Download and Get the Windows 10 Fall Creators Update

Earlier Microsoft released a Windows 10 Fall Creators Upgrade Assistant, but it’s hard to find now. Just in case you’re missing it, you can download from the link below:

https://saputra.ch/downloads/installers/Windows10Upgrade9252.exe

andy-mac:Downloads andy$ md5 Windows10Upgrade9252.exe 
MD5 (Windows10Upgrade9252.exe) = da222f3519e7387892a7afea30b1cb65
andy-mac:Downloads andy$

Office 365 Convert Regular to Shared Mailbox & Setup Mail Forwarding

Is someone left from your office?

Here is the best practice to do with their mailbox.

With Office 365, we can take advantage of keeping inactive users in the cloud without affecting our quota without any license required.

  1. Go to Admin centers -> Exchange
  2. At the Exchange admin center dashboard, go to recipients -> mailboxes
  3. Click on target user’s mailbox, and select Convert to Shared Mailbox
  4. Go back to Office 365 Admin center, go to Users -> Active users -> click on target user’s mailbox, and remove the license.

Set up email forwarding by going back to Exchange admin center, go to mail flow:
On rules, click + sign to create a new rule, name it: Sent to ‘target.user@saputra.ch’, *Apply this rule if… [The recipient is…] Target user’s name, *Do the following… [Redirect the message to…] Destination user’s name. Let ‘Audit this rule with severity level: Not specified’ ticked, and leave the mode for the role to be ‘Enforce’. Click Save to create the forwarding rule.

If you are managing your own Office 365 licenses, you can decrease the license to minimalise the bill:
Go to Office 365 Admin center -> Click on Billing -> Subscriptions

Setting up WiFi Hotspot on your Samsung Android Smartphone

If you are not connected to a Wi-Fi or local network and want to use the Internet on your computer or any other Wi-Fi compatible device, you can use your phone as a modem. This guide shows with a few easy steps how to establish an Internet connection between your phone and your preferred device.
  1. Select Apps:
  2. Select Settings:
  3. Select Mobile hotspot and tethering:
  4. Select Mobile hotspot:
  5. Select MORE:
  6. Select Configure Mobile hotspot:
  7. Enter a password of at least 8 characters and select SAVE:
  8. Turn On Mobile hotspot:
  9. Your phone is now set up for use as a Wi-Fi hotspot:

Select your phone from the list of Wi-Fi networks on your computer or any other Wi-Fi compatible device and enter your password. To turn Off your personal hotspot, simply slide Mobile hotspot to Off.

Migrating a Mac Local User to a Network User

I’ve seen several places where a smaller company has been integrated into a large company, or where the number of Macs in the company has grown, and now you want those users to have their machines and login managed under the network directory system, be that Open Directory or Active Directory. The most frequent issue with this is that a user has an existing home directory that they’ve been working with and want to be able to bring this over to the new environment. This is a walk-through of how to make that process as painless as possible.

Note: These instructions are based around a 10.5.x client OS. 10.5 uses plist files for user records, where 10.4 used Netinfo. The same theory applies to 10.4, but the method is different, in that the user must be removed from Netinfo.

We’re going to start this assuming that we have already successfully bound our client machine to the existing directory authentication structure. What you may notice here, is that even though your user account exists on the directory server, you may not be able to login with it’s credentials. This is probably because the shortname of both your local user account and your network user account are the same. The search policy for Directory Services on the client will always look to the local machine for authentication first.

You may need to create a new administrative user at this point as you will need to be logged into the client as some user other than the user that you are planning to migrate. Using this alternate user, use the Terminal to navigate to /var/db/dslocal/nodes/Default/users

macmini:~ admin$ sudo -s
Password:
bash-3.2# cd /var/db/dslocal/nodes/Default/users/

We had to use sudo before this command as the files within the Default node is only viewable by the root user.

From here we’re going to move the plist file for the user we want to migrate. I’m only moving, rather than removing to preserve the file in case I want to go back to the local user for any reason. Once you’ve tested a successful login at the end of this process you can delete the file we’re moving into /Users/Shared/.

mv andy.plist /Users/Shared/

You’ll notice if you run an “id” command on the user you just moved the local information will still show up.

bash-3.2# id andy
uid=502(andy) gid=20(staff) groups=20(staff),103(com.apple.sharepoint.group.3),98(_lpadmin),101(com.apple.sharepoint.group.1),102(com.apple.sharepoint.group.2)

We need to restart the DirectoryService process before our change takes affect.

bash-3.2# killall DirectoryService
bash-3.2# id andy
uid=1026(andy) gid=20(staff) groups=20(staff),103(com.apple.sharepoint.group.3),98(_lpadmin),101(com.apple.sharepoint.group.1),81(_appserveradm),1030(all),1027(vpn),102(com.apple.sharepoint.group.2),79(_appserverusr),80(admin)

You’ll notice that the information coming back from the “id” is now from the directory server, and not the local user info, however, if we try to log in at this point the ownership of the files in the home directory will be incorrect. To fix this, we’ll run a recursive chown on the user home directory.

bash-3.2# chown -R andy /Users/andy

Your user is now ready to log in with their directory username and password, and their home directory will remain the same.

3CX SSL certificate has expired

Follow these steps to renew your 3CX SSL certificate (assuming that the PBX in question is SP0 as the last contact with 3CX servers has been made from a 15.5 SP0 – In this case the system must be updated to the latest service pack)

To force the update:

  • If version is lower than v15.5 SP2 skip this step:
    • Starting from v15.5 SP2, go in Settings / Parameters:
    • Set or Add TEMPORARY_SELF_SIGNED_CERTIFICATE_GENERATED and give it value of 1.
  • Linux:
    • Log in via SSH.
    • Type: /usr/lib/3cxpbx/PbxConfigTool -renew-certificates
  •  Windows:
    • Go to Command Prompt.
    • Type: “C:\Program Files\3CX Phone System\Bin\PBXWizard\PbxConfigTool.exe” -renew-certificates
    • Press Enter and the result should look something like this:
    • Restart nginx just to be sure and the certificate should have been renewed (service nginx restart)
I got the instruction above official from 3CX Support Helpdesk.

How to Fix: Google Chrome Updates are disabled by the Administrator

If your Google updates are disabled by the administrator so you cannot update by yourself, here is the solution! It is very easy and it only takes five minutes to fix this issue:

  1. Go to Windows Start Button on the left bottom and Click on Run.
  2. Type in regedit on the run.
  3. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update
  4. Double Click on the UpdateDefault
  5. Change the value from 0 to 1.
  6. Restart your Chrome Browser and try to update again.

JP Tyres Porana Road Review

Our experience with JP tyres was terrible, they swapped our tyre without our consent.

So, initially we went to Auto Garage (car servicing shop next to it) for a WoF and they failed our WoF, primarily due to tyre was different between front-left with the front-right, then we went to JP tyres (the shop next to it) and purchased the same tyre with our front-right (Blacklion Cilerro 175/65-R14).

Blacklion Cilerro 175/65-R14

After we completed the purchase and JP-tyres fitted the new tyre to our Honda Fit, we put the car overnight in Auto Garage as our car needs some WoF repairs (such as replacing the wheel bearings, top strut mounts, dead tail bulb, etc. Which actually we don’t know since we are not oto-savvy.)

The strange thing is the next day we pick up our car after they finished the repairs and passed the WoF, our front-left vehicle has utterly different tyre like magic!

Jinyu Gallopro 175/65-R14

They replaced with Jinyu Gallopro 175/65-R14, and yes, which means our front-left and front-right tyre are again, not the same). We have all the evidence including the detailed invoice from JP-tyres. The Auto Garage mechanic said the guy from JP-tyres collected our car key from Auto Garage, brought the car to JP-tyres and swapped our tyre ‘without’ our consent.

