Disable Inactivity Timeout in Cisco IOS

One of the most annoying things I can think of is having multiple Cisco IOS terminal sessions open and then switching back over to one of the terminal windows only to find that the session has been disconnected. Here is how you fix that.

  1. First log back into the Cisco IOS session.
  2. enable
  3. config
  4. line vty 0-16 (if you are not sure how many lines you have just type line vty ?)
  5. exec-timeout 0
  6. copy run start
  7. Enjoy!

Kaspersky Lab: Ransomware Decryptor

Are you a ransomware victim? The National High Tech Crime Unit (NHTCU) of the Netherlands’ police, the Netherlands’ National Prosecutors Office and Kaspersky Lab have been working together to fight the CoinVault ransomware campaign. During our joint investigation we have been able to obtain data that can help you to decrypt the files being held hostage on your PC.

https://noransom.kaspersky.com/

User Logged in with Temporary Profile

temp-profile

  1. Log on to the system by using an administrative user account other than the user account that is experiencing the problem.
  2. Back up all data in the current user’s profile folder if the profile folder still exists, and then delete the profile folder. By default, the profile resides in the following location:
    %SystemDrive%\Users\UserName
  3. Click Start, type regedit in the Start Search box, and then press ENTER. If you are prompted for an administrator password or for confirmation, type your password, or click Continue.
  4. Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  5. Under the ProfileList subkey, delete the subkey that is named SID.bak. (meaning some folder which terminates or has .bak)
  6. Note SID is a placeholder for the security identifier (SID) of the user account that is experiencing the problem. The SID.bak subkey should contain a ProfileImagePath registry entry that points to the original profile folder of the user account that is experiencing the problem.

  7. Exit Registry Editor.
  8. Log off the system.
  9. Log on to the system again.
  10. After you log on to the system, the profile folder is re-created.

References
How to Fix Temporary Profile in Windows 7

Subnet Mask Cheat Sheet

See also RFC 1878.


Addresses Hosts Netmask Amount of a Class C
/30 4 2 255.255.255.252 1/64
/29 8 6 255.255.255.248 1/32
/28 16 14 255.255.255.240 1/16
/27 32 30 255.255.255.224 1/8
/26 64 62 255.255.255.192 1/4
/25 128 126 255.255.255.128 1/2
/24 256 254 255.255.255.0 1
/23 512 510 255.255.254.0 2
/22 1024 1022 255.255.252.0 4
/21 2048 2046 255.255.248.0 8
/20 4096 4094 255.255.240.0 16
/19 8192 8190 255.255.224.0 32
/18 16384 16382 255.255.192.0 64
/17 32768 32766 255.255.128.0 128
/16 65536 65534 255.255.0.0 256

Guide to sub-class C blocks

/25 — 2 Subnets — 126 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.126 .127
.128 .129-.254 .255

/30 — 64 Subnets — 2 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.2 .3
.4 .5-.6 .7
.8 .9-.10 .11
.12 .13-.14 .15
.16 .17-.18 .19
.20 .21-.22 .23
.24 .25-.26 .27
.28 .29-.30 .31
.32 .33-.34 .35
.36 .37-.38 .39
.40 .41-.42 .43
.44 .45-.46 .47
.48 .49-.50 .51
.52 .53-.54 .55
.56 .57-.58 .59
.60 .61-.62 .63
.64 .65-.66 .67
.68 .69-.70 .71
.72 .73-.74 .75
.76 .77-.78 .79
.80 .81-.82 .83
.84 .85-.86 .87
.88 .89-.90 .91
.92 .93-.94 .95
.96 .97-.98 .99
.100 .101-.102 .103
.104 .105-.106 .107
.108 .109-.110 .111
.112 .113-.114 .115
.116 .117-.118 .119
.120 .121-.122 .123
.124 .125-.126 .127
.128 .129-.130 .131
.132 .133-.134 .135
.136 .137-.138 .139
.140 .141-.142 .143
.144 .145-.146 .147
.148 .149-.150 .151
.152 .153-.154 .155
.156 .157-.158 .159
.160 .161-.162 .163
.164 .165-.166 .167
.168 .169-.170 .171
.172 .173-.174 .175
.176 .177-.178 .179
.180 .181-.182 .183
.184 .185-.186 .187
.188 .189-.190 .191
.192 .193-.194 .195
.196 .197-.198 .199
.200 .201-.202 .203
.204 .205-.206 .207
.208 .209-.210 .211
.212 .213-.214 .215
.216 .217-.218 .219
.220 .221-.222 .223
.224 .225-.226 .227
.228 .229-.230 .231
.232 .233-.234 .235
.236 .237-.238 .239
.240 .241-.242 .243
.244 .245-.246 .247
.248 .249-.250 .251
.252 .253-.254 .255

