number of matches found: 169
http://praxistipps.chip.de/windows-10-startmenue-geht-nicht-das-koennen-sie-tun_43348
Sie haben außerdem die Möglichkeit, das Startmenü über die Windows PowerShell zu reparieren:
Drücken Sie die Tastenkombination [Strg] + [Shift] + [Esc], um den Task-Manager zu öffnen.
Klicken Sie unten links auf "Mehr Details".
Suchen Sie im Bereich "Windows-Prozesse" nach dem Eintrag "Windows-Explorer". Klicken Sie ihn mit der rechten Maustaste an und wählen Sie im Kontextmenü "Task beenden" aus.
Klicken Sie in der Menüleiste des Task-Managers zuerst auf "Datei" und anschließend auf "Neuen Task ausführen". Tippen Sie als nächstes "Powershell" (ohne Anführungszeichen) ein.
Geben Sie in der PowerShell diesen Befehl ein: "Get-appxpackage -all *shellexperience* -packagetype bundle |% {add-appxpackage -register -disabledevelopmentmode ($_.installlocation + “\appxmetadata\appxbundlemanifest.xml”)}" (ohne Anführungszeichen).
Nachdem der Vorgang abgeschlossen ist, geben Sie außerdem "Get-AppxPackage | % { Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppxManifest.xml" -verbose }" ein.
Klicken Sie im Task-Manager erst auf "Datei" und dann auf "Neuen Task ausführen". Geben Sie "explorer.exe" (ohne Anführungszeichen) ein und bestätigen Sie mit dem OK-Button.
-> %Public%\Desktop
Windows 7 PC sind: Ich würde empfehlen, einmal das lokale Profil zu entfernen.
Unter C:\Users liegt das Profil selber. Einfach Löschen oder umbenennen.

Der Profileintrag in der Registry muss evtuell auch gelöscht werden, ansonsten erstellt Windows kein neues. Der Eintrag findet sich hier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
Dort die Einträge durchschauen. Einer davon ist für den bestimmten user -- diesen löschen.


-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\profiles\<Profil>


3. Änder den Wert "Category" entsprechend deinen Wünschen ab.

Öffentlich = 0
Privat = 1
Arbeitsplatz = 2
findstr /c: "my search string" xyz*.log

Die Startmenü-Einträge des gerade angemeldeten Benutzers sind im folgenden Ordner zu finden:

Original-Windows-7-Pfad:
C:\Users\[Benutzername]\AppData\Roaming\Microsoft\Windows\Start Menu\
Pfad-Bezeichnung in der deutschen Windows-7-Version:
C:\Benutzer\[Benutzername]\AppData\Roaming\Microsoft\Windows\Startmenü\

Pfad unter Windows XP, 2000, 2003 (dt.):
C:\Dokumente und Einstellungen\[Benutzername]\Startmenü

Die Startmenü-Einträge aller Benutzer sind im folgenden Ordner zu finden:

Original-Windows-7-Pfad :
C:\ProgramData\Microsoft\Windows\Start Menu\
Pfad-Bezeichnung in der deutschen Windows-7-Version:
C:\ProgramData\Microsoft\Windows\Startmenü\

Pfad unter Windows XP, 2000, 2003 (dt.):
C:\Dokumente und Einstellungen\AllUsers\Startmenü

windows 2012 winsxs folder
-> enthält alle komponenten, sind hart verlinkt


Clean up the WinSXS folder from superseded components

You can remove any backup files created during the installation of a service pack by using the following command:

dism /online /cleanup-image /SPSuperseded

Note that after you execute that command you will no longer be able to uninstall the service pack.

To further cleanup any superseded components and reduce the size of the component store execute:

dism /online /cleanup-image /StartComponentCleanup
C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Aufruf: wmic PROCESS
X:\Users\benutzer\AppData\Roaming\Microsoft\Window s\Start Menu

für den einzelnen Benutzer

und

C:\ProgramData\Microsoft\Windows\Start Menu

deployment batch:
set host=hostname

mkdir \\%host%\d$\MSSQL_backup
copy mssql_backup_check.vbs "\\%host%\d$\Program Files (x86)\check_mk\plugins"
sc \\%host% stop "check_mk_agent"
sleep 5
sc \\%host% start "check_mk_agent"

-------------

rem @echo off

set src="d:\my_files\check.ps1

for /f "eol= tokens=1" %%i in (d:\my_files\deploy.lst) do copy /v /y "%src%" "\\%%i\d$\Program Files (x86)\check_mk\local\"
Info zu Benutzer auslesen: net user username /dom
- sc query state= all #alle dienste anzeigen
- sc stop Check_MK_Agent / sc start Check_MK_Agent
#windows prozesse -listening anzeigen
netstat -ano |findstr LISTEN

#prozesse anzeigen
tasklist |findstr putty

ntpserver: 0.de.pool.ntp.org

w32tm /query /status
w32tm /config /syncfromflags:manual /manualpeerlist:0.de.pool.ntp.org /update /reliable:yes
w32tm /config /syncfromflags:manual /manualpeerlist:ntp /update /reliable:yes
net stop w32time
net start w32time
For those that don't have vCenter or want to connect to a stand alone ESXi 5.5 host via the vSphere Client,
you'll need to ssh into the ESXi host and modify the following file: /etc/vmware/rhttpproxy/config.xml

Insert the following xml line into the appropriate section:

<vmacore>
...
<ssl>
...
<cipherList>ALL</cipherList>
...
</ssl>
...
</vmacore>


After saving your changes restart the service:

/etc/init.d/rhttpproxy restart

C:\Users\benutzername\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

+ registry:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband

- indexing alternative sourceforge software: docfetcher
- agent ransack: 64bit version! http://mythicsoft.com/agentransack/download
- http://sourceforge.net/projects/docsearcher/
--> http://www.copernic.com/en/products/desktop-search/index.html --> copernic
--> out of support tool: google desktop search
-> es liegt wohl am 64bit windows
-> Lösung: Microsoft Office 2010 Filter Packs: http://www.microsoft.com/de-de/download/confirmation.aspx?id=17062
sbs 2008 susdb to clean it up: http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/6ba524ba-6cf4-48f3-bcf3-18469ce14552/
Connecting to the Windows Internal Database requires the use of a Named Pipes connection. The connection string you want is:
\\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query
powershell: tail -f
powershell -command "gc D:\Qt\log\log_dispatcherRcvNotEdi.txt -wait"
altes menü etc: classicShell (sourceforge)
Da die Systemwiederherstellung auch in den Systemprogrammen ist versuche:
Start/Ausführen und
%SystemRoot%\System32\restore\rstrui.exe
---> oder einfach rstrui eingeben
NTFS optimieren
8+3-Dateinamen
Bis Win95 durften Dateinamen lediglich 8 Zeichen beinhalten und 3 Zeichen fü die Datei-Erweiterung (.doc, .xls, .pdf). Seit Windows 95 sind Dateinamen bis zu einer Länge von 259 Zeichen möglich und dennoch wird jeder Dateiname zusätzlich im 8+3-Format gespeichert. Da diese Funktion das System bremst und nur gebraucht wird, wenn die Dateien auf alten DOS-Computern genutzt werden (was sicherlich niemand mehr tut), kann man diese unnötige Funktion getrost abschalten.
Dazu gibt man in die Kommandozeile fsutil behavior set disable8dot3 1 ein und drückt die Enter-Taste
Falls danach Netzwerkprobleme auftreten, lässt sich das 8+3-Format wieder mit fsutil behavior set disable8dot3 0 einschalten.


Datei-Zugriffe
Das NTFS-System speichert für jede Datei, wann sie das letzte Mal benutzt wurde - allerdings benötigt man diese Funktion nur sehr selten. So verursacht das öffnen eines umfangreichen Bilderordners viele unnötige Schreibvorgänge, da für jede Datei der letzte Zugriff gespeichert wird (Dateivorschau sei Dank). Das Abschalten kann vor Allem die Lebensdauer von Solid State Festplatten um einiges erhöhen.
Um die unnötige Speicherung abzuschalten, gibt man in die Kommandozeile fsutil behavior set disablelastaccess 1 ein. Damit die Änderungen übernommen werden, muss der PC allerdings neu gestartet werden.
Um die Funktion bei Bedarf wieder einzuschalten, gibt man in die Befehlszeile fsutil behavior set disablelastaccess 0 ein.
cd c:\windows\System32\config
chngpw -l SAM
chntpw -u username SAM
at 10:00 /every:Mo,Di,Mi,Do,Fr "e:\test.cmd"
Perl

If you are behind a firewall, you may need to set the following
environment variables so that PPM will operate properly:

set HTTP_proxy=address:port [e.g. 192.0.0.1:8080]
set HTTP_proxy_user=username
set HTTP_proxy_pass=password
set HTTP_proxy_agent=agent [e.g. "Mozilla/5.0"]


Installing Modules:

set HTTP_proxy=http://proxy:80/ #windows
export http_proxy=http://proxy:80/ #unix

-> search tk
-> install "module name"

-> perl -MCPAN -eshell
net time /setsntp:"192.168.0.1"
net time /querysntp

Registry: see HKEY_LOCAL_MACHINE\SYSTEM\CurrentContorlSet\Services\W32Time\Parameters

automatisch zeit aktuellisieren:
net time \\w2ktsv /set /yes


programm für windows:
http://home.att.net/~Tom.Horsley/ntptime.html#Download%20NTPTime

LINUX:
hwclock --systohc #set the system time from the hardware clock

LINUX & NOTES

The most frequent question I get about Notes and Linux: If you are using
Windows NT, do not let WINE use your Windows NT directory as it's "Windows"
directory (specified in wine.conf or wine.ini). Instead, point WINE at a Win95/98
directory or create a fake "Windows" directory and use that. If Lotus Notes complains
about missing DLLs, you can find the missing DLLs in the Lotus Notes installer
directories and put them in the Windows directory.

Howto (for systems that can dual-boot Linux and Win95/98/NT)

1.Boot into Win98/95/NT and install a copy of Lotus Notes client for Win32 on a
FAT or FAT32 drive partition.
2.If your notes.ini file is in your Windows directory, move it to your Notes executable
directory.
3.Boot into Linux and mount your FAT / FAT32 drive partitions. You may need to set
up entries in /etc/fstab for Linux to recognize and mount these partitions.
4.Verify that you have set up the X Window system and your window manager of
choice.
5.Download a copy of WINE (open-source Windows on UNIX) from
http://www.winehq.com/ WINE is evolving rapidly, each week brings new changes
and greater functionality, so it pays to stay current. WINE releases are named by
release date; releases before 981108 do not run Lotus Notes very well. You can
download binaries in .RPM format or download the source code and build it
yourself.
6.Create or edit the wine.ini file in your home directory. Make sure it includes
mappings for your Windows drives and that your Notes executable directory is on
the path. I run WINE as root (recommended!) so the file should be placed in
/root/wine.ini.
7.If you are using Windows NT, do not set your Windows NT system directory as the
Windows directory under WINE. WINE does not work well with the Windows NT
versions of system DLLs. Better to use an empty "Windows" directory instead.
8.Start the X Window system and your window manager
9.Start Lotus Notes using WINE. You can start 'notes.exe'. My DOS D: drive
partition is visible to linux as /mnt/windows, so: ./wine
/mnt/windows/Lotus/Notes/notes.exe
Second Address Book
Posted by js ha on 10.May.02 at 04:32 AM using a Web browser
Category: Domino Administrator -- General UseRelease: 5.0.4Platform: Windows NT
you may use 2 apporaches.

1) Using Master Address Book ; See the Admin Help database!

2) - classic/simple concept - you should add parameter 'names=names,newly_created_addr_name' in server's notes.ini.


abgelaufener User ...> mit admin tool neu zertifizieren,
danach ganz wichtig, den adminp new starten (in der console):
tell adminp process all new
crontab:
cygrunsrv -I cron -p /usr/sbin/cron -a -D

Cygwin - XServer for Windows ..
http://sources.redhat.com/cygwin/xfree/
-> cygwin installieren -> console starten, install script aus xserver sources starten ...
-> danach: /usr/X11R6/bin in /etc/profile
-> startx
-> Xwindows greppen: XWin -screen 0 800x600 -query 192.168.1.50 -from 192.168.1.10

german keyboard:
-> create .xinitrc: cp /etc/X11/xinit/xinitrc ./.xinitrc
-> setxkbmap de

#background color:
file .xinitrc
xsetroot -solid blue


# start some nice programs
setxkbmap de
twm &
xclock -geometry 50x50-1+1 &
xterm -geometry 80x50+494+51 &
xterm -geometry 80x20+494-0 &
xsetroot -solid blue
exec xterm -geometry 80x66+0+0 -name login

XWin.exe -screen 0 800 600 -fullscreen -depth 32 -refresh 85 -emulate3buttons 100 -nowinkill -unixkill
mount -t smbfs -o username=xxxx,password=xxxx //test12/mnt /windows/test12

//servername/team /mnt/team smbfs credentials=/root/.smbpasswd,uid=ldapsupp,gid=ldapsupp,fmask=660,dmask=775,rw 0 0

kernel >2.6

mount -t cifs -o <username>,<password> //<servername>/<sharename> /mnt/point/

mount -t cifs -o credentials=/root/.smbpasswd //10.10.0.13/webbackup /opt/backup_server/

#######
# mount error(95)
#######
#if you get an error like: mount error(95): Operation not supported, it may help to use version 3 of the smb protocol!
mount -t cifs -o user=user1,password=pwd2,vers=3.0 //<servername>/<sharename> /mnt/point/

>>> in my case, this was necessary using a mount from Debian 10 to a Qnap Discstation TS-231P, after the Discstation was updated to version QTS 5.0.1.2194 (2022/10/22), before the mount worked without version 3.0)
smbclient -U Administrator -L w2ktsv

HKeyLocal Machine\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters.
For Servers edit AutoShareServer with a REG_DWORD Value of 0. For Workstations,
the edit AutoShareWks.
und natürlich mußt du dich shares deaktivieren. ohne den schlüssel in der registry
sind die shares beim nächstenmal wieder aktiv
Auerswald

Für die serielle Schnittstelle müssen folgende Einstellungen in der Systemsteuerung Ihres Windows-Betriebssystems vorgenommen werden:

b) Bits pro Sekunde 9600 Datenbits 8 Parität keine Stopbits 1 Protokoll Xon / Xoff

c) Wenn Sie einen seriellen Drucker direkt an der Anlage verwenden, darf der Rechner nicht parallel zum Drucker angeschlossen sein.

d) Für die Bediensoftware der einzelnen Systeme benötigen Sie unterschiedliche PC-Voraussetzungen. Die entsprechenden Hinweise finden Sie auf der jeweiligen Diskette in der Datei "liesmich.txt".

e) Auf die serielle Schnittstelle darf kein weiterer Gerätetreiber zugreifen. Überprüfen Sie die Einstellungen vorhandener Treiber, z. B. die eines angeschlossenen Modems. Die Maus darf nicht an der seriellen Schnittstelle betrieben werden, an der die Anlage angeschlossen ist.

f) Bei einigen Systemen besteht die Möglichkeit, die Bediensoftware für DOS und Windows zu installieren. Überprüfen Sie den Verbindungsaufbau in diesem Fall mit beiden Betriebssystemen.

g) Unter Windows kann es zu Fehlermeldungen kommen, z. B. "allg. Schutzverletzung". Beheben Sie dieses, indem Sie die auf der CD vorhandene Treiberdatei "ctl3dv2.dll" in Ihr Systemverzeichnis unter Windows kopieren. Sichern Sie in diesem Fall Ihre Originaldatei unter einem anderen Namen.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs

-> start (4) ??
WINE-Settings:
- Basic
- Window Mode: Integration of Wine with X: Unmanaged!!
- Advanced
- Lock & Feel: Specialized Wine options: turn on:
- Use X shared memory
- Double-bufferd desktop

copy file MFC42.DLL to $HOME/.wine/fake_windows/windows/system32
file-transfer to windows xp:
mount -t smbfs -o username=user,password=xyz //192.168.110.1/temp /tmp/wxp

IP Routing,

Enabling IP Routing

By default, IP routing is disabled. To enable IP routing, you must allow the computer to
forward IP packets it receives. This requires a change to the Windows 2000 system registry.
When you enable the Routing and Remote Access service for IP routing,
this registry entry is made automatically.

To enable IP routing

1 .From the Start menu, click Run.

2.Type regedt32.exe or regedit.exe, and then click OK.

3.In a registry editor, navigate to
HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\Tcpip \Parameters

4. Select the "IPEnableRouter" entry.

5. To enable IP routing for all network connections installed and used by this computer, assign a value of 1.
To do this in regedit.exe, right-click the entry, and then click Modify.
In regedt32.exe, click on the wanted entry, click on Edit, and then click on the appropriate menu choice.

6.Close the registry editor.

It is required to reboot Windows 2000 for this change to take effect.

I have used this in a configuration, where the Windows 2000 Professional system works
as a router between an Ethernet network and a USB-network.
How to Create a Startup Boot Disk for Windows XP

The day will come when some files required to start you computer will become corrupted and you won't be able to boot into Windows XP. This can be a heart-sinking event or just another day in the life of a computer user. How can you make it the latter and not the former? Create a Windows XP boot disk before disaster strikes! The boot disk will allow you to start the computer and boot into Windows XP and allow you to begin your troubleshooting. Just do the following to put together your boot disk:

Put a floppy disk into the floppy drive. Click Start and then click the Run command. Type cmd in the Open text box and click OK.
At the command prompt, type format a: and press [ENTER]. Follow the on screen instructions to format the disk.
Open Windows Explorer and go to the C:\ drive. Copy the NTLDR and the NTDETECT.C O M files to the floppy disk.
Click Start and click the Run command. In the Open text box, type Notepad and press [ENTER]. In Notepad, enter the following information:
[boot loader]
timeout=30
Default= multi(0)disk(0)rdisk(0)partition(1)\windows

[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\windows="Windows XP"

These entries will work if you have a single disk with a single partition.

In Notepad, click File and then click the Save As command. In the File name text box, type "a:\boot.i n i" (you must include the quotes, but not the spaces). Click Save. Then click Notepad.
Test your boot disk. Restart the computer with the boot disk still in the floppy drive. You should be able to boot into Windows XP with no problems.

xwd -root |convert - -resize 100x100 test.jpg
/etc/sysconfig/displaymanager
- DISPLAYMANAGER="kdm"
- DISPLAYMANAGER_REMOTE_ACCESS="yes"
- DISPLAYMANAGER_STARTS_XSERVER="yes"

/etc/X11/xdm/xdm-config ist "requestPort" auskommentiert!
/etc/X11/xdm/Xaccess #ips erlauben

+ xdm starten!

/etc/opt/kde3/share/config #interesting config files


# XDMCP access control file in the usual XDM-Xaccess format.
# Default is /opt/kde3/share/config/kdm/Xaccess
xcopy /S /E /H g: e:\my_files
on windows, use dhcploc.exe
>> https://gallery.technet.microsoft.com/DHCPLOC-Utility-34262d82


-----------------------------

on linux, you can use:

1.)
perl script https://sourceforge.net/projects/roguedetect/files/roguedetect/0.3/
(march 2017 >> problems getting it running on centos 7 >> error (tap) Can't get interface IP address at /usr/lib64/perl5/Net/RawIP.pm line 223.


2.) nmap script
https://nmap.org/nsedoc/scripts/broadcast-dhcp-discover.html



check a mailserver with nice little windows tool: http://znil.net/index.php?title=ZnilTools:Telnet_SMTP_Test_Tool
http://kb.parallels.com/de/115007

use Parallels Transporter Agent ...
this commands where used cleaning up an ubuntu 16 version, removing xwindow related packeages

- remove x11 and components belonging to x11: apt-get purge libx11.* libqt.*
- sudo apt-get autoremove # Uninstall unneeded Packages
- sudo apt-get autoclean # Delete packages no longer installe
#####################################################
#
# checkDomainAdmins.pl
#
# check_mk local check that uses net use command to validate number of users found in group
#
# needs perl .. recommendation is: http://strawberryperl.com/
#
# tested on a windows 2012 server
#
# (c) by m.wendig v2017-08
#
#####################################################
use Data::Dumper;
use strict;

my %group2check;
$group2check{'Domänen-Admins'}=28;
#$group2check{'other-group'}=20;
#print Dumper(%group2check);

foreach my $group ( keys %group2check ){
my $startline=0;
my $usercount=0;
my $userline='';
my $numberOfUsers=$group2check{$group};

#print "checking group: $group\n";

#choose the right character set because of german special character
open(IN,"chcp 1252 & net group /dom $group 2>nul |");
while(<IN>){
chomp($_);
my $line =$_;
$line =~ s/^\s*//;
$line =~ s/\s*$//;
next if $line eq "";
next if $line =~ /^Der Befehl wurde erfolgreich/;
next if $line =~ /^The command completed successfully/;
if ($startline){
#print "$line\n";
my @larr = split /\s\s*/,$line;

#print Dumper(@larr);
foreach my $elem (@larr){
$usercount++;
$userline.="$elem,";
}
}

$startline = 1 if $line =~ /^-------------------------------------------------/;
}
close(IN);

$group =~ s/ä/ae/g;
if ($numberOfUsers == $usercount){
print "0 group_$group member=$usercount number of found users: $usercount, names $userline\n";
}else{
print "2 group_$group member=$usercount number of found users: $usercount, error number should be $numberOfUsers!! $userline\n";
}
}
search for "windows 10 media creation tool"

>> you can download the iso image or create a bootable usb stick:
https://www.microsoft.com/de-de/software-download/windows10
use this shortcuts to make screenshots under apple / ios:

Cmd-Shift-3 : screen of complete screen

Cmd-Shift-4 : screenshot of a choosen rectangle

Cmd-Shift-4 : screenshot of choosen windows, select using space key

>> the screenshot is afterwards on the desktop as png picture
on windows use the <shift> key and <right mouse key>
C:\Windows\System32\LogFiles\Firewall

Windows-Firewall mit erweiterter Sicherheit >> Protokollierung >> hier anschalten
#wake on lan inuc (works with latest inter bios + driver under windows 10)
inuc1: etherwake -i br0 94:c6:91:14:62:03
inuc2: etherwake -i br0 94:C6:91:14:68:2c


#shutdown windows 10 remotly

idea: user samba-comman package on linux and then command "net rpc shutdown"

settings on windonws 10 to get it running:
problem 1: Connection failed: NT_STATUS_IO_TIMEOUT
solution : open windows fireall port 445 for linux machine

problem 2: Could not initialise pipe winreg. Error was NT_STATUS_OBJECT_NAME_NOT_FOUND
sc config RemoteRegistry start=auto
sc start RemoteRegistry

(2) problem: you get error: WERR_CALL_NOT_IMPLEMENTED on linux
solution: registry editor
>> HKLM/Software/Microsoft/Windows/CurrentVersion/Policies/System
>> create DWORD with vale LocalAccountTokenFilterPolicy >> set value to 1



execute shutdown on linux
net rpc shutdown -f -t0 -S inuc1 -U user%password
net rpc shutdown -f -t0 -S inuc2 -U user%password


#https://automatetheboringstuff.com/chapter18/
#pip install pyscreenshot
#pip install pyautogui
#
#if you have all screenshots just print them to a pdf printer, like explained here:
#https://www.howtogeek.com/248462/how-to-combine-images-into-one-pdf-file-in-windows/

import pyautogui
import pyscreenshot as ImageGrab
import time


if __name__ == '__main__':

pyautogui.PAUSE = 1
pyautogui.FAILSAFE = True

x=1860
y=530

#hochformat
x=1053
y=955


pyautogui.moveTo(x, y, duration=0.25)

for i in range(1125):
pyautogui.click(x, y, duration=0.25)
#time.sleep(1)
#im=ImageGrab.grab(bbox=(994,90,1708,1000)) # X1,Y1,X2,Y
#hochformat
im=ImageGrab.grab(bbox=(60,305,1026,1600)) # X1,Y1,X2,Y
#time.sleep(1)
im.save('img/screenshot_'+str(i)+'.png')

## Windows server (tested on 2012R2)
w32tm /config /reliable:yes
reg add
HKLM\system\currentcontrolset\services\w32time\timeproviders\ntpserver /v enabled /t REG_DWORD /d 1 /f net stop w32time net start w32time
Files under: C:\Windows\SoftwareDistribution\

https://social.technet.microsoft.com/Forums/ie/en-US/d1816c14-f953-4068-b3f0-e49558fe0845/datastoreedb-file?forum=winserverfiles

For a complete cleaning (clearing also the whole update history):
1.net stop wuauserv
2.delete all files inside the C:\Windows\SoftwareDistribution\Download directory
3.delete the DataStore.edb into C:\Windows\SoftwareDistribution\DataStore
4.net start wuauserv
>> solution: set mtu size of interface to a smaller value



C:\WINDOWS\system32>netsh interface ipv4 show subinterface

MTU Medienerkennungsstatus Bytes eingehend Bytes ausgehend Schnittstelle
------ --------------- --------- --------- -------------
1500 1 329087247 46687094 WLAN
1500 5 0 0 LAN-Verbindung* 2
4294967295 1 0 270372 Loopback Pseudo-Interface 1
1404 1 266411 76107 Hamachi


set mtu to 1280
>>>>> netsh interface ipv4 set subinterface Hamachi mtu=1280

>> to have the setting after reboot do a "store=persistent":
netsh interface ipv4 set subinterface „$AdapterName“ mtu=1280 store=persistent


ps: see also: https://aktuelles.computer-fuechse.com/294/unitymedia-vpn-probleme-ipv4-ipv6-geloest.htm
>> solution

stop the automatic scheduled cleaning job

http://tipps4you.de/tipp-62-win7.html
using wmi:

C:\> wmic /node:<TARGET-System> softwarefeature list brief /format:htable > soft.htm

problem: after cloning a 120gb ssd harddrive to a 500gb ssd, windows 10 does not want to startup

booting from recovery cd + cmd line command:
bootrec /rebuildbcd
didn't help to fix the issue

----

the following helped:

Type each command then hit <Enter>:

bcdedit /export C:\bcd_save
c:
cd boot
attrib bcd -s -h -r
ren c:\boot\bcd bcd.save
bootrec /RebuildBcd


see also:
https://www.groovypost.com/howto/fix-windows-10-wont-boot-startup-repair-bootrec/
problems: windows 10 start takes very long (60 seconds or so)

solution: search for "EnableULPS" in the registry and set the value to "0"

reboot > and the machine is booting as it should be (in a few seconds with a ssd)

if you want to understand the reason why .. there is a explanation in german:
https://www.pctipp.ch/tipps-tricks/kummerkasten/hardware/artikel/windows-10-so-loesen-sie-die-tempobremse-83139/?forcedesktop=1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search

>> change

AllowCortana

to "0"
Problem: after a vmware virtual server (windows 2012) was using 10gbit instead of 1gbit it was not able anymore to build up valid tcp session to some specific hosts

Solution: after using wireshark we found out, that the difference was the tcp ECN bit, which was set when using 10gbit

>> disable ecn on the virtual windows machine:
netsh int tcp set global ecncapability=Disabled

>> check windows settings:
netsh int tcp show global

see also:
- https://de.wikipedia.org/wiki/Explicit_Congestion_Notification
- http://lifeofageekadmin.com/network-performance/
Falls jemand mal itunes Backups auf einen anderen PC verschieben möchte, könnte diese Info nützlich sein:

- windows 10 microsoft itunes app: C:\Users\wema\Apple\MobileSync\Backup
- andere itunes versionen: C:\Users\wema\AppData\Roaming\Apple Computer\MobileSync\Backup
Überwachung der Router arp Einträge:

- snmpwalk auszuführen und die mib tabelle: IP-MIB::ipNetToMediaPhysAddress auszulesen
>> man erhält auch die aktuelle IP

Der snmp befehl wäre (müsste unter windows mit snmptools auch gehen):
snmpwalk -v 2c -c public 192.168.x.x IP-MIB::ipNetToMediaPhysAddress
Oder:
snmpwalk -v 2c -c public 192.168.x.x .1.3.6.1.2.1.4.22.1.2
command line commands:
- tzutil /l #show all possible time zones
- tzutil /g #show current time zone
- tzutil /s "Central America" #change time zone to "Central America"


see also: http://woshub.com/how-to-set-timezone-from-command-prompt-in-windows/
validate windows ldap / active directory using checkmk:

since we use ssl / port 636 we set in: /etc/openldap/ldap.conf
TLS_REQCERT never
(see details below if you are interested)

run ldap test in command line:
/omd/versions/default/lib/nagios/plugins/check_ldaps -H 192.168.2.10 -b 'dc=company,dc=local' -D 'cn=my-bind-user,dc=company,dc=local' -P 'my password' -p 636 --ssl
>> result: LDAP OK - 0,020 seconds response time|time=0,020456s;;;0,000000

configure a rule in checkmk:
- Wato > Active checks > Check access to Ldap service:
Base DN: dc=company,dc=local
Authentication:
Bind DN: cn=my-bind-user,dc=company,dc=local
passwrd: my password
TCP Port: 636
Use LDAPS
Explicit hosts: my ldap server
>> this leads to the service check command: check_mk_active-ldap! -H $HOSTADDRESS$ -b 'dc=company,dc=local' -D 'cn=my-bind-user,dc=company,dc=local' -P 'my password' -p 636 --ssl


-----------------------------------------------------------------------------------------------------------
>> TLS_REQCERT in detail:

TLS_REQCERT <level>
Specifies what checks to perform on server certificates in a TLS
session, if any. The <level> can be specified as one of the
following keywords:

never The client will not request or check any server
certificate.

allow The server certificate is requested. If no certificate is
provided, the session proceeds normally. If a bad
certificate is provided, it will be ignored and the
session proceeds normally.

try The server certificate is requested. If no certificate is
provided, the session proceeds normally. If a bad
certificate is provided, the session is immediately
terminated.

demand | hard
These keywords are equivalent. The server certificate is
requested. If no certificate is provided, or a bad
certificate is provided, the session is immediately
terminated. This is the default setting.




#!/bin/bash
###################################################################
#
# mountSMBgio.sh
#
# use gio mount to mount smb shares in the user scope, and link
# the mounted path to a defined directory
#
# gio is the successor of gvfs and is used since Ubuntu 18.04LTS.
# gio is also used in Linux Mint: https://linuxmint.com/
#
# gio stand for Gnome Input / Output library
#
# credentials needs to be stored in homedirectory - file .smbcredentials:
#
# format of file .smbcredentials:
# USER
# Active Directory Domain / leave emtpy if there is no Active Directory
# PASSOWRD
#
#
###################################################################

MOUNTDIR=~/mnt-photos
SMBSRV=storage1
SMBDIR=photos

#gio mount script
#!/bin/bash
gio mount smb://$SMBSRV/$SMBDIR <~/.smbcredentials

DIR="/run/user/$UID/GVfs/smb-share\:server\=$SMBSRV\,share\=$SMBDIR"
#echo $DIR

#set link to mount-point
ln -s $DIR $MOUNTDIR



##helpful commands
#see gio mounts
#gio mount -l -i

problem:
error message: cannot install on local hard drive

solution:

in cmd window as administrator run the following:
>> msiexec /i packagename.msi /q

ProLiant ML350 G6
ILO2: latest firmware (2021 - january): 2.33 from 03/20/2018
Integrated Lights-Out 2 supports Microsoft Internet Explorer version 7.0 or greater, Firefox version 1.9.1 or greater, and Mozilla version 1.6 or greater. Some functionality may not work and pages may not format correctly on other browser platforms. This browser platform reports it is "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36"

>> for remote console use a windows xp machine ;-))

vmware support for this hardware
>> vmware esxi 5.5 works and is supported (not 6.0 and above!!)
- zeroconf "standard"
- wireshark mDNS filter: dns and udp.port eq 5353
- windows commands:
- dns-sd -B _airplay._tcp #show up airplay devices in local network (in same vlan)
- dns-sd -B _servcies._dns-sd._udp #see available services in local network (in same vlan)
- switching environment:
problem with different vlan's: client can not find apple tv
>> solution on hpe switch: mdns gateway vlan 3,4,10
>> see also: https://www.youtube.com/watch?v=gMUnkp6Ao8o
Monitoring Mircrosoft Exchange Transport Queue

---------------------------------------
-- Hint!! On Windows side the perfmon (Windows performance registry (Winperf)) counters muste be enabled, to see something!
---------------------------------------

checkmk - windows agent version 1.6x

>> read out microsoft exchange MSExchangeTransport Queues as checkmk service
>> - MSExchangeTransport Queues: msx_queues

#########################
# in file check_mk.user.yml
#########################

winperf:
enabled: yes

# changes only section name winperf_******
# prefix: winperf

# default value, increase for heavy loaded machine
# timeout: 10

# Select counters to extract. The following counters
# are needed by checks shipped with check_mk.
# Format:
# - id:name
# where id is OS counter and name is part of CHECK_MK Header
counters:
#- 638: tcp_conn
#- Terminal Services: ts_sessions
- MSExchangeTransport Queues: msx_queues


#########################
# Windows command line
#########################
check config:
C:\Program Files (x86)\checkmk\service>check_mk_agent.exe showconfig winperf

output:
# Environment Variables:
# MK_LOCALDIR="C:\ProgramData\checkmk\agent\local"
# MK_STATEDIR="C:\ProgramData\checkmk\agent\state"
# MK_PLUGINSDIR="C:\ProgramData\checkmk\agent\plugins"
# MK_TEMPDIR="C:\ProgramData\checkmk\agent\tmp"
# MK_LOGDIR="C:\ProgramData\checkmk\agent\log"
# MK_CONFDIR="C:\ProgramData\checkmk\agent\config"
# MK_SPOOLDIR="C:\ProgramData\checkmk\agent\spool"
# MK_INSTALLDIR="C:\ProgramData\checkmk\agent\install"
# MK_MSI_PATH="C:\ProgramData\checkmk\agent\update"
# Loaded Config Files:
# system: 'C:\Program Files (x86)\checkmk\service\check_mk.yml'
# bakery: 'C:\ProgramData\checkmk\agent\bakery'
# user : 'C:\ProgramData\checkmk\agent\check_mk.user.yml'

# winperf
enabled: yes
exe: agent
prefix: winperf
timeout: 10
counters:
- 234: phydisk
- 510: if
- MSExchangeTransport Queues: msx_queues
- 238: processor


reload config / checkmk agent:
C:\Program Files (x86)\checkmk\service>check_mk_agent.exe reload_config
Reloading configuration...
Asking for reload service
Asking for reload executable
Done.


in checkmk client output, you should see now the section: "winperf_msx_queues":
>> check with telnet <ip-address>

<<<winperf_msx_queues>>>
1613038628.96 44486 10000000
6 instances: total_excluding_priority_none none_priority low_priority normal_priority high_priority _total
2 0 0 0 0 0 0 rawcount
4 0 0 0 0 0 0 rawcount
6 0 0 0 0 0 0 rawcount
8 0 0 0 0 0 0 rawcount
10 0 0 0 0 0 0 rawcount
12 0 0 0 0 0 0 rawcount
14 0 0 0 0 0 0 rawcount
16 0 0 0 0 0 0 rawcount
18 0 0 0 0 0 0 rawcount
20 0 0 0 0 0 0 rawcount
22 0 0 0 0 0 0 rawcount
24 0 0 0 0 0 0 rawcount
26 0 0 0 0 0 0 rawcount
28 0 0 0 0 0 0 rawcount
30 44132 0 22613 21519 0 44132 rawcount
32 44132 0 22613 21519 0 44132 counter
34 44132 0 22613 21519 0 44132 rawcount
36 44132 0 22613 21519 0 44132 counter
38 0 0 0 0 0 0 rawcount
40 0 0 0 0 0 0 rawcount
42 0 0 0 0 0 0 rawcount
44 0 0 0 0 0 0 rawcount
46 0 0 0 0 0 0 rawcount
48 0 0 0 0 0 43124 rawcount
50 0 0 0 0 0 43124 counter
52 0 0 0 0 0 43124 rawcount
54 0 0 0 0 0 43124 counter
56 0 0 0 0 0 0 rawcount
58 0 0 0 0 0 0 rawcount
60 0 0 0 0 0 0 rawcount
62 0 0 0 0 0 0 rawcount
64 0 0 0 0 0 0 counter
66 0 0 0 0 0 0 rawcount
68 0 0 0 0 0 0 rawcount
70 0 0 0 0 0 0 rawcount
72 0 0 0 0 0 38311 rawcount
74 0 0 0 0 0 38311 counter
76 0 0 0 0 0 67 rawcount
78 0 0 0 0 0 0 rawcount
80 0 0 0 0 0 0 rawcount
82 0 0 0 0 0 2 rawcount
84 0 0 0 0 0 1 rawcount
86 0 0 0 0 0 100 rawcount
88 0 0 0 0 0 0 rawcount
90 0 0 0 0 0 0 rawcount
92 0 0 0 0 0 0 rawcount
94 0 0 0 0 0 0 rawcount
96 0 0 0 0 0 0 rawcount


######################
# in checkmk there are new 4 services, default warning is 500, critical: 1000
######################
Queue Active Mailbox Delivery warning: 250 critical: 500
Queue Active Remote Delivery warning: 250 critical: 500
Queue Poison Queue Length warning: 1 critical: 10
Queue Retry Remote Delivery warning: 250 critical: 500


Eventlog Monitoring:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/sso_event_log_configure.html
Group Policies

On your domain controller, you must configure group policies that require Windows clients to audit logon events.

Open the Group Policy Object Editor and edit the Default Domain Policy.
Make sure the Audit Policy (Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy) has the Audit account logon events and Audit logon events policies enabled.
Open a command prompt and run the command gpupdate/force /boot.
Motherboard Z390-A PRO (MS-7B98) MSI - trouble with more than 4 GPU
--> with CPU Intel Pentium Gold G5400 + 4GB RAM

Problem:
-----------------------------------------------------------

when the computer starts we get the following message, and have to visit always the Bios settings:

"!!!! PCI Resource ERROR !!!
PCI OUT of Resoures Condition:

ERROR: Insufficient PCI Resources Detected!!!

System is running with Insufficient PCI Resources!
In order to display this message some
PCI devices were set to disabled state!
It is strongly recommendet to Power Off the System
and remove some PCI/PCI Express cards from the system.
...... "


Solution:
-----------------------------------------------------------

using the following settings with the BIOS from January / February 2021, 6 Graphic devices (GPUs) could be successfully used:

Settings/Advanced/PCIe/PCI Sub-system Settings
- PEG0 - Max Link Speed: Gen1
- PCI Latency Timer: 32 PCI Bus
- Above 4G memory/crypto Currency mining: Enabled

Settings/Advanced/Integrated Peripherals
- HD Audio Controller: Disabled


Settings/Advanced/Integrated Graphics Configuration
- Initiate Graphic Adapter: IGD

Settings/Advanced/Super IO Configuration
- Serial Port: Disabled
- Parallel Port: Disabled

Settings/Advanced/Power Managenment Setup
- Restore after AC Power Loss: Power On

Settings/Advanced/Windows OS Configuration:
- Windows 10 WHQL Support: UEFI
- FAST Boot: disabled

Settings/BOOT:
- POST Beep Enabled
- Boot mode slect: UEFI

>>> The most importend setting, is setting the Integrated Graphics Adapter to "on" (Initiate Graphic Adapter: IGD),
after that, the warning vanished, and the systems runs stable
#useful command to find out more about windows certificates
certutil

#see all options
certutil -?

#content of clients trusted root certification authority certificate
certutil -enterprise -viewstore Root

#see information about given *.cer or *.crl / certificate file
certutil <filename>

#see user certificate store >> this shows all user certificates
certutil -user -store my
checkmk - windows netstat plugin: netstat_an.bat

1) on windows system install checkmk agent > 1.6
1.) enable netstat plugin by copy netstat_an.bat
from source: c:\Program Files (x86)\checkmk\service\plugins
to destination: c:\ProgramData\checkmk\agent\plugins
2) now you should see netstat information in the plugin output
(test using: telnet <ip> 6556)

3) to see something in checkmk you need to enable a manual check!
Manual Checks:
>> Monitor specific TCP/UDP connections and listeners
- Checktype: win_netstat - Established TCP Connections or TCP/UDP Listeners


hints:
see also this discussion on checkmk forum: https://forum.checkmk.com/t/windows-netstat-howto/23563/3
problem: because of windows security enhancements the plugin does not deliver values anymore

solution: add a path to the schtask command:

>> added:
- cd $env:systemroot
- cd system32
- $tasks = .\schtasks.exe /query /fo csv -v | ConvertFrom-Csv

instead of just running "$task = schtask /query ...."


--- the workaround code with the enhancement is here below:
#
# Monitor Windows Tasks
#
cd $env:systemroot
cd system32

Write-Host "<<<windows_tasks:sep(58):encoding(cp437)>>>"
$lang = Get-UICulture | select -expand LCID
if ($lang -eq 1031){
$tasks = .\schtasks.exe /query /fo csv -v | ConvertFrom-Csv
mtu size windows detect

- https://github.com/PowerShell/PowerShell/releases
- with powershell 7.1:
Test-Connection 8.8.8.8 -MtuSizedetect
Setup Windows Plotting machine
- installed standard chia client
- enter your security seed
- disable now upnp:
>> find chia.exe under
old path : c:\users\<username>\AppData\Local\chia-blockchain\app-1.1.1\resources\app.asar.unpacked\daemon\
new path: C:\ProgramData\<username>\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon>

>> chia.exe configure --enable-upnp false
>>restart application to active the change

-----------------

see also article > Farming on many machines > How to harvest on other machines that are not your main maschine
>> this is more secure but more complex ;-)
- https://github.com/Chia-Network/chia-blockchain/wiki/Farming-on-many-machines
- the main thing here is: then creating plots on the other harvesters, use chia plots create -f farmer_key -p pool_key, inserting the farmer and pool keys from your main machine.
Alternatively, you could copy your private keys over by using chia keys add, but this is less secure. After creating a plot, run chia plots check to ensure everything is working correctly.
let's have the scenario:
- domain controller is in trusted network
- a domain member is in DMZ, for example a Remote Desktop Farm and the users are authenticated through the domain

->> you need to open a lot of ports to get things running

>> see also document at microsoft page: Service overview and network port requirements for Windows
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements

my sample firewall rule look like this:

rds / windows server > to domain controller
53 udp dns
88 tcp kerberos
123 udp ntp
135 tcp location servcies
389 tcp ldap unsecure
445 tcp smb
636 tcp ldap secure
3268 tcp ldap gc
3269 tcp ldap secure gc
49152-65535 tcp upper portrange


if you use wireshark to check this error you see a tftp timeout and you thing there is a "network problem"
>> this was not the case in my case. The problem was a audio problem.
After I reset the audio settings to default and rebooted the machine the problem was gone

> there is a tool that is called "collect data", that comes with the softphone client software. You can use this tool to analyse the error, just press windows button and enter "collect data" to find and start the tool!
>> under section plugins, set enabled to yes and define the pattern to match "veeam_backup_status.ps1". Don't forget to set async to yes and the cache age to for example 3600, to execute the script only once an hour.

-------------
file ... check_mk.user.yml :

# $CUSTOM_PLUGINS_PATH$ -> is ProgramData/checkmk/agent/plugins
# $BUILTIN_PLUGINS_PATH$ -> is Program Files(x86)/checkmk/service/plugins

plugins:
enabled: yes
execution:
- pattern: $CUSTOM_PLUGINS_PATH$\veeam_backup_status.ps1
async: yes
timeout: 120
cache_age: 300
retry_count: 2



# enabled: yes

# max_wait: 60 # max timeout for every sync plugin. Agen will gather plugins data no more than max_wait time.
# this is useful to terminate badly written or hanging plugins


# async_start: yes # start plugins asynchronous, this is default

# folders are scanned left -> right, order is important
# all files from folders are gathered and verified, duplicated files will be removed
# folders: ['$CUSTOM_PLUGINS_PATH$', '$BUILTIN_PLUGINS_PATH$' ] # ProgramData/checkmk/agent/plugins & Program Files x86/checkmk/service/plugins

_execution:
# *********************************************************************************************
# PATTERNS:
# patterns 1. Absolute path: 'c:\Windows\*.exe' or '$CUSTOM_PLUGINS_PATH$\win_license.bat'
# 2. Only Filename: 'mk_*.exe' or win_license.bat
# IMPORTANT: if you use relative path, then Agent takes only filename
# 'win_license.bat' and 'include\win_license.bat' are the same
#
# PRIORITY:
# Most important is top-most pattern:


----------------------------------------------------------------------------------------------------------------------------------------------------------------------

useful hint!!
make sure that the yaml file check_mk.user.yml is still valid, after changing something within the file!
>> use a validator for test
>> https://www.computer2know.de/yaml-file-syntax-validator:::625.html

to test if the cached settings in the checkmk config file were set correctly, check the output of the checkmk client (telnet <ip> 6555),
and look for the <<<veeam_.... >>> line >> the line should contain a "cached" information, like the sample below:

<<<veeam_tapejobs:sep(124):cached(1643120016,7200)>>>
JobName|JobID|LastResult|LastState
Backup-to-Tape-weekly|a969d385-f322-4c48-83d1-0343257fdf3341|Success|Stopped


see "server manager" >> local server >> team adapter

instruction in german
https://www.windowspro.de/wolfgang-sommergut/nic-teaming-konfigurieren-windows-server-2012-r2

in static mode the switch side on hpe switches (procurve) looks like this:

trunk 1-5 trk1
interface 1
name nic1
exit
interface 2
name nic2
exit
interface 3
name nic3
exit
interface 4
name nic4
exit
interface 5
name nic5
exit
commands:
1)grep -E "^(menuentry|submenu)" /boot/grub/grub.cfg | cut -d"'" -f2 | nl -v0
> you should see the menu entries now
2) edit "/etc/default/grub" and change entry "GRUB_DEFAULT"
3) run command "update-grub" to update the boot-loader

https://askubuntu.com/questions/1341389/need-to-change-default-boot-order-instead-of-ubuntu-21-04-to-windows-7
just use the simple opensource tool: WhyNotWin11

https://www.heise.de/download/product/WhyNotWin11
to install for example Microsoft Office Home & Business 2016 or 2019 in the old way, without have a microsoft account ready, you can use:

>> Microsoft Windows and Office ISO Download Tool.

https://www.giga.de/downloads/microsoft-windows-and-office-iso-download-tool/
using a root cron job:

cronjob:
33 9 * * * mk-job backup-checkmk-site omd backup <sitename> /opt/backup_mount_smb/<sitename>.tar >/dev/null

mount smb file system, in /etc/fstab
//<smb-server-name-or-ip>/<backupshare> /opt/backup_mount_smb cifs credentials=/root/.smbcredentials 0 0
search for "windows 10 media creation tool"

>> you can download the iso image or create a bootable usb stick:
https://www.microsoft.com/de-de/software-download/windows10


>> download iso
>> extract iso file (for example with 7zip)

#now let's run setup with parameter
setup.exe /auto upgrade
ClearPass Admin Access via Active Directory
- see also Workshop: https://www.youtube.com/watch?v=L2U_IjWFmUI

- Configuration -> Services
>> make a copy of Default Service Rule [Policy Manager Admin Network Login Service]
[ square braket’s mean default rule ]
call the new server “yoursuffix_Policy Manager Admin Network Login Service”
- Reorder new service > move to first position
- Service configuration:
- Authentication Tab: Authentication Sources
remove [Local User Repository]
remove [Admin User Repository]
add your Active Directory “Authentication Source”
- Roles >> no Role Mapping
- Enforcement
>> make a copy of Default Enformement Policy [Admin Network Login Policy]
[ square braket’s mean default rule ]
call the Enforcement Policy “yoursuffix_Admin Network Login Policy”
>> Add a Rule:
Authorization:your-Active-Directory-authentication source
memberOf EQUALS “your-add-group”
>> Profile Names: choose [TACACS+ Super Admin]

- Test login in private browser windows + check under Monitoring > Access Tracer

- User “admin” will always work!
open certificate in windows > open tab certification path
- select each certificate from path list for example
-- Sectigo RSA Domain Validation Secure Server CA
----- Sectigo
>> press button "show certifcate" > under "more" > select copy to file > now you have it
>> if you select der format >> you get a binary format
>> if you select Base-64-coded >> you get a ascii readable format
SSL - how to view details of a .cer file using certutil on windows

command: certutil -f urlfetch -verify your-cert-file.cer
windows server - how to change a subnet mask of a dhcp scope

for example change subnet mask from a scope 172.16.0.0/16 to 172.16.99.0/24

1) export to xml file using powershell
Export-DhcpServer -Computername <name of computer> -Leases -File C:\export_dhcpserver.xml -verbose

<name of computer could be 127.0.0.1 or localhost if do export the configuration directly from the server>

2) make a copy of the exported file, name it: import_dhcpserver.xml

3) edit the import_dhcpserver.xml file and replace the dhcp scope section,
and all lease entries that reference to the section name:

3.1) dhcp scope section, change the ScopeId + the subnet mask
<Scopes>
<Scope>
<ScopeId>172.16.99.0</ScopeId>
<Name>intern</Name>
<SubnetMask>255.255.255.0</SubnetMask> #change subnet mask here
<StartRange>172.16.99.1</StartRange>


3.2) dhcp lease entrie, make sure to change the ScopeId to the new scope id
<Lease>
<IPAddress>172.16.99.177</IPAddress>
<ScopeId>172.16.99.0</ScopeId> #change the scope ip here


4) delete the scope id(s) from the dhcp server, using the dhcp admin tool

5) now import the new file:
Import-DhcpServer -Computername <name of computer> -Leases -File C:\import_dhcpserver.xml -BackupPath C:\dhcpbackup\ -Verbose


6) Restart both DHCP client and Server services

7) check the dhcp tool if everything looks fine
when restarting windows, it may happen that windows performs a quick restart
--> some services are not restarted and this can lead to errors


fix
###



to disable this option permanently you can execute the following command in the command line:

>> powercfg /H off
nice and simple ping tools to measure availability in your network

(1)
PingInfoView - Ping monitor utility
https://www.nirsoft.net/utils/multiple_ping_tool.html

(2)
Multiping Grapher
just a simple exe file, software is not up2date anymore but still works
https://www.heise.de/download/product/multiping-grapher-38992
checkmk problem when monitoring mssql database > error: msoledbsql - the provider cannot be found!

error message:
-------------------------------------------------------------------------
Microsoft (R) Windows Script Host, Version 5.812
Copyright (C) Microsoft Corporation. Alle Rechte vorbehalten.

?<<<mssql_instance:sep(124)>>>
<<<mssql_databases:sep(124)>>>
<<<mssql_counters:sep(124)>>>
<<<mssql_tablespaces>>>
<<<mssql_blocked_sessions:sep(124)>>>
<<<mssql_backup:sep(124)>>>
<<<mssql_transactionlogs:sep(124)>>>
<<<mssql_datafiles:sep(124)>>>
<<<mssql_cluster:sep(124)>>>
<<<mssql_jobs:sep(09)>>>
<<<mssql_versions:sep(124)>>>
<<<mssql_connections>>>
<<<mssql_instance:sep(124)>>>
<<<mssql_instance:sep(124)>>>
MSSQL_INSTANCENAME|config|14.0.1000.169|Standard Edition|
<<<mssql_instance:sep(124)>>>
MSSQL_INSTANCENAME|state|0|Connecting using provider msoledbsql. ERROR: Der Provider kann nicht gefunden werden. Möglicherweise ist er nicht richtig installiert worden. Connecting using provider sqloledb. ERROR: Fehler bei der Anmeldung für den Benutzer "". ERROR: Fehler bei der Anmeldung für den Benutzer "". (SQLState: 42000/NativeError: 18456). Connecting using provider sqlncli11. ERROR: Fehler bei der Anmeldung für den Benutzer "". ERROR: Fehler bei der Anmeldung für den Benutzer "". (SQLState: 28000/NativeError: 18456).
-------------------------------------------------------------------------


solution option 1:
--------------------------
in the plugin file mssql.vbs search for line:
>>>> 'For Each connProv in Array("msoledbsql", "sqloledb", "sqlncli11")
and change the line to:
>>>> For Each connProv in Array( "sqloledb", "sqlncli11")

now the mssql.vbs plugin will probably run without error!

solution option 2:
-------------------------
>> install the msoledbsql plugin on your database server, see also:
https://docs.microsoft.com/de-de/sql/connect/oledb/applications/installing-oledb-driver-for-sql-server?view=sql-server-ver15
read the readme file that comes with the update package.

document the theoretical update path, if you have to apply several update steps, like for example, if you have E0703 installed, the update path would be:
imc: JG748AAE 7.3 (E0703)
>> update path: 7.3 (E0705)
>> update path: 7.3 (E0706)>> P06
>> update path: 7.3 (E0706P06) >> update Hotfix (because of log4j security issue)

Once you have downloaded and extraced the update files in a directory that can be access by the IMC server and its Deployment Monitoring Agent, you can follow this steps (this steps are also within the readme file!)

update steps:
--------------------------------

1 Back up the IMC database on the Environment tab in the Deployment Monitoring Agent.
2 Manually copy the IMC installation directory to a backup path.
3 Stop IMC in the Deployment Monitoring Agent.
4 Restart IMC server.
5 Click Install on the Monitor tab of the Deployment Monitoring Agent
6 Select the windows/install/components directory in the upgrade package and click OK.
7 Click OK in the popup message dialog box.
8 Click Start in the Upgrade Common Components dialog box to upgrade common components.
9 After common components are upgraded, click Close.
10 In distributed deployment mode, stop the Deployment Monitoring Agent on the master server and restart the Deployment Monitoring Agent on every subordinate server. Click Yes in the popup message dialog box to upgrade common components on every subordinate server.
11 The Deployment Monitoring Agent displays all components that need to be upgraded. Click OK to start upgrading.
12 In distributed deployment mode, upgrade all components deployed on every subordinate server.
13 After all components are updated, start all processes in the Deployment Monitoring Agent.


----------------------------------------------------------------------------
>>>> when you have trouble after the update:
----------------------------------------------------------------------------
if the IMC does not start after your update session, make sure to undeploy all packages that have still an old version, like vor example the old WLAN management module etc.
checkmk - how to handle Windows event logs / logwatch messages

sometimes you want to ignore or change the status some windows event logs if you are monitoring the using the checkmk windows agent.

1) create a test event in system logs
eventcreate /ID 999 /L System /SO TestSourceSystem /T ERROR /D "this is a test critical test message"

2) in checkmk you will get a Critical message for service Log System, now let us create a rule, so that the event
should be shown as "warning" instead of "critical"

3.) create a rule > add a Logfile pattern rule
- Setup > Services > Service monitoring rules > Logfile patterns
- Create rule in folder "Main directory" / or another directory that you want to choose
- Description: this is a test critical test message
- Logfile pattern > Add pattern:
choose State "Warning" + Pattern "this is a test critical test message"
- Logfile to match: System

4.) test the rule - using "Try Pattern Match"
- at the service of the host click on: Log System > Open Log
- select the message "TestSourceSystem this is a test critical test message", by clicking on the symbol in the left
- now the dialog "Setup > Services > Service monitoring rules > Logfile patterns >
Logfile patterns of logfile System on host xyz" opens:
- press the "Try out" button, and see if the defined rule from step "3" matches

5.) final test
-> create the event again --> step 1
here is a list of windows ftp server

- very minimalist, but it works:
https://www.rebex.net/tiny-sftp-server/
for quick download you can use the following links

windows agent:
http://<IP||Hostname>/<Your-Sitename>/check_mk/agents/windows/check_mk_agent.msi


##################################################################
# HPE IMC - using SFTP / SCP to upload firmware
##################################################################

if you need to debug SFTP / SCP process there are log files under
/opt/iMC/server/conf/log/*.log ....
This logs are a bit confusing .. so sometimes it makes sense to have the understand
how the copy process will work manual. Therefore some testing was made. Here comes the result:

-----------------------
prerequisites
-----------------------
To turn on the secury copy feature it is necessary to set "ip ssh filetransfer" on the switch:

using the command show ip ssh, you see the settings:
(config)# show ip ssh

SSH Enabled : Yes Secure Copy Enabled : Yes
TCP Port Number : 22 Timeout (sec) : 120
Host Key Type : RSA Host Key Size : 2048

>> Secury Copy Enabled has to be yes!


------------------------
sftp firmware deploy tests / using manual sftp / psftp / scp commands
------------------------

FIRMWARE located on IMC
firmware that is stored in the ICM software database is located in directory: <IMC directory>/server/data/image,
for example:
windows: c:\program files\iMC\server\data\image
/opt/iMC/server/data/image/YA_16_11_0003.swi
/opt/iMC/server/data/image/YA_15_18_0007.swi

FIRMWARE destionation on HPE / Aruba / procurve switch
the firmware files are under directory:
- /os/primary
- /os/secondary

- copy via sftp by using the psftp command from IMC
lets copy firmware YA_15_18_0007.swi via SFTP to a HPE Aruba 2530 8 Port Switch (J9774A):

#starting in directory: /opt/iMC/server/bin/

/opt/iMC/server/bin/psftp -P 22 admin@10.0.0.99
#once you are logged in change the local data path using command:

psftp> lpwd
Current local directory is /opt/iMC/server/bin
psftp> put ../data/image/YA_16_11_0003.swi /os/secondary
local:../data/image/YA_16_11_0003.swi => remote:/os/secondary

>> file copied successfully

- copy via scp (scp from a linux machine)
scp /opt/iMC/server/data/image/YA_15_18_0007.swi admin@10.0.0.99:/os/secondary
scp /opt/iMC/server/data/image/YA_15_18_0007.swi radiususer1@10.0.0.99:/os/secondary
>> both user local + radius authenticated "radiususer1" worked!!


- copy via IMC pscp command:
/opt/iMC/server/bin/pscp -P 22 /opt/iMC/server/data/image/YA_15_18_0007.swi admin@10.0.0.99:/os/secondary
/opt/iMC/server/bin/pscp -P 22 /opt/iMC/server/data/image/YA_15_18_0007.swi radiususer1@10.0.0.99:/os/secondary
>> both user local + radius authenticated "radiususer1" worked!!

#there are two flags, where you can choose the protocol
-sftp force use of SFTP protocol
-scp force use of SCP protocol

#on switch side, you see in the log:
01/05/90 00:26:47 00637 ssh: scp session from 10.0.0.10
or
I 01/05/90 00:25:17 00636 ssh: sftp session from 10.0.0.10
I 01/05/90 00:26:21 00163 update: Firmware image contains valid signature.
I 01/05/90 00:26:30 00150 update: Secondary Image updated.

##copy from windows
C:\Program Files\iMC\server\bin>pscp.exe -P 22 ..\data\image\YA_16_11_0003.swi radius.user1@10.0.0.99:/os/secondary
radius.user1@10.0.0.99's password:
YA_16_11_0003.swi | 14846 kB | 159.6 kB/s | ETA: 00:00:00 | 100%
# option -scp (speed about 800kbit)
# option -sftp (speed about 150kbit)


- IMC copy command settings:
cat /opt/iMC/server/conf/ssh_sftp_client.cfg

#linux putty

ssh-cmd = plink -P $port [-i $key-file] $user-name@$device-ip
sftp-cmd = psftp -P $port [-i $key-file] $user-name@$device-ip

- After have done some "manual" testing, lets use IMC -> Service > Deployment Task to deploy some switch firmware
to switches


------
- further readings
-------

Execute command in sftp connection through script:
https://unix.stackexchange.com/questions/315050/execute-command-in-sftp-connection-through-script

useful stuff regarding ssh/sftp and hpe switches:
https://www.kagerer.net/category/hp-switch/page/2/


essential information from youtube videos of Airhead Broadcasting channel:


---------------------------------------------------------------------------------------------------
Aruba ClearPass Workshop (2021) - AOS-CX Wired #1 Wired 802.1X
---------------------------------------------------------------------------------------------------
- see also: HPE Aruba Wired Enforcement Guide
- 802.1x on windows: services > Wired AutoConfig > set to automatic
after service is enabled, an "authentication" tab is visable in the network settings of the interface
>> decide between user or computer authentication
- in clearpass create a network device + a shared secret
- port bounce: interface 1/x/x > shutdown > no shutdown
- in clearpass create a a 802.1X Wired service, choose active directory as authenticaton source


---------------------------------------------------------------------------------------------------
Aruba ClearPass Workshop (2021) - AOS-CX Wired #2 Wired User Roles
---------------------------------------------------------------------------------------------------
- Rolebased access with local user roles
- best practise enable accounting: aaa accounting port-access start-stop interim 60 group clearpass
- best practise enable client visability:
client track ip #enable on global level
vlan xx
client track ip #enable per vlan
#on uplink port do a: client track ip disable
- in Clearpass Enforcement profile assign a role: for example admin
- create role on switch:
port-access role admin
vlan access name Management VLAN
- check on switch with: show port-access clients
- make username visable > create enforcement profile that reads out the username and sends it back via radius,
than the "show port-access client" will also show the username,
you can make the same with the computername
- Video about Aruba Dynamic Segmentation on AOS-CX: downloadable user roles and more


---------------------------------------------------------------------------------------------------
Aruba ClearPass Workshop (2021) - AOS-CX Wired #3 Device Profiling
---------------------------------------------------------------------------------------------------
- device profiling: dhcp profiling, ip helper on core switch
- trigger a new dhcp request: Clearpass Access Tracker -> Change Status > choose port bounce


---------------------------------------------------------------------------------------------------
Aruba ClearPass Workshop (2021) - AOS-CX Wired #4 Wired MAC Authentication
---------------------------------------------------------------------------------------------------
- default setting the switch will first try and timeout for 802.1X before it attempts MAC Authentication,
default timeout is 2 minutes and 30 seconds
>> solution: port-access onboarding-method concurrent enable
- configure the Profiling tab in our service to automatically trigger a port bounce as soon as ClearPass profiles a new or changed device.
- Clearpasss Radius Mac Authentication service
- enable Profile Endpoints
- Authentication Method: Allow All Mac Auth (with All only "known" endpoints are considered)
- Authentication Source: Endpoint Repository (so you can use the profiling information)
- Profiler: Radius CoA Action > AOS-CX Bounce Port, triggered it to "Any category / OS Family / Name",
so if the device is connection the first time it will be bounced, and we know the device type


---------------------------------------------------------------------------------------------------
Aruba ClearPass Workshop (2021) - AOS-CX Wired #5 Wired MAC Enforcement
---------------------------------------------------------------------------------------------------
allow role based traffice for the endpoint

- define some classes, like: "class ip class-dns", "class ip class-private", "class ip class-pbx"
- bring the classes together to policies:
port-access policy pol-internet
10 class ip class-dhcp
20 class ip class-dns
30 class ip class-private action drop
40 class ip class-any
- port-access role profiler
associate policy pol-profile
vlan access name Untrusted VLAN
- port-access role machine
vlan access name Corporate VLAN
- port-access role voip
associate policy pol-voip
vlan access name Voice VLAN

- in clearpass define roles, and define rolemapping
- in clearpass define enforcement profiles, to return the role names, for example:
Radius:Aruba > Aruba-User-Role(1) = voip
Radius:Aruba > Aruba-User-Role(1) = profiler

- check with "show port-access clients" on switch

---------------------------------------------------------------------------------------------------
Aruba ClearPass Workshop (2021) - AOS-CX Wired #6 Wired Device behind phone - AP with tagged VLANs
---------------------------------------------------------------------------------------------------
- allow more devices behind a port:
interface 1/1/1-1/1/24
aaa authentication port-access client-limit 3 #default is one
- show client ip
- special role for a accesspoint, the special thing is the "auth-mode":
port-access role instant-ap
vlan trunk native name Management VLAN
vlan trunk allowed name Guest1 VLAN
vlan trunk allowed name Guest2 VLAN
auth-mode device-mode
- auth-mode:
client-mode: authenticate all devices
device-mode: authenticate just the first device
multi-domain: authentication for the native vlan and one for the voice vlan

- check with "show port-access clients" >> Authentication Mode should be seen as "device-mode"

Support for SSH (plink) was added on the Resource > Device View page in the Windows operating system.

1) Click Download SSH (Plink) File in the right action pane to download the SSH (Plink) file to your local client.
2) Decompress the downloaded SSH (Plink) file to the C:\localssh directory.
3) Double-click registry file localssh_reg.reg in the C:\localssh\ directory to import it, and restart the browser and login again.
4) On the details page for a device, click the SSH (Plink) link to remotely log in to the device.

Support for checking the max server memory was added for SQL Server installatio
windows 10 - how to allow access to usb port devices in a RDP remote desktop session?

Problem:
in a remote desktop session it was not possible to connect to the usb connect CrossChex Time Attendance & Access Control device

Solution:
- set the right group policy!

1) Edit Group Policy
2) Local Group Policy Editor: Computer Configuration > Administrative Templates > System > Removable Storage Access
(in german this is: Wechselmedienzugriff!)
3) in the folder locate entries that have something to do with remote access - set this policies to enabled
(in german it is: Remotezugriff auf die Plug & Play-Schnittstelle zulassen)
4) apply the policy and reboot the system
using a german apple keyboard

- backslash \ : <right alt key> + <ctrl key> + <ß key>
sample script:

#script name: run_backup.bat

set myDate=%date:~-4%_%date:~3,2%_%date:~0,2%__%time:~0,2%_%time:~3,2%_%time:~6,2%
set BackupFile=d:\backup\backup_appname_%myDate%.7z

"C:\Program Files\7-Zip\7z.exe" a -t7z -mhe=on %BackupFile% D:\directory-to-backup
you need to make the following settings in the check_mk.user.yml file:

>> under section plugins, this will query the updates once a day and caches the result


plugins:
enabled:yes

execution:
- pattern : '$CUSTOM_PLUGINS_PATH$\windows_updates.vbs'
timeout : 900
async : yes
cache_age : 86400


#hint .. make sure to keep always a clean yaml file ...
windows service name in english: wired autoconfig
windows service name in deutsch: Automatische Konfiguration (verkabelt)
https://www.wintotal.de/tipp/windows-10-uhrzeit-falsch/

>> user different timeserver as default microsoft server:
- <windows + R> (execute) > enter "timedate.cpl"
- choose "internet time", change the default server there to a new server, for example for Germany you can use: "ptbtime1.ptb.de" as server

byte packets overview: netstat.exe -e
statistics for protocols: netstat.exe -s
statistics per interface: powershell Get-NetAdapterStatistics
how to use built-in symmetric encryption?

1) create a rule to access the target using a shared password
>> Setup menu and create a rule in the Setup > Agents > Access to agents > Checkmk agent > Encryption (Linux, Windows)

2) on target host, configure the agent to run in encrypted mode
>> create file: /etc/check_mk/encryption.cfg
>> using the following content:

ENCRYPTED=yes
PASSPHRASE='MyPassword'

>> give the file the right access rights (on linux)
chmod 600 /etc/check_mk/encryption.cfg

3) how to test?
3.1 on agent machine just run a "check_mk_agent" .. you should see only strange letters
3.2 test with telnet using "telnet agentmachine 6556" .. you should also see only strange leters
3.3 on checkmk server, run the command "cmk -d agentmachine" .. you should see the normal agent data


#see also:
https://docs.checkmk.com/latest/en/agent_linux_legacy.html
https://www.heise.de/download/product/pping-92985

#check responsibility of port tcp 3389
pping -t <destination-ip || hostname> 3389
sometimes you need a list of all the files on a harddrive, you can use some nice tools, for example:

- https://www.sttmedia.de/dateilistenschreiber
- direct windows download: https://www.sttmedia.de/download=FilelistCreatorWin64
https://techcommunity.microsoft.com/t5/windows-11/lldp-in-windows-11-build-22h2-triggers-an-stp-shutdown-on-the/m-p/3667178

it seams that windows-11-h2 uses a spanning tree reserved mac-address in it's lldp packet >> the destination address is: 01:80:c2:00:00:00

according to
https://standards.ieee.org/products-programs/regauth/grpmac/public/
this mac-adress should not be used in lldp packets ..

######################################################
# iperf Durchsatzmessung
######################################################
Durchsatzmessungen mit iPerf
iPerf Vorstellung
• iPerf ist ein weltweit eingesetztes, anerkanntes Open Source Tool für Bandbreitenmessungen
• Verfügbar seit über 15 Jahren und kostenlos erhältlich für die meisten Betriebssysteme
• Ermöglicht das Konfigurieren von TCP-Parametern wie z.B. TCP Window- und Segment-Size
• Achtung: Gemäss Erfahrungen von cnlab Experten greifen die TCP-Parameter bei verschie-
denen Betriebssystem unterschiedlich. Mit Wireshark überprüfen!
• Misst Paketverluste und Latenz-Schwankungen (Jitter)
• Generiert Übertragungsdaten ohne Zugriff auf die Speichermedien (ist dadurch schneller)
• Das iPerf Programm wird auf zwei (oder mehr) Stationen installiert
• Die Funktion, ob Client oder Server, wird durch die Befehlseingabe definiert (siehe Beispiel unten)

Client mit iPerf: iperf -c 192.168.0.200 -w 2M
Server mit iPerf: iperf -s -w 2M

Durchsatzmessungen mit iPerf3
Neue Funktionen von iPerf3
• iPerf3 ist eine komplette Neuentwicklung und ist nicht kompatibel mit älteren iPerf Versionen
• Neu müssen die TCP Parameter für Server und Client nur noch auf dem Client definiert werden!
• Der Client übermittelt diese Parameter vor der Messung über eine TCP Session an den Server

Client mit iPerf3: iperf3 -c 192.168.0.200 -w 2M
Server mit iPerf3: iperf3 -s

öffentliche iperf server: https://iperf.fr/iperf-servers.php

beispiel: iperf3 -c bouygues.iperf.fr -w 2M -R
-w 2M: TCP Windows Size: 2 Mbyte
-R reverse direction (download)


- beispiel aufrufe:
iperf -c 172.17.4.234 -i 2 -t 30 #intervall messungen, alle 2 sekunden - 30 sekunden lang
iperf -c 172.17.4.234 -i 2 -t 30 -P 3 #intervall messungen, alle 2 sekunden - 30 sekunden lang - 3 parallele streams


siehe auch: https://iperf.fr/iperf-download.php
-- restart machine
-- press the key: <command> + <s> at same time - when you see the black screen, if you have a windows keyboard use <windows key> + <s>
-- you should see the root# prompt
-- to make modifactions to files run: "mount -uw /"
-- now delete a file: "rm /var/db/.AppleSetupDone"
-- reboot the machine - command "reboot"
-- when the machine now comes up, the welcome screen comes up >> let's configure the new system

commandline commands:
- query user #show active sessions and the session id
- tscon #terminal session command

details can be found here:
- https://www.computerwoche.de/a/was-sie-ueber-rdp-hijacking-wissen-sollten,3549536?utm_source=First+Look&utm_medium=email&utm_campaign=newsletter&pm_cat%5B1%5D=software+allgemein&tap=3ab7853c0a6321c45c1895e180293b35 (german)
under windows the configuration files are stored under:
c:\Users\<username>\.nagstamon

in this directory there is a file "nagstamon.conf" with the common settings and in the "servers" directory there are server specific configuration files

this information should fit to version >= 3.x

see also:
https://nagstamon.de/documentation
pktmon is a build in packet sniffer for windows. It is available via the pktmon.exe command, and via Windows Admin Center extensions.

commands:
- pktmon start help
- pktmon counters help

#run a realtime sniffing session
- pktmon start --etw --log-mode real-time


#save sniffing to file:
pktmon start -c --comp 12 --pkt-size 0 -f cap1.etl

#convert etl format to wireshark
pktmon etl2pcap cap1.etl --out cap1.pcapng

#see also
https://www.securitynik.com/2020/08/beginning-packet-capturing-with-windows.html
https://majornetwork.net/2023/05/capturing-packets-on-windows-with-packet-monitor-pktmon/
Windows Defender Firewall > settings > Logging:

here you can turn on logging, make sure that you turned on writing the dropped log

the log files can be found here:

C:\Windows\System32\LogFiles\Firewall
you can monitor citrix information, things like
- Citrix Serverload
- Citrix Sessions

use the plugin citrix_farm.ps1 for that and install the plugin on the citric controller machine. The checkmk agent on that machine needs to run under a user with citrix admin rights!!

>> the plugin reads out the performance values for all citrix machines and gives back the data to the citrix machines using the piggyback mechanism. Maybe you need to use the ruleset "Hostname translation for piggybacked hosts" to match the piggyback output to the hosts.

##see also:
https://forum.checkmk.com/t/check-mk-deutsch-windows-agent-dienst-unter-anderem-user-laufen-lassen/4562/5
a batch script, that you can use with robocopy:


set source_directory=C:\path\to\source\directory
set destination_directory=D:\path\to\destination\directory

set /P answer="Are you ready for the backup? (Y/N) "

if /I "%answer%"=="Y" (
robocopy %source_directory% %destination_directory% /MIR /R:3 /W:10 /IF

if %errorlevel% neq 0 (
msg * "Robocopy sync failed! Please check the log file for details."
exit /b %errorlevel%
)
pause
msg * "Robocopy sync completed successfully!"

) else (
msg * "Backup process cancelled."
)



---------------------

another example, with an UNC target directory:
robocopy C:\source_folder \\servername\shared_folder /MIR /USER:username /PASSWORD:password

/IF option can be used, if you only want to copy if the destination directory exists!
checkmk 2.1 > [agent] Success, Missing monitoring data for plugins: wmi_cpuload <<WARN>>

the problems seams to be that sometime that windows machine, does not deliver wmi data and since
checkmk version 2.1 the handling of the missing data on the server side is different, so that we get a warning.
It is said that updating the client agent also to version > 2.1 should improve that, but if you need a quick solution
you can take the advise from the checkmk article:

https://forum.checkmk.com/t/update-from-2-0-0p22-to-2-1-missing-monitoring-data-for-plugins-wmi-cpuload/31815/45

on your checkmk server modify the file wmi_cpuload.py:
/omd/versions/default/lib/python3/cmk/base/plugins/agent_based/wmi_cpuload.py

--------------------------------------------------------------------------------
Original
--------------------------------------------------------------------------------
try:
load = wmi_tables["system_perf"].get(0, "ProcessorQueueLength")
timestamp = get_wmi_time(wmi_tables["system_perf"], 0)
computer_system = wmi_tables["computer_system"]
except (KeyError, WMIQueryTimeoutError):
return None
assert load
--------------------------------------------------------------------------------


--------------------------------------------------------------------------------
changed version
--------------------------------------------------------------------------------
try:
load = wmi_tables["system_perf"].get(0, "ProcessorQueueLength")
except (KeyError, WMIQueryTimeoutError):
load = 0.0

try:
timestamp = get_wmi_time(wmi_tables["system_perf"], 0)
except (KeyError, WMIQueryTimeoutError):
timestamp = 0.0

try:
computer_system = wmi_tables["computer_system"]
except (KeyError, WMIQueryTimeoutError):
return None




--------------------------------------------------------------------------------



ps:
- when I tested this I was running CEE 2.1.0.p22
- make sure to make no unindent level errors when editing the file wmi_cpuload.py!
>> you can verify this by running an inventory query from command line
>> OMD[your-site]: cmk -I a_windows_host
How to change the result panel order column?

- check the settings-conf file!
"C:\Users\username\AppData\Roaming\DocFetcher\conf\programs-conf.txt"


# By default, the program initially sorts the results by score. To change the
# initial sorting criterion, specify the number of the column to sort by here.
# The numbering starts at 1. Zero and out-of-range values will be ignored.
# If the value is negative, the sorting is reversed, e.g., "-2" means "sort by
# second column, but in reversed order".
InitialSorting = -8

.. if you want to dort by latest date use -8



see also
- https://sourceforge.net/p/docfetcher/wiki/FAQ/
if you search for the good old network settings under windows just run a:

execute: ncpa.cpl

(c:\windows\system32\ncpa.cpl)

Problem: service SQLServer (JTLWAWI) was not automatically started, and fails when trying to do it manually

>> check log files: C:\Program Files\Microsoft SQL Server\MSSQL15.JTLWAWI\MSSQL\Log\...lates log

Error: Initializing the FallBack certificate failed with error code: 15, state: 29, error number: 0.

2023-03-22 17:56:58.29 Server Database Instant File Initialization: deaktiviert. For security and performance considerations see the topic 'Database Instant File Initialization' in SQL Server Books Online. This is an informational message only. No user action is required.
2023-03-22 17:56:58.30 Server Total Log Writer threads: 3. This is an informational message; no user action is required.
2023-03-22 17:56:58.32 Server clflush is selected for pmem flush operation.
2023-03-22 17:56:58.32 Server Software Usage Metrics is disabled.
2023-03-22 17:56:58.35 spid11s Starting up database 'master'.
2023-03-22 17:56:58.45 spid11s 4 transactions rolled forward in database 'master' (1:0). This is an informational message only. No user action is required.
2023-03-22 17:56:58.49 spid11s 0 transactions rolled back in database 'master' (1:0). This is an informational message only. No user action is required.
2023-03-22 17:56:58.58 Server Common language runtime (CLR) functionality initialized using CLR version v4.0.30319 from C:\Windows\Microsoft.NET\Framework64\v4.0.30319\.
2023-03-22 17:56:58.83 spid11s Resource governor reconfiguration succeeded.
2023-03-22 17:56:58.83 spid11s SQL Server Audit is starting the audits. This is an informational message. No user action is required.
2023-03-22 17:56:58.84 spid11s SQL Server Audit has started the audits. This is an informational message. No user action is required.
2023-03-22 17:56:58.86 spid11s FILESTREAM: connected to kernel driver RsFx0600. This is an informational message. No user action is required.
2023-03-22 17:56:58.87 spid11s FILESTREAM: effective level = 2 (remote access disabled), configured level = 2, file system access share name = 'JTLWAWI'.
2023-03-22 17:56:58.87 spid11s FILESTREAM feature is enabled. This is an informational message. No user action is required.
2023-03-22 17:56:59.00 spid11s SQL Trace ID 1 was started by login "sa".
2023-03-22 17:56:59.01 spid11s Server name is 'WAWI-SERVER\JTLWAWI'. This is an informational message only. No user action is required.
2023-03-22 17:56:59.05 spid29s Error: 17190, Severity: 16, State: 1.
2023-03-22 17:56:59.05 spid29s Initializing the FallBack certificate failed with error code: 15, state: 29, error number: 0.
2023-03-22 17:56:59.06 spid29s Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.
2023-03-22 17:56:59.06 spid29s Error: 17182, Severity: 16, State: 1.
2023-03-22 17:56:59.06 spid29s TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support.
2023-03-22 17:56:59.06 spid29s Error: 17182, Severity: 16, State: 1.
2023-03-22 17:56:59.06 spid29s TDSSNIClient initialization failed with error 0x80092004, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors.
2023-03-22 17:56:59.06 spid29s Error: 17826, Severity: 18, State: 3.
2023-03-22 17:56:59.06 spid29s Could not start the network library b


>> https://blog.sqlauthority.com/2018/11/12/sql-server-initializing-the-fallback-certificate-failed-with-error-code-1-state-20-error-number-0/

>> it looks like the user profile, from the service user is corrupted in the registry
>> check the profiles: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\

>> in our case, there was a .bak profile .. we renamed the new created profile and removed the .bak from the old profile name and everything was fine again
Solution:

> Server Manager > Server Configuration > Cluster-Wide Parameters

set the following to true:
- Automatically download Posture Signature and Windows Hotfixes Updates
- Automatically download Endpoint Profiler Fingerprints


To debug Wired AutoConfig (WAC) messages in Windows, you can follow these steps:

1. Open the Event Viewer: Press the Windows key, type "Event Viewer," and select the "Event Viewer" application.

2. In the Event Viewer, navigate to "Applications and Services Logs" -> "Microsoft" -> "Windows" -> "Wired-AutoConfig."

3. In the "Wired-AutoConfig" section, you will find logs related to the Wired AutoConfig service.

4. Look for events with the Event ID 5007. These events correspond to WAC messages and can provide information about any issues or errors encountered by the service.

5. Click on an event to view its details. The event's description will contain information about the error message and any associated details that can help diagnose the problem.

6. Pay attention to the specific error messages, error codes, and other details mentioned in the event description. These can provide clues about the root cause of the issue.

Additionally, you can enable additional logging for Wired AutoConfig to gather more detailed information. To enable verbose logging for WAC, you can modify the registry settings by following these steps:

1. Press the Windows key, type "regedit," and select the "Registry Editor" application.

2. In the Registry Editor, navigate to the following location:
```
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dot3svc\Parameters
```

3. Create a new DWORD (32-bit) value named "EventLogLevel" if it doesn't already exist.

4. Set the value of "EventLogLevel" to 0xFFFFFFFF (hexadecimal) to enable verbose logging.

5. Restart your computer to apply the changes.

After enabling verbose logging, check the Event Viewer again for updated logs with more detailed information about the Wired AutoConfig service.

Remember to be cautious when modifying the registry. Incorrect changes to the registry can cause system instability, so it's always a good practice to create a backup or restore point before making any modifications.
################################################################
# Windows Powershell - Certificates commands
################################################################


#get user certificates
Get-ChildItem -Path Cert:\CurrentUser\My

#show root certificates
Get-ChildItem -Path Cert:\LocalMachine\Root

#show specific root certificates
Get-ChildItem -Path Cert:\LocalMachine\Root -Filter "IssuedTo=OpenAI"

#show to delete a certificate
certutil -delstore Root <Thumbprint>

#show root certificates with a match
Get-ChildItem Cert:\LocalMachine\Root\ | where-Object {$_.subject -Match "yourmatch"}

#show root certificates with a match and details (fl = format-list cmdlet)
Get-ChildItem Cert:\LocalMachine\Root\ | where-Object {$_.subject -Match "yourmatch"} | fl


#delete specific root certificates
Get-ChildItem Cert:\LocalMachine\Root\ | where-Object {$_.subject -Match "yourmatch"} | remove-item

on the side where you want to receive the screen, make sure that under windows 10 the optional feature "wireless screen" (in german: Drahtlose Anzeige) is installed and enabled. You need also to make sure that the "receiving app" (in german: Verbinden App) is started!

on the sending computer just press a <windows key>
<k> and select the receiver

----------------------------------------

see also:
https://support.microsoft.com/de-de/windows/inhalte-eines-bildschirms-auf-ihrem-pc-spiegeln-oder-projizieren-5af9f371-c704-1c7f-8f0d-fa607551d09c
Problem:
there are no ActiveSiteServices anymore afters some windows updates

when digging deeper into the error, we found out that the citrix powershell command "Get-BrokerController" gets no information for ActiveSiteServices anymore:
https://developer-docs.citrix.com/en-us/citrix-virtual-apps-desktops-sdk/current-release/Broker/Get-BrokerController.html

Solution:
not known yet - no checkmk problem, maybe update citrix version and check afterwards if the powershell script Get-BrokerController gets some information afterwards

https://github.com/ypid-bot/check_mk/blob/master/agents/windows/plugins/citrix_farm.ps1
While ($True) {
(netsh wlan show interfaces) -Match '^\s+Signal' -Replace '^\s+Signal\s+:\s+',''
Start-Sleep -s 1
}
--------------------------------------

more details:
netsh wlan show interfaces
by default it is not possible to create a good old offline account, you need to enter a microsoft account etc, but there is a workaround:

