the-server.ninja - Entries RSS

The-Server.Ninja

The-server.ninja Spined HTML

The-Server.Ninja https://the-server.ninja Server Admin by day... Server Ninja by night... Mon, 26 Nov 2018 03:21:58 +0000 en-GB hourly 1 http://wordpress.com/ https://secure.gravatar.com/blavatar/7375bff6c21acf993d6751cad3df96b7?s=96&d=https%3A%2F%2Fs0.wp.com%2Fi%2Fbuttonw-com.png The-Server.Ninja https://the-server.ninja Powershell – Creating Active Directory User Accounts: with an Office 365 mailbox https://the-server.ninja/2018/01/11/powershell-creating-active-directory-user-accounts-with-an-office-365-mailbox/ https://the-server.ninja/2018/01/11/powershell-creating-active-directory-user-accounts-with-an-office-365-mailbox/#respond Thu, 11 Jan 2018 21:01:19 +0000 http://the-server.ninja/?p=1231 Continue reading Powershell – Creating Active Directory User Accounts: with an Office 365 mailbox]]> Most IT admins know what a pain it is to set up Active Directory user accounts, expressly when you need to setup a respective 365 mailbox. Hopefully, this script is going to help you! I’m going to guide you though using Powershell to create an Active Directory account, with a licenced Office 365 mailbox (in a hybridMart2013 environment). I’m thesping you’re executing this script from an Admin Powershell prompt, on a Domain joined PC (It maybe useful for you to run this script in Powershell ISE). This script will: Create an Active Directory user worth + indulge you to assign a user password (securely).Well-constructedAD worth details such as telephone number and write (useful if you are using my email signature script guide). Create an Office 365 mailbox (this script assumes that you are running inMarthybrid mode (i.e. your merchantry moreover has an on PremiseMartserver). Turn on litigation hold enabled (for this to work, you will need the correct licences, ie: E3). Assign a 365 licence (I’m moreover assigning an ATP licence, Windows 10 licence and PowerBI standard licence). You’ll need to prepare your IT admin PC. Perform the pursuit steps: Enable .NET 3.5 Install: http://g.microsoftonline.com/0bd00en-us/569 Install: https://www.microsoft.com/en-us/download/confirmation.aspx?id=39267 Install: http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185 For the final part of our prep, launch an admin Powershell prompt and run the pursuit command: set-executionpolicy remotesigned Script starts here: The first part of the script brings in the Active Directory powershell modules. #Installs AD modules import-module activedirectory The next part of the script asks for the user details (I’ve yet to implement error capturing in this section; so if you don’t have the relevant info, printing space to register some input surpassing pressing enter). Make sure details are accurate, and if you are using my email signature script, it will be just as important to enter Job Title, Phone number etc.  if not; just scuttlebutt those sections out using: # I’ve moreover set the script to trammels for location.  Useful if you have multiple offices and want to pre-set variegated office addresses & security groups. Write-host "Please well-constructed the pursuit questions, Ensure spelling and specimen are accurate" $First=Read-Host 'Enter First Name' $Last=Read-Host 'Enter Last Name' $Title=Read-Host 'Enter Job Title' $EmployeeID=Read-Host 'Enter the EmployeeID.PrintingSpace then Enter if information is not available' $Mobile=Read-Host 'Enter the Mobile Phone Number.PrintingSpace then Enter if information is not available' $Department=Read-Host 'Enter the users department.PrintingSpace then Enter if information is not available' $DirectDial=Read-Host 'Enter the users uncontrived dial number.PrintingSpace then Enter if information is not available' $InternalExtension=Read-Host 'Enter the users internal extension number.PrintingSpace then Enter if information is not available' $Qualifications=Read-Host 'Enter any relevant qualifications.PrintingSpace then Enter if information is not available' $Location=Read-Host 'Enter Location: Exeter, Truro, Plymouth or Bristol'   Using the data captured above, the script builds up some variables needed to create a user account. The script is configured to convert email addresses to lowercase (for cosmetic purposes). Using host location information, the relevant write information will be populated. #Pre-set fields generic to all users regardless of location $FirstLower=$First.ToLower() $LastLower=$Last.ToLower() $SAMAccountName=$FirstLower+'.'+$LastLower $DisplayName=$First+' '+$Last $Mailnickname=$First+$Last $UserPrincipalName=$FirstLower+'.'