Veeam- Your service provider has implemented backup files protection against deletion by an insider for this cloud repository. To protect against advanced attack vectors, we recommend that you configure your cloud backup jobs to keep multiple full backups on disk (as opposed to forever-incremental chain with a single full backup).

You get-

Your service provider has implemented backup files protection against deletion by an insider for this cloud repository. To protect against advanced attack vectors, we recommend that you configure your cloud backup jobs to keep multiple full backups on disk (as opposed to forever-incremental chain with a single full backup).  

Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\ 

Value Name: CloudConnectBinGfsNotificationSeverity

Value Type: DWORD (32-Bit) Value

Value Data (Default): 2


New-ItemProperty -Path 'HKLM:\SOFTWARE\Veeam\Veeam Backup and Replication\' -Name 'CloudConnectBinGfsNotificationSeverity' -Value "1" -PropertyType DWORD -Force

Move SQL Temp DB to alternate partition

USE master
GO
ALTER DATABASE tempdb
MODIFY FILE( NAME = temp2, FILENAME = 'F:\MSSQL\DATA\tempdb.mdf' )

ALTER DATABASE tempdb
MODIFY FILE( NAME = templog, FILENAME = 'F:\MSSQL\DATA\templog.ldf')

ALTER DATABASE model
MODIFY FILE( NAME = modeldev, FILENAME = 'F:\MSSQL\DATA\model.mdf' )

ALTER DATABASE model
MODIFY FILE( NAME = modellog, FILENAME = 'F:\MSSQL\DATA\modellog.ldf')

ALTER DATABASE msdb
MODIFY FILE( NAME = MSDBData, FILENAME = 'F:\MSSQL\DATA\MSDBData.mdf' )

ALTER DATABASE msdb
MODIFY FILE( NAME = MSDBLog, FILENAME = 'F:\MSSQL\DATA\MSDBLog.ldf')

Move files, restart service.

OpenSSL Self Signed Cert / PFX

openssl genpkey -algorithm RSA -out key.pem
openssl req -new -key key.pem -out csr.pem
openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out cert.pem
openssl pkcs12 -export -out certificate.pfx -inkey key.pem -in cert.pem

If it won't take the password-
openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac -inkey contoso.com.key -in contoso.com.crt -out contoso.com-legacy.pfx

Add Certificate Snap-in:
Go to File > Add/Remove Snap-in.
Select Certificates and click Add.
Choose Computer account and click Next.
Select Local computer and click Finish.
Click OK to close the Add or Remove Snap-ins window.

Import the Certificate:
Expand Certificates (Local Computer) > Personal.
Right-click Certificates and choose All Tasks > Import.
Follow the Certificate Import Wizard to import the certificate from the .pem or .cer file you exported earlier.
Assign the Certificate to LDAPS:

Once imported, locate the certificate in the Certificates (Local Computer) > Personal store.
Right-click on the certificate and choose All Tasks > Manage Private Keys.
Assign appropriate permissions to the private key for the account running the LDAP service (usually NTDS).

You create and deploy a shortcut/URL via GPO, but network icon file is missing.

Create a GPO and enable-

Computer Configuration > Policies > Administrative Templates > Windows Components > File Explorer -> Allow the user of remote paths in file shortcut icons

Windows Server 2022 DC shows in Private Network Instead of Domain

Windows Server 2022 DC shows in Private Network Instead of Domain

Open Regedit, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc, edit DependOnService, add netlogon.

SQL Windows Firewall

New-NetFirewallRule -DisplayName "SQLServer default instance" -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow

New-NetFirewallRule -DisplayName "SQLServer Browser service" -Direction Inbound -LocalPort 1434 -Protocol UDP -Action Allow

netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN

netsh firewall set portopening protocol = TCP port = 1433 name = SQLPort mode = ENABLE scope = SUBNET profile = CURRENT

S VPN

 AWS VPN-

1) First you need a "VIRTUAL PRIVATE GATEWAY"- this is the connection to the on-prem firewall. Use the amazon default ASN, that doesn't matter. Once you create it, attach it to the VPC. You only need one of these for all VPNs.

2) Next you go to Customer Gateways, don't worry about the BGP stuff. IP address is your firewall IP. Leavn certification blank.

3) Go into site-to-site VPN connections, create it and tie it to your virtual private gateway, select your existing customer gateway you created, set the routing option to static, static IP prefix is your remote lan. Leave local and remote IPv4 blank.

4) You will need to add routes in the route table. Create a route, point it to Virtual Private Gateway and select the gateway. 

5) You will need to allow access in the security groups from your on premise servers.

6) Once it completest, click download configuration to get the info for the local firewall.