How to transfer file or folder without FTP and VPN to Remote Servers?

Or, Using local resources feature of windows to transfer files/folder between two remote servers

Descriptions: Want to copy some files/folders to some remote servers but don’t have VPN connection, don’t have any FTP too....???? No worries...Your windows machine is self-capable for doing it...

Let’s see, how???

It’s possible from windows RDP (Remote Desktop Protocol).

Steps:

Go to Run > Type MSTSC > Press Enter > Enter your Server Name or IP > Click on "Show Option" as shown in below screenshot:

Now click on "Local Resources" as shown in below screenshot:

Now click on "More Option" as shown in the below screenshot...

Now select any drive in which you have data which need to be transferred to the remote location, as shown in below screenshot:

Click on "OK" button > Click on "Connect"

Now you will be prompted for user name and password of the remote server, please enter user name and password of the remote server and hit ENTER...

You are done now, once you are connected with that remote server, you can see that your local drives are appearing in the remote server's "My Computer" drives list.

You can browse your attached local drive on that remote server as you browse local drive partitions.

It’s cool, isn't it...?

Cheers, please write me back if you have any query or feedback.

How to check computer’s Group Name in WSUS?

Or, In WSUS instead of going to each computer groups, is there a way to search a computer and see in which computer group its part of?

Descriptions: Yes, you can check it by reviewing the membership information of the machine you are referring to.

Steps:

Search the computer > Right Click on the computer name > Click on Change Membership

See the check mark appearing in front of the group name, this is the Group from which the searched computer belongs to.

If the Checkmark is appearing on two or more Groups, means this machine belongs to multiple groups.

Hope it Helps...

Cheers, please write me back if you have any query or feedback on this.

Can we use DHCP without AD or DNS?

Or, Is there any dependencies of DHCP server on AD or DNS?

DHCP server has no dependencies on DNS or AD servers. It can be used for workgroup environment too.

You should have IP subnets with you to create a DHCP scope...

Cheers…Hope it helps…

Apply Startup script locally on windows machines

Or, How to apply/execute logon script locally for a single user in Windows Machine?

Simply, Go to the start-up folder of the specified user’s profile and past your created script file there. Once the specified user will login next time, the script will be executed.

Go to the below-given folder path:-

C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Past your script file here that you want to be executed at start-up.

Hope it helps, write me back if you have any query or feedback on this.

Windows Patches for Meltdown and Spectre remediation

Or, All you need to know about windows patches for Meltdown and Spectre vulnerabilities

Or, Microsoft Windows Operating Systems Patches for Meltdown and Spectre Vulnerabilities

Descriptions

Microsoft's process for releasing Windows updates addressing Meltdown and Spectre has been a good and well as problematic causing high-profile incompatibility issues with third-party antivirus (AV) software and AMD processors. In some cases, delivery of the latest security update has been restricted or suspended by Microsoft.

Reference MS Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

More details and direct download links to the updates below:  

• Windows 10 Various Versions
• version 1507 — KB4056893 (issued 1/3/18)
• version 1511 — KB4056888 (issued 1/3/18)
• version 1607 — KB4056890 (issued 1/3/18)
• version 1703 — KB4056891 (issued 1/3/18)
• version 1709 — KB4056892 (issued 1/3/18)

• Windows 8 and Windows Server 2012
• Windows 8.1 and Server 2012 R2— KB4056898 (issued 1/3/18)
• No patches available for Windows Server 2012 non-R2 version
• Windows 7 and Windows Server 2008
• Windows 7 SP1 and Server 2008 R2 SP1 — KB4056897 (Security only, issued 1/3/18)
• Windows 7 SP1 and Server 2008 R2 SP1 — KB4056894 (Monthly rollup, issued 1/4/18)
• No patches available for Windows Server 2008 non-R2 version

What they addressed in these fixes

• Spectre variant 1, bounds check bypass (CVE-2017-5753)

• Meltdown, rogue data cache load (CVE-2017-5754)
  
  UPDATE (1/17/18): As readers have pointed out, it appears Windows patches for 32-bit systems (x86-based systems) do not provide Meltdown mitigations.
  Per Microsoft:

The existing 32 bit update packages listed in this advisory fully address CVE-2017-5753 and CVE-2017-5715, but do not provide protections for CVE-2017-5754 at this time. Microsoft is continuing to work with affected chip manufacturers and investigate the best way to provide mitigations for x86 customers, which may be provided in a future update.

What they don't address in these fixes:

• Spectre variant 2, branch target injection (CVE-2017-5715) — firmware updates are required to fully address Spectre variant 2. 

Known issues with AV agents (also explained in MS Advisory):

• AV compatibility issues: During tests, Microsoft discovered that a compatibility issue with "a small number of antivirus software products" was causing system crashes. As a result, the company has made delivery of the Windows security updates linked to above contingent on the presence of a special registry key, which it has instructed all AV vendors to add to customer devices only after they've confirmed their products are compatible.
  
  This deserves reiterating — Microsoft will not deliver the Windows update unless the following registry key exists (more details here):

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD”

Data="0x00000000”

This has created a lot of confusion, especially since the response from AV vendors has varied, with some setting the registry key for their customers and others recommending users set it, themselves, manually. The situation only gets more complicated considering many organizations have more than one AV solution installed. 

Update: Microsoft has clarified that Windows Defender Antivirus, System Center Endpoint Protection, and Microsoft Security Essentials are compatible with the update and do set the required registry key.

That means as long as you have one of these built-in Microsoft protections enabled the registry key should be set automatically — no further, manual action should be necessary. 

Be careful: If you are using third party software that Microsoft offically recognizes as AV, it is important to note that, by default, Windows Defender and Microsoft Security Essentials will turn themselves off. That means the registry key won't be added unless you or your AV actively do it. 

It’s better approach that, you first reach out to your AV vendor and ask for AV update/upgrade patches which ensures the compatibility with these MS updates. After installing AV patches, you should proceed with windows patches installation for smooth deployment. This means not that, you can’t update windows patches without updating AV.

Some Additional References:

ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Question: I have an AMD-based device and compatible antivirus software, but I am not getting the January 2018 Windows Security Update. Why is that?

Answer: Microsoft has received reports that some devices using certain AMD processors can enter an unbootable state after installing the January Windows security updates. To prevent this, Microsoft has temporarily suspended automatically sending the following Windows security updates to devices with affected AMD processors:

·         KB4056892

·         KB4056891

·         KB4056890

·         KB4056888

·         KB4056893

·         KB4056898

·         KB4056897

·         KB4056894

·         KB4056895

Microsoft is working with AMD to resolve this issue and to resume offering Windows security updates to the affected AMD devices via Windows Update and WSUS as soon as possible. For AMD device-specific information please contact AMD.

Server Operating Systems (Affected Table):

https://support.microsoft.com/en-in/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

Operating system version	Update KB
Windows Server, version 1709 (Server Core Inst..)	4056892
Windows Server 2016	4056890
Windows Server 2012 R2	4056898
Windows Server 2012	Not available
Windows Server 2008 R2	4056897
Windows Server 2008	Not available

Windows Client:

https://support.microsoft.com/en-in/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

AV Agent Relational Advisory by MS:

https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software

Unbootable state for AMD devices in Windows 8.1 and Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4073576/unbootable-state-for-amd-devices-windows-8-1-windows-server-2012-r2

Reference KBs

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4073576

KB4073576 is not applicable for Intel platform

KB4073576 is applicable for Client machines on Windows 8.1 AMD platform

Cheers, Please write me back if you have any feedback or suggestions..

Error 2203. An Internal Error Occurred” During Office 2010 Setup

Or, MS office 2010 installation error 2203 on windows server 2008

One my reader reported that, he faced this error while installing MS office 2010 on Windows Server 2008.

The below workaround resolved the problem...

This might help you too...

Login as Administrator > Click Start > type Run > Type msconfig and press Enter > In General tab click on Selective Startup > Uncheck the Load Startup Items check box > Go to Services tab, select Hide all Microsoft Services, and then click Disable All > Click OK, and then click Restart.

Once system is rebooted, you may try installing MS office again, it would be succeeded.

Cheers, Please write me back if you have any query or feedback on this..

Delete temp files using group policy logon script

Or, Logon script for deleting temp files from windows directory using group policy

Or, Temp file deletion group policy for windows machines

Description: You can create a .bat file using the script given below and can use it in group policy logon script section.

Steps:

Open Notepad > Paste this script (modify the folders path as per your requirements) > save this file as tempdeletion.bat

----------------------------------------------------------------------------------------------------------------------
set folder="%temp%"

cd /d %folder%

for /F "delims=" %%i in ('dir /b') do (rmdir "%%i" /s/q || del "%%i" /s/q)

set folder="C:\Windows\Temp"

cd /d %folder%

for /F "delims=" %%i in ('dir /b') do (rmdir "%%i" /s/q || del "%%i" /s/q)

set folder="%localappdata%\Microsoft\Windows\INetCache\IE"

cd /d %folder%

for /F "delims=" %%i in ('dir /b') do (rmdir "%%i" /s/q || del "%%i" /s/q)

-----------------------------------------------------------------------------------------------------------------------

In my case, I have taken following temp directory path in the above script:

%temp%

C:\Windows\Temp

%localappdata%\Microsoft\Windows\INetCache\IE

Once you have the .bat script ready with you, you can use this script as logon script in any GPO and link with any OU as per your requirements.

Cheers, let me know if you have any query or feedback.

Windows backup and restore types explained

Or, Understanding Windows backups types and concepts

Or, Different types of backups and restore methods used in backup technologies

Or, How many types of backups are and how restoration works

Descriptions: If you are new to backup administration and want to understand the fundamentals of different backup types and use cases, this article is for you. Guys, technically for Backup Administrators, there are three types of backup Full, Differential and Incremental but generally there are five type of backups as shown below.

1. Full or Normal Backup

2. Incremental Backup

3. Differential Backup

4. Copy Backup

5. Daily Backup

Full Backup: Full backup contains full data. Whenever you run Full backup, it takes backup of all selected files and folders every time. This type of backup consumes more disk space and takes longer time to complete.

Example: If you have schedule “Full Backup” to be executed on Monday of every week and total data size of the selected files/folders is 100GB, then every week you need 100GB of HDD space or tape media space to store this backup data.

Note: To restore complete data from full backup, you need only last recent “Full Backup” set.

Differential Backup: Diff backup contains only those data which was modified or created after “Full Backup”.  Every time you run differential backup, it compares itself with last recent full backup and backs up only those files/folders that was modified or created after last recent full backup.

Example: Your last full backup was completed on Monday with 100GB backup data and your next diff backup is scheduled to be executed on next Sunday. So, in next diff backup, only those files and folders will be backed up which has been modified or created after last full backup (Monday) and before diff backup execution (Sunday).  Suppose only 2 GB of data was modified after full backup, so in this diff backup only 2GB of data will be backed up not 102GB (100GB+2GB).

Note: To restore data from “Full Backup” + “Diff Backup” scenario, you have to have one set of last recent full backup and last recent “Diff backup”.

Incremental Backup:  Incremental backup contains only those data which was modified or created after full backup but in separate backup sets. Every time you run incremental backup, it compares itself with its last backup (whether is it full or incremental).

Example: If your last full backup was completed on Monday with 100GB backup data and your next incremental backup is scheduled to be executed on next Sunday. So, in next incremental backup, only those files and folders will be backed up which has been modified or created after last backup full/incremental backup.  Suppose only 2 GB of data was modified after full backup, so in this First incremental backup only 2GB of data will be backed up not 102GB (100GB+2GB).

Next incremental backup will be backing up only those data which would be modified or created after last incremental backup. Means, if data modified between last incremental backup is upcoming incremental back is only 3GB, then the upcoming incremental backup will have only 3GB data backup.

Note: To restore complete data from “Full Backup” + “Incremental Backup” Scenario, you have to have Last recent full backup and all incremental backup sets with you.  This backup combination consumes lesser disk or tape space and take lesser time to complete but complex to restore.

Daily Backup: When you simply copy files/folders to a different location rather than original on daily basis, is called daily backup.

Copy Backup: when you simply copy your files/folder to different location rather than original on your need basis, is called copy backup.

Cheers, Please write me back if you have any query on this.

How to fix unquoted service path vulnerabilities?

Or, Unquoted service path vulnerability

Or, Mitigate unquoted service path vulnerabilities

Descriptions: Unquoted service path vulnerabilities are rated as highly critical vulnerability in windows. Don’t worry it is really very easy to fix.

If you have the vulnerability scan report with you, the report contains following information about this reported vulnerability:

Vulnerability Name: Microsoft Windows Unquoted Service Path Enumeration

Vulnerability Synopsis: The remote Windows host has at least one service installed that uses an unquoted service path.

Vulnerability Description: The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service.  Note that this is a generic test that will flag any application affected by the described vulnerability.

Vulnerability Solution: Ensure that any services that contain a space in the path enclose the path in quotes.

IMP Note: There are two stages to fix this vulnerabilities, 1. finding the unquoted path on the affected server and 2. Fixing the unquoted paths.

Steps-1: How to find the unquoted service paths

Login to affected server with administrative privileges > run CMD as Administrator > run the following command:

wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

Once the command is executed successfully, you will be able to see one or more unquoted service paths. Result may look like the below reference screenshot:

Copy all the result to a text or excel file and move to the step-2.

Steps-2: Fixing unquoted service path vulnerabilities 

Search for the unquoted registry entry of the affected service under HKLM\System\CurrentControlSet\Services registry path > Double Click the Image Path key > fix comma like “servicepath” at the beginning and end of the path

Examples:

Unquoted service path: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

Quoted service path: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

The correct quoted service path image reference:

Cheers, Please write me back if you have any query or feedback..

