Monday, November 24, 2025

Sharepoint sync and lock issues - solutions

Sharepoint synced down to your PC by onedrive can have a ton of errors. It is caused by the simple dis-functionality of this badly thought out service but also by the fact that 10 people at one time can open one single document with various rights and do various actions on it. Imagine that one person wants to edit an excel rubric, while another wants to change it's colour and a third in the meantime tries renaming the document. In the meantime 5more users are having it open, some on the web some on their PCs. Few of them using a VPN from home, others are on the train wifi and some at work. Maybe also one user opens it up with excel 365, another with local office and the third with Power BI. I mean this shitshow has endless possibilities and something turning bad, is just normal.

So, first of all make sure that you are not running some old windows 10 with no updates. Make sure you are at Win11 and all are updated. Second, run a full sfc /scannow and a full dism /online /cleanup-image /restorehealth.

Before uninstalling, run these: %localappdata%\Microsoft\OneDrive\onedrive.exe /reset

C:\Program Files (x86)\Microsoft OneDrive\onedrive.exe /reset

C:\Program Files\Microsoft OneDrive\onedrive.exe /reset

wreset.exe

%localappdata%\Microsoft\OneDrive\settings

delete this : PreSignInSettingsConfig.json

Win+R= copy the command and run

Then uninstall one drive. Run again the SFC and Dism commands. Check again for windows updates. Reboot your PC. Download the latest one drive version.

Before installing, go on one-drive online and make sure that there are no sharepoint links in your personal one drive. So actually often end users place Sharepoint shortcuts into their personal one drive, when for instance a company blocks direct syncing. It is blocked because the know issues of non uniform hardware and software and crappy internet connections. If I had a full on 8gig fibre going on for 30 employees, working only from the office, with latest PCs and latest OSes, like in New York, there would never be any issues.
So again, it is crucial that there are no sharepoint shortcuts in personal one drive. Not even in sub-folders.

https://learn-attachment.microsoft.com/api/attachments/ff8b504b-09a4-447e-bc7b-9ff62cf676b4?platform=QnA

Example = don't do that !!!

So now you can install your one drive on your PC, add your account, go onto sharepoint and do a new share-point sync. Do not add shortcuts to your one drive. It will not only cause bugs and issues but poses security risks too. For instance, deleted files can end up in personal recycle bins. This can also happen on multiple ways. Accidentaly deleted files might not be recoverable and will disappear completely. Confidential files might end up in a the bin of all users who had the file open in the time of deletion. No one-drive shortcuts please !

Of course, if on sharepoint online, you cannot access a folder or a document, that is simply a right issues. In this case, you need to ask your sharepoint admin to give you the rights and place you into the security group accessing either as a member(RWE) or a visitor (RO).

It might happen, that you still won't get rid of the issue of sync and padlocks. Repeat the process but stop your antivius and open your firewall before installing and syncing. Also un-install your actual office and adobe reader !!! Very important !!!
Adobe hates long file-names and also long folder paths. If you had pdf visualizing enabled in your file explorer through adobe, what is automatic after installation, it might lock files, sporadically. The thing is that it does not lock only PDFs but excel or word files too. Adobe also hates file-sharing and collaborative work ! So you might need to replace it with kofax or other sort of pdf handler.

Sources:

https://support.microsoft.com/en-us/office/reset-onedrive-34701e00-bf7b-42db-b960-84905399050c#:~:text=Select%20Applications.,Clear%20data%20and%20Clear%20cache

https://support.microsoft.com/en-us/office/add-shortcuts-to-shared-folders-in-onedrive-d66b1347-99b7-4470-9360-ffc048d35a33

https://learn.microsoft.com/en-us/answers/questions/5380580/using-the-add-a-shortcut-to-onedrive-feature-in-a

Friday, November 14, 2025

TIME SERVER IMPORTANCE - Harmony is key

Recently I came across a situation , where an RDS server started having random issues of services braking, random rebooting out of the blue and users getting disconnected. At the beginning of course we were thinking of a network issue, like the usual DHCP and DNS problems or bandwidth and network down problems. Of course the logs started showing otherwise. Running w32tm /query /configuration , w32tm /query /status , w32tm /query /source , w32tm /query /peers , we have found that the actual time server is set to be a non existent long time turned off machine.

Time sync issues in worst case scenarios can cause the breakage of trust relationships, but mostly cause log-in issues, authentication problems not only for the users, but services and apps too. Scheduled tasks will break, especially if they were not local.

Often time server details are propagated by a GPO or the default domain GPO. Normally the good practice is that the actual main domain server (netdom query fsmo)gets it's time from a main continental time server like (redundancy: 0.1., then it should propagate to secondary DCs and other servers. So if the main domain controller is out of sync from the european time server, the infrastructure would be still in sync and issues would not come up. The most important problems occur when certain sections of the infra are delayed by more than 5minutes. It is rare, but did my research and it can cause some serious issues, especially on hybrid infra structures running linux and ms based operations, on premises and cloud in the meantime.

Our problem had risen from the fact that when server migration happened, they changed the server name and address. However I think it wasn't a service migration, but a hard VM to VM copy. Except that the main domain default GPO stayed as it was. Still set up for the old non existent time server.

At this moment, we did a risky practice, we edited the default GPO, then did a gpupdate /force on the 3 other servers. Would I have done the same if I had 80 servers ? Not sure !!!
Our idea worked. So I think, that it would work also for a big infra, except that maybe on the way of propagation, something would break and would need fixing. That is not an issue, as backups and snapshots are present. But, it should be done like during the general yearly downtime or during a 3 days long weekend.

Better Practice

Main Domain Policy GPOs have N°2 priority so setting a GPO above with N°1 priority is a more sustainable and secure practice.

First need to make sure that the PDC s time server has been set right:

w32tm /config /manualpeerlist:"fr.pool.ntp.org" /syncfromflags:manual /reliable:yes /update
w32tm /resync /force

Right-click the domain name → Create a new GPO
Example: "Time Configuration – All Computers"

Edit the GPO → Computer Configuration → Policies → Administrative Templates → System → Windows Time Service → Time Providers
Configure:

Enable Windows NTP Client
Type: NT5DS
NtpServer: leave empty (clients follow DCs)
Link the GPO at the domain level (top-level link)
This applies to all computers and servers in the domain

Then you must either wait 15 to 30min or run a gpupdate /force and maybe a w32tm /resync on each server. Than you can check your results with w32tm /query /source or w32tm /query /status.

(Please note that in some cases DCs are stubborn, so while your new time server might propagate down to everything including all servers and PCs, DCs would still not be updated. In this case you simply need to create another GPO applied to the Domain Controllers OU ! )

Tuesday, August 5, 2025

Create a CUPS / Linux Print Server

# Download debian net inst ISO
https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.11.0-amd64-netinst.iso

# Create a bootable USB stick
```bash
sudo dd if=debian-12.11.0-amd64-netinst.iso of=/dev/sda bs=4M status=progress oflag=sync
```

# Update
```bash
sudo apt update -y && sudo apt upgrade -y && sudo apt autoremove -y
```
# Install Printing Service
```bash
sudo apt install cups
sudo apt install avahi-daemon
sudo systemctl enable --now avahi-daemon
sudo ufw allow 631 # if using ufw
```

## Cups
Cups is accessible from your browser:
http://localhost:631

**Add admin access**
```bash
sudo nano /etc/cups/cupsd.conf
------------------------------
# Listen on all interfaces
Port 631
Listen 0.0.0.0:631
ServerAlias *

# Enable printer discovery on the local network
Browsing On
BrowseLocalProtocols dnssd

# Access control for general browsing/printing
<Location />
Order allow,deny
Allow @LOCAL
</Location>

# Access control for the admin pages
<Location /admin>
Order allow,deny
Allow @LOCAL
</Location>

# Access control for the admin operations (adding/removing printers)
# <Location /admin/conf>
# AuthType Default
# Require user @SYSTEM
# Order allow,deny
# Allow @LOCAL
# </Location>

------------------------------
sudo systemctl restart cups
```
**For usb printers, we might need two print tools**
```bash
sudo apt install printer-driver-gutenprint foomatic-db
# we can install ssh access too
sudo apt install openssh-server
# On both client and server
sudo systemctl restart cups
sudo systemctl restart avahi-daemon
```

## Install Printer Driver if needed
*I am using an old usb printer Brother L2310D*
*This is the main reason for my print server*
*My new box, cannot handle task forwarding on it, like the old Freebox*
https://support.brother.com/g/b/downloadlist.aspx?c=eu_ot&lang=en&prod=hll2310d_us_eu_as&os=128#SelectLanguageType-10283_0_1
*By clicking on the driver, all the instructions are there.*
*Normally we don't need to do this*
```bash
# This can work too
sudo apt install printer-driver-brlaser
```

# PCs that want to print need to have these installed
*normally it is the case for ubuntu / debian / fedora*
```bash
sudo apt install cups avahi-daemon printer-driver-brlaser
sudo systemctl enable --now cups
sudo systemctl enable --now avahi-daemon
```

Finally you also have to make sure that your PC is not simply looking for a printer on another PC, because this will cause printer confusion. It should look for a print server, so the printing data will be comprehensible when it arrives to the printer. Normally on windows I especially for a network printer I would use a specific driver on the server and generic drivers on the clients. Often in Linux this is not possible, because the generic driver installs come back with an error.

```bash
sudo nano /etc/cups/client.conf
----------

ServerName 192.168.1.83 # your printserver IP

```

So now, normally, when you simply do a printer search your PC should auto detect the printer.
Normally, even windows devices would be dtecting it.
If not, just add printer and try using IPP.
If not, use the TCP/IP section and add your servers IP.

Friday, June 27, 2025

Install Linux on latest DELL laptops - I9 185h / 285h - Part 2

Even if it is not about some real professional stuff, I already have posted this article on linkedin.

I have tried and tested every single option proposed by chatgpt, perplexity, deepseek, dell website, youtube, reddit, dell forums, laptop forums and the linux did not want to go up. I did the latest 1.15 bios update too a couple of days ago. I was on the verge of uploading a custom BIOS and probably doing irreversible damage to my PC, but Windows was driving me crazy. When you turn off your PC and it does 1hour of updates before you can close the lid, then doing the same when opening up, is just nuts. When your base memory is 5gigs, you don't do anything come back in an hour and it is 12 ? When running a VM and you have only 2 gigs of memory left ? When looking for a setting and windows property search is not indexing it ? I mean it is just endless pain in the back. You open your PC and want to work right away. When want to install, update, customize, download, launch, I don't want to think about that stuff. Just do it and if it does not work, I find another solution in seconds. Like I downloaded yesterday onto my linux an apt based keepass2 and it was buggy. I did the same with keepassXC and was perfect. Uninstalled keepass2. IT took me like 1min thirty. In win11 just to go to the website and download and install would take way more.
My new linux distro was also up in under 7minutes ! Windows still takes nearly an hour if installed from zero ! Anyways, just to show you how awesomely relieved I am that my win is off and my kubuntu is up !

------------------------------------------------

I tried at least 6 linux distros, custom kernels, custom drivers for intel and dell. It still did not went up. Normally, without messing around, a simple solution of secure boot off, disk management from RAID to AHCI swtich and a linux should go up on any PC. Intel, AMD, ARM what ever. No it did not !

We talk about a brand new PC Dell 14 Plus 7440 32gb lpddrx Intel I9 185h. The PC was produced this april 2025 ! When I went to the reddit forums, I found a lot of issues and complaints about these new intel Dell laptops. Especially the GEN1 GEN2 I7 I9 ones ! 13th and 14th gen I5 I7 I9s have no real issues nowhere and they are well supported by LTS distros too.

So what was my problem ?

This is an SKHYNIX branded bloody expensive dell NVME. It costs 188€ on DELLs website. IT comes with a long heatsink, but the actual thermal sponge is glued to the dell sticker. Not sure what a BPA coated paper can do in case of heat transfer. Very funny ! Anyways, my laptop was having this as the original NVME. The original price of my laptop was 1299€ and with some discount it was sold for 999€. I also had some extra codes and DELL points so I paid 889€. If we followed the price tag of this SKHynix NVME and the price tag of Windows, I could have gotten this PC for under 600€ and by my own NVME.

This is what I did. I actually just bought a 990 Pro from Samsung, as this is the most reputable NVME on the current and past market. I have an old 970 EVO in AMD PC and it runs like a Nordictrack treadmill.

I installed it and there was no bios lag on recognizing it ! My windows install did not need extra RST driver load to recognize the NVME ! One point to that ! I did this just to test my theory !
I made a Kubuntu 25 USB with balena etcher, what has also actually failed on both of my Windows machines, so I went downstairs, onto my linux tower and burnt it on that one !

Guess what. I took 6minutes and 45 seconds to install Kubuntu on my new laptop, with absolutely zero hiccups ! No questions, no issues, no nothing !
Since last night, I am relieved, that my laptop is blazing fast, with less heat, half the memory use, half the space use for the os and components, 1/50th of update and upgrade times and much more !

Thank you linux and thank you DELL !

PS.: I also recently purchased a replacement laptop for my wife. A Dell 16" Inspirion with Ryzen 7 8840. I turned simply off secureboot and the Kubuntu went up in even faster time than on the Intel ! Strangely from a less powerful PC with less and slower memory !

Sunday, June 22, 2025

Install Linux on latest DELL laptops - I9 185h / 285h

Installing Linux is a pain in the back on these new machines. Here is what can prevent you from doing so and how to correct it. I am using a DELL Inspirion 14 Plus with I9 185H.

Sata Mode
Secure Boot
Microsoft UEFI Certificate Authority
TPM
SMM
WSMT

SMM and WSMT are both, features that you might find in BIOS. Often one or the other. Unless you custom load BIOS settings from skratch, or flash on total custom BIOS, these settings are not changeable. They also might prevent you from installing Linux, but newer Kernels support these. "Normally".

It is time consuming, but if it was me, to keep most of the possible security features on, I would start changing these settings one by one.

Step 1
Download Dell Command Configure

Step 2 - try it without at the beginning
Set BIOS admin password. You might need it, to accept changes. I simply would use either 4 digit pin or a a max 6character password for home users. For a pro environment I would definitely go with a classic 12 character, number, upper and lower case, Special Character option. Be careful with keyboard setup !

Step 3
Run Dell Command Configure Prompt. Start with setting your sata controller from Raid using Intel RST, to AHCI. Then try installing your linux distro. This is the most usual cause of Linux not going up on your new DELL Laptop.

Step 4
Ubtuntu, Fedora, Mint, but even Debian supports secure boot. Normally ! If it still is messing up your install: Turn off secure boot. This one can be done from BIOS itself.

Step 5
Disable Windows UEFI Cert - Well, it might be necessary and most possibly just in case something went wrong, you won't be able to secure boot your deice, if you installed linux with these two features off.

Summary of Commands

Add this before your commands, if you've set password:
cctk --valsetuppwd=MyBiosPass123

Your commands should look like that:

cctk --valsetuppwd=MyBiosPass123 --embsatara=ahci
cctk --valsetuppwd=MyBiosPass123 --secureboot=disable

SATA Mode → AHCI    cctk --embsatara=ahci
Disable Secure Boot    cctk --secureboot=disable
Disable MS UEFI Cert    cctk --securebootmode=custom
cctk --deletepk
Disable TPM    cctk --tpm=off
Clear TPM    cctk --tpmclear
Disable SMM / WSMT    cctk --smmsecuritymitigation=disable

At the moment of this article, I could disable everything I wanted. I did not find a way to disable security mitigation, without doing a drastic action on my BIOS. I will come back to see, if a new linux distro will go up flawlessly or not. I just have ordered a new 2TO 990pro from Samsung. I hope for the best, cause I can't get the use of Windows anymore....

Please note that Dell Command Configure is available on Linux. Except, that it also has a GUI interface on Windows and there are many many options that will be denied if you did not use that. Setting RAID sata mode to AHCI is straight forward, but all other functions might fail !
Why not just go with a R9 AI PC instead of Intel ? If you wanted to focus on virtualization projects, running multiple low level systems, you need a lot of cores. But we talked about a laptop, so when you need to run low level stuff, your battery life could be still excellent ! No thunderbolt port on AMD pcs ! The new thunderbolt 5 can run 3 4K monitors at 144hz, while charging and having internet, headset, keyboard and mouse all plugged into one single dock ! Finallyggt now, DELL has limited options on R9 pcs not coming with LPDDR5 and without PRO feature ! Why Dell ? Cause I need physical quality and I have been seeing Lenovo, HP, Terra breaking like pretzels.

Thursday, May 22, 2025

Windows File Server User Acces Control - Basic ICACLS use

Before we apply any sort of folder permissions, we should save the actually applied permissions. Here are the commands to use and just in case anything goes wrong, you re-establish the previous permission.
In your home, this can be important if more than one person is using the PC.
In a work environment, this is crucial to do, as if anything goes wrong, you might be in big trouble.

In case of the file name, I would use the date inside the filename, so you know when it was modified. I also would use some sort of identification to know where it was applied. You might leave it in the top folder, hidden from users. You should not pollute though. Probably it should be deleted, if you assured that everything is cool !

Save Folder Permissions: icacls "D:\Path\To\Folder" /save perms.txt

Save Folder Permissions Recursively: icacls "D:\Path\To\Folder" /save perms.txt /T # for recursive

Restore Folder Permissions: icacls "D:\" /restore perms-john.txt

Verifiy folder permissions:
icacls "D:\Path\To\Folder"

Tuesday, May 20, 2025

Windows Update Button / Option disappear - update from powershell

An old problem has started popping up recently on Windows PCs after certain updates. I have seen this on Win11, but mostly on Win10 PCs. Updates stop, Windows update search button disappears and the actual circling double flash windows update sign shows an exclamation mark, that something is not right.

No panic ! Instead of trying all sorts of stuff of get that back, you just need to be patient. The next couple of updates will be probably correcting this issue and your windows update button and the appearance of Win update page will be the same.
However, there might be some steps to do, before you can launch your update. I really recommend, that instead of messing up your registry, searching for third party Non-MS solutions, uninstalling and re-installing updates, drivers, direct-x and more, you just do a full on windows repair, then update your current system.

Start by launching this script. You can copy it to ISE, or right click launch it as admin. Make sure that script execution is allowed. Just search in the search-bar: "script execution":
https://github.com/iv3l/PowerSHell-Scripts/blob/main/disable-non-essential-services.ps1

I have written it to stop non essential services for the being of all operations. After each restart, you need to launch it, as it won't disable the services, but stop them for the current session.

The you launch a dism and an sfc, then a reboot. These 3 commands one after another:

DISM /Online /Cleanup-Image /RrestoreHealth
sfc / scannow
shutdown /r /t 0

Depending on a lot of things like, how long have been the windows installed and untreated, on your network connection, speed of your disk and nvme drive, cpu, memory, space available, DISM might be slow, and it might take 2hours. For me on the I9 185h with GEN4 NVME and 32gb LPDDRX 6400 it takes around 1 to 2 minutes as an example.

Your PC has been restarted, now you reuse the firs script to stop services. Also please stop all non essential software too. You need to stop Dropbox, GDrive, Sticky Notes, Outlook, alll and everything.

The next thing is to update all your firmware. Most employees doesn't care about firmware updates and then they got their PC stop after an update. An OS install will fail. The PC will have program compatibility issues, like an endpoint manager will freeze the PC if running with the latest updated Ms Office package. These weird mishaps never happen on Linux, but Windows is an extremely sensitive system. All sorts of issues pop up if your system is not upgraded, but also it slows your system down. It can make updating your system the next time hell too, if you did not do anything for 2 years. I have systems with 100Gigs of obligatory windows update, just to be enough up to date on Win10, to be able to migrate to Win11. I mean with a connection speed of 2 to 20Mbps, this might take basically a week. I must keep these PCs intact, cannot just wipe them.

