KB on Mexicali IT

Zero-Trust Endpoint Isolation: Containment via Offline SIDs

Mon, 30 Mar 2026 16:20:00 -0700

When a user is terminated in Active Directory, the first line of defense is instantly engaged: denial of corporate access, which disconnects their VPN sessions and blocks interactive logins through the Domain Controller (DC).

However, there is a critical risk vector. If the employee (or a malicious attacker) has their corporate laptop, the local Windows Cached Credentials will continue to operate. This allows them to log into the machine “offline” (from the domain) and extract sensitive files locally onto a USB drive without needing to be connected to the corporate VPN or internal network.

Isilon OneFS: Immutable Data Protection against Ransomware with SmartLock (WORM)

Sun, 22 Mar 2026 11:00:00 -0700

In today’s cybersecurity landscape, traditional storage defenses are no longer sufficient to contain advanced attacks. When a threat actor compromises administrator credentials, standard backups and storage snapshots can be easily deleted or aggressively encrypted. This is where SmartLock for Dell Isilon (PowerScale) comes into play.

SmartLock provides true file-system-level immutability using WORM (Write-Once, Read-Many) technology. Once a file is deliberately locked (committed) inside a SmartLock domain, it cannot be modified, overwritten, or deleted by anyone (not even by a sophisticated ransomware attack deploying root privileges) until its retention period securely expires.

Isilon OneFS: Transparent Cloud Tiering & Cost Optimization with CloudPools (AWS S3)

Sun, 22 Mar 2026 03:00:00 -0700

As data volumes continue to grow explosively, a significant percentage inevitably becomes “cold data”—historical files that are rarely accessed. Keeping this inactive data sitting on high-performance primary storage is extremely cost-inefficient.

To solve this, OneFS integrates CloudPools, a powerful tiering feature that allows you to seamlessly move inactive data blocks to an external object storage platform like Amazon S3, Azure Blob, or a local ECS. When data is tiered, OneFS leaves behind a reference file (a SmartLink, or stub) on the local file system. To end-users connected via SMB or NFS, the file still appears in its original location as normal; however, when they try to open it, the cluster retrieves the payload from the cloud transparently.

Isilon OneFS: Storage Efficiency - Implementing SmartDedupe

Sat, 21 Mar 2026 10:00:00 -0700

As users consume storage, it is common to find redundant data (documents copied multiple times, identical ISOs, or duplicated backups). To mitigate this waste of capacity, Isilon offers SmartDedupe.

Unlike other storage systems that perform inline deduplication, Isilon utilizes post-process deduplication. This means data is written to disk immediately with maximum performance, and subsequently, a background job (Job Engine) scans the file system for identical 8KB blocks to consolidate them and free up space.

Isilon OneFS: Local Protection - Retention Strategies with SnapshotIQ

Sat, 21 Mar 2026 00:00:00 -0700

With our authentication, access zones, and capacity limits in place, our Isilon cluster is functionally ready for production. However, a production environment is only as good as its recovery strategy. In the world of Scale-Out NAS, the first line of defense against accidental file deletion or corruption is SnapshotIQ.

SnapshotIQ allows for virtually unlimited snapshots (up to 1,024 per directory) with negligible performance impact. In this article, we will configure an automated retention strategy and explore how users can recover their own files without IT intervention.

Isilon OneFS: Capacity Management - Implementing SmartQuotas

Fri, 20 Mar 2026 22:13:00 -0700

We have successfully joined our cluster to Active Directory and established a robust NTFS permission architecture. Now, we must ensure our storage environment remains stable and is not saturated through uncontrolled usage. In Isilon, this is managed through the SmartQuotas license.

SmartQuotas allows us to limit space at three distinct levels (Directory, User, or Group) and offers several types of limits:

Advisory (Informational): Only generates alerts; does not block usage. Ideal for transparent monitoring.
Soft Limit: Allows users to temporarily exceed the threshold (useful for heavy rendering or month-end processes) but generates critical notifications and, after a grace period, becomes a block.
Hard Limit: Upon reaching the threshold, the file system returns a “Disk Full” error to the user. Not a single additional kilobyte is allowed.

In this guide, we will implement a Directory-level Hard Limit for our departmental production folder.

Isilon OneFS: Data Presentation - SMB Share Configuration and Permission Management

Fri, 20 Mar 2026 19:34:00 -0700

Our Isilon cluster is now a trusted member of Active Directory, and users are encapsulated within their own dedicated Access Zone. However, up to this point, the storage remains an opaque block. It is time to open the doors and present that storage to the network.

In this article, we will create our first network-accessible resource (SMB Share) and address one of the greatest debates in storage administration: the correct management of permissions.

Isilon OneFS: Identity Integration - Access Zones and Active Directory Joining

Fri, 20 Mar 2026 19:00:00 -0700

We have reached one of the most critical architectural milestones of the entire deployment. So far, our cluster is live on the network, utilizing dynamic routing with SmartConnect and secured via SSL management. However, an enterprise NAS serves little purpose if users must memorize new credentials or if management traffic is mingled with high-performance production data.

In this article, we will join our Dell EMC Isilon cluster to our Active Directory domain (mxlit.com) and configure true multi-tenancy by creating our first dedicated Access Zone.

Isilon OneFS: Securing the WebUI with SmartConnect and SSL Certificates

Fri, 20 Mar 2026 01:03:00 -0700

Managing an enterprise-grade storage cluster through a static IP address while dealing with the annoying “Site not secure” browser warning is not an acceptable practice in a production environment. Beyond the visual nuisance, it bypasses critical identity verification and can lead to man-in-the-middle vulnerabilities during administrative sessions.

In this guide, we will elevate your Dell EMC Isilon cluster’s management security. We will configure a load-balanced FQDN for our management network using SmartConnect and subsequently issue and install a valid SSL certificate using an internal Windows Server Certificate Authority (CA).

Isilon OneFS: The Magic of SmartConnect and DNS Delegation

Thu, 19 Mar 2026 00:47:15 -0700

If you have followed our previous guides, you now have a 3-node virtual Isilon cluster running with Enterprise licenses activated. However, at this point, it is still just a group of servers. To transform Isilon into a true Scale-Out NAS—where all nodes work as a single brain—we need to configure its “secret sauce”: SmartConnect.

In this article, we will break down the architecture behind SmartConnect, why it is so powerful, and how to configure it step-by-step using Windows Server DNS, the industry standard.

Isilon OneFS: Unlocking Enterprise features (Licensing)

Wed, 18 Mar 2026 23:28:12 -0700

When building a Dell EMC Isilon (OneFS) laboratory on Proxmox or VMware, you may notice that by default, many advanced features in the web interface—such as replication, deduplication, or quotas—appear locked or inactive.

To truly simulate a production environment, you need access to the full suite of enterprise tools. In this guide, we will look at how to activate these features directly from the command line for your homelab, bypassing the need for corporate license files.

Isilon OneFS: Joining nodes to the cluster

Wed, 18 Mar 2026 22:52:16 -0700

Integrating additional nodes into an Isilon cluster is one of the most rewarding processes in the OneFS architecture. Once the first node is operational, expanding capacity and performance is nearly automatic.

In this guide, we detail the steps to join Node 2 (and subsequent nodes) to our lab cluster in Proxmox.

