Excel Function to convert “MMM-DD-YYYY” to “dd/mm/yy”

July 25, 2017 Leave a comment

This is too important not to share. It should have been simple but it took simply ages to get right:

=DATE(RIGHT(A1,4),MONTH(DATEVALUE("01/" & LEFT(A1,3) & "/2012")),MID(A1,5,2))

where A1= the cell with the source date in the format MMM-DD-YYYY

 

Advertisements
Categories: Uncategorized

How to properly configure GPO’s for security groups

July 3, 2016 Leave a comment

I’m sure this used to work ok but I’ve recently been pulling my hair out trying to get group policies to apply properly on family PC’s.

Since upgrading to Server 2012R2 it seems to have broken.

Anyway, it turns out you shouldn’t remove Authenticated Users from the security delegation. Instead to into security /advanced and un check apply.

It’s all detailed very well here:

http://www.grouppolicy.biz/2010/05/how-to-apply-a-group-policy-object-to-individual-users-or-computer/

[draft]

Categories: Uncategorized

Free Anti Virus for Windows Server 2012 R2

March 19, 2016 Leave a comment

After a recent run in with DMA Locker I’m looking for affordable ways of beefing up my security. As an IT Pro I run a Windows Server 2012 R2 environment at home for trial and test purposes. The problem with this is that Windows Server does not have Anti Virus built in and you need a third party product. Server AV is ‘business grade’ meaning ‘expensive’ and out of reach of the enthusiast.

Enter System Center Endpoint Professional (SCEP)

SCEP client comes as part of the System Center Configuration Manager (SCCM) product which you can download as a trial. It’s then a simple task of extracting the Client installer from the package and installing.

Now your done. I’m not sure of the legality of this exactly, you are after all running software downloaded from Microsoft. I also don’t know at time of writing if this Client subset expires along with the SCCM trial. I’ll let you know.

Categories: Tech Tags: , ,

A Close Shave with DMA Locker

March 19, 2016 Leave a comment

I’ve been recently infected with DMA Locker. DMA Locker is part of the growing trend of malware called ‘ransomware’ which silently encrypts all your data files and all drives it can access. It then presents you with a big red warning screen that looks like this:

new_dma_lock

This is not just a slight irritation as many viruses are, this is the real deal. If you get this there is a significant chance that if you have no good backup strategy, you’ve lost your data. Also, since version three there is no way (currently) of circumventing the encryption.

You can read more about it here, there’s little documented information around so I thought i’d share my findings in the hope that others can learn.

https://blog.malwarebytes.org/intelligence/2016/02/dma-locker-strikes-back/

I don’t actually know how I obtained the malware, all I know is both my PC and Server were showing the above error on the evening of 14th March. From file timestamps I can see that encryption had taken place the prior evening around 1800 onward.

Close Shave

I have been lucky. I’d been playing a movie on the 13th around the time mentioned and performance had been very choppy. I had restarted my server. On analysis it looks like only some of my files have been encrypted, all I can assume is that I’ve interrupted the encryption process and the malware isn’t clever enough to resume itself. I have no evidence that this is the case, perhaps the malware failed part way but the result is that it hasn’t eaten into my most important data including my family photos.

Removing the Malware

I’ve been using Malware Bytes Anti Malware (MBAM) for a couple of years now. This is the most reliable free tool for cleaning malware. After getting infected I immediately downloaded MBAM, booted the PC’s in Safe Mode and ran MBAM. MBAM did remove the virus, only in my haste i didn’t record exactly what it discovered, I just hit the clean button. Since running MBAM I do appear to be clear of the malware. However I do have a lot of encrypted data sitting on my drives.

Prevention

Presumably a good AV program will protect you. I hadn’t gotten round to reinstalling my AV which I deeply regret. Hasherzade at the above link suggests creating dummy files in the correct locations to fool DMA Locker into thinking it’s finished:

PREVENTION TIP: Create these files to protect yourself from this version of DMA Locker. Content doesn’t matter. In presence of these files, the program will go by other path of execution and display the red message only – but not deploy the encryption.

