DNHYPER

Tuesday, August 5, 2025

Create a CUPS / Linux Print Server

# Download debian net inst ISO
https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.11.0-amd64-netinst.iso

# Create a bootable USB stick
```bash
sudo dd if=debian-12.11.0-amd64-netinst.iso of=/dev/sda bs=4M status=progress oflag=sync
```

# Update
```bash
sudo apt update -y && sudo apt upgrade -y && sudo apt autoremove -y
```
# Install Printing Service
```bash
sudo apt install cups
sudo apt install avahi-daemon
sudo systemctl enable --now avahi-daemon
sudo ufw allow 631 # if using ufw
```

## Cups
Cups is accessible from your browser:
http://localhost:631

**Add admin access**
```bash
sudo nano /etc/cups/cupsd.conf
------------------------------
# Listen on all interfaces
Port 631
Listen 0.0.0.0:631
ServerAlias *

# Enable printer discovery on the local network
Browsing On
BrowseLocalProtocols dnssd

# Access control for general browsing/printing
<Location />
Order allow,deny
Allow @LOCAL
</Location>

# Access control for the admin pages
<Location /admin>
Order allow,deny
Allow @LOCAL
</Location>

# Access control for the admin operations (adding/removing printers)
# <Location /admin/conf>
# AuthType Default
# Require user @SYSTEM
# Order allow,deny
# Allow @LOCAL
# </Location>

------------------------------
sudo systemctl restart cups
```
**For usb printers, we might need two print tools**
```bash
sudo apt install printer-driver-gutenprint foomatic-db
# we can install ssh access too
sudo apt install openssh-server
# On both client and server
sudo systemctl restart cups
sudo systemctl restart avahi-daemon
```

## Install Printer Driver if needed
*I am using an old usb printer Brother L2310D*
*This is the main reason for my print server*
*My new box, cannot handle task forwarding on it, like the old Freebox*
https://support.brother.com/g/b/downloadlist.aspx?c=eu_ot&lang=en&prod=hll2310d_us_eu_as&os=128#SelectLanguageType-10283_0_1
*By clicking on the driver, all the instructions are there.*
*Normally we don't need to do this*
```bash
# This can work too
sudo apt install printer-driver-brlaser
```

# PCs that want to print need to have these installed
*normally it is the case for ubuntu / debian / fedora*
```bash
sudo apt install cups avahi-daemon printer-driver-brlaser
sudo systemctl enable --now cups
sudo systemctl enable --now avahi-daemon
```

Finally you also have to make sure that your PC is not simply looking for a printer on another PC, because this will cause printer confusion. It should look for a print server, so the printing data will be comprehensible when it arrives to the printer. Normally on windows I especially for a network printer I would use a specific driver on the server and generic drivers on the clients. Often in Linux this is not possible, because the generic driver installs come back with an error.

```bash
sudo nano /etc/cups/client.conf
----------

ServerName 192.168.1.83 # your printserver IP

```

So now, normally, when you simply do a printer search your PC should auto detect the printer.
Normally, even windows devices would be dtecting it.
If not, just add printer and try using IPP.
If not, use the TCP/IP section and add your servers IP.

Friday, June 27, 2025

Install Linux on latest DELL laptops - I9 185h / 285h - Part 2

Even if it is not about some real professional stuff, I already have posted this article on linkedin.

