Install handbrake on CentOS8

Handbrake can be installed without having to install from source, simply for this tutorial to learn how.

Handbrake install instructions for centos8 show that you have to install from source as well as installing all development tools, but there is an easier way … install from rpmfusion.

RPMFusion provides software that the Fedora project or Redhat don’t want to.

Before you progress any further, you need to enable EPEL in CentOS8

According to the RPMFusion configuration guide at time of writing, you need to do the following in a console to add the required settings to CentOS8:

sudo dnf install --nogpgcheck https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf install --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm

Next, you need to install Handbrake GUI

sudo dnf install HandBrake-gui

This will then try to resolve all the dependencies using the new RPMFusion repositories and should prompt to download approx 20MB of packages:

Install  22 Packages

Total size: 20 M
Total download size: 20 M
Installed size: 63 M
Is this ok [y/N]: 

to run handbrake, type the following into a console:

ghb

Securing your devices using DNS

We have long wondered why some of the more harmful webpages are not blocked more easily using DNS, and we finally found a system that does it for us. Securing your devices using DNS may sound like an odd concept, but read on to find out more. You can now improve your Internet Security & Privacy In a Few Easy Steps

dns9.quad9.net is a great free service that blocks many bad things from talking to your computers and other devices. Alot of the viruses people get come from either webpages or email and use DNS to talk to their command and control (C&C) server(s). Quad9 provides Internet Security & Privacy
In a Few Easy Steps

dns9.quad9.net will allow you to block all harmful webpages and many other things without you even being aware of it.

If your unsure what DNS is, its the Domain Name System. in other words, its the domain name of the site (such as securetech.com.au) which resolves into an IP address of “208.113.162.199”. which one is easier to remember?

Remove preinstalled window 10 apps for all users using powershell

To remove the preinstalled windows 10 apps for all users using powershell, open powershell as Administrator, and paste the following.

#Be careful with the first line ... you may want to keep the windows store installed as alot of applications come through there now, rather than direct installs.
#Get-appxpackage -allusers windowsstore | install-appxpackage
Get-appxpackage -allusers xboxapp | remove-appxpackage
Get-appxpackage -allusers 3dbuilder | remove-appxpackage
Get-appxpackage -allusers zune | remove-appxpackage
Get-appxpackage -AllUsers camera | remove-appxpackage
Get-appxpackage -AllUsers solitaire | remove-appxpackage
Get-appxpackage -AllUsers bing | remove-appxpackage
Get-appxpackage -AllUsers getstarted | remove-appxpackage
Get-appxpackage -AllUsers photos | remove-appxpackage
Get-appxpackage -allusers alarms | remove-appxpackage
Get-appxpackage -allusers skype | remove-appxpackage
Get-appxpackage -allusers phone | remove-appxpackage
Get-appxpackage -allusers maps | remove-appxpackage
Get-appxpackage -allusers people | remove-appxpackage
Get-appxpackage -allusers messaging | remove-appxpackage
Get-appxpackage -allusers connectivity | remove-appxpackage
Get-appxpackage -allusers communication | remove-appxpackage
Get-appxpackage -allusers candy | remove-appxpackage
Get-appxpackage -AllUsers office | Remove-AppxPackage
Get-appxpackage -AllUsers twitter | Remove-AppxPackage

If you didn’t actually read the above before copying and pasting (as we may or may not have done), you will need to re-install the store if you want it (which is likely):

Get-AppXPackage WindowsStore -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

Powershell is an amazing thing that allows the reasonably knowledgeable person to do many functions easily which would normally require alot more time and or effort.

How to replace Dropbox OneDrive or sugarsync with syncthing

If your sick of paying for synchronization software that is overpriced or your running out of space using a free account, Syncthing is one answer, particularly if you have computers in multiple locations or have a good friend or family member that is happy to share some HDD space and internet bandwidth to allow you to do offsite automatic backups.

We recently discovered SyncThing and have been very impressed with it’s features, functionality and security. If you have not yet heard of SyncThing, then you don’t know what your missing out on. It has many awesome features, a few of which are listed below.