+$LastLower+'@contoso.co.uk' $RemoteRoutingAddress=$FirstLower+'.'+$LastLower+'@contoso.onmicrosoft.com' $ProxyEmailAddress=$FirstLower+'.'+$LastLower+'@contoso.onmicrosoft.com' $EmailAddress=$FirstLower+'.'+$LastLower+'@contoso.co.uk' #This maybe of use if the visitor domain has reverted but is still used for mailflow. $oldEmailAddress=$FirstLower+'.'+$LastLower+'@tailspintoys.co.uk' $Company="Contoso Ltd" $WWWHomePage="www.contoso.co.uk" #This section prompts you to enter a password - this is the users initial password $password=Read-Host "Enter Users Password" -AsSecureString #Custom fields - dependent on office location #Make sure the $Path location unelevated is sync'd to office 365 - this is setup in the sync service manager installed on your domain controller If ($Location -eq 'Exeter') { $Path="OU=Exeter,DC=contoso,DC=local" $OfficePhone="01234 567890" $Fax="01234 567890" $StreetAddress="StreetWrite1" $POBox="StreetWrite2" $City="Exeter" $State="Devon" $PostalCode="EX Postcode" } ElseIf ($Location -eq 'Plymouth') { $Path="OU=Win10,OU=Plymouth,DC=contoso,DC=local"" $OfficePhone="01234 567890" $Fax="01234 567890" $StreetAddress="StreetWrite1" $POBox="StreetWrite2" $City="Plymouth" $State="Devon" $PostalCode="PL Postcode" } ElseIf ($Location -eq 'Truro') { $Path="OU=Truro,DC=contoso,DC=local"" $OfficePhone="01234 567890" $Fax="01234 567890" $StreetAddress="StreetWrite1" $POBox="StreetWrite2" $City="Truro" $State="Cornwall" $PostalCode="TR Postcode" } ElseIf ($Location -eq 'Bristol') { $Path="OU=Win10,OU=Bristol,DC=contoso,DC=local"" $OfficePhone="01234 567890" $Fax="01234 567890" $StreetAddress="StreetWrite1" $POBox="StreetWrite2" $City="Bristol" $State="Bristol" $PostalCode="BS Postcode" } Else { write-host "Incorrect Location Entered; exiting script" start-sleep -milliseconds 10000 exit }   Now, the AD user worth is created. #Create user section - this builds the AD worth using the fields whilom New-ADUser -SAMAccountName $SAMAccountName -name $DisplayName -GivenName $First -Surname $Last -UserPrincipalName $UserPrincipalName -DisplayName $DisplayName -Department $Department -Path $Path -Company $Company -EmployeeID $EmployeeID -Fax $Fax -OfficePhone $OfficePhone -HomePhone $DirectDial -Mobile $Mobile -StreetAddress $StreetAddress -City $City -POBox $PObox -State $State -PostalCode $PostalCode -ChangePasswordAtLogon -OtherAttributes @{title=$title;mail=$EmailAddress;wwwHomePage=$WWWHomePage;c="GB";co="United Kingdom";ipPhone=$InternalExtension;info=$qualifications} #This section adds the users email addresses. The primary email write should be SMTP in caps, secondary addresses in lowercase. Set-ADUser -identity $SAMAccountName -Add @{ProxyAddresses="SMTP:$EmailAddresses"} Set-ADUser -identity $SAMAccountName -Add @{ProxyAddresses="smtp:$OldEmailAddress"} Set-ADUser -identity $SAMAccountName -Add @{ProxyAddresses="smtp:$ProxyEmailAddresses"} #pauses the script to indulge AD to replicate start-sleep -milliseconds 5000   This part of the script adds the user into the company’s generic security groups. It moreover uses  the write information to add the user into any relevant group based on location. The group name cab be found under symbol editor, CN. #Adds user into standard visitor groups Add-ADGroupMember -Identity "Generic AD Security Group 1 SG" -Members $SAMAccountName Add-ADGroupMember -Identity "Generic AD Security Group 1 SG" -Members $SAMAccountName Add-ADGroupMember -Identity "Generic AD Security Group 1 SG" -Members $SAMAccountName #Adds user into location specific security groups If ($Location -eq 'Exeter') { Add-ADGroupMember -Identity "Exeter Security Group" -Members $SAMAccountName } ElseIf ($Location -eq 'Plymouth') { Add-ADGroupMember -Identity "Plymouth Security Group" -Members $SAMAccountName } ElseIf ($Location -eq 'Truro') { Add-ADGroupMember -Identity "Truro Security Group" -Members $SAMAccountName } ElseIf ($Location -eq 'Bristol') { Add-ADGroupMember -Identity "Bristol Security Group" -Members $SAMAccountName } Start-sleep -milliseconds 5000   This part of the script uses the password you previously set; then enables the AD worth (AD worth cannot be enabled without a password). Set-ADAccountPassword -identity $SAMAccountName -NewPassword $password -Reset Start-sleep -milliseconds 5000 Enable-ADAccount -Identity $SAMAccountName   Next, we’re going to get our AD server (with Microsoft AD Connect Sync Service installed) to perform a Delta Sync from AD to Office 365. This will register the new user worth in the 365 portal. #This section forces and AD to 365 Delta sync from the domain controller, then pauses the script to make sure the sync has completed. Invoke-Command -Computer Contoso-AD1 -Scriptblock {Start-ADSyncSyncCycle -PolicyType Delta} start-sleep -milliseconds 10000   Mail routing functionality breaks if you try and create a mailbox directly in 365, rather than usingMart2013 – we will need to create a 365 mailbox thoughMartPowershell. However; we don’t want to have to run commands directly on ourMartserver, so we’re going to create anMartPowershell session from our IT admin PC and then create the 365 mailbox. #This part of the script connects to a Powershell session via the on-prem mart 2013 server (hybrid environment). $Session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri http://contoso-mbx1/powershell -Authentication Kerberos Import-PSSession $Session -DisableNameChecking -AllowClobber #This part creates the Office365 mailbox though the on-premise mart 2013 server (hybrid mode) Enable-RemoteMailbox -identity $SAMAccountName –remoteroutingaddress $RemoteRoutingAddress #This bit turns on mailbox archiving - trammels your licencing arrangement! Enable-RemoteMailbox $SAMAccountName -Archive #Forces the script to pause whilst 365 worth is setup start-sleep -milliseconds 10000 Now, we’re connecting to our 365 portal. This is where you will be prompted to login to 365. #Connects to Office 365 portal. Will prompt for valid admin credentials. Manually running $AccountSKU Will report when number of licences used / available. import-module MsOnline Connect-MsolService $AccountSKU = Get-MsolAccountSKU $AccountSKU $UserLicence = Get-MsolUser -UserPrincipalName $UserPrincipalName Next, the script sets the users location – in this specimen GB (Great Britain).TranspirationContoso to your visitor name (ie the bit surpassing onmicrosoft.com) We’re moreover assigning: Office 365 E3 licenceWideThreat Protection licence PowerBI Standard (free) licence Windows 10 Enterprise licence #This sets the users location; needed surpassing licences can be prescribed Set-MsolUser -UserPrincipalName $UserPrincipalName -UsageLocation GB Write-host "Assigning licences: Office 365 E3, MS ATP, Windows 10 and PowerBi Std" Set-MsolUserLicense -UserPrincipalName $UserPrincipalName -AddLicenses "Contoso:ENTERPRISEPACK" Set-MsolUserLicense -UserPrincipalName $UserPrincipalName -AddLicenses "Contoso:ATP_ENTERPRISE" Set-MsolUserLicense -UserPrincipalName $UserPrincipalName -AddLicenses "Contoso:POWER_BI_STANDARD" Set-MsolUserLicense -UserPrincipalName $UserPrincipalName -AddLicenses "Contoso:WIN10_PRO_ENT_SUB" start-sleep -milliseconds 5000   This part of the script closes our connection to the on-premiseMartserver. #Cleans upMarton premise script session Remove-PSSession $Session   This section turns on litigation (legal) hold. You’ll need the correct licences (ie E3) so trammels this surpassing continuing.  If you’re using incompatible licences, remove or scuttlebutt out this section. $Credential = Get-Credential $ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid" -Credential $credential -Authentication "Basic" -AllowRedirection Import-PSSession $ExchangeSession start-sleep -milliseconds 5000 Get-Mailbox -identity $SAMAccountName | Set-Mailbox -LitigationHoldEnabled $True start-sleep -milliseconds 5000 #Cleans up connection to 365 servers Remove-PSSession $ExchangeSession   Once the script completes; you’ll be well-considered that Microsoft can take 30 minutes to prepare the mailbox. You may find that you are worldly-wise to login to portal.office.com but the webmail sawed-off will be wrenched until the mailbox setup has completed – plane if it appears misogynist in the admin portal. write-host "Allow 30 minutes for Microsoft / Office 365 to create the mailbox" start-sleep -milliseconds 10000 exit   That concludes the AD script! Hopefully you have found it of some use, and save some time in your rented IT environment. As I find improvements, I’ll update the guide. TSN. ]]> https://the-server.ninja/2018/01/11/powershell-creating-active-directory-user-accounts-with-an-office-365-mailbox/feed/ 0 severnd GDPR – Getting Started https://the-server.ninja/2017/12/19/gdpr-getting-started/ https://the-server.ninja/2017/12/19/gdpr-getting-started/#respond Tue, 19 Dec 2017 13:26:50 +0000 http://the-server.ninja/?p=1225 If your merchantry has not prepared for GDPR yet, and is in need of some help getting started, download our PowerPoint slideshow using the link below: Download: Getting Ready for GDPR ]]> https://the-server.ninja/2017/12/19/gdpr-getting-started/feed/ 0 severnd Windows 10 v1709 Deployment https://the-server.ninja/2017/11/16/windows-10-v1709-deployment/ https://the-server.ninja/2017/11/16/windows-10-v1709-deployment/#respond Thu, 16 Nov 2017 17:18:09 +0000 http://the-server.ninja/?p=1168 Continue reading Windows 10 v1709 Deployment]]> ***UPDATE*** Microsoft have moreover released MDT v8450 for Windows 10 v1709 deployment.  