service.MSC

http://www.auditiait.es/en/list-of-commands-msc/

fsmgmt.msc

SAP

http://chattpruk.blogspot.com/2017/12/abap.html

gpo-lock screen

::Support Window 1803+

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP]
"LockScreenImageUrl"="C:\\ProgramData\\Microsoft\\Lockscreen\\screen_lock.jpg"
"LockScreenImageStatus"=dword:00000001
"LockScreenImagePath"="C:\\ProgramData\\Microsoft\\Lockscreen\\screen_lock.jpg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization]
"LockScreenImage"="C:\\ProgramData\\Microsoft\\Lockscreen\\screen_lock.jpg"
"NoChangingLockScreen"=dword:00000001
"NoLockScreen"=dword:00000000

gpo-remote desktop

windows-spotlight

:: Reset Windows Spotlight
DEL /F /S /Q /A "%USERPROFILE%/AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets"
DEL /F /S /Q /A "%USERPROFILE%/AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings"

:: Re-register Windows Spotlight
PowerShell -ExecutionPolicy Unrestricted -Command "& {$manifest = (Get-AppxPackage *ContentDeliveryManager*).InstallLocation + '\AppxManifest.xml' ; Add-AppxPackage -DisableDevelopmentMode -Register $manifest}"

gpo-group policy

:: Reset Group Policy

RD /S /Q "%WinDir%\System32\GroupPolicyUsers"
RD /S /Q "%WinDir%\System32\GroupPolicy"
gpupdate /force


::Monitor

rsop.msc


gpresult /r /scope:user

gpresult /r /scope:computer

gpresult /h c:\reports.html


::

Linux-firewall

ufw status
ufw disable
ufw enable

PowerShell - Audit script

https://community.idera.com/database-tools/powershell/ask_the_experts/f/active_directory__powershell_remoting-9/23795/ad-audit-script




Clear-Host
Powershell Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force
Powershell Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
import-module activedirectory

$PSEmailServer = "10.90.8.60"
$MailTo = "<prapat_c@shera.com>"
$MailFrom = "Reports_Audit <it_support@sherasolution.com>"
$MailSubject = "AUDIT -:- Active emplyee list -:- $(Get-date -f dd-MM-yyyy)"
$file = ".\Audit-emp_Active.csv"

$Location = "ou=shera,dc=shera,dc=com"
$Ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=2)(!description=vendor)(!description=eMail)(!description=test*)(!description=system*)(!description=vendor*)(!description=HC*)(!description=email*)"


# Results Variable set
$Results = @()
# Get list of users and properties
#$Users = Get-ADUser -Filter * -Properties *
$Users = Get-ADUser -SearchBase $Location –LDAPfilter $Ldap -Properties *

# loop for each user
foreach($user in $users)
{

# Variable for password Expire
$pwdexp = (Get-ADuser $user.SamAccountName -Properties "msDS-UserPasswordExpiryTimeComputed")."msDS-UserPasswordExpiryTimeComputed"

#If statment for password attriubte resluts
if ($pwdexp -eq "9223372036854775807"){
$pwdexp = "No"}
else {
$pwdexp = Get-Date ([DateTime]::FromFileTime([Int64]::Parse($pwdexp))) -Format "dd/MM/yyyy HH:mm:ss"
}

$pwdEnable = (Get-ADuser $user.SamAccountName -Properties "PasswordNeverExpires")."PasswordNeverExpires"
if ($pwdEnable -eq "True"){
 $pwdEnable = "No"}
else {
 $pwdEnable = "Yes"
}

$acctEnable = (Get-ADuser $user.SamAccountName -Properties "enabled")."enabled"
if ($acctEnable -eq "True"){
 $acctEnable = "No"}
else {
 $acctEnable = "Yes"
}

$acctExpTime = (Get-ADuser $user.SamAccountName -Properties "AccountExpirationDate")."AccountExpirationDate"
if ([string]::IsNullOrEmpty($acctExpTime)){
 $acctExpTime = "No"}
else {
 $acctExpTime
}



# Select specific porperties
$Properties = @{
#userPrincipalName = $User.userPrincipalName
#description = $User.description
#LastLogon = [datetime]::FromFileTime($User.Lastlogon)
#LockedOut = $User.LockedOut
#whenCreated = $User.whenCreated
#userAccountControl = $User.userAccountControl
#PasswordLastSet = [datetime]::FromFileTime($User.pwdLastSet)
#PasswordNeverExpires = $User.PasswordNeverExpires
#AccountExpires = $User.AccountExpirationDate
#PasswordExpired = $User.PasswordExpired
EmpID = $User.EmployeeID
userName = $User.SamAccountName
PswdExpires = $pwdEnable
PswdExpiresTime = $pwdexp
AcctDisabled = $acctEnable
AcctExpiresTime = $acctExpTime



# Get each users group membershipt and use - join to break up to individual names
#Groups = ($user.memberof | Get-ADGroup | Select -ExpandProperty Name) -join ","

}

# OutPut resluts variable to psobject
$Results += New-Object psobject -Property $properties


}
# Run results variable, selects specificed objects and export to CSV.
#$Results | Select UserName, userPrincipalName,description,LastLogon,enabled,LockedOut,whenCreated,userAccountControl,PasswordLastSet,PasswordExpired,PasswordNeverExpires,AccountExpires,PasswordWillExpire,group
$Results | Select EmpID,UserName,PswdExpires,PswdExpiresTime,AcctDisabled,AcctExpiresTime | sort EmpID |

export-csv "$file" -notypeinformation -Encoding UTF8

Send-MailMessage -To $MailTo -From $MailFrom -Subject $MailSubject  -Attachments "$file"

Linux-Disk

$ lsblk -o NAME,FSTYPE,UUID

$ vi /etc/fstab

Linux-SSH

^Installation

$ apt-get update
$ apt-get install openssh-serv

^Configuration

$ vi /etc/ssh/sshd_config
  
  PasswordAuthentication yes

^Check service

$ service ssh status

$ /etc/init.d/ssh restart
$ systemctl restart ssh
$ service ssh restart

$ service ssh stop
$ service ssh start

^Enable service

$ systemctl disable ssh
$ systemctl enable ssh

^test

$ ssh sheraadm@localhost
$ ssh localhost

^Check firewall

$ netstat -tanp | grep ssh

HP-Switch

<HP> system-view
[HP]  display transceiver interface GigabitEthernet 1/0/26

Linux Command

^^Add-User

$ sudo useradd -s /bin/bash -d /home/vivek/ -m -G sudo vivek
$ sudo passwd vivek

• -s /bin/bash – Set /bin/bash as login shell of the new account
• -d /home/vivek/ – Set /home/vivek/ as home directory of the new Ubuntu account
• -m – Create the user’s home directory
• -G sudo – Make sure vivek user can sudo i.e. give admin access to the new account

^^Add group

$ sudo usermod -a -G groupName userName

• The -a (append) switch is essential. Otherwise, the user will be removed from any groups, not in the list.
• The -G switch takes a (comma-separated) list of additional groups to assign the user to

$ cat /etc/passwd
$ cat /etc/group
$ iptables -L

software-download

That-Link

https://drive.google.com/drive/folders/1UA-k5mVTDexv5-ya402epNP26FGNw0C7?usp=sharing

Fortigate

การ Reset Password Fortigate 

"FortiAP"

c:\Telnet xx.xx.xx.xx

#cfg -a LOGIN_PASSWD=fgtadmin
#cfg -c



"Console"

FGT3HD4012345XXX login: maintainer
Password: bcpbFGT3 HD4012346 XXX l  //password: bcpb+serial no.
Welcome !
FGT3HD4012345XXX # config system admin
FGT3HD 4012345XXX (admin) # edit admin
FGT3HD4012345XXX (admin) # set password 1234

FGT3HD4012345XXX (admin) # end






https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-wireless-54/reference-fortiap-cli.htm

การลบ Printer

Rem Removes unwanted local print devices from Windows, such as MS OneNote and XPS devices
%WINDIR%\system32\cscript %WINDIR%\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs -xo

Rem Remove unwanted server queues from Windows
%WINDIR%\system32\cscript %WINDIR%\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs -x

Rem Removes printer drivers from devices not in use
%WINDIR%\system32\cscript.exe //NoLogo "%WINDIR%\System32\Printing_Admin_Scripts\en-US\prndrvr.vbs" -x

Rem Adds Network Print Queue
%WINDIR%\system32\cscript.exe %WINDIR%\system32\Printing_Admin_Scripts\en-US\prnmngr.vbs -ac -p \\printservername\queuename

Rem Sets default printer
%WINDIR%\system32\cscript.exe %WINDIR%\system32\Printing_Admin_Scripts\en-US\prnmngr.vbs -t -p \\printservername\queuename



https://theitbros.com/allow-non-admins-install-printer-drivers-via-gpo/

การ Import Certificate

https://www.ssl.com/how-to/fix-the-iis-7-no-private-key-error-message/

$Credential = Get-Credential
$ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $ExchangeSession

Get-Mailbox

Get-Mailbox aa@shera.com | FL  Alias,ExchangeGuid

Get-Mailbox -SoftDeletedMailbox | Select-Object Name,ExchangeGuid

New-MailboxRestoreRequest -SourceMailbox <SoftDeletedMailboxGUID> -TargetMailbox <NewTargetMailboxGUID>


Set-MsolUserPrincipalName -UserPrincipalName anne.wallace@contoso.onmicrosoft.com -NewUserPrincipalName anne.jones@contoso.com

#Remove proxy

Get-Mailbox mf13_preparation@shera.com | fl UserPrincipalName,EmailAddresses

Set-Mailbox mf13_preparation@shera.com -EmailAddresses SMTP:mf13_preparation@shera.com

Office 365

#Restored the deleted user using the  -AutoReconcileProxyConflicts parameter
-:Connect

Connect-MsolService


-:To get a list of users in the recycle bin:

Get-MsolUser -ReturnDeletedUsers


-:Restore a deleted user that’s still in the recycle bin:

Restore-MsolUser –UserPrincipalName user@mydomain.com

Restore-MsolUser -UserPrincipalName "user@mydomain.com" -AutoReconcileProxyConflicts

Restore-MsolUser -UserPrincipalName "user00@mydomain.com" -NewUserPrincipalName "user99@shera.com"





#Rename UserPrincipalName

Connect-MsolService
Get-MsolUser -UserPrincipalName mf13_ir@shera.com |select DisplayName,SignInName,UserPrincipalName

Set-msoluserprincipalname -userprincipalname pawinee_p@shera.com -newuserprincipalname pawinee_p2@shera.com




#Removed the ImmutableID

Set-MSOLUser -UserPrincipalName user@domain.com -ImmutableID "$null"


#Add new the ImmutableID

$userUPN = "user@domain.com"
$guid = [guid]((Get-ADUser -LdapFilter "(userPrincipalName=$userUPN)").objectGuid)
$immutableId = [System.Convert]::ToBase64String($guid.ToByteArray())
$immutableId

Set-MsolUser -UserPrincipalName user@domain.com -ImmutableId 
$immutableId