Certificate Signing Request (CSR) through Microsoft Management Console

 

How to enable e-mail as a two-factor authentication for a user and increase token timeout on FortiGate

I would say absolutely that FortiToken (be it a mobile app or a physical token) is the most secure and preferable way today for multi-factor authentication. The other two - SMS message and e-mail message are vulnerable to many attacks, including not so technically sophisticated SMS swapping. But sometimes a less secure method is better than none. Two catches with using an e-mail as MFA on Fortigate though:

• It is not available in the GUI until you turn it on at the CLI.

 

• e-mails tend to get delayed sometimes, and the default validity time for any Fortigate produced token code (SMS, e-mail, FortiToken) is 60 seconds. If the user doesn't enter the token code within 60 seconds of issuing - code becomes invalid. It is usually not a problem, but recently I had to enable e-mail MFA for our branch location with substantial e-mail delays being a norm. So optionally below you can find how to increase the default timeout.

• Enable e-mail option as MFA for a user:

config user local

    edit "karthi"

        set type password

        set two-factor email

        set email-to "karthi@abc.com"

    next

end

Now the option for e-mail as 2-factor authentication appears in GUI: 

(Optional) Increase token code validity from 1 to 2 minutes:

 config system global

(global) # set two-factor-email-expiry   ?

two-factor-email-expiry    Enter an integer value from <30> to <300> (default = <60>).

(global) # set two-factor-email-expiry 120

Thanks for reading my blog.

How to Disable HTTP Method OPTIONS for the web applications in IIS 7.5 and above

ABOUT OPTIONS METHOD

OPTIONS is a diagnostic method which is mainly used for debugging purpose. This HTTP method basically reports which HTTP Methods that are allowed on the web server. In reality, this is rarely used for legitimate purposes, but it does grant a potential attacker a little bit of help and it can be considered a shortcut to find another hole.

How to fix it

OPTIONS method should be disabled.

Way to do it

Methods to disable OPTION method may vary depending upon the type, version of the web server.

Here i am describing IIS Version 7.5 and above.

• Open IIS Manager.
• Select the name of the machine to configure this globally (or change to the specific web site for which you need to configure this).
• Double click on "Request Filtering".
• Change to the HTTP Verbs tab.
• From the Actions pane, select "Deny Verb".
• Insert 'OPTIONS' in the Verb, and press OK to save changes.

Regards

R.Karthikeyan

list of Windows PowerShell commands Useful for administrators

Add a DLL to the GAC

1. Run the Power Shell console as Administrator.
2. Enter the following PowerShell

Set-location "c:\Folder Path"            
[System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")            
$publish = New-Object System.EnterpriseServices.Internal.Publish            
$publish.GacInstall("c:\Folder Path\DLL.dll")            
iisreset

Remove a DLL from the GAC

1. Run the PowerShell console as Administrator.
2. Enter the following Power Shell

Set-location "c:\Folder Path"            
[System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")            
$publish = New-Object System.EnterpriseServices.Internal.Publish            
$publish.GacRemove("c:\Folder Path\DLL.dll")            
iisreset

Regards
R Karthikeyan

users temp profile deleting without restart

Delete their profile along with the corresponding registry key which can be found in,

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

In the profile list tree are a list of folders that start with "S-1-5-21-000-2323-" and so on, each one of these folders corresponds to a profile. Click each one, and in the right hand pane you will see something similar to "ProfileImagePath" where the patch shown will show the users logon ID at the very end. Find the folder with that users logon ID and delete it. Have the user now try and logon again which should force a new profile to be built.

MCSA 2016 Prepartion and practice Exam

This practice test consists of 15 questions, with correct answers and comments following each submission. They prefer to provide answers and comments after every question so you can see where you’re going wrong and to learn from your mistakes. There’s no point getting to the end of an exam only to realist that 10 out of 20 questions were wrong but with no idea which ones they were. 

The test is free and you can retake it as often as you like: on desktop, tablet or mobile. The questions were handwritten and I do not approve of PDF braindumps - you won’t find any copied material here. 

Braindumps - It’s worth asking yourself if you’re ok with braindumps. These barely legal documents essentially equate to cheating your way through life. Where’s the self satisfaction or even the challenge in cheating? You’ll get greater pleasure and reward for actually learning the material and passing the exam legitimately. Stick to official training material and do yourself justice in passing the exam yourself - you know you can! 

Practice Exam Free

http://www.accelerated-ideas.com/exams/practice-exam.aspx?group=70-740&fq=1&qmax=30



Reference Book:

MCSA 70-740 : http://amzn.to/2g8bhR8

MCSA 70-741 : http://amzn.to/2wKkYbw

MCSA 70-742 : http://amzn.to/2g8CTpi


Regards
R.Karthikeyan

Microsoft Certification Path

Hi Friends,

Please find the attached certification path for Microsoft(MCSA & MCSE).

Adding NANO Server to Domain controller 2016

Adding NANO Server to Domain controller

After Creating Success Full Nano Server. We need to do some initial configuration to communicate from Domain controller.

1. We need set IP Address
2. We need to enable ALL file share and printer sharing session from the inbound firewall rule

Once finished above task. We can move to Domain controller and follow the steps for join nano server to domain.

You will receive file on c:odjblob and you need move same file into your Nano server.

From DC in the file explorer

2.  Need to add Nano Server as trusted host on DC

3.  You can view the trusted hosts from the below Command

4. You can add Nano server to domain through following command (Offline)

5. To confirm domain join we have to restart the Nano server.

6. We can login through you domain administrator credential.

7. You can see the Domain Column it’s showing my Domain name MYLAB.COM

I just create one html file and pasted into Nano server IIS root folder to confirm my Nano IIS server is working fine. Here we go…..

Regards

R.Karthikeyan

Direct download .bak files through IIS Windows 2012 R2

Hi,

Some time  for some reason we avoid using FTP Server and we wold like to have alternate for dwolading huge size files.

In My Case almost 20 GB file i need to transfer from one location to another location.
 I can use FTP  but some of speed restriction policy applied in my FTP server during the peak hours.
we do have alternate ISP in this we are not configure any FTP. 

In this i just used IIS Server.(note: Source server I am having public IP access).

I just Followed these   three steps and Stared Donwload.

1. Host the test Application.
2.  Enable Directory Browsing Give Permisiion to IIS_IUser and IUSR 
3. Adding MIME Type.

Add additional MIME types for PKGs:
a. Select Default Web Site in the left sidebar.
b. Double-click MIME Types.
c. Click Add from the right sidebar and type ".bak" in the File name extension field and "application/octet-stream" in the MIME type field. Then, click OK.

Not everything has a custom mime type. For generic binary files 

Moving Temp DB to Different Folder / Location

---Determine the logical file names of the tempdb database and their current location on the disk.

SELECT name, physical_name AS CurrentLocation
FROM sys.master_files
WHERE database_id = DB_ID(N'tempdb');
GO

----Change the location of each file by using ALTER DATABASE.

USE master;
GO
ALTER DATABASE tempdb
MODIFY FILE (NAME = tempdev, FILENAME = 'F:\TEMPDB\tempdb.mdf');
GO
ALTER DATABASE tempdb
MODIFY FILE (NAME = templog, FILENAME = 'F:\TEMPLOG\templog.ldf');
GO

--Stop and restart the instance of SQL Server.
--Verify the file change.

SELECT name, physical_name AS CurrentLocation, state_desc
FROM sys.master_files
WHERE database_id = DB_ID(N'tempdb');


--Delete the tempdb.mdf and templog.ldf files from the original location.