Now, that your firmware is updated and your PC is restarted, you run the first script again, to stop all non essential services. Then you again stop all of your programs. Here is a second script that will prompt you to install the updates. Again run ISE as admin or run the .ps1 script as admin. Your choice:
https://github.com/iv3l/PowerSHell-Scripts/blob/main/prompted_win_update.ps1

The script normally covers the installation of dependencies and initial calls of modules, but it might fail. Though it never happened to me. If you don't download it but copy it, make sure that that comments are in good condition as in some cases they do not show up as commented lines and launch as commands, what can be scary at first, giving you red error messages.

I case you don't want to mess around with my script, you can download and install the updates yourself, running these in powershell, one after another:

Step-by-step:

a. Open PowerShell as Administrator, then install the module:

Install-Module -Name PSWindowsUpdate -Force

b. Import the module (if needed):

Import-Module PSWindowsUpdate

c. Check for updates:

Get-WindowsUpdate

d. Install updates:

Install-WindowsUpdate -AcceptAll -AutoReboot

This way you won't need to worry about your graphical interface based windows update, until the option comes back and your windows will do update itself. After the initial SFC and DISM commands, verify that you might already got back your win button. If not, wait for the KB corrections and major updates. IT might take one or 5. Run these each Wednesday and each Sunday morning.

Saturday, May 17, 2025

INSTALL GITHUB IN POWERSHELL

Storing and accessing your work anywhere is great. You can use a blogging platform, cloud storage like dropbox, proton drive, or you can simply have a usb key. I am now to github and gits, I don't yet 100% get the concept, probably because I don't do programming, versioning, roll backs and don't work in groups either. I have been using gists for a while for publishing my work done on hackropole projects.

https://gist.github.com/iv3l

However, for work I need to use batch scripts and powershell scripts outside of simple commands, than I also am working on an opensource infrastructure project that I will try documenting there too.

So, if I understand well, we can have a sort of shared directory on the PC, that is synchronising with github, so we can have always the latest up to date data available. We also can pull data if needed. I beleive that at this moment, this is a very shallow understanding of the power of gits, but we have to start somewhere.
Of course, you need to create a github account before and also it is recommended to get familiar with the actual interface.

So let's install this into powershell:

winget install --id Git.Git -e --source winget

After relaunching powershell, verify with this cmd, that all good:

git --version

Check if it is really on your path:

$env:PATH -split ';' | Select-String git

Import a git library and make it syncro:
( first create a new repo on github, so you have something to install on your pc: mine is : Powershell Scripts)
(go to your desired directory)

git clone https://github.com/your-username/powershell-scripts.git

To syncro your directory with github:

git add .
git commit -m "Add initial PowerShell scripts"
git push origin main

Manual Windows Update From PowerShell

I am so used to linux that I was looking for a simple solution in windows to do $ sudo apt update -y && sudo apt upgrade -y . From Powershell or from commandline.

Normally first we must install the windows update module. Then load it into powershell. Then Launch it to search, then launch it to update . A little more complicated, a little longer and way slower than apt update and apt upgrade. But it works.

Step-by-step:

In some cases, when windows update in GUI doesn't want to install or it causes problems, stops, misbehaves, in powershell we can still run them.

HERE IS A POWERSHELL SCRIPT FOR A FULL ON UPDATE PROCEDURE

Please allow script execution before !

 # Ensure script can run by temporarily setting execution policy
Try {
    $currentPolicy = Get-ExecutionPolicy -Scope Process
    If ($currentPolicy -ne 'Bypass') {
        Write-Host "[INFO] Setting execution policy to Bypass for this session..."
        Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force
    }
} Catch {
    Write-Host "[ERROR] Failed to set execution policy: $_"
    Exit 1
}

Function Write-Log {
    param([string]$Message)
    $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
    Write-Host "[$timestamp] $Message"
}

# Check for admin privileges
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
    [Security.Principal.WindowsBuiltInRole] "Administrator")) {
    Write-Log "ERROR: Please run this script as Administrator."
    Exit 1
}

Write-Log "Starting Windows update check..."

# Ensure NuGet and PSWindowsUpdate
Try {
    If (-not (Get-PackageProvider -Name NuGet -ErrorAction SilentlyContinue)) {
        Write-Log "Installing NuGet..."
        Install-PackageProvider -Name NuGet -Force -Scope CurrentUser
    } else {
        Write-Log "NuGet already present."
    }

    If (-not (Get-Module -ListAvailable -Name PSWindowsUpdate)) {
        Write-Log "Installing PSWindowsUpdate module..."
        Install-Module -Name PSWindowsUpdate -Force -Scope CurrentUser
    } else {
        Write-Log "PSWindowsUpdate module already present."
    }

    Import-Module PSWindowsUpdate -Force
    Write-Log "Module imported. Checking for updates..."

    $updates = Get-WindowsUpdate

    If ($updates.Count -eq 0) {
        Write-Log "No updates available. Your system is up to date."
        Exit 0
    }

    Write-Log "The following updates are available:"
    $updates | ForEach-Object { Write-Log " → $($_.Title)" }

    # Prompt the user
    $confirmation = Read-Host "`nDo you want to install these updates now? [Y/n]"

    If ($confirmation -eq "Y" -or $confirmation -eq "y" -or $confirmation -eq "") {
        Write-Log "Installing updates..."
        Install-WindowsUpdate -AcceptAll -AutoReboot -Verbose
        Write-Log "Updates installed. Reboot may occur automatically."
    } else {
        Write-Log "User cancelled update installation."
        Exit 0
    }
}
Catch {
    Write-Log "ERROR: $_"
    Exit 1
}

Saturday, May 10, 2025

Dell Inspirion 14 Plus - I9 185H - Linux Kernel Compatibility ?

Did I go wrong with this Laptop, was the question of the first day with my new toy. It came with windows family preinstalled and without giving a thought, I installed the latest Ubuntu on it. Nothing went fine. I am used to installing Linux on new PCs ready to go in under 30minutes. Took 90 this time ! Then the running of it was the same. Some programs installed in a second, then others took an hour. I was able to play 4K videos , but struggled opening up tabs in the browser. I was having the latest kernel, all updated, drivers and so, but nothing seemed to be working. No surprise, as actually I never could make Ubuntu up and running correctly on any device. I used a Macbook pro late 2012 and tried, finally went with Manjaro for years without one single reinstall or issue. Then I have also my R5 5600G, Asrock based desktop. Also my first choice was Ubuntu, If remember well that was version 22. Nothing worked out and I often had freezing with tiling and hot corners, and blacking out from python scripts. I have the Bookworm running on it since with not one single hiccup ! Then had Dell 7280 or something like that with a 4core old I7 in it. Again, Ubuntu dirtied itself multiple times in the first week, so the Fedora did a good job keeping that PC up for 2 years before selling it. I had the same experience with an old Lenovo too, where strangely the Ubuntu based Linux Mint took charge of the PC and doing it so since. A couple of weeks ago I had a 13450HX based DELL G15 coming in with Ubuntu, 22 preinstalled. I went with it, wow, could not even stand up the DELL pre-isntalled base system for more than 15seconds, before the first freeze. Then installed the latest U25 and again loads of issues, with nothing working on it, while Debian stood up right away.

