Windows administration from the command line

Windows system administration is very mouse driven and to reach
all tools you need to browse through Windows explorer.

If you are like me and prefer to log on a limited privilege account and use Runas to perform admin tasks, you can open these consoles with the .msc file names.

Here is a list of admin tools with their .msc file names.

  • domain.msc: AD Domains and Trusts
  • admgmt.msc: Active Directory Management
  • dssite.msc: AD Sites and Serrvices
  • dsa.msc: AD Users and Computers
  • adsiedit.msc: ADSI Edit
  • azman.msc: Authorization manager
  • certsrv.msc: Certification Authority Management
  • certtmpl.msc: Certificate Templates
  • cluadmin.exe: Cluster Administrator
  • compmgmt.msc: Computer Management
  • comexp.msc: Component Services
  • cys.exe: Configure Your Server
  • devmgmt.msc: Device Manager
  • dhcpmgmt.msc: DHCP Managment
  • dfrg.msc: Disk Defragmenter
  • diskmgmt.msc: Disk Manager
  • dfsgui.msc: Distributed File System
  • dnsmgmt.msc: DNS Managment
  • eventvwr.msc: Event Viewer
  • ciadv.msc: Indexing Service Management
  • ipaddrmgmt.msc: IP Address Management
  • llsmgr.exe: Licensing Manager
  • certmgr.msc: Local Certificates Management
  • gpedit.msc: Local Group Policy Editor
  • secpol.msc: Local Security Settings Manager
  • lusrmgr.msc: Local Users and Groups Manager
  • nlbmgr.exe: Network Load balancing
  • perfmon.msc: Performance Monitor
  • pkiview.msc: PKI Viewer
  • pkmgmt.msc: Public Key Managment
  • acssnap.msc: QoS Control Management
  • tsmmc.msc: Remote Desktops
  • rsadmin.msc: Remote Storage Administration
  • ntmsmgr.msc: Removable Storage
  • ntmsoprq.msc: Removable Storage Operator Requests
  • rrasmgmt.msc: Routing and Remote Access Manager
  • rsop.msc: Resultant Set of Policy
  • schmmgmt.msc: Schema management
  • services.msc: Services Management
  • fsmgmt.msc: Shared Folders
  • sidwalk.msc: SID Security Migration
  • tapimgmt.msc: Telephony Management
  • tscc.msc: Terminal Server Configuration
  • licmgr.exe: Terminal Server Licensing
  • tsadmin.exe: Terminal Server Manager
  • uddi.msc: UDDI Services Managment
  • wmimgmt.msc: Windows Mangement Instumentation
  • winsmgmt.msc: WINS Server manager
Posted in MS-Windows | Tagged , , , , , , , , , , , , | Leave a comment

Deploying Kerberos based SSO

Pre-requisites

  • Kerberos Domain Controller (KDC)
  • User accounts in the KDC
  • KDC based logins

To make sure that this is working, login to your workstation using
your kerberos password and use the command:

klist

This should show your principals assigned to you.

Ticket cache: FILE:/tmp/krb5cc_XXXX_ErVb5X
Default principal: [email protected]

Valid starting       Expires              Service principal
01/11/2016 15:51:35  01/12/2016 15:51:34  krbtgt/[email protected]

Configuring Apache

  1. Install any necessary modules on the server:
    • yum install mod_auth_kerb
  2. Create a service principal for the web server (this needs to be
    done on the KDC.

    • kadmin.local -q "addprinc -randkey HTTP/www.example.com
  3. Export the encpryption keys to a keytab:
    • kadmin.local -q "ktadd -k /tmp/http.keytab HTTP/www.example.com
  4. Copy /tmp/http.keytab to the webserver at
    /etc/httpd/http.keytab.
  5. Set ownership and permissions:
    • chmod 600 /etc/httpd/http.keytab
    • chown apache /etc/httpd/http.keytab
  6. Enable authentication, configure this:
    • AuthType Kerberos
    • AuthName "Acme Corporation"
    • KrbMethodNegotiate on
    • KrbMethodK5Passwd off
    • Krb5Keytab /etc/httpd/http.keytab
    • require valid-user
  7. Re-start apache

Configure FireFox

  1. Navigate to about:config
  2. Search for: negotiate-auth
  3. Double click on network.negotiate-auth.trusted-uris.
  4. Enter hostname’s, URL prefixes, etc, separated by commas.
    Examples:

    • www.example.com
    • http://www.example.com/
    • .example.com

It is possible to configure this setting for all users by creating a global config file:

  1. Find configuration directory:
    • rpm -q firefox -l | grep preferences
  2. Create a javascript file in that directory. (by convention, autoconfig.js; other
    file names will work, but for best results it should be early in the alphabet.)
  3. Add the following line:
    • pref("network.negotiate-auth.trusted-uris",".example.com");

Configure OpenSSH server

  1. Create a service principal for the host (this needs to be
    done on the KDC.

    • kadmin.local -q "addprinc -randkey host/shell.example.com
  2. Export the encpryption keys to a keytab:
    • kadmin.local -q "ktadd -k /tmp/krb5.keytab host/shell.example.com
  3. Copy /tmp/krb5.keytab to the host at:
    /etc/krb5.keytab.
  4. Set ownership and permissions:
    • chmod 600 /etc/krb5.keytab
    • chown root /etc/krb5.keytab
  5. Enable authentication, change these settings in
    /etc/ssh/sshd_config:

    • KerberosAuthentication yes
    • GSSAPIAuthentication yes
    • GSSAPICleanupCredentials yes
    • UsePAM no # This is not supported by RHEL7 and should be left as yes
  6. Restart sshd.

