2017年9月18日 星期一

GPO Software Installation

New a policy for Software Deploy, e.g. "MYS - Windows 7 x64 Deploy"
Right click Organization > Link Existing GPO and select new create policy 

Edit "MYS - Windows 7 x64 Deploy"

New Packge on Software Installation, it will auto install the package when user login


Deployment state if select "Publish", user computer will not auto install, but they can find the application on Control Panel > Programs and Feature > "Install a program from the network"


The Software Installation only run once only, if user uninstall the application must manual install again, 

The following action allow the system auto install the deploy software again.
Simply delete corresponding key from:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt


2017年9月15日 星期五

Quick Fix Windows Problem


Enable Windows Task Manager when Disabled by a Virus

Open Group Editor Policy by Clicking on Start, then click Run and type in gpedit.msc and press OK. Once in the Group Policy Editor, expand in turn: User Configuration > Administrative Templates > System > Ctrl+Alt+Del Options On clicking Ctrl+Alt+Del You will have four option on right hand side. Double click on Remove Task Manager to change its setting: Click on Not Configured and then OK and Task Manager is available once again.


Some user can't login / The sign-in method you're trying to use isn't allowed. For more info, contact your network administrator.

Open Local Security Policy by Clicking on Start, then click Run and type in secpol.msc and press OK. 
Once in the Local Security Policy, expand in turn: Local Policies > User Rights Assignment
on clicking "Deny log on locally" on right hand side, make sure your user not here, if here just remove it and problem should solve. if the problem user account name not here,
on clicking "Allow log on locally" on right hand side, add the user allow log on locally.

2017年9月6日 星期三

Change Exchange Online Inbox Language


Login to Webmail, Click "Options" > "Mail"


 Left Panel select "Region and Time Zone" and change your language


After change the language, you will show "Rename default folders so their names match the specified language", after click SAVE the inbox language will changed, if you using Outlook 2016, it will change too

2017年8月7日 星期一

IBM / Lenovo Server Default Information

Integrated Management Module II Default
 - Username : USERID
 - Password : PASSW0RD

Hotkey on System Boot
 - F1 --- : BIOS
 - F2 --- : Diagnostics
 - F12 --- : Boot Menu

2017年7月7日 星期五

Office Product Key and Download

First Purchase activate the Office
How to check my installed office product key
How to change my office product key
Where can i download Office 2007/2010 for install my Office product.




First Purchase activate the Office


If you purchase Office 2013 and Office 2016, you should create a MS Office Account to hold your Office product key, Your box of product inside only have a key card, the physical key card is used for redeem the installation key, after redeem the installation Key the key card is no value rubbish.

I will suggest after redeem the installation key, you should write down the register Office Account e-mail and product installation key on this physical key card to identify you own this product.

Now starting to activate your office, please click the following link:
Http://www.office.com/setup <Only for Office 2013 and 2016

If you redeem more than one office product on your account, the page only Added Date to identify each office, so if you redeem 10 pcs as same time, you will hard to identify which one is new entry, because it will not sort by entry order , Each office account only hold 30 office product.

If you purchase the Office 2013/2016 in Hong Kong, once you redeem the product you have 3 language for choose, "Chinese Tradition", "Chinese PRC" and "English", even your physical product is english, you also choose Chinese language, but remind your redeem only have times to select the language you can not change later, but the installation key did not limit the language, your install key can use and install any language office, just your download page only your selected Language for download.




How to check my installed office product key

Open the "Command Prompt"

For 32-bit Office 2016
cscript "C:\Program Files (x86)\Microsoft Office\Office16\OSPP.VBS" /dstatus
For 64-bit Office 2016
cscript "C:\Program Files\Microsoft Office\Office16\OSPP.VBS" /dstatus
For 32-bit Office 2013
cscript "C:\Program Files (x86)\Microsoft Office\Office15\OSPP.VBS" /dstatus
For 64-bit Office 2013
cscript "C:\Program Files\Microsoft Office\Office15\OSPP.VBS" /dstatus
You will get last 5 characters of installed producy key

Login your Office Account and compare the key
http://www.office.com/myaccount








How to change my office product key



Open the "Command Prompt"

For 32-bit Office 2013
cscript "C:\Program Files (x86)\Microsoft Office\Office15\OSPP.VBS" /inpkey:yourkeygoeshere
For 64-bit Office 2013
cscript "C:\Program Files\Microsoft Office\Office15\OSPP.VBS" /inpkey:yourkeygoeshere 
Remark : If your product is Office 2016, please change Office15 to Office15




Where can i download Office 2007/2010 for install my Office product.



