How to assign Service Administrative roles to a user in Office 365

Situation: By design, an Office 365 user can’t open a case with Microsoft 365 support except you want to assign Service Administrative roles to the user or helpdesk. here is how to do so.

  1. Login azure using your administrative account.
  2. Go to Azure Active Directory.

3. Go to Users>All users.

4. Type the username in Search bar.

5. Click om the username, ITHelper in our example.

6. On the left click on Assigned roles.

7. In the Search bar, type the role, for example, Customer LockBox access approver and Service support administrator.

8. Add these roles: Customer LockBox access approver and Service support administrator.

9. Save the settings. ITHelper should be able to open a case with Microsoft.

How to restart a Windows service using command line

Situation: The client has Barracuda backup. It keeps having problem and needs to restart some services. This article shows how to create a batch file command to restart those service.

We will create a batch file including use net stop [service name] to stop the services and then net start [service name] to start them up again.

  1. Find the service name.

2. Find the Service name, for example, Barracuda Backup Agent’s Service name is bbagent.

3. Try these commands and make sure they are working.

net stop bbagent

net start bbagent

4. Now, create a batch file these commands:

net stop bbagent

net start bbagent

5. Create Scheduler task to run the batch file.

How to recycle IIS Application pool

  1. Open IIS Manager from the web server.
  1. On left side expand the node for the server if it is collapsed.  Click on Sites.  Select the site that is you want to recycle.
  1. Click the Basic Settings link on the far right of the screen.  Copy the value that is in the physical path field.  Hit cancel to close that popup window.
  2. Open Windows File explorer and navigate to the path you copied from the previous step.
  3. Make a backup copy of the web.config file.
  4. Open file web.config using a text editor. 
  5. Find the line that start with:   <add key=”M3_TempFolder”
  6. Place a \ character at the end of the value for that key.  So currently the value is: \\hsaprocess04\M3\Temp\test    but after this change it should be: \\hsaprocess04\M3\Temp\test\
  7. Save the changes to the file.  If you receive an access denied message you may need to copy the web.config file to a different folder, like your desktop, make the change there and copy it back to the location from step 4 above.

After making the change you should see the slash at the end of the Path value for Temp Folder (first row in top grid) on: http://10.0.0.97:85/help/diagnostics 

How to Upgrade PAN-OS on Palo Alto HA Firewall Pair

With High Availability (HA), you may avoid downtime when upgrading PAN-OS on PA firewalls HA pair. For active/active firewalls, it doesn’t matter which peer you upgrade first. For active/passive firewalls, you must upgrade the passive peer first. This article shows how to upgrade PAN-OS on A HA Pair.

Step 1: Save a backup of the current configuration

1. Select Device>Setup>Operations and then click Export named configuration snapshot.

2. Select the XML file that contains your running configuration (for example, running-config.xml) and click OK to export the configuration file.

3. By default, the backup should be saved in the computer Download folder.

Step 2: Ensure that each firewall in the HA pair is running the latest content release version.

1. Go to Device>Dynamic Updates and check Applications and Threats, and make sure they are running the same version.

2. If the firewalls are not running the minimum required content release version or a later version, click on Check Now to retrieve a list of available updates.

3. Locate and Download the desired content release version.

4. After you successfully download a content update file, the link in the Action column changes from Download to Install for that content release version.

5. Install the update.

Step 3: Disable preemption on the first peer in each pair.

Note: You only need to disable this setting on one firewall in the HA pair and ensure that the commit is successful before you proceed with the upgrade.

1. Got to Device>High Availability>General

2. Click on settings icon in Election Settings.

3. Clear Preemptive

4. Commit the change.

Step 4: Determine the upgrade path and download/Sync required PAN-OS

When you upgrade from one PAN-OS version to a later version, you cannot skip the installation of any release versions in the path to your target version. In addition, the recommended upgrade path includes installing the latest maintenance release in each release version before you install the base image for the next feature release version.

In our example, to upgrade Software version from 9.0.11 to 10.1.4-h4, we need to download and sync the following preferred PAN-OS 9.0 maintenance release

v9.0.16 (download and install)

v9.1.0 (download only); v9.1.13-h1 (download and install)

v10.0.0 (download only); v10.0.9 (download and install)

v10.1.0 (download only); v10.1.4-h4 (download and install)

  1. Download the software on the Active peer by going to Device>Software

2. Sync it to passive peer by checking Sync to HA Peer.

3. It starts to download.

Step 5: Install PAN-OS on the first peer (passive or active-secondary peer)

Note: To avoid downtime, we must do it on passive or active-secondary peer.

1. On the passive or active-secondary peer, go to Device>Software

2. Install PAN-OS 9.1.13-h1 only (doesn’t require install 9.1.0)

3. After the installation completes successfully, reboot using one of the following methods:

If you are prompted to reboot, click Yes.

If you are not prompted to reboot, select Device>Setup>Operations and Reboot Device.

4. After the passive peer finishes rebooting, view the High Availability widget on the Dashboard and verify that the device you just upgraded is still the passive or active-secondary peer in the HA configuration.

Step 6: Install new PAN-OS on the second peer (Active peer)

1. Suspend the active peer on Active unit if it is Active/passive configurations so that HA fails over to the peer you just upgraded by going to Device>High Availability>Operational Commands, click Suspend local device for high availability.

