Office 365 – monitoring SPO and Onedrive slowness

Monitoring SPO (and Onedrive!) performance and slowness: https://docs.microsoft.com/en-us/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online https://docs.microsoft.com/en-us/office365/enterprise/diagnosing-performance-issues-with-sharepoint-online?redirectSourcePath=%252fen-us%252farticle%252f3c364f9e-b9f6-4da4-a792-c8e8c8cd2e86 The F12 tool bar network monitor or using third-party tool like fiddler or equivalent SharePoint Online response header metrics (SPRequestDuration and X-SharePointHealthScore)      SharePoint response header information Ensure that you have the F12 tools installed. For more information on downloading and installing these tools, see What’sContinue reading “Office 365 – monitoring SPO and Onedrive slowness”

How to determine which version of .net framework is installed?

Reference: http://support.microsoft.com/kb/318785 Microsoft .net Framework is a software package that is used by many applications, it runs in a software environment as opposed to hardware environment. Free program called .NET Version Detector ( download here ). PowerShell: how to get version of .net framework on a remote computer: https://gallery.technet.microsoft.com/scriptcenter/Detect-NET-Framework-120ec923 To query the local Registry usingContinue reading “How to determine which version of .net framework is installed?”

Free Tools for System and Network or DB Administrators

Free tools for Windows sysadmin   – Find string if files on Windows: using findstr /s /i findstr /s /i /C:”provider=sqloledb” d:\dir\*.* Find and replace string in file (Find and Replace == fnr) : http://findandreplace.io/download other tool requiring also JAVE: FAR https://sourceforge.net/projects/findandreplace/ – Test SSL and TLS: https://www.qualys.com/sslchecker _Well-known online tools for network engineers: https://dnschecker.org https://www.whois.net/ https://mxtoolbox.com/ https://whatismyipaddress.com/ http://ping-test.org/ https://www.portcheckers.com/Continue reading “Free Tools for System and Network or DB Administrators”

How to configure Windows Event forwarding (WEF) ?

Introduction: In summary: Windows Event Forwarding allows for event logs to be sent, either via a push or pull mechanism, to one or more centralized Windows Event Collector (WEC) servers. WEF is agent-free, and relies on native components integrated into the operating system. WEF is supported for both workstation and server builds of Windows. WEFContinue reading “How to configure Windows Event forwarding (WEF) ?”

Recommendations concerning NTFS cluster size

Microsoft’s file systems organize storage devices based on cluster size. Also known as the allocation unit size, cluster size represents the smallest amount of disk space that can be allocated to hold a file. Because ReFS and NTFS don’t reference files at a byte granularity, the cluster size is the smallest unit of size thatContinue reading “Recommendations concerning NTFS cluster size”

Windows forensic: Sysmon

Download sysmon: NEW: Sysmon 10.42 is available ! : https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon and how to use it: WMI detections: https://rawsec.lu/blog/posts/2017/Sep/19/sysmon-v610-vs-wmi-persistence/ MITRE framework – sysmon coverage: https://attack.mitre.org/ Installation and usage: https://github.com/olafhartong/sysmon-modular https://github.com/ion-storm/sysmon-config https://github.com/SwiftOnSecurity/sysmon-config List of web resources concerning Sysmon: https://github.com/MHaggis/sysmon-dfir Motiba: https://blogs.technet.microsoft.com/motiba/2017/12/07/sysinternals-sysmon-suspicious-activity-guide/ Sysmon events table: https://rawsec.lu/blog/posts/2017/Sep/19/sysmon-events-table/ Mark russinovitch’s RSA conference: https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow Sysmon config files explained: https://www.bsk-consulting.de/2015/02/04/sysmon-example-config-xml/ Hide sysmon fromContinue reading “Windows forensic: Sysmon”

Event Logging policy settings in Windows Server/Computer

http://blogs.technet.com/b/askds/archive/2008/08/12/event-logging-policy-settings-in-windows-server-2008-and-vista.aspx

How to access the disks mapped through RDP?

Windows XP/2003/2012 and greater support drive mapping back to the client workstation during a Terminal Services (Remote Desktop) session. This means you can copy files from the server to the client and vice versa. Each volume (removable, fixed or network) available on the client workstation is mapped (A for drive A:, C for drive C:,Continue reading “How to access the disks mapped through RDP?”

Monitoring Event ID with Powershell or SCOM

Using Powershell: http://msexchange.me/2014/06/05/monitoring-event-id-thru-powershell/ http://community.spiceworks.com/topic/282720-powershell-event-log-monitor-email-alert-script-central-monitor https://vijredblog.wordpress.com/2014/03/21/task-scheduler-event-log-trigger-include-event-data-in-mail/ Using SCOM: http://jimmoldenhauer.blogspot.fr/2013/03/scom-2012-how-to-generate-alerts-from.html http://scomandplus.blogspot.fr/2013/02/creating-rules-to-monitor-security-logs.html http://thoughtsonopsmgr.blogspot.fr/2013/11/windows-event-log-monitoring-how-to-get.html http://opsmgradmin.blogspot.fr/2011/05/scom-monitoring-windows-event-logs.html        

Slow boots and slow logons – How to use Xperf,Xbootmgr, Procmon, WPA?

Troubleshooting slow logons: http://blogs.technet.com/b/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-1.aspx http://blogs.technet.com/b/askds/archive/2009/09/24/so-you-have-a-slow-logon-part-2.aspx Logon process: http://fr.slideshare.net/ControlUp/understanding-troubleshooting-the-windows-logon-process Tools for troubleshooting: http://social.technet.microsoft.com/wiki/contents/articles/10128.tools-for-troubleshooting-slow-boots-and-slow-logons-sbsl.aspx http://social.technet.microsoft.com/wiki/contents/articles/10123.troubleshooting-slow-operating-system-boot-times-and-slow-user-logons-sbsl.aspx And powershell: http://blogs.citrix.com/2015/08/05/troubleshooting-slow-logons-via-powershell/ Analyze GPOs load time: http://www.controlup.com/script-library/Analyze-GPO-Extensions-Load-Time/ee682d01-81c4-4495-85a7-4c03c88d7263/   How to use Xperf, Xbootmgr, Procmon, WPA? xperf;xbootmgr;xperfview comes from Windows ADK (Windows performance toolkit sub part). Procmon is a sysinternal tool. http://superuser.com/questions/594625/how-can-i-analyze-performance-issues-before-during-the-logon-process http://blogs.technet.com/b/askpfeplat/archive/2012/06/09/slow-boot-slow-logon-sbsl-a-tool-called-xperf-and-links-you-need-to-read.aspx http://social.technet.microsoft.com/wiki/contents/articles/10128.tools-for-troubleshooting-slow-boots-and-slow-logons-sbsl.aspx Other interesting articles: http://blogs.technet.com/b/askpfeplat/archive/2014/10/27/becoming-an-wpa-xpert-part-11-troubleshooting-long-group-policy-processing.aspx https://www.autoitconsulting.com/site/performance/windows-performance-toolkit-simple-boot-logging/ https://randomascii.wordpress.com/2012/09/04/windows-slowdown-investigated-and-identified/ https://randomascii.wordpress.com/2013/04/20/xperf-basics-recording-a-trace-the-easy-way/  Continue reading “Slow boots and slow logons – How to use Xperf,Xbootmgr, Procmon, WPA?”