Manage Windows 8 Wireless Network Profiles

I was having a heck of a time with my little tablet connecting to some wireless connections using the same SSID. Here’s how I fixed it…

If you need to change a wireless connection profile, you can usually do it by following these steps:

Swipe in from the right edge of the screen, tap Settings, and then tap Change PC settings. (If you’re using a mouse, point to the upper-right corner of the screen, move the mouse pointer down, click Settings, and then click Change PC settings.)
Tap or click Network, tap or click Connections, and then tap or click the connection you want to change.
On the page that appears, make the changes you want.

Some tasks, such as deleting a profile, must be done at the command prompt. To do these tasks, open Command Prompt, and then type the appropriate command from the following table.

Open Command Prompt by swiping in from the right edge of the screen, tapping Search (or if you’re using a mouse, pointing to the upper-right corner of the screen, moving the mouse pointer down, and then clicking Search), entering Command Prompt in the search box, and then tapping or clicking Command Prompt.

TASK	INSTRUCTIONS
Delete a profile	At the command prompt, type: netsh wlan delete profile name=”ProfileName”
Show all wireless profiles on the PC	At the command prompt, type: netsh wlan show profiles
Show a security key	At the command prompt, type: netsh wlan show profile name=“ProfileName” key=clear
Move a network up in the priority list	Connecting to a new network and choosing Connect automatically will place it at the top of the list.
Stop automatically connecting to a network within range	Tap or click the network in the network list, and then click Disconnect.
Stop automatically connecting to a network that’s out of range	At the command prompt, type: netsh wlan set profileparameter name=”ProfileName” connectionmode=manual

How Windows determines connection priority

Windows usually connects to networks in this order:

1. Ethernet

2. Wi‑Fi

3. Mobile broadband

When you connect to a new Wi‑Fi network, it’s added to the list, and Windows will connect to that network while it’s in range. If you connect to another Wi‑Fi network while in range of the first network, Windows will prefer the second network over the first one.

Mobile broadband networks are treated differently. If you manually connect to a mobile broadband network when there is a Wi‑Fi network in range, the mobile broadband network is preferred just for that session. The next time you’re in range of both networks, the Wi‑Fi network is preferred. This is because mobile broadband networks typically are metered.

If you want to force your PC to prefer a mobile broadband network over Wi‑Fi, tap or click the Wi‑Fi network in the list of networks, and then click Disconnect. Windows won’t automatically connect to that Wi‑Fi network.

January 22, 2018

Re-register Windows client/server in WSUS

To re-register Windows client/server in WSUS review the following instructions:

1. Run “gpupdate /force” command on the Windows client/server that have a registration issue in WSUS.

2. Run “wuauclt /detectnow ” command on the Windows client/server that have a registration issue in WSUS.

Tip: You can use the Event Viewer to review the re-registration

3. In rare cases, you may need to run: “wuauclt.exe /resetauthorization /detectnow” command on the Windows client/server that have a registration issue in WSUS.

January 22, 2018

Force10, Equallogic, and VMware

I was having a retransmit issue with the above equipment, here’s how I got around it. On the Force10’s I ran this config as the Equallogic and the vHost iscsi ports have to be configured this way:

config
protocol spanning-tree rstp
no disable
interface GigabitEthernet x/x
description EQL or vHost iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
that’ll take the TCP retransmit down to below .05

January 22, 2018

Unix and Active Directory Integration

Step by step,

yum install nscd samba samba-common samba-client samba-winbind

yum upgrade

vi /etc/hosts
192.168.1.30 dc.domain.com pdc01

Run authconfig-tui
Authentication Configuration – check Cache Information, Use Winbind, Use MD5 Passwords, Use Shadow Passwords, Use Winbind Authentication
Winbind Settings – check ads, type the short name of the domain, example.com needs to be just example in this field, enter FQDN of domain controllers, ADS realm is FQDN of primary DC, check /bin/bash
Click on Join Domain
Enter credentials for a domain administrator and make sure the server successfully joined the domain

vi /usr/local/bin/bash-wrapper

#!/bin/sh

# This script restricts shell access to privileged users. The “template shell”
# option in the ‘/etc/samba/smb.conf’ file should be set to call this wrapper.

# Get group memberships for this user.
BFN_ID=$(/usr/bin/id)

# Grant shell access to users that are in the local wheel group.
if /bin/echo “$BFN_ID” | /bin/grep -P ‘[=,][0-9]{1,8}(wheel)’ > /dev/null
then
exec /bin/bash –login “$@”
fi

# Grant shell access to users that are in the domain administrators group.
if /bin/echo “$BFN_ID” | /bin/grep -P ‘[=,][0-9]{1,8}(domain admins)’ > /dev/null
then
exec /bin/bash –login “$@”
fi

# Else print a notice and just exit.
echo “Shell access to this computer is disabled.”

# eof

vi /usr/local/bin/ad-phase2.sh

# ad-phase2.sh – Phase 2
# Description: This script automates the process of joining a linux box
# to an AD domain. The process is divided in two parts.
#
# Please edit the relevant parts of the script below prior running it

# This block doesn’t need to be edited
#sed -i ‘s%protocols: files%protocols: files winbind%g’ /etc/nsswitch.conf
#sed -i ‘s%rpc: files%rpc: files winbind%g’ /etc/nsswitch.conf
#sed -i ‘s%netgroup: files%netgroup: files winbind%g’ /etc/nsswitch.conf
#sed -i ‘s%automount: files%automount: files winbind%g’ /etc/nsswitch.conf

# The following line allows users to logon without the ugly EXAMPLEuser syntax
sed -i ‘s%winbind use default domain = false%winbind use default domain = true%g’ /etc/samba/smb.conf