Configure OpenSSH clients

Configure /etc/ssh_config or ~/ssh/ssh_config:

Host *.localnet
  GSSAPIAuthentication yes
  GSSAPIDelegateCredentials yes
Posted in Infrastructure | Tagged , , , , , | Leave a comment

Let’s Encrypt

This is a service that let’s you get SSL certificates for HTTPS. These certificates are trusted by major browsers.

See Let’s Encrypt

This is a barebones howto to get SSL certificates:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

This contains the client software for let’s encrypt.

./letsencrypt-auto certonly --manual

This will start by updating and getting any needed dependencies and then jump to a wizard
like configuration to get this done. Follow the prompts and pay special attention on the
prompt used to validate your domain. (You need to create a couple of folders and a file
with the right content).

Afterwards your certificates will be in:

/etc/letsencrypt/live/mydomain.tld

Then go to your CPanel configuration, then upload:

  • privkey.pem to Private Keys
  • cert.pem to Certificates

Then you go to Manage SSL Hosts -> Browse Certificates, pick the right certificate. Then paste chain.pem (from /etc/letsencrypt/live/mydomain.tld) to the CA Bundle box.

Posted in Infrastructure | Tagged , , , , | Leave a comment

Centos7/RHEL7 FirewallD — the least you need to know

This post is just a simple hints-tips to get something going with FirewallD without going into too much detail.

  1. Checking if you are using firewalld:
    • firewall-cmd –state
  2. Check your zones (needed later when opening ports):
    • firewall-cmd –get-default-zone
    • firewall-cmd –get-active-zones
  3. Checking what is active:
    • firewall-cmd –zone=public –list-all
  4. Opening services:
    • firewall-cmd –zone=public –add-service=http
      Or alternatively:
    • firewall-cmd –permanent –zone=public –add-service=http
    • firewall-cmd –reload
      Services are defined in /usr/lib/firewalld/services and /etc/firewalld/services.
  5. Opening ports:
    • firewall-cmd –permanent –zone=public –add-port=443/tcp
    • firewall-cmd –reload
Posted in Infrastructure | Tagged , , , , , , , , | Leave a comment

Raspberry Pi Thin Client

RPITC

Thin Client project want to create a very low price thin client over Raspberry Pi board! Microsoft RDC, Citrix ICA, VMWare View, OpenNX & SPICE

Posted in IT development | Tagged , , , | Leave a comment

Online IDEs

5 Best online IDEs
If you want to move to the cloud and like to code like me, this is kinda of a basic necessity.

Posted in Cloud Services | Tagged , , , | Leave a comment

Lifehacker App Guides

These two hyperlinks from Lifehacker are quite useful:

Posted in Android | Tagged , , , | Leave a comment

Another Markdown Editor

This one is GitHubFlavored markdown…

markdown editor

Posted in Web | Tagged , , | Leave a comment

Web Links

ifysfxqtv2dyygl0b09k

Down For Everyone or Just Me:
If you’re getting an error when visiting a certain site, it could be down—or something could be wrong on your end. To see which it is, head to and type in the web site’s domain. It’ll let you know if it’s actually down or whether you need to do a little more troubleshooting. You can head there quicker by typing in .
If you’re curious how fast your internet is for any reason, this is the site to check. It’ll give you both and upload and download speed, so you can find out if you’re getting what you pay for (or if you’re just getting faster speeds than your friends). Just load it up and click “Begin Test” to get started.

jcnkq3n1jdkg3mtindvt

How Secure Is My Password?: Does what it says on the tin. Type in a password and it’ll tell you how long it would take to crack.

What’s My IP: Whether you’re setting up a home media server with Subsonic or you just need to SSH into a computer at home, sometimes you need to know a computer’s IP address from outside of your network, and this site will tell you what it is.

Can You See Me: If you’re having connection issues with a certain program, like email, IM, or BitTorrent, it could be because your firewall or ISP is blocking a certain port that program needs. Canyouseeme.org will let you type in a port and check if it’s open— if it isn’t, then that could be the source of your trouble. If it’s open, then you know it’s something else.

Posted in Web | Tagged , , , , , , , , , | Leave a comment

Fiddle Markdown Tool

For a quick and simple Markdown Preview:

oudpno5sb9dfgfkvpvgw

Fiddle

Posted in Web | Tagged , , , | Leave a comment