Enroll your Android Enterprise dedicated devices or fully managed devices (Preview) with Microsoft Intune

Enable Intune/MDM

Remember to get correct license and configure Intune/MDM first

Then open this link to make sure you are able to see the correct MDM link

Azure Active Directory admin center
Azure Active Directory admin center

Configure Microsoft 365 Device Management

1 Open the Microsoft 365 Device Management page from Microsoft 365 admin center

2 Create a Google account if you do not have one

3 Device enrollment -> Android enrollment -> Managed Google Play

4 Link the Google account

5 Corporate-owned, fully managed user devices will be enabled now, click on it to show the QR code and Token for Step 9 in next section (Enroll by using a token)

Microsoft 365 Device Management -> Device enrollment - Android enrollment
Microsoft 365 Device Management -> Device enrollment – Android enrollment

Enroll by using a token

Android 6 and later devices can use token method to enroll the device, Android 6.1 and later versions can also leverage QR code to enroll.

1 Wipe your Android device, refer to device official website to find out different methods to wipe the device.

2 Turn on the device

3 Select your Language from setup screen

4 Connect to your Wifi and then press NEXT.

5 Accept the Google Terms and conditions and then Press NEXT.

6 On the Google sign-in screen, enter afw#setup instead of a Gmail account, and then press NEXT.

7 Choose INSTALL for the Android Device Policy app.

8 Continue installation of this policy. Some devices may require additional terms acceptance.

9 On the Enroll this device screen, allow your device to scan the QR code or choose to enter the token manually.

10 Follow the on-screen prompts to complete enrollment.

Note: If you have signed in with normal Google account, wipe the device again

For other methods: Near Field Communication (NFC), Google Zero Touch refer to this link

Windows 10 Azure AD – Something went wrong

“Your organization has deleted this device. To fix this, contact your system administrator and provide error code 700003”

Something went wrong -  Your organization has deleted this device. To fix this, contact your system administrator and provide error code 700003
Something went wrong – Your organization has deleted this device. To fix this, contact your system administrator and provide error code 700003

If you have encountered this error try following method:

1 Remove Work account from Windows 10

2 Sign out from Intune (If signed in)

3 Open command line or PowerShell window with Admin rights

4 Enter command: “dsregcmd /leave”

Command line windows with command -  dsregcmd /leave
Command line window with command – dsregcmd /leave

5 Enter command: “dsregcmd /status” to check if the system is now left the Azure AD

Command line windows with command -  dsregcmd /status
Command line window with command – dsregcmd /status

6 Try to sign in with Work account from Settings

Keywords: Windows 10, Azure AD, Azure Active Directory

Windows 10 Update 1903 Blocked by Intel Rapid Storage (Intel RST) Drivers

“Intel Rapid Storage Technology (Intel RST): The inbox storage driver iastora.sys doesn’t work on these systems and causes stability problems on Windows. Check with your software/driver provider for an updated version that runs on this version of Windows”

Windows 10 Update 1903, What need your attention
The following this need your attention to continue the installation and keep your Windows settings, personal files, and apps.
Windows 10 Update 1903, What need your attention
The following this need your attention to continue the installation and keep your Windows settings, personal files, and apps.

If you have encountered this error, try to update Intel RST drivers to latest version.

Microsoft recommends driver version 15.9.6.1044, while currently latest version is 17.5.1.1021. Keep in mind that OEM drivers might include modification which is missing from official Intel drivers.

Note: If after the driver update, the same error still persists, try the following method.

1 Find iaStorA.sys or iastora.sys under C:\Windows\System32\drivers

Path for iastora.sys
Path for iastora.sys

2 Rename to iaStorA.sys_A or iastora.sys_A

3 Close the Error window (Refresh button does not work)

4 Try open Windows update and try again

You should be able to update the system successfully now!

Open Source and Free Downloader / Download Manager

Aria2

An open source and free downloader / download manager, it can download file via http, https, bittorrent, FTP etc.

It is a command line program.

e.g.

Download from WEB:

$ aria2c http://example.org/mylinux.iso

Download from 2 sources:

$ aria2c http://a/f.iso ftp://b/f.iso

More can be found here: https://aria2.github.io/

Persepolis Download Manager / persepolisdm

Based on Aria2, GUI for Aria2

Persepolis Download Manager User Interface
Persepolis Download Manager User Interface

youtube-dl

A downloader for YouTube and other video sites.

It is a command line program.

youtube-dl-gui

Based on youtube-dl, a GUI for youtube-dl

youtube-dl-GUI User Interface
youtube-dl-GUI User Interface

How to: Check storage quota in SharePoint Online

Usually you have to be the site owner or a site collection administrator to be able to check storage quota in SharePoint Online

1 Open your site, click Gear icon, then click on Site contents

Office 365 SharePoint > Settings
Office 365 SharePoint > Settings

2 Click on Site settings from new page

Office 365 SharePoint > Site Settings
Office 365 SharePoint > Site Settings

3 Click on Storage Metrics from Site Collection Administration section

Office 365 SharePoint > Site Settings
Office 365 SharePoint > Site Settings

Keywords: SharePoint, SharePoint storage, SharePoint Free Storage, SharePoint site storage, View SharePoint Storage Size

[GUIDE] IKEv2/IPSec, Per user firewall rule settings with FreeRADIUS

1. Follow the “IKEv2 with EAP-MSCHAPv2” https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2 from pfsense, to create a working IKEv2/IPsec VPN server first.
2. Install Freeradius2 on pfsense.
3. Once tested and working, some changes need to be made, so that the IKEv2/IPsec VPN will use radius to authenticate clients instead of local database. (Google some pfsense freeradius configuration guide)


Assume IKEv2/IPsec is working with freeradius.