Get the latest installer here: It’s been a while since I’ve played with Windows 10 Deployment… One of the problems you may come wideness when upgrading your images to Windows 10 v1709 (fall creators update) is that to capture the gold master image, you’ll need to update your ADK installation. On your deployment server, throne to Control Panel, Programs and Features – then remove the old ADK program. Download and install the new build of WDS from here: Once installed; unshut the deployment workbench, right click on MDT Deployment Share and select update.  This can take some time. When complete; unshut Windows Deployment Services; replace the marching image with one you’ve just generated. Finally, throne over to your gold master image; make sure its fully patched (and you’ve performed a disk wipe up); and run the litetouch.vbs script (\\deploymentserver\deploymentshare$\scripts\litetouch.vbs). ]]> https://the-server.ninja/2017/11/16/windows-10-v1709-deployment/feed/ 0 severnd News: Windows Server 2016 RTM. Now misogynist on the MVLS portal! https://the-server.ninja/2016/10/13/news-windows-server-2016-rtm-now-available-on-the-mvls-portal/ https://the-server.ninja/2016/10/13/news-windows-server-2016-rtm-now-available-on-the-mvls-portal/#respond Thu, 13 Oct 2016 08:05:22 +0000 http://the-server.ninja/?p=711 Continue reading News: Windows Server 2016 RTM. Now misogynist on the MVLS portal!]]> Microsoft have overnight made Windows Server 2016 RTM to download from the MVLS portal. This is the final code, bar any last minute Windows Update patches.Withouttesting the Windows Server 2016 techincal preview, i think this is going to be a really heady release (As a virtualization specialist, my particular favourite is the new Storage SpacesUncontrivedfeature!). Both the 180 day trial of Server 2016, and the final release of the self-ruling hypervisor, Hyper-V 2016 can be downloaded from Microsoft’s site. ]]> https://the-server.ninja/2016/10/13/news-windows-server-2016-rtm-now-available-on-the-mvls-portal/feed/ 0 severnd Storage SpacesUncontrivedtsn signoff Unlimited merchantry broadband from £15.99 a month Windows Deployment: PXE booting between VLAN’s https://the-server.ninja/2016/09/13/windows-deployment-pxe-booting-between-vlans/ https://the-server.ninja/2016/09/13/windows-deployment-pxe-booting-between-vlans/#respond Tue, 13 Sep 2016 10:21:24 +0000 http://the-server.ninja/?p=1159 Continue reading Windows Deployment: PXE booting between VLAN’s]]> If you’re looking to PXE marching between VLAN’s (ie. a vlan for servers and a vlan for clients), you’ll need to add a couple of uneaten options into your DHCP server settings. Its an easy unbearable process, pursuit these steps should get things working for you: In Windows DHCP, expand your VLAN’s DHCP scope, and select telescopic options. add option 66 – enter the FQDN of your deployment server. add option 67 – enter \boot\x64\wdsnbp.com (or if you’re deploying 32bit images: boot\x86\wdsnbp.com).  For reference you’ll find this file is in your deployment servers REMINST directory. When you marching up your vendee computer, it will now receive the correct tftp response and will be worldly-wise PXE boot! ]]> https://the-server.ninja/2016/09/13/windows-deployment-pxe-booting-between-vlans/feed/ 0 severnd svr-nja-dhcp-scope-options svr-nja-dhcp-for-pxe tsn signoff Unlimited merchantry broadband from £15.99 a month Defeat Ransomware: Use Microsoft File Server Resource Manager (FSRM) – with a twist! https://the-server.ninja/2016/09/06/defeat-ransomware-use-microsoft-file-server-resource-manager-fsrm-with-a-twist/ https://the-server.ninja/2016/09/06/defeat-ransomware-use-microsoft-file-server-resource-manager-fsrm-with-a-twist/#respond Tue, 06 Sep 2016 16:47:46 +0000 http://the-server.ninja/?p=1018 You may have seen some translating floating well-nigh on the internet, showing  you how to use Microsoft’s File Server Resource Manager (FSRM) to prevent Ransomware. The problem with these wares is that they all involve maintaining a woodcut list. You’ll find those woodcut lists rarely alimony up with new variants of Ransomware. So, in this article, i’m going to show you how to defeat ransomware – with a twist! Lemons… good for lemonade. Not so good at vibration Ransomware! First things first, i’m going to seem you’re running Windows Server 2012 / R2, and have not yet installed the FSRM role [if you’re running 2008 R2, skip to near