Restricting Application Access Using AppLocker:
https://helpcenter.itopia.com/en/articles/4859965-restricting-application-access-using-applocker
https://adamtheautomator.com/windows-10-applocker/
Linux Info
What is immutable Linux:
https://www.zdnet.com/article/what-is-immutable-linux-heres-why-youd-run-an-immutable-linux-distro/
NVMe-over-TCP:
https://interface31.ru/tech_it/2024/10/nvme-over-tcp—prakticheskoe-znakomstvo-s-tehnologiey.html
Move data from old Windows server to new one saving all users permissions
Shut down all VMs and PCs that might use shared on this server data.
On the old server:
Get and save information about all local accounts:
wmic useraccount get name,sid > D:\old-SIDs.txt
Get and save all permissions in selected folder:
icacls "D:\Data" /save D:\Data-icacls.txt /t /c
On the new server:
Configure new accounts
Get and save information about all local accounts:
wmic useraccount get name,sid > D:\new-SIDs.txt
On your PC:
Replace old SIDs with the new SIDs in ICACLS dump files (copy original dump files first)
On the new server:
Attach disk D: from an old server to the new one
Configure System to own D:
Allow admin to access D: (“This folder only” type)
Restore permissions from icacls dump:
icacls R:\ /restore D:\Data-icacls.txt
Windows Network and Firewall
Block all apps in specified folder to access any network resources outside PC
for %%G in (“C:\Program Files (x86)\Test Folder\*.exe”) do (
netsh advfirewall firewall add rule name=”Blocked With Batchfile %%G” dir=in action=block program=”%%G” enable=yes profile=any
netsh advfirewall firewall add rule name=”Blocked With Batchfile %%G” dir=out action=block program=”%%G” enable=yes profile=any
)
Kubernetes
Kubernetes kubectl autocomplete Ubuntu:
https://komodor.com/learn/kubectl-autocomplete-enabling-and-using-in-bash-zsh-and-powershell/
https://stackoverflow.com/a/77694825
apt-get install bash-completion -y
echo ‘source /etc/bash_completion’ >>~/.bashrc
echo ‘source <(kubectl completion bash)’ >>~/.bashrc
source ~/.bashrc
Configure NFS shares in Windows for k8s:
https://operavps.com/docs/install-nfs-server/
Kubernetes autostart Ubuntu:
nano /etc/systemd/system/minikube.service
[Unit]
Description=minikube service autostart
After=docker.service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/minikube –force –driver=docker start
RemainAfterExit=true
ExecStop=/usr/local/bin/minikube stop
StandardOutput=journal
User=root
Group=
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable minikube
reboot
Configuration guides libraries
Server World — many OSes and their tools configuration guides:
1C info
Очистка кеша 1С8:
Я сделал так:
Скрипт с таким содержимым:
rd /q /s “%userprofile%\AppData\Local\1C\1Cv8\”
rd /q /s “%userprofile%\AppData\Local\1C\1Cv82\”
rd /q /s “%userprofile%\AppData\Local\1C\1Cv83\”
rd /q /s “%userprofile%\AppData\Roaming\1C\1Cv8\”
rd /q /s “%userprofile%\AppData\Roaming\1C\1Cv82\”
rd /q /s “%userprofile%\AppData\Roaming\1C\1Cv83\”
поставил в GPO нужных групп пользователей на выполнение при Logoff
https://www.4isla.ru/poleznoe/it-analitika/ochistka-kesha-1s-predpriyatie/
Общий список баз 1С 8:
Добавляем все нужные базы из-под пользователя в 1С.
В файле c:\ProgramData\1C\1cestart\1cestart.cfg пишем:
CommonInfoBases=\\Путь-до-списка-доступный-всем\список.v8i
Вписываем базы из %userprofile%\AppData\Roaming\1C\1CEStart\ibases.v8i в \\Путь-до-списка-доступный-всем\список.v8i
Очищаем %userprofile%\AppData\Roaming\1C\1CEStart\ibases.v8i
Настройка 1С SQL:
https://www.portal-yug.ru/blog/corp/34.php
https://interface31.ru/tech_it/2014/01/ustanovka-i-nastroyka-ms-sql-server-dlya-1spredpriyatie.html
Перезапуск сервисов 1С и SQL:
Инструкция для перезапуска сервисов 1С+SQL:
1. Снять все зависшие сеансы 1С через Администрирование серверов 1С
2. Остановить службу 1С
3. Подождать минутку, при этом должны быть завершены все процессы rphost, ragent
4. Удалить все процессы, запущенные под доменным пользователем USR1CV8 (под которым запускается служба Агент сервера 1С:Предприятия) – если они есть
5. Удалить содержимое папки C:\Program Files\1Cv8\srvinfo\reg_1541\snccnt
Внимание! не перепутай папку! Внутри папки будет несколько файлов snccntx*.dat, их все удалить, несмотря на предупреждения. Это файлы сеансов 1С.
