Blog - Page 18 of 26 - InfoTech Ninja

Systems Admin

Enable Windows Firewall with PowerShell

Re-enable Windows Defender Firewall on a Windows Server with one cmdlet per profile. Get-NetFirewallProfile reads the per-profile state (Domain / Private / Public); Set-NetFirewallProfile -Enabled True flips them all on at once. Covers the three profiles, the read-then-set-then-verify pattern, the rest of the per-profile properties (default actions, logging, notifications), per-rule operations (New-NetFirewallRule, Get-NetFirewallRule, Enable/Disable), and the common pitfalls (turned off for testing, disabled only one profile, GPO override, block-all-outbound footgun).

Systems Admin

Active Directory Security Assessment with Purple Knight

Run Semperis Purple Knight Community against an Active Directory forest to surface Indicators of Exposure (weak crypto, print spooler on DCs, AdminSDHolder drift, kerberoastable accounts, etc.) and produce a graded HTML/PDF report. Walks the download, MotW Unblock-File pre-flight, the wizard's six indicator categories (AD Delegation, Account Security, AD Infra, Group Policy, Kerberos, Hybrid), the Zerologon-skip nuance, the score-grade scale, the remediation-then-rescan loop, and the common pitfalls (running as DA, running on a DC, skipping updates, mass-fixing without reading).

Systems Admin

Configure FSRM Quota

How to install File Server Resource Manager, build a reusable quota template (e.g. 500 MB hard quota with an 85% warning threshold), apply it to a folder, and test that hard enforcement returns the same not-enough-space error a full disk would. Includes the New-FsrmQuotaTemplate / New-FsrmQuota PowerShell equivalents for scripting many folders, the NTFS-quotas-vs-FSRM-quotas trade-off, and 6 common pitfalls (auto-apply at the wrong root, hard quota on an already-over folder, missing SMTP, edited-quota-not-matching-template, permission errors masquerading as quota issues, SrmSvc stopped).

Systems Admin

Remove (Demote) a Domain Controller

Two paths to remove a Domain Controller from Active Directory - graceful demotion via Server Manager (Remove Roles and Features wizard) for an online DC, and manual / forced removal via ADUC delete-from-Domain-Controllers-OU for an offline one. Walks both paths end to end with the actual screenshots. Includes the FSMO transfer pre-flight, the Test-ADDSDomainControllerUninstallation cmdlet, the post-demote AD Sites and Services cleanup, and a one-shot DNS scrub script that removes A/NS/SRV/CNAME records for the demoted DC across every Primary forward zone in one pass.

Systems Admin

Universal Group Membership Caching

How to enable Universal Group Membership Caching (UGMC) on a remote AD site so user logons no longer have to traverse a slow WAN to a Global Catalog. Walks the GUI three-click path (Sites and Services > site > NTDS Site Settings > Properties > Enable UGMC) with the actual screenshots, the Set-ADObject PowerShell equivalent (one bit on the NTDS Site Settings options attribute, 0x20), the design choice between UGMC and a local Global Catalog, the 8-hour cache refresh behaviour, and the common pitfalls (right-clicking the wrong node, first-logon needs the GC, stale cache after Universal Group changes).

Systems Admin

Configure a Domain Controller as a Global Catalog Server

How to add the Global Catalog flag to an existing Domain Controller in Active Directory Sites and Services, and the PowerShell equivalent (one bit on the NTDS Settings options attribute via Set-ADObject). Walks the GUI three-click path, the Set-ADObject cmdlet, post-change verification with Get-ADDomainController IsGlobalCatalog / dsquery server -isgc / repadmin /options / Test-NetConnection on port 3268, the partial-attribute-set replication timing caveat, and the common pitfalls (right-clicking the wrong tree node, leaving only one GC, demoting accidentally).

Systems Admin

Active Directory Health Check with PowerShell

One PowerShell script that wraps dcdiag, Test-Connection, Resolve-DnsName, w32tm, Get-Service, and CIM into a single colored HTML report — one row per Domain Controller, 35 columns of pass/warn/fail per cell. Includes the full Get-ADHealth.ps1 source, what each dcdiag test actually catches (Connectivity, SysVolCheck, KccEvent, FSMOCheck, NCSecDesc, etc.), how to schedule a daily SMTP-emailed run, the MotW / Unblock-File / ExecutionPolicy gotchas, and the green-DNS-red-everything-else fingerprint that means a DC is offline.

Systems Admin

Change Users UPN with PowerShell

Configure your on-premises Active Directory UPNs before syncing to Office 365. Add an alternative UPN suffix in AD Domains and Trusts, then bulk-change every user's UPN with Get-ADForest / Set-ADForest and Get-ADUser / Set-ADUser - either across the whole forest or scoped to a single OU. Verification commands included.

Linux Admin

Linux Performance & Observability: load, latency tails, perf top, eBPF

Working reference for the 10 most common Linux performance problems. High load with low CPU (D-state iowait), p99 latency tails (averages lie), high context switch rate, disk I/O saturation (%util / await), network at line rate, memory pressure without OOM (vmstat si/so), slow boot (systemd-analyze blame), hung app (strace / wchan / stack), kernel CPU vulnerability mitigations, cloud noisy neighbor (%steal). Tools: vmstat / iostat / sar / perf top / bcc-eBPF / biolatency / execsnoop. Cross-linked to monitoring command reference.

Linux Admin

Linux CI/CD & Automation Errors: runners, secrets, flaky tests, deploy failures

Working reference for the 10 most common Linux CI/CD pipeline errors. Runner offline (gitlab-runner / github-actions-runner systemctl), secret env var not injected, docker login failures (use ephemeral CI tokens), flaky tests (env vs hardware vs race), build cache miss, disk full on runner, job timeouts, deployment connection refused, git pull auth, Ansible host key verification. Cross-linked to docker, build, and systemd troubleshooting.

Linux Admin

Linux Database Errors: connection refused, deadlocks, replication lag

Working reference for the 10 most common Linux database errors at the OS layer. PostgreSQL/MySQL/Redis: connection refused (systemctl status), too many connections (PgBouncer / pool), password auth (pg_hba.conf), deadlocks (pg_stat_activity + pg_blocking_pids), replication lag, archive_command failures, MySQL Lost connection (max_allowed_packet, wait_timeout), Redis maxmemory eviction policy, disk full on data dir, long-running stuck transactions. Cross-linked to process/memory and networking troubleshooting.

Linux Admin

Linux Programming & Build Errors: gcc, ld, missing headers, ABI mismatch

Working reference for the 10 most common Linux build/compile/link errors. fatal error: header not found (install -dev / -devel), undefined reference (link order matters), library not found at runtime (ldd / LD_LIBRARY_PATH / ld.so.conf.d), GLIBC ABI mismatch (build in target container), segfault in tests, missing make/cmake (build-essential), Python ModuleNotFoundError, npm ENOSPC, exec on noexec mount, OOM during compile (lower -j, swap).

The Dojo