Prerequisites (Quick Checklist)

Before pressing the start button, ensure that the virtual machine (e.g., VM 202) strictly complies with the defined architecture:

Isilon OneFS: Protecting the Simulator on Hypervisors (NVRAM and Cache)

Wed, 18 Mar 2026 20:05:41 -0700

Deploying a virtual Dell EMC Isilon (OneFS) cluster in your lab environment with Proxmox is an excellent way to test enterprise features like SyncIQ, SmartPools, or SmartConnect. However, this simulator has a critical “Achilles’ heel” when running on general-purpose hypervisors: susceptibility to file system corruption during sudden power outages.

Here I explain exactly why this happens and how to fix it by adjusting storage policies in Proxmox.

The Problem: Absence of Physical NVRAM

In a production environment, physical Isilon nodes rely heavily on a battery-backed NVRAM (Non-Volatile RAM) card. This memory acts as an ultra-fast and secure journal. Every write transaction enters the NVRAM first; if there is a power outage, the battery ensures the data is written to disk once power returns.

Umami: Solving Geolocation (City and Region) with Cloudflare Tunnels

Tue, 17 Mar 2026 19:00:00 -0700

Umami is one of the best privacy-focused, self-hosted alternatives for web analytics. However, an extremely common issue when deploying it behind Cloudflare Tunnels is that the dashboard identifies the visitor’s country, but the City and Region fields appear empty (—).

In this guide, we will look at how to fix this telemetry “short circuit” by correctly configuring HTTP headers so that Cloudflare provides Umami with all the geographic information it needs.

Isilon OneFS: Virtual Cluster Deployment - Part 1: Installation & Initial Configuration

Tue, 17 Mar 2026 01:45:00 -0700

Welcome to the first installment of the Isilon / PowerScale series. In this documentation, we will explore the depths of Dell EMC’s scale-out NAS platform, starting from the ground up. Whether you are building a lab for testing or preparing for an enterprise deployment, this guide will provide the technical foundations needed to stand up a virtual Isilon cluster on Proxmox.

Phase 1: MAC, VLAN, and VM Configuration in Proxmox

Create a VM without disks, with 3 Network Interface Cards (NICs), a minimum of 6GB of RAM, and 4 vCPUs. Edit the hardware for each cloned node to match your network design exactly.

GitHub: Hybrid Cloud CI/CD - Building a Zero-Downtime Pipeline with Self-Hosted Runners

Mon, 16 Mar 2026 00:00:01 -0700

Introduction: The Evolution of a Pipeline

In the previous posts of this series, I detailed my journey from a broken, 25-minute SFTP deployment bottleneck to a hyper-optimized Rsync pipeline that completes in mere seconds. But optimization is only half the battle in Enterprise Architecture. The other half is Resiliency.

Currently, my pipeline relies entirely on Microsoft’s GitHub Cloud infrastructure. While GitHub Actions provides 2,000 free CI/CD minutes per month, relying 100% on external compute resources violates a core principle of self-hosting: Control. What happens if I burn through my free tier limits during intense development weeks? What if GitHub’s shared runner queues are experiencing an outage?

Cloudflare: Cryptographic Security for Your Domain with DNSSEC

Sun, 15 Mar 2026 14:30:00 -0700

The Domain Name System (DNS) is the Internet’s address book, but by original design, it is not secure. When a user types a domain into their browser, the query travels in plain text and blindly trusts the response it receives. This is where DNSSEC (Domain Name System Security Extensions) comes in.

DNSSEC does not encrypt DNS queries, but rather digitally signs them. It works through a public-key cryptography system that guarantees DNS resolvers (such as those from Google, Cloudflare, or your ISP) that the IP address they are being directed to is legitimate and has not been altered along the way.

Umami: Deploying Umami Analytics with Docker

Sun, 15 Mar 2026 01:35:00 -0700

Maintaining absolute control over your visitors’ demographic and behavioral data is essential in the world of Enterprise technology. Umami Analytics has become the leading alternative for those seeking a lightweight, privacy-friendly, and, above all, easy-to-deploy solution through Docker.

Why Self-Hosted over the Cloud version?

While Umami offers a cloud version, self-hosting provides undeniable advantages for technical or corporate profiles:

No retention limits: The cloud’s free version often has limits on how many events you can process or how long they are stored. On your own server, the only limit is your storage.
Data Sovereignty: Data never leaves your infrastructure. This is vital for privacy compliance or simply for total control.
Privacy by Design: By not relying on third-party servers, you eliminate an external tracking point.
Zero Operational Cost: If you already have a server with Docker, adding an Umami container doesn’t increase your monthly costs.

1. Environment Preparation

Umami requires a database to store metrics. The cleanest and most self-contained way to deploy it is by using Docker Compose to spin up both the Umami application and a PostgreSQL database in the same stack.

GitHub Actions: Optimizing CI/CD Deployments (From SFTP to Rsync)

Thu, 12 Mar 2026 16:41:54 -0700

Introduction: The Hidden Cost of “It Just Works”

When I first migrated this Knowledge Base to Hugo and set up a CI/CD pipeline using GitHub Actions, my primary goal was simplicity. I needed a way to push my Markdown files to GitHub and have a runner automatically compile the static HTML and send it to my Nginx container hosted on a remote VPS.

To achieve this, I used a popular, off-the-shelf SFTP Deployment Action. For the first few days, it was magical. I would commit a new post, and within 2 minutes, the site was live.

TrueNAS: Enable Computer Management & OpenFiles Access (Access Denied Fix)

Tue, 10 Mar 2026 22:00:00 -0700

\nimage: “truenas_thumbnail.jpg”

When managing a TrueNAS or FreeNAS file server integrated with Microsoft Active Directory, you may encounter a You do not have permissions to see the list of files opened by Windows clients. or NT_STATUS_ACCESS_DENIED error when attempting to connect using native Windows RPC administrative tools.

This behavior is most prominent when:

Trying to open the fsmgmt.msc (Computer Management -> Shared Folders) MMC snap-in pointing to your NAS.

Proxmox: How to Resolve "Bulk Start Waiting for Quorum"

Tue, 10 Mar 2026 21:30:00 -0700

When running a Proxmox VE cluster, a sudden power outage or network partition can bring down multiple nodes simultaneously. When a single node powers back on, it will typically refuse to start its Virtual Machines, freezing at a “bulk start waiting for quorum” message.

Proxmox does this intentionally: to prevent “split-brain” scenarios where two isolated nodes try to run the same VMs at the same time and corrupt storage, the cluster enforces Quorum (a strict majority of active nodes). If a node cannot see the majority of the cluster, it locks down.

Proxmox: How to Import Hyper-V VMs (.VHDX) to Proxmox

Tue, 10 Mar 2026 21:00:00 -0700

Migrating your infrastructure from Microsoft Hyper-V to Proxmox VE is a common step for organizations seeking a powerful, open-source virtualization platform. While Proxmox does not natively run .vhdx files, its underlying QEMU hypervisor architecture allows you to easily import and seamlessly convert Hyper-V disks into Proxmox-native formats (RAW or QCOW2) directly from the command line.

This guide will walk you through the process of exporting a Virtual Machine from Hyper-V, transferring the virtual disk, converting it into a Proxmox VM, and configuring the necessary VirtIO drivers to ensure Windows boots successfully.