Automate windows servers event logs archival to network shared folder

Or, How to configure windows event logs archival path to shared folders?

Or, Archiving windows event logs to alternate path or network shared folder?

Or, Automate AD security logs archival in windows server.

Or, Move archived windows logs to network shared folder - can we automate this?

Descriptions: If you repeat it, automate it... this is the theme that works in most of the task automation process. In this article also, we are going to automate a routine task and that is ‘Windows event logs archival’. You can say it like 'archival of archived event logs to network shared shared folder' as well.

Yes, most of the administrators do it manually which is very time consuming and is always at the risk to be missed. If you are reading this article, I know you are one of the lazy administrator like me and want to get rid of this daily/weekly hustle. So let’s start it….

Scenario Details: I have an AD/Active Directory server where I have set auto archival of security event logs. Very often, the C:\ drive of the AD server reach to 90% or even 100% sometime that is really a worry point for me.

IMP Notes:

1.  By default archived logs are saved in C:\ drive of windows server at path C:\Windows\System32\winevt\Logs

2. We are going to move archived event logs to network shared folder with the help of PowerShell script

3. Auto archival of event logs are set to archive the security logs if the log file size is reached 1GB.

4. The archived event logs appears like Archive-Security-2017-06-03-xx-yy-zz.evtx

Stage-1: Prepare the PowerShell script

Copy and paste the below PowerShell command in a Notepad file > update parameters as per your environment > save this notepad file as .PS1 file

-------------------------------------------------------------------------------------------------------------------------------

$path = “C:\Windows\System32\winevt\Logs”

$extn = “Archive-Security*.evtx”

$size = 1GB

$dest = “\\fileserver01\ADlogsArchival”

get-ChildItem -path $path -recurse -ErrorAction "SilentlyContinue" -include $Extn |  where-Object {$_.Length -gt $size} | Move-Item -Destination $dest

---------------------------------------------------------------------------------------------------------------------------------

IMP Note:  Replace required path and size details with the one applicable for your environment.

Stage-2: Schedule this PowerShell script in windows task scheduler

Create a task in windows task scheduler > in Action tab fill in the details like this...

Program/script: PowerShell.exe

Add arguments (optional): -ExecutionPolicy Bypass C:\DoNotDelete\pscript\LogArchival.ps1

Note: replace the script path with the one applicable for your environment.

That’s it guys, archival of archived logs will take place automatically on scheduled time defined by you in the task scheduler. You can enjoy your coffee now onward and the script will take care of your task...

Cheers, please write me back if you have any query or feedback on this.

Explained - WSUS update "classification" list

Or, Understanding update classifications in WSUS server

Descriptions:

Update classifications represent the type of update category, for example, Critical Updates and Security Updates. This classifications criteria plays very important roles when deciding what kind of updates you are actually going to approve for your end user’s computers.

Security and critical updates categories are most commonly preferred categories for windows machines patching.

Note: Downloading Update by “Classification” or “Product” does not mean installing them to any computer. Patch installation take place on any machines only when administrator approves it or if any automatic patch approval rule is applied for any machine or machines group.

Please refer the below list of WSUS update classification category.

Patch Downloading Configuration by Classification

Cheers, Please write me back if you have any query or feedback on this.

Windows Server 2008 license activation error 0xC004E002

Or, 0xC004E002 Windows Server 2008 license activation error

Or, Unable to activate Windows Server 2008, error : 0xC004E002

Error Message:

Windows Activation

Windows Must be reinstalled "An unauthorized change was made to windows. Windows must be

reinstalled to activate. Insert the Windows installation DVD or CD into your computer to begin

reinstallation process".

Error Screenshots:

Symptom: Unable to activate Windows Server 2008, error : 0xC004E002.

Possible Reason: Network Service account missing from SoftwareLicensing folder properties

Workaround: We have to assign Network Service Account with full permission at path

C:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\softwareprotectionplatform

Solution (step by Step):

Browse the path: C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft

Right Click on “SoftwareLicensing” folder > Go to Properties > Security > Edit > Add

Type Network Services > Click OK

Give Full Permission to Network Service on SoftwareLicensing Folder > Click OK

Go to Run > Services.msc > Restart Software Licensing Service

Go to Start > Search CMD > Run as Administrator > Type Slmgr /dlv > Enter > Type Slmgr /rilc > Enter

Now you are done, you can check your Computer Properties, License status should be appearing as windows is activated...

In some environment, Activation shows genuine after a reboot...

Cheers, Please write me back if you have any query or feedback.