miércoles, 28 de diciembre de 2022

WINDOWS. Scheduled Task. Delete logs

Purpose

Create a scheduled task to delete old logs on the server

Information

This commnad don't need install 

Steps

Connect to server, open Windows scheduled tasks

Create a basic Task:


Specify the SYSTEM user.


Create action:


COMMAND:   gci 'C:\inetpub\logs\LogFiles' -Include '*.log' -Recurse | ? LastWriteTime -LT (Get-Date).AddDays(-60) | Remove-Item

*gci alias is Get-ChildItem

by GoN | Published: December 28 2022 | Last Updated:

MONITORING. NAGIOS. Range alerts.

Purpose

How to specify parameters system value range in one alert.

Information

For example I want monitoring the AD Servers time when there are 30 secons of diference with the DC. This 30 secons could be positives or negatives diference.

Critica: -c -60:60
Warning: -v -30:30

Steps


by GoN | Published: December 28 2022 | Last Updated:

martes, 27 de diciembre de 2022

WINDOWS. Register-ScheduledJob. Scheduled Task. Restart Server

 Purpose

Create a scheduled task to reboot one server

Information

This commnad don't need install 

Steps

Connect to server, open power shell windows and write:

COMMAND: 

Register-ScheduledJob Reinicio {Restart-Computer -Force} -Trigger (New-JobTrigger -At 22:00 -DaysOfWeek "Friday" -weekly) -ScheduledJobOption (New-ScheduledJobOption -RunElevated)

This command add to system one new task, you can verify and finished of planning opening scheduler task and...

Path: \Microsoft\Windows\PowerShell\ScheduledJobs


Change to SYSTEM user:


For delete task from Ps: Unregister-ScheduledJob Reinicio 



Other examples:

Daily

Register-ScheduledJob Reinicio {Restart-Computer -Force} -Trigger (New-JobTrigger -At 22:00 -Daily) -ScheduledJobOption (New-ScheduledJobOption -RunElevated)

 Weekly

Register-ScheduledJob Reinicio {Restart-Computer -Force} -Trigger (New-JobTrigger -At 22:00 -weekly) -ScheduledJobOption (New-ScheduledJobOption -RunElevated)

 Other option:



by GU | Published: December 27 2022 | Last Updated: January 9 2023

sábado, 10 de diciembre de 2022

WINDOWS. Security. Microsoft Safety Scanner. MSERT

 Purpose

Check my computer to find and remove malware from Windows computers.

Link:

 https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/safety-scanner-download?view=o365-worldwide&s=03

Information

This tool don't need install you can download and execute, is an antivirus support tool

Steps

Download and execute








by GoN | Published: December 10 2022 | Last Updated:

martes, 22 de noviembre de 2022

WINDOWS. PS. Retrieve PowerShell History

Purpose

How to know the command execution history after restarting a PC

This information don't erase when the machine was rebooted


COMMAND: 

get-content C:\Users\*\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt

by GoN | Published: November 22 2022 | Last Updated:

viernes, 4 de noviembre de 2022

Networking. Nmap Online Port Scanner

 Purpose

Check Online the IP/DNS ports with this 3 web pages.

URL: https://hackertarget.com/nmap-online-port-scanner/

URL: https://nmap.online/

URL: https://www.nmmapper.com/sys/networkmapper/nmap/online-port-scanning/


[hackertarget.com]

This Nmap version only check the 10 common TCP ports (-sV)  enabled


Example


[nmap.online]


This Nmap version only check the 1 host per day

Example

[www.nmmapper.com]

URL: https://www.nmmapper.com/sys/networkmapper/nmap/online-port-scanning/



by GoN | Published: November 04 2022 | Last Updated:

jueves, 13 de octubre de 2022

WINDOWS. PS. Migrating FRS to DFSR

 Purpose

Migrate the old AD replication DFS (Distributed File system) to the new DFSR (Windows 2012/2016/2019)

Information

We migrate in a Windows 2012R2 DC of DFS to DFSR.

Each step can take several minutes.

