Tag: services

Configuring AWS CLI using Python and pip on Windows

by Samuel Mitchell, posted in AWS, Uncategorized, windows

This article was created to document the steps to configure and utilize the AWS CLI on a Windows machine.

There are multiple ways of installing the AWS CLI but I choose the method of using the Python with pip3 since I already have the tool install on my Windows 10 machine.

  1. After you install the python on your windows system from python.org

2.  You will run the following command to ensure it is working from the command prompt

python –version

3. You will then use the python utility pip3 and check if it is installed using the following command:

pip3 –version

4. Once the version is displayed without any errors, you can proceed to installing the AWS CLI using pip3. You will do this by using the command below:

pip3 install awscli

5. After the installation is complete. proceed to test that the AWS CLI is working:

where aws

Once the folder path of the AWS CLI is shown, then you have successfully installed the CLI.

Now the next step is to configure it for use with your AWS service. This can be done by running the following aws command:

aws configure

It will prompt you for the AWS Access key ID, Secret Access Key,  default Region and default output format. This allows you to connect to the AWS without authenticating each time. I would recommend that you setup an IAM user account to authenticate with the AWS CLI and limit the access to only the features that will be accessed using this method.

For further details, please consult the AWS CLI documentation here.

Manipulating the DHCP Server using Powershell

by Samuel Mitchell, posted in Microsoft, windows, Windows server

This article will go through the cmdlet to successfully configure DHCP services on a Windows server using Powershell.

Firstly you can start a Powershell session on the DHCP server using the following command: It will prompt for the credential using the Get-Credential command.

Enter-PSSession -ComputerName [DHCPServerName] -Credential (Get-Credential)

Create an IPv4 DHCP Scope for 10.10.10.0 name Ground Floor with range 10-200 on server DC1.domain.com

Add-DhcpServerv4Scope -StartRange “10.10.10.10” -EndRange “10.10.10.200” -SubnetMask “255.255.255.0”-Name “Ground Floor” LeaseDuration [day.hrs:mins:secs]-ComputerName “DC1.domain.com” -Description “Subnet for Data VLAN on Ground Floor” -State [Active/InActive]

Configure the Scope 10.10.10.0 DHCP server DNS, Domain, Gateway, WINS and wpad settings

Add-DhcpServerv4OptionValue -ScopeId 10.10.10.0 -Router 10.10.10.1 -DnsDomain “domain.com” -DnsServer 10.10.10.250 WinsServer 10.10.10.251 -Wpad http://proxy.domain.com/wpad.dat” -ComputerName “DC1.domain.com”

Note: To configure the options above at the reservation level replace the parameter ReservedIP and for setting it at the server level, exclude both ReservedIP and ScopeId parameters.

Show the DHCP server IPv4 Scope

Get-DhcpServerv4Scope [-ComputerName “DC1.domain.com”] [[-ScopeId] 10.10.10.0]

Change a DHCP Server Scope Settings

Set-DhcpServerv4Scope [-Type [DHCP|Bootp|Both]] [-ScopeId] 10.10.10.0 [-Description Scope for data vlan for 10.10.10.0“] [-LeaseDuration day.hrs:mins:secs] [-Name “Ground Floor”]  [-ComputerName “DC1.domain.com”]  -StartRange 10.10.0.20  -EndRange 10.10.10.200

Remove a DHCP server IPv4 Scope

Remove-DhcpServerv4Scope [-ScopeId] 10.10.10.0 [-Force] [-ComputerName “DC1.domain.com”]

 

Create a reservation for IP address 10.10.10.100 on DHCP server DC1.domain.com

Add-DhcpServerv4Reservation -ScopeId 10.10.10.0 -IPAddress 10.10.10.100 -ClientId [usually-MAC-address] -ComputerName DC1.domain.com -Description “Reservation for Kiosk PC”

Listing the DHCP Server Scope

Get-DhcpServerv4Scope -ComputerName [DHCPServerName] -ScopeId [IPAddress]

Get the List of DHCP Server Options

Get-DhcpServerv4OptionValue -ScopeId [IPAddress][-All -Brief] -ReservedIP [SpecificIP]

Note: Exclude the ReservedIP parameter to list the values at the scope level and exclude ScopeId parameter to list the values at the server level.

Get the interface and IP address that the DHCP server service is bound

Get-DhcpServerv4Binding -ComputerName “DC1.domain.com”

Set the interface that the DHCP server service will be bound

Set-DhcpServerv4Binding -ComputerName “DC1.domain.com” -BindingState $true -InterfaceAlias “Wired Ethernet Connection”

Set the Boot server Host Name (option id ) for the DHCP server scope of 192.168.0.0 

Set-DhcpServerv4OptionValue -OptionId 3 -Value 192.168.0.1 -ScopeId 192.168.0.0

List the DHCP server IPv4 address lease

Get-DhcpServerv4Lease -ScopeId 10.10.10.0 [-IPAddress 10.10.10.25] [ClientId 00-00-fe-3e-b0-01] [-BadLeases] [-AllLeases] -ComputerName “DC1.domain.com”

Note: Using the IPAddress parameter return lease for specific IP address. Using the ClientId parameter returns only lease for client mac. Using the BadLeases returns only bad leases. Using the AllLeases parameter includes all leases including Offered, Declined and Expired.