Configure per user rules.
Create user1 and user2, user1 will have access to internal LAN and internet, user2 will only have internet access, not internal LAN access.
In real world case, user1 can be the pfsense owner/administrator, user2 can be friends who you want to give VPN.

1. Create user1 and user2 in Services -> FreeRADIUS -> Users.
user1
Put Username: user1, Password: password, IP Address: 10.1.2.1, Subnet Mask: 255.255.255.0, Gateway: 0.0.0.0/0 192.168.0.1 1
0.0.0.0/0 “Gateway address here (Address of pfsens box’s, not external gateway)” 1
Save

user2
Put Username: user2, Password: password, IP Address: 10.1.3.1, Subnet Mask: 255.255.255.0, Gateway: 0.0.0.0/0 192.168.0.1 1
0.0.0.0/0 “Gateway address here (Address of pfsens box’s, not external gateway)” 1
Save

Now, when user1 login, virtual IP address 10.1.2.1 will be assigned. When user2 login, virtual IP address 10.1.3.1 will be assigned.

2. Give internet access to two users, System -> Routing Static Routes
Add two different new static route for VPN client user1 and user2 to use, so that both client can have internet access from pfsense box.

Static Route1
Destination network: 10.1.2.0/24
Gateway: WAN_PPPOE – xxx.xxx.xxx.xxx (Your pfsense gateway, the one that you used to get internet access)
Save

Static Route2
Destination network: 10.1.3.0/24
Gateway: WAN_PPPOE – xxx.xxx.xxx.xxx (Your pfsense gateway, the one that you used to get internet access)
Save

3. Create firewall rules, Firewall -> IPsec
Create DNS rule, Action: Pass, Interface: IPsec, Address Family: IPv4, Protocol: TCP/UDP, Source: Any, Destination: This firewall (self), Destination Port Range: From 53 to 53.
Save

Create block rule, so that user2 won’t be able to access our LAN, Action: Reject, Interface: IPsec, Address Family: IPv4, Protocol: Any, Source: Network 10.1.3.0/24, Destination: LAN net.
Save

Create rule for allowing other traffic (internet etc.), Action: Pass, Interface: IPsec, Address Family: IPv4, Protocol: Any, Source: Any, Destination: Any
Save


Now user1 will have full access, LAN and internet, user2 will have internet access only, no LAN access.
To create more accounts for friends, just use same steps form step 1, assign them IP range from 10.1.3.2 to 10.1.3.254 will be fine.

How To: Create Apple Time Machine in Open Media Vault (OMV)

1 Create File System (Refer to this guide How To: Create SMB/CIFs/Windows Share in Open Media Vault (OMV))

2 Install OMV Extras from here http://omv-extras.org (For OMV V4, click on here, following the http://omv-extras.org/joomla/index.php/guides and install the plugin http://omv-extras.org/joomla/index.php/omv-plugins-4/4-stable )

3 Back to OMV, click on Plugins and install openmediavault-netatalk

4 Create Shared folder for Apple Time Machine (Refer to this guide How To: Create SMB/CIFs/Windows Share in Open Media Vault (OMV)) The steps are very similar but instead of going to SMB/CIFS, we use Apple Filing Tab this time

Screenshot of Open Media Vault (OMV) Services Tab -> Apple Filing -> Shares
Screenshot of Open Media Vault (OMV) Services Tab -> Apple Filing -> Shares

5 Make sure in the Edit Share window Enable Time Machine support, so that Mac OS can recognize the Share folder as supported Time Machine

Screenshot of Open Media Vault (OMV) Services Tab -> Apple Filing -> Shares
Screenshot of Open Media Vault (OMV) Services Tab -> Apple Filing -> Shares

6 Save settings

7 Click on Settings Tab, enable service, save settings and Apply

Creating a User

Since Mac OS require Time Machine require a password, we will create a user

1 Go to Access Rights Manager Tab and click on User

Screenshot of Open Media Vault (OMV) Access Rights Manager Tab -> User
Screenshot of Open Media Vault (OMV) Access Rights Manager Tab -> User

2 Click on Add button and Create a user and Save

Screenshot of Open Media Vault (OMV) Access Rights Manager Tab -> User -> Add User
Screenshot of Open Media Vault (OMV) Access Rights Manager Tab -> User -> Add User

Configure permission for Time Machine folder

1 Click on Shared Folders

 Screenshot of Open Media Vault (OMV) Access Rights Manager Tab -> Shared Folders
Screenshot of Open Media Vault (OMV) Access Rights Manager Tab -> Shared Folders