6. Очистить временную папку пользователя, под которым запускается служба Агент сервера 1С:Предприятия
7. Перезапустить службы SQL (запросит перезапуск зависимой службы Агент SQL сервера)
8. Запустить службу Агент сервера 1С:Предприятия
Немного модифицированный батник:
@echo off
set logfile=”C:\Log1C\rest1c.log”
echo >>%logfile%
echo %date% %time% >>%logfile%
net stop “1C:Enterprise 8.3 Server Agent (x86-64)” >>%logfile%
ping -n 60 localhost>Nul
echo %date% %time% >>%logfile%
net stop “SQLSERVERAGENT” >>%logfile%
ping -n 20 localhost>Nul
echo %date% %time% >>%logfile%
net stop “MSSQLSERVER” >>%logfile%
ping -n 300 localhost>Nul
del /f /q “C:\Program Files\1cv8\srvinfo\reg_1541\snccntxb2cd4cc0-6c7c-4c26-9069-1d66fff886b9\*.*” >Nul
echo %date% %time% SRVINFO Cleared >>%logfile%
ping -n 10 localhost>Nul
del /f /s /q “PATH-TO-USERS-PROFILES\USR1CV8\AppData\Local\Temp\*.*” >Nul
echo %date% %time% USR1CV8 Temp Cleared >>%logfile%
ping -n 10 localhost>Nul
echo %date% %time% >>%logfile%
net start “MSSQLSERVER” >>%logfile%
ping -n 120 localhost>Nul
echo %date% %time% >>%logfile%
net start “SQLSERVERAGENT” >>%logfile%
ping -n 20 localhost>Nul
echo %date% %time% >>%logfile%
net start “1C:Enterprise 8.3 Server Agent (x86-64)” >>%logfile%
ping -n 60 localhost>Nul
exit
Спасибо Руслану.
Сброс пароля 1С 8.2 или 8.3 SQL:
https://www.avtomatizator.ru/articles/arkhivnye-novosti/sbros-parolya-1s-8-2-ili-8-3-sql/
IPSEC vpn info
Phase 1 & 2 encryption algorhithms supported in popular Operating Systems:
https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Windows_client_configuration
Create Ipsec connection in Windows with usage of more secure encryption algorhithms:
https://forum.netgate.com/topic/150670/safe-ikev2-configuration-for-pfsense-and-windows-10-and-macos
Ansible
Ansible: installation, configuration and use with Windows and Linux:
https://247-it.io/en/ansible-installation-configuration-and-use-with-windows-and-linux/
Ansible: organize your hosts in an inventory file in YAML format:
https://247-it.io/en/ansible-organize-your-hosts-in-an-inventory-file-in-yaml-format/
Which GUI management tools should you recommend?
https://www.reddit.com/r/ansible/comments/pejmkm/which_gui_management_tools_should_you_recommend/?rdt=40820
Windows useful info
How to add Performance Stats in Windows 11 Taskbar:
https://geekbullet.com/how-to-add-performance-stats-in-windows-11-taskbar/
Make Removable HDD/SSD Fixed:
https://www.partitionwizard.com/news/internal-hard-drive-ssd-shows-as-removable.html
Sometimes in Windows disks installed inside PC case may be seen as removable despite they are connected to the SATA or PCIe and fixed by the screw.
In my PC it happened because of the SATA controller: it has a hot swap drive function. I need that function because my PC case has an option to add/remove SATA HDD/SSD from the front panel very quickly and easy without unscrewing the case and shutting down the OS.
Add selected disks in the list of fixed drives:
In Device Manager look at which bus number seats the disk(s) you want to add to the fixed drives list.
Add the TreatAsInternalPort key:
reg add “HKLM\SYSTEM\CurrentControlSet\Services\storahci\Parameters\Device” /f /v TreatAsInternalPort /t REG_MULTI_SZ /d X
Than add the disks you need to be fixed to the list inside TreatAsInternalPort key. Each bus number should be placed in its own line.