  • Syncthing is an amazing free software that allows you to share folders between networked devices, such as laptops and mobile phones.
  • Syncthing has clients for windows, mac and linux computers
  • Syncthing has clients for android and apple ios (ipad, iphone, ipod) although the later has limited support.
  • Sycthing is secure.
  • Syncthing can be setup to sync in a mesh or spoke.

Adding Remote Desktop (RDP) support to windows 10 home

Microsoft Windows 10 home is easily modified to add the Remote Desktop features. These feature are only normally available in the Professional version of win10 (pro).

You don’t need to pay for the professional version to have Remote Desktop services installed on your computer. Some smart people have worked out how install Remote Desktop Server on Win10 Home.

A good article explaining how to enable remote RDP access in Windows 10 Home edition, but sadly RDPWrap isn’t updated for the latest version of windows 10, So we decided to make it easier for people to find a working RDPWrap solution:

  1. Copy the files from the archive “RDPWrap-v1.6.2.zip” (or newer) to the “%ProgramFiles%\RDP Wrapper” directory.
  2. DO NOT use other location to install/extract the RDP Wrapper files, as it will not work,
    USE ONLY the “%ProgramFiles%\RDP Wrapper” directory (normally C:\Program Files (x86)\RDP Wrapper)
  3. Extract/Copy the files/folders from the archive “autoupdate.zip” to the “%ProgramFiles%\RDP Wrapper” directory
  4. To enable autorun of autoupdate.bat on system startup, run the following helper batch file as administrator: “%ProgramFiles%\RDP Wrapper\helper\autoupdate__enable_autorun_on_startup.bat”
  5. Set in your Antivirus/WindowsDefender an exclusion on the folder “%ProgramFiles%\RDP Wrapper” to prevent the deletion of RDP Wrapper files
  6. Now you can use the autoupdate batch file to install and update the RDP Wrapper. Please run the following autoupdate batch file as administrator: “%ProgramFiles%\RDP Wrapper\autoupdate.bat”

Remotely Lock & Shutdown computers using PowerShell

PowerShell takes the functionality of batch scripts to the next level and allows you to Remotely Lock & Shutdown computers using PowerShell.

The following needs to be run on each computer if using a workgroup setup. or changed in your AD security policy (to make it permanent – which isn’t advisable without signing the script)

https://www.howtogeek.com/117192/how-to-run-powershell-commands-on-remote-computers/

Enable-PSRemoting
Set-executionpolicy unrestricted
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "192.168.1.250" -Force 
Get-Item WSMan:\localhost\Client\TrustedHosts
Restart-Service WinRM

The above does the following:
Enable-PSRemoting sets up the policies and firewalls to allow remote connections using powershell
Set-executionpolicy unrestricted changes the local execution policy to allow execution of all scripts (not just signed)
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "192.168.1.250" -Force Adds server IP into the trustedhosts to allow execution
Restart-Service WinRM restarts windows remote management service

We are assuming that your server IP is 192.168.1.250, change as appropriate

Now to the actual shutdown code that will be run from our “Server”:

Function Get-MyCredential{
 param(
 [string]$username,
 [string]$password
 )

 $secStr = new-object -typename System.Security.SecureString
 $password.ToCharArray() | ForEach-Object {$secStr.AppendChar($_)}
 return new-object -typename System.Management.Automation.PSCredential -argumentlist $username,$secStr
}
Function Lock-Machine{
 param(
 $machineName
 )

 & winrm set winrm/config/client `@`{TrustedHosts = `"$machineName`"`}
 Invoke-Command -ComputerName $machineName -ScriptBlock { tsdiscon.exe console } -Credential (Get-MyCredential User Pa$W0rd)
 }
Function Hibernate-Machine{
 param(
 $machineName
 )

 & winrm set winrm/config/client `@`{TrustedHosts = `"$machineName`"`}
 Invoke-Command -ComputerName $machineName -ScriptBlock { &"$env:SystemRoot\System32\rundll32.exe" powrprof.dll,SetSuspendState Hibernate } -Credential (Get-MyCredential Administrator password)
}
Lock-Machine "192.168.1.84"
#Lock-Workstation "NameOfTheComputer" (Get-Credential)
Stop-Computer -ComputerName 192.168.1.85 -Force -Credential (Get-MyCredential User Pa$W0rd)

Relaunching a windows app using a batch script

We recently had need to restart an app server exe automatically when the demonstration license it was running on caused the server to close regularly, annoying everyone trying to learn the system. We had need of a script (YAY) to check if it was running and restart it when required.