2 Click on previously created shared Time Machine folder then click on Privileges button

Screenshot of Open Media Vault (OMV) Access Rights Manager Tab -> Shared Folders
Screenshot of Open Media Vault (OMV) Access Rights Manager Tab -> Shared Folders

3 Tick Read/Write permission for desired user for Time Machine

Screenshot of Open Media Vault (OMV) Access Rights Manager Tab -> Shared Folders -> Privileges
Screenshot of Open Media Vault (OMV) Access Rights Manager Tab -> Shared Folders -> Privileges

4 Now if we open our Mac, click on Top left corner (Apple icon) -> System preferences -> Time Machine, configure the settings to use the Time Machine we have just created

5 From now on, it will backup your everything from Mac OS, with hourly, weekly and monthly backup routine

How To: Create SMB/CIFs/Windows Share in Open Media Vault (OMV)

Create File system

1 Make sure you have added disk

Screenshot of Open Media Vault (OMV) Storage Tab - Disks
Screenshot of Open Media Vault (OMV) Storage Tab – Disks

2 Click on File Systems

Screenshot of Open Media Vault (OMV) Storage Tab - File Systems
Screenshot of Open Media Vault (OMV) Storage Tab – File Systems

3 Format the disk/partition

Screenshot of Open Media Vault (OMV) Storage Tab -> File Systems -> Create Button
Screenshot of Open Media Vault (OMV) Storage Tab -> File Systems -> Create Button

4 Mount the file system

Screenshot of Open Media Vault (OMV) Storage Tab -> File Systems -> Mount Button
Screenshot of Open Media Vault (OMV) Storage Tab -> File Systems -> Mount Button

Create Windows Share

1 Click on SMB/CIFS from Services tab

Screenshot of Open Media Vault (OMV) Storage Tab -> File Systems -> Mount Button
Screenshot of Open Media Vault (OMV) Storage Tab -> File Systems -> Mount Button

2 Click on Shares then click on Add button

Screenshot of Open Media Vault (OMV) Services Tab -> SMB/CIFS -> Shares -> Add
Screenshot of Open Media Vault (OMV) Services Tab -> SMB/CIFS -> Shares -> Add

3 Click on + button for Shared folder

Screenshot of Open Media Vault (OMV) Services Tab -> SMB/CIFS -> Shares -> Add
Screenshot of Open Media Vault (OMV) Services Tab -> SMB/CIFS -> Shares -> Add

4 Follow the screenshot

Screenshot of Open Media Vault (OMV) Services Tab -> SMB/CIFS -> Shares -> Add -> Add Shared Folder
Screenshot of Open Media Vault (OMV) Services Tab -> SMB/CIFS -> Shares -> Add -> Add Shared Folder

5 Change Public to Only guests if you only need a public share without password (Means anyone on the same LAN can access and modify the shared folder)

Screenshot of Open Media Vault (OMV) Services Tab -> SMB/CIFS -> Shares -> Add
Screenshot of Open Media Vault (OMV) Services Tab -> SMB/CIFS -> Shares -> Add

6 Save the settings

7 Finally, Click on Services Tab, click on SMB/CIFS, then enable and Apply the new settings

Screenshot of Open Media Vault (OMV) Services Tab -> SMB/CIFS -> Settings
Screenshot of Open Media Vault (OMV) Services Tab -> SMB/CIFS -> Settings

8 Now if you point your file explorer to Open Media Vault’s name or IP address, you should be able to access the folder we have created and make changes to it

How to download YouTube videos

Using browser plugins

You can use plugins like “YouTube Video and Audio Downloader”, “Download YouTube Videos as MP4”, “Grab Any Media”, “Video DownloadHelper” for Mozilla FireFox

Using online websites

Websites like savefrom.net can easily help you to download videos from YouTube.

You just need to copy web address or URL of the YouTube video (Something looks like this: https://www.youtube.com/watch?v=xxxxxxxxxxx) to textbox in savefrom.net

Hit the download or “>” button.

Select your prefered format, e.g. MP4, MP3, resolution, e.g. 480P, 1080P etc.

Then you can dowlnoad the video from YouTube!

Easy to use Web Penetration test (Pentest) Tools – OWASP Broken Web Applications Project & WebGoat

WebGoat

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.

It includes many typical attacks, SQL Injection, Cross-site Scripting (XSS) attack, Parameter Injection etc.

OWASP WebGoat Interface
OWASP WebGoat Interface

Download: https://github.com/WebGoat/WebGoat

Note: WebGoat require JAVA to work

OWASP Broken Web Applications Project

OWASP Broken Web Applications Project includes WebGoat, it also includes many other packages for learning and practicing Pentest on web applications.

 OWASP Broken Web Applications Project Screenshot
OWASP Broken Web Applications Project Screenshot

Official website: https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project

Download: https://sourceforge.net/projects/owaspbwa/files/

Note: OWASP Broken Web Applications Project is packed as a virtual machine. You can use VirtualBox or VMware Workstation or VMware Player to launch it, in order to get the webpage as shown above.

(VirtualBox and VMware Player is free, VMware Workstation is not free, as of this writing)