Steven Datt

Blog

  • Azure – Storage Account website vs App Service

    Before going on annual leave a couple of weeks ago, I dealt with migrating a static website from a 2008 IIS VM on VMWare to Azure for a customer.

    Initially, after scoping and a call with the stakeholders, Storage Account was the best choice to fulfil the following criteria:

    • Low cost
    • Low footprint
    • Easy for non-technical users to upload files
    • 14GB of site files

    The last point came up slightly later in the process, as it was found that most of the stakeholders were non-technical and had little knowledge of “how” the site worked.

    I migrated the site files up to the storage account and used a custom DNS temporarily to present a friendlier URL, although discovered soon after that storage account has a very significant feature set of IIS missing – case insensitivity for file names. Raising this with the stakeholders, and auditing the number of HTML files contained within the subfolders threw back a staggering number of 3512. If there were only a handful of actual HTML files it wouldn’t have been a big issue to rename the files. Further to that, looking into the raw HTML, even file paths use differing case (an unfortunate turn)

    I made the decision to completely scrap the storage account website and instead build out App Service. The notable differences from a Storage Account being:

    • The ability to specify multiple index file types – this meant we could allow for both index.html and index.htm to cover any variance
    • Easier method of uploading – App Service can upload  with FTP, whereas Storage Account required Storage Explorer
    • Ability to handle mixed case file names and file paths – completely alleviating the issue with the Storage Account, and more closely aligning to the features of IIS

    While App Service is more expensive (by a fair margin), it does allow a greater degree of flexibility to a solution over a Storage Account. I would have personally loved it if we were able to get it working with a Storage Account, although ensuring the sheer amount of files and folders were correctly renamed to account for the lower-case only requirement would have been too time consuming in terms of delivery constraints, as well as creating a dependency on the stakeholders to be able to resolve any issues and dependencies that arose from a mass rename action.

    To summarise, Storage Account websites would be an excellent choice, provided you understand and design beforehand the necessity of only using lower case naming conventions, and you don’t have a variety of index/root pages. Usually that would be the case in this day and age, although working with migrating websites initially created 10-15+ years ago and not maintained from a developer level can lead to the same issues that I’d experienced with this migration.

  • Sync WSUS with Windows Update via Powershell

    This is a post I’ve been meaning to write for a while, and here I’ll explain some of the basic methods and commands to manage WSUS solely through Powershell. No one really wants to be logging onto machines unecessarily with RDP, and these have been personally useful to me when customers have had insane hoops to jump through in order to log in (password expiry policies, Workspaces with Pins and OTP, locked behind VPNs, for example)

    Synchronise WSUS with Windows Update:

    (Get-WSUSServer).GetSubscription().StartSynchronisation()

    Get the result of the last synchronisation:

    (Get-WSUSServer).GetSubscription().GetLastSynchronisation()

    These two are useful if you would prefer to power down WSUS servers outside of company patch windows (e.g. monthly patch cycles) to save on costs, as the Update DB on the server wont be up to date all of the time.

    Another useful command is to list all the computers managed by WSUS:

    Get-WsusComputer -All

    And to filter to specific instances, for example if you wanted to check if they were being managed: 

    Get-WsusComputer -NameIncludes "ComputerName"

    Finally, to clear out old machines that have either been decomissioned or no longer exist (especially useful if you still manage ASG instances or scaleset VMs with WSUS, though I would recommend you use Patch Management/Automation Accounts instead)  

    Get-WsusServer "computername" | Invoke-WsusServerCleanup -CleanupObsoleteComputers -CleanupObsoleteUpdates

    That about wraps up basic admin tasks. You can get really in-depth with scripting for WSUS, although I personally haven’t gone that deep into it either. As above, we’ve moved on from managing static infrastructure and are now using Patch Management in AWS and Automation Accounts in Azure for Windows patch management. It really takes the pain away and gets rid of one extra VM to manage. 

    For a full listing of available commands, punch in:

    Get-Command -Module UpdateServices

    Or view these online on the MS Documentation page: https://docs.microsoft.com/en-us/powershell/module/updateservices

    Easy enough, right?