For Office 2010 (English) - https://products.office.com/en-us/office-2010
For Office 2010 (Chinese) - https://products.office.com/zh-hk/office-2010
For Office 2007 (English) - https://products.office.com/en-us/download-office-2007
For Office 2007 (Chinese) - https://products.office.com/zh-hk/download-office-2007




2017年7月6日 星期四

ValuNet Deluxe 萬利叻 (Version : 5.6)

客戶服務熱線 : 2917-8888
網址 : http://www.tradelink.com.hk/chi/customer_services/hotline_service.html

請先下載安裝說明及軟件
 - Installation Manual [chuyuk]
 - ValuNet Deluxe 5.6 [Official][chuyuk]


關於安裝:
請聯絡萬利叻技術支援熱線, 要求他們REMOTE替你安裝

介時需要Remote可以參考以下連結
http://chuyuk.blogspot.hk/2013/04/teamviewer-quicksupport.html

Chrome configure Flash setting

This setting screen is capture by version Version 59.0.3071.115 (Official Build) (64-bit)
Chrome is disabled flash on version 55.xxx, please make sure you got the latest version Chrome installed.


Goto Chrome Setting, on the bottom click "Advanced"


Under "Privacy and Security" click "Content Settings"


Under "Content Settings" click "Flash"

You can managed which site allow run flash

2017年6月20日 星期二

the operating system is not presently configured to run this application windows / 作業系統目前未設定執行此應用程式

When you try open any Microsoft Office product and pop-up the following screen "the operating system is not presently configured to run this application windows"



Please check did you installed Symantec Anti-Virus, recently i have implement Symantec Endpoint Protection Cloud on my client office, after install some user report the following error message and can't open any Word/excel/outlook.



If your problem is cause by Symantec Endpoint Protection Cloud, please try open it and update the definitions, after update it will back to normal.




Outlook Search not work and only work in Safe Mode

Key word : Outlook can't search / Outlook Search Not Work / Outlook search only work in Safe Mode

Suddenly your Microsoft Outlook can't search any e-mail or not match, this may be index problem,  if search is working on Outlook Safe Mode, that mean the Search Index got problem, because Safe Mode will not using Windows Search function.

Solution :
1. Try Rebuild Index
2. Disable Outlook Search Index (that mean not using Windows Search Services for Outlook search)
3. Disable Windows Search Services

Remark : Disable search index is temporary solution, does not solve the problem, but actually sometime we are no solution for this because Microsoft are suck!

How to access Outlook Safe Mode
 - Hold the Keyboard "CTRL" button then open the Outlook.


Try Rebuild Index
1. Click Search
2. Indexing Options
3. Advanced   "User require administrator right"
4. Click Rebuild
Remark : Typically you may need wait a whole day to finish the rebuild index, on step 2 indexing options have indexed status.







Disable Outlook Search Index

Click "File" > "Options"

Click "Search" then "Indexing Options"


Click Modify


Unclick "Microsoft Outlook" > "OK"




Disable Windows Search Services
 - Not recommended, because any search index on windows will disabled





How to disable Windows Search services
1. Press "WIN" + "R" key, pop-up "Run" windows.


2. Type "services.msc" and enter

3. Locate "Windows Search", right click mouse and select properties
4. Startup Type change to "Disabled" and click "Stop"



5. Try close outlook and start again, the search function will work now!




How to Start Outlook with Safe Mode
Just hold the "CTRL" key to open the Outlook, it will pop-up windows ask you run Safe Mode or not

2017年5月16日 星期二

pfsense 502 bad gateway

If got problem on your pfsense firewall, please try using Putty connect to SSH, of course you should enabled SSH before.