So the DELL Insprion 14. I went first with Ubuntu 25 latest, to satisfy my hardware needs. As the I9 Core Ultra 185h is a 2023'Q4 Gen 14 CPU and my PC was produced in 2024 December. I need the latest Kernel and latest drivers. Wow, all sorts of issues popped up with it. Sudden blackouts, freezes, wifi drops, network drops, slow slow install speeds. Then installed, Ubuntu server and topped it with lightdm and cinnamon no-flavor. This one was better, but finally the install speeds were so slow, with sudden workflow drops and very slow program starts, that I needed to try a new thing.
Fedora 42. It was very promising, really, I kept it for 24hours. I installed GIMP, Inkscape, VirtualBox, Libreoffice, all the Python labs and all sorts of programs in a second. Used them and watched a couple of films. Then, installed VMWare and it took and hour. Then did a big update, it took me 70minutes. Then the browsing started to get out of hand with latencies. All updated, all great, all running. I was doing the firmware updates. Nothing made it work. Normally 6.8+ kernels are good, so running a 6.14 would be even better. I ran the base one and when did the big update, It went up to 6.14.5. Having still issues.
Final essay ! Debian Trixie. Nothing worked out fine, with this release either.µ

Is my laptop broken ? I tried with all sorts of boot options, messed around in the BIOS. I updated everything. Everything is perfect. I tried different distros, kernels, drivers. I mean, on a second try, I always succeeded to install ever lasting distros, since 2014. Always ! Second try ! Always !

---------------------------------------------------------------------------------------

I reainstalled Win11. Wanted actually !
You need this on a second USB-Key when you install windows:

https://www.intel.com/content/www/us/en/download/849936/intel-rapid-storage-technology-driver-installation-software-with-intel-optane-memory-12th-to-15th-gen-platforms.html

The Rapid Storage Technology driver. If not, WIN11 won't see your GEN14 or GEN15 core ultra storage devices.
You, have to get into a windows pc to download this. I fired up a VM. Downloaded the driver. You have to extract the driver from the exe file using CMD Line:

- SetupRST.exe -extractdrivers "extracted_rst"

If it won't work use -extract or /extract, but normally the -extractdrivers works fine !

In your extracted driver directory, you go down till VMD folder and this is what you'll copy on your secondary USB drive.

Keep, the "hide" drivers ticked, your VMD Controller must show up automatically in the list !!!

-----------------------------------------------------------------------

So, what could have been the problem with even the latest linux kernels ? I think that Fedora's firmware updater could not pull the latest updates for my PC. It did a Bios Update and installed some stuff in addition, but for this DELL combination it was not enough for flawless kernel execution.

The DELL updater actually did some other deep firmware updates. Including BIOS. Then it pulled all the latest drivers. The interesting thing is that it also asked me in a second driver release just a couple of days after, if I wanted to remove all previous driver versions and do a clean install.

I am nearly 100% sure, that after these firmware updates, I would be able to stand up a more than capable Fedora 42.
I will actually, keep the Windows 11 for now. Maybe for 1 year. I will see how the Debian Trixie Performs when the stable version will be out this summer. I also will see how the Win11 / Dell updater will keep on updating my firmwares, including BIOS. Then will pull on the Trixie.

----------------------------------------------------------------------

Why am I better off with a Linux ? First of all is CPU, memory and laptop battery use. Windows right from the start uses 12gb of memory. A solid Debian uses not even 2gigs ! That is a serious inefficacy problem. Than there is of course CPU. In case of a laptop this is crucial. I can run for instance nearly 20°C less temps on my R5 Desktop and also 15°C less temps on my previous DELL G15 if Debian was used. Even 5°C less constant temperature would be great, but 15 to 20°C means less fan usage, less heat build up, less issues.
Yesterday I have seen a 16 inch, I am not sure any more Lenovo or Asus laptop, that had only Core Ultra I7, but gen 2/15 for the same price as my Dell. The good thing was that it came with Sodimm DDR5s, so I could have updated it up to 64/128gb . As I virtualise a lot, until I don't have Linux running that would have been a better choice. However I also need battery life. A 120HZ 16" screen paired with an RTX4060, especially if WIN11 was obligatory, the battery usage would be way too high. I already have tried laptops with NVIDIA cards, from multiple brands. In best cases, battery life is around 3 to 4hours max. With my Core Ultra I9 185h and 14" 90Hz screen I can go for 7 to 10hours easy and when Linux will be going on it, probably it will be 1.2 to 1.3 times as much. When we can see Snapdragon laptops scratching the 30hours mark, with extreme efficacy, a laptop with sometimes sub 1h battery life is nothing useful.

Thursday, May 8, 2025

The ultimate guide for a multi screen work set up

Before I wanted this for myself, I was completely unaware of all the nuances that go into the building of a quality home office. From data speed, to connection type, to the type of processor, memory and screen quality, you need to think about everything. If not, you might buy a bunch of stuff and you'll have 2 or 3 parallel screens showing the same thing.

So first of all, you must chose your PC right. That is crucial. Actually we will focus on laptops here as in case of a PC, what you simply need is a powerful video card with enough monitor ports and that is it.

So, in case of laptops, if you wanted to future proof your system, but also wanted to make it simple, I would only go with Intel based laptops. There is USB-C 4.0 coming to newer laptops, but it's 40gbps speed is not transferable to DisplayLink capabilities. So even with the latest AMD Ryzen AI 9 laptops, you won't be able use one single dongle, to bring out quality image onto multiple moniotrs, but to also be attached to multiple peripherals.
If you don't know what I am talking about, let me clear you.

There is USB-C port with DisplayLink protocol, to transfer an image, that uses way more CPU/GPU, then a thunderbolt port. It has most often 5 or 10gpbps max speed. Often we can find 2 or more on laptops not having a Thunderbolt port.
Then there is Thunderbolt, Intel's native port of 40Gbps speed multi transfer protocol and we can also find at least 2 on most high end laptops. It requires for it's functioning way less CPU/GPU load.


The Display Link capability - that you can often see over USB-C ports.