1) when you are beeing ask to enter your microsoft account >> enter a@a.com under email account > press enter
2) enter a "random" password
> since this account is locked anyway you are able now to process to step 3
3) now enter you "local" name and create your local account: admin or so

see also:
https://beebom.com/how-create-local-account-windows-11/

#process a csr request from console on windows server
certreq -submit -attrib "CertificateTemplate:<Name>"
the exit code of the last program call is written to variable
>> ERRORLEVEL

how to test?
- open command line
- run command "dir"
- print error level: echo %ERRORLEVEL%
>> you should get a 0 as error code

- run command "blabla" (a command that does not exist)
- print error level: echo %ERRORLEVEL%
>> you should get a 9009 as error code
monitor
----------
to monitor windows tasks with checkmk copy the "windows_tasks.ps1" script from:

"C:\Program Files (x86)\checkmk\service\plugins\windows_tasks.ps1"

>> to

"C:\ProgramData\checkmk\agent\plugins\windows_tasks.ps1"

after that the agent should deliver information about the scheduled tasks on that host


rules
------

if you want different states depending on the exit code from the windows task you can create a rule to match specific exit codes

checkmk > setup > Windows Tasks > Add Rule

!warning! the name of the windows task usually starts with a "\" so you need to define the task name with double slashes ("\\")

example: \\WindowsTaskTest$
SMBv1 is an old protocol, that should not be used if possible, but sometimes it has to be used:

how to turn on / check?
- start a powershell with administrative privileges
- check the settings: Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
- activate: Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
- disable: Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

**maybe a reboot makes sense after enabling / disabling
#the following command produces a html report
netsh wlan show wlanreport
>> use robocopy!

robocopy C:\source C:\destination /COPYALL /E /R:0 /DCOPY:T

/E : copy directory recursively
/COPYALL : copy all file informations
/R:0 : the number of retries on failed copies
/DCOPY: T : preserver original directories timestams
run: resmon.exe

in german: Resourcenmonitor via taskmanager

an alternative program is tcpview in case you want to understand who is talking to whom on the network stack: https://learn.microsoft.com/de-de/sysinternals/downloads/tcpview
tcpview it gives you deep insight above network connectivity
<strg> <r> ... start command line with Administrator rights

use the following command to see the windows 10 license code:
wmic path softwarelicensingservice get OA3xOriginalProductKey
see actual kerberos tickets:
klist tickets

delete actual tickets from cache
klist purge

wireshare filter to use:
kerberos
restart_check_mk.cmd

rem runs with agent version v2.2
net stop CheckmkService
net start CheckmkService
pause
exit

rem runs with agent <= v1.6
rem net stop Check_MK_Agent
rem net start Check_MK_Agent
rem pause
https://docs.checkmk.com/latest/en/agent_windows.html
https://docs.checkmk.com/latest/en/agent_deployment.html

Automatic agent updates
- Signature keys for signing agents
- Passphrase for signing key: xyz (don't forget to save this signing key!)

>> bake agent
>> install agent
>> register the agent from windows commandline
C:\Windows\system32> "C:\Program Files (x86)\checkmk\service\cmk-agent-ctl.exe" ^
register ^
--hostname mynewhost ^
--server cmkserver --site mysite ^
--user agent_registration --password "xyz..."
>> register for automatic update
"C:\Program Files (x86)\checkmk\service\check_mk_agent.exe" updater register
>> with automation user
CredSSP is used within remote desktop (rdp) connections ...

how to check the CredSSP (Credential Security Support Provider) encryption oracle setting?


(1)
command prompt - with administrative privileges:
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters /v AllowEncryptionOracle

(2)
powershell:
Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters' -Name AllowEncryptionOracle

(INFO)
Here is what the different values for AllowEncryptionOracle mean:
0 (Force Updated Clients): Only updated clients (with the CredSSP update) can connect.
1 (Mitigated): Clients without the update can connect, but without CredSSP encryption (less secure).
2 (Vulnerable): No protection, allowing any client to connect (least secure).

In this example, the AllowEncryptionOracle value is 0x2, which corresponds to 2 (Vulnerable).

If the setting is not present, it means the default configuration is being used, which typically corresponds to the most secure setting (i.e., only updated clients are allowed).
szenario: update iMC to version E710P04 on a new operating system

before: iMC PLAT 7.3 (E0705P02) on Windows 2016
after: iMC Plat 7.3 (E0710P04) on Windows 2022

there is some documentation about this migration from HPE:
- HPE_IMC_Windows_Migration_Guide.pdf (from 2023)
- HPE IMC Windows Migration Guide - HPE IMC Windows Migration Guide-a00038008en_us.pdf

update steps:
-> update the old imc version on the old server to the latest server, we needed this steps:
update steps:
iMC PLAT 7.3 (E0705P02) > iMC PLAT 7.3 (E0705P12) [success] > iMC PLAT 7.3 (E0706) [success]
> iMC PLAT 7.3 (E0706P11) [success] > iMC PLAT 7.3 (E0708) > iMC PLAT 7.3 (E0708P3)
> iMC PLAT 7.3 (0710) > iMC PLAT 7.3 (071004)

-> after that run a final database backup, and prepare the new server with the latest iMC version

==================================================
!! before restore the database make sure to follow this steps!!
==================================================
From Relase Notes of the latest version
Before restoring the old database on the new migrated system, please copy $iMC/common/conf/ks.dat and$iMC/server/conf/imchw.conf files from the old IMC server to the corresponding directories on all IMC platform andsubordinate servers, including the remote database server.
Reboot all the servers so the encryption keys take effect.
Restore the database.


>> script:

# Define the certificate stores to search
$stores = @("My", "Root", "CA", "TrustedPublisher", "AuthRoot", "TrustedPeople", "Disallowed")

# Print the header line
Write-Host "<<<local>>>"

foreach ($storeName in $stores) {
try {
# Open the certificate store
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store($storeName, 'LocalMachine')
$store.Open("ReadOnly")

# Get certificates from the store
$certificates = $store.Certificates

foreach ($cert in $certificates) {
# Extract the first Common Name (CN) from the certificate's subject and remove all
$firstCN = ($cert.Subject -split ',').Trim() | Where-Object { $_ -like 'CN=*' } | Select-Object -First 1 | ForEach-Object {
($_ -replace 'CN=', '').Trim() -replace '[^\x20-\x7E]', '' -replace '[^\w\s.*-]', '' -replace '\s+', '-'
}

# Replace multiple hyphens with a single hyphen
$firstCN = $firstCN -replace '-+', '-'

# Skip certificates without a CN
if ([string]::IsNullOrWhiteSpace($firstCN)) {
continue
}

# Use the first CN as the name
$name = $firstCN

# Calculate the number of days until the certificate expires
$daysUntilExpiry = ($cert.NotAfter - (Get-Date)).Days

# Format the output based on days until expiry
if ($daysUntilExpiry -gt 14) {
Write-Host "0 `"cert-store-$name`" - NotAfter-Date: $($cert.NotAfter) - The cert will expire in $daysUntilExpiry days"
} elseif ($daysUntilExpiry -le 14 -and $daysUntilExpiry -gt 7) {
Write-Host "1 `"cert-store-$name`" - NotAfter-Date: $($cert.NotAfter) - Warning the cert will expire in $daysUntilExpiry days"
} elseif ($daysUntilExpiry -le 7 -and $daysUntilExpiry -ge 0) {
Write-Host "2 `"cert-store-$name`" - NotAfter-Date: $($cert.NotAfter) - Warning the cert will expire in $daysUntilExpiry days"
} elseif ($daysUntilExpiry -lt 0) {
Write-Host "2 `"cert-store-$name`" - NotAfter-Date: $($cert.NotAfter) - Warning the cert is expired!"
}
}

# Close the certificate store
$store.Close()
} catch {
#Write-Host "Failed to open store: $storeName" -ForegroundColor Red
}
}

#Write-Host "Certificate enumeration completed." -ForegroundColor Green


--------------------------------------------

> place the script in: C:\ProgramData\checkmk\agent\plugins
> modify the check_mk.user.yml:

plugins:
enabled: yes
execution:
- pattern : '$CUSTOM_PLUGINS_PATH$\check_cert_store.ps1'
async : yes
run : yes
cache_age : 86400

> restart the checkmk service!
> view the output of the checkmk agent to see if the values are cached
https://github.com/s10l/deye-logger-at-cmd/releases

download deyeat.exe and run it,

example:

C:\Users\mgreger\Downloads\windows_amd64>deyeat.exe -t 10.20.4.132:48899 -xv
2024/08/01 12:55:50 * Connecting :0 -> 10.20.4.132:48899...
2024/08/01 12:55:51 > WIFIKIT-214028-READ
2024/08/01 12:55:52 < 10.20.4.132,402A8F035FBE,3936670022
2024/08/01 12:55:52 > +ok
2024/08/01 12:55:53 > AT+WAP
2024/08/01 12:55:54 < +ok=11BGN,AP_3936670022,AUTO
2024/08/01 12:55:54 > AT+WAKEY
2024/08/01 12:55:55 < +ok=WPA2PSK,AES,12345678
2024/08/01 12:55:55 > AT+WSSSID
2024/08/01 12:55:56 < +ok=mgkfz
2024/08/01 12:55:56 > AT+WSKEY
2024/08/01 12:55:57 < +ok=WPA2PSK,AES,wlan-key
2024/08/01 12:55:57 > AT+WANN
2024/08/01 12:55:58 < +ok=DHCP,10.20.4.132,255.255.255.0,10.20.4.1
2024/08/01 12:55:58 > AT+WEBU
2024/08/01 12:55:59 < +ok=username,password
2024/08/01 12:55:59 AP settings
2024/08/01 12:55:59 Mode, SSID and Chanel: 11BGN,AP_49366733022,AUTO
2024/08/01 12:55:59 Encryption: WPA2PSK,AES,12345678
2024/08/01 12:55:59 Station settings
2024/08/01 12:55:59 SSID: myssid
2024/08/01 12:55:59 Key: WPA2PSK,AES,mypassword
2024/08/01 12:55:59 IP: DHCP,10.20.4.132,255.255.255.0,10.20.4.1
2024/08/01 12:55:59 Web settings
2024/08/01 12:55:59 Login: username,pwd
2024/08/01 12:55:59 > AT+Q
2024/08/01 12:56:00
C:\ProgramData\checkmk\agent\log
nice tool to read out lldp (link level discovery protocol) data:
- LDWin: https://github.com/chall32/LDWin?tab=readme-ov-file

- or just use wireshark and filter for "lldp" ;-)
NTRadPing ist a cool old Radius test utility, that can be downloaded on several places. I just used it - version 1.5 from 2003 on Windows 11 ;-)

if you need to add some new Radius Attributes to the dictonary, here is an example.

dictonary file is: raddict.dat

example of some HP / Aruba specific attributes, just add this lines a the end of the file and restart NTRadPing Test Utility:

ATTRIBUTE Port-MA-Port-Mode 14 integer HP
VENDOR Aruba 14823
ATTRIBUTE Aruba-Port-Auth-Mode 50 integer Aruba
pre 2.3.0: directory: /opt/omd/sites/<site>/lib/check_mk/base/plugins/agent_based
post 2.3.0: direcotry: /opt/omd/sites/<site>/lib/python3/cmk/base/plugins/agent_based

change the following line:

if section.reboot_required:
yield Result(state=State.OK, summary="Reboot required to finish updates")

>> restart the cmk site!
turn on ldap directory logging:
------------------------------------------------
Reg Add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics /v "16 LDAP Interface Events" /t REG_DWORD /d 2

Reg Add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Directory Service" /v "MaxSize" /t REG_DWORD /d "2147483648"

(2147483648 = 2GB)

ldap test tool:
------------------------------------------------
C:\Windows\SYSTEM32\ ldp.exe


=====================================
https://blog.it-koehler.com/en/Archive/2951

computer2know :: thank you for your visit :: have a nice day :: © 2024