how to slipstream windows updates into distributive for win7/win10/win2012r2/win2016 and so on

If you often install freshly windows system, then my post maybe will be helpful for you. Mainly it’s more related to creation of system images for further deployments in corporate network, but sometimes it saves time even for home geeks. After installation you usually update from Microsoft Update thru internet or from WSUS – it takes a lot of time even on beefy computers. My idea is to do this work only once (later just to update in usual way from time to time). When you finished updates:

  1. backup to second partition your system by builtin windows backup (bare-metal system
Read the rest

Rufus as an alternative for free Microsoft Windows 7 USB DVD download tool

Microsoft Windows 7 USB DVD download tool is very capricious, long time is not updated, doesn’t work in many cases (can after spent long time to copy 2-4gb, only in the end of process suddenly cast error that couldn’t create boot records; or doesn’t work on other version of windows and so on). Therefore i prefer to use tiny rufus utility. It’s free and very small – less than megabyte. Doesn’t need to be installed – portable – ready to work immediately after download. Very stable work to create Windows install disks for any edition and version, including windows 10 … Read the rest

Some recommendations for windows installers.

    1. if you want to install any version of Windows on large disk (bigger than 2TB) start your PC from UEFI, not from conventional BIOS boot. Otherwise you will be able after installation to use only 2TB from for example 3 or 4TB hdd.
    2. sometimes previous OEM repair service partitions, or linux/unix partitions cannot be removed from HDD by windows GUI, in this case just do following (NEVER DO IT ON HDD WITH DATA, after “clean” command whole disk (all partitions) will be erased ! ):
      diskpart
      list disk
      select disk 0
      clean
      

      (if you install fresh windows – during booting

Read the rest

How to create site to site vpn from pfsense to openvpn server.part3

  1. How to create site to site VPN for SMB with low IT budget. part1
  2. How to setup OpenVPN server on debian? part2
  3. How to create site to site vpn from pfsense to openvpn server.part3

OK, we already have Openvpn server at central office. Now our task is to configure branch office pfsenses (why pfsense) to connect central office Openvpn server:

  1. create Hyperv VM for pfsense at branch office 01:
    • mount pfsense iso to the pfsense VM
    • create fixed size virtual disk, 5gb is enough. if you use dynamic disk – pfsense freebsd installer can fail
    • before pfsense installation
Read the rest

How to setup OpenVPN server on debian? part2

We continue previous post about creation of site to site vpn between multiple branch offices and central office of company.

  1. Install latest Debian Linux (better from network installer). During the installation choose:
    • ssh server
    • std system utilities
  2. Configure IP address for the server. For example nano /etc/network/interfaces:
iface eth0 inet static
address 192.168.0.2 # it is considered that 192.168.0.1 is used as dgw in central 
Read the rest

How to create site to site VPN for SMB with low IT budget. part1

It’s commonplace to connect multiple company branches and central office by VPN. For my customers for example it’s needed to :

  1. implement Active Directory (for small companies with single IT team – only one AD domain and multiple AD sites, everywhere if possible one AD DC)
  2. integrate into one DB all Time Attendance machines – one Zkteco application for accountant at central office connects thru vpn
Read the rest

If you need temporary VPS hosting (for testing, for development and so on)

Sometimes temporary, moreover free VPS hosing for 1 year is great and generous opportunity. Usually it’s very handy for testing (for example to install linux, configure lamp, wordpress, 2fa, freeSSL, plugins and so on ), web development, personal blogs, short-term projects like election events and so on.

Amazon Web service suggests a such ‘halyava’ for whole 1 year. Just be VERY careful to not trespass limits of free tier (for example AWS automatically has done EBS snapshots during import of my vmware ova to AWS AMI and later on to free tier instance — although 09 cents were generously forgiven … Read the rest

Free ComodoSSL, free “Let’s encrypt” certificates

Strange that the main national domain registrar (http://manage.datacom.mn) yet don’t use SSL for own management console. Mobinet, national cloud provider even don’t have DNS registration for own services asking to create hosts file records for vps-mgnt.mobinet.mn. Mobinet who resells Comodo SSL doesn’t have valid SSL for https://vps-mgnt.mobinet.mn/ (and looks like self-signed SSL is created to conflict with vmware cert namespace).

SSL providers suggest DNS (email) validation for certificate CSR, so vulnerable web DNS manager (not protected by SSL) can compromise issued SSL certs and finally web sites with online banking, payment systems and so on. I suggest for

Read the rest

СКС заботы

Недавно потребовалось протянуть несколько десятков UTP кабелей. И заново изобрел велосипед 🙂 – у нас в Монголии сложно (а точнее совершенно невозможно) купить нормальные профессиональные короба (cable-channel) и аксессуары к ним. Пришлось возиться с китайскими дешевыми и сердитыми. Замучался придерживать кабели, когда закрывал короба крышкой – и вдруг в голову пришла идея – взять лишние бросовые куски кабеля и нарезать цветные провода/пары по 20 см, продырявить короб через каждые 40-50 см двойными с края мелкими отверствиями и продеть провода – теперь осталось уложить в короб кабели и проводочками закрепить внутри короба, чтоб не вываливались и после этого закрытие короба крышкой … Read the rest

If you are prudent sysadmin and keep enabled UAC

It’s recommended never to disable UAC/User Access Control  (there are many instructions to disable it for piracy programs downloaded from the internet, and unfortunately in Mongolia almost all computers even in enterprises have disabled UAC in windows)

The main reason to have enabled UAC is ability for the sysadmin to run installation and system configuration commands without re-login during remote or interactive sessions on asked help workstation. According to the best industrial practices you need to exclude any end user from workstation Local Administrators (depriving rights to install non-authorized programs and change/damage system configurations). If you disabled UAC then there … Read the rest