We strongly NOT suggest you to go to the following venue for all kind of tyre maintenance and/or replacement:

JP Tyres
80 Porana Road
Glenfield, Auckland 0627

Please be advised that they’re also known as JP Tyres 2009 Ltd.

It’s inevitable that we are doubting that they’re both (JP-tyres and Auto Garage) are working in-conjunction for each other to gain their own personal benefits.

Auto Garage Porana Road Review

Our experience with Auto Garage was terrible, we went to Auto Garage for WoF and they failed our WoF, primarily due to tyre was different between front-left with the front-right.

Then we went to JP tyres (the shop next to it) as of Auto Garage’s recommendation and purchased the same tyre with our front-right (i.e. Blacklion Cilerro 175/65-R14).

Blacklion Cilerro 175/65-R14

After we completed the purchase and JP-tyres fitted the new tyre to our Honda Fit, we put the car overnight in Auto Garage as our car needs some WoF repairs (such as replacing the wheel bearings, top strut mounts, dead tail bulb, etc. Which actually we don’t know since we are not oto-savvy)

The cost was shockingly $1k. We’re okay with the price, but the strange thing is the next day we pick up our car after they finished the repairs and passed the WoF, our front-left vehicle has utterly different tyre like magic!

Jinyu Gallopro 175/65-R14

They replaced with Jinyu Gallopro 175/65-R14, and yes, which means our front-left and front-right tyre are again, not the same). We have all the evidence including the detailed invoice from JP-tyre. It’s inevitable that we are now doubting what are the other original parts they might have swapped with the other dodgy or cheaper parts.

We strongly NOT suggest you to go to the following venue for both car servicing and WoF:

Auto Garage
78 Porana Road
Hillcrest, Auckland 0627

MikroTik Bruteforce Login Prevention

To stop SSH/FTP attacks on your router, follow the following advise:

This configuration allows only 10 FTP login incorrect answers per minute.

in /ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \
comment="drop ftp brute forcers"

add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m

add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" \
address-list=ftp_blacklist address-list-timeout=3h

This will prevent a SSH brute forcer to be banned for 10 days after repetitive attempts. Change the timeouts as necessary.

in /ip firewall filter
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute forcers" disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=10d comment="" disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m comment="" disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \
action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \
address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no

If you want to block downstream access as well, you need to block the with the forward chain:

add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute downstream" disabled=no

To view the contents of your Blacklist, go to “/ip firewall address-list” and type “print” to see the contents.

This is the recommended Bruteforce prevention, officially from the MikroTik Wiki. Despite their page was last edited on 7 August 2013, at 09:47 this method is still pretty much effective until present.

Couldn’t install Microsoft Office with Error Code: 30182-1011

Microsoft Office, Couldn't install, Error Code: 30182-1011

This error code is known when you try to install different Microsoft Office licenses into the same system (e.g. Non-profit license or OEM license and you’re installing Retail license or Office 365 Subscription-based license) – Basically you cannot mix varies types of license in one system.

In this case, we had:

  • Microsoft Office Home and Business 2016;
  • Microsoft Project Professional 2016;
  • And we’re trying to install Microsoft Office 365 Business (Subscription-based license).

Similar error code, same issue:

Microsoft Office, Couldn't install, Error Code: 30182-1011

We ended up with converting all of our office licenses to Office 365 (Subscription-based) license.

Tips: Use Microsoft’s easy fix tool to completely uninstall Office.

Microsoft Office 365: Other installation options
Microsoft Office 365: Other installation options for Microsoft Project
Microsoft Office 365: Other installation options for downloading Microsoft Project
This is the Office 2016 + Project Professional 2016 (All of them are Office 365 Subcription-based License as they appears in Programs and Features)

Office 365 & Microsoft Project Professional 2016 in Programs and Features