Workaround for Chrome/Edge v92 breaking IDS implementations (CECPQ2)
by lunarg on August 5th 2021, at 10:44
With the release of Chrome (and Edge) version 92, a new feature called CECPQ2 was introduced, hardening the TLS 1.3 keychain against brute-force attacks from quantum computers. Unfortunately, this breaks many SSL scanning (IDS) implementations on security appliances (such as firewalls). A workaround is to either temporarily disable scanning or disable CECPQ2 in the browser through a group policy (or registry key).

To turn off CECPQ2 for Chromium, create the following registry keys:

Chrome:

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome"CECPQ2Enabled"=dword:00000000

Edge:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge"CECPQ2Enabled"=dword:00000000

A browser   ...
 
Consolidate snapshots from PowerCLI
by lunarg on July 15th 2021, at 14:50

Occassionally, it may be necessary to perform disk consolidation. If you have a lot of VMs which need consolidation, it can be tedious to do this in the webclient. Fortunately, it's also possible to mass-consolidate via PowerCLI.

Install and log in using PowerCLI.

To show which VM's need consolidation, run:

Get-VM | ? {$_.Extensiondata.Runtime.ConsolidationNeeded}

To actually perform disk consolidation, run:

Get-VM | ? {$_.Extensiondata.Runtime.ConsolidationNeeded} | % {$_.ExtensionData.ConsolidateVMDisks_Task()}
 
Cylance silent install options
edited by lunarg on June 23rd 2021, at 16:17
Here's a list of common installation options for Cylance. Note that they can also be used with the Cylance Unified installation MSI. Replace <PIDKEY> with the tenant's installation key.

New tenant installation (so Cylance will be running in "learning mode" for a few weeks), where clients are using Windows Defender as the primary AV:

msiexec.exe /i "CylanceProtect_x64.msi" ALLUSERS=1 /qn /norestart /log output.log PIDKEY=<PIDKEY> LAUNCHAPP=1 REGWSC=0

Existing tenant (which is past the "learning period") or a new tenant where clients are using another (supported) anti-virus as the primary AV:

msiexec.exe /i "CylanceProtect_x64.msi" ALLUSE  ...
 
Register/unregister Cylance with Windows Security Center
by lunarg on June 3rd 2021, at 13:34
When deploying Cylance for the first time in a new environment, best practice is to have it run in "audit mode" where Cylance detects but does not act upon it. Of course, this would not be very secure if you don't have another anti-virus in place. Starting from Windows 10 and Server 2016, Windows Defender is automatically installed and active if no other anti-virus product is installed. However, installing Cylance the regular way would result in Windows detecting the presence of Cylance and disabling most of the functionality of Defender. Luckily, you can workaround the issue by having Cylance not register as an anti-virus with Windows Security Center during the installation (or af  ...
 
Installing phpMyAdmin on Debian 10
by lunarg on May 18th 2021, at 17:57

Starting from Debian 10 ("Buster"), phpMyAdmin no longer exists as a package in the Debian repository. Instead, it needs to be installed manually. I found this article online which seems to explain the process very well:

https://linuxhint.com/install_phpmyadmin_debian_10/

 
3CX Phone for macOS download link
by lunarg on May 11th 2021, at 08:00

Although 3CX has stopped development of the standalone Mac client, the latest version (although now a bit outdated) still works and is downloadable here:

http://downloads.3cx.com/downloads/3CXPhoneforMac16.dmg

 
Quick guide to a Core Read-Only Domain Controller
by lunarg on May 7th 2021, at 12:03
Here's a quick and dirty guide to the setup of a read-only Domain Controller (RODC) on a Core-based installation.

Deploy your Core-based server like you normally would.

Using sconfig, perform these tasks in order:

Configure network.

Optionally, configure computer name.

Join the computer to the domain.

After the reboot, install the required role via Powershell:

Install-WindowsFeature AD-Domain-Services

After that's successful, using Powershell, promote the server to an RODC (adjust parameter values accordingly):

Install-ADDSDomainController -Credential (Get-Credential) -DomainName domain.local -SiteName "Default-First-Site-Name" -InstallDNS:$true -ReadOnlyReplica:$true -For  ...
 
Change root folder of OneDrive on macOS
by lunarg on May 4th 2021, at 11:44
When syncing a OneDrive business account, the root folder name consists of "OneDrive" followed by the company name as registered in M365, e.g. "OneDrive - My Company Ltd.". For certain companies with longer names, this could result in lengthy folder names. There is a way to change (rename) this folder, though.

Completely quit the OneDrive application.

Using either Finder or Terminal, navigate to the folder: ~/Library/Containers/com.microsoft.OneDrive-mac/Data/Library/Application Support/OneDrive/settings/Business1/

There are a few INI-files in there. One will be a randomized SID-like number, followed by .ini, e.g. a183b583-a64a-28fd-818a-b4918a569c95.ini. Open this fil  ...
 
 
 
« August 2021»
SunMonTueWedThuFriSat
1234567
891011121314
15161718192021
22232425262728
293031    
 
Links
 
Quote
« Safety is not a coincidence. »