2022/10/19

發信通知AD帳號 密碼快到期的人

 windows系統內建的提醒實在太小了,就縮在右下角,而且預設兩週前會天天提醒,到剩一週後,就不會在顯示了,使用者早就忘了,所以需要一個比較顯示的提示。

 可以參考這個下列這個powershell,就可以執到此功能,裡面程式碼有夠多,但只要先把要搜尋的dc位置,mail server位置,管理者信箱這3個設定值,調成自己環境內的資訊,就可以執行測試了。

預設是測試模式,所以只會寄給管理者,測試ok後再關閉測試模式,通知信就會發給使用者了,不需要修改太多東西就可以用了,讚。

https://gist.github.com/meoso/3488ef8e9c77d2beccfd921f991faa64#file-example-com-password-expiration-notifications-ps1



Notifying Users of Expiring Passwords via Email in Active Directory

The default built-in password reminder in Windows is quite inconspicuous, residing in the bottom right corner. Additionally, it only displays reminders every day up to two weeks before the expiration date. Once there is only one week left, the reminder disappears, and users tend to forget about it. Therefore, a more prominent notification is needed.

You can refer to the following PowerShell script to achieve this functionality. Although the code may seem extensive, you only need to adjust three configuration values: the location of the domain controller (DC), the mail server, and the administrator's email address. Once you set them according to your environment, you can execute a test run.

By default, the script runs in test mode, sending notifications only to the administrator. After confirming that it works correctly, you can disable test mode, and the notifications will be sent to the users. It requires minimal modifications, making it easy to use.

You can find the PowerShell script at the following link:

https://gist.github.com/meoso/3488ef8e9c77d2beccfd921f991faa64#file-example-com-password-expiration-notifications-ps1

2022/10/07

outlook 收件都變成純文字格式

 outlook正常的話,收進來的信會是html格式。

如果信突然都變成文字格式,就是設定被調到,改回來就行了,就在信任中心裡有個以純文字讀取所有標準郵件,取消就行了。


















Outlook emails are appearing as plain text format.
In a normal Outlook setup, incoming emails are displayed in HTML format.

If suddenly all emails are appearing as plain text, it means that a setting has been changed. To revert back to the original format, follow these steps:

Open Outlook and go to the Trust Center.
Look for the option "Read all standard mail in plain text" within the Trust Center settings.
Uncheck this option to disable plain text reading for all standard emails.
Once you have made this change, Outlook will display emails in their original format again.

選擇權單賣 慘啊

 最近兩個月真的就是上下刷,做單賣當沖實在慘,一直打到停損,超累的。

還好都有控制好停損,至少都沒大賠。

2022/09/28

linux 掛載 windows 共用資料夾

 有一台centos要把windows的file server內的其中一個資料夾掛載上去。

先在windows主機192.168.1.1上,建立一個掛載專用的本機帳號abc,設定好密碼123。

接著就在cenotos上,執行下列指令就行了。

mount -t cifs -o username=abc,password=123 //192.168.1.1/documents /mnt/winshare



Mounting a Windows shared folder on Linux.

To mount a specific folder from a Windows file server on a CentOS machine, follow these steps:

On the Windows host with the IP address 192.168.1.1, create a local user account "abc" specifically for the mounting purpose. Set the password for this account as "123".

On the CentOS machine, execute the following command:

mount -t cifs -o username=abc,password=123 //192.168.1.1/documents /mnt/winshare


2022/09/27

Kaspersky Embedded Systems Security 病毒碼更新失敗 Error code: 0x02C2. Subsystem code: 0x4

有兩台裝有Kaspersky Embedded Systems Security3.0的主機病毒碼一直更新失敗,但還有四台都正常。

發信問廠商,回覆是說要做資料庫回溯,但做了也沒用,所以又給了另一個解法,就是升級到3.1。

如果升3.1才有用,那沒道理其他四台用3.0的都沒事啊,所以就覺得廠商的回覆蠻隨便的。

因為是server,也不能隨意重開機,所以就決定把防毒主程式重啟好了。

這版本比較鳥的是,沒有選項讓你直接關閉服務,要去裝kess console,然後裡面才有關閉跟啟用的服務。

重啟後,更新還是失敗,但再一次,就成功了。


原本的錯誤訊息如下

Internal task error occurred. Error code: 0x02C2. Subsystem code: 0x4 (General). For more details go to the Kaspersky Technical Support site: https://click.kaspersky.com/?hl=en-US&link=error&pid=wsee&version=11.0.0.0&error=B4X706X



Kaspersky Embedded Systems Security Virus Database Update Failure Error code: 0x02C2. Subsystem code: 0x4

We encountered issues with two hosts running Kaspersky Embedded Systems Security 3.0, as the virus database updates consistently failed. However, the other four hosts had no problems with the updates.

We reached out to the vendor for assistance, and they suggested performing a database rollback. Unfortunately, this solution did not resolve the issue. They then proposed upgrading to version 3.1 as an alternative resolution.

It seemed odd that only upgrading to 3.1 would solve the problem, considering the other four hosts running 3.0 were functioning fine. We found the vendor's response somewhat casual.