If you need to add drive on the bus 0 together with the drives on the other buses, use this: reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\storahci\Parameters\Device" /f /v TreatAsInternalPort /t REG_MULTI_SZ /d "0\01\02\03"
Windows Environment Path Variables, Run Commands an Other:
https://superuser.com/a/217506
Windows Environment Path Variables
%AllUsersProfile% - Open the All User's Profile C:\ProgramData
%AppData% - Opens AppData folder C:\Users\{username}\AppData\Roaming
%CommonProgramFiles% - C:\Program Files\Common Files
%CommonProgramFiles(x86)% - C:\Program Files (x86)\Common Files
%HomeDrive% - Opens your home drive C:\
%LocalAppData% - Opens local AppData folder C:\Users\{username}\AppData\Local
%ProgramData% - C:\ProgramData
%ProgramFiles% - C:\Program Files or C:\Program Files (x86)
%ProgramFiles(x86)% - C:\Program Files (x86)
%Public% - C:\Users\Public
%SystemDrive% - C:
%SystemRoot% - Opens Windows folder C:\Windows
%Temp% - Opens temporary file Folder C:\Users\{Username}\AppData\Local\Temp
%UserProfile% - Opens your user's profile C:\Users\{username}
%AppData%\Microsoft\Windows\Start Menu\Programs\Startup - Opens Windows 10 Startup location for program shortcuts
Run commands
Calc - Calculator
Cfgwiz32 - ISDN Configuration Wizard
Charmap - Character Map
Chkdisk - Repair damaged files
Cleanmgr - Cleans up hard drives
Clipbrd - Windows Clipboard viewer
Cmd - Opens a new Command Window (cmd.exe)
Control - Displays Control Panel
Dcomcnfg - DCOM user security
Debug - Assembly language programming tool
Defrag - Defragmentation tool
Drwatson - Records programs crash & snapshots
Dxdiag - DirectX Diagnostic Utility
Explorer - Windows Explorer
Fontview - Graphical font viewer
Ftp - ftp.exe program
Hostname - Returns Computer's name
Ipconfig - Displays IP configuration for all network adapters
Jview - Microsoft Command-line Loader for Java classes
MMC - Microsoft Management Console
Msconfig - Configuration to edit startup files
Msinfo32 - Microsoft System Information Utility
Nbtstat - Displays stats and current connections using NetBios over TCP/IP
Netstat - Displays all active network connections
Nslookup - Returns your local DNS server
Odbcad32 - ODBC Data Source Administrator
Ping - Sends data to a specified host/IP
Regedit - registry Editor
Regsvr32 - register/de-register DLL/OCX/ActiveX
Regwiz - Registration wizard
Sfc /scannow - System File Checker
Sndrec32 - Sound Recorder
Sndvol32 - Volume control for soundcard
Sysedit - Edit system startup files (config.sys, autoexec.bat, win.ini, etc.)
Systeminfo - display various system information in text console
Taskmgr - Task manager
Telnet - Telnet program
Taskkill - kill processes using command line interface
Tskill - reduced version of Taskkill from Windows XP Home
Tracert - Traces and displays all paths required to reach an internet host
Winchat - simple chat program for Windows networks
Winipcfg - Displays IP configuration
Microsoft Office suite
winword - Microsoft Word
excel - Microsoft Excel
powerpnt - Microsoft PowerPoint
msaccess - Microsoft Access
outlook - Microsoft Outlook
ois - Microsoft Picture Manager
winproj - Microsoft Project
Management Consoles
certmgr.msc - Certificate Manager
ciadv.msc - Indexing Service
compmgmt.msc - Computer management
devmgmt.msc - Device Manager
dfrg.msc - Defragment
diskmgmt.msc - Disk Management
fsmgmt.msc - Folder Sharing Management
eventvwr.msc - Event Viewer
gpedit.msc - Group Policy (< XP Pro)
iis.msc - Internet Information Services
lusrmgr.msc - Local Users and Groups
mscorcfg.msc - Net configurations
ntmsmgr.msc - Removable Storage
perfmon.msc - Performance Manager
secpol.msc - Local Security Policy
services.msc - System Services
wmimgmt.msc - Windows Management
Control Panel utilities
access.cpl - Accessibility Options
hdwwiz.cpl - Add New Hardware Wizard
appwiz.cpl - Add/Remove Programs
timedate.cpl - Date and Time Properties
desk.cpl - Display Properties
inetcpl.cpl - Internet Properties
joy.cpl - Joystick Properties
main.cpl keyboard - Keyboard Properties
main.cpl - Mouse Properties
ncpa.cpl - Network Connections
ncpl.cpl - Network Properties
telephon.cpl - Phone and Modem options
powercfg.cpl - Power Management
intl.cpl - Regional settings
mmsys.cpl sounds - Sound Properties
mmsys.cpl - Sounds and Audio Device Properties
sysdm.cpl - System Properties
nusrmgr.cpl - User settings
firewall.cpl - Firewall Settings (sp2)
wscui.cpl - Security Center (sp2)
Wupdmgr - Takes you to Microsoft Windows Update