I have tried and tested every single option proposed by chatgpt, perplexity, deepseek, dell website, youtube, reddit, dell forums, laptop forums and the linux did not want to go up. I did the latest 1.15 bios update too a couple of days ago. I was on the verge of uploading a custom BIOS and probably doing irreversible damage to my PC, but Windows was driving me crazy. When you turn off your PC and it does 1hour of updates before you can close the lid, then doing the same when opening up, is just nuts. When your base memory is 5gigs, you don't do anything come back in an hour and it is 12 ? When running a VM and you have only 2 gigs of memory left ? When looking for a setting and windows property search is not indexing it ? I mean it is just endless pain in the back. You open your PC and want to work right away. When want to install, update, customize, download, launch, I don't want to think about that stuff. Just do it and if it does not work, I find another solution in seconds. Like I downloaded yesterday onto my linux an apt based keepass2 and it was buggy. I did the same with keepassXC and was perfect. Uninstalled keepass2. IT took me like 1min thirty. In win11 just to go to the website and download and install would take way more.
My new linux distro was also up in under 7minutes ! Windows still takes nearly an hour if installed from zero ! Anyways, just to show you how awesomely relieved I am that my win is off and my kubuntu is up !

------------------------------------------------

I tried at least 6 linux distros, custom kernels, custom drivers for intel and dell. It still did not went up. Normally, without messing around, a simple solution of secure boot off, disk management from RAID to AHCI swtich and a linux should go up on any PC. Intel, AMD, ARM what ever. No it did not !

We talk about a brand new PC Dell 14 Plus 7440 32gb lpddrx Intel I9 185h. The PC was produced this april 2025 ! When I went to the reddit forums, I found a lot of issues and complaints about these new intel Dell laptops. Especially the GEN1 GEN2 I7 I9 ones ! 13th and 14th gen I5 I7 I9s have no real issues nowhere and they are well supported by LTS distros too.

So what was my problem ?

This is an SKHYNIX branded bloody expensive dell NVME. It costs 188€ on DELLs website. IT comes with a long heatsink, but the actual thermal sponge is glued to the dell sticker. Not sure what a BPA coated paper can do in case of heat transfer. Very funny ! Anyways, my laptop was having this as the original NVME. The original price of my laptop was 1299€ and with some discount it was sold for 999€. I also had some extra codes and DELL points so I paid 889€. If we followed the price tag of this SKHynix NVME and the price tag of Windows, I could have gotten this PC for under 600€ and by my own NVME.

This is what I did. I actually just bought a 990 Pro from Samsung, as this is the most reputable NVME on the current and past market. I have an old 970 EVO in AMD PC and it runs like a Nordictrack treadmill.

I installed it and there was no bios lag on recognizing it ! My windows install did not need extra RST driver load to recognize the NVME ! One point to that ! I did this just to test my theory !
I made a Kubuntu 25 USB with balena etcher, what has also actually failed on both of my Windows machines, so I went downstairs, onto my linux tower and burnt it on that one !

Guess what. I took 6minutes and 45 seconds to install Kubuntu on my new laptop, with absolutely zero hiccups ! No questions, no issues, no nothing !
Since last night, I am relieved, that my laptop is blazing fast, with less heat, half the memory use, half the space use for the os and components, 1/50th of update and upgrade times and much more !

Thank you linux and thank you DELL !

PS.: I also recently purchased a replacement laptop for my wife. A Dell 16" Inspirion with Ryzen 7 8840. I turned simply off secureboot and the Kubuntu went up in even faster time than on the Intel ! Strangely from a less powerful PC with less and slower memory !

Sunday, June 22, 2025

Install Linux on latest DELL laptops - I9 185h / 285h

Installing Linux is a pain in the back on these new machines. Here is what can prevent you from doing so and how to correct it. I am using a DELL Inspirion 14 Plus with I9 185H.

Sata Mode
Secure Boot
Microsoft UEFI Certificate Authority
TPM
SMM
WSMT

SMM and WSMT are both, features that you might find in BIOS. Often one or the other. Unless you custom load BIOS settings from skratch, or flash on total custom BIOS, these settings are not changeable. They also might prevent you from installing Linux, but newer Kernels support these. "Normally".

It is time consuming, but if it was me, to keep most of the possible security features on, I would start changing these settings one by one.

