Loading ...

Category: Co-Managed IT

Basic Setup of Cisco Wireless Controller

This is the first in a series that document the Tier 3 / Co-Managed IT work we did to setup a wireless test bed for a Linux based scientific device. The testing environment included two different wireless network hardware types (Ubiquiti and Cisco). There was also a Synology device used for various purposes including hosting the Ubiquiti controller inside a Kubernetes container, providing certificate services, providing LDAP authentication, and providing RADIUS authentication. Each article will detail a separate piece of the project. This article shows the basic setup of Cisco Wireless Controller.

Setup of Cisco Wireless Controller

  1. Plug -in ethernet of Computer to port 2 on controller
  2. Boot controller and wait for SYS light to go solid
  3. Open web browser to http://192.168.1.1
  4. Create admin username
  5. Create password
  6. Fill in the needed information:
    1. System nameManagement IP Subnet MaskDefault Gateway
    1. Click Next
  7. Fill in temporary information for wireless
    1. Network BSSIDCreate PassphraseEnter local DHCP server address
    1. Click Next
  8. Click Apply and wait for reboot
  9. Click on Commands tab
  10. Click on Set Time on the left-hand menu
  11. Change needed values
  12. Click Set Date and Time
  13. Click Save Configuration at the top

Compliance Requires Penetration Testing

Compliance is and always has been a complicated matter. Here are the quotes from the three types of compliance – CMMC, HIPAA, and PCI:

CMMC – Risk Assessment L2-3.11.2 – VULNERABILITY SCAN: Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.”

HIPAA – § 164.308 Administrative safeguards. (a)(1)(ii)(A) – Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.”

PCI – 11.3: External and internal vulnerabilities are regularly identified, prioritized, and addressed”

To summarize what this all mean – compliance requires penetration testing and vulnerability scanning. Networks have to be tested regularly to make sure that there has been nothing missed which would allow a hacker to breach the network and steal the treasure of information. Our recommendation is to scan at least quarterly, if not monthly, to find these vulnerabilities and address them before the hackers find them.

If your company has compliance requirements that you need consulting for, then contact us for assistance.

A Medical Office’s Journey to the Cloud

Today we tell the story of a medical office’s journey to the cloud. This particular client was facing their server operating system reaching end of support (a HIPAA violation) in the near future. They had begun by looking at their electronic medical records software company’s online offering, which didn’t have all the functionality of their on-premises software and was very expensive (this is typical).


They next decided to look into moving their current on-premises software into the cloud and we were asked to help with the testing. We determined that it would be best to move the file portion of the server to SharePoint / OneDrive to increase their mobility and flexibility. We also determined that it would be best to move them away from on premises Active Directory into Azure Active Directory / Intune to allow authentication and security policies. Finally we began testing the on-premises software hosted on a server in Azure with a VPN connection to their office.


The SharePoint / OneDrive and Azure Active Directory portions went through with little issues. The server, however, was not as we had hoped. The Azure VPN connection was expensive due to it always being on and no way of turning it off outside of business hours. The performance of the SQL database that the on-premises software used was basically unusable. The other option would be to create virtual desktops on Azure for this purpose but the cost and functionality was not what the customer was hoping for.


This has lead them back to searching for an online EMR software that will meet all their requirements. This will be tough because most companies are good at some things, but not all things and compromises usually have to be made. Our hope is that this story is a lesson to other companies. The cloud may sound like the newest and best way to work, but the costs and functionality are often worse than expected.

If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.

Automate Your Work, Free Yourself

Worked with a client lately to help them Automate a workflow, but you may be wondering what does that even mean. Let me explain. We all have tasks in our workday that are repetitive and consume little bite size pieces of our time. Depending on the steps needed to accomplish these tasks, they can be “delegated” to a computer process via scripting aka we automate them. In the case of the client we helped, they received emails from an eFax service which included attachments. These attachments had to be manually saved into a shared folder for the rest of the staff to access as needed. This process probably took about 30 to 60 seconds each, but multiply this by the 30+ faxes they received each day you have 15 to 30 minutes of wasted time each day (65-130 hours per year). This does not take into account the time taken to stop doing one thing, accomplish this task, and restart the original thing they were doing. 

Automate to Freedom


What if we could automate this little task and keep them employee free to do other more important things? We did. They customer uses Office 365 which includes a service called Power Automate. We scripted this tool to look at incoming messages, find ones from the eFax vendor, strip out the attachment, and save it to a SharePoint folder. This can then be shared with other employees and even synced via OneDrive to their Desktops for viewing, etc. That is just the tip of the iceberg as there is so much more that can be done with this technology. 

If your company wasting little bite size pieces of time in repetitive taks, then contact us for assistance.

Cost of Insuring Your “Digital” Employees

We were discussing the price customers paid for their monthly maintenance of computers and the comparison was brought up about insurance costs. As a business owner with employees, it is necessary these days to offer health insurance as part of their compensation package. If the company has vehicles that are used for business, then the government mandates that they be covered by minimum amounts of insurance. These costs are then built into the price the business owner then charges their clients for products or services.

Insurance Statistics: 

  • According to Business.com, the average cost of health insurance for a single employee was $645 per month and $1,850 per month for a family.
  • According to NerdWallet.com, the average cost of car insurance was $179 per vehicle per month. 

Questions:

So what about the “digital” employees of the company, aka the computers and network equipment that make business possible. How much are business owners paying to “insure” these assets? What are businesses willing to pay to make sure that their computers and network don’t have a sick day? Does the cost of insuring them include preventative care? Who does the business call in case of an accident or breakdown in the middle of the day? Does the cost of insuring include on-site service or transport to a service center?

If your company wants to keep their digital employees healthy and insure them from accidents, then contact us for assistance.

Recover a Stuck Windows Service

Recently had an issue with a backup software that would get stuck in START_PENDING status at every startup. This caused it to be unable to be uninstalled, repaired, or forcefully removed and re-installed. Here is how we fixed it:

1. Find out the Service Name of the service by looking for it in the Services control panel:

2. Open command prompt as administrator

3. To get the PID type in – sc queryex [Service Name]

4. To kill the errant process type in – taskkill /f /pid [PID]

5. To remove the process type in – sc delete [Service Name]

One I had removed the process I restarted the server just to make sure then re-installed the software.

If your company needs help troubleshooting software issues, then contact us for assistance.

Synology Active Backup Restore to Hyper-V

Prerequisites:

  • Make sure Hyper-V Host has CPUs than the combined total of CPUs for all servers being restored as these static until after the VMs are completely restored. If there is not enough CPU resources then the VMs will not boot.
  • Make sure Hyper-V Host has more than the combined total of RAM for all servers being restored as these settings are static until after the VMs are completely restored. If there is not enough memory then the VMs will not boot. 
  • Create a SET NIC Team on the server (if you have multiple NICs)
    • Open Powershell as administrator
    • User the New-VMSwitch command to setup an external virtual switch to connect to for live connections
      • New-VMSwitch -name “SET team” -NetAdapterName “NIC1″,”NIC2” -AllowManagementOS $True
      • The AllowManagementOS is needed if you are using the same NIC team to access the VM host
  • Setup secondary Internal vSwitch to allow for testing before deploying
  • Setup Synology LUN targets for each VM to be restored. Make sure that they are big enough to hold all the full uncompressed size of the entire thick provisioned hard drives for the entire server. 
  • Connect each LUN to the iSCSI Initiator on the VM Host. Make sure to bring them online, initialize them, and give them a drive letter. Synology needs this because it uses the SMB protocol to transfer the files during restore.
  • Make sure to allow the File and Printer Sharing app through the Windows firewall and open port 5986 to allow HTTP traffic for WinRM to allow Synology to query the Hyper-V settings.
  • Add the Hyper-V Host to the Active Backup for Business app.

Synology Active Backup Restore to Hyper-V

  1. Open the Active Backup for Business app
  2. Click on the Physical Server tab on the left
  3. Select the server and click the Restore button
  4. Select the point in time to restore from Graphical user interface, text, application, chat or text message Description automatically generated
  5. Choose Restore to Microsoft Hyper-V
  6. Choose Full Virtual Machine Restore
  7. Change the Restore Name
  8. Select a folder on the Hyper-V Host to place the configuration files Graphical user interface, text, application, chat or text message Description automatically generated
  9. Select a folder on the Hyper-V Host to place each of the restore VHD files
  10. Select a Virtual Switch on the Hyper-V Host to connect the VM to Graphical user interface, text, application Description automatically generated
  11. Confirm the settings by clicking on the Done button.

After:

  • The VMs will boot with a single NIC and no network settings. Keep them offline and add additional NICs as needed to match the original setup. Then configure the NICs as before upon reboot. Make sure to connect to Internal Test Switch for initial steps. 
  • Check hardware configuration of CPUs and RAM to determine if adjustments can be made. In particular, the RAM settings can be changed to startup, minimum, and maximum to allow for distribution of resources to VMs that have heavier workloads.
  • Boot VM to make sure it is functioning correctly.  (first bootup can take upwards of 15 minutes)
  • Convert the VM from Gen1 to Gen2
    • Download Windows 10 ISO – https://www.microsoft.com/en-us/software-download/windows10
    • Add Windows ISO to IDE controller as CD 
    •  Set boot to CD in VM Settings 
    • Boot VM to repair section of CD 
    • Boot to command prompt
      • diskpart 
      • list disk   (Make boot disk is in 0 spot)
      • exit
      • X:\>mbr2gpt /validate /disk:0 (select proper disk) 
      • X:\>mbr2gpt /convert /disk:0 
    • Create new VM with Gen2 setting
      • Give the VM a name and Store in appropriate iSCSI LUN drive then Click Next 
      • Select Gen 2 and click Next
      • Give the VM as much startup memory as needed and Use Dynamic Memory then Click Next Graphical user interface, text, application, email Description automatically generated
      • Select the Internal Test Switch and click Next
      • Select an existing hard drive and point to boot drive that was converted to Gen 2 then click Next Graphical user interface, text, application, email Description automatically generated
      • Click Finish to create
      • Modify to match old VM
        • Check Dynamic RAM settings to make sure the Max / Min is set properly
        • Check Hard drives and add additional as needed
        • Turn off Secure Boot function
  • Boot new Gen 2 VM and configure static IP address.
  • If booting successfully then delete Gen 1 VM 
  • Turn of old server as needed
  • Change Gen 2 VM to use SET Team vSwitch 
  • Test connectivity to network resources. 

If your company is looking to migrate from physical to virtual servers, then contact us to make the transition easy.

RMM Automation: Export List of AD Users Last Login Days Ago

As our business continues to grow our focus is on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services. This blog will be highlighting tips for using Powershell to get an Export List of AD Users Last Login was more than 90 Days Ago.

Research

You need to find out what the Organizational Unit (OU) path that you are trying to get the count from. The following command will list all OUs in the domain.

Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A

If you want the entire organization then you will need the top level information which looks like DC=[DomainName],DC=local

Variables

$SearchOU = This is the full DistinguishedName from the above output.

Script Snippet

$InactiveDays = 90
$Days = (Get-Date).Adddays(-($InactiveDays))
  

Get-ADUser -Filter {LastLogonTimeStamp -lt $Days -and enabled -eq $true} -SearchBase $SearchOU -Properties LastLogonTimeStamp,UserPrincipalName |
  
select-object Name,mail,@{Name="Last Login Date"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp).ToString('MM-dd-yyyy')}} | export-csv C:\support\inactive_Users.csv -notypeinformation

The script will take several seconds to run based on the number of users in the OU being searched. The output is saved to the local c:\support directory and you can modify this script to include the FTP upload based on our previous article – https://www.farmhousenetworking.com/rmm/automation/rmm-automation-export-log-files-to-ftp/ The script can also be easily modified to change the number of days since last login.

If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.

RMM Automation: Active Directory User Count

As our business continues to grow our focus is on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services. This blog will be highlighting tips for using Powershell to get an Active Directory User Count.

Research

You need to find out what the Organizational Unit (OU) path that you are trying to get the count from. The following command will list all OUs in the domain. 

Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A

If you want the entire organization then you will need the top level information which looks like DC=[DomainName],DC=local

Variables


$SearchOU = This is the full DistinguishedName from the above output.

Script Snippet

(Get-ADUser -Filter * -SearchBase $SearchOU).count

The script will take several seconds to run based on the number of users in the OU being searched. The output is an integer number. You can do the same sort of thing for an Active Directory Group Count or Active Directory Computer Count:

(Get-ADgroup -Filter * -SearchBase $SearchOU).count

or

(Get-ADcomputer -Filter * -SearchBase $SearchOU).count

If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.

Zero Trust – Cyber Security Audit

Security Audit - Grants Pass, OR

This is the tenth and finale in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on Cyber Security Audit. 
 

Cyber Security Audit

Cyber Security Audit is a process where both internal and external systems are tested for their ability and susceptibility to being successfully attacked by hackers. This usually involves an inventory of current systems, research into known vulnerabilities, and testing of those found to see what information can be accessed. Once this process is complete a report is generated to detail both what is found and how those vulnerabilities can be addressed to protect the business’ most valuable commodity – information (intellectual property and client data). Here are some questions to ask:

  • Do you have an inventory of all assets in your organization? Is it up to date?
  • Have you tested your internal network for vulnerabilities?
  • Have you had a penetration test performed on your external network?
  • Do you know what compliance standards apply?
  • How do you document policies and procedures? Who oversees that?

If your company is wanting to have a free cyber security audit, then contact us for assistance.

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2023- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]