Disable SMB1 on Windows

Posted on June 28, 2017 by Thomas.Marcussen

Disable SMB1 on Windows

To defend yourself against WannaCrypt and other ransomware it is imperative that you disable SMB1 as well as install the patches released by Microsoft.

Open Control Panel > Programs & Features > Turn Windows features on or off.

In the list of options, one option would be SMB 1.0/CIFS File Sharing Support. Uncheck the checkbox associated with it and press OK.

You can also use powershell

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 0 –Force

On Windows servers you can use the Powershell command: Remove-WindowsFeature FS-SMB1

Protect Yourself Against Petya Ransomware

Posted on June 28, 2017 by Thomas.Marcussen

The malware requires administrator rights to the local computer. Standard users should not have this in permission. Consider restricting who has local admin rights to prevent execution of exploit code within organisations. Home users should also consider using a Standard User Account for day-to-day operations.

Access Director can help you by removing permanent local admins.

Recommendations for Enterprises

Deploy the latest Microsoft patches, including MS17-010 which patches the SMB vulnerability.
Consider disabling SMBv1 to prevent spreading of malware.
Educate end-users to remain vigilant when opening attachments or clicking on links from senders they do not know.
Ensure you have the latest updates installed for your anti-virus software.
Ensure you have backup copies of your files stored on local disks. Generally, user files on local drives are replicated from a network share
Prevent users from writing data outside of designated areas on the local hard disk to prevent data loss if attack occurs.
Operate a least privileged access model with employees. Restrict who has local administration access.

Petya does not encrypt files. it encrypts the Master File Table, which is the index of where all the files are stored on a hard disk drive.

“Petya uses the NSA Eternalblue exploit but also spreads in internal networks with WMIC and PSEXEC. That’s why patched systems can get hit.”
Mikko Hypponen confirms, Chief Research Officer at F-Secure.

PT Security, a UK-based cyber security company and Amit Serper from Cybereason, have discovered a Kill-Switch for Petya ransomware. According to a tweet, company has advised users to create a file i.e. “C:\Windows\perfc” to prevent ransomware infection.

Installing PHP for IIS Using Microsoft Web Platform Installer Offline

Posted on June 20, 2017 by Thomas.Marcussen

You may need to install PHP for IIS using the offline installer

Download and install the Microsoft Web Platform Installer to a computer that has Internet access and to the server where PHP is to be installed. from http://php.iis.net
Create a local folder for the WebInstallerCache
WebPICMD.exe /List /ListOption:All >C:\TEMP\WebPIOffline\Products.txt
Review the Products.txt for needed products to install.
I needed PHP54, PHPManager and SQLDriverPHP54IIS
Run the following commands from the computer with internet access
1. WebPICMD.exe /Offline /Products:PHP54 /Path:C:\TEMP\WebPIOffline
2. WebPICMD.exe /Offline /Products:PHP54 /Path:C:\TEMP\WebPIOffline
3. WebPICMD.exe /Offline /Products:PHP54 /Path:C:\TEMP\WebPIOffline
Copy the WebPIOffline folder to the server without internet access
Run the following commands from the computer without internet access to install the products
1. WebPiCmd.exe /Install /Products:PHP54 /XML:C:\WebPIOffline\feeds\latest\webproductlist.xml
2. WebPiCmd.exe /Install /Products:PHPManager /XML:C:\WebPIOffline\feeds\latest\webproductlist.xml
3. WebPiCmd.exe /Install /Products:SQLDriverPHP54IIS /XML:C:\WebPIOffline\feeds\latest\webproductlist.xml

Products should now be installed and you can continue with your configuration

Install Spotify for Kodi (Krypton Jarvis)

Posted on June 11, 2017 by Thomas.Marcussen

I prefer to use Kodi on my Raspberry pi, its simple and running very well.
Unfortunately there is no native support for Spotify – Marcel van der Veldt to the rescue.

Marcel put up a nice music add-on for Spotify, it even works very will with Spotify Connect/Streaming devices.

Download and copy the Marcelveldt Repository zip file to your Kodi box
Open Kodi -> System -> Add-ons – > Install from zip file (if you copyed to another folder then the repository folder, the use “browse in root file system”)
Install and wait for add-on enabled notification
Go to install add-on from repository and select Marcelveldt’s Beta Repository.
Select Music Add-ons
Select Spotify
Select Install
Wait for add-on enabled notification
Select Spotify
Select Configure
Add your Spotify username and Password
Reboot

..And you’re done! 🙂

You can access your Spotify playlists from music add-ons.
Your device will also be visible for streaming to/from – I tested it from my iPhone 7, works great! 🙂

Multiple subdomains with LetsEncrypt? YES!

Posted on June 9, 2017 by Thomas.Marcussen

Need to add multiple subdomains with LetsEncrypt?
maybe Certificate for WWW and non-WWW?

do a dry run, to test it

./certbot-auto certonly -d originaldomain.com -d www.originaldomain.com -d new.originaldomain.com -d new2.originaldomain.com -d new3.originaldomain.com –dry-run

I tested it with apache2 works great!

Windows 10 hangs after patches May/17 (Windows Defender & Trend Micro)

Posted on May 29, 2017 by Thomas.Marcussen

There seems to be an issue with Trend Micro and Windows Defender after Windows/ Defender patches has been applied.

The quick workaround is to deploy are registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
The dword value should be 1: DisableAntiSpyware

In case it does not exist, go ahead and create it.
Restart and you should see things start working again.

If you have the issue, you should be able to deploy it using Group Policy Preferences.

NOTE: You can also enter safe mode and create the needed key.

Reference links:

https://technet.microsoft.com/en-us/library/cc749126(v=ws.10).aspx

https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus

https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode

ConfigMgr 2012 Application Catalog Web Service Point broken after OS upgrade

Posted on May 5, 2017 by Thomas.Marcussen

Upgrading your ConfigMgr from Windows Server 2008 R2 to Windows Server 2012 R2 ?
I have had a couple of cases, within the past moth.

.NET seems to break after the OS upgrade.
During some troubleshooting on a not working Application Catalog Web Service Point

Clients with new software center, did show some applications (but only a few/old from a synchronisation before the upgrade)
Trying to access Application Catalog Web Site gave an error:
Cannot Connect to the application server
No errors in the Application catalog website or service point installation files

So if we dig in to <CMInstallDrive>:\Program FIles\SMS_CCM\CMapplicationCatalogSVC\Logs\ServicePortalWebService.log did show some error:

[11, PID:7048][05/04/2017 12:12:23] :System.TypeLoadException: Could not load type ‘System.Runtime.Diagnostics.ITraceSourceStringProvider’ from assembly ‘System.ServiceModel.Internals, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’.

The error is related to broken/corrupt .NET

The solution:
Download and install: Microsoft .NET Framework 4.5.2 (Offline Installer)

Cloud Client Management Updates 17-04-2017

Posted on April 17, 2017 by Thomas.Marcussen

The long awaited UI is finally scheduled to release.

The UI features a small set of changes, but with simplified navigation and user friendly pages.

Improvements:

Navigation added
Limited posts pr page
User friendly search and navigation bar

All portals will be updated within april.

Powering multiple USB devices

Posted on April 16, 2017 by Thomas.Marcussen

Powering devices trough USB is getting more and more common.
If you, like me, have multiple devices like Raspberry PI, Thinker Board, mfi etc etc.

You might want to use one single device to power them all, but what to use?
I’ve tried a few now, some of the devices not delivering the needed effect to the devices, unfortunately.

I ended up with a 50W 10 Ports USB Power supply.

Specifications:

Output: 5.0v-10A (each 2,4 max)
Input: 100-240VV -1.4A 50Hz-60Hz)
Model: XBX09L

its most commonly referred to as a traveling adapter, but works like a charm in your home “datacenter” or for charging multiple devices in your household.

My Setup:

I’m powering 5 Raspberry Pi’s (RPI3), 1 Tinker Board and 1 mFi Port.
For now its been running for 2 months with no issues or power cycles needed.

The Device:

The OEM model is £10 off ebay.

Also available on Amazon

Plug: EU/UK/US/AU
Color: Black/White

MCT Program Update: Office365

Posted on February 28, 2017 by Thomas.Marcussen

We are super excited to announce that MCT Software & Services subscription now includes a non-trial version of Office 365 Enterprise Developer. Many of you have been waiting for this for a long time and we have made it happen for you. Office 365 is no longer a one year free trial version. This is effective immediately.

Office 365 Enterprise Developer includes:
• Exchange Online
• Flow for Office 365
• Microsoft Planner, Microsoft Teams
• Mobile Device Management for Office 365
• Office 365 ProPlus
• Office Online for Developer
• PowerApps for Office 365
• SharePoint Online for Developer
• Skype for Business Online

Thomas Marcussen

Everything System Center Professional with a passion for technology

Disable SMB1 on Windows