After login run command    /etc/rc.php-fpm_restart

2017年5月15日 星期一

2017年4月17日 星期一

Office 365 Request Partners Relationship

Partner Step

1. Click "Partner Center"

2. Click "Customers" > "Request a relationship"


3. Enter you partners code


4. Copy the email text and sent to client

Client Step
1. After receive the relational request, client the link and sign in your admin account


2. Authorize the relationship, done.


2017年3月27日 星期一

Wharf bMail / IBM Collabserv Business Mail migrate to Office 365 (Full / Partial Migrate)

IBM bMail to Office 365 Migration (Patial Migrate)

1. Get Microsoft Office 365 ready

2. Add domain in Office 365, add DNS TXT record to verify domain (e.g. : MS=ms39095089)

3. Office 365 prepare all e-mail account
 - Get ready all user mailbox (please using @xxx.onmicrosoft.com first)
 - Get ready all distribution list is correct  (please using @xxx.onmicrosoft.com first)
 - Get ready all forward and alise is correct  (please using @xxx.onmicrosoft.com first)

4. Office 365 > Setup > Data Migration > Setup sync mailbox from IBM bMail

5. About Data Migration should waiting all Status is Synced

6. Office 365 > Exchange Admin Center > Mail flow > accepted domains
 - Change "Authoritative" to "Internal Relay"

7. Optionally, unblock the existing email server
 - Exchange Admin Center > protection > connection filter > add IBM bMail IP

8. ADD DNS record (MX, SPF)
 - Office 365 MX Priority should greater than existing one
 For Example :
MX : mys-com-hk-mx.mail.na.collabserv.com (priority: 10)
MX : mys-com-hk-mx-bk.mail.na.collabserv.com (priority: 20)
MX : mys-com-hk.mail.protection.outlook.com (priority: 30)

*** If add SPF must include bMail and ISP, this is for prevent bMail can't sent out e-mail. ***
*** You can ignore SPF first, after all migration done, then add it back ***

9. Starting Migrate e-mail account from bMail to Office 365 (Patial migrate each account)
 For Example to migrate Wincy Mailbox
 - bMail Wincy Mailbox forward e-mail to Office 365 wincy.chu@mys.onmicrosoft.com
 - Data Migration should disable wincy.chu@mys.onmicrosoft.com
 - Office 365, Change wincy.chu@mys.onmicrosoft.com to wincy.chu@mys.com.hk
 - wincy.chu@mys.onmicrosoft.com should keep here for receiving forward mail
 - After 15 mins should be all worked!

10. After few day monitoring no problem on incoming e-mail, you can remove Wincy Chu e-mail account from bMail, just create Distribution list "wincy.chu@mys.com.hk" then forward to "wincy.chu@mys.onmicrosoft.com", you can reduce one mailbox slot.

11. bMail existing distribution list, you should created on Office 365 but not using @mys.com.hk, should using @mys.onmicrosoft.com, once all mailbox migrated, you can change to @mys.com.hk.

12. If all mailbox migrated and you don't need bMail, please remove all bMail DNS record and remove all setting on IBM server, also terminate it, after done please follow Step 6. change "Internal Relay" to "Authoritative"


Q&A :   Important (Partial Migrate) Please Read
Q: Why Office 365 Distribution list should using @mys.onmicrosoft.com not @mys.com.hk
A: Because the primary server on bMail, if you using @mys.com.hk on Distribution list, Wincy sent e-mail to Distribution list may not success route to bMail

Q: What is the flow between bMail & Office 365
A: All incoming mail to @mys.com.hk, according to DNS priority should delivery to bMail first, then forward to Office 365.
 - bMail to Office 365 is forward to @mys.onmicrosoft.com so should no problem
 - Office 365 back to bMail, if any mailbox or distribution list using @mys.com.hk for e-mail, the mail will internal route to mailbox, will not forward to bMail, so Distribution list should not created on Office 365 or just using @mys.onmicrosoft.com.

2017年3月22日 星期三

UniFi Controller Common Setting

Site
Default Site is not allow to delete.

Forget Device or Move Device to another Site
1. Click Device > Select AP > Configuration > Manage Device
2. Click Forget or "Move this device to" then select the new site

2017年3月10日 星期五

pfsense login from local, remain blank page or black page


This is cause by the package pfblockerNG, when you enable the services and you are using HTTPs with Port 443 to access from local, but you can access from WAN address.


After enable the pfblockerNG, Aliases and rules will created, and you will see the https 443 is redirect to localhost, so you will not get access pfsense GUI from locally.


You can adjust pfsense webConfigurator Protocol or Port to solve this problem.

2017年3月4日 星期六

Windows Server 2003 Uselful GPO

Assign Domain Users as a Client Computer Local Administrators and Remote Desktop Users




Assign Domain Users as a Client Computer Local Administrators and Remote Desktop Users

Advantage : 
This domain users have local computer right to install software on client computer, but this user no permission on server.
Disadvantage : 
For the security risk, this user password should only handle by admin/support staff, even this account can't harm server, but this login can access/remote any local computer.
Source : This is original source and more detail about the step.
https://social.technet.microsoft.com/wiki/contents/articles/7833.how-to-make-a-domain-user-the-local-administrator-for-all-pcs.aspx#Step_4_Linking_GPO


Step 1 : Creating a Security Group
First you need to create a security group called Group_Support

 - Create a security Group name it Group_Support. 
 - Create a Domain Users and add as Group_Support member.

