Opening an Elevated Command Prompt (Windows Server)

There are many instances when you want to open an elevated (admin) command prompt in Windows Server.  Normally this is really easy: right-click on the icon and select "Run as administrator".

But what do you do when you can't right-click, you are running in "core" mode, or the GUI isn't running properly?  Well, PowerShell to the rescue...

If you can open PowerShell, type:
       Start-Process cmd -Verb RunAs

If you can't, but can open a (none-admin) command prompt, type:
       Powershell -Command "Start-Process cmd -Verb RunAs"

You may get a UAC prompt, but essentially this will open an elevated command prompt.

Note:  This has been tested in Windows Server 2008, 2012 and 2016.

Generating a File Hash

Sometimes there is a need to generate a hash for a specific file.  Maybe this is so you can assure others that the file is the original, maybe you want to compare it to a file you've downloaded, and sometimes you may need to enter a file hash into some software (e.g. Whitelisting).

There are tools you can download to do this, but handily PowerShell has a command that will do all this for you.  The command is simply "Get-FileHash":

Get-FileHash [-Path] <String[]> [-Algorithm <String>] | Format-List

Where:

• -Path is simply the path of the file for which you want to generate a hash
• -Algorithm is the specific hash you want to generate (defaults to SHA256), possible parameters for this option are:
• SHA1
• SHA256
• SHA384
• SHA512
• MACTripleDES
• MD5
• RIPEMD160

Disable McAfee Solidcore from the Command Line

If you have a locally managed installation of McAfee, or have somehow lost the McAfee Agent connection to the ePO server, it may be necessary to remove/disable the Solidcore software from a command line.  To do this:

1) Open an elevated Command Prompt
2) Type sadmin recover
3) When prompted enter the "ePO Console" password
[The default password is "solidcore" - without the quotes]
4) Type sadmin disable
5) Type sadmin status
This should return two results:
McAfee Solidifier: Enabled
McAfee Solidifier on reboot: Disabled
6) Reboot the machine, and Solidifier will now be disabled

You can then uninstall Solidcore as per normal.

For other uses of the sadmin command, type sadmin help at the command prompt.

RAID

The next time someone asks you why you aren't using RAID5, here are a list of articles detailing why RAID5 is bad, and RAID10 is the way to go.

http://www.smbitjournal.com/2012/12/the-history-of-array-splitting
http://www.smbitjournal.com/2012/11/one-big-raid-10-a-new-standard-in-server-storage
http://www.smbitjournal.com/2012/11/choosing-raid-for-hard-drives-in-2013
http://www.smbitjournal.com/2012/11/choosing-a-raid-level-by-drive-count
http://www.smbitjournal.com/2012/11/hardware-and-software-raid
http://www.smbitjournal.com/2012/08/nearly-as-good-is-not-better
http://www.smbitjournal.com/2012/07/hot-spare-or-a-hot-mess
http://www.smbitjournal.com/2012/05/when-no-redundancy-is-more-reliable
http://www.smbitjournal.com/2011/09/spotlight-on-smb-storage
http://www.zdnet.com/blog/storage/why-raid-6-stops-working-in-2019/805
http://www.zdnet.com/blog/storage/why-raid-5-stops-working-in-2009/162
http://queue.acm.org/detail.cfm?id=1670144

Remove McAfee Agent

There are times when it is impossible to remove the McAfee agent from a machine when it is in "Managed Mode". You'll attempt to, but the appropriate error message will be displayed.

To get around this issue, the agent needs to be uninstalled via the trusty Command Line:

1) Open a command prompt
2) Change directory to the McAfee Framework directory:
   a) For 32-bit systems: cd "C:\Program Files (x86)\McAfee\Common Framework"
   b) For 64-bit systems: cd "C:\Program Files\McAfee\Common Framework"
3) Execute the Following Command: frminst.exe /remove=agent 

In most instances, this uninstalls the McAfee Agent.  However, at the very least, it will place the Agent in "Unmanaged Mode", meaning it can now be uninstalled via "Control Panel" / "Programs and Features".

If all else fails, and I do mean ALL ELSE, you can follow the steps in this McAfee KB Article:
https://kc.mcafee.com/corporate/index?page=content&id=KB75902

MAC Randomisation

MAC Randomization (sic) is a feature in Windows 10 that can be activated to prevent your location being tracked using your MAC address.  This can be a useful feature, especially for the more paranoid amongst us.  However, ensure that your connection is not locked to your specific MAC address before activating this feature.

To turn on MAC Randomization:

1) Open the "Settings" app
2) Select "Network & Internet"
3) Under the WiFi section, select "Advanced Options"
4) Turn on the "Random Hardware Address" feature

That's it, you're done.

Disable Network Bridging

Sometimes a Workstation or Server has multiple network interfaces (because it's common to dual home servers right?).  Since a network bridge allows a Layer 2 connection between two or more physical network segments, allowing data to be shared across networks, this is something that should often be avoided.

One way to accomplish this is via a Firewall (built-in or an additional piece of hardware).  However, the ability to create a bridge can be disabled using Group Policy, and it is this mechanism that is detailed below.

Steps to enable/disable network bridging in Group Policy:
1) Create a new Group Policy Object (or choose the appropriate existing policy) and open for editing
2) Under the "Computer" section, navigate to: Policies / Administrative Templates / Network, and Network Connections
3) Open the "Prohibit installation and configuration of Network Bridge on your DNS domain network" setting
4) Set the policy as required:
    a) To prevent a network bridge being created, click "Enabled"
    b) To allow a network bridge to be created, click "Disabled"
5) Save the Group Policy
6) Apply the Group Policy to the relevant OU/Computer within your Active Directory structure.