Expanding a VMware VM OS disk in Ubuntu 20 with Workstation 16

  1. The VM needs to be powered off
  2. Back up your VM to usb drive or otherwise
  3. Delete the snapshots associated to the VM
  4. Expand the drive(make sure you have space on the host)
  5. Resize the drive within the Ubuntu vm in this case
Deleting snapshots within workstation 16 Snapshot manager for the VM

Expanding the drive
Once expanded to the size needed save the config and you will need to repartition the drive within the VM to make the space available

Confirm the disk your expanding by running the command lsblk

“lsblk” command shows the 40G disk expanded from 20G. We currently see the “sda5” partition as the largest visible and working used space along with the other sda* partitions.

Resizing the partition

Using the Disks tool(in Ubuntu 20 > Activities >Search > Disks) I had to resize both the Extended and Filesystem partitions. First the Extended partition then the Filesystem. BACKUP!! before doing this. You can resize by clicking the gear icon then choosing “Resize” drag the slider as far as you want to eat into the Free space.
After resizing you have the fully expanding disk in use by your filesystem.

Resetting forgotten password with Trinity Rescue Kit

In  a home environment I have always used and been able to rely upon Trinity Rescue Kit. If your working in an enterprise environment this won’t work on Domain Accounts but if you for some reason don’t have any access at all to the PC you can at least reset the administrator’s password and get in. If I don’t even need to get in to retrieve any information I would just re-image the PC and not bother getting in but in case you need something here is the tool.

Its free and really easy to use.

  1. Download it from this link
  2. You will get an ISO image and just burn it to CD since it is most likely your PC has a cd player. If not then you will have to make a bootable USB drive with it and boot using USB if your PC doesn’t use a CD player. This tutorial is for use of the CD version but if you need to make a bootable USB drive I like using this little tool called YUMI
  3. Boot into your TRK disc and Choose the Interactive WinPass option and then choose option 1 to select your Windows Installment and list its users.
  4. Type in the name of the user you want to clear a password for and your done!(See video for details)

-Bolivian-Gene

Downloading Music/Audio From Youtube with Windows

So we like playing music in the car or wherever we are from our phone using youtube. Now lets instead just download our music before-hand and not use our costly phone’s bandwidth! On top of this we just want to download the audio since it is a much smaller file size and will take up little room.

Tool Needed:

Back to my favorite online video downloader: Youtube-dl – This is our simple command line tool we will run in the command prompt to grab our videos with. I have written a previous post on this on how to use it please check that out on figuring out how it’s used.

Downloading Youtube Videos Instead of Streaming on Phone

 

  1. Grab the URL for your video

Where to grab the URL from the youtube Video:

youtubeAudio1

Once you have that simply run this in the command line(cmd.exe)to download the audio only.

youtube-dl –extract-audio <Enter URL of video>

youtubeAudio

 

Final note: Keep in mind it will download to your working directory so in the case above the file was downloaded to my user profile folder.

That’s it. Just upload it to your phone and jam it out in the car!

-Bolivian Gene

Search And Delete Emails in Exchange2013

This is a quick  blogged guide for administrators who need to delete an email from their organization for some reason or another. In my case this was due to a cryptolocker like virus outbreak called Cerber.

The Task: Find the emails and delete them from the system to prevent further incidents from popping up making more work for us because we always have to re-image and physically replace the machines in some cases not to mention user downtime.

First Step:

First we want to be able to locate and identify the emails targeted for deletion. In my case we received the payload from this address: [email protected] (first just want to say .ru its Russian!) we should never open emails like this but users will still go for it. There are several ways to find where the emails went and find out who read them and so on and this is what we will do going off this address.

Options for Searching: Exchange Powershell OR Exchange E-Discovery Gui

I’ll use both normally. In many cases if the search involves gathering emails it is easiest for me to just run an E-discovery search and shoot them over into a PST file. In the case of deletions though we want to use the Powershell since it is the only way as of now that I know of to delete emails from the system and user mailboxes in mass action.

-So log into your Exchange server as the Exchange Admin or verify you have proper rights to run search commands(ref:https://technet.microsoft.com/en-us/library/dd298059(v=exchg.160).aspx)

exchangeServer

then open the Exchange Management Shell and we can now use the following commands to search for our items with the matching email address.

