Technical Analysis Blog by @unixstricken
System Center and Other management IT solutions and anything dealing with Operating Systems and their respective Hardware
Confirm the disk your expanding by running the command lsblk
Resizing the partition
In a home environment I have always used and been able to rely upon Trinity Rescue Kit. If your working in an enterprise environment this won’t work on Domain Accounts but if you for some reason don’t have any access at all to the PC you can at least reset the administrator’s password and get in. If I don’t even need to get in to retrieve any information I would just re-image the PC and not bother getting in but in case you need something here is the tool.
Its free and really easy to use.
-Bolivian-Gene
So we like playing music in the car or wherever we are from our phone using youtube. Now lets instead just download our music before-hand and not use our costly phone’s bandwidth! On top of this we just want to download the audio since it is a much smaller file size and will take up little room.
Tool Needed:
Back to my favorite online video downloader: Youtube-dl – This is our simple command line tool we will run in the command prompt to grab our videos with. I have written a previous post on this on how to use it please check that out on figuring out how it’s used.
Where to grab the URL from the youtube Video:
Once you have that simply run this in the command line(cmd.exe)to download the audio only.
youtube-dl –extract-audio <Enter URL of video>
Final note: Keep in mind it will download to your working directory so in the case above the file was downloaded to my user profile folder.
That’s it. Just upload it to your phone and jam it out in the car!
-Bolivian Gene
This is a quick blogged guide for administrators who need to delete an email from their organization for some reason or another. In my case this was due to a cryptolocker like virus outbreak called Cerber.
The Task: Find the emails and delete them from the system to prevent further incidents from popping up making more work for us because we always have to re-image and physically replace the machines in some cases not to mention user downtime.
First Step:
First we want to be able to locate and identify the emails targeted for deletion. In my case we received the payload from this address: [email protected] (first just want to say .ru its Russian!) we should never open emails like this but users will still go for it. There are several ways to find where the emails went and find out who read them and so on and this is what we will do going off this address.
Options for Searching: Exchange Powershell OR Exchange E-Discovery Gui
I’ll use both normally. In many cases if the search involves gathering emails it is easiest for me to just run an E-discovery search and shoot them over into a PST file. In the case of deletions though we want to use the Powershell since it is the only way as of now that I know of to delete emails from the system and user mailboxes in mass action.
-So log into your Exchange server as the Exchange Admin or verify you have proper rights to run search commands(ref:https://technet.microsoft.com/en-us/library/dd298059(v=exchg.160).aspx)
then open the Exchange Management Shell and we can now use the following commands to search for our items with the matching email address.
Get-mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery “From:[email protected]” Targetmailbox adminuser -TargetFolder “SearchAndDeleteLog” -LogOnly -LogLevel Full
-This command first grabs all mailboxes within the Organization then pipes it to our search function using the “|” symbol. In our Search operation we “Searh-Mailbox -Search Query” so here we will then specifcy with the “From:” text to find our matching address. The command then follows up with a “target” mailbox and user to send a report of the results. In my case I’m sending it to my adminuser’s mailbox under the “SearchAndDeleteLog” I created for it.
Here is a guide to other parameters I might use when running the search. We can use things like Subject line or Dates and get fairly specific. Keep in mind it is using KQL language which is the same syntax used in e-Discovery. Use this guide to have an idea of what search parameters you can use for the -SearchQuery: https://technet.microsoft.com/en-us/library/ms.o365.cc.searchquerylearnmore.aspx#emailproperties
Once you receive the results you like you can then move on to delete them. with the following command:
Get-mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery “From:[email protected]” -DeleteContent
This command will basically gather the results and delete them from the mailboxes. You will be asked to say yes to all deletions from each mailbox.
I advise running a backup on anything before deleting it but since this is virus in the email we clean our hands of it.
So I have re-imaged a computer and it has been several weeks. I have already re-provisioned the computer and another user has been writing to it obviously. The simple answer on this one is the chances are incredibly slim. Although after speaking with a Kroll Ontrack recovery rep they did say something can still be recovered but highly unlikely it would be what we were looking for. I also had memory of using FTK imager for file investigations. That ended up being far to pricey just to recover data although their product is great for finding lost data or hidden data; A post for another time on FTK..
I tried the free program Recova to see what that
might unveil and it picked up some deleted PDF files but even the ones it deemed were in excellent condition were too damaged to work in Adobe Acrobat. And of course its advanced feature will at least let you filter through pictures,files,documents etc.. I will say it was good only for recovering images since it seemed to keep them intact. But again only the ones deemed excellent(denoted by the green circles)
Download I tried from Recova at time of post: http://filehippo.com/download_recuva/
Nonetheless in a situation involving a Hard disk data recovery your best bet is to send it to a professional company and even that isn’t a guarantee but if the data is that important maybe it’s worth the cost. A managerial decision to be made.
And of Course another lesson in Backup. Always backup your information. In this case we had the user wait forever to tell us what was needed and with a backup policy that doesn’t include local hard drives it was close to impossible. You move on and leave it in the past.
Funny how we have to protect ourselves from Microsoft’s own mishaps along with malicious software,oblivious users and all the like… But that’s the IT game.
And so it happens; Your users start to experience freezing across their Microsoft office programs out of nowhere and you need to become a detective. In my experience this has always been because of a recent update that has been applied to your organizations computers. Not sure how everyone else goes about applying updates but in this case It is controlled by a WDS server and then further controlled by System Center Configuration Manager. After checking the sites device collections I found that all affected computers were within the collection that receives all of the most recent Microsoft updates. Upon further research I found that it was linked to installed KB3114717 recently pushed by microsoft on 02/09/2016(Feburary’s Patch Tuesday 2016)
Uninstall this KB and walla; issues gone. Just another thing to look out for and another great reason to put together a Microsoft WDS server that will control which updates to push. This combined with Update groups and Device Collections in SCCM makes isolating and keeping machines from being patched to only a minimum which will serve to keep user outcry to only the selected test machines. Afterwards we just move that affected KB into a “do not deploy” group and collect the rest for deployment to the entire domain of computers.
If your reading this and just need to know how to uninstall it manually use this quick little guide:
Start Menu > Search Bar > type ‘appwiz.cpl’ > click “View Installed Updates” > Search for KB3114717 in the upper right hand corner of the Pane> Find it and uninstall it
As always make sure the users run with the programs for a day before you mark this issue as resolved.
Thanks,
-BolivianGene
Reference: https://support.microsoft.com/en-us/kb/3114717
