Eventviewer was showing Event ID 1515 and I was logged in as with a temporary profile. No other user was experiencing this, so I went about fixing with REGEDIT.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\So this all started because I was unable to open the Windows Security Center. It just wouldn’t open.
I tried to open SecHealthUI.exe directly (C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI*\) and that failed out. Eventviewer showed Faulting application name: sechealthui.exe, faulting module name: KERNELBASE.dll. Someone wanted me to re-run the kernelbase.dll registry (regsvr32 kernelbase.dll) which doesn’t do anything unless you give yourself administrative privs to the kernelbase.dll file. And didn’t fix my issue anyway.
What did help me was re-installing all of the Windows Apps with the following powershell command:
Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}And, because this is entitled “Widnows Apps”..
Get-AppXPackage *xboxapp* -AllUsers | Remove-AppXPackageInheriting 3 different companies’ worth of Virtual infrastructure is sometimes a giant PITA. This holds true especially when the 3 different companies all had multiple “admin’s” working at any given time without established standards for naming, setup, configuration, or even maintenance.
Some of the newly-installed VMWare equipment wasn’t showing up on my Nagios monitoring board. First step is to make sure that snmp is setup and actually running (hint, it was not).
I ended up at this auvik support site – and, if it wasn’t so expensive (our budget is about 1/3 of what it “should be” – I would be running this for monitoring of our infrastructure. Think of it as cloud prtg. https://support.auvik.com/hc/en-us/articles/206311526-How-to-enable-SNMP-on-a-VMware-ESXi-hypervisor#topic_esx6
Since we’re running ESXi 6.5 and 6.7 currently:
esxcli system snmp set -resxcli system snmp set -c YOURCOMMUNITYesxcli system snmp set -p 161esxcli system snmp set -L "City, State, Country"esxcli system snmp set -C noc@domain.tldesxcli system snmp set -e yesOr, if you’re using ESXi 7:
esxcli system snmp set --communities YOURCOMMUNITYesxcli system snmp set --enable trueYes, I’m a creature of habit. I started using Nagios back in 2005 and it was awful. I mean it “worked”, but I had no idea what I was doing. Reinstalling, installing, configuring, new jobs… each time I was learning from my previous mistakes and making it better. It’s now at the point I can perform most of the work without actually referencing anything else. But the point of this blog is for my own notes, so here goes.
sudo su -htpasswd /usr/local/nagios/etc/htpasswd.users MYNEWUSERSometimes you’ll receive an error message about “You do not have permission to view information for any of the services you requested”. So we’ll have to edit the cgi.cfg.
sudo su -nano /usr/local/nagios/etc/cgi.cfgauthorized_for_system_information=nagiosadmin,userhere,MYNEWUSERHad a remote user complain that his laptop’s battery was only lasting “about 5 minutes” before it would either shutdown or he’d have to plug it in. The laptop was 3 years old, but the battery had already been replaced ~6 months ago.
It’s at this point that I’d like to push my own thinking. This user had received a new-to-him laptop as the first member of his team to be upgraded from Windows 7 to Windows 10. If you’re familiar with Dell products, he upgraded from a 7480 to a 7490 laptop. If you’re also familiar with how office politics goes, as soon as one person on a team has something new/shiny, the others want it too. Well this PoC upgrade process (he was part of a pilot group) went well. Fast forward 6 months and the rest of his team is receiving 7400 laptops and he feels like he’s missing out (total conjecture) as part of their windows 10 upgrade process.
Anyway, you can run the battery report remotely assuming they’re somehow connected to the network – usually via a VPN or directly on the network.
windows key + x, Windows Powershell (Admin)powercfg /batteryreport /output "C:\temp\battery-report.html"I completely understand the segmentation of networks based on labels – Private for trusted internal communications, Public for non-trusted or external communications, and DomainAuthenticated for domain-joined systems. This allows for a more fine-tuned windows firewall experience and can create a more secure environment.
Unless the automatic labels get it wrong. OK, I should preface that I’ve never seen the automatic network labels go the wrong way – that is to say a “public” connection that is actually labeled as a private/trusted one. However, it’s still a PITA when Windows thinks the connection is untrusted (public) when it’s really something on the internal network.
It generally does this with my VPN connections. TUN and TAP both have had this issue, so I think it’s more a Windows-feature than anything else.
Enter PowerShell. You’ll see a theme here, I’ve been PSing a lot more lately.
Get-NetConnectionProfileSet-NetConnectionProfile -InterfaceIndex 22 -NetworkCategory PrivateThere are ways to do this from a Registry Editor perspective as well, but this seems to be the easiest way (and doesn’t require a reboot). More info here http://woshub.com/how-to-change-a-network-type-from-public-to-private-in-windows/
In a hybrid environment had an Exchange server on-prem (2016) that was not being backed up by normal means. In fact, now that I’m writing this, I’m pretty sure it’s not being backed up at all; something I’ll look into eventually.
Anyway, this Exchange server was filling up its drive space for logs. So I “faked” a backup and truncated the logs without any dismounting of the storage or taking the system offline.
diskshadowadd volume e: (this is assuming your Exchange DB and Logs directories are on the E: drive)begin backupcreateend backup