice by setting up a lab that would have been in production 15 years ago.

    Avatar
    James Haynes
    Member
    in reply to: Anyone tried the October 2018 (1809) upgrade? #252147
    biggles77;n518437 wrote:
    did the laptops have identical hardware in them all? Winshit 10 seems so touchy even if the a single piece of hardware is a slightly different model.

    yes, this was something i noticed. even though the laptops were the same model, the chipset and firmware rev # for the wireless adapter was slightly different between them. i had 2 different chipsets and 2 revisions of firmware of 1 chipset… and it didnt seem to like one of them at all.

    Avatar
    James Haynes
    Member
    in reply to: RDP encryption vs VPN encryption #252146

    Pre-auth, network accessible, service running as SYSTEM

    if someone should want to mess with your stuff, they can brute force the open connection. a VPN prevents the brute force logon attempts.

    if you have 30 host at one location, you can create VPN tunnels for the entire network. if the people are spread, then VPN is the way to go.

    this shouldnt be too hard if you have a sonicwall in place. idk what your contract is, but you will only get 2 seats without the full security package.

    i wouldnt doubt that you have been being hit, but just not aware of it. its usually a matter of time before people figure out the ports are open, even less when you have DNS records that resolve to that site..

    Avatar
    James Haynes
    Member
    in reply to: Moving email from SBS2011 to O365 #252145

    and do yourself a favor and pull the keys for your old office installs that get replaced on the Premium stations. it will come in handy if you have that one station using the pirated copy of Office 2003 Enterprise in the janitor closet… you can get the entire key for 2010 via a multitude of key finder apps. sometimes people see the totals and assume that you are going to move the 2010 instance over for them…

    still is fun to activate 2010 these days. :D

    Avatar
    James Haynes
    Member
    in reply to: Anyone tried the October 2018 (1809) upgrade? #252144

    that is a plus. i had a batch of Dell Latitude refurbs, came shipped with 10 refurb.. finish the process, let it sit and soak up some updates.. out of the 15 i was doing atm, only 3 of them succeeded on the first try. i was able to get it on the others after a couple attempts, didnt notice anything..

    of the ones that succeeded, it hosed the wireless adapters to the point that it was showing up 4 times in the device manager. the wireless button also stopped working… funny, cause that is a feature i would have paid extra for on some users laptops, but not in this instance.

    long story long, ended up repairing the install, scrapping the update and hoping it wouldnt push to the others with that wireless chipset.

    probably a good thing they pulled that back, it wasnt ready for production.

    Avatar
    James Haynes
    Member
    in reply to: Problems with IsDefaultGlobalAddressList #252143

    haha! thats hilarious, i never looked at the OP date! i dont think that any of the powershell lines would have worked that far back… :D

    XD

    Avatar
    James Haynes
    Member
    in reply to: Export Attributes of Users #252142

    you could try something like:

    Get-ADGroupMember -identity $($group.name) -recursive | %{Get-ADUser $_ -property displayname} | Select samaccountname,displayname | Export-CSV “C:Tempuser list.csv”
    [/CODE]

    just take the output you have that works and pipe it into the next request to end up with the attributes you are looking for. granted you will need to add the attribute handles in the above, but should work. [CODE]Get-ADGroupMember -identity $($group.name) -recursive | %{Get-ADUser $_ -property displayname} | Select samaccountname,displayname | Export-CSV “C:Tempuser list.csv”
    [/CODE]

    just take the output you have that works and pipe it into the next request to end up with the attributes you are looking for. granted you will need to add the attribute handles in the above, but should work.

    Avatar
    James Haynes
    Member
    in reply to: Single Sign-On Solution Without SAML Protocol #252141

    you can try this link, it will explain what he was saying and provide you with more information so that you can ask a useful question after you understand the process. there are several alternatives to SAML, but before you choose one you need to understand the protocol and procedure for SSO.

    http://bfy.tw/K0Bi

    Avatar
    James Haynes
    Member
    in reply to: Problems with IsDefaultGlobalAddressList #252140

    like

    Set-GlobalAddressList “GAL_MyOrgWhatever” -IsDefaultGlobalAddressList $True

    Set-GlobalAddressList “Default Global Address List” -IsDefaultGlobalAddressList $False

    ???

    you can take a look here:
    https://docs.microsoft.com/en-us/exchange/email-addresses-and-address-books/address-lists/address-list-procedures

    lots of examples and instructions on how to re-create and modify existing GAL configurations.

