Author: Bob Lin

1. To check the SMB connection, Get-SmbConnection powershell can be used to retrieves the connections established from the SMB client to the SMB servers.

Example: Get connections from an SMB client to SMB servers

2. To Detect SMB version, ther are many methods to do so.

Example 1: To detect SMBv1 in Windows, run this Get-SmbServerConfiguration :

Get-WindowsOptionalFeature -Online -FeatureName smb1protocol

To detect SMBv2 and v3 in Windows, run this powershell:

Get-SmbServerConfiguration | Select EnableSMB2Protocol

Example 2: Detect SMBv1 on SMB Server using Get-Item powershell

Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath}

2. Enable or disable SMBv1

a. Use Set-SmbServerConfiguration -EnableSMB1Protocol $true or false powershell command for enanling/disabling SMBv1.

Run SeT-SmbServerConfiguration to enable/disable SMBv2/3. Note: When you enable or disable SMBv2 in Windows 8 or Windows Server 2012, SMBv3 is also enabled or disabled. This behavior occurs because these protocols share the same stack.

Set-SmbServerConfiguration -EnableSMB2Protocol $true

or

Set-SmbServerConfiguration -EnableSMB2Protocol $false

b. Run Enable-WindowsOptionalFeature command for enabling/disabling SMBv1:

Enable-WindowsOptionalFeature -Online -FeatureName smb1protocol

or

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol for enabling/disabling SMBv1

c. Use Registry Editor

To enable or disable SMBv1 on the SMB server, configure the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Registry entry: SMB1
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled (No registry key is created)

To enable or disable SMBv2 on the SMB server, configure the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Registry entry: SMB2
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled (No registry key is created)

To check which smb version is enabled on QNAP NAS, Connect with SSH and run this command:

smb2status

To enable SMB 2 on QNAP NAS, run this SHH command:

smb2enable

1. With the Server Manager open, click the Manage menu on the Dashboard, and then click on Remove Roles and Features

2. Click on Next in Before you begin Wizard screen.

3. Keep the default selection (Role-based or feature-based installation) and click Next on Select installation type

4. Highlight the DC you want to demote under Select a server from the server pool.

5. Clear the Active Directory Domain Services check box

6. Click Remove Features on Remove Roles and Features Wizard popup.

7. Click on Demote this domain controller.

8. Click Next. Note: Do not select this option unless the domain controller cannot contact other domain controllers and there is no reasonable way to resolve that network issue.

9. Check Process with removal and then Next.

10. Click Next on Remove DNS delegation.

11. Enter the password for New Administrator.

12. In Review your selections, click Demote.

13. It is processing the removal.

14. After restart, check the yellow explement for the status.

15. Open Active Directory Users and computers>Domain Controllers, make sure the DC has been removed.

If we still see the DC, delete it.

In some situations, one or some of the users off in Veeam DB and you may need to force them to renew it. Here is how.

1. With the Veeam Backup running, click on the Backup Infrastructure view

2. Click on Managed servers.

3. In the working area, right-click the server and select Properties.

4. Click next until Credentials. Make sure the credential’s username and password are correct. Or add a new Manage Account.

5. Then Finish.

Situation: The client is migrating their DC, DNS and DHCP. The problem they are facing is they don’t have a detail inventory to show which network devices are using Statics IP address and DNS.

Resolution: Use network monitor to check destination IP addresses, age-out so that we can find out which devices are still accessing the old DNS IP addresses. In our example, we run Paloalto Firewall Monitor, add destination DNS IP address 10.0.0.85. It shows GloablProtect Zone still uses this DNS IP address.

Please view this step by step:

Windows 11 will come in the end of 2021. This is minimum system requirements for running Windows 11

To check if your PC is meet the requirements, please follow these steps: 1.Visit Microsoft website: https://www.microsoft.com/en-us/windows/windows-11

Or

https://aka.ms/GetPCHealthCheckApp

2. Download PC Health Check app.

3. Run the downloaded app.

4. You receive this result:

Please view this step by step video:

Situation: The client has a Paloalto Firewall 850 running GloableProtect. Recently, they change their internal DNS. They would like to know how to change the DNS on the GloableProtect.

1. Login Paloalto Firewall.
2. Go to Network>GloablProtect>Gateway.

3. Click on Gateway under Name.

4. Go to Agent and then Network services.

5. You have options to change the DNS and WINS.

6. Still in the Agent, click Client Settings and end users.

7. Select Network Services and enter the DNS Server IP address.

8. Click OK and then Commit.

Please view this step by step video:

1. After login, go to Policies>Security.

2. Click Add on the bottom.

3. In General, type the Name, select Rule type, for example universal (default).

4. Add source zone and Source Address.

5. Add Destination

6. In Action, select Deny.

7. Click OK to save it

8. Move up the policy to the top.

9. Commit.

Please view this step by step video:

This article shows how to create a service to define specific ports (5723 in our example) and configure the service in a security policy on Paloalto Firewall so that the server in DMZ can access the server in Trust.

Step 1: Configure the service ports

1.Login PA Firewall and go to Objects > Services

2. Click on Add on the left bottom.

3. Enter the Name, Protocol and Destination Port.

4. Click OK to save the settings.

Step 2: Create a policy and add the services to the policy

1.Go to Policies > Security

2.Click on Add. Note: you also Clone a current policy. 

3. In General, enter the Name, select Rule Type and Tag.

4. In Source, select DMZ as Source Zone and add source address.

4. In Source, select DMZ as Source Zone and add source address.

5. In Destination, add Trust to Destination Zone and address.  

6. In Service/URL Category, add the service ports you configured earlier by clicking Add and then OK to save the settings.

Step 3: Commit.

Please view this step by step video:

Situation: some spam email keeps changing their email address. For example, they may send email to you yesterday using 12345@mail.wish.com and abcde@mail.wish.com. To move these spam emails to a folder, create a rule using the domain name instead of the email address. This article shows how to do so.

1.Right-click on the email you want to move.

2.Select Rule>Create rule.

3. Click Advanced Option.

4. Check from…..

5. Click blue text with the email address.

6. Enter the email domain or sub-domain name, for example mail.wish.com. Then click on OK.

7. Click Cancel, if you received (No Suggestions) popup.

8. The from should be mail.wish.com. Click Next.

9. In What do you want to do with the message, check move it to the specified folder.

10. In Are there any exceptions? check any exception you want and then click Next.

11. In Finish rule setup, check Run this rule now on messages already in “inbox” and then click Finish.

12. That will process the rule and remove the email from the inbox. Click Finish.

All emails sent from mail.wosh.com should be moved to the folder.

Please view this step by step video: