Windows 2016 Create a Service

To run a program as a service, bring up an Administrator command prompt and:

C:\> SC CREATE “JGZs Service” binPath=”C:\MyPrograms\JGZsService.exe”

Then you can start the service via the SC command:

C:\> SC START “JGZs Service”

Or from the Services Control Panel applet.

Windows Server 2016 Proxy Settings For Local Computer

To set the proxy for all users that logon to Windows Server 2016 or Windows 10, you can configure your settings in Internet Explorer or through Internet Options from a Administrator level account on the machine.

Then, bring an Administrator command prompt and enter the following:

C:\>netsh winhttp import proxy source=ie

Turn off Server Manager startup at logon.

In Windows 2016, Server Manager starts up at logon. It does this in Windows 2012 R2, but I have not confirmed whether the solution is the same to prevent this behavior. To stop this, you do from the Task Scheduler.

You bring up Task Scheduler under Administrative Tools.

Expand Task Scheduler Library/Microsoft/Windows, and go down to ServerManager.

Under Server Manager, you will see two tasks: CleanupOldPerfLogs and ServerManager.

Right mouse click ServerManager and select Disable. This will turn this behavior off for all users that login to the server.

I have verified that can be modified the same way in Server 2012 R2 as well.

Using puttygen to generate OpenSSH public key

I was given the private key for an SFTP server on a remote network. The key was generate using puttygen.exe or similar program on a Windows system. I needed to using public key authentication to access the server. This is what I did to generate a public key to authenticate.

On a Windows system, I ran puttygen.exe and imported the private key. You can either do this as a parameter to the puttygen.exe program or import the key once you have started puttygen.exe:

puttygen somebodys.ppk

Once the key is imported, you can change the key comment from imported-openssh-key to something more meaningful. And enter and confirm your choice of passphrase.

Then save the public key by clicking the button.

Copy the newly generated public key to the openssh sftp client machine.

Put the file in file in the ~/.ssh directory and secure it (chmod 400 ~.ssh/

Then you just have to pass it to your sftp command.

$ sftp -i ~/.ssh/

Write protect a USB drive in Windows

You can write protect a USB (or any drive for that matter) using DISKPART.

With the drive plugged in open up a command prompt and enter DISKPART.

Then list the disks in your system to determine which one is the USB drive using LIST DISKS

Once identified, enter SELECT DISK #, where # is the number corresponding to your USB disk.

To list disk attributes enter ATTRIBUTES DISK.

To set disk to read only enter ATTRIBUTES DISK SET READONLY.

To remove read only restriction enter ATTRIBUTES DISK CLEAR READONLY.

CentOS 7 – smarthost authentication

Using the default MTA (Postfix), the following needs to be configured. I have tested authenticating to an Exchange 2010 server.

I am not really sure about the minimum software needed in CentOS 7 for this, but I did install the following in a minimum installation (postfix installed by default):


Create a credential file:

# cd /etc/postfix
# vi cr_info
my.server.domain theusername:andtheirpassword
# chmod 600 cr_info
# postmap hash:/etc/postfix/cr_info

Configure postfix for smarthost authentication:

# vi /etc/postfix/

# JGZ 4/27/2018
relayhost = my.server.domain
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/cr_info
smtp_sasl_security_options = noanonymous

Restart postfix:

# postfix reload

Import a Trusted Root Certificate Authority in Windows 2012 R2 GPO

Export the certificate when you go to the site. I did this in Chrome through the “Developers Tools”. The result was a pem file.

I brought up the group policy management console and edited the GPO where I wanted the certificate. Then, I imported it.

Import the certificate to:
Computer Configuration/Policies/Windows Settings/Security Settings/Public Key Policies/Trusted Root Certification Authorities

CentOS 7 – Certificate For Apache Notes.