So, if you wanted to get eye-friendly, you must also choose 2 quality monitors. I would recommend either a 24 or 27 inch screens, that has 2, 2.5 or 4k resolution. At least 75hz vertical refreshing rate, but 100 or more would be even better. Low blue light and AntiFlicker features and a matt screen surface. If you worked with text, writing, coding, home labs, screen clarity and screen sharpness will keep your eyes fresh. The more you must force your eyes to read a character or the more you must blink to reduce eye fatigue, the least productive you'll be. So buying a cheap 27 inch screen with HD1080P, just because it is 27", won't do any good for you.

So if you wanted to run 2 24" or 27" inch screens at 2K or 2.5K at 100Hz, well, here is the first hiccup, if you chose only Display link/USB-C for your laptop. You cannot, due to limited transfer speeds and dock speeds !!! Each display needs around 9.3 Gbps raw bandwidth speed, while your usb-c has 10gbs max!
So imagine, that if you had this limitation, but in the meantime, you wanted to plug in an external HDD, charge your phone and use your keyboard and mouse on the dock too, you would be slowed down drastically ! What if you wanted to charge your laptop in the meantime, but have internet connection going through that same cable too !
Now you understand your data transfer rate limitation importance.
When you have a thunderbolt port and a thunder bolt dock, you arrive anywhere and you plug in one single usb-c thunderbolt cable !
When you have a display link pc with a display link alt mode docker, well, for full functioning, you might plug in your keyboard, mouse, RJ45 into your PC and the usb-c is used only for the 2 screens, but even in this case, you won't be able to run them at 100Hz !

So now, there is the docking device. You must choose your monitors well, because due to my experience, docking devices that can support Thunderbolt 3/4 and running 2 monitors at high refresh rates, while supporting 130w or more laptop charging, coming rarely with 2 HDMI ports. Often 1 HDMI and 2 or more Display ports. This simply means, that you have to add 20 or 30bucks more to a similarly capable only HDMI monitor price. Choose a monitor that supports display port !

Then there is the compatibility, flickering, transfer issues, latency, firmware updates, number of ports and more. I highly recommend to buy the same brand of laptop with the same brand of docking device.
Asus has the Thunderbolt Master 5 or the Tripple 4 Dock. Lenovo has the Thinkpad Thunderbolt 4 with 100 or 230W charging. Dell has the WD19TBS and the WD22TB4.
Look around amazon if you wanted, to find 3rd party devices. Look at the comments and you'll see that there are always some comments about incompatibility. You might not have issues, or you might ! Having two monitors and a laptop, than a docking device giving you hell. Go for the obvious choice !
---------------------------------------------------------------------------------------------------

What laptop would I choose ? Intel came out with Thunderbolt 5 already, whopping 80 to 120gbps transfer rates. Meaning, if docking stations catch up, you might be able to use 3 27"/32" 4k /8k monitors at 75 to 100Hz refresh rates. The importance of this in case of eye strain is enormous. Pixel density, high hertz, and picture quality is essential.
If battery life, size and money weren't an issue, I would go with the HP ZBook Fury G11 16" - NVIDIA RTX 4000 Ada, 128gigs of ram. It would be around 6000€, having the latest GEN14 I9 14900HX and an RTX4000 with 12gb of vram. Probably with like 1h battery life at heavy works with it's 95Wh battery but 230w charger !
Then at lower budgets, There is the Thinkpad Gen13 Carbon X1, what has also Thunderbolt 5. It comes with the latest Core Ultra 7, so battery life will be way more elevated. I would prefer this one actually. It is exactly half the price, it has half the memory, but 64gbs is more than enough, especially at 8553 speeds. It has integrated graphics, so no GPU will be draining the battery and way lighter. Extremely solid device. If you do only some office work, writing, research and would not need heavy duty specs, there is the latest Galaxy book, what if I am not mistaken, also comes with Thunderbolt 5. It has only 16Gb ram, so I would for sure not use that device with Win11.
---------------------------------------------------------------------------------------------------

So the final verdict, while also posing 2 questions. What did I choose, did I regret it, what about the OS ?

I went with a budget PC. A DELL Inspirion 14 Plus 7440. It has very limited ports, so I already have a USB dock with it. However, it has the Thunderbolt 4 port, so using one single port with a docking device is charging my PC, splitting my screen output to three, giving me internet, mouse and keyboard too.
It has the GEN 14 2023'Q4 I9 Ultra CPU / 32gb of Lpddr5 6400. This is where the problems start. For me at least. This CPU is way too new to make any linux distro running on it with zero hiccups. I don't like suffering and hiccups, incompatibilities, freezing and unexpected crashes, slowing down and so. On my R5 5600G Desktop, I have this habit of running Debian 12 with a solidity of the best Tank you've ever seen. I virtualize daily, using a lot of scripts in my VMs, I often install and uninstall modules to test out stuff, do use Gimp, basic apps like libre office, mailing and browsing, with tons of tabs open and 7-8 apps running in the meantime of the VMs. It never ever crashes, stops or does anything unexpected. Never !!!
I installed Ubuntu on my new laptop. Tinkered around with, tried to find a solution. Had loads of issues, out of the box. Then tried Fedora. It worked for an hour, then started having issues. Then finally tried just in case, Debian Trixie. All of these distros had major issues of software crashing, some software installing so slowly, that for instance VMware Pro took 90minutes, while it's function was instantaneous. The next article, I will describe all the issues and solutions I tried. Then, went for the obvious choice. Win11, that did not want to install either. So I had found out, that I need to pre-install the RST driver, but the good one and not even the recommended one, but the latest one. Then of course, I needed to install all the drivers, do all the windows updates, all the mess I dislike about windows. Then of course I wrote a script to delete, uninstall and disable all the mess windows installs and proposes out of the box. I have a windows family key booted on the Bios, so it basically now works fully functionally. Except the WIFI. The Dell updater did not do a good enough job, to find the latest update, so I had to pull it down manually from Dells website.
This is to say, if you wanted a high end PC with linux running on it with zero hiccups, choose a Core I7 VPRO or CORE I9 probably going with either Gen12 or Gen13.
I never ever had found a way, to run ubuntu with it's GNOME on any of my PCs. Freezes, shutdowns and unexpected actions were always and always present. Running Debian, Fedora, Mint, Manjaro or even ARch ? Well Zero issues !

Thursday, May 1, 2025

Failed - Virus Detected / Impossible a télécharger - Virus detecté

As at work my major OS is Windows, I come across all sorts of mishaps, incompatibilities, and weird behaviors. At home, I’ve been running and updating the always-latest Debian, and nothing ever happens. Of course, I'm not joined to a domain, nor are my admin rights/GPOs/user rights handled by 10 different people, nor am I using a mix of connections from Wi-Fi / cable local / VPN. Those all mess things up.