the middle of this article].UnshutPowershell as Administrator Install the FSRM role: Install-WindowsFeature FS-Resource-Manager –IncludeManagementTools Reboot your server if prompted. Configure SMTP settings – this will zestful you if anyone attempts to create an unsafe file in the targeted filepath.Unshutan Admin Powershell prompt and enter: Set-FsrmSetting -AdminEmailAddress "youremailaddress@domain.name" –smtpserver "IPWriteof your mail server here" –FromEmailAddress "servername@domain.name" You may need to make some adjustments on your mail server for this to work. Next up, we’re going to configure a new FSRM file group. This is where the twist comes in – your unquestionably going to woodcut EVERY FILE TYPE, then  ONLY indulge the filetypes you know are unscratched – completely eliminating the need to maintain a woodcut list. The script unelevated will imbricate the main filetypes but you’ll need to tailor this to your environment. My recommendation is to install WinDirStat and perform a scan of the share you are targeting. This will list all of the extensions currently in use within the share. With Powershell unshut (remember, right click and run as Administrator); reprinting the pursuit writ and hit enter: new-FsrmFileGroup -Name "AllowUnscratchedFiles Only" -IncludePattern "*.*" -ExcludePattern @("*.bmp","*.jpg","*.gif","*.jpeg","*.tiff","*.png","*.eps","*.tif","*.txt","*.text","*.pdf","*.xls","*.xlsx","*.doc","*.docx","*.ppt","*.pptx","*.pub","*.pubx","*.mpp","*.mdb","*.pst","*.msg","*.wmv","*.mov","*.wav","*.vss","*.vsd","*.fmp12","*.ppsx","*.ldb","*.avi","*.tmp","*.log") If you want to add addtional filetypes; either manually edit the File Group, or run the following  (adding new file extensions using the ,”*.ext” format): set-FsrmFileGroup -Name "AllowUnscratchedFiles Only" -ExcludePattern @("*.bmp","*.jpg","*.gif","*.jpeg","*.tiff","*.png","*.eps","*.tif","*.txt","*.text","*.pdf","*.xls","*.xlsx","*.doc","*.docx","*.ppt","*.pptx","*.pub","*.pubx","*.mpp","*.mdb","*.pst","*.msg","*.wmv","*.mov","*.wav","*.vss","*.vsd","*.fmp12","*.7z","*.zip","*.ppsx","*.tmp","*.ldb","*.avi","*.log","Thumbs.db") Now we’ll set up a new Active File Screen Template: The first script creates the email template. You’ll want to review the text without -Subject, and without -Body. If you’d like the FSRM alerts to be emailed to multiple email addresses, separate them using a semicolon [;] $Notification = New-FsrmAction -Type Email -MailTo "[Admin Email];[Source File Owner Email]" -Subject "Warning!! You have attempted to save unsecure file type – contact ICT immediately!" -Body "You have attempted to create or save an unsecure file type - [Source File Path] on [File Screen Path] on server [Server]. These file types are obstructed by the pursuit rule: [Violated File Group]. If this was unintentional, this could indicate that your computer has been infected with a virus.  Please contact ICT immediately for support." -RunLimitInterval 120 The next script creates the File Screen template: New-FsrmFileScreenTemplate -Name "AllowUnscratchedFiles only" –IncludeGroup "AllowUnscratchedFiles Only" -Notification $Notification -ActiveUnshutthe File Server Resource Manager GUI. Expand File Screening Management – Select File Screen Templates, and Right click onIndulgeSafe Files Only. Select Edit Template Properties… Select the Event Log tab. Make sure Send warning to event log is ticked.  Hit OK. This will record file blocking events to event log.  This will help diagnose any issues later. Next, from the FSRM screen, Right click on File Screens and select Create File Screen… Browse to, and select your share path. From the “Derive properties from this file screen template (recommended)” waif down, select “AllowUnscratchedFiles only” and hit create. Finally, time for testing! Using the file screen rules above, struggle to create two files: filename.txt filename.bat The first file, filename.txt should be created. FSRM will prevent you from creating the second file, filename.bat Shortly without your attempt, you should receive an email alert. Using this information you’ll be worldly-wise to track lanugo the user; determine whether the file was legitimate, or a virus, then take the towardly whoopee (ie add the file extension to the unscratched list, or quarrantine the infected computer). If you’re looking to do with with Windows Server 2008 R2; you’ll need to run a few variegated commands, and perform a little uneaten work in the GUI. First off, install FSRM using the pursuit Powershell commands (remember, you’ll need to unshut Powershell as Administrator): import-module servermanager Add-WindowsFeature FS-FileServer,FS-Resource-Manager Create the File Group using this writ (use pipe | to separate each file extension): filescrn Filegroup Add /Filegroup:"AllowUnscratchedFiles Only" /Members:"*.*" /Nonmembers:"*.bmp|*.jpg|*.gif|*.jpeg|*.tiff|*.png|*.eps|*.tif|*.txt|*.text|*.pdf|*.xls|*.xlsx|*.doc|*.docx|*.ppt|*.pptx|*.pub|*.pubx|*.mpp|*.mdb|*.pst|*.msg|*.wmv|*.mov|*.wav|*.vss|*.vsd|*.fmp12|*.7z|*.zip|*.ppsx|*.ldb|*.avi|*.log" Create a new file screen template: filescrn template add /template:"AllowUnscratchedFiles Only" /Type:Active /Add-Filegroup:"AllowUnscratchedFiles Only"Unshutthe FSRM GUI. Expand file Screen Management, File Screen Templates. Right click on “AllowUnscratchedFiles Only” – select Edit Template Properties Select the “E-mail Message” tab. Select tick box: send e-mail to the pursuit administrators reprinting the pursuit into the box: [Admin Email];[Source File Owner Email]Trammelsthe box for: Send e-mail to the user who attempted to save an unauthorized file In the Subject box, reprinting the following: Warning!! You have attempted to save unsecure file type – contact ICT immediately! In the message body: You have attempted to create or save an unsecure file type - [Source File Path] on [File Screen Path] on server [Server]. These file types are obstructed by the pursuit rule: [Violated File Group]. If this was unintentional, this could indicate that your computer has been infected with a virus.  Please contact ICT immediately for support. Select the Event Log tab, make sure send warning to event log is ticked. Click OK. (you maybe warned that you have not configured your SMTP server yet.  Click Yes. we’ll do that next). Select “Apply template only to derived file screens that match the original template”. Finally, whilst you’re in the FSRM GUI, right click on File Server Resource Manager (local) and select Configure Options… In the options window, select the Email Notifications tab. Enter your server & email details.Unshutthe File Server Resource Manager GUI. Expand File Screening Management – Right click on File Screens and select Create File Screen… Browse to, and select your share path. From the “Derive properties from this file screen template (recommended)” waif down, select “AllowUnscratchedFiles only” and hit create. If users are prevented from saving unrepealable files, but you’re sure that you have widow in the correct file types, it maybe the using uses flipside file type to write a temporary file first.UnshutEvent Viewer (type: eventvwr.msc into the run box).Throneto Windows Logs, Application.Squintfor Event ID 8215, SRMSVR.  This will list each obstructed file. Squintfor the .filetype thats stuff obstructed and add to the exceptions list. ]]> https://the-server.ninja/2016/09/06/defeat-ransomware-use-microsoft-file-server-resource-manager-fsrm-with-a-twist/feed/ 0 severnd Lemons... good for lemonade. Not so good at vibration Ransomware! fsrm 0.png windirstat FSRM File Groups Window allo unscratched files template.JPG file-screen-event-logging FSRM Menu FSRM Create File Screen Window FSRM Email message. fsrm-2008r2 fsrm-2008r2-1 fsrm-2008r2-1 fsrm-2008r2-0 filescreen 2008r2.PNG filescreen-2008r2-1 eventviewer tsn signoff Unlimited merchantry broadband from £15.99 a month Build your own computer defence shield: security infographic https://the-server.ninja/2016/05/12/build-your-own-computer-defence-shield-security-infographic/ https://the-server.ninja/2016/05/12/build-your-own-computer-defence-shield-security-infographic/#respond Thu, 12 May 2016 20:52:06 +0000 http://the-server.ninja/?p=996 Continue reading Build your own computer defence shield: security infographic]]> Build your own computer defence shield: security infographic for you to print out and keep: This security infographic will offer you a few pointers when plaintive up the security of your network. Heres a few useful links to get you started: Exploit Mitigation:  Microsoft EMET Anti-Ransomware: Malwarebytes Content Filtering: OpenDNS Password Security: LastpassUsingPatching: Ninte Improve your fileserver security: with a twist   ]]> https://the-server.ninja/2016/05/12/build-your-own-computer-defence-shield-security-infographic/feed/ 0 severnd thumbnail - security infographic tsn signoff Great value Unlimited Broadband from an ribbon winning provider Happy WorldReplacementDay!!!! https://the-server.ninja/2016/03/31/happy-world-backup-day/ https://the-server.ninja/2016/03/31/happy-world-backup-day/#respond Thu, 31 Mar 2016 16:30:10 +0000 http://the-server.ninja/?p=989 Continue reading Happy World Backup Day!!!!]]> Today’s the day!  WorldReplacementDay! There used to be a saying, only two things in life are certain.  Death and Taxes.  Well, this is the computer age.  Add nonflexible disk failure and data loss to the list! If your struggling to perform a backup, here’s a nice and basic  writ for you… robocopy.exe \\source\directory driveletter:\directory /S /E /DCOPY:D /COPY:DT /ZB /MT:8 /R:3 /W:5 /LOG:driveletter:\logfilename.txt In a nutshell, the writ will take a reprinting of your data (\\source\directory) and reprinting to  flipside location – ie usb momentum (driveletter:\directory). For anyone whos interested, Spiceworks have  a pretty superstitious infographic / poster for today. I moreover have to recommend Altaro for their self-ruling Hyper-V and VMWare products. If you’re in the server business, i’d recommend having a look.   ]]> https://the-server.ninja/2016/03/31/happy-world-backup-day/feed/ 0 severnd alphabetize tsn signoff Great value Unlimited Broadband from an ribbon winning provider Using a Raspberry Pi as a Squid proxy enshroud – updated for 2018 https://the-server.ninja/2016/03/26/using-a-raspberry-pi-as-a-squid-proxy-cache/ https://the-server.ninja/2016/03/26/using-a-raspberry-pi-as-a-squid-proxy-cache/#comments Sat, 26 Mar 2016 09:19:57 +0000 http://the-server.ninja/?p=723 I was looking to build *something* that would possibly goody several customers that have slow or laggy internet wangle (ie 2mb broadband or satellite). The solution needed to be forfeit constructive and unobtrusive. I did some research and decided to use Squid. Squid (amongst other things) can enshroud web objects (such as images and executables), speeding up page load times and download times.   Next, I needed some hardware to run Squid on. Squid can run on Linux and Windows computers, but i ruled out Windows as thats a paid licenced product, thus not forfeit effective.  I moreover didnt want to install Squid on a desktop computer, i’d either have to buy a new computer, or re-purpose an old computer – (which can be noisy and unsightly). Both options would moreover slosh significant amounts of energy per year, then not very forfeit effective.   Enter the Raspberry Pi! I decided on the Raspberry Pi (in this specimen a Pi3 – Pi 3B+ now available).  It fitted my requirements exactly.  Low inital outlay, low running yearly costs, no OS licence fee, small and quiet! For this guide, you will need: Raspberry Pi 2, 3 or 3b+ 16GB micro SD vellum minimum (faster the better) 5v Micro USB charger CAT5e subscription unfluctuating to the Pi and your Router Temporary use of a usb keyboard and mouse Temporary use of a HDMI TV / Monitor Once you have completed the inital network configuration, you can connect to your Raspberry Pi via SSH using Putty (default login for the Raspberry Pi is pi and raspberry). So, you’ve got your Pi plugged in, and you’ve installed the latest version of Rasperian OS (if you’re new to Linux and the Pi family, download the NOOBs installer!), now its time to get to work.   NOTE:  I’m not going to show you how to enshroud encrypted SSL traffic (port 443). This guide will show you how to enshroud non encrypted (80) traffic only!   Configure a static IP on the Pi. Remember, unlike Windows, Linux commands are specimen sensitve! This guide is based on Raspbian Jessie!Unshuta shell window and type: sudo nano /etc/dhcpcd.conf Scroll to the end of doc and enter (use a static ip from your subnet, and transpiration the router write to that of your own router). # Set a static ip write interface eth0 static ip_address=192.168.5.250/24         static routers=192.168.5.254 static domain_name_servers=208.67.222.222 208.67.220.220PrintingCtrl + X to quit. Hit Y to save Reboot the Pi for the changes to take effect At the shell window type: sudo reboot Tweaking the Pi:Unshuta new shell window and enter: sudo raspi-config Option 1, expand filesystem Option 9, wide config. A3 memory split. 8. Option 3.Marchingoptions – select marching to CLI. If your running a Raspberry Pi2, you’ll be worldly-wise to overclock it as well! Option 5. Make sure SSH is enabled. Finish / Exit For the changes to take effect, type: sudo reboot At this stage , you will be worldly-wise to SSH onto your Raspberry Pi using Putty.  This will let you remove the keyboard / mouse + monitor, and let you reprinting & paste the remaining commands if you want. Time to update: Next, we want to update our Raspberry Pi with the latest patches. Unshuta new shell window sudo apt-get update sudo apt-get upgrade sudo apt-get dist-upgrade Hit Y if prompted to reboot. Now we have a fully patched and up-to-date version of Rasparian; its time to install Squid. Install Squid: Enter the pursuit in the shell sudo apt-get install squid Configuring Squid:Replacementthe original Squid config file: sudo cp /etc/squid/squid.conf /etc/squid/squidoriginal.conf.bak Edit the config file: sudo nano /etc/squid/squid.conf use Ctrl + W to find each section: http_access indulge localnet = remove the # symbol Find: acl localnet section add the following: acl localnet src YOUR CIDR IP RANGE # Description ie: acl localnet src 192.168.5.0/24 # Home Network Make sure the ip range/cidr matches your networks range Find: # dns_v4_first off remove the # symbol and transpiration off to on. Cache_mem 256 MB Maximum_object_size 4096 MB Maximum_object_size_in_memory 8192 KB Cache_dir ufs /var/spool/squid3 = 8192 (1st variable - this is 8192 MB) Ctrl + X and Y to save & exit.Replacementyour unsimilar squid config file and restart the Squid service: sudo cp /etc/squid/squid.conf /etc/squid/mysquid.conf.bak sudo service squid restart   Make managing Squid easier with Webmin: First, install webmins prereqs; unshut a shell and enter: sudo apt-get -f install sudo apt-get -y install apache2 apache2-suexec-custom libnet-ssleay-perl libauthen-pam-perl libio-pty-perl apt-show-versions samba bind9 webalizer locate mysql-server sudo apt-get install squid-cgi Enter a secure password for MySQL when prompted.: From the shell enter these commands in turn: cd trammels your current path should read as /home/pi pwd sudo mkdir installed-packages cd installed-packages Download the Webmin interface package: sudo wget http://www.webmin.com/download/deb/webmin-current.deb Install Webmin: sudo dpkg -i webmin-current.deb   Once Webmin has been installed; unshut a browser on your pc https://192.168.5.250:10000 Login using the raspberry pi login (default is pi and raspberry). In webmin; you’ll be worldly-wise to retread Squid settings through webmin. Squintunder servers; Squid proxy server. At this stage, its highly likely your webmin config isn’t configured for Squid Pi (should be fine if your pursuit this guide on a Linux ‘Intel / AMD’ PC… You’ll find SQUID subconscious under the In-used modules menu. Click on the edit config button, transpiration squid3 to squid where highlighted. Hit save, then hit the orange wield config button.Withouta minute of so, the Squid services will be restarted and Webmin will work. If you have an error relating to the enshroud manager statistic icon, ssh when onto the Pi, use sudo nano to edit the config file, make the required transpiration and save the file. You may need to reboot the pi. Configuring the client: Set windows browser proxy: Enter the ip write of the Raspberry Pi (192.168.5.250) and port 3128. Restart browser. Clear your browser enshroud and restart the browser.  You should now be using the Squid Proxy server on your Raspberry Pi.  Trammelsthe enshroud log: To trammels the squid enshroud logs, unshut a new shell window and enter: sudo tail -f /var/log/squid/access.log Hits are items stuff pulled from the SquidEnshroudrather than the internet. Summary: If your unlucky unbearable to have a slow or laggy internet connection,  one possible solution for you is to build and test a Squid proxy server.  However, withstand in mind, your mileage may vary as not all objects are cacheable, and certainly any resurgence is less noticiable on fast internet connections such as BT infinity. I performed some “not very scientific” tests using OpenOffice.org.  I found that the download speed of the OpenOffice installer on the first try was 3.9mbs, jumping to 7.9Mb/s without caching once, then maxing out at 9.8Mb/s on the second and subsequent runs (likely a limitation of the Raspberry Pi’s network vellum – which is limited to 100mbs – UPDATE: Raspberry Pi3B+ has a much faster NIC card).     ]]> https://the-server.ninja/2016/03/26/using-a-raspberry-pi-as-a-squid-proxy-cache/feed/ 4 img4 severnd pi pic dhcp squid conf 1.png squid conf 2.png squid conf 3.png squid conf 4.png squid conf 5.png squid conf 6 squid conf 7.png squid conf 8.png mysql1.png webmin1 webmin2 squid changes for vendee proxy 1.png hit log.png Sticker.png tsn signoff Unlimited merchantry broadband from £15.99 a month Tis the season to be infected.. https://the-server.ninja/2015/12/06/tis-the-season-to-be-infected/ https://the-server.ninja/2015/12/06/tis-the-season-to-be-infected/#respond Sun, 06 Dec 2015 11:03:09 +0000 http://the-server.ninja/?p=713 Stay unscratched this xmas.. Tis the Season to be infected…   ]]> https://the-server.ninja/2015/12/06/tis-the-season-to-be-infected/feed/ 0 severnd jolly image tsn signoff Great value Unlimited Broadband from an ribbon winning provider