Archive for category BTP

Powershell: The term ‘Get-ADUser’ is not recognized as the name of a cmdlet (SBS 2008)

We have immense power over our servers with Powershell.

There is so much we can do, or in the case of SBS 2008 (Powershell 2), a lot we wish we could do. I am trying to get a lot of info our of an AD in preparation of moving to a new domain controller. None of my AD scripts work. e.g.

  • Get-ADComputer
  • Get-ADUser

I am constantly getting “The term ‘blah’ is not recognized as the name of a cmdlet”.

Grrr.

After lot’s of reading and playing about, I got what I needed. I was able to install Active Directory Web Service on the machine and then use RSAT on a secondary computer.

So what do you do ?

Let’s start with Server 2008 R2 

You need to have installed

  • Active Directory Domain Services
  • Active Directory Module For Windows PowerShell
  • Active Directory Web Services

Run this at the Powershell commandline

>Import-Module ServerManager
>Add-WindowsFeature RSAT-AD-PowerShell
>import-module activedirectory

You should now be ready to go

Server 2008 or 2003

You need to install this hotfix. The links for this are hard to get working as Microsoft released this patch to only those that actually need it. It has not had very wide testing and has not been checked for what else it could break.
https://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=2852

Install the Active Directory Management Gateway Service (Active Directory Web Service for Windows Server 2003 and Windows Server 2008)

Install RSAT on another PC (Windows 7, Windows 10 will be fine)

In powershell

>import-module activedirectory

You should now be ready to go

SBS 2008

Trying to install Active Directory Web Service for Windows Server hotfix as per the above outline, fails. You can try the 32 bit or 64 bit version and it will tell you it is not compatible.

You need to have the file NDP35SP1-KB969166-x86.exe, install it and reboot.

(KB 969166)

It will not install. What can you do? If you really need to get this hotfix installed (Warning, it is not fully tested) then here is a work around.

md c:\temp\AD_Management_Web
expand -F:* “Windows6.0-KB968934-x64.msu” c:\temp\AD_Management_Web
cd c:\windows\system32
start pkgmgr.exe /ip /m:c:\temp\AD_Management_Web\Windows6.0-KB968934-x64.cab

Reboot

Install RSAT on another PC (Windows 7, Windows 10 will be fine)

In powershell

>import-module activedirectory

You should now be ready to go

Useful links

http://thehotfixshare.net/board/index.php?autocom=downloads&showfile=20160

https://powershell.org/forums/topic/ad-module-on-sbs-2008/

Tags: , ,

Mstsc.exe (Remote Desktop) prompts for RD Gateway Server credentials over and over

.. or RDCMan (Remote Desktop Connection Manager) crashes to a Windows Error.

So, I have two annoying issues. They have been with me for over 12 months and no amount of Googling or talking to others about it seemed to fix anything. I gave up.

Recently, I got fed up with it again and had a fresh look and a fresh Google. Finally, fixed.

For others this might be old news, but as it took me ages to find this, I thought I would document it.

Symptom one

Open Mstsc, put in the server name, go to the Options, Advanced and setup Connect from anywhere. Setup an RD Gateway server. Return to the main logon and connect.

It pops up for credentials to access the RD gateway. You put them in, click continue. It goes away and thinks. Comes back and pops up the window for the credentials to access the RD gateway. The username and password boxes are blank again. Again, fill them in, connect. It goes away and thinks. Comes back and pops up the window for the credentials to access the RD gateway. I am in a loop. Leave the boxes empty, connect, It goes away and thinks. Comes back and pops up the window for the credentials to access the RD gateway. Press Cancel, It goes away and thinks. Comes back and pops up the window for the credentials to access the RD gateway.

I can’t get out of this without using Task manager and killing mstsc.exe

Symptom two

In conjunction with this, when I RDP direct to a machine, it pops up the certificate warning message, click ok, “Windows has caused an error” and Mstsc.exe exits. No amount of trying, gets me in.

Symptom three

When I use Remote Desktops Connection Manager (RDCMAN) and I add a new server, tell it the RD gateway settings, then try and connect, it crashes.

 

Direct RDP via Rdcman seems to work fine.

Environment

  • Windows 10 Home
  • Latest RDP version from Windows Updates
  • Latest Rdcman I could find
  • Connecting to Windows 7, Windows 10, server 2008, 2008R2, 2012, 2016 and 2019 via RD Gateways

What was the cause?

