Author Archives: Webdude

Server 2019 Anonymous File and Printer Sharing

To enable LAN users (not domain-joined) to be able to access folders and printers without getting prompted for a username and a password.

Preparation Work

Start > Local Security Policy > Local Policies > Security Options

  • Accounts: Guest Account Status: Enabled
  • Network access: Let Everyone permissions apply to anonymous users: Enabled
  • Network access: Do not allow anonymous enumeration of SAM accounts and shares: Disabled

Sharing a Folder

Locate the folder you want to share > Right Click on it > Properties . . .

  • Sharing tab: Advanced Sharing > Permissions > Add . . . > Add Everyone > Check Read and Change
  • Security tab: Edit . . . > Add . . . > Add Everyone > Check Full Control (or appropriate file permissions)

Sharing a Printer

Start > Devices and Printers > Locate the printer to share and right-click on it > Printer properties

  • Sharing tab: Share this printer: ticked, Render print jobs on client computers: ticked
  • Security tab: Add . . . > Add Everyone > Check all boxes


AVMA keys Windows Server 2019

The following AVMA keys can be used for Windows Server 2019.

Edition AVMA key
Datacenter H3RNG-8C32Q-Q8FRX-6TDXV-WMBMW
Standard TNK62-RXVTB-4P47B-2D623-4GF74
Essentials 2CTP7-NHT64-BP62M-FV6GG-HFV28

The following AVMA keys can be used for Windows Server, version 1809.

Edition AVMA key
Datacenter H3RNG-8C32Q-Q8FRX-6TDXV-WMBMW
Standard TNK62-RXVTB-4P47B-2D623-4GF74

The following AVMA keys can be used for Windows Server, version 1803 and 1709.

Edition AVMA key
Standard C3RCX-M6NRP-6CXC9-TW2F2-4RHYD

The following AVMA keys can be used for Windows Server 2016.

Edition AVMA key
Standard C3RCX-M6NRP-6CXC9-TW2F2-4RHYD
Essentials B4YNW-62DX9-W8V6M-82649-MHBKQ

The following AVMA keys can be used for Windows Server 2012 R2.

Edition AVMA key
Datacenter Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW
Essentials K2XGM-NMBT3-2R6Q8-WF2FK-P36R2


Show Hidden Devices server 2008R2

In order to work around this display phantom/hidden device when using the Show hidden devices in Device Manager you need to set the correct variable. See the following couple of steps:

  1. Bring up a Command Prompt.
  2. At the command prompt, type the BOLDED lines, pressing ENTER after each line:
    1. set devmgr_show_nonpresent_devices=1
    2. start devmgmt.msc
  3. Click on the View menu and select Show hidden devices.

You will now see the hidden devices

Composer Update for Snipe-IT

To update Snipe-IT on Windows Server 2016 with Composer, the following commands will assist:

composer install --no-dev --prefer-source
composer dump-autoload
php artisan migrate
php artisan config:clear
php artisan config:cache

Thats it

Zabbix Appliance extend Volume

We use Zabbix to monitor almost everything, from UPS boxes through to routers, switches, even printers.  Today we were welcomed with the following issue:

Warning: Free disk space is less than 20% on volume /

As it the error suggests, the stock 20Gb VHD file for Zabbix Appliance is filling up.  It wasn’t a straight forward process to extend the volume once you had made the changes in HyperV.  The following steps will allow this volume to be extended and then applied to Zabbix Appliance.

To Extend the volume of Zabbix Appliance:

1: Extend the VHDX through HyperV disk manager

2: Boot Zabbix VM via a live bootable distro and load Gpartd – I used ‘Parted Magic’ but any live distro will do.

3: Extend volume, if unable to extend volume and can see the Padlock or Key icon, select ‘deactivate’ and resize.

4: Exit Gpartd and shutdown Zabbix Appliance

5: Remove bootable ISO and start Zabbix Appliance

6: Login to Zabbix Appliance via command line and enter the following:

sudo lvextend –l +100%FREE [MOUNTPOINT]

expand filesystem:

sudo resize2fs [MOUNTPOINT]

if you need to find the Mountpoint, use

sudo lvdisplay

You should now have an extended disk size in your Zabbix Appliance

IPSec Tunnel Mikrotik RouterOS to Azure IKE2

Now that Azure uses IKEv2 for IPSec tunnels, here is an up to date script to bring up IPSec between RouterOS and Azure.  Note that RouterOS must be Version 6.38 and above for IKEv2.

/ip ipsec mode-config
add name="AZURE CONFIG" system-dns=no
/ip ipsec proposal
set [ find default=yes ] disabled=yes
add enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=1h name=AZURE pfs-group=none
/ip ipsec peer
add address=<AZURE PUBLIC IP> dpd-interval=disable-dpd enc-algorithm=aes-256,aes-128 exchange-mode=ike2 generate-policy=port-strict local-address=<SRC PUBLIC IP> secret=<IPSEC SECRET>
/ip ipsec policy
set 0 disabled=yes
add comment="IPsec Tunnel to Azure" dst-address=<DEST LAN SUBNET> proposal=AZURE sa-dst-address=<AZURE PUBLIC IP> sa-src-address=<SRC PUBLIC IP> src-address=<SRC LAN SUBNET> tunnel=yes



Aftermarket SFP GBIC in Cisco Switches

Many companies are seeking for Cisco SFP alternatives to help cut down the costs on these expensive modules.

A frequent customer problem with Cisco’s new line of Catalyst switches is that they do not support 3rd party (non-Cisco) SFPs – or at least they do not seem to…

If you’ve just replaced your network switches and tried using any 3rd party SFPs to connect your network backbone, you’ll quickly stumble across an error similar to the following:

%PHY-4-UNSUPPORTED_TRANSCEIVER: Unsupported transceiver found in Gi1/0/0
%GBIC_SECURITY_CRYPT-4-VN_DATA_CRC_ERROR: GBIC in port 65538 has bad crc

Congratulations!  The Catalyst switch has just disabled the GBIC port! This happens because Cisco Catalyst switches are configured by default not to work with non-Cisco SFPs.

When a SFP is inserted into a switch’s GBIC port, the switch immediately reads a number of values from the SFP and if it doesn’t like what it sees, it throws the above error message and disables the port.

All SFP modules contain a number of recorded values in their EEPROM and include:

  • Vendor Name
  • Vendor ID
  • Serial Number
  • Security Code
  • CRC


Despite the error displayed, which leaves no hope for a solution, keep smiling as you’re about to be given one.

There are two undocumented commands which can be used to force the Cisco Catalyst switch to enable the GBIC port and use the 3rd party SFP:

3750G-Stack(config)# service unsupported-transceiver

Warning: When Cisco determines that a fault or defect can be traced to
the use of third-party transceivers installed by a customer or reseller,
then, at Cisco's discretion, Cisco may withhold support under warranty or
a Cisco support program. In the course of providing support for a Cisco
networking product Cisco may require that the end user install Cisco
transceivers if Cisco determines that removing third-party parts will
assist Cisco in diagnosing the cause of a support issue.

3750G-Stack(config)# no errdisable detect cause gbic-invalid

When entering the service unsupported-transceiver command, the switch will automatically throw a warning message as a last hope to prevent the usage of a 3rd party SFP.

The no errdisable detect cause gbic-invalid command will help ensure the GBIC port is not disabled when inserting an invalid GIBC.

Since the service unsupported-transceiver  is undocumented, if you try searching for the command with the usual method (?), you won’t find it:

3750G-Stack(config)# service ?
compress-config              Compress the configuration file
  config                             TFTP load config files
  counters                         Control aging of interface counters
  dhcp                               Enable DHCP server and relay agent
  disable-ip-fast-frag           Disable IP particle-based fast fragmentation
  exec-callback                   Enable exec callback
  exec-wait                       Delay EXEC startup on noisy lines
  finger                            Allow responses to finger requests
  hide-telnet-addresses     Hide destination addresses in telnet command
  linenumber                    enable line number banner for each exec
  nagle                             Enable Nagle's congestion control algorithm
  old-slip-prompts             Allow old scripts to operate with slip/ppp
  pad                              Enable PAD commands
  password-encryption      Encrypt system passwords
  password-recovery        Disable password recovery
  prompt                         Enable mode specific prompt
  pt-vty-logging               Log significant VTY-Async events
  sequence-numbers        Stamp logger messages with a sequence number
  slave-log                      Enable log capability of slave IPs
  tcp-keepalives-in          Generate keepalives on idle incoming network connections
  tcp-keepalives-out       Generate keepalives on idle outgoing network connections
  tcp-small-servers         Enable small TCP servers (e.g., ECHO)
  telnet-zeroidle             Set TCP window 0 when connection is idle
  timestamps                 Timestamp debug/log messages
  udp-small-servers       Enable small UDP servers (e.g., ECHO)

3750G-Stack(config)# service 

The same applies for the no errdisable detect cause gbic-invalid command.

We tried both service unsupported-transceiver & no errdisable detect cause gbic-invalid commands on 2960G, 3560G, 3750G, 4507R and 4507R-E Catalyst switches and all accepted the commands without a problem. In fact if the Catalyst switch is running IOS 12.2(25)SE and above, the undocumented commands are available.


There are mixed feelings about this. We certainly do not recommend using non-Cisco SFP’s in production environments, however in a lab environment, its most probably a cheap way out.

When using 3rd party GBICs, one must keep in mind that Cisco TAC will not provide any support for problems related to the SFPs as they are totally unsupported. Here is a small portion from the Cisco Catalyst 3750G Q&A that refers to the usage of 3rd party SFP modules on the switch:

Q. Do the Cisco Catalyst 3750 Series Switches interoperate with SFPs from other vendors?

A. Yes, starting from 12.2(25)SE release, the user has the option via CLI to turn on the support for 3rd party SFPs. However, the Cisco TAC will not support such 3rd party SFPs. In the event of any link error involving such 3rd party SFPs the customer will have to replace 3rd party SFPs with Cisco SFPs before any troubleshooting can be done by TAC.


To allow the Cisco iOS to use the non-branded SFP’s the following needs to be done at the switch terminal:


From the Enable command line on the Cisco Switch enter:

2960x(config)# service unsupported-transceiver <press enter>
2960x(config)# no errdisable detect cause gbic-invalid <press enter>

Save running config to switch. Profit.

Remove everything from Win 10 except Calculator and Store

To remove almost all the modern apps in windows 10 except calculator and store

open powershell (as administrator)
Set-ExecutionPolicy Unrestricted
Get-AppxPackage -AllUsers | where-object {$ -notlike "*Microsoft.WindowsStore*"} | where-object {$ -notlike "*Microsoft.WindowsCalculator*"} | Remove-AppxPackage
Get-AppxProvisionedPackage -online | where-object {$_.packagename -notlike "*Microsoft.WindowsStore*"} | where-object {$_.packagename -notlike "*Microsoft.WindowsCalculator*"} | Remove-AppxProvisionedPackage -online

To restore almost all the modern apps in windows 10

open powershell (as administrator)
Set-ExecutionPolicy Unrestricted
Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)AppXManifest.xml"}

Adding a TCP/IP Route to the Windows Routing Table

The Routing table dictates where all packets go when they leave your system. On most environments, all packets that leave your system will be forwarded over to your router or hub, and from there out to the internet.

In some circumstances, you may have a testing network configured to duplicate another environment, or you may be configuring a more complex network topology that requires the use of additional routes. Adding routes to your machine is a useful testing tool for some of these situations.


route ADD MASK


route ADD “network” MASK “subnet mask”  “gateway ip”

For example, if you were on the network, and you had a gateway on configured to access the network, you would use a route add statement like this:

route ADD MASK

Your routing table should now reflect that change, and all traffic to the 10.10.10.x range will now be sent over to the gateway machine.

The route add change will only stick across reboots if you add it with the -p flag, as in the following:

route -p ADD MASK