Requirements:

  1. Check to see if the app is running on start if not running, start it.
  2. wait for some period of time (60 seconds)
  3. Check to see if the app is running, if not running, start it

Flourishes:

  1. Date app last restarted is displayed in title
  2. ability to close script with a button press
  3. ability to cancel wait time and relaunch app now
  4. ability to log when app was restarted

Working on it:

checking if a process is running:

It turns out that checking if a process is running is relatively easy:

tasklist /FI "IMAGENAME eq appServer.exe" | findstr "appServer.exe"
if %ERRORLEVEL% == 1 Echo No server Process found
if %ERRORLEVEL% == 1 goto start

and of course, now you have to choose:

choice /T 60 /D y /C YABCDEFGHIJKLMNOPQRSTUVWXZ /N >NUL
if %ERRORLEVEL% == 1 goto loop

now we start the exe

start "" "C:\Program Files (x86)\AppVision 4.0\Bin\appServer.exe"

Set the title

title appServer (re)Started at %NowDate% %NowTime% (Press X to exit script before closing appServer.exe)

Pulling it all together:

@echo off
title appServer (re)Launching script started at %time:~0,2%_%time:~3,2%_%time:~6,2% (Press X to exit script before closing appServer.exe)
pushd "C:\Program Files (x86)\AppVision 4.0\Bin"

:loop
timeout 2 >NUL
rem ping 127.0.0.1 -n 2 >NUL
echo.
tasklist /FI "IMAGENAME eq appServer.exe" | findstr "appServer.exe"
if %ERRORLEVEL% == 1 Echo No server Process found
if %ERRORLEVEL% == 1 goto start
echo Server process found at %time%, waiting 60 seconds
echo.
rem timeout 60
rem ping 127.0.0.1 -n 30 >NUL
choice /T 60 /D y /C YABCDEFGHIJKLMNOPQRSTUVWXZ /N >NUL
rem echo %ERRORLEVEL%
if %ERRORLEVEL% == 1 goto loop
goto eof

:start
set NowTime=%time:~0,2%_%time:~3,2%_%time:~6,2%
set NowDate=%date:~10,4%_%date:~4,2%_%date:~7,2%

cls
echo starting
start "" "C:\Program Files (x86)\AppVision 4.0\Bin\appServer.exe"
title appServer (re)Started at %NowDate% %NowTime% (Press X to exit script before closing appServer.exe)
choice /T 10 /D y /C YABCDEFGHIJKLMNOPQRSTUVWXZ /N >NUL
rem ping 127.0.0.1 -n 11 >NUL
goto loop

:eof
popd
echo script finished due to keypress
rem pause

Pausing a Batch script

Those of you that still use batch scripts (and why not … they are backwards compatible to older systems), will occasionally need to pause a script to wait for something to start or finish or just because.

There are various different ways to accomplish this. My current favourite is:

choice /T 60 /D y /C YABCDEFGHIJKLMNOPQRSTUVWXZ /N >NUL

ASTARO – Adding Win 2k3 as a Authentication server

How to setup ASTARO (now sophos) UTM to authenticate with windows server 2003 through RADIUS. Step-by-step guide to getting it running.

Step 1 – Add a usergroup to Authenticate against

Screenshot of "Firewall Users" usergroup
  • Open Computer Management (Start/All Programs/Administrative Tools/Computer Management),
  • Add a new Usergroup and give it a descriptive and helpful name (I suggest something like “Gateway Users”).

