Monday, 1 May 2017

Generating a File Hash

Sometimes there is a need to generate a hash for a specific file.  Maybe this is so you can assure others that the file is the original, maybe you want to compare it to a file you've downloaded, and sometimes you may need to enter a file hash into some software (e.g. Whitelisting).

There are tools you can download to do this, but handily PowerShell has a command that will do all this for you.  The command is simply "Get-FileHash":

 Get-FileHash [-Path] <String[]> [-Algorithm <String>] | Format-List

Where:

  • -Path is simply the path of the file for which you want to generate a hash
  • -Algorithm is the specific hash you want to generate (defaults to SHA256), possible parameters for this option are:
    • SHA1
    • SHA256
    • SHA384
    • SHA512
    • MACTripleDES
    • MD5
    • RIPEMD160
Posted by at 2 comments:
Labels: , ,

Tuesday, 28 February 2017

Disable McAfee Solidcore from the Command Line

If you have a locally managed installation of McAfee, or have somehow lost the McAfee Agent connection to the ePO server, it may be necessary to remove/disable the Solidcore software from a command line.  To do this:

1) Open an elevated Command Prompt
2) Type sadmin recover
3) When prompted enter the "ePO Console" password
[The default password is "solidcore" - without the quotes]
4) Type sadmin disable
5) Type sadmin status
This should return two results:
McAfee Solidifier: Enabled
McAfee Solidifier on reboot: Disabled
6) Reboot the machine, and Solidifier will now be disabled

You can then uninstall Solidcore as per normal.

For other uses of the sadmin command, type sadmin help at the command prompt.
Posted by at 4 comments:
Labels: , ,

Friday, 3 February 2017

RAID

The next time someone asks you why you aren't using RAID5, here are a list of articles detailing why RAID5 is bad, and RAID10 is the way to go.

http://www.smbitjournal.com/2012/12/the-history-of-array-splitting
http://www.smbitjournal.com/2012/11/one-big-raid-10-a-new-standard-in-server-storage
http://www.smbitjournal.com/2012/11/choosing-raid-for-hard-drives-in-2013
http://www.smbitjournal.com/2012/11/choosing-a-raid-level-by-drive-count
http://www.smbitjournal.com/2012/11/hardware-and-software-raid
http://www.smbitjournal.com/2012/08/nearly-as-good-is-not-better
http://www.smbitjournal.com/2012/07/hot-spare-or-a-hot-mess
http://www.smbitjournal.com/2012/05/when-no-redundancy-is-more-reliable
http://www.smbitjournal.com/2011/09/spotlight-on-smb-storage
http://www.zdnet.com/blog/storage/why-raid-6-stops-working-in-2019/805
http://www.zdnet.com/blog/storage/why-raid-5-stops-working-in-2009/162
http://queue.acm.org/detail.cfm?id=1670144
Posted by at 1 comment:
Labels: ,

Monday, 23 January 2017

Remove McAfee Agent

There are times when it is impossible to remove the McAfee agent from a machine when it is in "Managed Mode". You'll attempt to, but the appropriate error message will be displayed.

To get around this issue, the agent needs to be uninstalled via the trusty Command Line:

1) Open a command prompt
2) Change directory to the McAfee Framework directory:
   a) For 32-bit systems: cd "C:\Program Files (x86)\McAfee\Common Framework"
   b) For 64-bit systems: cd "C:\Program Files\McAfee\Common Framework"
3) Execute the Following Command: frminst.exe /remove=agent 

In most instances, this uninstalls the McAfee Agent.  However, at the very least, it will place the Agent in "Unmanaged Mode", meaning it can now be uninstalled via "Control Panel" / "Programs and Features".

If all else fails, and I do mean ALL ELSE, you can follow the steps in this McAfee KB Article:
https://kc.mcafee.com/corporate/index?page=content&id=KB75902

Posted by at 4 comments:
Labels: ,

MAC Randomisation

MAC Randomization (sic) is a feature in Windows 10 that can be activated to prevent your location being tracked using your MAC address.  This can be a useful feature, especially for the more paranoid amongst us.  However, ensure that your connection is not locked to your specific MAC address before activating this feature.

To turn on MAC Randomization:

1) Open the "Settings" app
2) Select "Network & Internet"
3) Under the WiFi section, select "Advanced Options"
4) Turn on the "Random Hardware Address" feature

That's it, you're done.

Posted by at 2 comments:
Labels:

Monday, 16 January 2017

Disable Network Bridging

Sometimes a Workstation or Server has multiple network interfaces (because it's common to dual home servers right?).  Since a network bridge allows a Layer 2 connection between two or more physical network segments, allowing data to be shared across networks, this is something that should often be avoided.

One way to accomplish this is via a Firewall (built-in or an additional piece of hardware).  However, the ability to create a bridge can be disabled using Group Policy, and it is this mechanism that is detailed below.

Steps to enable/disable network bridging in Group Policy:
1) Create a new Group Policy Object (or choose the appropriate existing policy) and open for editing
2) Under the "Computer" section, navigate to: Policies / Administrative Templates / Network, and Network Connections
3) Open the "Prohibit installation and configuration of Network Bridge on your DNS domain network" setting
4) Set the policy as required:
    a) To prevent a network bridge being created, click "Enabled"
    b) To allow a network bridge to be created, click "Disabled"
5) Save the Group Policy
6) Apply the Group Policy to the relevant OU/Computer within your Active Directory structure.

Posted by at 1 comment:
Labels: , , ,

Sunday, 15 January 2017

Finding your WiFi Password

Assuming you have signed into your WiFi previously, and have now forgotten your password, there is a simple way to find out what it is:

1) Open a command prompt with "Admin" privileges
2) Run the following command: netsh wlan show profile
(This will list all networks you have connected to)
3) Choose the profile you want from the list, then type: netsh wlan show profile <Network SSID> key=clear

The output from this command will have all the details of your chosen WiFi connection.  The last section is titled "Security settings" and your WiFi password is shown against the "Key Content" entry.
Posted by at 1 comment:
Labels: , ,

Friday, 13 January 2017

Resetting Local SQL Accounts

If you are unable to log into SQL Server as a Domain User, and any local account (such as "sa") is disabled, you can follow the procedure below to log in using a local administrator (any account which is a member of the "Local Administrators" group), and perform a number of tasks.

1) Stop the SQL Server and SQL Server Agent services
2) Disable SQL Agent service
3) Run the following command to start SQL server in 'Single User Mode': sc start MSSQLSERVER -m
(Where MSSQLSERVER is the name of the SQL service)
4) From a command prompt, start a SQLCMD: SQLCMD -s (local)
5) Run the appropriate command for the task you are trying to achieve.  For example:
    a) To create a new local SQL administrator account:
        1> CREATE LOGIN [NewAccount] WITH PASSWORD = N'[Password]',
        2>        DEFAULT_DATABASE = [master],
        3>        CHECK_EXPIRATION = OFF,
        4>        CHECK_POLICY = OFF
        5> GO
        1> ALTER SERVER ROLE [sysadmin]
        2> ADD MEMBER [NewAccount]
        3> GO

    b) To reset the password of an existing account:
        1> ALTER LOGIN [ExistingAccount] WITH PASSWORD = N'[Password]'
        2> GO

    c) To renable login for an existing account:
        1> ALTER LOGIN [ExistingAccount] ENABLE
        2> GO
6) Close the SQLCMD prompt
7) Stop the SQL Server Service
8) Enable the SQL Server Agent service
9) Start the SQL Server and SQL Server Agent services

You should now be able to log into SQL with either your new account, or the existing account that has been enabled or had its password reset.
Posted by at 1 comment:
Labels: , ,
Subscribe to: Posts (Atom)