    Avatar
    James Haynes
    Member
    in reply to: Filezilla Password #252139

    im not sure i am following you.. so if i am not answering what i think youre asking, i apologize in advance.

    so if you have the creds stored in FZ but dont know them anymore and you would like to retrieve the password from the configs inside FZ, then you need to open the filezilla.xml file in the appdata section to get what is saved… i would type up instructions, but i am going to link you to another post where someone has already done all the work for me.

    https://programmingistheway.wordpress.com/2015/06/04/recover-saved-passwords-in-filezilla/
    https://www.groovypost.com/howto/retrieve-recover-filezilla-ftp-passwords/

    if i wasnt even close, im sorry. i think that is what you are asking…

    Avatar
    James Haynes
    Member
    in reply to: VSS Hangs in Windows Backup #252138

    ^^ agree 100% solid advice.

    disable a) Volume Shadow Copy service b) Windows backup.

    sometimes VSS gets set to manual and it fails. try setting to automatic and re-run the job and let us know if it fails

    Avatar
    James Haynes
    Member

    ok, so that being said i should actually run the import to AD, then run a secondary script on the 365 powershell.. that makes a lot of sense. it seems like the internal AD isnt getting some attributes that would normally get picked up in EMS. that makes this much easier.. granted still 2 runs instead of 1, but that may be why it was failing on the second runs internally.

    this is the biggest piece of the puzzle i think i was missing. i will give it a shot and see what happens.

    Avatar
    James Haynes
    Member
    in reply to: Postmaster Sending Spam – Recently Migrated Smart Host #252136

    proper spf dkim & dmarc records are almost required to prevent things like this from happening. im just happy that M$ is rolling out the advanced EOP stuff that used to come with the E5 to other mailboxes as well. the spoofing has gotten so effing out of hand for my 365 tenants and i hate setting up the MFA and app passwords etc.

    Avatar
    James Haynes
    Member

    i think you are correct, it seems like i have to do things in 2 stages.. and creating the accounts is the first step, then i can probably get the attributes on the second pass. i think (and im just guessing at this) the attributes have different names on each side.. like in AD its proxyAddresses and in 365 it an alias, idk.. seems like i should just be able to do it all at once, but i have not had that luck as of yet.

    i have not had any luck creating the accounts on the 365 powershell side at all.. only from AAD powershell on the local side. im just going to try to test with some csv and see if i can find some consistency to my failure. :D

    Avatar
    James Haynes
    Member

    due to the inability of the users to be trusted with accounts, i dont have write back on the 365 tenant.. the passswords sync, but i must create all user accounts from the DC. i dont really manage the tenant thru PS, just get stats and force delete users…

    hmmm. will have to figure out something for the future. thanks for the reply either way.

    Avatar
    James Haynes
    Member
    in reply to: Holyeeeee Shit! #252133

    like i needed to feel older… sheesh.

    i always preferred the x500 schema over NT4.0.. previous to NT, literally everything was Netware.. then almost overnight everyone was moving to NT. never even got a chance to play with NW5.x cause we entirely switched. groupwise and the rest of it went out the door…

    which was one of the worst migrations i ever had to do. i never realized that people used the trashcan as part of the filing system. i remember trying to use the analogy that after i make a sandwich, i dont keep it in the trash for later and if the janitor dumped my sandwich that i was keeping in the trash, i couldnt get mad because its his job to empty trash and my job to properly store things that i cared about, i.e. my sandwich or emails… but i digress.

    seems like it was just yesterday. *sigh*

    Avatar
    James Haynes
    Member
    in reply to: How do I change default gwateway of EC2 ? #252131

    did you try looking on the AWS site for the FAQ there?
    https://docs.aws.amazon.com/storagegateway/latest/userguide/create-gateway-file.html

    Avatar
    James Haynes
    Member
    in reply to: Deploy Language Pack via SCCM? #252130

    make a batch file and deploy thru logon script or GPO. with 2000 machines, you must have a domain and admin creds in addition… just use the dism line that works and append to the logon script.

    i think that trying to get your SCCM working with the little info provided exceeds the scope of what i am willing to type, so i will send some links that should be enough..

    m$ ref for dism and lang packs:
    https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-and-remove-language-packs-offline-using-dism

    interesting read on the topic:
    https://social.technet.microsoft.com/Forums/en-US/2168ec65-af2a-405d-a34a-9441f2e9e411/windows-10-1703-enterprise-offline-language-pack-installations?forum=win10itprosetup

    other articles:
    https://www.systemcenterdudes.com/inject-language-pack-windows-10/
    https://damonjohns.com/2016/08/04/setting-english-australia-language-pack-for-windows-10-enterprise/

