Jason's Notes

Exhcange:  Connect-ExchangeOnline
Microsoft O365 Admin: Connect-MsolService
AzureAD: Connect-AzureAD
SharePoint Online: Connect-SPOService
SharePoint/OneDrive files and file security: Connect-Pnponline

Most laptops come with Windows license, but if you run Linux variant as your primary OS, you can still use the Windows OEM activation in VirtualBox, kvm, or what ever virtualization tool you use.

To retrieve the product key in bios.

sudo xxd /sys/firmware/acpi/tables/MSDM

Key will show at the end of the output

If you need to wipe out DNS cache for unbound after making DNS changes. Run this in Diagnostics -> Command Prompt

unbound-control -c /var/unbound/unbound.conf dump_cache

SSH into pfsense box

Install Flashrom

pkg install -y flashrom

Get firmware from https://pcengines.github.io/

fetch https://3mdeb.com/open-source-firmware/pcengines/apu#/apu#_v#.#.##.rom

Flash firmware

flashrom -p internal -w apu#_v#.#.#.#.rom

Reboot pfsense

Quick and dirty speedtest using speedtest.net’s service right on pfSense OS. This wont be most accurate especially on low end devices as the speedtest takes CPU cycles away from NIC interrupts. Best to do this test on client behind the pfsense router.

Install the speedtest-cli package from Diagnostics -> Command Prompt

pfsense Before 2.4.5
pkg install -y py27-speedtest-cli
pfsense 2.4.5
pkg install -y py37-speedtest-cli-2.1.1 
On pfsense 2.5.x
pkg install -y py37-speedtest-cli-2.1.2   
On pfsense 2.6.x
pkg install -y py38-speedtest-cli-2.1.3

Then run speedtest at Diagnostics -> Command Prompt

/usr/local/bin/speedtest-cli

I prefix this line on all PowerShell scripts that I know will be running on older PCs. Needed for Send-MailMessage, Invoke-WebRequest, Invoke-RestMethod, and probably more.

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Goal is to access inside network port, e.g a web UI to switch or firewall, within a protected network. SSH client could be any device that can run SSH client. I’ve done this trick with SBCs, Switches, AP, and other low end devices. Also assume you have access to SSH server that is publicly accessible. Please consider the security implementation of this before comiting. In my case this was temporary to recovery access to remote devices.

Example Diagram:

Run the follow command on SSH Client

ssh -f -N -T -p 222 -R 2215:10.1.10.1:443 username@1.2.3.4

-f  : run ssh client in background
-N : Do not execute remote command (port forward only)
-T : Disable TTY allocation
-p : port on remote endpoint. standard port is 22
-R : Port forward on remote host. [Port on remote endpoint]:[Destination host]:[Destination port]
user@ip ssh remote endpoint

After connection has been established, user at SSH server 1.2.3.4 can access firewall at https://localhost:2215

Windows 11 has many system requirements that are ‘soft’ and not actually needed to function. During install you can disable of these checks. (RAM, TPM, Secure Boot, possibly more)

1. Start Windows 11 install with boot media
2. shift+10 to launch command prompt
3. Launch regedit
4. Go to HKEY_LOCAL_MACHINE\SYSTEM\Setup and make new key labeled “LabConfig”
5. In LabConfig, add DWORD “BypassTPMCheck” with value 1 to disable TPM check
6. In LabConfig, add DWORD “BypassRAMCheck” with value 1 to disable RAM Check (4GB Min)
7. In LabConfig, add DWORD “BypassSecureBootCheck’ with value 1 to disable Secure Boot checking
8. In LabConfig, add DWORD “BypassStorageCheck” with value 1 to disable disk check (64GB min)
9. Close regedit and command prompt and continue install like normal. 

Windows 10 to Windows 11 in place upgrade, still use USB Install to start the upgrade.

1. Start Windows 11 install with boot media
2. shift+10 to launch command prompt
3. Launch regedit
4. Go to HKEY_LOCAL_MACHINE\SYSTEM\Setup and make new key labeled “MoSetup”
5. In MoSetup, add DWORD “AllowUpgradesWithUnsupportedTPMOrCPU” with value 1
6. Close regedit and command prompt and continue upgrade 

Alternatively, rufus has Windows 11 ISO download and bypass check built in.

Some reason Print Management Console is not installed by default on Windows 10 Pro and Windows 11 Pro on recent builds. Has to be manually installed. New Windows 10 & 11 Settings for printer is just garbage in my opinion. Use Print Management for real control of printer and print drivers.

DISM /online /add-capability /CapabilityName:Print.Management.Console~~~~0.0.1.0

After it is installed it can ran by searching for “Print Management” or running “printmanagement.msc”

Sometime is easier to set policy/security change via windows Local Group Policy editor than to look up specific registry key. Windows Home edition doesn’t include it by default but it can be installed! Works on Windows 10 Home, have not attempted on Windows 11 Home.

FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~*.mum") DO (
 
DISM /Online /NoRestart /Add-Package:"%F"
 
)
 
FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~*.mum") DO (
 
DISM /Online /NoRestart /Add-Package:"%F"
 
)