Incorrect use of NTLM by my Windows 10 Home PC.

There are two ways to address this.

Windows 10 Home

Firstly, I have Windows Home. I lack the local Security MMC console so, I had to make my changes by the Registry.

All changes in the registry carry risks. Please be sure to backup your registry. Please only change what I mention here. If you are at all doubtful, back away from the keyboard !

Go to start > run (Right click the Windows icon on the left hand side, select Run)

Type: “regedit” and press enter.

After making a backup, navigate to the following key: HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Lsa

Modify the following key: “LmCompatibilityLevel” by double clicking on it, then change the value to 3

If that key does not exist:
right-click in the right pane, then select New > DWORD (32-bit value)
Type in: LmCompatibilityLevel
Double-click on the new value, and set it to 3 (Hexadecimal)

Now close Regedit. Wait for time for the changes to apply. Try Mstsc and see how it goes !

Windows 10 Pro

Go to start > run (Right click the Windows icon on the left hand side, select Run)

Type: “gpedit.msc” and press enter.

Go to Computer Configuration\Windows\Settings\Security Settings\Local Policies\Security Options – Network security: LAN Manager authentication level

set item to “Send NTLMv2 response only/refuse LM & NTLM”

(I ended up having to set it to Send NTLMv2 only).

Exit Gpedit.

Go to start > run (Right click the Windows icon on the left hand side, select Run)

Type: ” gpupdate /force” and press enter.

Gpedit on Windows 10 Home

ok, so when using Gpedit, there were some cool settings I wish I could use on my Windows 10 Home PC.

Can’t I get Gpedit on Windows home ?

Yes, you can.

You can download the Gpedit installer here

If you have 32-bit Windows (x86) then the setup should install smoothly without any problems and you should be able to access the Group Policy Editor through the Microsoft Management Console by going to Run –> gpedit.msc.

(You can check if you are 32 bit by going to Run –> Control,  Once in Control Panel go to “All Control Panel Items” and “System”. Here will be the name of your computer and a lot more into including what you need to know).

If you have 64-bit Windows (x64) then you will need some extra steps after running the installer. Follow the steps below after running the installer:

  1. Go to C:\Windows\SysWOW64 folder
  2. Copy the following folders and files from C:\Windows\SysWOW64 to C:\Windows\System32
    GroupPolicy“, “GroupPolicyUsers” and gpedit.msc.

You might be prompted to overwrite empty folders “GroupPolicy“, “GroupPolicyUsers

now go to the Widows 10 Pro instructions above and it will work the same.

Resources

some helpful links for you

https://social.technet.microsoft.com/Forums/ie/en-US/1383007d-677a-4e3e-83f0-a11869a2ac25/rds-server-remote-app-prompting-for-password-repeatedly?forum=winserverTS

https://www.tenforums.com/general-support/111678-local-security-policy-editor-not-found.html

https://www.itechtics.com/enable-gpedit-windows-10-home/

https://support.gotomyerp.com/portal/kb/articles/receiving-a-remoteapp-disconnected-upon-connection

Tags: , ,

South Australia Government – Small Business Resilience

I have had the pleasure of sitting in the group of South Australian Government officials designing the Small Business Resilience plan.

Their hearts are in the correct places and they really want to help however lack the experience with Small Business to be able to relate.

They have recently discovered that Resilience means little to Small Business. They need a new word. I have suggested Disaster planning, Risk management and a few others.

This plan needs to cover everything from

  1. My storefront had to closed as they have closed the street for work for a week.
  2. I lost power for a day
  3. I lost internet for a week
  4. My staff could not get to work due to an issue their end (maybe a fire in the hills)
  5. Our data went missing
  6. I got Ransomware
  7. I got hacked
  8. My office had to close due to
    • fire
    • flood
    • vandalism
    • dangerous chemical
    • etc

and many more examples of things that can affect a Small Business.

We have had floods up North, fires in the plains and hills. Staff have been unable to get to work.

Do you have enough money laying about to pay staff if you are closed for a few weeks ?

Do you have

  • Cyber insurance ?
  • backup generator ?
  • backup batteries?
  • backup internet?
  • backup file solution?
  • backup funds?
  • a second place to carry on Business?
  • a way to redirect your phones ?

Love to get your feedback and pass your thoughts along.

