Series: Security testing

Series: Security testing

Purpose:

  • Analyze various malware [viruses, trojans, keyloggers] in sandbox environment
  • Penetration testing [web applications, system testing]
  • Intrusion prevention/ detection system deployment, usage and testing
  • Vulnerability management
    • Testing vulnerability management solutions
    • Testing vulnerabilities them selves
  • Policy compliance

Continue reading “Series: Security testing”

Series: Gaining some Linux traction

Series: Gaining some Linux traction

Purpose:

  • Delve into Linux system administration
  • Practice installation, configuration, and other package/ program management tasks
  • Test networking and security
  • Gain additional experience in administering *nix systems
  • Enjoy VIM and try out EMACS
  • Gather some scattered knowledge
  • enjoy while building, breaking and fixing

Continue reading “Series: Gaining some Linux traction”

Series: Compact corporate environment

Series: Compact corporate environment

Purpose:

  • troubleshoot common problems found in complex environment
  • gain additional experience
  • test new products and features
  • develop some PowerShell and Desired State configuration scripts
  • go through the design and deployment phases
  • enjoy while building, breaking and fixing

Continue reading “Series: Compact corporate environment”

FIX: Windows cannot find the Microsoft Software License Terms

So, setting up a nice Windows Server 2012 R2 machine in Hyper-V for some active directory testing.

Allocating the minimum required resources for WS 2012 R2, as seen here , and just after selecting the edition that I wanted to install [doesn’t matter if you prefer Standard or datacenter edition, with or without GUI], a greeting window appeared:

Windows cannot find the Microsoft Software License Terms
Windows cannot find the Microsoft Software License Terms

Continue reading “FIX: Windows cannot find the Microsoft Software License Terms”

Office 365 lab set up [in progress]

A useful guide for setting up an Office 365 lab for testing purposes.

Components:

  • On-premise domain controller
  • On-premise SCCM
  • Public cloud exchange server
  • Windows 10 workstation
  • Windows 8.1 workstation

Original article available here.

 

Nice readings, conversions or forums, related to the post:

  • Moving Domain controller to cloud (AWS or Azure) for a small business @ Spice Works – available here.
  • Protect Active Directory and DNS with Azure Site Recovery @ Microsoft – available here.
  • Install a new Active Directory forest on an Azure virtual Network @ Microsoft, available here.

repadmin – cli tool for AD replication troubleshooting

Some examples:

  • repadmin /bind dc1 will test basic LDAP connectivity to the targeted server
  • repadmin /showrepl DC1 will show the replication status for DC1 domain controller and
  • repadmin /showrepl * > repl-status.csv will export the information in a nice csv file. Help available at repadmin /?
  • repadmin /showrepl * > csv | ConvertFrom-Csv | out-gridview – will show the result in a nice view, without the need for Excel or Calc.
  • repadmin /replicate dc2 dc1 “dc=root,dc=contosom,dc=com” will attempt to replicate from dc1 to dc2
  • repadmin /showobjmeta dc1 “cn=dc1,ou=domain controllers,dc=root,dc=contoso,dc=com” > dc1objectinfo.txt amd repadmin /showobjmeta dc2 “cn=dc1,ou=domain controllers,dc=root,dc=contoso,dc=com” > dc2objectinfo.txt will get you the replication meta information for a specificed object, stored in the AD. Its useful for troubleshooting some replication errors like -2146893022, 8614 amd 8606. It can show you if there is a difference in the *pwd* versions. If such exists, it will be useful to check the event viewer -> Windows Logs -> System -> Kerberos Error

Active Directory/ Windows environment troubleshooting toolbox

A small collection of useful programs, applications and mmc’s that can be of use, when your Active Directory isn’t cooperating and working as designed, or trying to find that small problem in the environment, that has been bothering you for quite some time.

Post in progress, regularly updated.

Continue reading “Active Directory/ Windows environment troubleshooting toolbox”

Fixing Active Directory Problems

To make the life of admins easier, Microsoft has put together a convenient step sequence, which can be found here. It shows what needs to be done and what tools are available for this troubleshooting. Even if those tools are windows centric, the event flow is quite general and can be used for pretty much all system troubleshooting activities.

In general, it goes like:

  1. Check the networking [dhcp, dns, ports, firewalls, etc. ]
  2. Check the domain controllers [event viewer, dcdiag, resources, etc]
  3. Check authentication [netdiag, netsetup.log]
  4. Check Access control [Netdom, net view, etc.]

Additional resources:

  1. Diagnosing and Troubleshooting Active Directory Problems – https://technet.microsoft.com/en-us/library/cc961826.aspx
  2. https://redmondmag.com/articles/2009/07/01/6-tips-for-troubleshooting-active-directory.aspx

Establish remote PowerShell session

Imagine, you are working on perfectly good workstations, enjoying your GUI and you get a task to perform some maintenance on Windows Server, that has the “User interfaces and infrastructure” feature removed.

One way is to utilize PowerShell, the task automation, and configuration management framework developed by Microsoft about 10 years ago.

So to initialize remote PowerShell session, it takes:

  1. On the targeted server/ computer type:
    1. Enable-PSRemoting -Force //will change the needed configuration settings
    2. Or you can set a GPO, as shown here.
  2. On your machine enter:
    1. $cred = Get-Credential // get your domain credentials
    2. $rhost=”olp-dc2″ // setting the value for remote host
    3. Enter-PSSession -ComputerName _._.com -Credential $cred // fill out the computer name and the name of the user you want to use
    4. hostname // to check if you are running PowerShell in the host
    5. Get-PSSession //
    6. Enter-PSSessionComputerName _._.com -Credentials $cred // to switch to another PowerShell session
    7. Exit-PSSession // will kill the PowerShell session, as well as typing just exit
    8. Get-PSsession $computer-name // will show you the ongoing sesions
    9. Or just type exit to leave the session.

And as visable, powershell wont let you forget which session you are working in right now :).

You can see the on which the session is running in the begining of each row,
The result of Get-PSSession for the server in use.
overview of remote PowerShell

Aditional examples, can be found here and here.

Installing PowerShell on RHEL/Fedora/CentOS based systems

Even that it may sound unusual, there are occasions when you would prefer to install PowerShell on Linux systems. For example – like me, you have access to several Linux system for practicing and no windows server/ workstations. Thanks to Microsoft’s “love for Linux”, during Satya Nadella’s reign, it’s quite easy.

 

  1. Add the PowerShell repository:
    1. curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/microsoft.repo
  2. Update the repo
  3. Install PowerShell
    1. yum install powershell
  4. Launch PowerShell:
    1. powershell
  5. Enjoy 🙂