Setup Remoting on non domain joined machines

Not so unique situation here. Have a jump box (Client) in the DMZ with a VPN client installed from which I want administer machines on a domain and some standalone servers using PSRemoting

The first stumbling block I came across was the Public Connection my VPN tunnel was stuck on. Command below was the easiest way to set to Private

Get-NetAdapter -Name “Ethernet 2” | Get-NetConnectionProfile

The server you intend on connecting to needs to have a certificate installed, it can be from your own internal CA which is what I did. The powershell way:

PS Cert:\LocalMachine\My> $enrollresult = ( Get-Certificate -Template Machine -Url ldap:///cn=CAName -DnsName CAServer.FQDN -CertStoreLocation Cert:\LocalMachine\My )

To enable PSRemoting you need to run

Enable-PSRemoting

You can append the -Force option, it does bypass you answering all the questions you are going to probably say yes to anyway. Personally I only used it when automating the setup.

to test you can use the Test-WSMan cmdlet

Test-WSMan -ComputerName Server01.FQDN # Without SSL 
Test-WSMan -ComputerName Server01.FQDN -UseSSL # With SSL 

At this point you have PSRemoting working over an HTTP connection, as the above test will show, using the default port (5985). To enable SSL you run

winrm quickconfig -transport:https
New-NetFirewallRule -DisplayName “PSRemoting” -Direction Inbound -LocalPort 5986 -Protocol TCP -Action Allow

The New-NetFirewallRule seems to be needed on my DMZ machines that are not Domain Joined. May or may not be an anomaly, needs more testing. The firewall rule seems to be needed in all cases. I am not changing the rule to allow clear text from locations other than the Local IP Subnet, and may actually block that at a later stage. You can of course do this via GPO for domain joined machines.

On the client end you will need to add the non Domain Joined servers to the Allowed hosts

winrm s winrm/config/client ‘@{TrustedHosts=”ServerFQDN“}’

I had to do it for a bunch of servers so I did it with a quick bit of PS, you can add as many servers into $computers as you need, I ended up with 83.

$computers = “Server01.FQDN“,”Server02.FQDN“,”Server03.FQDN“,”Server04.FQDN
foreach ( $computer in $computers ) { winrm s winrm/config/client ‘@{TrustedHosts=”$computer”}’ }

If your client is domain joined you won’t need this, but I am on a different domain to the servers.

From here you should be able to connect using

New-PSSession -ComputerName Server01.FQDN -Credential (Get-Credential) -UseSSL

As I am unable to connect to the CA I have to add -SessionOption (New-PSSessionOption -SkipRevocationCheck ) to skip CRL validation.

I put together a nasty little function to simplify connections and to stop ending up with mutiple sessions on a server

Updates
2016-07-21

Added powershell method for certificate enrollment
Changed firewall requirement

How to enable exFAT in Ubuntu

Today’s modern filesystems were built with spinning-disk hard drives in mind. This is true for Linux’s Ext2/3/4, Windows’ NTFS, and server filesystems like XFS and ZFS. And, of course, so was the original FAT though it wasn’t so much optimised, more simply being one of the first filesystems designed to address magnetic media.

However it’s the simplicity of FAT that makes it attractive for the new generation of storage mediums based on flash memory. Usually, flash memory devices (think SD/memory cards and USB keys) don’t have the fastest interfaces to the computer, and any overhead a filesystem introduces simply slows it down. And, because flash storage devices don’t often approach the volume of spinning-disk drives, you don’t need advanced filesystems to handle them.

How to enable exFAT in Ubuntu.

 

Basics: Introduction to Zener Diodes – Evil Mad Scientist Laboratories

A good intro to Zener diodes can be found @ Mad ScientistZener

Diodes are a special type of semiconductor diode– devices that allow current to flow in one direction only –that also allow current to flow in the opposite direction, but only when exposed to enough voltage. And while that sounds a bit esoteric, they’re actually among the handiest components ever to cross an engineer’s bench, providing great solutions to a number of common needs in circuit design.

In what follows, we’ll show you how (and when) to use a Zener, for applications including simple reference voltages, clamping signals to specific voltage ranges, and easing the load on a voltage regulator.

Dumb blog spammers

Can you be stupid enough to actually SPAM the default WordPress post that is created at blog setup.

A BreAduino nightmare

This was supposed to be a straightforward build but things started going wrong, and it just continued.

BreAduino

After getting all the parts and putting everything in exactly as it was supposed to be as per the really awesome instructions at http://arduino.cc/en/Main/Standalone and then double checking I go and hookup 12v to the breadboard and poof. Smoke coming out of your only Atmega 328 controller you have is not something you want to be seeing. If you look closely (click on the first image) you can see the melted plastic where the reset button is. I actually moved the Atmega 328 down four rows just in case I had shorted something internally.

FT232 Breakout Board

 

FT232 Breakout Board

 

 

After getting a couple of new Arduino boot loader preloaded Atmega 328’s I popped one in and hit the upload button. The only thing that happened was the following error message

avrdude: stk500_getsync(): not in sync: resp=0x00
avrdude: stk500_disable(): protocol error, expect=0x14, resp=0x51

A few searches later and I figured it must be due to not having a “auto reset” on my BreAduino, and it not being a Arduino Uno. After changing the the board to Duemilanove and a bit of experimenting I found that hitting the reset button immediately after Binary sketch size appears in the IDE an upload happened and worked. The RX an TX LEDs blinking at an insane rate is a good thing and made me happy.

HD44780 LCD Display

 

HD44780 LCD Display

 

 

Now that I have a working BreAduino I went through the hookup process of a HD44780 16×8 character LCD display, using the pinouts in the Arduino IDE examples as a guide. Unfortunately I did not realise that I had the positive and negative supply the wrong way around until I had a look at the excellent tutorial at AdaFruit  http://www.ladyada.net/learn/lcd/charlcd.html. The saying a picture says a thousand words applies to electronics as well. At least I didn’t pop the entire display, it is now a 8×2 character to will have to make use of scrolling text more than I would have liked.

At least I am now past stage two of the alarm system for the caravan, next step is to get all the parts working together.

NetSH scripting

I have been playing with two windows cli’s lately the first is the NetSH command which ships with everything from Windows 2000 on up. Will write up a post once I am more comfortable with wmic.

The main purpose of the tool is for network administration using the command line. The first thing I thought of was “YAY a way to change my IP for where I am” and that was how the batch file started. Yes I do know there are better scripting languages around, but I went with something that should work on whatever Windows 2000+ operating system it gets dumped in. Continue reading “NetSH scripting”

Google Friend connect

Been playing with Googles Friend connect on the blog today, added the wall gadget to posts as an alternative to the standard comment system, really hoping it works better.

Must say props to the Goog for making something simple and easy yet again, especially when compared to Facebook connect.