Tech Support
“Learn from every situation today, good or bad. No matter how I feel about it, take a lesson from it
Monday, August 17, 2020
Wednesday, August 5, 2020
How to enable e-mail as a two-factor authentication for a user and increase token timeout on FortiGate
I would say absolutely that FortiToken (be it a mobile app or a physical
token) is the most secure and preferable way today for multi-factor
authentication. The other two - SMS message and e-mail message are vulnerable
to many attacks, including not so technically sophisticated SMS swapping. But
sometimes a less secure method is better than none. Two catches with using an
e-mail as MFA on Fortigate though:
- It is not available in the GUI until you turn it on at the CLI.
- e-mails tend to get delayed sometimes, and the default validity time for any Fortigate produced token code (SMS, e-mail, FortiToken) is 60 seconds. If the user doesn't enter the token code within 60 seconds of issuing - code becomes invalid. It is usually not a problem, but recently I had to enable e-mail MFA for our branch location with substantial e-mail delays being a norm. So optionally below you can find how to increase the default timeout.
- Enable e-mail option as MFA
for a user:
config user local
edit "karthi"
set type password
set two-factor email
set email-to "karthi@abc.com"
next
end
Now the option for e-mail as 2-factor authentication appears in GUI:
(Optional) Increase
token code validity from 1 to 2 minutes:
config system
global
(global) #
set two-factor-email-expiry ?
two-factor-email-expiry Enter an integer value from <30> to <300> (default =
<60>).
(global) #
set two-factor-email-expiry 120
Thanks for reading my blog.
Thursday, December 13, 2018
How to Disable HTTP Method OPTIONS for the web applications in IIS 7.5 and above
- Open IIS Manager.
- Select the name of the machine to configure this globally (or change to the specific web site for which you need to configure this).
- Double click on "Request Filtering".
- Change to the HTTP Verbs tab.
- From the Actions pane, select "Deny Verb".
- Insert 'OPTIONS' in the Verb, and press OK to save changes.
Tuesday, July 3, 2018
list of Windows PowerShell commands Useful for administrators
Add a DLL to the GAC
1. Run the Power Shell console as Administrator.
2. Enter the following PowerShell
Set-location "c:\Folder Path" [System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a") $publish = New-Object System.EnterpriseServices.Internal.Publish $publish.GacInstall("c:\Folder Path\DLL.dll") iisreset
Remove a DLL from the GAC
2. Enter the following Power Shell
Set-location "c:\Folder Path" [System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a") $publish = New-Object System.EnterpriseServices.Internal.Publish $publish.GacRemove("c:\Folder Path\DLL.dll") iisreset
Regards
R Karthikeyan
Monday, March 26, 2018
users temp profile deleting without restart
Tuesday, October 10, 2017
MCSA 2016 Prepartion and practice Exam
The test is free and you can retake it as often as you like: on desktop, tablet or mobile. The questions were handwritten and I do not approve of PDF braindumps - you won’t find any copied material here.
Braindumps - It’s worth asking yourself if you’re ok with braindumps. These barely legal documents essentially equate to cheating your way through life. Where’s the self satisfaction or even the challenge in cheating? You’ll get greater pleasure and reward for actually learning the material and passing the exam legitimately. Stick to official training material and do yourself justice in passing the exam yourself - you know you can!
Practice Exam Free
http://www.accelerated-ideas.com/exams/practice-exam.aspx?group=70-740&fq=1&qmax=30
Reference Book:
MCSA 70-740 : http://amzn.to/2g8bhR8
MCSA 70-741 : http://amzn.to/2wKkYbw
MCSA 70-742 : http://amzn.to/2g8CTpi
Regards
R.Karthikeyan
Thursday, October 5, 2017
Friday, September 22, 2017
Adding NANO Server to Domain controller 2016
- We need set IP Address
- We need to enable ALL file share and printer sharing session from the inbound firewall rule
Monday, September 11, 2017
Direct download .bak files through IIS Windows 2012 R2
Hi,
Some time for some reason we avoid using FTP Server and we wold like to have alternate for dwolading huge size files.
In My Case almost 20 GB file i need to transfer from one location to another location.
I can use FTP but some of speed restriction policy applied in my FTP server during the peak hours.
we do have alternate ISP in this we are not configure any FTP.
In this i just used IIS Server.(note: Source server I am having public IP access).
I just Followed these three steps and Stared Donwload.
1. Host the test Application.
2. Enable Directory Browsing Give Permisiion to IIS_IUser and IUSR
3. Adding MIME Type.
Add additional MIME types for PKGs:
a. Select Default Web Site in the left sidebar.
b. Double-click MIME Types.
c. Click Add from the right sidebar and type ".bak" in the File name extension field and "application/octet-stream" in the MIME type field. Then, click OK.
Not everything has a custom mime type. For generic binary files
Friday, May 19, 2017
Moving Temp DB to Different Folder / Location
---Determine the logical file names of the tempdb database and their current location on the disk.
SELECT name, physical_name AS CurrentLocation
FROM sys.master_files
WHERE database_id = DB_ID(N'tempdb');
GO
----Change the location of each file by using ALTER DATABASE.
USE master;
GO
ALTER DATABASE tempdb
MODIFY FILE (NAME = tempdev, FILENAME = 'F:\TEMPDB\tempdb.mdf');
GO
ALTER DATABASE tempdb
MODIFY FILE (NAME = templog, FILENAME = 'F:\TEMPLOG\templog.ldf');
GO
--Stop and restart the instance of SQL Server.
--Verify the file change.
SELECT name, physical_name AS CurrentLocation, state_desc
FROM sys.master_files
WHERE database_id = DB_ID(N'tempdb');
--Delete the tempdb.mdf and templog.ldf files from the original location.