/26 — 4 Subnets — 62 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.62 .63
.64 .65-.126 .127
.128 .129-.190 .191
.192 .193-.254 .255

/27 — 8 Subnets — 30 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.30 .31
.32 .33-.62 .63
.64 .65-.94 .95
.96 .97-.126 .127
.128 .129-.158 .159
.160 .161-.190 .191
.192 .193-.222 .223
.224 .225-.254 .255

/28 — 16 Subnets — 14 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.14 .15
.16 .17-.30 .31
.32 .33-.46 .47
.48 .49-.62 .63
.64 .65-.78 .79
.80 .81-.94 .95
.96 .97-.110 .111
.112 .113-.126 .127
.128 .129-.142 .143
.144 .145-.158 .159
.160 .161-.174 .175
.176 .177-.190 .191
.192 .193-.206 .207
.208 .209-.222 .223
.224 .225-.238 .239
.240 .241-.254 .255

/29 — 32 Subnets — 6 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.6 .7
.8 .9-.14 .15
.16 .17-.22 .23
.24 .25-.30 .31
.32 .33-.38 .39
.40 .41-.46 .47
.48 .49-.54 .55
.56 .57-.62 .63
.64 .65-.70 .71
.72 .73-.78 .79
.80 .81-.86 .87
.88 .89-.94 .95
.96 .97-.102 .103
.104 .105-.110 .111
.112 .113-.118 .119
.120 .121-.126 .127
.128 .129-.134 .135
.136 .137-.142 .143
.144 .145-.150 .151
.152 .153-.158 .159
.160 .161-.166 .167
.168 .169-.174 .175
.176 .177-.182 .183
.184 .185-.190 .191
.192 .193-.198 .199
.200 .201-.206 .207
.208 .209-.214 .215
.216 .217-.222 .223
.224 .225-.230 .231
.232 .233-.238 .239
.240 .241-.246 .247
.248 .249-.254 .255

Kill Multiple Processes with CMD

Ever looked in Windows Task Manager to kill a process from the Processes tab only to find that there are 30 or so of the same processes running? Well if you are patient and have plenty of time to waste you can right-click each one of them and select “End Process” or you can do it the easy way.

  1. Open CMD
  2. Type taskkill /F /IM
  3. Press return
  4. Verify termination of process with “SUCCESS: The process with PID ##### has been terminated.”

taskkill

So where is this helpful you ask?

  • If you manage a Terminal Server with many users on it and they are running the same process on 103 different desktops, this CMD will allow you to kill all those instances within seconds.
  • If you have a virus outbreak and it fires off duplicate processes on the same machine you can use this CMD to kill them all instantly.

Windows Server 2008 R2 – Sync Time Using External Time Source

Sync Time using External Time Source

Trying to figure out why the time is faster/slower on your mobile phone than your computer clock? Well if you are on a domain that means that the time on your domain controller (DC) is wrong. By default, all machines in the domain will sync time from the DC which is the internal time server. If you have more than one DC then the time will sync from the DC that holds the Primary Domain Controller (PDC) emulator Flexible Single Master Operation (FSMO) role.

To identify which DC is the PDC emulator in the domain you can run netdom /query fsmo which will get you this:

query-fsmoRun these commands on the PDC emulator:

w32tm /config /manualpeerlist:"time.windows.com,0x1" /syncfromflags:manual /reliable:yes /update
if you get the Access is denied. (0x80070005) error

 error-0x80070005

then do this:
net stop w32time then w32tm /unregister then w32tm /register then net start w32time

then rerun:

w32tm /config /manualpeerlist:"time.windows.com,0x1" /syncfromflags:manual /reliable:yes /update

and then:
w32tm /config /update
and then:
net stop w32time && net start w32time
After you get “The command completed successfully.” you can view the configuration by running w32tm /query /configuration

w32tm-query-configuration
Notice in the image the DC will now be getting the time from time.windows.com

To configure a client to automatically sync from the domain run:
w32tm /config /syncfromflags:domhier /update

By default all workstations on a domain will automatically sync their time to the domain controller

You can verify the workstation is synchronizing time from the domain controller by running:
w32tm /monitor
It will output like this:
w32tm-monitor

If the time is not synchronized you can run:
w32tm /resync
That’s it!

External Reference Sources

All OUs in this domain should be protected from accidental deletion – Active Directory

All OUs in this domain should be protected from accidental deletion

Title:
All OUs in this domain should be protected from accidental deletion

Severity:
Warning

Date:
4/8/2014 3:50:06 PM

Category:
Configuration

Issue:
Some organizational units (OUs) in this domain are not protected from accidental deletion.

Impact:
If all OUs in your Active Directory domains are not protected from accidental deletion, your Active Directory environment can experience disruptions that might be caused by accidental bulk deletion of objects.

Resolution:
Make sure that all OUs in this domain are protected from accidental deletion.

The fix:

You will need Active Directory Module for Windows PowerShell
  1. Check which OUs are not protected:
    Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | ft
  2. Now protect them:
    Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true
  3. Run the #1 again to check for anything missed.

That’s it.
Your welcome.

Active Directory Domain Services Best Practices Analyzer (AD DS BPA) is not able to collect data

Active Directory Domain Services Best Practices Analyzer (AD DS BPA) is not able to collect data from <domain name here>

  1. Open the DNS snap-in and connect to a domain controller in the forest root domain.
  2. Expand Forward Lookup Zones and then expand the forest root domain.
  3. Click the _tcp container.
  4. In the details pane, look in the Name column for _gc and in the Data column for the name of the server. The records that begin with _gc are global catalog SRV records.
  5. On the Security tab ensure the machine account for the Domain controller in which you’re running the AD DS BPA is added with read permissions.

Then “Scan This Role” again and the errors should be resolved.

Your welcome.

Stop Automatic Disconnection of Network Drive

Stop Automatic Disconnection of Network Drive

Your mapped drives to a network share may be disconnected after a regular interval of inactivity, and Windows Explorer may display a red “X” on the icon of the mapped drive. Accessing a program that depends on this mapped drive may fail. However, if you try to access or browse the mapped drive, it reconnects quickly.

It is simple to fix.

I set this on all my servers. Keeps their drives from timing out.

There are a couple ways. The first way is by far the easiest since it just involves you remoting to the afflicted user:

  1. opening a CMD (admin) prompt.
  2. net config server /autodisconnect:-1
  3. Press return and that’s it.

The other way is with the Registry Editor.

  1. Click Start, click Run, type regedit (Windows 2000 or Windows Server 2003) or type regedt32 (Windows NT 4.0), and then click OK.
  2. Locate and then click the following key in the registry:
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters
  3. In the right pane, click the autodisconnect value, and then on the Edit menu, click Modify. If the autodisconnect value does not exist, follow these steps:
    1. On the Edit menu, point to New, and then click REG_DWORD.
    2. Type autodisconnect, and then press ENTER.
  4. On the Edit menu, click Modify.
  5. Click Hexadecimal.
  6. In the Value data box, type ffffffff, and then click OK.

Working with a CISCO ASA 5510

Cleaning up (or inheriting)  someone else’s CISCO mess can be very frustrating. This is just my notes and dealings with an ASA5510 that I inherited.

Before you begin any working with an CISCO ASA 55xx it is always best to do a “dir” command and at least see what is on disk0:/ .

This all assumes that you can get to a (configure) setting.

Load new image for boot and ASDM
——————————–
1. Connect console cable
2. enable
3. conf t
4. configure factory-default 10.10.10.1 255.0.0.0
5. dir
6. boot system [flash:/disk0:/] [software image name]
7. write memory
8. reload
9. 1,2,3
10. asdm image [flash:/disk0:/] [software image name]
11. write memory
12. reload
##– at this point you have a running ASA with current images –##

By default the ports are down and no traffic is allowed. This can be verified by running “show ver” and noticing that all the ports say “shutdown”.  Enable the ports by “conf t, interface name, no shut”.

If for some reason you have to change the IP addresses and are running IPSec VPN — you will have to update the certificate (by getting a new certificate) or disable LDAP over SSL for the connections to work.