Step 1
Download Dell Command Configure

Step 2 - try it without at the beginning
Set BIOS admin password. You might need it, to accept changes. I simply would use either 4 digit pin or a a max 6character password for home users. For a pro environment I would definitely go with a classic 12 character, number, upper and lower case, Special Character option. Be careful with keyboard setup !

Step 3
Run Dell Command Configure Prompt. Start with setting your sata controller from Raid using Intel RST, to AHCI. Then try installing your linux distro. This is the most usual cause of Linux not going up on your new DELL Laptop.

Step 4
Ubtuntu, Fedora, Mint, but even Debian supports secure boot. Normally ! If it still is messing up your install: Turn off secure boot. This one can be done from BIOS itself.

Step 5
Disable Windows UEFI Cert - Well, it might be necessary and most possibly just in case something went wrong, you won't be able to secure boot your deice, if you installed linux with these two features off.

Summary of Commands

Add this before your commands, if you've set password:
cctk --valsetuppwd=MyBiosPass123

Your commands should look like that:

cctk --valsetuppwd=MyBiosPass123 --embsatara=ahci
cctk --valsetuppwd=MyBiosPass123 --secureboot=disable

SATA Mode → AHCI    cctk --embsatara=ahci
Disable Secure Boot    cctk --secureboot=disable
Disable MS UEFI Cert    cctk --securebootmode=custom
cctk --deletepk
Disable TPM    cctk --tpm=off
Clear TPM    cctk --tpmclear
Disable SMM / WSMT    cctk --smmsecuritymitigation=disable

At the moment of this article, I could disable everything I wanted. I did not find a way to disable security mitigation, without doing a drastic action on my BIOS. I will come back to see, if a new linux distro will go up flawlessly or not. I just have ordered a new 2TO 990pro from Samsung. I hope for the best, cause I can't get the use of Windows anymore....

Please note that Dell Command Configure is available on Linux. Except, that it also has a GUI interface on Windows and there are many many options that will be denied if you did not use that. Setting RAID sata mode to AHCI is straight forward, but all other functions might fail !
Why not just go with a R9 AI PC instead of Intel ? If you wanted to focus on virtualization projects, running multiple low level systems, you need a lot of cores. But we talked about a laptop, so when you need to run low level stuff, your battery life could be still excellent ! No thunderbolt port on AMD pcs ! The new thunderbolt 5 can run 3 4K monitors at 144hz, while charging and having internet, headset, keyboard and mouse all plugged into one single dock ! Finallyggt now, DELL has limited options on R9 pcs not coming with LPDDR5 and without PRO feature ! Why Dell ? Cause I need physical quality and I have been seeing Lenovo, HP, Terra breaking like pretzels.

Thursday, May 22, 2025

Windows File Server User Acces Control - Basic ICACLS use

Before we apply any sort of folder permissions, we should save the actually applied permissions. Here are the commands to use and just in case anything goes wrong, you re-establish the previous permission.
In your home, this can be important if more than one person is using the PC.
In a work environment, this is crucial to do, as if anything goes wrong, you might be in big trouble.

In case of the file name, I would use the date inside the filename, so you know when it was modified. I also would use some sort of identification to know where it was applied. You might leave it in the top folder, hidden from users. You should not pollute though. Probably it should be deleted, if you assured that everything is cool !

Save Folder Permissions: icacls "D:\Path\To\Folder" /save perms.txt

Save Folder Permissions Recursively: icacls "D:\Path\To\Folder" /save perms.txt /T # for recursive

Restore Folder Permissions: icacls "D:\" /restore perms-john.txt

Verifiy folder permissions:
icacls "D:\Path\To\Folder"

Tuesday, May 20, 2025

Windows Update Button / Option disappear - update from powershell

An old problem has started popping up recently on Windows PCs after certain updates. I have seen this on Win11, but mostly on Win10 PCs. Updates stop, Windows update search button disappears and the actual circling double flash windows update sign shows an exclamation mark, that something is not right.

