howto

Install VMware Tools Windows Server 2016 Core

I just completed my install of Windows Server 2016 Core as a guest in my VMware Lab. Now that this has been completed the next step is for me to install the VMware tools so that I can take advantage of various features; specifically, template deployment with customization options

About:VMware:Tools: VMware software tools enhance the performance of the guest operating system and improve the management of the virtual machine guests operating systems.

How to install:

  1. Select your VM from vCenter and select ‘Guest OS > Install VMware Tools
    This mounts the VMware CD Image containing the installation files
  2. Inside the guest machine type ‘powershell’
    This will drop you from the command shell to powershell prompt
  3. Next type the command Get-PSDrive
    This will return the drives attached to the system
  4. Change to the drive that the VMware tools are currently mounted
    In my case, this was drive letter “D”
  5. Issue the command .\setup64.exe to start the install process

    Note: issuing just setup.exe or setup64.exe will end in an error as Windows poweshell does not load commands such as this by default 
  6. Follow the steps of the VMware tools installer and restart when completed.

 

Ref: http://jermsmit.com/howto-install-vmware-tools-on-windows-server-2102-r2-server-core/

Network Wide Ad & Malicious Website Blocking | Pi-Hole

For a few months now I have used the software package named Pi-Hole as an internal network DNS server to prevent ad sites in addition to malicious websites from being accessible form compute resources on my home network.

Pi-Hole is a small install that can be installed on any Linux system and it works like a charm.

Install is simple, just run the following command:

curl -sSL https://install.pi-hole.net | bash

Answer a few questions about how you would like the software configured and your up and running.

This is a very useful software this gives you many options to report on the activity of the systems on your network and what connections were requested and those blocked.

For more information and details please visit: https://pi-hole.net/

The following video also shows the installation process via a Putty SSH session.

 

Malicious Listsused to block phishing, and malware sites

 

https://v.firebog.net/hosts/Airelle-hrsk.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
https://mirror1.malwaredomains.com/files/justdomains
https://hosts-file.net/exp.txt
https://hosts-file.net/emd.txt
https://hosts-file.net/psh.txt
https://mirror.cedia.org.ec/malwaredomains/immortal_domains.txt
https://www.malwaredomainlist.com/hostslist/hosts.txt
https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
https://v.firebog.net/hosts/Prigent-Malware.txt
https://v.firebog.net/hosts/Prigent-Phishing.txt
https://raw.githubusercontent.com/quidsup/notrack/master/malicious-sites.txt
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
https://v.firebog.net/hosts/Shalla-mal.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Risk/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

 

*Update*

Almost 50% of my home network traffic is junk, and so is yours. Do something about it, because your privacy is being taken from you and sold.

https://lnkd.in/eASeWW5

Check Point: Enable SSL Encryption for LDAP Accounts

Background:

Check Point users faced an issue when they wanted to change their expired passwords when logging into to the VPN via the SecureClient. Although they had been prompted to change password their attempts were not successful.

I did some investigation into this and discovered that SSL needs to be allowed for LDAP communication for credentials changes.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk40735

 

Symptoms

  • SecureClient user unable to change password when it expires while authenticating through LDAP server.
  • Error seen in Log Viewer: “reason: Client Encryption: Failed to modify password, LDAP Error.”
  • Error seen on SecureClient: “Negotiation with gateway <gateway_name> at site <site_name> has failed. Failed to modify password, LDAP error.”

 

Cause

Windows AD is denying changing passwords over unencrypted channel.

 

Solution

1. Enable SSL Encryption in the LDAP Account unit. Select ‘Manage –> Servers and OPSEC Applications –> LDAP Account Unit‘.

2. Under the Servers tab, after completing General tab, select Encryption tab.

3. Select “Use Encryption (SSL)“.

4. Port will be 636.
5. Fetch the server’s fingerprint.

6. Click “ok“, to save “ok” to exit LDAP Account Unit Properties
7. Click “close” on Servers and OPSE Applications

 

Tech Short: How To Change The MTU – Server 2016

 

Troubleshooting an application issues which could possibly be network related.  I found myself needing to make some adjustment to the maximum transmission unit (MTU) setting of my server.  As such what better time to post a quick technical short on how to go about doing this.

 

How To Change The MTU – Windows Server 2016

Requirements:

  • Logon and Administrator permission on Server
  • Network Connectivity
  • Time to reboot

 

Procedure:

From the desktop of your Windows Server 2016 server open an Administrative command prompt by Right-Clicking on the start button and select  – Command Prompt (Admin).

Once in the command prompt you we be using netsh to determine the IDX of the installed interface devices. this is performed by using the following command:  netsh interface ipv4 show interfaces

Take note of the IDX interface that you would like to change the MTU on as this is what we need to specify when changing the MTU settings.

Using netsh again you issue the following command: netsh interface ipv4 set subinterface “number-goes-here” mtu=1400 store=persistent

Please note that the subinerface will be the IDX number from the first netsh command and that the MTU setting is a value less than the original 1500.

Now you can reboot to have the changes take effect.  I have also noticed the disabling the interface and  re-enabling also works.

 

 

Install Windows Server 2016 Step by Step

There may come a time that you may need to install Windows Server 2016.
Here I will provide a high-level step by step on this installation process.

Requirements:

Windows Server 2016 Installation media (DVD, USB flash, WDS, etc.)
Installation Target (Computer, Server, Virtual Machine)
Keyboard (Mouse is optional)

Video Example of Installation:

Installation Steps:

Power on Installation Target (Computer, Server, Virtual Machine), specify the language, time zone and keyboard or input method then, click Next.

Click Install now on the Windows Setup screen.

Enter your license key or click “I don’t have a product key”.
This option is normally chosen when you have a local KMS host used to activate the Windows Installation

Select the desired Windows Server edition, Click Next.

Accept the license terms by placing a check in the box, then click Next

On the next screen choose “Custom” install. This is for clean installs of the Windows OS

Select the disk, you want to install the widows on, click Next

The installation will copy files and install the base features and updates. When complete the computer will reboot. After your restart, you will be asked to compose a secure password. Once completed you will be able to log into your Windows 2016 Server.

Job well done.