Wednesday, September 13, 2017

Recover a SQL Database that you dont have access to


If you dont have SQL access, but have local server Administrator access, do the following:

Open SQL Server Configuration Manager
  • Stop the SQL Server Instance you need to recover the SA password
  • Open the properties on the SQL Server Instance and click on the Advanced tab
  • Change the Startup parameter by adding -m; at the begging of the line and click OK
  • Start the SQL Service Instance
NOTE: exactly like this "-m;"

Open the command prompt
Run sqlcmd
Run the followinf command to add an existing account to the sysadmin server role.

EXEC sp_addsrvrolemember 'YourDomainName\YourUserName', 'sysadmin';
GO

Make sure: SQL Browser service is running. Remove -m; after you have done and restart SQL

Works a charm !

https://community.spiceworks.com/how_to/22044-recover-sa-password-on-microsoft-sql-server

Easy powershell function to resolve SIDs to SamAccountNames

Powershell function:

Function f-sid {
param ( [Parameter(Mandatory=$true)][String]$Sid)
$objSID = New-Object System.Security.Principal.SecurityIdentifier($Sid)
Try {
($objSID.Translate( [System.Security.Principal.NTAccount])).value
}
Catch {
Write-host “`nCouldn’t find any entry matching SID : $Sid” -foregroundcolor cyan
}
}


To use it:

> f-sid [yourSID]

if you have a list of SIDs in a txt file SIDs.txt

> get-content SIDs.txt | % { f-sid $_ }


NOTE: I did not write this, Brian did.

https://blogs.msmvps.com/ad/blog/2010/10/07/using-powershell-to-resolve-sids-to-friendly-names-2/

Thanks Brian.

Wednesday, July 26, 2017

Remotely Disable a Windows Firewall (command line)


On a computer in the domain, hit Start, Run, Type:

runas /user:an-administrator@YourDomain cmd "CMD will start with domain admin privliges "

in the CMD window, run:
psxec \\yourremotecomputername cmd

Now run:
netsh firewall set opmode disable "To disable firewall"

Or if you have access to GPO you can do this in the GPO with a GPP

Download PSExec here:  http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Tuesday, July 04, 2017

2012 r2 support TLS 1.2, but defaults to SSL 3.0 + TLS 1.0.



TL;DR: TLS 1.1 and TLS 1.2 are supported, but disabled by default for most “WinHTTP” client applications, including .NET and hence PowerShell. 

Your Server 2012 r2 should be updated to change the defaults or this issue will reoccur, often.

Background information:
Microsoft .NET supports TLS 1.2, but defaults to SSL 3.0 + TLS 1.0.

Technical Recommendations:
Add the following registry keys to your Windows Server instances. Either save this is a “.reg” file, or alternatively deploy the 4 values using Group Policy Preferences.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a80

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a80

For servers where PowerShell has TLS 1.2 issues, but enabling it at the registry level causes incompatibility issues, the following snippet can be used:

# EITHER: Enable all current TLS variants:
[System.Net.ServicePointManager]::SecurityProtocol = 'Tls,Tls11,Tls12'

# OR: Enforce TLS 1.2 only and also check Certificate Revocation Lists (CRLs):
[System.Net.ServicePointManager]::SecurityProtocol = 'Tls12'
[System.Net.ServicePointManager]::CheckCertificateRevocationList  = $true  





Monday, May 22, 2017

Find the OS architecture from the command line

Find the OS architecture from the command line. Oh, how many ways are there to do this? 10-15? Maybe more, here is the the easy one, from the command line type "SET PR"

Windows 10 - X64


Windows 2003 - X86



Other ways, just for a laugh (I googled these):

1:

reg Query "HKLM\Hardware\Description\System\CentralProcessor\0" | find /i "x86" > NUL && set OS=32BIT || set OS=64BIT
if %OS%==32BIT echo This is a 32bit operating system
if %OS%==64BIT echo This is a 64bit operating system
 

2:

:CheckOS
IF EXIST "%PROGRAMFILES(X86)%" (GOTO 64BIT) ELSE (GOTO 32BIT)

:64BIT
echo 64-bit...
GOTO END

:32BIT
echo 32-bit...
GOTO END

:END
 

3:

*** Start ***
@echo off

Set RegQry=HKLM\Hardware\Description\System\CentralProcessor\0
REG.exe Query %RegQry% > checkOS.txt
Find /i "x86" < CheckOS.txt > StringCheck.txt

If %ERRORLEVEL% == 0 (
    Echo "This is 32 Bit Operating system"
) ELSE (
    Echo "This is 64 Bit Operating System"
)
*** End ***
 

4:

wmic os get osarchitecture
 

5:

(set | find "ProgramFiles(x86)" > NUL) && (echo "%ProgramFiles(x86)%" | find "x86") > NUL && set bits=64 || set bits=32
  

6:

echo %PROCESSOR_ARCHITECTURE%
 

7:

check for the presence of 
%SYSTEMROOT%\Program Files(x86)

8:

systeminfo | findstr /I type: 

9:

Start-> Run -> winmsd.exe
Under "System Summary"/ System Type you can find the OS version
X64 -> 64 Bit
X86 -> 32 Bit

10:

:arch
set p | findstr /i AMD64 > nul
if not errorlevel 1 goto no64
goto eof
:no64
code to execute
:eof 

Sunday, May 21, 2017

Delete files older than N days as a service

I have found an issue with (perhaps Microsoft Office 365 client telemetry) that is generating many .CAB and .LOG files that go in my case to the users TEMP folder.

I am sure with more time I could stop it, but as most computers are SSD a space limited, I created a scheduled task for the user that deletes them.

If you just want to see what will be deleted this is the command.

CD %TEMP%
forfiles -p %temp% -s -m *.* /D -5 /C "cmd /c echo @FILE"

Create a CMD file and run this:

This is the delete:
 
CD %TEMP%
forfiles -p %temp% -s -m *.* /D -5 /C "cmd /c del @FILE /f /q"


Wednesday, April 12, 2017

Scheduled task for server reboot

If you too are a lazy ops person, do the needful in the morning, reboot in the change window. "Shutdown /m \\server /r /t 180 /f /d P:2:2"

Blog Archive