    Of course, you can use any of these commands in conjunction with Enter-PSSession, SSM in AWS or Cloud Shell in Azure to connect to a Powershell console on the VM/instance.

     

     

     

     

     

     

  • Detroit: Become Human’s recent media impact

    Tonight, I have finished probably one of the best games that I’ve played in the past two years, Detroit: Become Human.

    The story is well layered and follows 3 protagonists on their journey to achieve freedom. Markus, coming from a home of a wealthy artist in Lance Henriksen’s Carl Manfred. Markus and Carl have a father/son relationship, despite Markus being an android.

    Kara, who is an AX400 android model designed to take care of children and household duties (cooking, cleaning, etc)

    Connor, a specialist range of android designed to assist in Police investigations – who is hunting deviant androids (think Ryan Gosling’s character in Blade Runner 2049)

    There are a number of important topics and themes covered in the game such as racism, (sexual) minorities, biased media coverage and fear mongering. In this article in particular I wanted to write about Kara, and some of the media coverage that has been garnering attention to the game.

    (more…)

  • Installing Inspec for RubyGems on Windows

    I came across this as I was trying to install inspec to run against some Packer builds. The Github documentation only covers how to install inspec, and not the pre-requisites.

    You likely experienced an error such as “[…] requires installed build tools” and you may try to run gem install buildtools

    However, What you need to do is download the Ruby developer kit from https://rubyinstaller.org/downloads/ (found at the bottom of the page). You can unzip this wherever you like (I unzipped it to my Ruby install directory in a folder called devkit). From there, press SHIFT and right click, to open a command prompt window at that location. Now type:

    ruby dk.rb init

    and

    ruby dk.rb install

    The full output for these commands is below:

    C:\Ruby23\devkit>ruby dk.rb init
[INFO] found RubyInstaller v2.3.3 at C:/Ruby23

Initialization complete! Please review and modify the auto-generated
'config.yml' file to ensure it contains the root directories to all
of the installed Rubies you want enhanced by the DevKit.

C:\Ruby23\devkit>ruby dk.rb install
[INFO] Installing 'C:/Ruby23/lib/ruby/site_ruby/2.3.0/rubygems/defaults/operating_system.rb'
[INFO] Installing 'C:/Ruby23/lib/ruby/site_ruby/devkit.rb'

    Now, you can go ahead and

    gem install inspec

    Which will begin the installation.

  • Disable the Windows 10 notification sound

    Something that’s been driving me crazy recently is the excessive amount of notifications that pop up (and play a sound repeatedly) when I log in to my home PC.

    Somehow, turning down the system volume does nothing to stop the obnoxiousness of the alert.

    Luckily, there’s an easy, no fuss way to disable this!

    1. Right click on the volume icon in your system tray
    2. Select Sounds
    3. Find the option called Notifications, and set the option in the drop-down list under Sounds: to none.

    Hoping this helps to save the sanity of others (and their PCs/laptops from being thrown out of windows!)

  • What I’ve been up to since…

    It’ s been a long, long time since I last posted on here. There’s a good reason for that.

    I’ve started a new job working in DevOps. A lot of my friends will know that’s the direction I was aiming for, though I was quite a way away from having the necessary experience to make the transition from 2nd/3rd line server support, into infrastructure support, and then into DevOps.

    I was contacted by a recruiter one day, and the prospect seemed almost too good to be true. I managed to make it to an interview and was told that, being that it’s a junior role, not having any experience in the tools that they used was perfectly fine. Accepting the position was an easy choice to make. Probably the easiest choice that I’ve had in life thus far.

    The team was brand new, focusing more on the Windows side of DevOps in AWS (Amazon Web Services), Microsoft Azure, and GCP (Google Cloud Platform). Even so, as just a junior, the learning curve was incredibly steep but wholly rewarding.

    6 months on and I’ve grown pretty confident in my skills of writing Terraform modules. Within a few months I had written my first without assistance (in total I’ve created 3 Terraform modules, and made numerous functionality additions to existing code). I’ve completed a really interesting project recently, and in doing so I seem to have created something that no one else has done before – or at least – it hasn’t been fully documented with all the intricate nuances that I’ve experienced in the process.