This time, a problem from 2020 popped up on a near-latest Windows 11: a failed download issue.

Failed - Virus detected.
In French: Impossible de télécharger - Virus détecté.

But actually, there is no virus. It’s just abnormal behaviour from Windows toward its browsers, caused by the antivirus. It can go haywire and we don't know why. You can have Windows Defender and it can still happen. Online, most people complain about McAfee. I experienced it with Kaspersky. Most probably, this happens—like always—due to the mixture of hardware components, browser version, Windows version, and the latest Windows update. Just to say: we don't know.

You might succeed with tricks like turning OFF SmartScreen, doing a Windows update, then turning it back ON, then restarting your PC like 5 times. Some people do a total uninstall of the antivirus, a registry clean, a cleaning of browser data, and a fresh reinstall of the latest Windows update—then the antivirus. They succeed. Some do the same and don’t!

In a company environment, you don’t just totally uninstall anything security-related, especially since you have to act fast with the least restarts possible. Some of the PCs are fast and snappy, with instant lock-in of distant connections. Some might need obligatory user interaction to connect in any case—TV, RDS, AnyDesk, or VNC.

I found that this is the easiest way to solve the problem, with the least harm and the fastest. Till now, it always worked.
First, you either have to modify or create a registry key and restart your PC afterwards.

Start Registry Editor.
Locate the following registry subkeys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
Right-click the ScanWithAntiVirus DWORD value, and then click Modify.
In the Value data box, type 1, and then click OK.
Exit Registry Editor.
Log off and log in to Windows to make the change take effect.
Open or save the program or file that you failed before.


Please NOTE that the image shows the Microsoft ideas of doing the change in HKEY_CURRENT_USER. That is not going to work. You must act on HKEY_LOCAL_MACHNIE like I had written it !

This actually turns the Aggressive scanning procedure to a more contextual based scan. It won't turn it off. That would be bad. It makes it acting smarter.

Sunday, April 27, 2025

Company IT Technician VS. IT-Outsourcing Entrprise Grade Support

I recently changed jobs, and my eyes have been blown wide open. Actually, until now, I did all sorts of odd jobs, most of them not even in tech. Things like brick and marble laying, working as a sports shop technician, and bike mechanic. I also worked in oil recycling, where we refined used cooking oil to resell either for research purposes or to established companies to create lubricants or biodiesel.
I am also a coach for trail running and expedition counseling. Additionally, I do a lot of health advisory work, as I have, through 25 years of constant self-education, a much wider view on health than most one-shop doctors, naturopathy practitioners, or even regular doctors.

In terms of IT, I was mostly peeking into projects, doing hands-on stuff like helping set up basic infrastructures, doing open-source to Microsoft migrations (and vice versa), cleaning up messy setups, and loads of physical and software-based repairs.

The thing is, when you work for just one company, after a few days you get the hang of it. You know what types of employees they have, what sorts of demands you might get. You know the physical servers. You know the physical PCs and equipment. You know the types of software used and what could become problematic. You understand how their infrastructure is set up.
After a while, you get totally comfortable and can solve any issue. You know that you can't really mess up — you aren’t doing anything too dangerous, thanks to your ever-increasing internal knowledge.

But when you are handling 10 companies, each with 5 to 10 locations — all installed by different people, not just IT specialists — your initial view, especially during the first three months, is total chaos.

Let me give you an example.
I have companies working with multiple Internet Service Providers. Some use multiple ISPs for redundancy, some delegate different services to different providers. Some sites have a single entry point, others multiple entry points.
In the server bays, sometimes — if I'm lucky — I find only Cisco switches. But that's almost never the case! If I walk through one of our bays, I usually find a messy mix: old Netgear, Cisco, Fortinet switches... then in different buildings, a random mix of manageable and non-manageable Huawei and TP-Link switches.

I might find a FortiGate firewall — but sometimes it's a Meraki. Sometimes they use Windows-based VPN services, paid VPN services, or the built-in FortiGate VPN from the firewall.
Printers could be simply connected directly to the network — or there could be a full print server setup: CUPS, PaperCut, or Windows Print Services.

WiFi?
Well, in very old buildings where there’s no network cabling, WiFi is set up in a messy mesh from the first connected router.

Backups? Again, a different story every time.
Sometimes there's just a simple Windows backup running to a local mini-server. Other times, multiple Synology NASes with VEEAM are on-site. Sometimes, those NASes are there and there’s also Azure Backup running.
Some companies still run Windows Server 2008. Others have a mix of all possible Windows Server versions plus a couple of Ubuntu servers.

Some companies have everything covered under an M365 plan. Others have a chaotic mix of physical on-premises servers and M365 — with or without directory synchronization.

And this mess? It doesn’t even scratch the surface of the 1% real catastrophes IT technicians face when managing big infrastructures.

A simple task like user creation becomes a nightmare.
In a one-shop setup, it takes 3 minutes: create user, add to groups, done.
In a multi-site environment, it’s different every time and full of procedures:
You have to create the user, add to the necessary groups, wait for GPOs to apply, handle printing setups, configure cloud and physical file sharing (which could be a mix of Google, SharePoint, local servers, or others), manage VPN settings, check whether the Windows server syncs with M365, and set up email filtering (Barracuda, Cisco, Mailinblack, etc.).
And of course, set that filtering either in Windows Server, Lighthouse, or both!

When you're handling all this, your mind is just expanding every day.
Your level of experience jumps, Diablo-style — 10x faster than a regular one-shop IT guy.
You collaborate daily with area experts: network engineers, phone system engineers, Android and iPhone specialists, cybersecurity experts, and so on.

[The goal of this write-up is simple:]
I'm advising anyone starting out in IT to join a company like this for a few years.
Your knowledge will become so strong that passing a Network or Sysadmin exam will feel like a flash!
Going for a degree afterward will also be ridiculously easy — even doing a Master’s in Cybersecurity or Networking.
Understanding real infrastructures gives you real knowledge.
Things like CMD line, PowerShell, Cisco/Huawei/Fortinet/Netgear supervisory interfaces will become daily interactions.
Writing reports and technical documents will be second nature.
And when you stand in front of professors with four degrees, you'll already have 100 times the practical experience.

Of course, specialized jobs are much more tranquil: easy, slow-paced.
But those are very elitist and highly sought-after.
The "throw-you-in-the-water" positions — the high-pressure, fast-learning ones — are often reserved for young, enthusiastic, and fast learners. They are usually team positions, meaning there are more openings.

{What I strongly recommend though: don’t settle for Level 1 or Level 2 remote tech support.
That will ruin your daily life.
You’ll be stuck on the phone, unplugging mice and recovering Excel files remotely — all day long.
Often (especially in the US), your access rights will be heavily admin-blocked, limiting your ability to actually learn.}

Where I work, if I have 30 minutes free and don’t understand something, I can remote into any server, check connections, investigate event viewers, call a site to turn on a PC, or even drive there myself with my company car.

My Recommendations:

Keep your health in check: do sports, eat well, drink plenty of water, and sleep properly.
Add 2–4 extra work hours per day to explore and learn.
Avoid screen time before and after work.
Focus hard during work, but disconnect afterward.
Once you are comfortable, limit your working hours to the strict minimum.
Start learning new skills independently.
Prepare for exams!

You know, if you gave me a Windows Server with three redundancy servers, a nice BAY, 100 PCs, AD-Azure connection, a couple of NAS+UPS devices with, Azure Backup, and some extras, I could easily handle it in 15–20 hours per week.
Right now, I'm doing 50–60 hours of work weekly to master what I do.
Thanks to my health-conscious lifestyle, I still run every day and do strength and conditioning daily.
It’s tough during the week — my family misses me — but it's not permanent. On weekends, I am 100% with them anyway!!!

I hope this advice helps you and gives you some ideas for future-proofing your place in the IT world.

Sunday, March 23, 2025

Install MS Teams on linux

For certain situations using teams might be very essential. Right now I am dealing with different kind of government related officials and their way of communication, especially when going through documents together with screen sharing, is MS TEAMS.

I personally prefer Telegram, Signal, Jitsi, Apache.Openmeetings or any open source free service. Full web integration might be time to time itchy, but in most cases, if the client has a well working Firefox, Edge or Chrome, they work fine.

NOTE:In browsers WEB-RTC must be turned ON/Enable for online video calls!
I usually have this disabled due to IP leaks and vulnerabilities.

"A WebRTC leak occurs when the WebRTC protocol inadvertently exposes a user's actual IP address. These leaks typically happen due to the (Session Traversal Utilities for NAT) requests that WebRTC uses to discover the public IP of devices behind a NAT firewall !"

If you did not want to install TEAMs, you can use it in a web browser as client or host too, if had an MS account !

Otherwise, the answer is yes, you can install it on any linux device. Here is what I do for debian based distros. I personally don't use Ubuntu, but it will work on that too. On my main machine I run Debian, have a Mint laptop and another small notebook with Fedora, what would be slightly different.

Install or Launch Microsoft TEAMS on Linux

### Install TEAMS by APT
    ## V1
        $ curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -

        $ sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main" > /etc/apt/sources.list.d/teams.list'

        $ sudo apt update

        $ sudo apt install teams

    ##V2
        $ sudo mkdir -p /etc/apt/keyrings
        $ sudo wget -qO /etc/apt/keyrings/teams-for-linux.asc https://repo.teamsforlinux.de/teams-for-linux.asc
        $ echo "deb [signed-by=/etc/apt/keyrings/teams-for-linux.asc arch=$(dpkg --print-architecture)] https://repo.teamsforlinux.de/debian/ stable main" | sudo tee /etc/apt/sources.list.d/teams-for-linux-packages.list
        $ sudo apt update
        $ sudo apt install teams-for-linux

====================================
### Download .deb or APPIMAGE

        https://github.com/IsmaelMartinez/teams-for-linux/releases
        Install .deb with apt for solving dependencies
        If downloaded an appimage, just chmod +x on it and double
        click to launch .
====================================
### SNAP Install
        $ sudo apt update
        $ sudo apt install snapd

        $ sudo snap install teams-for-linux
====================================
### Flatpak Install
        $ sudo apt install flatpak

        # REPO:
        $ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

        $ flatpak install flathub teams-for-linux
                                  teams.for.linux

You can also use the graphical install for flatpak and snap.

Saturday, March 22, 2025

Mass OpenSSH Decryption - Linux Bash Script

Running all the decryption models on a file is a fast and efficient way to unlock an openssl coded file, document, binary or anything, if you were not sure, how it was encrypted. You can do it with this command :

$ openssl enc -d -aes-256-cbc -in secret -out decrypted.txt -pass pass:vgrohhfyek0wkfi5fv13anexapy3sso6

However, to insert all the cipher commands one by one, would take a good 15 minutes.

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       aria-128-cbc      aria-128-cfb      
aria-128-cfb1     aria-128-cfb8     aria-128-ctr      aria-128-ecb      
aria-128-ofb      aria-192-cbc      aria-192-cfb      aria-192-cfb1     
aria-192-cfb8     aria-192-ctr      aria-192-ecb      aria-192-ofb      
aria-256-cbc      aria-256-cfb      aria-256-cfb1     aria-256-cfb8     
aria-256-ctr      aria-256-ecb      aria-256-ofb      base64            
bf                bf-cbc            bf-cfb            bf-ecb            
bf-ofb            camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  
camellia-192-ecb  camellia-256-cbc  camellia-256-ecb  cast              
cast-cbc          cast5-cbc         cast5-cfb         cast5-ecb         
cast5-ofb         des               des-cbc           des-cfb           
des-ecb           des-ede           des-ede-cbc       des-ede-cfb       
des-ede-ofb       des-ede3          des-ede3-cbc      des-ede3-cfb      
des-ede3-ofb      des-ofb           des3              desx              
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc           
rc2-cfb           rc2-ecb           rc2-ofb           rc4               
rc4-40            seed              seed-cbc          seed-cfb          
seed-ecb          seed-ofb          sm4-cbc           sm4-cfb           
sm4-ctr           sm4-ecb           sm4-ofb           zlib

LET'S WRITE A SCRIPT

$ nano mass_decrypt.sh

In the script:

Basically you just have to replace the password with your password, if you had it.
Put your input file in place of input_file.
Change output directory name if wanted.

-----------------------------------------------------

#!/bin/bash

password="vgrohhfyek0wkfi5fv13anexapy3sso6"
input_file="secret"
output_dir="decrypted_attempts"

# Create output directory
mkdir -p $output_dir

# Get a list of all available OpenSSL ciphers
algorithms=$(openssl list -cipher-algorithms)

echo "Starting mass decryption with all available algorithms..."

for algo in $algorithms; do
    output_file="$output_dir/decrypted_$algo.txt"
    echo "Trying $algo..."
    openssl enc -d -$algo -in $input_file -out $output_file -pass pass:$password 2>/dev/null
    if [ $? -eq 0 ]; then
        echo "[+] Success with $algo! Output saved to $output_file"
    fi
done

echo "Decryption complete. Check the $output_dir directory for results."

-----------------------------------------------------

$ chmod +x mass_decrypt.sh
$ ./mass_decrypt.sh

Here you go, either you are looking for one particular file, maybe one particular string, you can filter with grep if needed.