Installing Active Directory on Windows Server Core

Installing Active Directory on Server Core can be intimidating as it’s PowerShell/command prompt only.

Installing Active Directory on Server 2016 Core

  1. Rename server
  2. Set static IP address on the DC
  3. Set DNS on the DC and the client
  4. Install tools
  5. Create new forest (domain)
  6. Add computer
  7. Install tool for remote management

DOMAIN CONTROLLER

Rename-Computer DC01-2016
$ipaddress = "192.168.1.70"
$dnsaddress = "127.0.0.1" #localhost
$ethernet = Get-NetAdapter
Get-DnsClientServerAddress #type those below

New-NetIPAddress -InterfaceAlias $ethernet.name -IPAddress $ipaddress -AddressFamily IPv4 -PrefixLength 24
Set-DnsClientServerAddress -InterfaceAlias $ethernet.name -ServerAddresses ("$dnsaddress","192.168.1.252","192.168.1.1")

#Install AD Domain Services and DNS

Install-WindowsFeature ad-domain-services -IncludeManagementTools

#Create domain

Install-ADDSForest -DomainName testlab.com -InstallDNS -DomainNetbiosName "TESTLAB"

#set recovery password - make sure you save it and keep it safe!

#answer A to allow auto reboot

#reboot

CLIENT

$dnsserver = "192.168.1.70"
$ethernet = Get-NetAdapter
#Get-DnsClientServerAddress #type those below

Set-DnsClientServerAddress -InterfaceAlias $ethernet.name -ServerAddresses ("$dnsserver","192.168.1.252","192.168.1.1")

Rename-Computer WIN10-01

#restart
shutdown -r -t 0

#ADD computer to the domain

Add-Computer -DomainName "testlab.com" -Restart

Login to the domain on the client PC

Download admin tools
https://www.microsoft.com/en-au/download/details.aspx?id=45520

Connect to the remote PowerShell

Enter-PSSession -ComputerName DC01-2016
VPNFilter

FBI: Reboot your router at home and business

Foreign cyber actors have been busy building another network of over 500k(!) IoT devices since 2012 to be ready for potential attack. Called VPNFilter, this malware attacks routers and NAS devices and awaits instructions from 2 domains. FBI had released a warning for users to restart their devices to remove the immediate threat of destroying their device. FBI also seized one of the URLs over the weekend and taken down the image from PhotoBucket were instructions were encoded.

Listening to your conversations? Possibly

“The VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations.”

Stage 1 persists through reboot and awaits deployment of stage 2. Stage 2 malware, which is not persistent after reboot, contains intelligence gathering capabilities, command execution, data exfiltration and device management.

VPNFilter - How it works

What to do?

If you have a router from the Linksys, MikroTik, NETGEAR and TP-Link or own a QNAP TS251 or TS439 Pro, do the following

  1. Restart your router/NAS
    This will temporarily disable stage 2 and remove the immediate threat of bricking your device
  2. Change your password to the device
    As most device passwords are kept set as default, it will disable the direct access that was there before
  3. Firmware update
    Visit the manufacturer’s website or contact your ISP and install the latest firmware

More details can be found on the manufacturers websites

QNAP

Netgear

TP-link

Source: Cisco Talos Intelligence

How to sign a PDF file on your iPhone/iPad

Do you often need to sign or fill in details on PDF files? With iOS11 you can do it directly and without any additional app or subscription!

  1. Open the file
  2. Save it to Files
  3. Open the PDF file from Files
  4. Tap on the pen at the top right corner
  5. Sign and save
  6. Done!

5 easy things you can do to make your business IT more secure

More incidents than ever

There has been a spike recently in incidents, hacks or breaches of different severity focused on businesses or end users. There also have been discovered vulnerabilities that affect millions of users worldwide like KRACK which primarily affects individual users rather than access points.

All these events translated to more media coverage and exposure but many businesses still struggle with questions like ‘How can I protect my data’ or ‘Is my business sufficiently protected?’. As the answers to those depend on each individual business, based on Australian Signal Directorate, Microsoft’s best practices and over 16 years of experience, I can give you 5 things you can do to make your business IT more secure.

1. Enable automatic updates

As with anything, even security starts with the basics which in this case are automatic updates. We all know by now that no software is without issues and that all software needs to be patched for security updates at some point. Operating system is no different. Windows, Mac and Linux have all implemented some form of this process that keeps your security at its highest level without much intervention. For now, we focus on Windows as it is the most popular.

Windows 10 has automatic updates enabled and they cannot be disabled or postponed as easily as it was done with Windows 7. Microsoft realised that to keep any spread contain, it needs to force users to update automatically rather then rely on them to do it manually. A few years back Windowx XP had a flaw and no firewall(!) that would shutdown your PC almost instantly after you turn it on. As you can imagine, it was super annoying but it got fixed and Windows XP got a firewall out of the box in Service Pack 3.

Read more

Windows 10 background

File history in Windows 10 – should you use it?

If you have worked in a business with shared network drives, you have probably come across functionality where you can restore a file to previous version without your administrator’s intervention. Right click on a folder/file, choose properties and go to tab previous versions. Accidentally removed a file? Not a problem! Just hit restore! Try it on your shared drive, you most likely have it enabled!

005-shared drive previous versions

By default the snapshot or shadow copies as it is called in Windows server is taken twice a day, at 7am and then 12pm. It is safe, fast and does not take much space as it only saves the difference between the changes. How perfect, right?

So what does it have to do with Windows 10?

Starting with Windows 7, Microsoft introduced file history so you can do exactly the same on your home computer, perhaps even better as it does not save the differences in strictly given times, but by default every hour! The only requirement is that it has to be enabled on a separate drive, kind of like a backup (but not really). And to answer the question from the title – YES!

How do you set it up?

  1. Go to Windows settings (press Windows logo key + I)
  2. Type ‘history’ and choose Backup Settings
  3. Under Back up using File History, click Add a drive
  4. You can choose from your local or network drives or even USB drives or an SD card
  5. Done
  6. Optional: you can change the default settings by clicking More options

It takes a moment to transfer all your base files first but once done, you will be able to restore your files at any point in time, but locally and even without the internet. If you have a laptop, you can connect and disconnect the drive and Windows will resume File History once you plug it back in.

 

How to - SharePoint document library

How to create simple SharePoint company page to share documents

Have you thought about creating a SharePoint site but did not know how? Here are a quick steps you can follow to start your own SharePoint company page in less than 5 minutes.

Steps:

  1. Login to your Office 365 account https://login.microsoftonline.com
  2. Go to SharePoint
  3. Click ‘Create Site’
  4. Use Team Site
  5. Give it a name and description
  6. Add members or owners
  7. Edit your front page and remove the first block
  8. Add a document block via plus sign at the top
  9. Add a description above
  10. Go to Documents library and upload your first document

You can create multiple libraries for different purposes and teams rather than have just one. You can however keep them all in the same company team site.

Next time we will look how you can add a managed metadata for your documents to assist your search and document organisation.

How to quick parts in outlook feature

How to file and forward with quick steps in Outlook

Have you ever notice that little bar in the middle of your Outlook ribbon and wondered what heck is it good for? By default probably not that much for but little tweaking and you can use it for quite a few things! If you get lot of same emails that require constantly similar action, you can help yourself by creating actions that will do most of it for you. I do not aim for ‘zero email mailbox’ as I think it is a waste of time but I do like to file certain emails from clients, vendors and so on so they are all in one place. Learn how to make your life easier by creating quick part that will forward and file your email in one click!

Check the 20 seconds video tutorial below!

How to quick parts in outlook feature

Read more