2. Click OK to process.

3. It switches to Make local device functional.

or you can run the following operational command from the device CLI:

request high-availability state suspend

4. Go to Dashboard>High Availability, you should see Local is Passive and Peer is Active.

5. On the second peer (used to be active and now it is Passive unit) , select Device>Software.

6. Install PAN-OS 9.1.13-h1 only (doesn’t require install 9.1.0 and skip it).

7. After the installation completes successfully, reboot using one of the following methods:

If you are prompted to reboot, click Yes.

If you are not prompted to reboot, select Device>Setup>Operations and Reboot Device.

8. After rebooting, view the High Availability widget on the Dashboard and verify that the device you just upgraded is still the passive or active-secondary peer in the HA configuration.

Step 7: Issue the request high-availability and re-enable Preemption.

For Active/passive configurations only, run the following command to make the firewall functional again from the CLI of the peer you just upgraded:

request high-availability state functional

Or go to Device>High Availability>Operational Commands, click on Make local devices functional

Now, go to Device>High Availability>General.

Click on Settings icon in Election Settings.

Check Preemptive.

Commit.

Step 8: Verify that both peers are passing traffic as expected

On Preemptive unit, go back to Dashboard>High Availability, click on refresh icon. Local should switch to Active.

Also, go to Monitor>System to check any issues.

You may want to ping a website to make sure the Internet is working.

Step 9: Repeat Step 5 to step 7 to install v9.1.13-h1, v10.0.9, v10.1.4-h4

Please view this step by step video:

How to install Windows 11 without a Microsoft account

By design, you need a Microsoft account to install windows 11, especially for Home edition. However, you may install Windows 11 by creating a local account without a Microsoft account. This is workaround.

For Windows 11 home, disable the network connection by unplugging the network cable or turn off WiFi off when you are in “Let’s add your Microsoft account” page

Then click the Back button from the top-left corner. I will have an option to create a local account.

For Windows 11 pro, click on Sign-in option when you are in “Let’s add your Microsoft account” page.

Click on the “Offline account” option.

Click Skip for now when you are in “What is a Microsoft account?” page.

Enter your local account username in “Who’s going to use this device?”

How to set ATT WiFi Router Default password

  1. With the ATT WiFi router on, press RESET button  for 10 seconds.
  2. Make sure the computer connect to the router and use browser to access default ATT Router IP is 192.168. 1.254. Note: some of AT&T routers have a default username of attadmin, a default password of attadmin, and the default IP address of 192.168. 0.1. So the default password for an AT&T Uverse router is attadmin.

Assuming this is Netgear Nighthawk LTE Mobile Hotspot Router (MR1100), please follow these steps:

  1. POWER CYCLE by Pressing and holding the Power button located on the top of the device. Then turn the device back on, press and hold the Power button until the screen lights up.

2. RESET YOUR DEVICE: From your device’s web browser, go to http://attwifimanager. Enter your Username and Password, then click SIGN IN.
Note: The default username and password may be found on the router.

3. Click SETTINGS at the top of the page.

4. Click Administration, then click Factory Reset.

5. Click RESET DEFAULTS.

6. Click Yes to begin the reset process.

How to run the Best Practice Assessment on PA Firewall

PA Best Practice Assessment (BPA) Tool evaluates a Paloalto  Firewall configuration by measuring the adoption of capabilities, validating whether the policies adhere to best practices, and providing recommendations and instructions for how to remediate failed best practice checks. This article shows how to run BPA on PA Firewall.

Step 1: Access the BPA from the Customer Support Portal

1. Login Paloalto Customer Support Portal, https://support.paloaltonetworks.com/

2. Click on Members.

3. Select Manage Users.

4. Under Manage Users, click the 3 dots of the user whom you want to assign BPA permissions.

5. Click on Edit User.

6. In Edit User, check BPA User and then Update to save the settings.

7. Now, the user ROLES shows BPA User.

Step 2: Generate Tech Support File

1.Login PA Firewall portal.

2.Go to Devices>Support.

3. Click Generate Tech Support File under Tech Support

Step 3: Generate BPA

1.In the Customer Support Portal, Click Tools and then Best Practice Assessment.

2. Click on Generate New BPA.

3. Drop the generated file or browse to upload.

4. BPA is processing.

5. Click on Generate & download the BPA

6. Completed them BPA generation.

7. Unzip the report and you should see 3 files.

Please view this step by step video:

Find all network devices name and MAC addresses using DHCP export

Situation: The client would like to know all their network devices and MAC addresses. We use Windows DHCP export to collect this information for them. Here is how.

1.Login Domain Controller.

2.Open DCHP Server.

3.Navigate to Address Leases.

4. Right click on Address Leases and then Export List.

5. Type the File name and save it

6. Open saved DHCP export list from the Excel and modify it. 

Please view this step by step video:

How to setup scan to network folder on Kyocera Scanner/Printer

With Kyocera Scanner/Printer, you can setup scan to a network folder. This article shows a step by step to do so.

  1. Login Kyocera Scanner/Printer. Note: the default username and password are admin / admin.

2. On the left pan, click on Address Book and then Machine Address Book.

3. Click on Add

4. Enter the Name, Host Name, Path, login user name, login password.

5. Click Test and make sure Connection OK.

6. Now, it is ready to scan to a network folder.

Please view this step by step video: