Connection Samsung ML-2070W to your network

What we have:

  1. Samsung ML-2070W MFC
    Image result for Samsung ML-2070W
  2. Mikrotik RB2011UAS
    Image result for mikrotik router
  3. Laptops under Windows 10 and 7

Goal:

Connect MFC to a wireless network and have the ability to print to it.

When I did try to connect it with software which comes with MFC (DVD software) – it’s seeing MFC but over wireless protocol, but can’t connect to it.

As we are I’m IT geek, I start analyzing user manual:
Image result for it crowd manualUser manual clear explain to me that the easiest way for connecting MFC to the network is WPS technology.

Hura, we have Mikrotik router which is customized as much as you can imagine, BUT – WPS option is not working, and over passing few fails with configs I gave up, especially when you losing your network connecting (as soon you turn on WPS, you are losing Wi-fi connection – thank IT experience, I have also cable nearly my desk, and I don’t need to spend hours nearly the shelf with communication equipment).

So what I did – go sleep – I was upset Korean technology vs Mykola – 1:0.

Next morning – I need to resolve it.

1st define where is the problem – is printer WPS functional or no?

Before Mikrotik age in da house – we had TP-Link TL-WR740N:

Image result for tp-link 470this small device – is SOHO router but with WPS build in. In TP-Link you will not find WPS, because the name is QSS (Quick Secure Setup). Just a few clicks and MFC is connected to TP-Link – ok this is not MFC – this is TP-Link. Yes, I know WPS is not secure to turn on the main router, so the solution is next:

connect TP-Link as WPS bridge to Mikrotik over the cable, and NAT all ports to internal Mikrotik network (Mikrotik LAN cable is going to TP-Link WAN port).

Next steps:

  1. Make sure TP-link WAN is receiving IP over DHCP – done
  2. Make sure TP-link LAN network is different from Mikrotik – just to make sure you will not do mistakes later.
  3. Reserve on Mikrotik IP for TP-Link
  4. Reserve on TP-Link IP for MFC
  5. Allow access to TP-Link from Mikrotik network – we don’t want to play with cables, are we should have the ability to control TP-Link from production network
  6. NAT ports for MFC:
    ID Service Port Internal port IP-Address Protocol Port description
    1 80 80 192.168.1.101 All HTTP web
    2 8018 8018 192.168.1.101 All WSD
    3 515 515 192.168.1.101 All LDP
    4 9100 9100 192.168.1.101 All RAW printing
    5 5357 5357 192.168.1.101 All WSDAPI
    6 3702 3702 192.168.1.101 All Web Services Dynamic Discovery
    7 137 137 192.168.1.101 All NetBIOS name services
    8 138 138 192.168.1.101 All NetBIOS datagram services
    9 139 139 192.168.1.101 All NetBIOS session services
    10 161 161 192.168.1.101 All SNMP
    11 427 427 192.168.1.101 All SLP
    12 9220 9220 192.168.1.101 All raw scanning
    13 9500 9500 192.168.1.101 All ismserver
    14 445 445 192.168.1.101 All SMB

    after that, you will be able to discover your MFC over the network.

I hope this article will help you to understand how to connect such devices to your network and secure them.

 

Advertisements
Posted in Networking, Printing | Tagged , , , , , | Leave a comment

Workstation force WSUS check

New task – how to force the workstation to check updates on WSUS, open Powershell:

PS C:\Users\nick.korkishko> Enter-PSSession workstation12

[workstation12]: PS C:\Users\TEMP.DERMATOLOGY.014\Documents>  wuauclt /detectnow

Posted in Windows Server | Tagged , | Leave a comment

How to identify list of inactive computers and move them to another OU

New task for IT: identity list of inactive computers and move them to another OU.

As usual, PowerShell will help us.

# Name : ListinActiveComputers.ps1
# Purpose: Get active computer accounts from active directory by
# checking the last logon date. Get the propoerties of computer
# account (name,OS,OSverion,lastlogondate and CanonicalName)
# and save it to inActiveComputers.html file.
#
# Written by Nick Korkishko and Andrew Svintsitsky
# Date written: 05/01/2017
#

Import-Module ActiveDirectory
# Inactive computers Organization unit – where do we need to move inactive computers
$OUname = “OU=InActive computers,DC=nicoljako,DC=local”
# get today’s date
$today = Get-Date

#Get today – 60 days (2 month old)
$cutoffdate = $today.AddDays(-45)

#Get the computer accounts filtered by lastlogondate. Select
#only required properites of the computer account and
$inactivecomputers = Get-ADComputer -Properties * -Filter {LastLogonDate -le $cutoffdate }
#Move Computers to Another OU
$Movedcomputer=@()
foreach ($Computer in $inactivecomputers){
if ($Computer.distinguishedname -notlike “*$OUname*”){
$Computer | Move-ADObject -TargetPath $OUname
$Movedcomputer+=$Computer
}
}
#Export report to HTML
$Movedcomputer | sort -Property LastLogonDate | `
Select Name,OperatingSystem,OperatingSystemVersion,LastLogonDate,CanonicalName | `
ConvertTo-Html -Head “Moved inactive computers to $OUname”| out-file ./inActiveComputers.html