    C:\Documents and Settings\All Users\decrypting.txt

    C:\Documents and Settings\All Users\start.txt

    C:\ProgramData\decrypting.txt

    C:\ProgramData\start.txt

    This trick works only as a PREVENTION – once your files are encrypted, it is not going to help. For more info about why it happens, please read this post.

    There’s not a lot of advice out there for what will guarantee your safety but the growing trend of ransomware will surely change this.

    Findings

    As i’ve said, once your files are encrypted, unless you can pay, or restore from backup they are gone. It appears (at the moment at least) that i haven’t lost any critical data. For information, you know that a file is encrypted because it won’t load. On the surface it looks the same but try to open it and fails, for obvious reasons.

    The encryption process places a header at the beginning of each encrypted file, if you open one of the encrypted files in a text editor you’ll see it:

    image

    Try this with a small file. Note the ‘!DMALOCK3.0’ at the beginning. That’s your proof!

    The following command will process all files and subfolders and create a text file called DMA_Encrypted_Files.txt. You’ll need the sysinternals Strings utility first too.

    E.g. to check your C:\ drive:

    • Put Strings.exe in the root of C:
    • Open a command prompt.
    • Navigate to root of C: (using CD \)
    • Run this command: strings -b 11 -n 11 -s *.* | findstr !DMALOCK3.0 > DMA_Encrypted_Files.txt

    You can use the output of this to examine what has been encrypted to plan your recovery options.

    Next Steps

    I’m still in the process of recovery. I’m considering cost effective options for Server AV and Cloud Backup and I’ve got a few good ideas. I’ll post here when I’ve had chance to explore further.

    Categories: Tech Tags: , ,

    Edge browser opens then closes immediately – fix

    December 21, 2015 Leave a comment

    I’ve been running Windows 10 for a while and it’s been pretty ok really, however suddenly Edge refuses to run. When I launch Edge is displays for a moment, then promptly closes.
    I actually use IE as my default browser anyway as I’m a RoboForm devotee and can’t do without it. Maybe if Edge starts supporting plugins I’ll switch.
    It was a tricky one as no errors were displayed in the Event Log. I’ll show you the couple of things I tried.
    Note: I don’t know specifically which once fixed it. Really sorry but I couldn’t really go re-break it to work it out.

    Anyway here’s what I did:
    First: Rename the corrupted Microsoft Edge Folder. “C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe”
    I just added a _OLD to the end.
    Next: (note it may be only one of these fixes it but i’ll give you all three)
    Run PowerShell as Administrator:

    Try this:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml” -Verbose}

    Or this:
    Add-AppxPackage -register “C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\appxmanifest.xml” -DisableDevelopmentMode

    Or this:
    Get-AppXPackage -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml” -Verbose}

    Thanks to my sources:
    http://www.tenforums.com/browsers-email/10331-microsoft-edge-keeps-closing-after-few-seconds-opening-2.html

    http://www.tenforums.com/tutorials/28655-microsoft-edge-reinstall-re-register-windows-10-a.html

    Categories: Tech Tags: ,

    Great way to delete stubborn folders in windows

    December 12, 2015 2 comments

    I’m utterly sick of getting “source path too long” errors in windows when trying to delete folders. I found a really neat solution here:

    http://superuser.com/questions/45697/how-to-delete-a-file-in-windows-with-a-too-long-filename

    In a nutshell, do the following in a  windows command shell:

    mkdir empty_dir
    robocopy empty_dir the_dir_to_delete /s /mir
    rmdir empty_dir
    rmdir the_dir_to_delete

     

    Categories: Tech, Uncategorized

    I wish i’d known about this 10 years ago…

    May 14, 2015 Leave a comment

    Scenario: Your in windows explorer a few folder deep, and you want to send a link to a file. You could click the toolbar path but that won’t include the filename. Plus if there’s any spaces in file or folder names you’ll have to enclose your link in quotes.

    Solution: Hold Shift + Right-click the file and select ‘copy as path’. This copies exactly what you want to the clipboard ready to paste into your email.

    http://www.techrepublic.com/blog/windows-and-office/quick-tip-copy-both-the-path-and-the-file-name-to-the-clipboard/

    Categories: Tech Tags: