Allow 911 Emails to Google Groups

To allow external email users to send emails to a Google Group in G Suite, follow these steps:

  1. Sign in to your Google Admin console using your administrator account (the account that does not end in @gmail.com).
  2. Navigate to Apps > Google Workspace > Gmail.
  3. Click on User Settings.
  4. Under Mail delegation, check the box next to Let users delegate access to their mailbox to other users in the domain.

https://support.google.com/a/answer/11946994?hl=en

Enable SFTP/SSH on Server 2022

If you need to provide a SFTP connection to a specific server, you can install and configure IIS. However, if your needs do not require dedicated home folders for each user or only require granting access to a small number of people, perhaps setting up the optional SFTP/SSH server available in Server 2022 will be just the ticket. To get started, Open an elevated PowerShell console and run the following command:

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

If this is successful, you should see the phrase, “Online : True”. To make the startup of the service automatic, run the next command in the same PowerShell window.

If you receive an error similar to below, the computer is not set to get its updates directly from Microsoft. This would include most of our servers still pointed to WSUS.

Add-WindowsCapability : Add-WindowsCapability failed. Error code = 0x800f0954 At line:1 char:1

To resolve the problem for Server 2022 open the file “I:\SSH-WindowsServer2022-CustomBits\20348.1.210507-1500.fe_release_amd64fre_SERVER_LOF_PACKAGES_OEM.iso” and note to which drive letter the ISO is assigned. Then issue the modified command below to install. You can see the drive letter F: is where the ISO is registered.

dism /online /add-package /packagepath:"F:\LanguagesAndOptionalFeatures\OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab"

In either case, If the install is successful, you should see the phrase, “Online : True”. To make the startup of the service automatic, run the next command in the same PowerShell window.

Get-Service -Name "sshd" | Set-Service -Startup "Automatic" -PassThru | Start-Service -PassThru

You can verify the installation by typing the command “services.msc” into the PowerShell window. This will launch the built-in services applet. The service is named, “OpenSSH SSH Server” and you should see that it now is running and set to auto start. Here you can stop, start, or restart the service. If you prefer using the command line, the same can be accomplished with these commands:

stop-service sshd
start-service sshd
restart-service sshd

Several customizations can be made to the SSH service to restrict who has access to the server and where a user will land when connecting. The configuration fille is found by default at “C:\ProgramData\ssh\sshd_config”. To edit the file, launch Notepad.exe as Administrator or use Notepad++ to open the file in the location below. NOTE: Any time you edit this file, the service must be restarted for the changes to take effect..

By default, all local and domain users have the ability to connect to the SSH instance. When each user connects, they will be dropped into their individual profile folder on the server. If the user did not already have a folder, it will be created on first logon. Since this may not be what you desire, you can modify the config so that every user will drop into a the same folder and or configure who will be allowed to connect.

To set the server to make all connections to the same folder, find this line in the config file, “ChrootDirectory none” and change it to read, “ChrootDirectory "DriveLetter:\Folder of your choice

To control who can connect to the server, copy the following lines into the sshd_config file just above the line, “Match Group Administrators” at the end of the file.

#Allow or deny users and groups
  # Items must be in this order:
  # DenyUsers
  # AllowUsers
  # DenyGroups
  # AllowGroups
#AllowUsers domain\cooper.a
AllowGroups domain\SSH-Windows

All of the lines beginning with # symbol are comments and not used in the config except as reminders or placeholders. The user restrictions are processed in the order shown. In this config, I have commented an AllowUsers line while leaving the AllowGroups line as active. This is because only one of these options can be active at any one time. If you want to allow only your self to connect, use the AllowUsers version. In the example, this would allow the user cooper.a to connect and no one else. If you want more than one person to login, user the AllowGroups option.

Currently, the server does not support Entra ID accounts and cannot be protected with MFA. Test your config by connecting as an allowed user with WinSCP or your favorite SSH client.

Links to more info below

https://4sysops.com/archives/configure-an-sftp-server-on-windows/

https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui#connect-to-openssh-server

https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration

https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration#allowgroups-allowusers-denygroups-denyusers

https://woshub.com/connect-to-windows-via-ssh/

https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement

ADPassword Manager Plus

To facilitate password changes for your Active Directory accounts, HCC provides the ADPasswordManager Plus server. Once enrolled you may change your password, even if the password has been forgotten. You may unlock your account and can edit some of your user information stored in Active Directory.

To login to the server visit https://password.hccanet.org. Note: you must enter https:// before the address. Once at the site you will see three options, each selectable by clicking. First is the sign in area then below, “Forgot your password?” and “Account locked out?” These last two will be covered later in this article.

To login, enter your username, your password and choose “HCCANET” from the domain drop down, then click “Login”. If you are a new user or if your password has been reset by a HCC staff member, you will enter your temporary password here.

If you’ve entered the correct information, you will be shown the Change Password page. Enter your old password or, if you are a new user, the temporary password you were given, in the blank provided. Then enter your new desired password in the two blanks below. As you enter your new password and meet the various complexity requirements, each will be marked with a green check mark. If every item has a green check mark, click “Change Password”.

If your new password is accepted you will see a notification like below. Click “Close” to move to the next step of enrollment.

To access all the benefits of the self-service password changing tools, you will need to complete enrollment. Hitting the “Click Here” button will take you to the next step.

By enrolling you will be able to reset your password, even if it’s been forgotten. By choosing two questions and providing answers that you can easily remember, you will be able to prove your identity. This will allow you to set a new password at your convenience rather than wait on assistance from the helpdesk.

You will be notified of a successful enrollment. You can now close this browser and log into your HCC application with your changed password.

Change Your Forgotten Password

Even the best of us can forget our password. Our support staff cannot read your password, so if it is forgotten, it will need to be reset. Rather than wait on assistance through our help desk, if you’ve completed your enrollment, you can reset the password yourself by following the steps illustrated below.

Connect once more to https://password.hccanet.org. Since you will be unable to log in, click instead “Forgot your password?” as shown.

Enter your username, select HCCANET as your domain. Enter the letters you see in the image in the provided blank and then click “Continue”.

Provide the answers to the two security questions you provided during enrollment, type the characters from the image in the box provided and then click “Continue”.

Now you can enter your desired new password. As you meet the various complexity requirements, each will be ticked with a green checkmark. Once again, enter the characters from the image in the box provided and then click “Reset Password”.

You should now get a notice that your password has been successfully changed. You can now return to your application and log in.

If you encounter any difficulty with the process, please send an email with details to the helpdesk.

WebEx For Desktop Support

Cisco’s Webex provides a very nice desktop client that allows hosting meetings and sessions from our personal rooms. This works very well for sharing content and supporting web applications. It is easy to right click the desktop and ask for permission to control. However, if you need to type anything in an elevated command prompt or run anything that requires administrative approval, you are completely out of luck. Not only will you be prevented from entering data, you will also be prevented from clicking away from the protected item to do anything else. You are essentially locked in a digital prison and only the end user can free you by cancelling or clicking away from the protected action.

I knew there had to be a better way to help users. After all, I had been helped many times by vendors using Webex who were not hindered in this way. After some research and experimentation, I’m happy to report that we can easily use Webex support sessions to provide excellent administrative support for end user’s desktops.

The secret sauce to this is using the web based login to our Webex server. You cannot launch this type of session from the desktop client, or at least I’ve not yet found a way.

To get started, browse to https://hcc.webex.com and log in with your account. Once logged in, click “Webex Support” in the lower left hand corner of the screen. This did not seem intuitive to me. It felt like I was asking for support. Later I realized that someone else on our staff might use the same link specifically because they was support. It appears to swing both ways.

figure 1

A list of support options will appear on the left side of your Webex screen.

figure 2

From the support page, if the “Provide Support” area is not already expanded, click the arrow just to the left to expand options.

Next, click “Start Session”. This will launch the “Customer Service Representative Dashboard”, aka CSR Dashboard. The dashboard consists of one or more blocks of controls that can be collapsed, expanded and moved from one place on your desktop to another.

If you have any difficulty getting the CSR Dashboard launched, you can click on the “Downloads” link. From here you can download the dashboard bits for your operating system.

When the session is started, the CSR dashboard appears in the lower right hand of your screen. By default, two collapsible panels are open, the Invite panel and the Participants panel. You can enter an email for your customer and if “Send using my own email program” is ticked, an email will open with the link info required. Just send the email. Alternatively, if you are communicating with the client via an instant messaging app, just click the “Copy Link” button and paste the link to the chat window.

figure 3

Once your client has accepted the invitation and joined the meeting, their name will appear in the “Participants” panel. You can then click the circled button in the dashboard to “Request Control” of the user’s desktop. Notice that for the image below, I do not actually have a user connected and that is why the various options are shown in gray. When the user connects, the options will be visible and clickable.

figure 4

In figure five below, you can see how a connected customer appears in the dashboard. For reference, notice the “opening door” icon with the red arrow near the right hand side. Clicking that icon will end your support session. You’ll be given an opportunity to enter notes about the support case before it closes completely.

figure 5

Not only can you request control, but you can also choose the more restrictive, “Request View” option. You can do the same for specific applications. Co-browsing is available where you can easily switch sides with the client, where they can perform some action on your computer. File and multimedia options are also included.

figure 6

Sometimes you may need more access to the system than the client’s login allows. By right-clicking the customer name in the Participant’s panel, you can choose some advanced options. If you choose “Log On as Different User”, the current user will be logged off and you can provide administrative credentials for a new login. Your session will not be interrupted. If you choose the “Reboot” option, the other side will reboot. It does require approval, but since you are controlling the other side, you can grant your own approval if needed. The customer will need to reconnect to your session after the reboot. You can choose to run custom scripts once you’ve created the scripts in your Webex login. If you click “System Information” and if the customer approves, a popup will appear with a great deal of information about the remote computer. This info is shown in figure 7.

figure 7

The image below shows the type of information you can retrieve from the customers computer. Click any item in the left pane to view the related info in the right. Below you can see the logical drives present on the customer’s computer.

figure 8

One last thing that you may find as helpful as I. When you get control of your customer’s computer, it will appear in full screen. This is handy if you want to use keyboard shortcuts to interact with the remote screen. However, if you need to refer back to your own desktop or web browser to provide assistance, it is at first blush, difficult to get access to your screen. For example, using the Alt-Tab key combination actually impacts the remote side and not your local screen.

Do not fear, there is a simple work around. In the upper right corner of the remote computer is a “Sharing” icon. Click the down arrow and then “View”. If you choose “Window-Scale to Fit”, the remote session will be reduced just enough to make your local computer’s Task-Bar visible. You can now open and select your local apps to perform a task or to gather information to assist you in your support session.

figure 9

This little tutorial is intended to just get you started with the more advanced support options available in Webex. You will want to experiment with the other icons/options available from the dashboard. I found myself well able to assist a customer with little more info than what I’ve shared above. I am now convinced that while connecting with Webex is a little more involved than with TeamViewer, the range of options are more extensive in Webex. Below will be a few links to helpful Cisco documents about support connections with Webex.

Get Started With Cisco Webex Support

Start a Session and Invite Customers or Other Attendees in Cisco Webex Support

Join a Cisco Webex Support Session

Manage a Customer’s Computer in Cisco Webex Support

Cisco Webex Remote Support User’s Guide

listserv creation

This tutorial will demonstrate how to create a Listserv using L-Soft’s Listserv Lite. Once created the subscribers will be added through bulk operations. When done the list will be depopulated and removed from the server.

Step 1: Login to your account.
Using your provided account, log into the server to find the default dashboard screen.

Step 2: Create a new listserv
Click the “List Creation” option in the left menu. In the blanks provided enter the name of the Listserv and its title. In this case I used the same info for both. Next, tick the “Create with Wizard” radio button and then click “Next”.

Step 3: Specify the list owner and type of list
Enter the email address for the list owner then select what type of list you want to create, Announcement List, Unmoderated Discussion List, or Moderated Discussion List then click “Next”.

Step 4: Select list options
Choose your desired options from the five areas shown, designating how subscriptions are made and who can send email to the listserv. You can choose whether the list owner will receive email notifications for activities on the list and whether to allow attachments or not. The last option controls who will be allowed to see the list archive. When options are selected, click “Next”.

Step 5: Accept archive options
You can customize the type and path for the list archives. I would suggest accepting the default options. Click “(Use Suggestion)” then click “Next”.

Step 6: Review and Create
Review the settings of the list and if all is acceptable, click “Create”.

Step 7: Handling replies
Determine how replies to the list will be handled. Click “List Management: from the left menu and verify you are working with the desired list. Next click “Distribution” and in the Reply to line, click the drop down in the middle column. You can choose whether replies will go to the sender, the list, or both. If you are creating an open discussion list, then replying to the list maybe appropriate. If you are creating a newsletter list, you may want replies to be returned to the original sender. Below this option is the “Subject Tag” option. You can add text here that will appear in the subject of each email from the list. Including a word in brackets like, [LIST] can help subscribers filter list email received.

Step 8: Create your import file
Once the list is created, you will want to add subscribers. You can just distribute subscribe and unsubscribe email options to your target audience, or you can manually add one user at a time. In this tutorial I’ll use the “Bulk Operations” option to import subscribers from a previously created text file. Listserv cannot import Excel or CSV files. The import file must be a tab delimited text file, with no header row. The format must be “email address” (TAB) “First Name” (TAB) “Last Name”. The names are optional. If not present or if only one name is present, the subscriber will be added without name information. You can use Excel to manipulate lists of people and then generate the final output as a text files like shown below.

Step 9: Import subscribers step 1
If you have your text file ready to go, click “Subscriber Options” from the left menu and then click the linked text “(Bulk Operations)”.

Step 10: Import subscribers step 2
In the new focused window, tick the radio button to add the imported addresses to the list. Next, click the “Choose File” button and navigate to your text file. Next, click the “Import” button.

Step 11: Remove subscribers
You can remove subscribers using the same text file you used to import. In the image below, in the grey area you can see the subscribers imported to the list in the previous step. Now, by selecting the same “Bulk Operations” link, you can tick the button to remove the imported addresses and choose the same file you used before. Click the somewhat less than intuitive “Import” button. The subscribers will be removed.

Step 12: List deletion step 1
Click “List Deletion” from the left menu . Using the drop down, select the list you wish to delete and then click “Update”.

Step 13: List deletion step 2
Read the warning and if you are sure you wish to delete the list, click the “Confirm” button.

While many other options are available for managing listservs, the options described above will handle much of the day-to-day needs for the organization.

RHEL6 NIC order

udev in RHEL6 enumerates devices based on information stored in

/etc/udev/rules.d/70-persistent-net.rules

When adding/changing NICs in VMware, you may need to edit this file to adjust the order. Alternately, you can delete the file and let the system rebuild it on the next restart.

Regenerate SSH key material

All this can be done in an ssh session, however if anything goes wrong, you’ll need console access to fix the problem.

Generate new candidate primes

ssh-keygen -G moduli-2048.candidates -b 2048

Screen primes for suitability

ssh-keygen -T moduli-2048 -f moduli-2048.candidates

Install in ssh config root, backup old moduli:

cd /etc/ssh

mv moduli moduli.bak

mv moduli-2048 moduli

backup existing private/public keys:

for i in *_key;do mv $i $i.bak;done

for i in *.pub;do mv $i $i.bak;done

Generate new keys:

ssh-keygen -A

Restart sshd:

/etc/init.d/sshd restart

Verify this by logging out and back in. Your ssh client should bark that the host key has changed. Once you clear the line from .ssh/known_hosts (or the equivalent) you should be able to log in again.

At that point you should delete the old keys and candidate moduli

Generating PDFs using Ghostscript

The following command (re)generates a pdf from the source file. In this particular case it is being invoked to fix improperly written pdf. but it could just as well be used to make a pdf from an jpg file.

gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 -dPDFSETTINGS=/screen -dNOPAUSE -dQUIET -dBATCH -sOutputFile=Aaron_Taylor_APPLICATION_2014-04-30_20-58-new7.pdf Aaron_Taylor_APPLICATION_2014-04-30_20-58.pdf