Generate a key and CSR:

# openssl req -new -key ca.key -out ca.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:California
Locality Name (eg, city) [Default City]:Valencia
Organization Name (eg, company) [Default Company Ltd]:GreatTechHelp
Organizational Unit Name (eg, section) []:Information Systems
Common Name (eg, your name or your server’s hostname) []:myhostname
Email Address []:some@email.address

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Files created:

# ls
ca.csr ca.key

Sign the key:

# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=/C=US/ST=California/L=Valencia/O=GreatTechHelp/OU=Information Systems/CN=myhostname/emailAddress=some@email.address
Getting Private key

Copy the certificate, key and csr files and set the permisions:

# cp ca.crt /etc/pki/tls/certs/
# cp ca.key /etc/pki/tls/private/ca.key
# cp ca.csr /etc/pki/tls/private/ca.csr
# chmod 600 /etc/pki/tls/certs/
# chmod 600 /etc/pki/tls/private/ca.key
# chmod 600 /etc/pki/tls/private/ca.csr

Edit the apache configuration for the VirtualHost or site (Virtual host in this example.):

# cd /etc/httpd/conf.d/
# ls
autoindex.conf myhostname.conf php.conf README ssl.conf userdir.conf welcome.conf
# vi myhostname.conf

ServerName server.domain.tld
ServerAlias someothername
DocumentRoot /var/www/html

NameVirtualHost *:443

ServerAlias myhostname
DocumentRoot /var/www/html/myhostname
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

AllowOverride All

DocumentRoot /var/www/html/myhostname
ServerAlias myhostname

Restart apache:

# systemctl restart httpd

To renew the cert:

# cp -p /etc/pki/tls/certs/ca.crt /etc/pki/tls/certs/ca.crt.bak
# cp -p /etc/pki/tls/private/ca.key /etc/pki/tls/private/ca.key.bak
# openssl req -new -days 365 -x509 -nodes -newkey rsa:2048 -out /etc/pki/tls/certs/ca.crt -keyout /etc/pki/tls/private/ca.key
# systemctl restart httpd

MySQL DB access via shell.

Here is a decent secure way to get yourself access to your MySQL/MariaDB databases from a shell script in linux:

# umask 277
# vi /somedirectory/.supersecretfile
# ls -l /somedirectory/.supersecretfile
-r——–. 1 root root 36 Feb 2 11:58 /somedirectory/.supersecretfile
# umask 022

# mysql –defaults-file=/somedirectory/.supersecretfile -e “SOME SQL COMMAND”

VMware ESXi and iSCSI storage issue.

I was having some trouble with a couple iSCSI volumes in a two member ESXi cluster. Two of the volumes were display in the client adapater details as mounted, but the volumes were not showing as mounted in the Storage pane or with a df command in the CLI.

Logs to check in for a possible hint:

# grep -i volumename vobd.log
# grep -i volumename vmkernel.log

When I listed the filesystems from the CLI using the following, the volumes were not listed or obviously mounted:

# esxcli storage filesystem list

List iSCSI adapters configured:

# esxcli iscsi adapter list

A rescan of all the adapters did not work either:
Rescan adapter:

# esxcli storage core adapter rescan -a

To list all the devices and their world IDs:

# esxcli storage core device world list

To only list the world IDs tied to one device:
# esxcli storage core device world list -d mydeviceid

List all guests and their World ID:

# esxcli vm process list

Restart management services:

# restart

The vmkernel.log had a clue. A message stating that “Device mydeviceid detected to be a snapshot:”

# grep -i mydeviceid vmkernel.log

Listing the snapshots revealed the issue:
List snapshot:

# esxcli storage vmfs snapshot list

Both of my troubled volumes were listed as snapshots. I was told by VMware that this can happen if something changes in the META data of the iSCSI SAN/NAS. This was possible in my case, because I just updated my FreeNAS to the latest version. All that needed to be done was remove the snapshots. Once removed the volumes were mounted immediately.
Remove snapshot:

# esxcli storage vmfs snapshot mount -u “59b153b3-86f464ec-999d-a0d3c1f0cdf0”
# esxcli storage vmfs snapshot mount -u “59b1a680-bc18c507-831a-2c768a56eb24”

Return top