Tuesday, July 16, 2019

How to Master Key a Schlage Knob

Insert the key into the business end of the knob and turn it one way or the other, doesn’t matter which way.

https://drive.google.com/uc?export=view&id=1qA7C2le-W_PNPnAdk9jNw_UDPV16bnPA

Use something hard like a flat head screw driver (or assuming you have a kit, use the included tool) to push this pin in.

https://drive.google.com/uc?export=view&id=18qmyoS7cpECxOP3T9dQ1HvMzjEjzbahU

Once pressed, remove the knob.

https://drive.google.com/uc?export=view&id=1DVXUX-M_wjsaIuE5Ub5tHM5EyDiWi0xJ

This next part can be kind of tricky. The cylinder in there has a clip that retains all of the springs for the pins. (Skip ahead to see what it looks like.) In order to slide it out of the knob, these springs must be compressed so you have to simultaneously compress them while you slide the entire assembly out.

https://drive.google.com/uc?export=view&id=1TXzury5-8u5qcshBRHiWagkEl9lV_roKhttps://drive.google.com/uc?export=view&id=1CfEcxgK3xjXPdeDQaaov5L5PCS87o7a2https://drive.google.com/uc?export=view&id=16iIjtoOk_nKYqfvInnF2NstowQ2B4eNphttps://drive.google.com/uc?export=view&id=1fOiFhwW-bzDmaQFklnbaguXP9q1hmlbi

Now it’s time to remove the Jesus clip.

https://drive.google.com/uc?export=view&id=1HgdYi9AMa767uj8M30YyJJN9HXtrr74R

Slide in your key that unlocks it.

https://drive.google.com/uc?export=view&id=1_rtqS03v2QX7kxfOnW66lCczwLPJ0X8u

Line your cylinder up with your follower bar and slide your cylinder over and onto it. Be careful not to lose any of those springs or top pins in there because if you do this wrong, they will go flying everywhere.

https://drive.google.com/uc?export=view&id=1diBr2VFlqbFX1UeuiFbKh64lRlIadc6phttps://drive.google.com/uc?export=view&id=1wFPOgfEjqNbwbN8zQ3W72vCaPiCL5zxP

Dump those old pins like you’re leaving for college.

https://drive.google.com/uc?export=view&id=1Qtik0k-314UdMM4r1MeoOfEjq4ltnH_R

Now we need to setup your keying. Below I’ve written down the two keys I’m keying this lock to. There’s a master key and an tenant key. In this case, our lock doesn’t know the difference between the two. They are just two different keys that need to work with one lock. Noticed I’ve lined up the numbers for each.

https://drive.google.com/uc?export=view&id=1iC9gBSvU4idQo47tPIIgsikC-IZE6kPq

The first pin to be dropped into each hole will bethe smaller of the two numbers in each stack. I underlined those in red.

https://drive.google.com/uc?export=view&id=1rEUqhjsgLfPE-A3PPNaZPl1ZAAfhczEs

The second pin to be dropped in will be the master pin. This will be the pin that makes up the difference of the two numbers in each stack. I wroteeach of these numbers on the very bottom.

https://drive.google.com/uc?export=view&id=1IBwEBrLLJ-Kzw-tZyb6EePRvzHdKGaAQ

My cylinder with the bottom pins installed.

https://drive.google.com/uc?export=view&id=1CI7rhdFGUWM9v9TTQ_BukuOHvlxps3KL

Here I test one of the keys to make sure the correct pins are lining up flush with the top. In this case, 1, 2, 4 & 5 are flush.

https://drive.google.com/uc?export=view&id=1Balt-jvokWBGsp4JN_AgwPJxGu1eyHLW

Here I add a master pin #2 to hole 3 to make that flush as well.

https://drive.google.com/uc?export=view&id=1Ec7d89GaDJnMp_CPjkYj0x1mWH7oDDpa

Now I’m testing with the tenant key. Hole 3 is flush (and has a master pin #2 on top) but holes 1, 2, 4 & 5 will need their master pins to make them flush as well.

https://drive.google.com/uc?export=view&id=1GUtvL7pdKh4VFtSZGvH8mPfSwbUgEb7U

Here I’m adding pins #4, #3, #0 (nada) and #2 toholes 1, 2, 4 & 5.

https://drive.google.com/uc?export=view&id=115tCHJVyHM9-SYak5ccKvtK534EIsEBz

After testing both of those keys, I’m ready to putmy springs back on. Be careful with this part because if you didn’t properly test that your keys work, you will lock yourself out of opening this again so unless you know how to pick, you’ll be screwed. You might also notice I’m sliding it on from the side. If you don’t do this, your springs will start falling into the holes prematurely and you will have another mess on your hands.

https://drive.google.com/uc?export=view&id=1JAaP-tsaCta7EPowU34GsFwzRIWDJzq8https://drive.google.com/uc?export=view&id=16GGaRPyMSLTdJY6OBo_-MBdSAQ3pVw3-https://drive.google.com/uc?export=view&id=1uiLnM4V5a1re_mErZx-F0WLjjvAai0gw

Turn the cylinder back into place and make sure all of the springs and top pins properly fall into their holes.

https://drive.google.com/uc?export=view&id=1ZkPBsrI2FxnsI4bauG62vQTj7n0YAQ3K

Put your Jesus clip back on. Test with both sets of keys.

https://drive.google.com/uc?export=view&id=19cZ9QLhTeyhsKmn6w5YjN1B6hvOBGTEq

Find the spot in the knob where you can slide the assembly back in.

https://drive.google.com/uc?export=view&id=1UOszzBq_VthTDf0OiW0dD6tBOY125WVW

Compress the springs and slide it in.

https://drive.google.com/uc?export=view&id=1XMl41W3pszDI3aKYprnZb2QeX5c-o60l

Line it up with the retaining pin and slide it back on.

https://drive.google.com/uc?export=view&id=18H0hvjUTmAc1xvYwuuBVDljTQsN07EnT

Get it on there as far as you can. Finally, insert the key and turn it to lock it into place.

https://drive.google.com/uc?export=view&id=1yozn6NLIeUeIOVaYm_5Nmj2CAbYCC83W

Friday, April 12, 2019

How to enable WinRM via Group Policy

In order to remotely manage computers via Powershell, you must enable Windows Remote Management.

Open Group Policy management.

Create a new GPO.

image.png

image.png


Right-click your newly created GPO and click Edit...

image.png

First we need to allow it on each computer's firewall. Open Computer Configuration --> Policies --> Windows Settings --> Security Settings --> Windows Firewall with Advanced Security --> Windows Firewall with Advanced Security --> Inbound Rules

image.png

Create a New Rule

image.png

Microsoft was nice enough to include it as a predefined Rule

image.png

I unchecked Public as I will be doing connecting locally.

image.png

Click Allow the connection

image.png

The new rule should now be listed. 

image.png

That's it for the firewall. Now you need to go to Computer Configuration --> Policies --> Administrative Templates --> Windows Components --> Windows Remote Management (WinRM) --> WinRM Service --> Allow remote server management through WinRM

image.png

image.png
Syntax:

Type "*" to allow messages from any IP address, or leave the field empty to listen on no IP address. You can specify one or more ranges of IP addresses.

image.png

Link your newly created GPO. This is going to be a computer policy so connect it to an OU of the computers you would like to enable this for.  

image.png

It's also necessary to make sure the WinRM service starts on startup. To do this via GPO, go to Computer Configuration --> Preferences --> Control Panel Settings --> Services

image.png

Right-click and click New --> Service


Choose Automatic (Delayed Start) as the startup type, pick WinRM as the Service name, set Start service as the Service action.

image.png



Once all of your domain computers have updated their policies and had a chance to start that system service, you should be able to remotely manage them using Powershell.

Tuesday, June 26, 2018

The remote desktop session was disconnected because there are no Remote Desktop License Servers available to provide a license. Server 2012 R2




You must be able to access the server in another way in order to do this. Mine was a VM so I was able to get into a console session through VMware vSphere. 

Open your Registry Editor and navigate to 
HKLM\System\CurrentControlSet\Control\Terminal Server\RCM 
and select  GracePeriod.

Right-click this key and back it up by choosing export and putting it in a safe place.

Now you won't be able to delete it without taking ownership first. Right-click the key and choose Permissions... 



Then go to Advanced



Change the owner to your user name.



For good measure, choose Replace owner on subcontainers and objects under your name and Replace all child object permission entries with inheritable permission entries from this object

Now you can delete the key. After a restart you should be able to access your server via remote desktop again.
 

Friday, March 23, 2018

Shadowing RDS 2012 R2 Sessions

With Windows Server 2012 R2, Remote Desktop Services allows you to shadow users remoted into the server.

When shadowing, you can either view or view and control a user's session. You can choose the option for "No Consent" allowing you to bypass user permission when connecting to their session.

This can be done through the command line or through the Server Manager.

Command Line

Mstsc.exe [/shadow:sessionID [/v:Servername] [/u:[Username]] [/control] [/noConsentPrompt]]

/shadow:ID Starts shadow with the specified sessionID.

/v:servername If not specified, will use the current server as the default.

/u:username If not specified, the currently logged on user is used.

/control If not specified, will only view the session.

/noConsentPrompt Attempts to shadow without prompting the shadowee to grant permission.

Below are the steps to do it through server manager.

Open the Server Manager and click on the icon for Remote Desktop Services. Here you should see your deployed remote environments. In my example, we have a remote app deployed to domain users.

One you have selected your remote environment, on the right hand side you will see CONNECTIONS listing all of the users connected to it. Right-click on one of the active users and slick Shadow.


Next it will prompt you to ask how you would like to shadow the users. Choose View or Control and whether or not to Prompt for user consent.


This is the message the user will see. It will say Remote Monitoring Request: domain\user is requesting to view/control your session remotely. Do you accept the request? prompting them to select Yes or No. If the user selects Yes, you will be able to view or view and control their session.


In the previous step, had I chosen not to Prompt for user consent, I likely would have received this error message stating The Group Policy setting is configured to require the user's consent. Verify the configuration of the policy setting. This is by default. 


If you would like to be able to view or view and control a remote session without their consent, you must change the following Group Policy Setting and apply it to the preferred User Group.

Create a new group policy or change an existing policy and go to User Configuration --> Policies --> Administrative Templates -->  Windows Components --> Remote Desktop Services --> Remote Desktop Session Host --> Connections

The only available setting to change here is Set rules for remote control of Remote Desktop Services user sessions



Right-click the setting and choose Edit. A new window will open allow you to select Enabled and the option for how you would like to allow administrators to interact without user consent.


Assuming you changed the setting correctly and applied it to the correct user group, wait for a group policy refresh or force a gpupdate on the Remote Desktop server and you should now be able to do this.

Featured Post

How to Master Key a Schlage Knob

Insert the key into the business end of the knob and turn it one way or the other, doesn’t matter which way. Use something hard like a flat ...

Popular Tutorials