User Default Language UI on Windows 2016 part 2

So on prev article we did – hardcode whole machine to one lang.

Now – we will do it by Users OU.

Pre req:

  1. Add needed lag to Windows server – no reboot.
  2. Define needed for next steps lang Define lang
  3. Open GPO and let’s do our magic
  • Create GPO in Group Policy Objects

In User Configuration
Policies

Control Panel/Regional and Language Options
Restricts the UI languages Windows should use for the selected user Enable
Restrict users to the following language: French
Preferences
     Windows Settings
           Registry
reg
Log on to machine.
Advertisements
Posted in Uncategorized | Leave a comment

How to set Windows 2016 display language to another one

Hi guys and girls,

New task new solution.

Task:

Set domain machine (Windows Server 2016) to Spanish display language.

Solution:

  1. Create GPO – Spanish Mexico Land
  2. Open User Configuration:
  3. Policies -> Administrative Templates -> Control Panel -> Regional and Language Options
  • Restrict the UI languages

1

  • Restrict selection of Windows menus

2

4. Preferences->Control Panel Settings->Regional Options->Add

3

As you see I do have green border over the Spanish lang, you will have (99%) red one. Before selection you will need to press F5, this is important as otherwise it will not save your selection.

Last stage:

Go to the VM:

Open Control Panel -> Click Add Languare-> Add language -< Download Espanol (Mexico) or your lang.

Now let’s check your VM with available langs:

PS> Get-Culture

or

PS>  Get-Culture | Format-List -Property *

or CMD

dism /online /get-intl

Now last stage:

as usual Registry will help us:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language

In the right pane of the Language key, look at the value data (ex: 0409) of the Default and InstalledLanguage string value keys. (see screenshot below)

 Default = Indicates the system default locale . The value of this entry indicates that locale 0409 (U.S. English) is used when no other language is specified.

InstalledLanguage = Indicates the installed language.

The value data (ex: 0409) represents the LCID (“Locale ID” or “Language ID”). You can look up the LCID in the table at Microsoft below to what locale/language you have.

Locale IDs Assigned by Microsoft

My case:

4

Reboot machine. Add your users to Remote access. Done.

Enjoy.

 

 

 

 

Posted in Uncategorized | Leave a comment

Why does virtualbox only have 32-bit option, no 64-bit option ?

One of the most common issues can be that you have installed Hyper-V on your machine – remove Hyper-V -> Restart and:
VirtualBox_2018-08-22_08-32-33

Posted in Uncategorized | Leave a comment

“Всі WI-fi мережі” є вразливими

“Всі WI-fi мережі” є вразливими до зовнішнього втручання, згідно досліджень експертів з ІТ безпеки
WPA2 який був стандартом безпеки бездротових мереж був зламаний Бельгільськими вченими. Вчені підкреслюють, що ця вразливість надаться можливіть переглядати Інтернет трафік.

Метю Ванхоеф (Mathy Vanhoef ), експерт з бепеки Бельгільського університету KU Leuven, знайшов вразливість у протоколі безпеки WPA2 і опуклікував деталі в понеділок зранку (https://www.krackattacks.com/).

“Зловмисники можуть використовувати цей новий тип атаки для читання інформації яка попередньо вважалася зашифрованою та захищеною”, як зазначається у звіті Ванхоефа. “Це може бути використаним для крадіжки конфіденційної інформації, такої як номери кредитних карток, паролі, повідомлень з чатів, електронних листів, фотографій тощо”.

Ванхоеф підкреслив, що “атака працює на всих сучасних захищених бездротових мережах. В залежності від конфігурації мережі, можливе також вивід та маніпулювання даними. Для прикладу, зловмисники можуть інтегрувати вірус (ransomware) у веб сайт”.

Вразливість розповсюджується на більшість операційних систем і пристроїв, згідно звіту, включаючи Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys  та інші.

Джерело https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns

Posted in Networking, security | Tagged , , | Leave a comment

Connection Samsung ML-2070W to your network

What we have:

  1. Samsung ML-2070W MFC
    Image result for Samsung ML-2070W
  2. Mikrotik RB2011UAS
    Image result for mikrotik router
  3. Laptops under Windows 10 and 7

Goal:

Connect MFC to a wireless network and have the ability to print to it.

When I did try to connect it with software which comes with MFC (DVD software) – it’s seeing MFC but over wireless protocol, but can’t connect to it.

As we are I’m IT geek, I start analyzing user manual:
Image result for it crowd manualUser manual clear explain to me that the easiest way for connecting MFC to the network is WPS technology.

