Enabling in-place archive after Hybrid migration to Office 365
by lunarg on October 5th 2021, at 13:11
After migrating your on-premise Exchange mailboxes to Office 365 using Hybrid method, and subsequently decommissioning your on-premise Exchange, you may run into the issue where it is not possible to enable the in-place archive for a mailbox through the online Exchange Admin Portal or ECP. Attempting to do so will trigger an error.Microsoft has released some Powershell scripts to work around the issue. You can run the scripts to enable or disable the in-place archive for a certain mailbox. The script does not need any prerequisites other than the Powershell AD module and the user running the script must have the proper permissions as outlined on the downloads page.

https://docs.microsoft.co  ...
 
Accessing Linux Samba shares from Windows 10/Server 2019
by lunarg on September 9th 2021, at 11:25
A while back, Microsoft has introduced new security defaults in Windows 10 and Server 2019, disallowing unauthenticated guest access to shares. While this is a good security best practice, it can also break Samba implementations running on Linux. Older versions of Windows (and versions with this policy disabled) can still access the shares, but with the policy in effect, connections immediately fail.

While it would be possible to disable the policy, it's not a very good idea as it is a potential security flaw. A better solution is to fix it on your Linux Samba server, which can be easily done by completely disabling guest access and enforcing SMB3 and password encryption.

Add these lines t  ...
 
Resizing vCenter VCSA disks (with auto-grow)
edited by lunarg on August 18th 2021, at 13:53
Occassionally, the vCenter may run out of disk space on a specific disk, in which case it may become necessary to resize it. While there are many articles written about resizing a disk (like this), VMware also provides a very useful auto-resize script which automatically does the work for you, significantly improving the user experience even to those who are not familiar with resizing partitions and/or LVM in Linux. The best part is that it can be done online, so no need to stop services.

Log on to the vCenter console through SSH or through VMRC using the root account. If you wish to use SSH, you may need to enable it first through VAM.

Determine which virtual disk needs resizing. VCSA use  ...
 
Workaround for Chrome/Edge v92 breaking IDS implementations (CECPQ2)
by lunarg on August 5th 2021, at 10:44
With the release of Chrome (and Edge) version 92, a new feature called CECPQ2 was introduced, hardening the TLS 1.3 keychain against brute-force attacks from quantum computers. Unfortunately, this breaks many SSL scanning (IDS) implementations on security appliances (such as firewalls). A workaround is to either temporarily disable scanning or disable CECPQ2 in the browser through a group policy (or registry key).

To turn off CECPQ2 for Chromium, create the following registry keys:

Chrome:

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome"CECPQ2Enabled"=dword:00000000

Edge:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge"CECPQ2Enabled"=dword:00000000

A browser   ...
 
Consolidate snapshots from PowerCLI
by lunarg on July 15th 2021, at 14:50

Occassionally, it may be necessary to perform disk consolidation. If you have a lot of VMs which need consolidation, it can be tedious to do this in the webclient. Fortunately, it's also possible to mass-consolidate via PowerCLI.

Install and log in using PowerCLI.

To show which VM's need consolidation, run:

Get-VM | ? {$_.Extensiondata.Runtime.ConsolidationNeeded}

To actually perform disk consolidation, run:

Get-VM | ? {$_.Extensiondata.Runtime.ConsolidationNeeded} | % {$_.ExtensionData.ConsolidateVMDisks_Task()}
 
Cylance silent install options
edited by lunarg on June 23rd 2021, at 16:17
Here's a list of common installation options for Cylance. Note that they can also be used with the Cylance Unified installation MSI. Replace <PIDKEY> with the tenant's installation key.

New tenant installation (so Cylance will be running in "learning mode" for a few weeks), where clients are using Windows Defender as the primary AV:

msiexec.exe /i "CylanceProtect_x64.msi" ALLUSERS=1 /qn /norestart /log output.log PIDKEY=<PIDKEY> LAUNCHAPP=1 REGWSC=0

Existing tenant (which is past the "learning period") or a new tenant where clients are using another (supported) anti-virus as the primary AV:

msiexec.exe /i "CylanceProtect_x64.msi" ALLUSE  ...
 
Register/unregister Cylance with Windows Security Center
by lunarg on June 3rd 2021, at 13:34
When deploying Cylance for the first time in a new environment, best practice is to have it run in "audit mode" where Cylance detects but does not act upon it. Of course, this would not be very secure if you don't have another anti-virus in place. Starting from Windows 10 and Server 2016, Windows Defender is automatically installed and active if no other anti-virus product is installed. However, installing Cylance the regular way would result in Windows detecting the presence of Cylance and disabling most of the functionality of Defender. Luckily, you can workaround the issue by having Cylance not register as an anti-virus with Windows Security Center during the installation (or af  ...
 
Installing phpMyAdmin on Debian 10
by lunarg on May 18th 2021, at 17:57

Starting from Debian 10 ("Buster"), phpMyAdmin no longer exists as a package in the Debian repository. Instead, it needs to be installed manually. I found this article online which seems to explain the process very well:

https://linuxhint.com/install_phpmyadmin_debian_10/

 
 
 
« October 2021»
SunMonTueWedThuFriSat
     12
3456789
10111213141516
17181920212223
24252627282930
31      
 
Links
 
Quote
« Smith & Wesson - the original point and click interface »