Don’t delete the content of „c:\windows\ccmcache\“ manually with the File-Explorer:
it is managed by „Windows System Center Configuration Manager (SCCM)“.
You need „local Administrator“ access to your computer.
Let SCCM to cleanup it’s cache for you:
1) open the „Control Panel“
Control Panel – Configuration Manager
2) select „Configuration Manager“
3) go to „Cache“-Tab
4) click „Delete Files“
Configuration Manager – Delete Cache
Wait a second and the CCM-Cache is empty.
c:\Windows\ccmcache>dir
Volume in drive C is Windows
Volume Serial Number is 5Q4C-0K08
Directory of c:\Windows\ccmcache
23.09.2021 19:10 <DIR> .
23.09.2021 19:10 <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 11.164.721.152 bytes free
While the „old“ SCAv1 built a virtual fence around all virtual processors („Intra VM Security Boundary“), SCAv2 lets processors of one virtual machine (VM) to run within a „common fence“ („Inter VM Security Boundary“) which balances security and performance for most workloads.
esxcli system settings kernel set -s hyperthreadingMitigation -v TRUE
esxcli system settings kernel set -s hyperthreadingMitigationIntraVM -v FALSE
Verify
esxcli system settings kernel list -o hyperthreadingMitigation
esxcli system settings kernel list -o hyperthreadingMitigationIntraVM
[root@esx:~] esxcli system settings kernel list -o hyperthreadingMitigation
Name Type Configured Runtime Default Description
------------------------ ---- ---------- ------- ------- ----------------------------------------------------------------
hyperthreadingMitigation Bool TRUE TRUE FALSE Restrict the simultaneous use of logical processors from the
same hyperthreaded core as necessary to mitigate a security
vulnerability.
[root@esx:~] esxcli system settings kernel list -o hyperthreadingMitigationIntraVM
Name Type Configured Runtime Default Description
------------------------------- ---- ---------- ------- ------- ---------------------------------------------------------
hyperthreadingMitigationIntraVM Bool FALSE FALSE TRUE Restrict the simultaneous use of logical processors from
the same hyperthreaded core as necessary to mitigate a
security vulnerability within a single VM.
Configure SCAv1
esxcli system settings kernel set -s hyperthreadingMitigation -v TRUE
esxcli system settings kernel set -s hyperthreadingMitigationIntraVM -v TRUE
When using PuTTY in „Multi-Tabbed“-Wrapper-Applications like MRemote-NG, Super-Putty, Putty-Connection-Manager, you name it, it’s absolute annoying that every connection-timeout pushes a modal pop-up window to the front (for every opened connection!) like this:
Since in those Applications the PuTTY-Window/Tab won’t get closed, or with „only on clean exit“
putty: close window only on clean exit
these modal alerts are absolutely pointless – when:
PuTTY is running as standalone application
the config-parameters set to „close window“ the original implemtation makes sense indeed.
So there is some code required, to distinguish between:
a quiet (Text-)Message, inline within the PuTTY-Screen when the window wont get closed
an modal alert before closing the putty window.
Original Code
Find it in „/windows/window.c“ – notice, that the modal popup will appear even when the PuTTY-Window won’t get closed.
/*
* Print a message box and close the connection.
*/
static void win_seat_connection_fatal(Seat *seat, const char *msg)
{
char *title = dupprintf("%s Fatal Error", appname);
show_mouseptr(true);
MessageBox(wgs.term_hwnd, msg, title, MB_ICONERROR | MB_OK);
sfree(title);
if (conf_get_int(conf, CONF_close_on_exit) == FORCE_ON)
PostQuitMessage(1);
else {
queue_toplevel_callback(close_session, NULL);
}
}
Improvement: Show the Dialog only, when PuTTY-Window will get closed
Much better for daily use – no annoyance anymore:
/*
* Print a message box and close the connection.
*/
static void win_seat_connection_fatal(Seat *seat, const char *msg)
{
char *title = dupprintf("%s Fatal Error", appname);
if (conf_get_int(conf, CONF_close_on_exit) == FORCE_ON) {
//show MessageBox before closing the PuTTY-Window
show_mouseptr(true);
MessageBox(wgs.term_hwnd, msg, title, MB_ICONERROR | MB_OK);
PostQuitMessage(1);
} else {
//print message into the PuTTY-Console
win_seat_output(seat,true,"\r\n\r\n",4);
win_seat_output(seat,0,"------------------- ",20);
win_seat_output(seat,0,title,strlen(title));
win_seat_output(seat,0," ------------------\r\n",22);
win_seat_output(seat,0,"- ",2);
win_seat_output(seat,0,msg,strlen(msg));
win_seat_output(seat,0,"\r\n\r\n",4);
queue_toplevel_callback(close_session, NULL);
}
sfree(title);
}
I’ve been wondering about the differences between the (free) Microsoft-Azure Online-Training and the (paid) AZ-303 Instructor-Led Training. After having a quick look at the „AZ-303 Exam Skills Outline“ there seems to be an 1:1-Mapping between „Exam Skills Outline“ and the instructor led training.