    I’ll be doing a write-up of that soon. Hopefully, it can be of help to someone else.

  • Windows 10 – Settings can’t be opened using the Built-in Administrator account

    The Windows 10 rollouts from Microsoft has finally picked up traction. My opinion of Windows 10 has greatly improved due to the cross-platform availability of XBOX One games.

    However, due to the adoption of an app-like structure, this has posed it’s own problems.

    You may find that you’re not able to open built-in programs that you were able to use without any issues in Windows 8, for example.
    Settings can't be opened using the built-in Administrator account

    Luckily! There’s a simple fix for this!

    Please note, this fix applies to Windows 10 Professional versions and above.

    1. Press the Windows Key and R together
    2. Type secpol.msc into the box that appears
    3. Navigate to Local Policies -> Security Options
    4. Find the policy in the list called “User account control Admin Approval Mode for the built-in Administrator account
    5. Double click on this policy, and change the setting to Enabled

    This fix applies to Windows 10 Home versions

    Unfortunately home versions don’t have a local security policy editor, so we’ll have to resort to editing the registry to achieve the desired effect.

    1. Press the Windows Key and R together
    2. Type regedit into the box that appears and press return
    3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System and create a DWORD value called FilterAdministratorToken with a value of 1
    4. Now browse to the folder below, “UIPI” and change the Default value to 1
    5. Open User account control settings, again, by pressing the Windows Key and R together, this time typing useraccountcontrolsettings and adjusting the slider to the second setting “Notify me only when apps try to make changes to my computer (default)“.
    6. Restart your PC/laptop, and you’ll now be able to open the built-in apps without any issues.

    If you don’t feel confident in making changes to the registry, I’ve attached a link to a file below that you can download, Double click, and apply the registry changes automatically.

    File: Registry item (hosted on MediaFire)

     

     

  • Why automation is the best remedy for your overworked helpdesk

    It’s a known fact that helpdesks are overwhelmed and the retention rate of helpdesk staff can be as low as 50%. Good managers will identify why this is and take steps to correct it – providing benefits, better salaries, or training opportunities. There is also another big – and preventable – cause of helpdesk turnover, and that’s the sheer quantity of mundane and repetitive tasks in addition to legitimate support calls, that can cause them to feel overwhelmed if there’s a high volume of tickets that need to be worked on. These tasks can vary from company to company but some examples could be:

    (more…)

  • Exporting AD group members using Powershell

    We had a client who was experiencing high usage on one of their TS servers last week, and I was asked to compile and export a list of users on each TS to send to the client so we could move people around. I found a handy Powershell cmdlet that let me do this really easily, as well as being able to export to file.

    Simply put, it’s this:

    Get-ADGroupMember -identity GroupName | Export-csv -pathC:\GroupMembers.csv -NoTypeInformation

    The first section, Get-ADGroupMember -identity GroupName is where you specify the name of the group that you want to obtain the list of members for

    We have the pipe, to signify an extra command linked to the first, in this case, we want to export the results to a csv file called GroupMembers.csv

    The -NoTypeInformation switch just removes an unecessary line from the start of the csv.

    More information on the export-csv command, including additional switches can be found on Microsoft TechNet – https://technet.microsoft.com/en-us/library/hh849932.aspx

  • Disabling Windows Defender

    I had an issue recently where Windows updates installed Windows Defender automatically, on top of Microsoft Security Essentials on my TS3 server. This caused MSE to disable itself, and Windows Defender didn’t enable itself, causing my TS3 server to be exposed for longer than I would have liked.

    Obviously this was a huge problem, and I prefer to use MSE over Windows Defender, but getting rid of it wasn’t as easy as just re-enabling MSE.

    So, to disable Windows Defender:

    1. Open Control Panel
    2. Find & open Windows Defender
    3. Within Windows Defender, click Tools
    4. Then Options
    5. Click the last option, Administrator
    6. Un-check the box labelled “Use this program”

    Now,

    1. Open up services (Run -> services.msc)
    2. Find Windows Defender in there
    3. Double click on it to open Properties
    4. Set Startup Type to Disabled
    5. Enable MSE and restart the PC

    Even if, at this point, MSE hangs. When you log back in again it should  be re-enabled.