 

Removing a DHCP server IPv4 address lease

Remove-DhcpServerv4Lease -ScopeId 10.10.10.0 [-IPAddress 10.10.10.25] -ClientId [00-54-fe-ed-00] [-BadLeases] [-ComputerName “DC1.domain.com”]

Note: same rule applies as the Get cmdlet for this command.

Get ten (10) Free IP Address from the DHCP server from the scope 10.10.10.0 in the range 10.10.10.50-100

Get-DhcpServerv4FreeIPAddress -ScopeId 10.10.10.0 -NumAddress 10 -StartAddress 10.10.10.50 -EndAddress 10.10.10.100

Add a DHCP Scope of IPv4 Excluded Range

Add-DhcpServerv4ExclusionRange [-ComputerName “DC1.domain.com“] [-ScopeId] 10.10.10.0 [-StartRange] 10.10.10.200 [-EndRange] 10.10.10.250

Show the DHCP Scope of IPv4 Address Excluded Range

Get-DhcpServerv4ExclusionRange [-ComputerName “DC1.domain.com“] [[-ScopeId] 10.10.10.0]

Remove an DHCP Scope of IPv4 Address Excluded Range

Remove-DhcpServerv4ExclusionRange [-ComputerName “DC1.domain.com”] [-ScopeId] 10.10.10.0 [[-StartRange] 10.10.10.200] [[-EndRange] 10.10.10.250]

 

Retrieves the DHCP server scope statistics which includes Free, In Use, Reserved, Pending and Percentage in use IP address

Get-DhcpServerv4ScopeStatistics [[-ScopeId] 10.10.10.0] [-ComputerName “DC1.domain.com”] [-Failover]

Active Directory Domain Services Offline and Defragmentation

by Samuel Mitchell, posted in Microsoft, Windows server

There is a tradition method of taking the Microsoft Active Directory Domain Services (AD DS) offline to perform maintenance on the database is using the Directory Service Restore Mode (DSRM). The steps are listed below:

  1. Log into your Domain Controller (DC)
  2. Open the command prompt
  3. Run the command:

    bcdedit /set safeboot dsrepair

  4. Reboot the DC so the it can enter into safe mode

To exit the safe mode, run the command

bcdedit /deletevalue safeboot

and then reboot for the DC to return to normal mode.

Another method of taking the AD DS offline is by stopping the AD DS service using the services applet (services.msc).

Now to perform defragmentation on the AD DS database is to use the NTDS utility.

Execute the following command at the prompt:

ntdsutil

activate instance ntds

files

compact to c:\

integrity

quit

quit

copy c:\ntds.dit c:\windows\ntds\ntds.dit

del c:\windows\ntds\*.log

Restart the AD DS services.

Restart-Service NTDS

Please note that you don’t have to restart the server after the maintenance of the database.

 

 

Simple Computer Security Tips

by Samuel Mitchell, posted in Security

As a computer user, we sometimes take for granted the numerous threats that are out on the internet that can steal and even take over our computers without our permission. It is important that we are aware of the threats that can affects us by just browsing the internet.

I would like to share a few simple tips that will help any person to protect themselves from the various treats on the internet.

  1. Install an Anti-virus software on your computer – this is one of the most important task that any person can do to protect their computer from viruses or malware that can cause our computer to behave abnormal or render it unusable. There are a few paid anti-virus software I can recommend such as Norton Security, Kaspersky Anivirus, ESET Security and McAfee Antivirus. If you dont want to spend money on this then there are also good free antivirus software such as Avast, AVG and Microsoft Security Essential.
  2. Remove the admin privileges from your default user account – This is a very important task because a lot of persons don’t realize that when you have administrator right on your user account that you use daily any changes can be made to the compute without restriction. It is not good because if your computer does get infected then the malicious software can make unwanted changes and you will not have control over it. I recommend that you create a different account with admin rights, then change the user account you use daily to a standard user. See instructions here on how to do this on Windows 10.
  3. Ensure that windows firewall is enabled – This is especially important for person who connect to any and every open WiFi that comes there way. Having the firewall enabled can reduce the likelihood of a unauthorized person from connecting or access your computer from these free open networks. for steps on how to check or enable to windows firewall on your computer, go here. Note: that the latest windows come with the Windows firewall turned on by default.
  4. Backup documents to a secure cloud space – This tip might seem trivial but it is one of the most important task to do. This task does not only protect you from hackers wiping out your data but also protects the important information from devices fail or a computer crash. To accomplish this task you can use one of the free large cloud space such as Google Drive and OneDrive. Note that they also have a desktop sync tool that allows you to sync local folders to the cloud once you are connected to the internet.
  5. Don’t visit any websites that are labelled as unsecure or unsafe – Whether browsing the internet or searching for information to assist in doing a task, we will sometimes get a message from our browser warning us that this site is unsecure. It is best that we don’t continue unless we are absolutely sure that it is legitimate or safe. Current reputable browser such as Google Chrome, Internet Explorer (or Edge) or Firefox has built in Certification Authority that checks a website’s certificate for its authenticity. This is important because we can be visiting a website that is developed by a hacker to get access to our computer or retrieve information from it.

These are the tips in a nutshell but if there are any more, I will update this list. I just want remind you to keep safe and do as much as you can to protect your personal data.