Step 2: Create Group Policy.
Next you need to create a group policy called “MYS GPO”

 - Open Group Policy Management Console ( gpmc.msc )
  - Right click on Group Policy Objects and select  New. 



Type the name of the policy "MYS GPO"


Step 3: Configure the policy to add the “Group_Support” group as Administrators

Right click “MYS GPO” Policy then select Edit.
  




Expand Computer configuration\Policies\Windows Settings\Security Settings\Restricted Groups
In the Left pane on Restricted Groups, Right Click and select “Add Group“




In the Add Group dialog box, enter Group_Support and click ok to close the dialog box.



Click Add under “This group is a member of:”
 Add the “Administrators” Group.
 Add “Remote Desktop Users”
 Click OK twice



NOTE# When adding groups, you can add whatever you want, the GPO will match the group on the system, if you type “Admins” it will match a local group called Admins if it exists and put “Support_Group” in that group.

Step 4: Linking GPO

In Group policy management console, right click on the domain or the OU and select Link an Existing GPO


Select the MYS GPO


Step 5: Testing GPOs

Log on to a PC which is join to the domain and then run gpupdate /force and check the local administrators group. You should see Group_Support in that group now. Make sure all PCs you want to access should be move to an OU and properly link above GPO. Tom and Bob domain users can now access all PCs remotely as a local administrator.

Important Remark : 
If you rename Group_Support, the GPOs will update as same. 



pfSense Loopback IP

Source https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks


If you do not enable NAT Reflection Mode, you may not access some NAT from local LAN, for example "www.chuyuk.com:5000" is NAT to your local network IP 192.168.1.1:5000, Outbound access is ok, but inbound you only can access 192.168.1.1:5000, "www.chuyuk.com:5000" will not work in inbound access.

pfsense > System > Advanced / Firewall & NAT

 - NAT Reflection mode for port forwards select "Pure NAT"
 - click Enable "Enable NAT Reflection for 1:1 NAT"
 - click Enable "Enable automatic outbound NAT for reflection"




2017年3月2日 星期四

Screenconnect Client can't connect to Host

If you found your Screenconnect Client can't connect to Host, just keep say "Waiting for retry", you should uninstall a ScreenConnect Client then install again.

Cause :
Client and Host connection is broken, for example my computer installed Screenconnect Client, my computer name will list on ScreenConnect Host, on the background between client and host with a ID, if the ID is broken, you can't fix it even reinstall the Screenconnect, so you should uninstall and install again to get a new ID.

Here is common case :

Case 1:
 - Client : uninstall the ScreenConnect.
 - Host : do nothing, host will never see the client online.
 - Action : If client install ScreenConnect again, what will happen, the Host will show two client, one is never online because client uninstalled.

Case 2:
 - Client : do nothing
 - Host : Remove the Client in Online status, Client side will uninstall ScreenConnect Client

Case 3:
 - Client : do nothing
 - Host : Remove the Client on Offline status, Client side may not uninstall ScreenConnect Client, then Client will keep always connect to Host but not successful, Host will not see the Client anymore.
 - Action : Client should uninstall ScreenConnect manually, if client not uninstall first, reinstall will retain the old connection ID, but the Host ID is removed, so the client will not success connect to host anymore and keep waiting for retry.


Official Instruction for Manually Remove ScreenConnect Client
https://help.screenconnect.com/Manually_remove_access_client

For Mac User
1. Open the "Terminal" under "HDD > Applications > Utilities >"
2. Run the following command, remember you need admin right and password.
  1. Stop the ScreenConnect Client service on that machine:
    launchctl unload /Library/LaunchAgents/screenconnect-xxxxxxxxxxxxxxxx-onlogin.plist
  2. Delete the service definitions (both the onlogin and prelogin ones):
    rm /Library/LaunchAgents/screenconnect-xxxxxxxxxxxxxxxx-*.plist
  3. Delete the ScreenConnect Client files:
    rm -r /opt/screenconnect-xxxxxxxxxxxxxxxx.app

Remark : Point 1 to 3, you may see permission denied, you can try add "sudo" first :

sudo rm /Library/LaunchAgents/screenconnect-xxxxxxxxxxxxxxxx-*.plist
<<<then enter admin password>>>

2017年2月26日 星期日

2017年2月24日 星期五

pfsense SSD Harddisk Enable TRIM

The first, you should identify your TRIM is enabled or disabled.