This project includes various Fire departments, SES, emergency finance and many government bodies.

Get your voice heard !

Tags: , , , , ,

NSA provides a Game Changer ?

The NSA have released GHIDRA 9.0 — Free, Powerful Reverse Engineering Tool for malware and finding bugs.

“The United States’ National Security Agency (NSA) today finally released GHIDRA version 9.0 for free, the agency’s home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade to hunt down security bugs in software and applications.”

https://ghidra-sre.org/

There are a few ways I look at this.

  • Some people are going to download this, have some fun and get themselves into a whole heap of trouble.
  • Some people will download it, it will be beyond what they understand and it will be shelved.
  • The rest of us will download it and hopefully be impressed and suddenly all the interested IT MSP’s, resellers and general community are better prepared (If this is up to expectation).This may well mean the average person will start decompiling malware and figuring it out.This may level the playing field.

I am downloading it now and will see what it can do.

See how it works https://youtu.be/xDyLy0zLV7s

 

 

 

Tags: , ,

Does anyone know who BTPSUPPORT are ? (As appears on Credit Card statements)

I own a company with the Initials BTP. Business Technology Partners Pty Ltd. (BTP for short).

These initials are incorrectly being associated with a possible scam.

Yes, we provide IT Support. If you Google search BTP Support (From a browser in Australia) or BTPSUPPORT, you get our business listings and from looking through the list of hits, we appear to be the only company linked to those keywords. People are finding payments on their credit card statements to BTPSUPPORT. This is not us.

Completing an Australian Company name (ABN/ACN) search for BTPSUPPORT/BTP Support as a company name or trading name finds no match.

If you Google “BTPSUPPORT” Credit card The listings then contain mentions of Credit cards being scammed low amounts. The card statements say “BTPSUPPORT 0800-73-6951 ” and “BTP SUPPORT 0800736951CYP”.

I have found an expired domain called www.btpsupport.com and I can see lots of people call themselves BTP (Worldwide).

I assure you, Business Technology Partners Pty Ltd of Australia has nothing to do with BTPSUPPORT. If you get such charges on your Credit card statement, I would be keen to know. Have you made any small purchases from eBay? Maybe from the iTunes store or Google Play Store ?

If you cannot recall buying any ring tones online or other small items and believe the charge to be fraudulent, contact your bank. Put in a dispute. The only way to stop these people, if indeed they are inappropriately charging, is to go via the banks following their process.

  • There is a BTP Support page for btpuk.com/btp.help, whom are not associated with us.
  • There is btpaustralia.com.au, whom is not related to us.
  • TheBenchtopPRO.com has a BTPSUPPORT email address and not related to us.
  • BTP also means British Transport Police
  • BTP Group (An AusDrill Company) in Australia, is not related to us.
  • www.btp.net is not related to us.
  • BTP Shopify plugin (Business Tech Pro) is not related to us.
  • btptek.com is not related to us.
  • btpi.com is not related to us.
  • We are not associated with BitCoinPro (BTP)

If anyone does work out who this is (we have had numerous people contact us whom have been debited) then we really would like a message from you.

Thank you

 

HP laptop with Random beeps

We have a laptop which randomly beeps. Three beeps. We have solved the problem but in case others have it, here is the description.

It is a HP EliteBook 9480m running Windows 7 (but that is not relevant).

We had HP change the Battery, Keyboard, mainboard and more. Still beeps. Booted into Safe mode, beeps.
Run all kinds of HP diagnostics, nothing appears to be wrong. Imaged the contents to another EliteBook 9480m laptop. It does not beep.

Back to the beeping laptop, uninstall any HP software (It was a fresh Windows install). Still beeps.

Tested the beep character at the command line, it sounds different. Tested the beep through the sound card, it sounds different. It sounds like a BIOS default beep.

Disable the Beep device and the sound card. Still beeps.

Started to listen to where it was coming from, there are no speakers near there.

It was the hard disk. If you listen very carefully you could hear a short mechanical sound and then Beep. The beep sounds so much like a BIOS beep, we were totally onto the wrong track. Does the hard disk have a tiny speaker ? Doubt it. I suspect the arm in the hard drive is making a noise that sounds like a beep.

how weird.

Now I look online knowing this and find many others point to the hard disk.

I guess after the fact, it is always easier to google and find answers, knowing the final fault 🙂

 

 

Tags: , , ,