Steps

[1]

COMMAND: repadmin /replsummary

Comments: Check al DC are synchronized OK

[2]

COMMAND: dfsrmig /setglobalstate

Comments: Check the initial migration statuts

[3]

COMMAND: dfsrmig /setglobalstate 1

Comments: Start the process


[4]

COMMAND: dfsrmig /getmigrationstate

Comments: check the process



You can used this command in all step to check the status process, it isn't any impact.

[5]

COMMAND: dfsrmig /setglobalstate 2

Comments: REDIRECTED migration SYSVOL to SYSVOL_DFSR.

[6]

COMMAND: dfsrmig /setglobalstate 3

Comments: Pass to Eliminated 

[7]

COMMAND: various commands

Comments: Verify in all servers





by GoN | Published: October 13 2022 | Last Updated:

miércoles, 13 de abril de 2022

DMZ. Share LAN Windows folder with DMZ Linux Server

 Purpose

Share a folder in one LAN Windows File server with a Linux Web Server in a DMZ.


Information

Web Server in DMZ:  192.168.89.55  - Linux

File Server in LAN:  192.168.79.71  - Windows

Open DMZ ports: 445, 137,138,139  - In a DMZ Firewall

Domain Windows: MyDomain


Steps

[ ] Share a Folder in a Windows server

We have read permission to user: svcwebserver

Name Server: WindowsServer1

Share Folder: FoldertoRead1


[ ] The server in DMZ need CIFS installed

Command: apt-cache search cifs-utils


Command: apt-get install cifs-utils


[ ] At DMZ Web Server we need create a folder to mount the Window File server share folder.

Command:  Sudo mkdir /mnt/FoldertoRead2

[ ] In the DMZ Web server. Mount the LAN share folder

Command:  sudo mount -t cifs -o vers=2.0,username=svcwebserver,domain=Mydomain,password=HolaHola //192.168.89.171/FoldertoRead1 /mnt/FoldertoRead2

[ ] In the DMZ Web server. For check

Command: df-h 


 [ ] Automatic Mount in DMZ Server

Edit /etc/fstab -> Sudo nano /etc/fstab

Add the text: 

//192.168.89.171/FoldertoRead1     /mnt/FoldertoRead2      cifs    vers=2.0,username=svcwebserver,domain=MyDomain,password=HolaHola,nofail  0       0


by GoN | Published: April 13 2022 | Last Updated:

miércoles, 9 de marzo de 2022

WINDOWS. PS. Eventvwr insert event

 Purpose

Write a event into Windows eventViewer. It is very util to register some task.

Dificulty: Low 

COMMAND:

if(-not([System.Diagnostics.EventLog]::SourceExists("MySourcex"))){
    New-EventLog -LogName 'Application' -Source 'MySourcex'
}
Write-EventLog -LogName 'Application' -Source 'MySourcex' -EventId 6123 -EntryType Information -Message 'Check Test Log 66123 GoB'



References:

 https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.eventlog.sourceexists?redirectedfrom=MSDN&view=dotnet-plat-ext-6.0#overloads

 https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/write-eventlog?view=powershell-5.1


by GoN | Published: Mar 9, 2022 | Last Updated: 

martes, 1 de marzo de 2022

WINDOWS. PS. List install program

 Purpose

Check the software install in the Windows computer

Dificulty: Low

COMMAND: Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, Publisher, DisplayVersion, InstallDate | Format-Table -AutoSize 

Description: All software install


COMMAND: Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | where {$_.DisplayName -Like "AMD*"} | Format-Table -AutoSize
 

Description: Software install with "AMD" in the description

  
 by GoN | Published: Mar 1, 2022 | Last Updated: 

lunes, 17 de enero de 2022

WINDOWS. PS. History Command

 Purpose

Chek the last commands introduces at the PS console.

Dificulty: Low


Steps
 
Command: Get-History
 

For clear this list:

Command: Clear-History
 
Other options:
 
Command: Get-History | Select ID,Commandline

 
 
Command: Invoke-History 3


Command: Get-History | Format-List -Property *
 
 
Command: Get-History |  Select-String -Pattern "list"
 

 
 
 

by GoN | Published: Jan 17, 2022 | Last Updated: