Author Archives: Munkhtuvshin Baatar

IT Disaster Recovery from ransomware, hardware or software failures and human mistakes. How to effectively backup and restore, how to optimize IT data protection

ITFORCE LLC (Ulaanbaatar, Mongolia) invites IT engineers to participate in one-day free IT training lab “IT Disaster Recovery from ransomware, hardware or software failures and human mistakes. How to effectively backup and restore, how to optimize IT data protection”. All registered candidates will be divided into groups of 5 attendees (more attendees leads to less effectiveness of lab training). Planned number of training sessions is 2-3. To register please go to link:  https://lnkd.in/d_XsTgp

Read the rest

how to slipstream windows updates into distributive for win7/win10/win2012r2/win2016 and so on

If you often install freshly windows system, then my post maybe will be helpful for you. Mainly it’s more related to creation of system images for further deployments in corporate network, but sometimes it saves time even for home geeks. After installation you usually update from Microsoft Update thru internet or from WSUS – it takes a lot of time even on beefy computers. My idea is to do this work only once (later just to update in usual way from time to time). When you finished updates:

  1. backup to second partition your system by builtin windows backup (bare-metal system
Read the rest

again about wsus

Everybody knows about free Windows System Update Service/WSUS. But i feel this service needs some extra explanations, recommendations for newbie sysadmins.

At first why do you need it? – briefly: for security and to fix software glitches. Proper and in time hotfixing/patching has paramount importance for security (maybe even more important than to have weak antivirus, IDS/IPS, firewall and other standard protection measures, which also should be regularly updated) If your health is bad or even if you are close to die then just screening from hackers will not help you. The weaker you are the more expensive protection, … Read the rest

How to enable for vPro/AMT computers mutual authentication using certificates.

In May 2017 Intel publicly confirmed the vulnerability in own firmware for vPro/AMT.

To download and patch such computers from Dell use links inside the PDF file from following link.

But as i mentioned in my linkedin post it’s possible to protect even noname computers (without updated BIOS) with compromised ME firmware — implementing SSL/TLS certificates for mutual authentication. In this post i will show how it can be done.

At first let’s consider that

  • you know that your computer supports vPro/AMT, ME version, you know AMT type (ISM or full AMT and so on)
  • you already use intel
Read the rest

Rufus as an alternative for free Microsoft Windows 7 USB DVD download tool

Microsoft Windows 7 USB DVD download tool is very capricious, long time is not updated, doesn’t work in many cases (can after spent long time to copy 2-4gb, only in the end of process suddenly cast error that couldn’t create boot records; or doesn’t work on other version of windows and so on). Therefore i prefer to use tiny rufus utility. It’s free and very small – less than megabyte. Doesn’t need to be installed – portable – ready to work immediately after download. Very stable work to create Windows install disks for any edition and version, including windows 10 … Read the rest

How to create handy boot USB toolbox

To have for each tool CD/DVD/USB flash disk is too inconvenient, so let’s combine on one USB flash disk all of them.

  1. Download yumi
  2. format your Flash disk as FAT32 (ntfs will not work with grub loader), so there is iso file limitation of FAT32, not more than 2GB.
  3. never leave in iso file name spaces. Prepare all necessary iso files (usually i prefer to have multiple versions of hiren tools/ERD/DART10/acronis tools, veeam BER, macrius repair disk, veeam agent, WDS capture disk and so on)
  4. iso files are not extracted and copied as is to the flash disk !!! not
Read the rest

Some recommendations for windows installers.

    1. if you want to install any version of Windows on large disk (bigger than 2TB) start your PC from UEFI, not from conventional BIOS boot. Otherwise you will be able after installation to use only 2TB from for example 3 or 4TB hdd.
    2. sometimes previous OEM repair service partitions, or linux/unix partitions cannot be removed from HDD by windows GUI, in this case just do following (NEVER DO IT ON HDD WITH DATA, after “clean” command whole disk (all partitions) will be erased ! ):
      diskpart
      list disk
      select disk 0
      clean
      

      (if you install fresh windows – during booting

Read the rest

How manually enable Let’s encrypt SSL for Windows IIS server.

Let’s Encrypt free certificates are very useful for Microsoft web servers, MS Dynamics Nav web client access, Exchange and Lync/Skype for business external accesses and so on (better to use it with windows ACME clients for auto prolongation of certificate)

But if you have problems with publishing 80/443 port of your web server (conflict with router admin port, or maybe even server is not in public Internet access and so on, maybe you should configure manually Let’s encrypt SSL for your testing environment)

1. go to https://zerossl.com

2.

3.

Certbot/ACME clients use “HTTP verification”. We will in this post use … Read the rest

How to create site to site vpn from pfsense to openvpn server.part3

  1. How to create site to site VPN for SMB with low IT budget. part1
  2. How to setup OpenVPN server on debian? part2
  3. How to create site to site vpn from pfsense to openvpn server.part3

OK, we already have Openvpn server at central office. Now our task is to configure branch office pfsenses (why pfsense) to connect central office Openvpn server:

  1. create Hyperv VM for pfsense at branch office 01:
    • mount pfsense iso to the pfsense VM
    • create fixed size virtual disk, 5gb is enough. if you use dynamic disk – pfsense freebsd installer can fail
    • before pfsense installation
Read the rest