Aug 31, 2017

HACK: How to downgrade Windows 2016 Datacenter to Standard

At my day job, we are getting ready to open a new office. It's going to be a relatively small office, but we still wanted to have a local domain controller on hand for authentication, DNS, DHCP, etc.

We decided that this would be a physical host, and since we weren't going to run any virtual servers in that office, we decided to go with Windows 2016 Standard edition to save on licensing costs. Well, despite that being the plan, when my Systems Administrator installed Windows, he accidentally opted for Windows 2016 Datacenter edition!

The problem with this is that you can easily upgrade Windows Standard to Datacenter using DISM from the command line. Downgrading from Datacenter to Standard is not officially supported though...

That being said, it can certainly be done. Since this isn't officially supported, I recommend making sure you have a good backup just in case, because you do this at your own risk!

Here's what you need to do:

  • Open the registry editor on the machine you want to downgrade
  • Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • Edit the EditionID key to say ServerStandard
  • Edit the ProductName key to say Windows Server 2012 R2 Standard
  • Close out of the registry editor
  • Run the Windows 2016 Installer from the install disk, thumb drive or a local folder
  • When prompted, enter your Windows 2016 key and follow the prompts to "upgrade" Windows

After your computer reboots one or more times, it will now be running Windows 2016 Standard!


If you are not fully understanding what is happening, you are tricking the installer into thinking it is doing an in-place upgrade of Windows 2012 R2 Standard to Windows 2016 Standard by editing the registry. Simple, yet effective right?

Needless to say, it worked like a charm for us, and saved my Systems Administrator from having to start all over.

Did this work for you? Let us know in the comments!

Aug 30, 2017

Simple Free Open Source Alternative to DFS

I am in the process of testing out VM's in Microsoft Azure. So far it's pretty bad ass, and there is so much you can do with it. It's truly remarkable, at least, that's my impression thus far.

One thing I want to do is setup file replication between servers so I can have a geographic active/active setup with front-end web servers. Now, Azure does have a cool feature called Read-Access Geo Redundant Storage that replicates your data at the block level to another region, and leaves that copy in a read only state. I have yet to find an option to have read-write in all regions though (If you know how to do it, let me know in the comments).

Anyway, I thought a good solution might be DFS (Microsoft's Distributed File System) which automatically syncs files to different servers. The problem with this is that it requires domain controllers and Active Directory, and I don't want to deploy domain controllers in Azure.

No problem, because I found what looks to be a simple and most importantly, free open source alternative to DFS! It's called FreeFileSync!

Check out their video:



As you can see, you can do a lot with it. I setup the folders I wanted to sync, set an interval to check for changes, and saved the settings to a .ffs_batch file. I then setup a scheduled task to kick off their RealTimeSync tool when the server reboots to run the following:

"C:\Program Files\FreeFileSync\RealTimeSync.exe" "D:\SyncFiles\FileSync.ffs_batch"

During testing, I have created files in all the directories I want to sync. I've updated them in one, and noticed the changes in the other. I've deleted files, and seen them delete on the other servers. It works great!

One thing I noticed, is that this needs to run on one single host for it to work right. If you need it to keep working if that host goes down, I'd recommend setting up the scheduled task on all nodes, and just leave them disabled unless the primary goes down for some reason.

Also note, that it isn't instant. If you make a change in one folder, it does take a few seconds to sync to the other folder.

Anyway, it was super simple to setup and it just works. It also works on Linux and iOS as well!

What do you use to sync files between servers? Let us know in the comments!

Aug 29, 2017

Option to join a local domain missing in Windows 10 version 1703

As I mentioned yesterday, I finally got around to upgrading my laptop to the latest Creators Update 1703 for Windows 10. Sometime after the update, and fixing my VPN issue I stepped away from my desk and when I came back to unlock my laptop I received a message saying that my laptop had lost it's trust relationship with the domain.

To be honest, I'm not sure if was due to the upgrade or if my desktop guy or Systems Administrator screwed up, but when I looked in my Active Directory my laptop object was gone!

I figured, no big deal. I'll just disjoin if from the domain, reboot, login as Administrator and re-join it. Well, that didn't work as expected, because when I went to join it back to the domain, the option to join a local domain was GONE!



If all you see is above, your only option is to join to a hosted Azure account really. WTF is that all about?

Anyway, to fix this I had to create a couple of DWORD registry entries in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

  • DNSNameResolutionRequired = 0
  • DomainCompatibilityMode = 1
After I added those and rebooted, I had the option to join to a local domain again!


Did you have a similar issue? Let us know in the comments!

Aug 28, 2017

L2TP VPN Not Working After Upgrading Windows 10 to 1703

I know it's been out for a little while now, but this morning I finally decided to upgrade my Windows 10 laptop with Creators Update version 1703. Everything went smooth, but there was one issue that I noticed immediately after the upgrade! I could no longer connect to any L2TP VPN connections!

The good news is that it was relatively easy to fix. The first thing I tried was I went into Device Manager > Network Adapters and I uninstalled all of the WAN Miniport adapters by right clicking on each one and selecting Uninstall.

After uninstalling them, I right-clicked on Network Adapters and selected Scan for Hardware Changes to re-install them.

I tried connecting to my L2TP VPN after that, but received the following error:
The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.


Luckily, this is an error I've seen before and just requires a simple registry entry to allow UDP Encapsulation for L2TP when you are behind a NAT firewall. You can set that registry entry by doing the following:
  • Right-click on the Start icon and select Run
  • Type regedit and click OK
  • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
  • In the right pane, right click and select New > DWORD (32-bit value)
  • Name it AssumeUDPEncapsulationContextOnSendRule and set the value to 2
  • Reboot
After doing this, I was able to connect to my L2TP VPN server just fine!

I hope this helps you! If not, let us know what you had to do differently in the comments!

Aug 7, 2017

How to turn off Android's WiFi Assistant/Google's VPN

You might be asking yourself, why would you want to do this. I mean there are countless technology blogs out there sucking on Google's teat claiming this feature is the best thing since sliced bread!

If you are unfamiliar with WiFi Assistant, the idea is that it will automatically connect you to known un-secure public WiFi networks when you are in range, which will lower your cell phone data usage. At the same time, all of your traffic is routed through Google's private VPN network so your internet browsing is secure. How cool is that?

Well, if you look back in time to Snowden's PRISM leak, you might recall that Google is not to be trusted. With this feature, pretty much anytime you are near a public network, Google will now proxy your data through their network and can now snoop on all of your traffic!

I began getting suspicious when I was browsing to sites like Start Page from my Google Pixel, and the HTTPS icon in the browser was turned red. When I inspected the certificate, it was coming up as a Google issued certificate, but it didn't match the site I was going to. That seems to be working the same way a Fortigate firewall handles DLP, by acting as a man-in-the-middle and presenting it's own SSL certificate so it can decrypt the traffic, inspect it, and send it back on it's way.

That tells me, that Google is not really protecting your traffic, they are snooping on it. If the deal the NSA/CIA had with Google for PRISM are still active, then by proxy the NSA/CIA are probably snooping on your encrypted traffic as well.

To turn this feature off on your phone, at least on the Google Pixel do the following:

  • Go to Settings > Google > Networking
  • Disable WiFi Assistant

Maybe I'm just paranoid, but I really think you would be better off just not connecting to random open hotspots, and if you do, make sure the sites you visit are using SSL/TLS correctly. If you are browsing to a site that has a good implementation of SSL/TLS, then you don't need Google's bullshit CIA/NSA front VPN to make sure that traffic is secure.

You can check how well a site has TLS implemented by using SSL Labs.

If you are still worried about surfing anonymously on your phone using public WiFi, then you should probably use a VPN service like Torrent Privacy or even use Orbot (Tor for Android). Whatever you do, just don't trust Google...

What do you think about this? Let us know in the comments!



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam