Loading ...

News Feed

RMM Automation: Active Directory User Count

As our business continues to grow our focus is on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services. This blog will be highlighting tips for using Powershell to get an Active Directory User Count.

Research

You need to find out what the Organizational Unit (OU) path that you are trying to get the count from. The following command will list all OUs in the domain. 

Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A

If you want the entire organization then you will need the top level information which looks like DC=[DomainName],DC=local

Variables


$SearchOU = This is the full DistinguishedName from the above output.

Script Snippet

(Get-ADUser -Filter * -SearchBase $SearchOU).count

The script will take several seconds to run based on the number of users in the OU being searched. The output is an integer number. You can do the same sort of thing for an Active Directory Group Count or Active Directory Computer Count:

(Get-ADgroup -Filter * -SearchBase $SearchOU).count

or

(Get-ADcomputer -Filter * -SearchBase $SearchOU).count

If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.

Zero Trust – Cyber Security Audit

Security Audit - Grants Pass, OR

This is the tenth and finale in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on Cyber Security Audit. 
 

Cyber Security Audit

Cyber Security Audit is a process where both internal and external systems are tested for their ability and susceptibility to being successfully attacked by hackers. This usually involves an inventory of current systems, research into known vulnerabilities, and testing of those found to see what information can be accessed. Once this process is complete a report is generated to detail both what is found and how those vulnerabilities can be addressed to protect the business’ most valuable commodity – information (intellectual property and client data). Here are some questions to ask:

  • Do you have an inventory of all assets in your organization? Is it up to date?
  • Have you tested your internal network for vulnerabilities?
  • Have you had a penetration test performed on your external network?
  • Do you know what compliance standards apply?
  • How do you document policies and procedures? Who oversees that?

If your company is wanting to have a free cyber security audit, then contact us for assistance.

Facts vs. Feelings in Online Scams

When you think of cybersecurity, love and emotions are likely some of the last words that come to mind. However, scammers regularly depend on emotional connection to achieve their devious goals. According to the FBI, romance scams are at an all-time high, and accounted for the third highest internet crime loss in 2021.

Here at Farmhouse Networking, we account for human nature, and specifically gear our trainings towards helping people separate facts from feelings. When it comes to online romances, here are our top 3 red flags to look out for:

  1. Things are intense: Online scammers want to act quickly before you suspect anything. They may profess their love for or even propose marriage after just a few months of talking.
  2. Promises are broken: Since there is often an element of catfishing in romance scams, scammers may make plans to meet over video or in-person, but come up with last minute excuses to cancel.
  3. They are far away: Similarly to #2, posing as a member of the military or international business person are common profiles of scammers, since they can easily avoid having to meet in-person.

Thanks to feelings of loneliness and isolation that often accompany winter, December through February is peak season for romance scams. Farmhouse Networking’s goal is for your employees to always feel confident and empowered to see through all kinds of phishing attempts. Thank you for being a valued customer, and know that we are always here to support you.

Setup Azure to Araknis IPSec VPN

Had a local medial office want to move their current server into the cloud and because they are already an Office 365 customer, I chose to use Azure for their Virtual Machine. I helped them setup Azure to Araknis IPSec VPN to connect their headquarters to the hosted server. This tutorial will go into detail about the creation of this tunnel starting with the Microsoft Azure side first using Resource Manager. It will be using the following parameters:

  • VNet Name: TestNetwork
  • Address Space: 10.10.0.0/16
  • Subnets:
    • Primary: 10.10.10.0/24
    • GatewaySubnet: 10.10.0.0/24
  • Resource Group: TestResourceGroup
  • Location: West US
  • DNS Server: Azure Default
  • Gateway Name: TestVPNGateway
  • Public IP: TestVPNGatewayIP
  • VPN Type: Route-based
  • Connection Type: Site-to-site (IPsec)
  • Gateway Type: VPN
  • Local Network Gateway Name: TestSite
  • Local Subnet: 10.20.20.0/24
  • Connection Name: VPNtoTestSite

Configure an Azure VPN gateway

This part takes the longest, so it should be done first:

  • Click on the “+” icon at the top left hand side of the Resource Manager, then search for “Virtual Network Gateway” and click on the “Create” button.
  • Give the Virtual Network Gateway a name
  • Select matching Region to where Azure resources are located
  • Leave Gateway & VPN type the defaults
  • Choose a SKU <- These have changed since the article was created, so my “standard” now is WpnGw1 with Active / Active turned off (this is a good balance of performance and cost)
  • Choose or create a local network (not covered here, but must contain Gateway Subnet) that matches internal resources
  • Choose or create a Public IP Address
  • Leave the remaining values as their defaults and then click the “Create” button. (Please note the reminder that this takes 45 minutes to create!)Azure Virtual Network Gateway

Configure an Azure Local Network Gateway

This is a reference to your on-premise network so that subnets can pass traffic:

  • Click on the “+” icon at the top left hand side of the Resource Manager, then search for “Local Network Gateway” and click on the “Create” button.
  • Give the Local Network Gateway a name
  • Select matching Region to where Azure resources are located
  • Specify the external IP address of the local on-premise site
  • Specify the on-premise address space (subnet)
  • Leave the remaining values as their defaults and then click the “Create” button.
  • Azure Local Network Gateway

Configure an Azure VPN Connection

This will create the tunnel from Azure to the on-premise site:

  • Click on the “+” icon at the top left hand side of the Resource Manager, then search for “Connection” and click on the “Create” button.
  • Choose “Site-to-site (IPSec)” as the connection type
  • Give the Connection a name
  • Select matching Region to where Azure resources are located
  • Leave the remaining values as their defaults and then click the “OK” button. On the summary screen click on the “OK” button to create the connection.Azure Connection Basics
  • Choose the newly created Virtual Network Gateway
  • Choose the newly created Local Network Gateway
  • Specify a shared key
  • Leave the remaining values as their defaults and click the “Create” button.
  • Azure Connection Settings

This completes the setup of the Azure side of the VPN tunnel. Now to work on the Ubiquiti USG side.

Configuring an Araknis IPSec VPN Network

  • Connect to Araknis router (need at least a 310 for this to work)
  • Click on Advanced > VPN
  • Scroll down to IPSec and click add new tunnel
  • Fill in the Remote IP address of the Azure VPN Gateway
  • Araknis VPN Settings
  • Fill in the Remote Subnet Mask
  • Araknis VPN Settings
  • Make the following changes to IPSec Setup
  • Araknis VPN Settings

That is all there is to it. If your company is currently using either Microsoft Azure or Araknis routers and would like a VPN created, then contact us for assistance.

Protect Yourself from Social Media Scams: The Top 5 to Watch Out For

In today’s social media age, we are more interconnected than ever before. While this can be great for keeping up with loved ones and shedding light on current events, it also opens a new door for scammers.
Last year, annual reported losses from social media scams hit $1.1 billion. Here are the five most common types and our recommendations for protecting yourself, and your business, from them:

  1. Phishing Scams: Scammers attempt to trick you into revealing personal information by posing as a trustworthy source in an email or message. To avoid these scams, never click on links from unknown sources and always verify the sender’s identity.
  2. Impersonation Scams: Scammers create fake profiles and impersonate others to deceive and scam others. To avoid these scams, check profiles for authenticity by verifying their information, friends, and photos.
  3. Giveaway Scams: Scammers promise a prize or giveaway in exchange for personal information or a payment. To avoid these scams, never give out personal information, and only participate in giveaways from reputable sources.
  4. Investment Scams: Scammers promise high returns on investments, but it is just a trick to steal your money. To avoid these scams, do thorough research before investing, be cautious of unrealistic returns, and don’t fall for pressure tactics.
  5. Malware Scams: Scammers use social media to spread malicious software that can harm your device or steal personal information. To avoid these scams, don’t download anything from untrusted sources and keep your device’s security software up-to-date.
    Our goal at (Company Name) is to keep you safe while you’re scrolling. Speaking of social media, feel free to follow us @[handle] on Facebook and @[handle] on Instagram for more security tips and product updates.

Our goal at Farmhouse Networking is to keep you safe while you’re scrolling. Speaking of social media, feel free to follow us on LinkedIn for more security tips and product updates.

Zero Trust – Network Security

This is the ninth in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on Network Security. 

Network Security

Network Security is having the proper hardware and configuration of that hardware in place to protect the business network. This configuration includes segmenting network traffic to keep specific types of traffic, like guest devices, separate from traffic of business devices. It also includes keeping outsiders out of the network and detecting when they have breached security measures. Here are some questions to ask:

  • Do you have a business class router / firewall?
  • Do you have business class switches and access points that support segmentation?
  • Is your network configured to segment business traffic from guest traffic?
  • Are devices like VoIP phones and network cameras on their own network?
  • Is geo-location blocking turned on for non-essential countries?
  • Is network traffic being analyzed for suspicious activity?
  • Do you filter internet traffic?
  • Can your network detect and respond to a breach?

If your company is wanting to lock down network security, then contact us for assistance.

Small Office Server Virtualization

Expand Server Storage - Clackmas County, OR

Had a client recently who had a smaller office network (they have up to 6 concurrent users) with a server to process orders from their website using a software called StoneEdge. This software is SQL-based database with a Microsoft Access front-end. It was time to upgrade their server to new hardware and cost was definitely an issue based on their size and order volume. In this case we chose to use a Synology device to act as the virtual machine host and create a new virtual server on the host. Here are some details:

Server Build Specifications

  • Synology RackStation RS1221+
  • Synology M2D20 – M.2 SSD Adapter Card
  • 2x Synology SNV3410-400G – 400GB NVMe M.2
  • 2x Synology D4ECSO-2666-16G – 16GB DDR4 2666 MHz ECC SO-DIMM Memory Module
  • 4x Seagate 4TB IronWolf Pro 7200 rpm SATA III 3.5″ Internal NAS HDD

Picked the Synology based on the expandability of RAM to 32 GB, the capability to use cache drives, and storage growth over time. It also has a 4-core 2.2 Ghz Ryzen processor which was plenty based on their old servers CPU usage.

Basics of Setup

  1. Assembled parts
  2. Installed Synology OS
  3. Setup HDDs in Synology SHR2 RAID
  4. Added M.2 drives as cache
  5. Installed the Virtual Machine Manager app
  6. Created a VM with the max CPU available and max Memory available
  7. Uploaded the ISO for the server OS
  8. Installed the server OS
  9. Setup the StoneEdge application
  10. Migrated data

This build did not increase performance dramatically, but it did allow them to spend about half the cost of a full server to accomplish the same purpose. It also reduced costs by using the Synology for backup of the server locally and into S3 storage in the cloud for redundancy.

If your company is looking to move their servers to a virtual environment or into the cloud, then contact us to start the process

Benefits of Wi-Fi 6e 

VoIP Telephone System - Grants Pass, OR

Wi-Fi technology is ingrained into our everyday lives WE COLLECTIVELY STREAM more movies and TV shows, play more online games, and make more video calls than ever before, and all this activity puts a serious strain on our Wi-Fi networks. Wi-Fi 6e has various features to improve the efficiency and data of your wireless network and reduce latency. the latest Wi-Fi 6e standards offers a range of benefits, including faster and more reliable access. So, what is Wi-Fi 6e and what are some of the benefits?

Wi-Fi 6e explained 

Existing technologies operate on two frequencies 2.4 GHz and 5GHz which have become more congested over time; Wi-Fi 6e adds access to a third frequency, 6GHz. now wireless devices can also use the 6GHz band. And the 6GHz band opens up the opportunity for higher transfer speeds. On top of that, currently there are about four 160 MHz-wide channels with normal Wi-Fi this 6GHz band brings with it seven 160 MHz-wide channels, More available channels mean more available spectrum for Wi-Fi service “and less overlap between networks in crowded areas like apartment complexes or offices,”. with less overlap and congestion you are able to connect more devices with the same efficiency expectation. Additionally there have been security improvements with Wi-Fi 6E that puts the burden on the router, rather than you, to secure connections between your devices. WPA3 is mandatory for all Wi-Fi 6 certified devices, which provides the latest security and authentication protocols. 

Summary of Benefits 

  • Faster, more reliable connection
  • Transmits data faster with less interference. 
  • You don’t have to compete with traffic from other devices or networks.
  • Security improvements making it more secure and harder to hack 
  • Accommodates more connected devices

If your company is looking to upgrade the wireless coverage in your office, whole building, or entire business complex, then contact us to evaluate your WiFi needs.

RMM Automation: Credential Manager Empty After Reboot

As our business continues to focus on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services this blog will be highlighting tips for using Powershell to fix Credential Manager empty after reboot. There has been several users at a bunch of clients recently that have lost access to a network share due to saved passwords and we found Credential Manager empty after reboot. It was easy enough to re-add their password to Credential Manager, but it was not sticking around. This sounds like a job for automation, so we created a script to clear the errant Credential Manger files and create a new entry for the user to connect to file shares.

Variables

$user = username to add to Credential Manager of network share connection

$pass = password to add to same

Script Snippet

### Remove file folder associated with Credential Manager
Remove-Item -Path %localappdata%\Microsoft\Vault -Recurse

### Install Credential Manager Powershell Module
Import-Module -Name CredentialManager -Force

### Convert password to Secure String and create credential
$password = ConvertTo-SecureString -string $pass -AsPlainText -Force
$Credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $user, $password

# Save the credential object directly without unwrapping it:
New-StoredCredential -Credentials $Credential -Target 'Share Credentials' -Persist Enterprise -Comment "Share Credentials for $($Credential.UserName)" > $null

This script will need to be run in the context of the user who needs the credential created. Please use caution with this script as it will empty Credential Manager completely for the user context run with. Also it is advised to run a full CHKDSK /R on the root (C:\ usually) directory to make sure that nothing else is corrupt on the drive.

If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.

RMM Automation: Create Office 365 User

As our business continues to focus on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services this blog will be highlighting tips for using Powershell to create Office 365 User and add them to groups. We have several clients with high employee turn-over which makes it necessary to often create Office 365 user. We will detail how to find all the needed data to create the proper script for each client (yes it will take a different script for each client due to different group names for each client).

Research

You need to get two pieces of information – the license type used by the organization to create users and the names of the groups to add users to

To find out the license types used use this commands:

Connect-MsolService
Get-MsolAccountSku

To find out all the groups in the organization use this commands: 

Connect-ExchangeOnline
Get-UnifiedGroup | Format-Table Alias

Variables

$displayName = Full user name – usually First name & Last Name
$userPrincipleName = Email address for user
$adminuser = Email address for admin of Office 365 Tenant
$adminpass = Password for admin of Office 365 Tenant
$licenseType = Office 365 license type found in research above

There is also the need for variables for each group you will be adding users to (found in research above). For this example I will be using:


$CompanyShared = Company Shared Contacts
$CompanyTimeOff = Company Time Off Calendar
$BillingPayroll = Billing & Payroll Group Email

Script Snippet

###Use this command to be allowed to use DotNet assemblies
Add-Type -AssemblyName System.web

$displayName = "UserFirst UserLast"
$userPrincipleName = “User@Company.com”
$adminuser = "admin@Company.com"
$adminpass = '@dm1nP4ssw0rd'

$CompanyShared = "yes"
$CompanyTimeOff = "yes"
$BillingPayroll = "no"

###converts admin credentials to useable format for connections to Office 365
$adminpassword = ConvertTo-SecureString -string $adminpass -AsPlainText -Force
$admincred = new-object -typename System.Management.Automation.PSCredential -argumentlist $adminuser, $adminpassword

Connect-AzureAD -Credential $admincred
Connect-MsolService -Credential $admincred

$mailNickname = $userPrincipleName.Split("@")[0]

###To find User License Types use Get-MsolAccountSku
$licenseType = "companytenantID:SPB"

###Generates a random password length
$minPassLength = 8 ## characters
$maxPassLength = 15 ## characters
$passlength = Get-Random -Minimum $minPassLength -Maximum $maxPassLength

###Generates a random number of non-alpha characters in the password
$minNonAlphaChars = 1 ## characters
$maxNonAlphaChars = 5 ## characters
$nonAlphaChars = Get-Random -Minimum $minNonAlphaChars -Maximum $maxNonAlphaChars

###Creates the password, makes it useable by Azure, sets it up to not require password change, and creates account
$password = [System.Web.Security.Membership]::GeneratePassword($passlength, $nonAlphaChars)
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = "$password"
$PasswordProfile.ForceChangePasswordNextLogin = $false
Write-Host "Password is set to $password for $displayName"
$user = New-AzureADUSer -DisplayName $displayName -PasswordProfile $PasswordProfile -UserPrincipalName $userPrincipleName -mailNickname $mailNickname -AccountEnabled $true

###Waits 5 minutes for the user creation process in Office 365
Start-Sleep -Seconds 300

###Sets additional parameters for account that are needed like location, license type, and sets password to never expire
Get-MsolUser -UserPrincipalName $userPrincipleName | Set-MsolUser -UsageLocation US
Get-MsolUser -UserPrincipalName $userPrincipleName | Set-MsolUserLicense -AddLicenses $licenseType
Get-MsolUser –UserPrincipalName $userPrincipleName | Set-MsolUser –PasswordNeverExpires $True

###Adds new user to groups
if ($CompanyShared -eq "yes")
{ Add-MailboxPermission -Identity companyshared@premieror.com -User $userPrincipleName -AccessRights FullAccess -InheritanceType All}

if ($CompanyTimeOff -eq "yes")
{ Add-MailboxPermission -Identity companytimeoff@premieror.com -User $userPrincipleName -AccessRights FullAccess -InheritanceType All}

if ($BillingPayroll -eq "yes")
{ Add-MailboxPermission -Identity billing_payroll@premieror.com -User $userPrincipleName -AccessRights FullAccess -InheritanceType All}

This script requires that the admin account you use to setup the user have multifactor authentication turned off (I know not secure), so use a really long complex password. The script creates a random password for the new user and write it to output. The script will take several minutes to run due to the waiting for the account to finish setup before adding additional parameters and adding them to groups.

If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2023- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]