Step 2 – Add users to your group

Screenshot showing user is a member of firewall users group
  • Within Computer Management (System Tools/Local Users and Groups/Users), create users (if necessary)
  • Right click on a user and select Properties
  • Under the Member Of tab, add the group that you created in Step 1 (eg “Gateway Users”)
  • Do Not close Properties dialog box, go to step 3.

Step 3 – Configure Dial-in access

Screenshot showing user properties Remote Access Permission to allow VPN access
  • Within Properties dialog box, click on the Dial-in tab.
  • choose “Allow Access” under Remote Access Permission (Dial-in or VPN)
  • Save and close the Properties dialog box.

Step 4 – Alter Group Policy for password encryption

Alter Group Policy to allow storing passwords using reversible encryption.
  • Within Active Directory Users and Computers, right click on your domain name and chose properties
  • Within the Domain Properties dialog box click Group Management tab
  • Highlight the Default Domain Policy and select “edit”
  • In the GPO Editor, navigate to Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy
  • Make sure Store passwords using reversible encryption is enabled
  • Save and close all dialog boxes

Step 5 – Add a client to the IAS RADIUS server

Create a new RADIUS client
  • Open IAS (Start/All Programs/Administrative Tools/Internet Authentication Server)
  • Right click on RADIUS Clients then chose New RADIUS Client
  • Gave the Client a friendly name of ASG and an IP address
  • Chose RADIUS Standard Vendor-Client and input a shared secret
    (note: will need to input this on the ASG, so write it down)

Step 6 – Create a new Remote Access Policy

Create a new custom Remote Access Policy
Create a new Remote Access Policy with these policy conditions
Add the name that was used in step 5
Finish creating a new Remote Access Policy
Edit the Dial-in profile
  • Within IAS, right click on Remote Access Policies and Choose New Remote Access Policy
  • In the wizard, Choose Set Up Custom Policy and give the policy a descriptive name
  • Select the NAS-Identifier policy condition and give the NAS ID of pptp (lowercase)
  • Select the Windows-Groups policy condition as well and add the group specified in Step 1
  • Choose Grant Remote Access
  • Edit the profile to include CHAP on the Authentication tab (You can include PAP as well, but this is an insecure method)
  • Save and close all configurations on the Active Directory server

Step 7 – Configure the ASG

Configure ASTARO Secure Gateway (ASG)
  • Navigate to Definitions & Users/Authentication Servers/Servers
  • Add the server, service port (keep default unless absolutely certain) and shared secret from Step 5
  • Save the configuration

You are now done with the configuration. In a few minutes, at most, you should be able to use the UTM to authenticate with windows using the RADIUS server facilities. If there is an issue where authentication continually fails, most likely there is a setting on the AD server that needs to be adjusted.

Advanced Settings

If you wanted to get fancy, you could do the following:

Setup a Group for each part of the ASTARO Secure Gateway components (such as Proxy, VPN, Webadmin, etc)

Setup a Remote Access Policy which mimicks the above, while adding “NAS-Identifier” as an extra step. ASTARO sends a unique identifier for each part, so you can setup groups within windows to authorise access to whatever you want, and then you no longer need to edit users at the ASG Web Admin.

This requires setting up “Automatic User Creation” (Definitions & Users/Authentication Servers/Global Settings).

Troubleshooting

Use the Test feature of the Edit Authentication Server Page to check if the UTM authenticates with windows and therefor the user is getting authorisation.

Use the Event viewer on the server to check the “System” Logs, Failed Logon events will show further details here (as long as ASG is setup with the correct server details.

http://technet.microsoft.com/en-us/library/cc782585.aspx is a good place to start for troubleshooting various items on the windows side.

This article was originally found at “https://support.astaro.com/support/index.php/RADIUS“. We have updated it, because the original was a little light on information, and is considered outdated now.

This was created in a hope that others can get more information, and not have to spend as much time as we did, tracking down issues and piecing everything together (not being an expert on RADIUS Authentication).

If you need help with this or other firewalls, please contact us.