No panic ! Instead of trying all sorts of stuff of get that back, you just need to be patient. The next couple of updates will be probably correcting this issue and your windows update button and the appearance of Win update page will be the same.
However, there might be some steps to do, before you can launch your update. I really recommend, that instead of messing up your registry, searching for third party Non-MS solutions, uninstalling and re-installing updates, drivers, direct-x and more, you just do a full on windows repair, then update your current system.

Start by launching this script. You can copy it to ISE, or right click launch it as admin. Make sure that script execution is allowed. Just search in the search-bar: "script execution":
https://github.com/iv3l/PowerSHell-Scripts/blob/main/disable-non-essential-services.ps1

I have written it to stop non essential services for the being of all operations. After each restart, you need to launch it, as it won't disable the services, but stop them for the current session.

The you launch a dism and an sfc, then a reboot. These 3 commands one after another:

DISM /Online /Cleanup-Image /RrestoreHealth
sfc / scannow
shutdown /r /t 0

Depending on a lot of things like, how long have been the windows installed and untreated, on your network connection, speed of your disk and nvme drive, cpu, memory, space available, DISM might be slow, and it might take 2hours. For me on the I9 185h with GEN4 NVME and 32gb LPDDRX 6400 it takes around 1 to 2 minutes as an example.

Your PC has been restarted, now you reuse the firs script to stop services. Also please stop all non essential software too. You need to stop Dropbox, GDrive, Sticky Notes, Outlook, alll and everything.

The next thing is to update all your firmware. Most employees doesn't care about firmware updates and then they got their PC stop after an update. An OS install will fail. The PC will have program compatibility issues, like an endpoint manager will freeze the PC if running with the latest updated Ms Office package. These weird mishaps never happen on Linux, but Windows is an extremely sensitive system. All sorts of issues pop up if your system is not upgraded, but also it slows your system down. It can make updating your system the next time hell too, if you did not do anything for 2 years. I have systems with 100Gigs of obligatory windows update, just to be enough up to date on Win10, to be able to migrate to Win11. I mean with a connection speed of 2 to 20Mbps, this might take basically a week. I must keep these PCs intact, cannot just wipe them.

Now, that your firmware is updated and your PC is restarted, you run the first script again, to stop all non essential services. Then you again stop all of your programs. Here is a second script that will prompt you to install the updates. Again run ISE as admin or run the .ps1 script as admin. Your choice:
https://github.com/iv3l/PowerSHell-Scripts/blob/main/prompted_win_update.ps1

The script normally covers the installation of dependencies and initial calls of modules, but it might fail. Though it never happened to me. If you don't download it but copy it, make sure that that comments are in good condition as in some cases they do not show up as commented lines and launch as commands, what can be scary at first, giving you red error messages.

I case you don't want to mess around with my script, you can download and install the updates yourself, running these in powershell, one after another:

Step-by-step:

a. Open PowerShell as Administrator, then install the module:

Install-Module -Name PSWindowsUpdate -Force

b. Import the module (if needed):

Import-Module PSWindowsUpdate

c. Check for updates:

Get-WindowsUpdate

d. Install updates:

Install-WindowsUpdate -AcceptAll -AutoReboot

This way you won't need to worry about your graphical interface based windows update, until the option comes back and your windows will do update itself. After the initial SFC and DISM commands, verify that you might already got back your win button. If not, wait for the KB corrections and major updates. IT might take one or 5. Run these each Wednesday and each Sunday morning.

Saturday, May 17, 2025

INSTALL GITHUB IN POWERSHELL

Storing and accessing your work anywhere is great. You can use a blogging platform, cloud storage like dropbox, proton drive, or you can simply have a usb key. I am now to github and gits, I don't yet 100% get the concept, probably because I don't do programming, versioning, roll backs and don't work in groups either. I have been using gists for a while for publishing my work done on hackropole projects.

https://gist.github.com/iv3l

However, for work I need to use batch scripts and powershell scripts outside of simple commands, than I also am working on an opensource infrastructure project that I will try documenting there too.

So, if I understand well, we can have a sort of shared directory on the PC, that is synchronising with github, so we can have always the latest up to date data available. We also can pull data if needed. I beleive that at this moment, this is a very shallow understanding of the power of gits, but we have to start somewhere.
Of course, you need to create a github account before and also it is recommended to get familiar with the actual interface.

So let's install this into powershell:

winget install --id Git.Git -e --source winget

After relaunching powershell, verify with this cmd, that all good:

git --version

Check if it is really on your path:

$env:PATH -split ';' | Select-String git

Import a git library and make it syncro:
( first create a new repo on github, so you have something to install on your pc: mine is : Powershell Scripts)
(go to your desired directory)

git clone https://github.com/your-username/powershell-scripts.git

To syncro your directory with github:

git add .
git commit -m "Add initial PowerShell scripts"
git push origin main

Manual Windows Update From PowerShell

I am so used to linux that I was looking for a simple solution in windows to do $ sudo apt update -y && sudo apt upgrade -y . From Powershell or from commandline.

Normally first we must install the windows update module. Then load it into powershell. Then Launch it to search, then launch it to update . A little more complicated, a little longer and way slower than apt update and apt upgrade. But it works.

Step-by-step:

In some cases, when windows update in GUI doesn't want to install or it causes problems, stops, misbehaves, in powershell we can still run them.

HERE IS A POWERSHELL SCRIPT FOR A FULL ON UPDATE PROCEDURE

Please allow script execution before !

 # Ensure script can run by temporarily setting execution policy
Try {
    $currentPolicy = Get-ExecutionPolicy -Scope Process
    If ($currentPolicy -ne 'Bypass') {
        Write-Host "[INFO] Setting execution policy to Bypass for this session..."
        Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force
    }
} Catch {
    Write-Host "[ERROR] Failed to set execution policy: $_"
    Exit 1
}

Function Write-Log {
    param([string]$Message)
    $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
    Write-Host "[$timestamp] $Message"
}

# Check for admin privileges
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
    [Security.Principal.WindowsBuiltInRole] "Administrator")) {
    Write-Log "ERROR: Please run this script as Administrator."
    Exit 1
}

Write-Log "Starting Windows update check..."

# Ensure NuGet and PSWindowsUpdate
Try {
    If (-not (Get-PackageProvider -Name NuGet -ErrorAction SilentlyContinue)) {
        Write-Log "Installing NuGet..."
        Install-PackageProvider -Name NuGet -Force -Scope CurrentUser
    } else {
        Write-Log "NuGet already present."
    }

    If (-not (Get-Module -ListAvailable -Name PSWindowsUpdate)) {
        Write-Log "Installing PSWindowsUpdate module..."
        Install-Module -Name PSWindowsUpdate -Force -Scope CurrentUser
    } else {
        Write-Log "PSWindowsUpdate module already present."
    }

    Import-Module PSWindowsUpdate -Force
    Write-Log "Module imported. Checking for updates..."

    $updates = Get-WindowsUpdate

    If ($updates.Count -eq 0) {
        Write-Log "No updates available. Your system is up to date."
        Exit 0
    }

    Write-Log "The following updates are available:"
    $updates | ForEach-Object { Write-Log " → $($_.Title)" }

    # Prompt the user
    $confirmation = Read-Host "`nDo you want to install these updates now? [Y/n]"

    If ($confirmation -eq "Y" -or $confirmation -eq "y" -or $confirmation -eq "") {
        Write-Log "Installing updates..."
        Install-WindowsUpdate -AcceptAll -AutoReboot -Verbose
        Write-Log "Updates installed. Reboot may occur automatically."
    } else {
        Write-Log "User cancelled update installation."
        Exit 0
    }
}
Catch {
    Write-Log "ERROR: $_"
    Exit 1
}