Proxmox: How to Expand Local Storage (Remove Local-LVM)

Tue, 10 Mar 2026 20:00:00 -0700

When you install Proxmox VE on a single driveâ€”for instance, a 1TB SSDâ€”the installer automatically partitions the space into local (root file system, typically for ISOs and backups) and local-lvm (block storage for VM disks). However, for many Homelab enthusiasts and small-scale deployments, this division is often unnecessary and can lead to wasted space on one partition while the other is full.

This guide explains how to safely remove the local-lvm partition and expand your primary local (root) filesystem to claim 100% of your disk’s usable space.

Proxmox: How to Add Nodes (Hosts) to a Cluster

Tue, 10 Mar 2026 19:00:00 -0700

Scaling your virtualization environment by creating a Proxmox VE Cluster allows you to centrally manage multiple physical nodes from a single web interface. Clustering enables advanced enterprise features such as High Availability (HA), live migration, and shared storage management. This guide will show you how to securely join a new, standalone Proxmox host into an existing cluster.

1. Retrieve Cluster Join Information

First, log into the web interface of an existing node that is already part of the cluster you wish to join.

Proxmox: How to Add Active Directory Authentication (LDAP)

Tue, 10 Mar 2026 18:00:00 -0700

Integrating Proxmox Virtual Environment (VE) with Microsoft Active Directory allows you to centralize user management and apply your organization’s existing security policies to your virtualization clusters. By connecting Proxmox to AD via LDAP, administrators and operators can log in using their standard domain credentials, eliminating the need to manage separate local accounts on each Proxmox node.

1. Add the Active Directory Realm

Navigate to your Proxmox VE web interface. At the top of the left-hand cluster menu, click on Datacenter, then select Realms.

Proxmox VE: How to Apply a Valid Let's Encrypt SSL Certificate via ACME DNS

Tue, 10 Mar 2026 17:00:00 -0700

By default, Proxmox VE generates a self-signed SSL certificate during installation. While this encrypts the traffic between your browser and the server, it causes modern browsers to throw aggressive “Your connection is not private” warnings.

Why should we apply a valid SSL Certificate? In an enterprise or advanced homelab environment, ignoring certificate warnings is a dangerous habit. It trains administrators to click “Proceed Anyway”, which leaves them vulnerable to genuine Man-in-the-Middle (MitM) attacks. Furthermore, integrating Proxmox with external APIs, backup servers, or automation tools (like Terraform) often fails outright if the endpoint does not possess a mathematically verifiable, globally trusted SSL certificate.

Proxmox VE: Post-Install Configuration using Helper Scripts

Tue, 10 Mar 2026 16:00:00 -0700

After completing the bare-metal installation of Proxmox VE, you will quickly notice a few initial hurdles: the persistent “No Valid Subscription” validation nag, the inability to download updates because the “Enterprise” repository is enabled by default, and a few unoptimized cluster settings.

To fix all of this simultaneously, we will use a legendary community tool that has saved thousands of hours for homelabbers and system administrators alike: Proxmox VE Helper-Scripts.

Proxmox VE: Bare-Metal Installation & Boot Partitioning Guide

Tue, 10 Mar 2026 15:00:00 -0700

When it comes to building an enterprise-grade homelab or deploying production hypervisors on a budget, Proxmox Virtual Environment (VE) is the undisputed king. Built on Debian GNU/Linux, it provides native integration with KVM (Kernel-based Virtual Machine) for virtual machines and LXC for lightweight containers, completely free of licensing traps.

In this guide, we will walk through the bare-metal installation of Proxmox VE, paying special attention to the often-overlooked storage partitioning step to ensure you aren’t leaving performance on the table.

TrueNAS: How to Apply System Updates

Mon, 09 Mar 2026 15:00:00 -0700

Keeping your TrueNAS installation up-to-date is crucial for maintaining system stability, improving ZFS performance, and patching critical security vulnerabilities. Fortunately, TrueNAS features a highly robust, built-in updater that handles downloading patches, applying them to a new boot environment, and safely rebooting the system without putting your data at risk.

This short guide demonstrates how to check for and apply system updates to your TrueNAS server.

Step-by-Step Guide

1. Check for Updates

Log into your TrueNAS web interface as an administrator. Navigate to System > Update in the left-hand menu.

TrueNAS: How to Create an SMB Share Drive

Mon, 09 Mar 2026 14:00:00 -0700

The primary purpose of deploying TrueNAS is often to act as a highly resilient network file server. Server Message Block (SMB), also known as CIFS, is the standard file-sharing protocol natively used by Windows, but it is also widely supported by macOS and Linux systems. To share data across your network, you must first create an isolated filesystem container (a ZFS Dataset) and then expose that dataset via the SMB service.

TrueNAS: How to Join an Active Directory Domain

Mon, 09 Mar 2026 13:00:00 -0700

When deploying TrueNAS in an enterprise environment, integrating it with a central Windows Server Active Directory (AD) domain is essential. Joining the domain allows TrueNAS to directly query your domain controllers for users and groups, eliminating the need to recreate local accounts. You can then assign NTFS-style permissions (ACLs) to your SMB shares seamlessly.

This guide details the procedure for joining your TrueNAS storage server into an Active Directory domain.

TrueNAS: How to Import and Apply SSL Certificates

Mon, 09 Mar 2026 12:00:00 -0700

Securing your TrueNAS web interface with a valid SSL/TLS certificate is a critical step in deploying a production-ready storage server, especially when integrating it with enterprise Active Directory environments or managing it over a network. By default, TrueNAS generates a self-signed certificate, which modern browsers flag as insecure.

This guide details the process of importing an existing SSL certificate (and its private key)â€”often issued by an internal Windows Certificate Authority or a provider like Let’s Encryptâ€”and applying it to the TrueNAS graphical interface.

TrueNAS: How to Create a New ZFS Storage Pool

Mon, 09 Mar 2026 11:00:00 -0700

The core of any TrueNAS deployment is its storage configuration. At the heart of this system is the ZFS file system, which organizes physical disks into logical groupings called vdevs (Virtual Devices) and aggregates them into a Pool. Creating a robust storage pool is your first step toward configuring data shares, taking snapshots, and securing your enterprise or homelab data.

This guide will walk you through the process of creating a new ZFS Storage Pool in TrueNAS.

TrueNAS: How to Install and Configure the Ultimate ZFS Storage OS

Mon, 09 Mar 2026 10:00:00 -0700

Introduction: What is TrueNAS?

TrueNAS is universally recognized as the world’s most robust Open Storage operating system, directly heavily relying on the legendary ZFS (Zettabyte File System) architecture. It delivers absolute enterprise-grade features straight out of the box: proactive data self-healing, intelligent RAM tier caching (ARC), and unlimited instantaneous snapshots.

Whether deploying the FreeBSD-based CORE or the modern Debian Linux-based SCALE, TrueNAS effectively transforms commodity servers into high-performance, resilient storage arrays meticulously built to serve virtualization clusters, heavy backup targets, and enterprise media streams.

Windows Server: How to Fix Software Protection Activation Errors

Sun, 08 Mar 2026 18:00:00 -0700

When deploying new Windows Servers from templates, cloning VMs, or performing major system upgrades, you might run into a frustrating issue where Windows refuses to activate against your KMS host or accept a retail key. Often, the system throws obscure licensing errors or the “Software Protection” (sppsvc) service repeatedly fails to start.

This failure usually stems from deep-rooted permission corruption within the Windows system folders. During cloning or upgrading, the built-in NETWORK SERVICE or sppsvc accounts lose their crucial read/write access to the local licensing store folders, making it physically impossible for the OS to retrieve or write its own activation state.

Windows Server: How to Configure Automatic Logon

Sun, 08 Mar 2026 17:40:00 -0700

In a production environment, Windows Servers are typically designed to remain on the lock screen until an administrator actively authenticates. However, certain legacy applications or specific GUI-based tools explicitly require an active user session to run in the background. If the server reboots and sits at the Ctrl+Alt+Delete screen, these applications will simply fail to start, causing painful outages.

This scenario is extremely common when dealing with specialized Virtual Machines (VMs) in a homelab or enterprise cluster where you need an application to fire up automatically unattended.

Windows Server: In-Place Upgrade Guide and Compatibility Paths

Sun, 08 Mar 2026 17:20:00 -0700

Upgrading a Windows Server traditionally involved standing up a brand-new virtual machine and meticulously migrating roles, data, and applications (a “clean install” migration). However, Microsoft’s In-Place Upgrade process has become phenomenally reliable, allowing you to upgrade the operating system of an existing server while keeping your files, settings, and complex applications completely intact.

This guide outlines exactly how to perform an in-place upgrade, the supported upgrade paths you must follow, and crucial compatibility warnings.

Active Directory: How to Check Active Directory Health and Force Replication

Sun, 08 Mar 2026 17:00:00 -0700

A healthy Active Directory (AD) environment is the backbone of any Windows-based enterprise network. When Domain Controllers (DCs) stop communicating or fail to replicate changes properly, you will experience bizarre authentication issues, missing user accounts, and erratic GPO behaviors.

As a system administrator, knowing how to quickly diagnose AD health and manually force replication is a critical skill. This guide outlines the most essential CMD and PowerShell commands used to verify Active Directory status, assess replication health, and manually trigger synchronization between servers.

VMware: How to Fix "Two Filesystems With the Same UUID Have Been Detected"

Sun, 08 Mar 2026 13:30:00 -0700

Encountering the “Two filesystems with the same UUID have been detected” error during an ESXi host boot can immediately halt your hypervisor’s startup sequence. This issue typically occurs when the host detects multiple storage devices or boot partitions that share the exact same Universally Unique Identifier (UUID). This is a common side-effect of cloning a boot USB drive, SD card, or dealing with duplicate LUN snapshots without resigning the VMFS volumes. Resolving this boot halt is critical to bringing your ESXi host back online.

VMware: How to Install a New Certificate with an Internal CA

Sun, 08 Mar 2026 12:35:00 -0700

Securing your vCenter Server (VCSA) with an authentic SSL certificate is a crucial step towards maintaining a robust virtualization environment. By default, vCenter uses self-signed certificates, which prompt annoying and potentially dangerous browser security warnings. Replacing these with a certificate signed by your own Internal Certificate Authority (CA) not only eliminates these warnings but also ensures that all communication within your management plane is encrypted and trusted natively by your domain devices.

VMware: How to Apply Patches to vCenter Server

Sat, 07 Mar 2026 11:15:00 -0700

Keeping your vCenter Server updated is not just a best practice; it’s a critical operational necessity. Regular patching resolves severe security vulnerabilities, delivers essential bug fixes, and ensures compatibility with modern hardware and newer ESXi hosts. Since vCenter acts as the central command hub for your entire virtual infrastructure, an unpatched server can become a major security liability and compromise the stability of all managed workloads.

Navigate to your vCenter Server Management Interface (VAMI) using port 5480:

Leaving SaaS: Creating Your Own Telemetry Microservice with FastAPI and Docker

Thu, 05 Mar 2026 16:30:00 -0800

Static site generators (SSGs) like Hugo are unbeatable in speed and security. By compiling everything into pure HTML files, we eliminate attack vectors and database dependencies. However, a classic problem arises: How do we add basic interactivity, such as a “Likes” counter, without ruining the static nature of the site?

Initially, the easy answer is to integrate a third-party service (SaaS). It’s fast and it works. But as infrastructure engineers, relying on an external API presents us with two fundamental problems: the loss of sovereignty over our data and the inevitable paywalls that arise when traffic increases. The ultimate solution isn’t to look for a heavyweight open-source clone, but to build our own minimalist microservice.

HUGO: Implementing Serverless Telemetry in Hugo with Lyket (Applause Button)

Thu, 05 Mar 2026 13:00:00 -0800

Implementing Serverless Telemetry in Hugo with Lyket

Migrating to a static site generator (SSG) like Hugo offers massive advantages in security and speed by not relying on databases to serve content. However, this presents a challenge when we want to integrate basic interactivity, such as a “Like” or “Applause” counter in our Knowledge Base.

Instead of setting up additional containers or databases just to record clicks, the most elegant solution is to use a decoupled serverless approach. This is where Lyket comes in, an external API that handles transactional telemetry while our frontend remains 100% static.

VMware: Installing VMware vCenter Server (VCSA)

Thu, 05 Mar 2026 10:00:00 -0800

The Heart of Your Infrastructure: Why You Need vCenter

Managing ESXi servers individually through their web interface is fine for a very small environment, but when you’re looking to scale, automate, and ensure availability, vCenter Server is the critical component. It acts as the centralized control panel for your entire vSphere infrastructure.

Key Advantages of Deploying vCenter:

Centralized Management: Control multiple ESXi hosts, virtual machines, and networks from a single console.

Docker: Automatic Image and Log Cleanup

Wed, 04 Mar 2026 21:15:00 -0800

Why doesn’t Docker automatically clean up junk files?

If you’ve had a Docker server for more than a month, you’ve probably noticed that disk space mysteriously disappears. Docker is designed on the principles of immutability and security. It doesn’t delete anything by default because it can’t guess whether that “orphaned” image from three months ago is a critical version you plan to roll back to, or if that build cache is something you need for a quick deployment tomorrow.

GitHub: Guide to Deploying Hugo CI-CD to a Server with GitHub Actions Monorepo

Wed, 04 Mar 2026 21:15:00 -0800

Objective: Eliminate the manual process of compiling and copying the public/ folder to the server. We will implement a pipeline that, upon detecting a git push on the main branch, compiles the site and transfers it securely via SFTP using SSH keys.

Security: Least Privilege Implementation

In real production environments, we do not use root. Deployment is performed with a restricted user who only has access to their own home directory. This adds a vital layer of security: if the CI/CD process is compromised, the attacker is trapped in a “cage” within the user’s $HOME directory.

DNS: How to Enable DNS Debug Logging on Windows Server (and Why Be Careful)

Wed, 04 Mar 2026 15:00:00 -0800

When we deploy security solutions like Cortex XSIAM or centralize logs with Elasticsearch using Filebeat, one of the most common requirements is to ingest the name resolution activity of our Domain Controllers (DCs).

To achieve this, the first fundamental step is to enable DNS Debug Logging in the Windows DNS server configuration. However, this is not simply a matter of checking a box; There are critical technical and infrastructure considerations you should be aware of before implementing it in production.

VMware: Unable to migrate VM (Migrate button grayed out) - Resolved via MOB

Wed, 04 Mar 2026 13:58:17 -0800

Have you ever tried to migrate a Virtual Machine in vCenter and found that the Migrate… option is completely disabled (grayed out)?

Often, when trying to power it on or move it, vCenter displays a message indicating that the VM is pinned to a host (“The virtual machine is pinned to a host”). This usually happens when backup software (like Veeam) leaves a task hanging, or when a previous operation fails, leaving the VM in a locked or logically “locked” state.

Active Directory: Adding Windows Core as a Domain Controller.

Wed, 04 Mar 2026 12:00:00 -0800

Domain Controller in Windows Core

If you’ve followed this series, you already know how to set up a primary and a secondary Domain Controller using the graphical interface (Desktop Experience). But, if we really want to take our infrastructure to the next level and minimize risks,

In this third and final installment, we’re going to deploy a Domain Controller using Windows Server Core and purely the command line (PowerShell).

Why Choose Server Core for Your Active Directory?

If you’re wondering why you should forgo the visual convenience of a graphical interface for such a critical role, the answer boils down to three fundamental pillars for any business environment:

Isilon OneFS: How a BBU Failure Brings Down Your Cluster (and the Risk of Forcing Recovery)

Tue, 03 Mar 2026 00:00:00 +0000

Working with enterprise storage infrastructure like Dell PowerScale (Isilon) usually provides peace of mind due to its high availability. However, when OneFS’s self-protection mechanism kicks in, it can trigger a domino effect that completely halts production.

We recently faced a critical incident in OneFS 9.7.1.3 where a battery failure (BBU) escalated to the total loss of access to shared disks (SMB/NFS) and the crash of the WebUI.

In this post, I will document the symptoms, the root cause, the workaround, and, most importantly, why forcing the system out of Read-Only mode carries a massive risk of data loss if not properly calculated.

Moving FSMO Roles

Fri, 20 Feb 2026 21:14:14 -0800

Why is it necessary to move FSMO roles?

In an Active Directory environment, not all Domain Controllers (DCs) are the same. Although most tasks are replicated multidirectionally, there are five critical roles called FSMO (Flexible Single Master Operation) that can only be run by one server at a time to prevent write conflicts and corruption in the ntds.dit database.

Moving these roles is not just an administrative whim; It is an operational necessity in the following scenarios:

FSMO Role Function

Fri, 20 Feb 2026 15:14:14 -0800

FSMO (Flexible Single Master Operations) roles are critical roles in an Active Directory environment that are assigned to one or more domain controllers to ensure that certain administrative and replication tasks are handled centrally. There are five FSMO roles, each with a specific function in the operation of Active Directory. Below, I detail the purpose of each:

1. PDC Emulator

Main Function: This role is responsible for emulating the behavior of a Windows NT Domain Controller (PDC) and is primarily used in mixed environments with earlier versions of Windows Server (such as Windows NT 4.0).
Specific Functions:
- Password Authentication: When a user changes their password, the PDC Emulator is responsible for updating the password database.
- Time Synchronization: The PDC Emulator is the primary server for time synchronization in the domain, as it is assumed to be the time source for the entire domain.
- Group Policies: It is responsible for managing certain types of group policies and password administration.
- Master Password Change Copy: This is the only server authorized to receive password changes across the entire domain. This means that if other domain controllers experience replication issues, passwords will not be synchronized correctly.

2. RID Master

Main Function: The RID Master is responsible for assigning ranges of unique identifiers (RIDs) to domain controllers within the domain. RIDs are part of the unique identifier of an object in Active Directory (such as a user or group).
Specific Functions:
- RID Assignment: Every object in Active Directory has a unique RID that is assigned when the object is created. The RID Master is the only one that can assign blocks of RIDs to other domain controllers.
- If the RID Master is offline for a period of time, other domain controllers will not be able to create new objects in the directory because they will not be able to obtain new RIDs.

3. Infrastructure Master

Main Function: The Infrastructure Master is responsible for maintaining references to objects in other domains within Active Directory. This role is essential for trust relationships between domains.
Specific Functions:
- Cross-domain references: If an object in one domain has a reference to an object in another domain (for example, if a user is in a group in another domain), the Infrastructure Master ensures that these references are up to date.
- If the Infrastructure Master is in a domain that is also a Global Catalog Server, it will not be able to perform its job correctly, as the Global Catalog already manages object information for the entire forest.

4. Schema Master

Main Function: The Schema Master is responsible for managing changes to the Active Directory schema. The schema is the definition of all object types and attributes that can be stored in Active Directory.
Specific Functions:
- Schema Modifications: If you want to add a new type of object or attribute to Active Directory (for example, a new account type or a new property for users), that change must be made through the Schema Master.
- Schema Modifications: Only a domain controller with the Schema Master role can apply changes to the schema. Other domain controllers cannot.

5. Domain Naming Master

Main Function: The Domain Naming Master is responsible for managing domain name changes within the Active Directory forest.
Specific Functions:
- Creating and Deleting Domains: If you need to add a new domain or delete one in the Active Directory forest, the Domain Naming Master is the role responsible for this process.
- Domain Name Changes: Any attempt to change a domain name or domain structure within a forest is performed through the Domain Naming Master.

Summary of FSMO Role Functions

Role	Main Function
PDC Emulator	Time synchronization, password management, group policies, and PDC emulation in mixed environments.
RID Master	Assigns blocks of RIDs to domain controllers to create objects.
Infrastructure Master	Maintains object references across domains.
Schema Master	Makes modifications to the Active Directory schema (adding new attributes or object classes).
Domain Naming Master	Manages the creation and deletion of domains in a forest.

How Many Domain Controllers Should Have These Roles?

Ideally, there should only be one domain controller with each of these roles within a domain or forest to avoid conflicts and ensure that operations are performed centrally.
However, in large or complex environments, FSMO roles can be moved to other domain controllers if necessary for availability or performance reasons. This is usually done using tools such as ntdsutil or PowerShell.

FSMO Role Verification

To verify which server is managing each FSMO role, you can use the following PowerShell command:

How to extend the disk when there is another partition in between

Wed, 21 Jan 2026 10:00:00 -0700

Introduction

You’ve probably experienced this: you expand a virtual disk in Proxmox or VMware, go to Windows Disk Management intending to extend your main partition, and find that the “Extend Volume” option is grayed out (disabled).

Why does this happen? The reason is purely geometric. For Windows to extend a partition, the unallocated space must be contiguous and located immediately to the right of the volume you want to expand.

Exchange: How to Install Exchange Server

Sat, 05 Aug 2023 22:39:01 -0800

Introduction

At this point, we should have completed the following:

Extended the Active Directory schema
Prepared the domain for Exchange
Installed the Exchange Server prerequisites

If we have done everything as described in the previous posts, we will proceed with the Exchange installation.

To do this, remount the ISO and run the Setup.exe file.

It will ask if you want to connect to the Internet to check for updates; select that option and click Next.

Exchange: How to Install Exchange Server Prerequisites

Fri, 04 Aug 2023 22:39:01 -0800

Introduction

For security and performance reasons, it is recommended to install Exchange only on member servers and not on Active Directory servers.

In this post, we will see a series of prerequisites that are necessary for installing Exchange.

To do this, we will begin by running the following command in PowerShell as an administrator.

Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS

Exchange: How to Prepare Your Domain for Exchange

Thu, 03 Aug 2023 22:39:01 -0800

Introduction

Exchange uses Active Directory to store information about mailboxes and Exchange server configurations in your organization. Before installing Exchange Server, you must prepare your Active Directory forest and domains for the new version of Exchange

This step is similar to what we did in the previous post; the requirements are the same.

Open Command Prompt as administrator.

Run the following command:

setup.exe /PrepareAD /OrganizationNam:"" /IAcceptExchangeServerLicenseTerms_DiagnosticDataOn

Exchange: How to Extend the Active Directory Schema

Sun, 30 Jul 2023 22:39:01 -0800

Introduction

In this post, we’ll see how to extend the Active Directory schema and prepare it for an Exchange installation.

The Active Directory schema is a fundamental component of the network management technology developed by Microsoft, known as Active Directory. Simply put, we could think of the schema as the “DNA” of Active Directory, as it defines and organizes the structure and attributes of the objects that can be stored in the directory.

Exchange: Verify AD Requirements for Exchange Server

Sun, 30 Jul 2023 22:39:01 -0800

Introduction

Before starting any configuration, we must verify the Active Directory requirements to begin installing Exchange in our environment.

The minimum requirements for our domain controller must be Windows Server 2008 R2 Datacenter RTM or later.

The minimum for the Active Directory forest is also Windows Server 2008 R2 or later.

You can find all these requirements in detail at the following link.

Another requirement is having .NET Framework 4.8 installed. It’s also recommended that each Active Directory site where you plan to install Exchange Server 2016 should have at least one domain controller with the global catalog.

How to Upgrade from Ubuntu 20.04 LTS to Ubuntu 22.04 LTS

Sun, 30 Jul 2023 22:39:01 -0800

Introduction

Ubuntu is one of the most popular and reliable Linux operating systems on the market, and one of its most widely used versions is Ubuntu 20.04 LTS (Long Term Support). However, the arrival of Ubuntu 22.04 LTS brings with it numerous improvements and advantages that make an upgrade worth considering. In this article, we will explore the reasons to upgrade from Ubuntu 20.04 LTS to Ubuntu 22.04 LTS, the advantages of using LTS versions, and detail the key improvements offered by the new version.

How to Get Free SSL Certificates from Let's Encrypt with Certify The Web

Thu, 20 Jul 2023 22:39:01 -0800

Introduction

First, let’s briefly explain why SSL certificates should be used and what Let’s Encrypt is.

In today’s digital world, online security is a primary concern for all businesses and websites. Cyberattacks and the theft of sensitive information are on the rise, and users have become more aware of the importance of browsing the web securely. One of the most effective ways to protect the privacy and integrity of your visitors’ data is by using SSL (Secure Socket Layer) certificates. In this article, we’ll explore the importance of SSL and how companies like Let’s Encrypt are offering free SSL certificates to help secure the web.

Active Directory: SYSVOL Folder not replicating

Mon, 13 Feb 2023 22:39:01 -0800

Introduction

The SYSVOL directory is a folder on Windows domain controllers that contains information and data necessary for the logon system and other Active Directory functions to work correctly. SYSVOL is essential for domain controller replication and the consistency of Active Directory data across the domain.

When SYSVOL replication fails between domain controllers, it can cause serious problems with Active Directory functionality, such as the failure to create Group Policy Objects (GPOs). If these GPOs are not reflected across the different domain controllers, it can become a major issue.

Active Directory: Password Settings Objects (PSOs)

Fri, 13 Jan 2023 22:39:01 -0800

Introduction

Active Directory (AD) is a Microsoft directory service that allows system administrators to centralize the management of users, groups, and resources on a network.

One of AD’s features is the ability to configure Password Settings Objects (PSOs) to establish security policies for user passwords.

Password Security Objects (PSOs) are different from password policies that can be added via Group Policy Objects (GPOs). PSOs can be used for specific purposes, such as setting a password shorter than the one specified by your domain’s password policy. This can be helpful if you have a system that doesn’t support the currently configured password policy. PSOs can also be used to strengthen passwords for a particular group, such as by increasing the password length or locking users after a single failed login attempt. The options are numerous and should be tailored to your specific needs.

VMware: How to Upgrade an ESXi Server

Wed, 08 Jun 2022 14:00:00 -0800

Introduction

In this post, we’ll see step-by-step how to upgrade a standalone ESXi server, using both online and offline methods.

The process requires the server to be in maintenance mode and will need a restart upon completion. Therefore, I recommend moving all VMs to another host if they are in a cluster.

For this procedure, I will use the server previously created in the post How to Install an ESXi Server. As we can see, the server version is 6.7.0 Update 3 (Build 14320388).

VMware: How to Install vRealize Operations Manager

Tue, 07 Jun 2022 14:00:00 -0800

Introduction

In this post, we’ll see step-by-step how to install VMware vRealize Operations Manager.

But what is VMware vRealize Operations Manager? vRealize Operations Manager is a VMware tool that helps IT administrators monitor, troubleshoot, and manage the health and capacity of the entire virtual infrastructure in VMware.

VMware vRealize Operations Manager collects performance data from each object within our environment, stores and analyzes the information, and provides it in real time for better decision-making.

VMware: How to Install an ESXi Server

Sun, 05 Jun 2022 14:00:00 -0800

Introduction

In this post, we’ll see step-by-step how to install the VMware ESXi Hypervisor… but what is a hypervisor?

A hypervisor is software that allows a server to allocate resources to different virtual machines hosted on it by using shared resources, such as memory and processing power.

Generally, we can find two types of hypervisors.

Type 1 hypervisors are those that are installed directly on the computer, while Type 2 hypervisors are those that are hosted within another operating system, such as Microsoft Hyper-V, VirtualBox, VMware Workstation, and others.

Windows Server: How to extend the trial period

Mon, 28 Mar 2022 14:00:00 -0800

Introduction

In this post, I will explain how to extend the trial license offered by Microsoft for Windows Server and why it is important to keep Windows Server activated.

As you may know, Microsoft offers Windows Server for free for a 180-day trial period. After this time, we “must” enter a valid license; otherwise, the system will be deactivated. This can cause a series of inconveniences, such as the deactivation of certain custom options, and the server will also shut down automatically after a period of time.

Exchange: Configuring the Page File

Thu, 06 Jan 2022 14:00:00 -0800

Introduction

In this post, I will show you how to configure the page file for Exchange Server 2013/2016 using best practices. The process is slightly different for Exchange Server 2019, but I will explain the differences in paging.

Recommended RAM and Page File Size for 2013/2016 Versions

Before continuing, please note the following:

For the Mailbox role, the minimum recommended RAM is 8GB.
For the Edge Transport role, the minimum recommended RAM is 4GB.

Exchange: Exchange Server Versions

Thu, 06 Jan 2022 14:00:00 -0800

Introduction

The first thing to consider before implementing Exchange Server is understanding the different versions available. Currently, there are two versions: Standard and Enterprise. Here you will see the differences between them to determine which one best suits your needs.

Enterprise Edition

It has a maximum of 100 databases per server.

The maximum size is 16TB.

Standard Edition

It is limited to 5 databases per server.

The maximum size is 1TB.

A mounted database refers to the database that is active for use. This could be a database containing the mailboxes that clients use or a database mounted in passive mode. You can create more databases than the limit described above, but you can only mount the number specified for each version. (The recovery database does not count toward the limit.)

ADDS: Configure and Promote a Second Domain Controller

Fri, 31 Dec 2021 22:39:01 -0800

Introduction

In this post, we’ll see how to configure and promote a second domain controller.

Having a second domain controller is crucial, as it serves as a backup in case the primary controller fails. Redundancy is always beneficial; without an extra domain controller, if the primary controller fails, all users could lose access to the various systems.

To avoid this, we’ll walk you through this task step by step. While this isn’t limited to just a second controller, you can also follow the same steps to add additional controllers.

DHCP: How to Configure a DHCP Server from Scratch

Fri, 31 Dec 2021 22:39:01 -0800

Introduction

In this post, we’ll see how to configure a DHCP server, add the necessary role, and configure the scopes.

Having a DHCP server within your organization is essential, and here we’ll see the configuration step by step.

For this post, I’ll use the primary Domain Controller to add the DHCP role. While this is common practice in many environments, you should consider the number of clients that will be connected to avoid impacting server performance.

PFSense: Adding an Additional LAN

Sat, 13 Nov 2021 22:39:01 -0800

Introduction

In this post, we’ll see how to add an additional LAN to pfSense.

PFSense is an open-source firewall/router based on FreeBSD. It can be installed physically or virtually. PfSense has undoubtedly established itself as a great alternative for firewall use because it is highly configurable with its extensive package list, allowing for expanded functionality.

The Community version can be downloaded from this link.

Now that we’ve briefly explained what pfSense is and what it’s used for, let’s see how to create another LAN and why.

VMware: Updating Windows Templates in VMware with PowerCLI

Sun, 07 Nov 2021 22:39:01 -0800

Introduction

As we’ve seen in previous posts, the typical way to create new virtual machines is through templates. As administrators, we need to keep these templates updated. Having one or two templates isn’t a challenge or very time-consuming, but if you have several templates in different locations, such as: 3 templates in Mexicali, 3 in Tijuana, 3 in Ensenada, and another 3 somewhere else (just to name a few), this task can be a bit time-consuming since the procedure involves several steps.

VMware: How to Create a Virtual Machine from a Template – GUI/PowerCLI

Sat, 06 Nov 2021 22:39:01 -0800

Introduction

In this post, we’ll see how to create a new VM from a template. In previous posts, we saw how to create a VM from scratch; however, the ideal way is to create VMs from a template. Here, we’ll see how to perform this task using vCenter (graphical method) and PowerShell.

Right-click where you want to create the VM (in this case, I’ll use the resource pool I created earlier), then select New Virtual Machine….

VMware: How to Convert a Virtual Machine into a Template, from GUI/PowerCLI

Tue, 02 Nov 2021 22:39:01 -0800

Introduction

In this post, we’ll see how to create a virtual machine template that we can use to create other virtual machines.

I recommend updating Windows completely before creating the template. Once that’s done, we can proceed.

Select the virtual machine you want to convert into a template, click on Actions, select Template, and then Convert to Template.

Accept the warning.

As you can see in the image, the template has disappeared from the resource pool.

VMware: How to create a new virtual machine from scratch.

Sun, 31 Oct 2021 22:39:01 -0800

Introduction

In this post, we’ll see how to create a new virtual machine from scratch. While the ideal approach is to create virtual machines from a template, here we’ll see how to do it if you don’t have one. In future posts, I’ll explain how to create a template from an existing virtual machine and then create virtual machines from that template.

Right-click on the cluster or resource pool where you want the new virtual machine to be located, and select “New Virtual Machine…”

Exchange: How to Add Another Email Domain

Wed, 27 Oct 2021 22:39:01 -0800

Introduction

In this post, we’ll see how to add another domain to an Exchange server.

First, we need to obtain a domain. This can be one you’ve purchased or any free domain. Then, we need to edit the MX records of the new domain so they point to our Exchange server.

To obtain a free domain, I’ve included the link here.

For this example, I’ll use the domain mxlitpro.tk, which was created previously.

PowerShell: How to Transfer Security Groups from One User to Another

Thu, 14 Oct 2021 22:39:01 -0800

Introduction

A couple of days ago, I was asked for help copying security groups from one user to a new user. While it’s true that we can perform this task manually, sometimes a simple line of code can save us this work. This is helpful when the new user belongs to the same department as the user whose groups we want to copy.

There’s something to keep in mind before doing this: you should be aware that the user with the groups belonging to the department may have additional, previously authorized access. For example, they might have access to shared files because they’re part of a project, etc. This is why you should be careful when copying the groups in their entirety. If this isn’t the case, then the following script can be very helpful.

PowerShell: Send email to users when password will soon expire.

Fri, 08 Oct 2021 22:39:01 -0800

Introduction

In this post, we’ll see how to alert users when their domain password will soon expire. To do this, we’ll create a PowerShell script.

This script is divided into three functions, which I will explain.

Send-Email

Send-Email This function basically receives three parameters: Username, user email address, and the number of days remaining until the password expires.

In this case, I’m using unauthenticated email. Please note that using unauthenticated email (no SSL and no password, using port 25) means you can only send internal emails. If you want to send emails outside your organization, you must use port 587, enable SSL, and enter a username and password. This will depend on your specific requirements.

PowerShell: Create security groups for each server, remove local administrators and add them to the new group.

Mon, 13 Sep 2021 22:39:01 -0800

Introduction

Security Procedure: Local Administrator Control

Some time ago, I was asked to find a method to implement certain security and control measures for users who are local administrators on each server. These measures required the following:

Creation of Groups in AD: Create a security group in Active Directory for each server.

Assignment of Permissions: Add the created group to the corresponding server with the local administrator role.

User Migration: Find all current local administrators on the server and add them to the new AD group.

Account Removal: Once the users are added to the AD group, remove them from the server’s local administrators group.

Audit Log: Save a log of the users who are administrators on each server.

Notification: Send an email with a report of the changes made.

The idea behind all of this is to have control and know which users are local administrators on the servers. We’re talking about more than 500 servers, and managing them one by one would be quite complicated.

GPO: How to Configure Password Policies

Thu, 02 Sep 2021 22:39:01 -0800

Introduction

In this post, I will show you how to create a GPO to meet the minimum requirements for password policies.

The first step is to access Group Policy Management.

Group Policy Management

Right-click on Group Policy Objects and select New.

Give it a name related to what you want to do.

Select the created GPO, right-click, and select Edit.

Within the computer settings, expand the following options: Policies, Windows Settings, Security Settings, Account Policies, and select Password Policy.

PowerShell: How to Create New Users in AD

Tue, 31 Aug 2021 22:39:01 -0800

Introduction

The easiest way to create users in AD is undoubtedly using Active Directory Users and Computers, provided you only want to create one or two users. But what if you want to create multiple users? In that case, I don’t think this method is the most suitable. For this, we will use PowerShell with the New-ADUser cmdlet.

There are multiple parameters we can use with the New-ADUser cmdlet. If we check the syntax, we get the following:

ADDS: Install, Configure, and Promote a Domain Controller

Sat, 28 Aug 2021 22:39:01 -0800

Introduction

In this post, we’ll see how to install the ADDS (Active Directory Domain Services) role and how to promote our new domain controller.

A domain controller will help us manage user authentication, apply policies, assign roles, and create administrative groups within our company.

To do this, it’s recommended to follow some prerequisites before continuing with the role installation.

We’ll need to assign a descriptive name to our domain controller.

GPO: Enable script execution.

Sat, 28 Aug 2021 22:39:01 -0800

Introduction

PowerShell script execution is disabled by default on domain-joined computers. If you attempt to run a script, you will receive a message stating that the policy is restricted.

Disallowed Scripts

As administrators, we may want to implement scheduled tasks to perform certain automations, so it is necessary to be able to run scripts without restrictions.

While it’s true that we can manually modify these values â€‹â€‹within the computer or bypass the script as shown in the image.