Hura, we have Mikrotik router which is customized as much as you can imagine, BUT – WPS option is not working, and over passing few fails with configs I gave up, especially when you losing your network connecting (as soon you turn on WPS, you are losing Wi-fi connection – thank IT experience, I have also cable nearly my desk, and I don’t need to spend hours nearly the shelf with communication equipment).

So what I did – go sleep – I was upset Korean technology vs Mykola – 1:0.

Next morning – I need to resolve it.

1st define where is the problem – is printer WPS functional or no?

Before Mikrotik age in da house – we had TP-Link TL-WR740N:

Image result for tp-link 470this small device – is SOHO router but with WPS build in. In TP-Link you will not find WPS, because the name is QSS (Quick Secure Setup). Just a few clicks and MFC is connected to TP-Link – ok this is not MFC – this is TP-Link. Yes, I know WPS is not secure to turn on the main router, so the solution is next:

connect TP-Link as WPS bridge to Mikrotik over the cable, and NAT all ports to internal Mikrotik network (Mikrotik LAN cable is going to TP-Link WAN port).

Next steps:

  1. Make sure TP-link WAN is receiving IP over DHCP – done
  2. Make sure TP-link LAN network is different from Mikrotik – just to make sure you will not do mistakes later.
  3. Reserve on Mikrotik IP for TP-Link
  4. Reserve on TP-Link IP for MFC
  5. Allow access to TP-Link from Mikrotik network – we don’t want to play with cables, are we should have the ability to control TP-Link from production network
  6. NAT ports for MFC:
    ID Service Port Internal port IP-Address Protocol Port description
    1 80 80 192.168.1.101 All HTTP web
    2 8018 8018 192.168.1.101 All WSD
    3 515 515 192.168.1.101 All LDP
    4 9100 9100 192.168.1.101 All RAW printing
    5 5357 5357 192.168.1.101 All WSDAPI
    6 3702 3702 192.168.1.101 All Web Services Dynamic Discovery
    7 137 137 192.168.1.101 All NetBIOS name services
    8 138 138 192.168.1.101 All NetBIOS datagram services
    9 139 139 192.168.1.101 All NetBIOS session services
    10 161 161 192.168.1.101 All SNMP
    11 427 427 192.168.1.101 All SLP
    12 9220 9220 192.168.1.101 All raw scanning
    13 9500 9500 192.168.1.101 All ismserver
    14 445 445 192.168.1.101 All SMB

    after that, you will be able to discover your MFC over the network.

I hope this article will help you to understand how to connect such devices to your network and secure them.

 

Posted in Networking, Printing | Tagged , , , , , | Leave a comment

Workstation force WSUS check

New task – how to force the workstation to check updates on WSUS, open Powershell:

PS C:\Users\nick.korkishko> Enter-PSSession workstation12

[workstation12]: PS C:\Users\TEMP.DERMATOLOGY.014\Documents>  wuauclt /detectnow

Posted in Windows Server | Tagged , | Leave a comment

How to identify list of inactive computers and move them to another OU

New task for IT: identity list of inactive computers and move them to another OU.

As usual, PowerShell will help us.

# Name : ListinActiveComputers.ps1
# Purpose: Get active computer accounts from active directory by
# checking the last logon date. Get the propoerties of computer
# account (name,OS,OSverion,lastlogondate and CanonicalName)
# and save it to inActiveComputers.html file.
#
# Written by Nick Korkishko and Andrew Svintsitsky
# Date written: 05/01/2017
#

Import-Module ActiveDirectory
# Inactive computers Organization unit – where do we need to move inactive computers
$OUname = “OU=InActive computers,DC=nicoljako,DC=local”
# get today’s date
$today = Get-Date

#Get today – 60 days (2 month old)
$cutoffdate = $today.AddDays(-45)

#Get the computer accounts filtered by lastlogondate. Select
#only required properites of the computer account and
$inactivecomputers = Get-ADComputer -Properties * -Filter {LastLogonDate -le $cutoffdate }
#Move Computers to Another OU
$Movedcomputer=@()
foreach ($Computer in $inactivecomputers){
if ($Computer.distinguishedname -notlike “*$OUname*”){
$Computer | Move-ADObject -TargetPath $OUname
$Movedcomputer+=$Computer
}
}
#Export report to HTML
$Movedcomputer | sort -Property LastLogonDate | `
Select Name,OperatingSystem,OperatingSystemVersion,LastLogonDate,CanonicalName | `
ConvertTo-Html -Head “Moved inactive computers to $OUname”| out-file ./inActiveComputers.html

In the end, you will have:

  1. Report about moved inactive computers to proper OU (in this ex. OU=InActive computers,DC=nicoljako,DC=local)
  2. Moved computers to OU=InActive computers,DC=nicoljako,DC=local
Posted in Windows Server | Tagged , , , , | Leave a comment