Windows 7 / 10 Remote Troubleshooting Methods with Scripts

Here are some scripts and methods to do remote troubleshooting or running some commands in remote machines. I found they are very useful especially in a enterprise environment if you have your domain admin account.

Prerequisites to run remote commands

• Install .NET Framework 4.5.2 from \\shareserver\it\$Install\Scripting prerequisites\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
• or from https://www.microsoft.com/en-ca/download/details.aspx?id=42642
• Install Windows Management Framework 5.1:
•  copy the folder \\shareserver\it\$Install\Scripting prerequisite\Windows Management Framework 5.1 to your C drive or download from https://docs.microsoft.com/en-us/powershell/wmf/5.1/install-configure
•  Open PowerShell as an administrator, navigate into the directory on your C drive, and run the command
• .\Install-Wmf.ps1

• Install Microsoft Visual C++ 2017 redistributable from \\shareserver\it\$Install\Scripting prerequisite\VC_redist.x64.exe

• Download from https://www.microsoft.com/en-us/download/details.aspx?id=52685
• From a PowerShell prompt running as an administrator, run the command
• Set-ExecutionPolicy Unrestricted -Force
• From a PowerShell prompt running as an administrator, run the command
• winrm quickconfig

Qualys Guard Tips and Tricks

1. Assetview Tag 

Asset Search - Dynamic Rule
Search all assets found / scanned in last 90 days:

Configure Fortigate DDNS with free DDNS service noip.net

Using a Dynamic Domain Name Service (DDNS) means that users can reach your network by means of a domain name that remains constant even when its IP address changes. FortiOS has supported this feature in Network - DNS settings -  Fortiguard DDNS service, which sounds great. Unfortunately, it does not work well in my home lab environment. My FortiGate is behind ISP modem and WAN port is using private ip address 192.168.20.2.

1. FortiGuard DDNS service
When use baisc FortiGuard DDNS settings wthout enabling 'Public IP Address", my WAN ip (192.168.20.2) got updated with my defined subdomin 51sec.fortiddns.com in the Intenet. On this configuration page, you also got a warning message, "the interface has a private ip address (192.168.20.2) which may not be publicly accessible".

In this example, the domain fortiddns.com is used. This domain is owned by Fortinet, as are the float-zone.comdomains  and fortidyndns.com.

FortiOS Configuration for FortiGate Firewalls (Tips and Tricks) 2

FortiGate firewall always surprise me with his rich embedded features, prices and performance. FortiOS is a security-hardened, purpose-built operating system that is the software foundation of FortiGate products. With this one unified intuitive OS, we can control all the security and networking capabilities across all of your Fortigate products.

I put some of useful commands or configurations in following two posts:

• FortiOS Configuration for FortiGate Firewalls (Tips and Tricks) 1
• FortiOS Configuration for FortiGate Firewalls (Tips and Tricks) 2

1. Debugging and Diagnostic your system

diag debug enable
diag debug console timestamp enable
diag sniffer packet wan 'host 8.8.8.8' 1
diag debug disable
diag debug reset

diag debug cli cmd will show you the  "cli commands" for actions that you take from the gui.

diag debug enable
diag debug cli 8 

FortiOS Configuration for FortiGate Firewalls (Tips and Tricks) 1

FortiGate firewall always surprise me with his rich embedded features, prices and performance. FortiOS is a security-hardened, purpose-built operating system that is the software foundation of FortiGate products. With this one unified intuitive OS, we can control all the security and networking capabilities across all of your Fortigate products.

I put some of useful commands or configurations in following two posts:

• FortiOS Configuration for FortiGate Firewalls (Tips and Tricks) 1
• FortiOS Configuration for FortiGate Firewalls (Tips and Tricks) 2

1. FGT30D # config system interface 

FGT30D (interface) # show
config system interface
    edit "wan"
        set ip 10.99.142.1 255.255.255.0
        set allowaccess ping https ssh snmp http fgfm
        set type physical
        set snmp-index 2
    next
.....
    edit "lan"
        set ip 192.168.100.1 255.255.255.0
        set allowaccess ping https ssh http fgfm capwap
        set type physical
        set snmp-index 1
    next
end

FWF60D # show | grep interface
config system switch-interface
config system interface
        set alias "SSL VPN interface"
        set monitor-interface "wan1"
        set interface "lan"
        set associated-interface "ssl.root"
        set associated-interface "lan"
        set associated-interface "lan"

FWF60D # show | grep -f DMZ2
config system interface
    edit "wan2"
        set vdom "root"
        set ip 172.17.3.1 255.255.255.0
        set allowaccess ping https http fgfm
        set type physical
        set alias "DMZ2" <---
        set role dmz
        set snmp-index 3
    next
end

Smallest Firewall / Router VM in My Vmware ESXi and Workstation

In my home lab virtual environment, VMware ESXi and Workstation used to host most of my testing virtual machines. To get those VMs working together in a multi networks diagram, I always need to have a router or firewall VM. I were using all kinds of virtual routers or firwealls, such as those major vendors, Cisco, CheckPoint, Juniper, Fortinet, Palo Alo, also some small vendors, such as OpenWRT,PFsense, RouterOS, etc. But recent I found one small Virtual image surprised me. The whole virtual image file is only 1.4MB. Memory only needs 16MB.

Canada CRA Email / Message Scam Example and Phone Call Scam Fraud Recording 2018

One of the top scams happening in Canada is CRA Scam, also called Income Tax Scams. Over $5 million was lost to income tax scams in 2017. The Canada Revenue Agency (CRA) is warning Canadians to be careful of emails, voice mails, even mail claiming to be from the CRA. These are phishing scams that could result in identity thefts. Email scams may also contain embedded malware, or malicious software, that can harm your computer and put your personal information at risk of compromise. The CRA does not email Canadians and request personal information.

Recently, I collected some of real samples happened to me from those scammers.

1. CRA Email Scam

I got an email from a email address starts with CRA-NoticeSecured-Taxinfo, with an attachment inside. But it actually from some weird domain aprobacion.x7.io. The email says Canada Revenue Agency has sent you an INTERAC e-Transfer with amount $782.57.