In the end, you will have:

  1. Report about moved inactive computers to proper OU (in this ex. OU=InActive computers,DC=nicoljako,DC=local)
  2. Moved computers to OU=InActive computers,DC=nicoljako,DC=local
Posted in Windows Server | Tagged , , , , | Leave a comment

Kiosk mode on Windows 10 Pro

If you want to allow kiosk mode on Windows 10, you will face next issues:

  1. Microsoft Edge is not working in Kiosk mode. You will be able to log in but EDGE will not allow you to type any webpage

    Set-AssignedAccess -AppName Microsoft.MicrosoftEdge -UserName testuser

  2. IE is not available on Windows 10 due it’s not Store App.

You will ask what should I do. We have the solution:

  1. LogIn to your machine as admin [admin should be able to login to Microsoft Store]
  2. Find next application: Kiosk SP Browser
  3. Install
  4. Create user ID in Windows which will be able to LogIn to machine (this can be standard user) we create: testuser
  5. Login to testuser and install Kiosk SP Browser, you will be able to login to store with your personal Microsoft account.
  6. After the first run under testuser, you need to do next:

a. Click on Gear icon

b. Type home URL

c. Validate Home URL

d. Set all setting which you want (FYI: Timeout is not clearing cache and sessions if you log into Office365 and Timeout elapsed, next time you will be auto log in)

e. Save setting.

7. Logout from testuser.

8. Login to your admin user.

9. Run PowerShell ISE under administrator.

10. Run

Get-AppxPackage | ft name

11. You will get list of apps, last installed will be your Kiosk App:

Name
—-

Microsoft.Windows.Photos
Microsoft.People
microsoft.windowscommunicationsapps
OperaSoftware.GetOpera
Microsoft.WindowsAppStudioInstaller
15582137-b1ec-47b4-a94c-d38846ee916d
48371ShawnParker.KIOSKSPBrowser

12. Next command:

Set-AssignedAccess -AppName 48371ShawnParker.KIOSKSPBrowser -UserName testuser

13. Log in to testuser and test

If you need to reset settings of AssignedAccess or SingleApp mode run next:

Clear-AssignedAccess

Thanks Andryi Svintsitsky for help.

Posted in Uncategorized | Leave a comment

Identify users in Groups by powershell

New task: list of users in Group (in ex. Domain Admins):

#Script is writen by: Mykola Korkishko and Andryi Svintsitsky

$array =@()
 $AllUsers=Get-ADUser -Properties * -Filter *
 foreach($user in $AllUsers){
 #$Groups=$user |select -ExpandProperty Memberof
 if ($user.MemberOf.Contains("CN=Domain Admins,CN=Users,DC=rcadv,DC=com") -and $user.Enabled -eq $true){
 $array+=$user.name
 }

}
 $array | out-file domain_adm_group.txt
Posted in Windows Server | Tagged , , , , | Leave a comment

IE version collection with PowerShell

Task for IT: collect statistic about IE versions in your environment without inventory system.

What you need to enable: Remote registry on computers

Run PowerShell script:

#Script is writen by: Mykola Korkishko and Andryi Svintsitsky

$array =@()
 $keyname = 'SOFTWARE\\Microsoft\\Internet Explorer'
 $today = Get-Date
 $cutoffdate = $today.AddDays(-30)

$computernames = Get-ADComputer -Properties * -Filter {LastLogonDate -gt $cutoffdate}
 foreach ($server in $computernames)
 {
 $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $server.name)
 $key = $reg.OpenSubkey($keyname)
 $value = $key.GetValue('Version')
 $obj = New-Object PSObject

$obj | Add-Member -MemberType NoteProperty -Name "ComputerName" -Value $server.name

$obj | Add-Member -MemberType NoteProperty -Name "IEVersion" -Value $value
 $array += $obj
 }
 $array | select ComputerName,IEVersion | export-csv IE_Version.csv
Posted in Windows Server | Tagged , , | Leave a comment

Terminal server session disabled

Sometimes, when you are trying to do RDP,  you can see the error: terminal server session disabled. You will not be able to do anything remotely with the server, especially from Server Manager – you will see Kerberos authentication error message.

To resolve this you can do next:

  1. Download PSEXEC tools from Microsoft – https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
  2. Extract zip archive to PSEXEC folder
  3. Open CMD
  4. Navigate to PSEXEC folder
  5. Execute next command:

    C:\Users\nick.korkishko\Downloads\PStools>psexec.exe -u administrator -p yourpassword  \\192.168.1.10 change logon /enable

  6. After enter you will see next message:

    PsExec v2.2 – Execute processes remotely
    Copyright (C) 2001-2016 Mark Russinovich
    Sysinternals – http://www.sysinternals.com

    Session logins are currently ENABLED
    change exited on 192.168.1.10 with error code 1.
    C:\Users\nick.korkishko\Downloads\PStools>

Posted in Windows Server | Tagged , , | Leave a comment