Since these were server systems, we couldn't simply restart them without careful consideration. Instead, we decided to restart the antivirus main service.

One drawback of this version is that it lacks an option to directly disable the service. Instead, we had to install the Kaspersky Endpoint Security for Business console, where we found options to enable and disable services.

After restarting the service, the update initially failed again, but upon a subsequent attempt, it succeeded.

The original error message received was as follows:

"Internal task error occurred. Error code: 0x02C2. Subsystem code: 0x4 (General). For more details, please visit the Kaspersky Technical Support site: https://click.kaspersky.com/?hl=en-US&link=error&pid=wsee&version=11.0.0.0&error=B4X706X"

2022/09/23

Fortigate VPN token有時後會沒用

 在fortigate上設定好ad帳號登入vpn,要啟用token驗證,才能連線。

但有些使用者設定好,手機上的程式也啟用了,登入vpn時就不會跳出要輸入token code,就直接登入成功了。

後來才發現是登入帳號大小寫的問題,有的人帳號是用大寫,就不需要輸入token code,用小寫才需要。

後來發現是我們在設定vpn的權限時,一開始是還沒用token時,直接把ad群組加入vpn的設定中。

現在因為要用token,需要把個別的ad帳號加到用戶名單,再加到vpn設定中。

所以vpn的設定裡就會有兩個不同的帳號來源,這時後只要把在vpn設定裡的ad群組拿掉,就行了。

user登入後,就只能接受跟用戶名單裡大小寫都要相符的帳號做登入。


Fortigate VPN Token Sometimes Doesn't Work

When setting up an AD account for VPN login on Fortigate, token authentication needs to be enabled to establish a connection.

However, some users have successfully configured their accounts and activated the token authentication on their mobile devices, but when they log in to the VPN, they are not prompted to enter the token code. Instead, they are logged in directly.

Later, we realized that the issue was related to the case sensitivity of the login credentials. Some users had their usernames in uppercase, which bypassed the need for a token code, while lowercase usernames required it.

We discovered that when initially setting up VPN permissions, before using tokens, we directly added the AD group to the VPN configuration.

Now, with the token requirement, individual AD accounts need to be added to the user list and then included in the VPN configuration.

As a result, the VPN configuration will have two different sources for account information. To resolve this, we simply need to remove the AD group from the VPN configuration.

After this change, users will only be able to log in with usernames that match the case sensitivity specified in the user list.

2022/09/22

fortiVPN 使用token登入錯誤 : fortitoken clock drift detected

 結果是安裝fortitoken mobile的手機時間錯誤,把時間調對就好了。


fortiVPN login error with token: fortitoken clock drift detected.

 The issue was caused by incorrect time settings on the mobile device where fortitoken mobile was installed. Simply adjusting the time resolved the problem.

2022/09/16

選擇權早盤當沖沒出掉 下午盤就會GG

當沖基本上就是早盤收盤要平倉,但有時後就是來不及,然後沒沖掉,就放到下午盤繼續等,但每次這樣子,就只會虧更多,唉!!!真的要照著計劃走,不能凹。

2022/09/01

選擇權做賣方要買保險

 做了幾個月的選擇權賣方,一直都記得做賣方要保險,不然遇到一次爆漲或爆跌,就會GG。

所以就一直做雙賣,想說至少有一邊能補一下,而且都做日盤當沖,頂多就價外1~2檔的位置,也流動性也還不錯,做的比較安心。

如果價格往其中一邊衝太多,還是會虧損,所以還是會設停損。

下單的策略並不是完全中立,是會先抓今天偏多或空,就會順勢往價外一兩檔做雙賣。

就算方向對了,賺的速度會比賠的快,所以還是會賺,但行情衝過頭,賠的速度就會比賺的快,反而會開始賠錢,等於是獲利有限,虧損無限大。

所以需要在好好想想,這策略應該要調整一下。

2022/08/09

Forti VPN連不上-- 'The server you want to connect to requests identification. Please choose a certificate and try again ( -5)'

 原本很舊的Forti防火牆升級後,有一些人的VPN就無法連線了,本來以為跟client端的vpn程式版本有關,因為公司內有4、5、6、7四種版本。

但後來發現這4個版本也都有不同的使用者可連上VPN,所以不是這個問題。

所以就用就錯誤訊息去查



後來是直接去IE的網際網路選項中,在進階設定裡把TLS1.1跟1.2打勾,就可以解決這個問題了。


Forti VPN cannot connect - 'The server you want to connect to requests identification. Please choose a certificate and try again (-5)'.
After upgrading an outdated Forti firewall, some people were unable to connect to the VPN. Initially, I thought it might be related to different versions of the VPN client software (versions 4, 5, 6, and 7) used within the company.
However, I later discovered that users with all four versions were able to connect to the VPN, so that wasn't the issue.
To troubleshoot, I investigated the error message further.
Eventually, I found that the solution was to go to the Internet Options in Internet Explorer and enable TLS 1.1 and 1.2 in the advanced settings. This resolved the problem.