Friday, August 11, 2017

Slow computer troubleshooting

Here's the list of things I do when troubleshooting a slow computer:

1) Run a malwarebytes scan and remove anything found
2) Install all applicable driver updates
3) Run "sfc /scannow" from an elevated command prompt
4) Install all applicable Windows updates
5) Install all applicable Office updates, if installed separately (true for some versions of Office 2016)
6) Check amount of free disk space (ideally at least 20 GB free)
7) Check for adware/crapware that is installed.  Remove by normal add/remove programs

Friday, July 7, 2017

Storing Mac data storage folders (desktop, documents, etc) in a cloud syncing folder (Dropbox, Google Drive, etc)

This page talks about methods for moving data storage locations to cloud syncing folders which allows for real time backup of those data storage locations.  I use this process often for smaller clients who need/want backup on the cheap.  This is particularly easy if they're already using Dropbox or Google Drive or have an Office365 account with OneDrive storage.

https://www.howtogeek.com/204595/how-to-move-special-folders-on-os-x-to-cloud-storage/


Friday, June 23, 2017

Backup and Restore Sticky Notes in Windows 10

Here's the process that I found for moving Sticky Notes from a Windows 7 machine to a Windows 10 machines that has the anniversary update.  It's a specific process, and here it is (link):

http://www.winhelponline.com/blog/recover-backup-sticky-notes-data-file-windows-10/


Tuesday, May 30, 2017

Replicating Windows 10 Start Menu layout

I found this great post on how to replicate the Windows 10 Start Menu to other profiles on the same computer.

In brief, run this command from powershell to export the start menu as you've configured it:
Export-Startlayout -path C:\Windows\Temp\SMenu.xml

Then run this command from powershell to apply that layout to all other profiles:
Import-StartLayout -LayoutPath C:\Windows\Temp\SMenu.xml -MountPath $env:SystemDrive\

Wednesday, May 24, 2017

Creating a new Windows profile on Windows 10 (or Windows 8, Windows 7, or Vista)

This is what I consider best practice for creating a new Windows profile on Windows 10.  Typically, I do this if I think the Windows profile is corrupt in some way and I think a new profile will solve the problem.  All of this assumes that you have the user's log in password.

Step 1: Note the default printer and default browser for the existing profile (or any other things that may be unique to the profile, but those are the two big ones).  You might note which programs have been logged in with credentials you don't have as well - Dropbox, Google Drive, Skype, etc

Step 2: Log in with an account that has local administrator privileges.

Step 3: Edit the registry and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Look at the various keys in there and find the one with the value that you want to delete.  For example, in the screen shot below, the value c:\users\dave is in the key that begins with S-1-15-21.  You delete the entire entry that begins with S-1-15-21.
















Step 4: Rename the profile that is going to be deleted.  In this example, I'd rename c:\users\dave to c:\users\dave-old

Step 5: Reboot and then log in as the user.  You'll find a brand new profile is created and you can access all the old data in the renamed profile from step 4.

Step 6: Set up the profile as needed including, but not limited to:
1) set up Outlook
2) move back data from old profile to new profile:
 a) desktop
 b) documents
 c) all the other stuff that is in c:\users\%username%
3) set up backup
4) set up VPN
5) add back signature using old sent items
6) add printers (if necessary) and set correct default printer
7) restore browser settings
8) Remind the user that he/she will need to log in to services you don't have the password to (Dropbox, Skype, Google Drive, etc)

Thursday, March 23, 2017

How to remove entries from a Fortigate IPS block list

If you find that you've got an IP address on the block list that is incorrect, you can remove the entry via CLI.  From the CLI, you can run this command to get the list of blocked IP addresses:

diagnose firewall ip_host list

If the IP address 123.123.123.123 was on the block list, here's how you'd remove it:

diagnose firewall ip_host delete src4 123.123.123.123


Wednesday, March 22, 2017

Set up IPS on Fortigte firewall to block brute force RDP attacks

Like most people, my terminal servers are constantly being probed via brute force attacks trying to find a weak spot.  The better answer is to put the terminal server behind a VPN.  Short of that, I like setting up Duo Security for two factor authentication.  Another alternative (and perhaps in addition to Duo) is to detect and protect against brute force attacks on your firewall.

Here's how I configure that on my Fortigate firewall.

First, I enable the IPS rule for RDP brite force attacks. I set a threshold of 15 over 900 seconds (15 minutes) with a block duration of 259200 seconds (3 days).




















Then you go to your RDP policy and set the default policy for your RDP policy.




















That's all you need to do.  If you want to see what IP addresses have been blocked, go to Log & Report -> Security Log -> Intrusion Protection