How to reset trust relationship between computer and a domain

I made a silly mistake and removed my computer from Active Directory. Result? Lost relationship, inability to login and so on. How to resolve it the fastest way?

You have a few options but the worst (and should be your last) is to remove the computer from the domain and rejoin. What is your first option then?

  1. Reset the computer password
    In administrator PowerShell console on the machine that lost trust
    $creds = Get-Credential #use domain\<username>
    Reset-ComputerMachinePassword -Credential $creds -Server <servername> #use PDC or the closest writable DC
  2. Create new computer in Active Directory
    In my case, I had to recreate new computer in Active Directory and then use commands from #1 to reset the password. Worked like a charm
  3. Remove from domain and rejoin
    Not the ideal option but sometimes the only one you have.

If you cannot login or elevate as an administrator, try resetting the local admin password first.

Installing Active Directory on Windows Server Core

Installing Active Directory on Server Core can be intimidating as it’s PowerShell/command prompt only.

Installing Active Directory on Server 2016 Core

  1. Rename server
  2. Set static IP address on the DC
  3. Set DNS on the DC and the client
  4. Install tools
  5. Create new forest (domain)
  6. Add computer
  7. Install tool for remote management

DOMAIN CONTROLLER

Rename-Computer DC01-2016
$ipaddress = "192.168.1.70"
$dnsaddress = "127.0.0.1" #localhost
$ethernet = Get-NetAdapter
Get-DnsClientServerAddress #type those below

New-NetIPAddress -InterfaceAlias $ethernet.name -IPAddress $ipaddress -AddressFamily IPv4 -PrefixLength 24
Set-DnsClientServerAddress -InterfaceAlias $ethernet.name -ServerAddresses ("$dnsaddress","192.168.1.252","192.168.1.1")

#Install AD Domain Services and DNS

Install-WindowsFeature ad-domain-services -IncludeManagementTools

#Create domain

Install-ADDSForest -DomainName testlab.com -InstallDNS -DomainNetbiosName "TESTLAB"

#set recovery password - make sure you save it and keep it safe!

#answer A to allow auto reboot

#reboot

CLIENT

$dnsserver = "192.168.1.70"
$ethernet = Get-NetAdapter
#Get-DnsClientServerAddress #type those below

Set-DnsClientServerAddress -InterfaceAlias $ethernet.name -ServerAddresses ("$dnsserver","192.168.1.252","192.168.1.1")

Rename-Computer WIN10-01

#restart
shutdown -r -t 0

#ADD computer to the domain

Add-Computer -DomainName "testlab.com" -Restart

Login to the domain on the client PC

Download admin tools
https://www.microsoft.com/en-au/download/details.aspx?id=45520

Connect to the remote PowerShell

Enter-PSSession -ComputerName DC01-2016
VPNFilter

FBI: Reboot your router at home and business

Foreign cyber actors have been busy building another network of over 500k(!) IoT devices since 2012 to be ready for potential attack. Called VPNFilter, this malware attacks routers and NAS devices and awaits instructions from 2 domains. FBI had released a warning for users to restart their devices to remove the immediate threat of destroying their device. FBI also seized one of the URLs over the weekend and taken down the image from PhotoBucket were instructions were encoded.

Listening to your conversations? Possibly

“The VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations.”

Stage 1 persists through reboot and awaits deployment of stage 2. Stage 2 malware, which is not persistent after reboot, contains intelligence gathering capabilities, command execution, data exfiltration and device management.

VPNFilter - How it works

What to do?

If you have a router from the Linksys, MikroTik, NETGEAR and TP-Link or own a QNAP TS251 or TS439 Pro, do the following

  1. Restart your router/NAS
    This will temporarily disable stage 2 and remove the immediate threat of bricking your device
  2. Change your password to the device
    As most device passwords are kept set as default, it will disable the direct access that was there before
  3. Firmware update
    Visit the manufacturer’s website or contact your ISP and install the latest firmware

More details can be found on the manufacturers websites

QNAP

Netgear

TP-link

Source: Cisco Talos Intelligence

Windows 10 background

New Microsoft standards for highly secure Windows 10 device

Windows 10 background

Microsoft has released new guidelines for a highly secure Windows 10 device that are really quite pushing the standards and also your wallet. The setup supports the latest CPUs that are certified for Windows 10 such as 7th gen Intel Kaby Lake or AMD 7th gen processors. As you can imagine, most computers are running older generations and would be almost impossible for any company to fully comply. Interestingly enough, Microsoft’s own Surface Pro 4 comes only with 6th gen CPU. I guess you have to reach deeper and go for the latest and greatest Surface Pro.

Why such strict guidelines?

One of the reasons is memory protection and technology called IOMMU or Input Output Memory Management Unit. It sounds complicated but basically there is a memory management unit which helps with communication between devices and memory. This additional layer protects against malicious applications that attempts to access memory directly and gain unauthorised access. Direct memory access used previously could be exploited by just addressing parts of memory that normally store certain sensitive data, like credentials. With IOMMU, this is physically impossible.

Basically if you have the latest PC with enough grunt, Windows 10 Pro with enabled Bitlockler®, you should be fine.

Next one is TPM version 2.0 which has been finalised and published in September of 2016. The latest version brings security improvements, support for newer standards and UEFI only boot which rules out majority of Windows 7 systems. Interestingly, the recommendations also mention a minimum of 8GB of RAM which majority of recently purchased hardware will most likely have, mainly when even your smartphone has at least 3GB to work with.