# More parameters to make life easier with UID and GID correspondances
sed -i ‘s% template shell = /bin/bash% template shell = /usr/local/bin/bash-wrapper%g’ /etc/samba/smb.conf
sed -i ‘/ winbind offline logon = false/a winbind enum users = true’ /etc/samba/smb.conf
sed -i ‘/winbind enum users = true/a winbind enum groups = true’ /etc/samba/smb.conf
sed -i ‘/winbind enum groups = true/a winbind cache time = 5’ /etc/samba/smb.conf
sed -i ‘/winbind cache time = 5/a winbind nested groups = true’ /etc/samba/smb.conf

# This line will allow for home folders to be created in /home/DOMAIN/username upon first login
echo “session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022” >> /etc/pam.d/system-auth

# The following line will allow all the users within the Domain Admins group to sudo on the server
echo “%domain admins ALL=(ALL) ALL” >> /etc/sudoers

# Replace “base OU=Users,DC=example,DC=com” with the container of the users you want to allow on the box
sed -i ‘s%base dc=*******,dc=com%base OU=Users,DC=*******************,DC=com%g’ /etc/openldap/ldap.conf
chmod +x /usr/local/bin/ad-phase2.sh
chmod +x /usr/local/bin/bash-wrapper
service winbind restart
service nscd restart

Reboot for good measure.

January 22, 2018

To Enable or Disable Hibernate in a Elevated Command Prompt

1. To Enable Hibernate
NOTE: This step will restore the hiberfil.sys file, and the Allow hybrid sleep and Hibernate after Power Options under Sleep.

A) Open a Elevated Command Prompt.

B) In the elevated command prompt, type powercfg -h on and press Enter.

C) Close the elevated command prompt.

2. To Disable Hibernate
NOTE: This step will disable hibernation, delete the hiberfil.sys file, and remove the Allow hybrid sleep and Hibernate after Power Options under Sleep. This will also disable fast startup in Windows 8.

1. Open a Elevated Command Prompt.

2. In the elevated command prompt, type powercfg -h off and press Enter.

3. Close the elevated command prompt.

January 22, 2018

Setting up NTOP on Centos

yum install gcc gcc-c++ make libpcap libpcap-devel gdbm-devel libpng-devel libtool libtool-libs rrdtool rrdtool-devel
yum install cairo-devel libxml2-devel pango-devel pango libpng-devel -y
yum install freetype freetype-devel libart_lgpl-devel wget gcc make -y
yum install perl-ExtUtils-MakeMaker -y
yum install graphviz -y
yum install subversion openssl-devel -y
cd /opt
wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.4.5.tar.gz
tar -zxvf rrdtool-1.4.5.tar.gz
cd rrdtool-1.4.5
./configure –prefix=/usr/local/rrdtool
make && make install

yum install libpcap libpcap-devel gdbm gdbm-devel -y
yum install libevent libevent-devel -y
cd /opt
wget http://geolite.maxmind.com/download/geoip/api/c/GeoIP-1.4.8.tar.gz
tar -zxvf GeoIP-1.4.8.tar.gz
cd GeoIP-1.4.8
./configure
make && make install

yum install libtool automake autoconf -y
cd /opt
wget http://downloads.sourceforge.net/project/ntop/ntop/Stable/ntop-5.0.1.tar.gz
or
wget http://downloads.sourceforge.net/project/ntop/ntop/Prior%20Stable/ntop-4.1.0.tar.gz
tar zxvf ntop-4.1.0.tar.gz
cd ntop-4.1.0
./autogen.sh -prefix=/usr/local/ntop
make && make install
make install-selinux-policy
add “/usr/local/ntop/share/man” to “/etc/man.config”
useradd -M -s /sbin/nologin -r ntop
chown ntop:root /usr/local/ntop
chown ntop:ntop /usr/local/ntop/share/ntop

cd /usr/local/ntop/bin/
./ntop -u ntop -P /usr/local/ntop -A

vi /etc/sysconfig/iptables

Append the following rules before the final INPUT – REJECT line:
(note we’re running the webpage on port 3000 and receiving netflow traffic on port 9996)

-A INPUT -m state –state NEW -m tcp -p tcp –dport 3000 -j ACCEPT
-A INPUT -m state –state NEW -m udp -p udp –dport 9996 -j ACCEPT

Then restart iptables

service iptables restart

cd /usr/local/ntop/bin
./usr/local/ntop/bin/ntop -P /usr/local/ntop -u ntop -d -w 3000 -i eth0
test via webpage:3000

vi /etc/rc.local
add in
/usr/local/ntop/bin/ntop -P /usr/local/ntop -u ntop -d -w 3000 -i eth0

Setting web options:
The first time you open the ntop web interface you’ll need to do the following:
1. head to plugins -> netflow -> activate
This will activate netflow, don’t click the “yes” option as this will toggle it off again.
2. head to plugins -> netflow -> view/configure
3. Create a new collector named “eth#-collector” where # is the eth interface number you’re sending data to.
4. Edit this collector and ensure the following settings are in place:
– local collector udp port: 9996
– flow aggregation: none
– enable session handling: no
– assume ftp: no
– debug: off
5. Head to Admin -> Configure -> Preferences
6. change dot.path value to “/usr/bin/dot” (hit set when done)
7. head to http://code.google.com/apis/console and get a google maps API key (turn on Google maps API v2 and create a new browser-referrer key)
8. head back to Admin -> Configure -> Preferences
9. change google_maps.key value to your copied key (hit set when done)
10. stop ntop (killall ntop)
11. reboot server and confirm ntop starts upon boot.