How to get a free domain with Freenom

Fri, 27 Aug 2021 22:39:01 -0800

Introduction

Let’s talk about Freenom.

Freenom is a domain provider where you can get free domains for a year. These domains work just like any other domain and are perfect for testing and development environments. Perhaps the only limitation is that you can only get domains that end in .tk, .ml, .ga, .cf, or .gq.

Note: I don’t recommend using a free domain for production.

Step-by-Step Guide

Go to https://www.freenom.com and create an account.

Active Directory: Delegation of Control.

Thu, 19 Aug 2021 14:00:00 -0800

Introduction

Scenario

Delegation of control in Active Directory can be very helpful when managing a large number of users from different locations. System administrators can delegate permissions to IT staff in different branches so they can manage users in their city. This is especially useful when permissions are delegated and your company doesn’t need everything centralized.

For this example, let’s consider the following: My organization is divided into three cities: Ensenada, Tijuana, and Mexicali, with the latter being the main headquarters. Each city has IT staff, and we, as IT administrators, want to delegate user responsibility to the IT staff in Tijuana and Ensenada. To do this, I’ve created a security group for each city: IT-Tijuana and IT-Ensenada. Within these groups, I’ve added the corresponding staff for each city. These groups will serve as the basis for delegating control to the desired OUs (Organizational Units).

GPO: Maintain the Domain Admins group or other groups as local administrators within computers.

Thu, 19 Aug 2021 14:00:00 -0800

Introduction

Situation

This is something I’ve seen in different places: sometimes, certain users with administrator privileges on a domain-joined computer delete the Domain Admins group or other groups required by the organization, whether for checking the computer’s status or for deploying software like SCCM.

One of the basic rules is: Never make users local administrators. However, if it’s necessary and you want to ensure that the desired group always has local administrator privileges on your computer, the solution is to apply a Group Policy Object (GPO) to handle this automatically. It doesn’t matter if the user deletes the local administrator group(s) from their computer; when a GPO is applied, it will automatically add the required groups back to the computer’s administrators group.

PowerShell: How to add all users from an OU to a security group

Sat, 14 Aug 2021 14:00:00 -0800

Introduction

Sometimes it’s necessary to add all members of an Organizational Unit (OU) to a security group in Active Directory, but how can we do this using PowerShell?

Solution

Run the following command:


Get-ADUser -SearchBase "OU=IT,OU=Networkingzone_Users,DC=NETWORKINGZONE,DC=NET" -Filter * |
ForEach-Object {Add-ADGroupMember -Identity 'Security-Test-Group' -Members $_}

As you can see in the image, I only have 7 users within the IT OU and in this example all users from that OU will be added to the “Security-Test-Group”.

KB on Mexicali IT

Zero-Trust Endpoint Isolation: Containment via Offline SIDs

Isilon OneFS: Immutable Data Protection against Ransomware with SmartLock (WORM)

Isilon OneFS: Transparent Cloud Tiering & Cost Optimization with CloudPools (AWS S3)

Isilon OneFS: Storage Efficiency - Implementing SmartDedupe

Isilon OneFS: Local Protection - Retention Strategies with SnapshotIQ

Isilon OneFS: Capacity Management - Implementing SmartQuotas

Isilon OneFS: Data Presentation - SMB Share Configuration and Permission Management

Isilon OneFS: Identity Integration - Access Zones and Active Directory Joining

Isilon OneFS: Securing the WebUI with SmartConnect and SSL Certificates

Isilon OneFS: The Magic of SmartConnect and DNS Delegation

Isilon OneFS: Unlocking Enterprise features (Licensing)

Isilon OneFS: Joining nodes to the cluster

Prerequisites (Quick Checklist)

Isilon OneFS: Protecting the Simulator on Hypervisors (NVRAM and Cache)

The Problem: Absence of Physical NVRAM

Umami: Solving Geolocation (City and Region) with Cloudflare Tunnels

Isilon OneFS: Virtual Cluster Deployment - Part 1: Installation & Initial Configuration

Phase 1: MAC, VLAN, and VM Configuration in Proxmox

GitHub: Hybrid Cloud CI/CD - Building a Zero-Downtime Pipeline with Self-Hosted Runners

Introduction: The Evolution of a Pipeline

Cloudflare: Cryptographic Security for Your Domain with DNSSEC

Umami: Deploying Umami Analytics with Docker

Why Self-Hosted over the Cloud version?

1. Environment Preparation

GitHub Actions: Optimizing CI/CD Deployments (From SFTP to Rsync)

Introduction: The Hidden Cost of “It Just Works”

TrueNAS: Enable Computer Management & OpenFiles Access (Access Denied Fix)

Proxmox: How to Resolve "Bulk Start Waiting for Quorum"

Proxmox: How to Import Hyper-V VMs (.VHDX) to Proxmox

Proxmox: How to Expand Local Storage (Remove Local-LVM)

Proxmox: How to Add Nodes (Hosts) to a Cluster

1. Retrieve Cluster Join Information

Proxmox: How to Add Active Directory Authentication (LDAP)

1. Add the Active Directory Realm

Proxmox VE: How to Apply a Valid Let's Encrypt SSL Certificate via ACME DNS

Proxmox VE: Post-Install Configuration using Helper Scripts

Proxmox VE: Bare-Metal Installation & Boot Partitioning Guide

TrueNAS: How to Apply System Updates

Step-by-Step Guide

1. Check for Updates

TrueNAS: How to Create an SMB Share Drive

TrueNAS: How to Join an Active Directory Domain

TrueNAS: How to Import and Apply SSL Certificates

TrueNAS: How to Create a New ZFS Storage Pool

TrueNAS: How to Install and Configure the Ultimate ZFS Storage OS

Introduction: What is TrueNAS?

Windows Server: How to Fix Software Protection Activation Errors

Windows Server: How to Configure Automatic Logon

Windows Server: In-Place Upgrade Guide and Compatibility Paths

Active Directory: How to Check Active Directory Health and Force Replication

VMware: How to Fix "Two Filesystems With the Same UUID Have Been Detected"

VMware: How to Install a New Certificate with an Internal CA

VMware: How to Apply Patches to vCenter Server

1. Login into VAMI

Leaving SaaS: Creating Your Own Telemetry Microservice with FastAPI and Docker

HUGO: Implementing Serverless Telemetry in Hugo with Lyket (Applause Button)

VMware: Installing VMware vCenter Server (VCSA)

Docker: Automatic Image and Log Cleanup

GitHub: Guide to Deploying Hugo CI-CD to a Server with GitHub Actions Monorepo

Security: Least Privilege Implementation

DNS: How to Enable DNS Debug Logging on Windows Server (and Why Be Careful)

VMware: Unable to migrate VM (Migrate button grayed out) - Resolved via MOB

Active Directory: Adding Windows Core as a Domain Controller.

Domain Controller in Windows Core

Why Choose Server Core for Your Active Directory?

Isilon OneFS: How a BBU Failure Brings Down Your Cluster (and the Risk of Forcing Recovery)

Moving FSMO Roles

Why is it necessary to move FSMO roles?

FSMO Role Function

1. PDC Emulator

2. RID Master

3. Infrastructure Master

4. Schema Master

5. Domain Naming Master

Summary of FSMO Role Functions

How Many Domain Controllers Should Have These Roles?

FSMO Role Verification

How to extend the disk when there is another partition in between

Introduction