To sum up:

  • Latest CPU
  • UEFI 2.4 and later (secure boot)
  • Enabled virtualisation (usually off by default)
  • TPM v2.0 or later
  • 8GB of RAM
  • All drivers must be HVCI compliant

Securing Windows 10 got less challenging with forced automatic updates and more options to play with as using modern technologies and solutions to protect against malicious attacks. It is still recommended to get a professional assistance to make sure the settings are not only implemented but correctly implemented.

How to sign a PDF file on your iPhone/iPad

Do you often need to sign or fill in details on PDF files? With iOS11 you can do it directly and without any additional app or subscription!

  1. Open the file
  2. Save it to Files
  3. Open the PDF file from Files
  4. Tap on the pen at the top right corner
  5. Sign and save
  6. Done!

5 easy things you can do to make your business IT more secure

More incidents than ever

There has been a spike recently in incidents, hacks or breaches of different severity focused on businesses or end users. There also have been discovered vulnerabilities that affect millions of users worldwide like KRACK which primarily affects individual users rather than access points.

All these events translated to more media coverage and exposure but many businesses still struggle with questions like ‘How can I protect my data’ or ‘Is my business sufficiently protected?’. As the answers to those depend on each individual business, based on Australian Signal Directorate, Microsoft’s best practices and over 16 years of experience, I can give you 5 things you can do to make your business IT more secure.

1. Enable automatic updates

As with anything, even security starts with the basics which in this case are automatic updates. We all know by now that no software is without issues and that all software needs to be patched for security updates at some point. Operating system is no different. Windows, Mac and Linux have all implemented some form of this process that keeps your security at its highest level without much intervention. For now, we focus on Windows as it is the most popular.

Windows 10 has automatic updates enabled and they cannot be disabled or postponed as easily as it was done with Windows 7. Microsoft realised that to keep any spread contain, it needs to force users to update automatically rather then rely on them to do it manually. A few years back Windowx XP had a flaw and no firewall(!) that would shutdown your PC almost instantly after you turn it on. As you can imagine, it was super annoying but it got fixed and Windows XP got a firewall out of the box in Service Pack 3.

Read more

Windows 10 background

File history in Windows 10 – should you use it?

If you have worked in a business with shared network drives, you have probably come across functionality where you can restore a file to previous version without your administrator’s intervention. Right click on a folder/file, choose properties and go to tab previous versions. Accidentally removed a file? Not a problem! Just hit restore! Try it on your shared drive, you most likely have it enabled!

005-shared drive previous versions

By default the snapshot or shadow copies as it is called in Windows server is taken twice a day, at 7am and then 12pm. It is safe, fast and does not take much space as it only saves the difference between the changes. How perfect, right?

So what does it have to do with Windows 10?

Starting with Windows 7, Microsoft introduced file history so you can do exactly the same on your home computer, perhaps even better as it does not save the differences in strictly given times, but by default every hour! The only requirement is that it has to be enabled on a separate drive, kind of like a backup (but not really). And to answer the question from the title – YES!

How do you set it up?

  1. Go to Windows settings (press Windows logo key + I)
  2. Type ‘history’ and choose Backup Settings
  3. Under Back up using File History, click Add a drive
  4. You can choose from your local or network drives or even USB drives or an SD card
  5. Done
  6. Optional: you can change the default settings by clicking More options

It takes a moment to transfer all your base files first but once done, you will be able to restore your files at any point in time, but locally and even without the internet. If you have a laptop, you can connect and disconnect the drive and Windows will resume File History once you plug it back in.

 

How to - SharePoint document library

How to create simple SharePoint company page to share documents

Have you thought about creating a SharePoint site but did not know how? Here are a quick steps you can follow to start your own SharePoint company page in less than 5 minutes.

Steps:

  1. Login to your Office 365 account https://login.microsoftonline.com
  2. Go to SharePoint
  3. Click ‘Create Site’
  4. Use Team Site
  5. Give it a name and description
  6. Add members or owners
  7. Edit your front page and remove the first block
  8. Add a document block via plus sign at the top
  9. Add a description above
  10. Go to Documents library and upload your first document

You can create multiple libraries for different purposes and teams rather than have just one. You can however keep them all in the same company team site.

Next time we will look how you can add a managed metadata for your documents to assist your search and document organisation.

How to quick parts in outlook feature

How to file and forward with quick steps in Outlook

Have you ever notice that little bar in the middle of your Outlook ribbon and wondered what heck is it good for? By default probably not that much for but little tweaking and you can use it for quite a few things! If you get lot of same emails that require constantly similar action, you can help yourself by creating actions that will do most of it for you. I do not aim for ‘zero email mailbox’ as I think it is a waste of time but I do like to file certain emails from clients, vendors and so on so they are all in one place. Learn how to make your life easier by creating quick part that will forward and file your email in one click!

Check the 20 seconds video tutorial below!

How to quick parts in outlook feature

Read more

How to deal with scammers?

No-one enjoys scammers. They waste your time and although you might have the street smarts not to get caught and pay for their phony fines, not everyone does and many people do end up paying thousands of dollars and in turn perpetuating this ‘business’.

After receiving a phony IRS call, this user called back as they asked him to, with a twist. He created a small script that opens up multiple lines at the time thus prevents them from scamming users.

Enjoy their frustration here