WebGUI Interface > Diagnostics > Command Prompt

















You also can press [8] on VGA console and type command "tunefs -p /"


tunefs: POSIX.1e ACLs: (-a)                                disabled
tunefs: NFSv4 ACLs: (-N)                                   disabled
tunefs: MAC multilabel: (-l)                               disabled
tunefs: soft updates: (-n)                                 enabled
tunefs: soft update journaling: (-j)                       enabled
tunefs: gjournal: (-J)                                     disabled
tunefs: trim: (-t)                                         disabled
tunefs: maximum blocks per file in a cylinder group: (-e)  4096
tunefs: average file size: (-f)                            16384
tunefs: average number of files in a directory: (-s)       64
tunefs: minimum percentage of free space: (-m)             8%
tunefs: space to hold for metadata blocks: (-k)            6408
tunefs: optimization preference: (-o)                      time
tunefs: volume label: (-L)


OK Now going to enabled TRIM



Now reboot your pfsense to Single User, when the following screen prompt up, Press "2" or "S" to boot Single User.

          __ ____
   _ __  / _/ ___|  ___ _ __  ___  ___
  | '_ \| |_\___ \ / _ \ '_ \/ __|/ _ \
  | |_) |  _|___) |  __/ | | \__ \  __/
  | .__/|_| |____/ \___|_| |_|___/\___|
  |_|


 +------------Welcome to pfSense-----------+
 |                                         |                 ______
 |  1. Boot Multi User [Enter]             |                /      \
 |  2. Boot [S]ingle User                  |          _____/    f   \
 |  3. [Esc]ape to loader prompt           |         /     \        /
 |  4. Reboot                              |        /   p   \______/  Sense
 |                                         |        \       /      \
 |  Options:                               |         \_____/        \
 |  5. [K]ernel: kernel (1 of 2)           |               \        /
 |  6. Configure Boot [O]ptions...         |                \______/
 |                                         |
 |                                         |
 |                                         |
 +-----------------------------------------+

run shell command  "cat /etc/fstab", show the following device, write down the highlight red color string, FStype is ufs.
cd /
cat /etc/fstab
# Device  Mountpoint FStype Options  Dump Pass#
/dev/ufsid/58b03b253575d41a  /  ufs rw  1 1
/dev/label/swap0  none  swap sw  0 0
Type the following command, highlight red color string should same as above.
# /sbin/tunefs -t enable /dev/ufsid/58b03b253575d41a
then press enter, if success will show the following message.

tunefs: issue TRIM to the disk set
then type reboot and verify the TRIM status again.
# /sbin/reboot


2017年2月17日 星期五

UniFi Controller Run as Windows Services and UniFi Cloud Access got Error : An error occurred. Cloud access is not compatible with this OS architecture

This page is slowing how to let UniFi Controller run as Windows Services and it also can fix can't enable the Cloud function.

Link
UniFi Account Page : https://account.ubnt.com
UniFi Cloud Access Page : https://unifi.ubnt.com/#/



Enabled UniFi got problem and get "An error occurred. Cloud access is not compatible with this OS architecture."


Step 1 :
 - Make sure you already create account on UniFi

Step 2 :
 - You need install update both x86 & x64 Java

Step 3 :
 - add "C:\Program Files (x86)\Java\jre1.8.0_121\bin" to Path on "Environment Variables..."


















Step 4 :
  1. Close any instances of the UniFi software on the controller
  2. Open the command prompt as an Administrator
  3. Run Command Prompt as an Administrator, then change directory to the location of UniFi in your computer, using the command:

    cd "%UserProfile%\Ubiquiti UniFi\"
  4. Once in the root of the UniFi folder, issue the following:

    java ‐jar lib\ace.jar installsvc
Step 5 :
 - Restart a computer, now you can access https://localhost:8443 without turn on the UniFi Controller


Remark :
After run as services, you don't need to open UniFi shortut ("%username%\Ubiquiti UniFi\lib\ace.jar" ui), if you double click open the UniFi Controller Windows, please click "Hide", if you close this windows and click yes to confirm close the UniFi Controller, the services will close and you would not get the connection on Browser.