the-x.ru – My IT Notes

04/11/202505/11/2025

Disable Fortigate Identity on WAN port (that is enabled by default):

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Closing-TCP-port-113/ta-p/195373
config system interface
edit
set ident-accept enable
next
end

FortiGate routing debug commands:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-routing-debug-commands/ta-p/330125

Continue reading “Fortigate Info”

10/09/2025

Show current WAN IP:

nslookup myip.opendns.com. resolver1.opendns.com

03/12/202407/07/2025

Restricting Application Access Using AppLocker:

https://helpcenter.itopia.com/en/articles/4859965-restricting-application-access-using-applocker
https://adamtheautomator.com/windows-10-applocker/

AppLocker configured, Group Policy applied but does not work:

https://www.grouppolicy.biz/2010/08/how-to-use-group-policy-to-control-services/

Probably Application Identity service is not started. Configure Application Identity service startup in GPO:
Computer Configuration > Policies > Windows Settings > Security Settings > System Services > Application Identity

Check this settings applied correctly:
gpresult /h DISK:\GPRESULT.html

It is possible to configure startup of this service on every machine, but it is a waste of s time:
sc config "AppIDSvc" start=auto & net start "AppIDSvc"

03/12/202403/02/2025

Linux Info

What is immutable Linux:

https://www.zdnet.com/article/what-is-immutable-linux-heres-why-youd-run-an-immutable-linux-distro/

NVMe-over-TCP:

https://interface31.ru/tech_it/2024/10/nvme-over-tcp—prakticheskoe-znakomstvo-s-tehnologiey.html

23/06/202413/02/2025

Move data from old Windows server to new one saving all users permissions

Shut down all VMs and PCs that might use shared on this server data.

On the old server:
Get and save information about all local accounts:
wmic useraccount get name,sid > D:\old-SIDs.txt
Get and save all permissions in selected folder:
icacls "D:\Data" /save D:\Data-icacls.txt /t /c

On the new server:
Configure new accounts
Get and save information about all local accounts:
wmic useraccount get name,sid > D:\new-SIDs.txt

On your PC:
Replace old SIDs with the new SIDs in ICACLS dump files (copy original dump files first)

On the new server:
Attach disk D: from an old server to the new one
Configure System to own D:
Allow admin to access D: (“This folder only” type)
Restore permissions from icacls dump:
icacls R:\ /restore D:\Data-icacls.txt

15/04/202415/04/2024

Windows Network and Firewall

Block all apps in specified folder to access any network resources outside PC

https://www.tenforums.com/network-sharing/43084-how-block-multiple-exe-files-windows-firewall-post591205.html#post591205

for %%G in (“C:\Program Files (x86)\Test Folder\*.exe”) do (
netsh advfirewall firewall add rule name=”Blocked With Batchfile %%G” dir=in action=block program=”%%G” enable=yes profile=any
netsh advfirewall firewall add rule name=”Blocked With Batchfile %%G” dir=out action=block program=”%%G” enable=yes profile=any
)

03/04/202411/04/2024

Kubernetes

Kubernetes kubectl autocomplete Ubuntu:

https://komodor.com/learn/kubectl-autocomplete-enabling-and-using-in-bash-zsh-and-powershell/
https://stackoverflow.com/a/77694825

apt-get install bash-completion -y
echo ‘source /etc/bash_completion’ >>~/.bashrc
echo ‘source <(kubectl completion bash)’ >>~/.bashrc
source ~/.bashrc

Configure NFS shares in Windows for k8s:

https://operavps.com/docs/install-nfs-server/

Kubernetes autostart Ubuntu:

nano /etc/systemd/system/minikube.service
[Unit]
Description=minikube service autostart
After=docker.service

[Service]
Type=oneshot
ExecStart=/usr/local/bin/minikube –force –driver=docker start
RemainAfterExit=true
ExecStop=/usr/local/bin/minikube stop
StandardOutput=journal
User=root
Group=

[Install]
WantedBy=multi-user.target

systemctl daemon-reload
systemctl enable minikube

reboot

03/04/202403/04/2024