Get-mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery “From:[email protected]” Targetmailbox adminuser -TargetFolder “SearchAndDeleteLog” -LogOnly -LogLevel Full

-This command first grabs all mailboxes within the Organization then pipes it to our search function using the “|” symbol. In our Search operation we “Searh-Mailbox -Search Query” so here we will then specifcy with the “From:” text to find our matching address. The command then follows up with a “target” mailbox and user to send a report of the results. In my case I’m sending it to my adminuser’s mailbox under the “SearchAndDeleteLog” I created for it.SearchAndDeleteLog

Here is a guide to other parameters I might use when running the search. We can use things like Subject line or Dates and get fairly specific. Keep in mind it is using KQL language which is the same syntax used in e-Discovery. Use this guide to have an idea of what search parameters you can use for the -SearchQuery: https://technet.microsoft.com/en-us/library/ms.o365.cc.searchquerylearnmore.aspx#emailproperties

Once you receive the results you like you can then move on to delete them. with the following command:

Get-mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery “From:[email protected]”  -DeleteContent

This command will basically gather the results and delete them from the mailboxes. You will be asked to say yes to all deletions from each mailbox.

I advise running a backup on anything before deleting it but since this is virus in the email we clean our hands of it.

Can you Recover Data after Re-imaging?

So I have re-imaged a computer and it has been several weeks. I have already re-provisioned the computer and another user has been writing to it obviously. The simple answer on this one is the chances are incredibly slim. Although after speaking with a Kroll Ontrack recovery rep they did say something can still be recovered but highly unlikely it would be what we were looking for. I also had memory of using FTK imager for file investigations. That ended up being far to pricey just to recover data although their product is great for finding lost data or hidden data; A post for another time on FTK..

I tried the free program Recova to see what thatrecovamight unveil and it picked up some deleted PDF files but even the ones it deemed were in excellent condition were too damaged to work in Adobe Acrobat. And of course its advanced feature will at least let you filter through pictures,files,documents etc.. I will say it was good only for recovering images since it seemed to keep them intact. But again only the ones deemed excellent(denoted by the green circles)

Download I tried from Recova at time of post: http://filehippo.com/download_recuva/

recovaFile

 

Nonetheless in a situation involving a Hard disk data recovery your best bet is to send it to a professional company and even that isn’t a guarantee but if the data is that important maybe it’s worth the cost. A managerial decision to be made.

And of Course another lesson in Backup. Always backup your information. In this case we had the user wait forever to tell us what was needed and with a backup policy that doesn’t include local hard drives it was close to impossible. You move on and leave it in the past.

Microsoft KB3114717 Issue

Funny how we have to protect ourselves from Microsoft’s own mishaps along with malicious software,oblivious users and all the like… But that’s the IT game.

And so it happens; Your users start to experience freezing across their Microsoft office programs out of nowhere and you need to become a detective. In my experience this has always been because of a recent update that has been applied to your organizations computers. Not sure how everyone else goes about applying updates but in this case It is controlled by a WDS server and then further controlled by System Center Configuration Manager. After checking the sites device collections I found that all affected computers were within the collection that receives all of the most recent Microsoft updates. Upon further research I found that it was linked to installed KB3114717 recently pushed by microsoft on 02/09/2016(Feburary’s Patch Tuesday 2016)

Uninstall this KB and walla; issues gone. Just another thing to look out for and another great reason to put together a Microsoft WDS server that will control which updates to push. This combined with Update groups and Device Collections in SCCM makes isolating and keeping machines from being patched to only a minimum which will serve to keep user outcry to only the selected test machines. Afterwards we just move that affected KB into a “do not deploy” group and collect the rest for deployment to the entire domain of computers.

If your reading this and just need to know how to uninstall it manually use this quick little guide:

Start Menu > Search Bar > type ‘appwiz.cpl’ > click “View Installed Updates” > Search for KB3114717 in the upper right hand corner of the Pane> Find it and uninstall itkbuninstal

As always make sure the users run with the programs for a day before you mark this issue as resolved.

Thanks,

-BolivianGene

Reference: https://support.microsoft.com/en-us/kb/3114717