Friday, June 23, 2017

Backup and Restore Sticky Notes in Windows 10

Here's the process that I found for moving Sticky Notes from a Windows 7 machine to a Windows 10 machines that has the anniversary update.  It's a specific process, and here it is (link):

http://www.winhelponline.com/blog/recover-backup-sticky-notes-data-file-windows-10/


Tuesday, May 30, 2017

Replicating Windows 10 Start Menu layout

I found this great post on how to replicate the Windows 10 Start Menu to other profiles on the same computer.

In brief, run this command from powershell to export the start menu as you've configured it:
Export-Startlayout -path C:\Windows\Temp\SMenu.xml

Then run this command from powershell to apply that layout to all other profiles:
Import-StartLayout -LayoutPath C:\Windows\Temp\SMenu.xml -MountPath $env:SystemDrive\

Wednesday, May 24, 2017

Creating a new Windows profile on Windows 10 (or Windows 8, Windows 7, or Vista)

This is what I consider best practice for creating a new Windows profile on Windows 10.  Typically, I do this if I think the Windows profile is corrupt in some way and I think a new profile will solve the problem.  All of this assumes that you have the user's log in password.

Step 1: Note the default printer and default browser for the existing profile (or any other things that may be unique to the profile, but those are the two big ones).  You might note which programs have been logged in with credentials you don't have as well - Dropbox, Google Drive, Skype, etc

Step 2: Log in with an account that has local administrator privileges.

Step 3: Edit the registry and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Look at the various keys in there and find the one with the value that you want to delete.  For example, in the screen shot below, the value c:\users\dave is in the key that begins with S-1-15-21.  You delete the entire entry that begins with S-1-15-21.
















Step 4: Rename the profile that is going to be deleted.  In this example, I'd rename c:\users\dave to c:\users\dave-old

Step 5: Reboot and then log in as the user.  You'll find a brand new profile is created and you can access all the old data in the renamed profile from step 4.

Step 6: Set up the profile as needed including, but not limited to:
1) set up Outlook
2) move back data from old profile to new profile:
 a) desktop
 b) documents
 c) all the other stuff that is in c:\users\%username%
3) set up backup
4) set up VPN
5) add back signature using old sent items
6) add printers (if necessary) and set correct default printer
7) restore browser settings
8) Remind the user that he/she will need to log in to services you don't have the password to (Dropbox, Skype, Google Drive, etc)

Thursday, March 23, 2017

How to remove entries from a Fortigate IPS block list

If you find that you've got an IP address on the block list that is incorrect, you can remove the entry via CLI.  From the CLI, you can run this command to get the list of blocked IP addresses:

diagnose firewall ip_host list

If the IP address 123.123.123.123 was on the block list, here's how you'd remove it:

diagnose firewall ip_host delete src4 123.123.123.123


Wednesday, March 22, 2017

Set up IPS on Fortigte firewall to block brute force RDP attacks

Like most people, my terminal servers are constantly being probed via brute force attacks trying to find a weak spot.  The better answer is to put the terminal server behind a VPN.  Short of that, I like setting up Duo Security for two factor authentication.  Another alternative (and perhaps in addition to Duo) is to detect and protect against brute force attacks on your firewall.

Here's how I configure that on my Fortigate firewall.

First, I enable the IPS rule for RDP brite force attacks. I set a threshold of 15 over 900 seconds (15 minutes) with a block duration of 259200 seconds (3 days).




















Then you go to your RDP policy and set the default policy for your RDP policy.




















That's all you need to do.  If you want to see what IP addresses have been blocked, go to Log & Report -> Security Log -> Intrusion Protection





















Monday, March 20, 2017

Enabling two factor authentication in Outlook 2013 with Office365

This post will go over what you need to do to enable two factor authentication in Office 2013 with a backend Office365 mail server (so you don't need to use app passwords).  This process sets up the 'modern authentication' login window for Office 2013 programs.

Step one - from a Powershell command prompt run this command (info from here):
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

Step two - Add group policy to push modern authentication registry entries to Office 2013 computers

After step two is complete, I'd recommend waiting a couple days for all the users to get these settings added to their registry via group policy..  


Step three - enable 2FA from the Office Portal:

















Thursday, March 9, 2017

Windows 7 not installing updates

As of March 2017, I rarely ever touch a Windows 7 machine anymore, but I did today, and the machine was checking for updates over and over again.  I googled and found a solution in my case (below).  The machine I was working on had installed updates in October 2016.  In general, I'd say my process for updating Windows 7 machines is this:

Install the convenience update if the most recent updates were older than April 2016

If the convenience update is installed, then I'd recommend these commands from an elevated command prompt:

net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 catroot2.old
net start wuauserv
net start cryptSvc
net start bits
net start msiserver

Sunday, March 5, 2017

Start menu organization in Windows 10

I used to leave the Windows 10 menu alone with all the default bloatware garbage on it, but I've started arranging the menu and putting the critical programs, weather, and news (changed from small to large window size) on the start menu,  I prefer a nicely organizard tile section in my start menu, so why not make it that way for the users?  This is what my typical start menu looks like:


Friday, February 24, 2017

Computer swap process - revised 2-24-17

This post will go over all the items we look at when putting in a new computer for an existing user (for example - an employee is getting a new laptop and needs his/her data transferred).  This process doesn't cover installation of programs (assumes this has already been done), but it will ask you to check on important installations.


  1. Change the name of the computer as required (putting initials for the user in the computer name)
  2. Install all applicable updates (for Windows and Office)
  3. Copy data from old computer to new computer using robocopy script
  4. Move data to appropriate locations (desktop data to desktop, music to music folder, etc)
  5. Ensure all applicable programs are installed/configured including (but not limited to):
    a. AP StyleGuard
    b. Adobe Acrobat Standard/Reader
    c. NitroPDF
    d. MS Project
    e. MS Visio
    f. TightVNC
    g. Skype
    h. Google Talk
    i. QuickBooks
    j. Malwarebytes
    k. Java
    l. FileMaker
    m. Backblaze (or other backup program)
    n. Great Plains and/or Management Reporter
  6. Make sure Outlook is configured as appropriate
  7. Confirm antivirus is installed and up to date
  8. Confirm shared calendars are in place
  9. Confirm printers are installed with appropriate printer set as default
  10. Confirm VPN is in place with saved credentials
  11. Confirm new user has appropriate permissions on computer (local admin or standard user)
  12. Put appropriate icons for frequently accessed programs on desktop (Computer, Word, Excel, Outlook, terminal server icon, VPN icon, accounting software if applicable)
  13. Confirm backup is working properly for the new user.
  14. Add drivers for mobile broadband card if needed
  15. Encrypt the laptop using bitlocker if required on that network
  16. Arrange the start menu per best practices (link to visual of best practices)
  17. Track computer's serial number in inventory spreadsheet and make sure user's name is noted as current user for computer