    Avatar
    James Haynes
    Member
    in reply to: Deploy Language Pack via SCCM? #252129

    if the dism command works, then why not run it as an append on the logon script.. i am assuming this is a domain and you have the ability to manage the users in bulk via ADUC. just call a batch file with the dism line in it from your logon script. if you dont have a logon script, make one with that line in it, save as LPinstall.bat and put it in the sysvol and then assign to domain users…

    you will need the matching language pack for the edition of windows you are pushing.. another complication, so there is a lot to get into as to how to make it work with your sccm instance that would exceed the scope of what i am willing to type…

    complete m$ ref for adding LP with dism:
    https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-and-remove-language-packs-offline-using-dism

    also see:
    https://www.systemcenterdudes.com/inject-language-pack-windows-10/
    https://damonjohns.com/2016/08/04/setting-english-australia-language-pack-for-windows-10-enterprise/

    Avatar
    James Haynes
    Member
    in reply to: RAR archive is damaged. how to restore it? #252128

    there are several reasons you could get CRC fails from winrar.
    1) bad RAM. easy to check, run memcheck and make sure the RAM is good.
    2) antivirus software… try disabling and unpacking again.
    3) corrupted winrar version. try reinstalling winrar and DONT USE THE BETA VERSION

    and you know that you can still open rar up and go to file > open and then select the files you want to unrar. Then you click the “extract to” icon and check the box that says “Keep Broken Files” under miscellaneous. it will extract what it can and tell you what is fuct.

    and another option, you can use 7zip to try to open a rar archive, might work as well.

    otherwise i would say rezip the files and make a new archive.

    Avatar
    James Haynes
    Member
    in reply to: Copying the flash from a switch #252126

    i can refer to some Cisco fine print that will explain the differences… one is like a beta, the others are tried and true tested releases:

    Cisco ASA Interim Release Notes

    The software images listed below are Interim releases. They contain bug fixes which address specific issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available. If you do not have a specific problem which is resolved by an Interim release, we recommend that you use the Feature or Maintenance release images.

    Important: These images were not fully regression tested. Each individual fix was unit tested, and the image has had a limited amount of automated regression testing to confirm a baseline of functionality. Keep this testing status in mind if you decide to run them in a production environment. We strongly encourage you to upgrade to a fully tested Maintenance or Feature release when it becomes available.

    Revision: Version 9.1(7)29 – 05/04/2018

    Avatar
    James Haynes
    Member
    in reply to: join outlook pst file #252125

    the suspense is killing me.. now i have to know:

    what is the ground-breaking tool integrated with the intelligent scanning algorithms to join outlook pst file?

    :D

    i guess they dont read very much or they dont care. smh…

    but if i wanted to join two PSTs, i would just import both of them into the same data file in outlook, even without a profile, then i would export the entire thing to a single PST. no need for any special software i dont think…

    Avatar
    James Haynes
    Member
    in reply to: How to avoid the "Execution Policy Change" message? #252124

    when i run them as .ps1, i get errors like that, but if i run the .ps1 from a batch, i dont, so long as it have it like this:

    powershell -command “& {Set-ExecutionPolicy Remotesigned}”
    powershell -file C:UserswhoeverDesktopmyPSscript.ps1

    …before i call the .ps1 in the batch that i run as admin. if i want to run them as a .ps1, i have to run PS as admin and do like “Set-ExecutionPolicy -ExecutionPolicy RemoteSigned” prior.

    but im a novice at scripting. i just had that problem in the past, so i call it from a batch with the above lines and it always works without a problem no matter where i run it from (key or share or cloud) so i have continued to do it like that.

    Avatar
    James Haynes
    Member
    in reply to: AD Sync #252123

    if i am understanding you correctly, then it sounds like your needing an MIM instance…
    https://docs.microsoft.com/en-us/microsoft-identity-manager/microsoft-identity-manager-2016

    granted, its been a while since i have had the need for this type server, but when i did, i used MIIS to sync the GAL between 2 different sites to have one large city directory (i worked for local government at the time, probably a thread here about it circa 2006 or 2007). it also allowed for accounts created for new hires to come log into the desktops at our office without us having to create accounts…

    Avatar
    James Haynes
    Member
    in reply to: Copying the flash from a switch #252122

    yeah, i was assuming he meant a cisco, but that left me right where you are biggles77. copying the flash doesnt fit in that statement..

    if you are using a cisco, you can copy the configs without bothering anything.

    copy startup-config tftp:
    copy tftp: startup-config
    then either save the config with wr mem or do like ‘copy startup-config running-config’ and reload.

    Avatar
    James Haynes
    Member
    in reply to: Remote Administration and Security Program "xxxxxxxx" #252121

    :D
    i wish i had that option on my keyboard, i would totally ban clients left and right!

Viewing 30 posts - 1 through 30 (of 914 total)