Windows Updates can be run using a standard batch script. Do so using the wusa.exe is the command that runs updates that you specify. These updates are run using the wusa command, nested inside the Windows directory (%WINDIR%\SysNative to be exact). To run, specify the path to the package you’d like to install. In this case, I’ve mapped a drive to my updates, and placed each in a directory named after the update ID. To run, just run with the path to the .msu file: wusa.exe U:\2862152\Windows8.0-KB2862152-x86.msu To then uninstall the package (if you dare), use the /uninstall option. In this command, you don’t need to provide the path, only…
-
-
Resolve 530 5.7.1 Client was not authenticated Error In Exchange 2010-2012
When working on mail flow issues, one of the first troubleshooting steps with any mail server is to try and telnet into port 25 of the server. Exchange has an error, 530, that says that the smtp connection wasn’t authenticated. If you’re trying to relay through an Exchange server, that’s a good thing, as you wouldn’t want an open relay. However, if you’re trying to relay to an Exchange server, that’s not such a good thing. So let’s look at what this symptom looks like. First we try and telnet into port 25 of the server: telnet exchange.krypted.com 25 Which shows the following: 220 exchange.krypted.com Then we say hi: Helo…
-
Rename a Windows 2012 Server Using PowerShell
When you are creating a bunch of Server 2012 Virtual Machines (or physical machines for that matter) it is helpful to programmatically change their names. To do so, use the Rename-Computer PowerShell cmdlet followed by the name you want the computer to have, as follows (assuming a name of 2012.krypted.com): Rename-Computer 2012.krypted.com Before you do anything else (e.g. bind to AD) you should then reboot the host, using the Restart-Computer cmdlet: Restart-Computer
-
Creating Users On Windows Server 2012 Using PowerShell
Scripting user creation in Windows Server is something we’ve long done using LDIF files; however, when building a system that creates users in more of a one-off capacity it’s pretty easy to script the creation process using PowerShell, piping information in from other solutions. To create a user, use the New-ADUser cmdlet. I’ve found that we usually need to populate this with a few pieces of information, including the account name (SamAccountName), the password (AccountPassword), the full name (name) enabling the account (enabled), setting the password not to expire (PasswordNeverExpires) and forcing the user to change their password when they log on (ChangePasswordAtLogon). Respectively, the following example would create user…
-
Change MTU in Windows Server
When we transfer certain amounts of data in a packet we might cause that packet to fragment. The less fragmentations without requiring a collision or a re-send of a packet, the more efficient network traffic can be. The MTU defines the packet size. Different types of data or network links respond differently. To change the MTU on a Windows Server we’re going to use the netsh command. First, we’re going to use ping to ping a host on our network, using -f and then -l which allows us to define the MTU size. In this case we’re going to use 1500: ping https://krypted.com/ -f -l 1500 We should get an…
-
Secure Erase In Windows Server
The Cipher tool can overwrite deleted data in much the same way the Secure Empty Trash or Secure Erase options work in OS X. To do so, use the cipher command along with the /w switch while all programs on the system are quit. Then, from a command prompt use the /w switch followed by : and then the path to the location you’d like to overwrite. For example, if you deleted a folder from the c:/MYAPPDATA folder, you would use the following to remove data not allocated to files or folders: cipher /w c:/MYAPPDATA Note: The cipher command permanently removes data and so takes awhile according to the amount…
-
Setting Up Active Directory In Windows Server 2012
Installing Active Directory services is arguably one of the first things done on many a Windows Server. And for well over a decade you could unbox, update, run dcpromo and be done with much of that. While the wizards are still there, in the case of Windows Server 2012, the process has changed ever-so-slightly. To install a domain controller in Windows Server 2012, start with Server Manager. This new tool is the place where you start many a process in a Windows Server now, and Active Directory is no different. To get started, first open Server Manager. From Server Manager, click on the Manage menu and select Add Roles and…
-
Create An SMTP Tar Pit In Windows Server/Exchange
Windows Server has a role that it can run in SMTP. Exchange and other services use this role to relay mail. There is a type of attack against a mail server that revolves around effectively performing a Denial of Service (DoS) against Exchange by sending massive quantities of mail to the server and forcing it to send Non Delivery Reports (NDRs) from the mail you’ve sent the server. This is known as an NDR Flood Attack. You can also leverage what’s known as a Directory Harvest Attack to get a server to respond to each possible combination of characters for addresses on domains running on an Exchange server. A Directory…
-
Put an ESX Virtual Machine Into Safe Mode
Sometimes you need to boot a system into Safe Mode. But with a virtual machine you don’t have enough time to put a Windows system into Safe Mode. To put a normal system into safe mode, you can just hit the F8 key when Windows is booting. But with a virtual machine the BIOS screen is by default set to go away in 0 settings. Therefore, you need to add a boot delay to mimic a physical host. To get a virtual machine in ESX to have such a boot delay, view all the virtual machines and then right click on the virtual machine you need to configure a delay…
-
Adding Roles In Windows Server 2012
Out of the box a Windows Server 2012 isn’t really that helpful. But luckily, it has these things called Roles. Roles are things like Hyper-V, File Sharing, Windows Update Services, Web Server, etc. Each role then has a collection of services that it can run as well, within the Role. Roles include (borrowing from Microsoft here): Active Directory Certificate Services Overview This content provides an overview of Active Directory Certificate Services (AD CS) in Windows Server 2012. AD CS is the server role that allows you to build a public key infrastructure (PKI) and provide public key cryptography, digital certificates, and digital signature capabilities for your organization. Active Directory Domain Services Overview By…