The changes to the schedule starting at 25th of May 2021 are of cosmetic nature, Microsoft fixed some typos and removed some minor AAD-sub-topics…
1) Implement and Monitor an Azure Infrastructure (50-55%) 1.1) Cloud infrastructure monitoring 1.2) Storage accounts 1.3) VMs for Windows and Linux 1.4) Automate deployment and configuration of resources 1.5) Virtual networking 1.6) Azure Active Directory 1.7) Implement and manage hybrid identities (~Azure AD Connect)
2) Implement Management and Security Solutions (25-30%) 2.1) Manage workloads in Azure 2.2) Load balancing and network security 2.3) Implement and manage Azure governance solutions 2.4) Manage security for applications
3) Implement Solutions for Apps (10-15%) 3.1) Implement an application infrastructure 3.2) Container-based applications
4) Implement and Manage Data Platforms (10-15%) 4.1) Implement NoSQL databases 4.2) Implement Azure SQL databases
AZ303 Instructor-Led Training
The official Microsoft Instructor-Led Training for AZ303 is made up of 15 Modules:
there is an 1:1 mapping – but the order of modules has been „shuffled“
Azure Active Directory => 1.6
Hybrid Identities => 1.7
Networking => 1.5
VMs => 1.3
Load Balancing and Network Security => 2.2
Storage Accounts => 1.2
NoSQL Databases => 4.1
Azure SQL Databases => 4.2
Automate Deployment and Configuration of Resources => 1.4
Azure Governance Solutions => 2.3
Security for Applications => 2.4
Manage Workloads in Azure => 2.1
Container-Based Applications => 3.2
Implement an Application Infrastructure => 3.1
Cloud Infrastructure Monitoring => 1.1
Let’s go
It should be possible to repeat a 5day class within 28 days
My WIFI is bound to my Internet-Router and it is seperated from my home-office by an routed stateful-firewall. Some WIFI devices (for example my printer) need access to this home-office ip-range.
Pi-Hole DHCP Service
The DHCP-Service of my pi-hole server usually offers just dhcp-option #3 – the default-gateway.
Disable DHCP-Option 3 (Default Gatway)
The pi-hole Web-GUI doesn’t allow to specify additional dhcp-options, so first disable offering the default-gateway-option:
pi-hole disable dhcp-server option 3 „Router (gateway) IP address“
which is not allowed (my opinion: a bug since this is no feature)
Stop here and use another dhcp-service?
Use the „Router-Option“ as fallback for „old“ clients
If the DHCP server returns both a Classless Static Routes option and
a Router option, the DHCP client MUST ignore the Router option.
So this can stay enabled, it’ll be ignored – and, just for the case an old DHCP-Client doesn’t implement the Classless Static-Routes Option it’ll ignore it and can use the Default-Gateway-option.
Implementation
leave the Web-GUI as it is
go the the SSH-bash-shell
add additional dhcp-options
Leave the auto-generated config-files as they are
adminname@pi-hole-server:/etc/dnsmasq.d $ ls -l
total 16
-rw-r--r-- 1 root root 1524 May 22 13:16 01-pihole.conf
-rw-r--r-- 1 root root 490 May 22 13:16 02-pihole-dhcp.conf
-rw-r--r-- 1 root root 143 Dec 8 14:04 04-pihole-static-dhcp.conf
adminname@pi-hole-server:cat 01-pihole.conf
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
# #
# IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: #
# /etc/pihole/setupVars.conf #
# #
# ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# WITHIN /etc/dnsmasq.d/yourname.conf #
###############################################################################
addn-hosts=/etc/pihole/local.list
...
add your config in a seperated config-file
So lets add „/etc/dnsmasq.d/yourname.conf“:
I’d like to create
a Default-Route (0.0.0.0/0) via the WIFI-Router 172.16.1.1
static routes for all private (RFC1918) address-ranges via the Firewall 172.16.1.2
Online Training, free of charge – sponsored by Microsoft – is available: Surprisingly the same 9 modules for both exams, i’ve been putting them in a slightly different order:
Infrastructure
4 Modules
Operations
Applications
3 Modules
Migration
sharing a common module with
Business Continuity / Recovery
Azure Solutions Architect Expert – Training modules
AZ303 Instructor-Led Training
The official Microsoft Instructor-Led Training for AZ303 is made up of 15 Modules:
Azure Active Directory
Hybrid Identities
Networking
VMs
Load Balancing and Network Security
Storage Accounts
NoSQL Databases
Azure SQL Databases
Automate Deployment and Configuration of Resources
Azure Governance Solutions
Security for Applications
Manage Workloads in Azure
Container-Based Applications
Implement an Application Infrastructure
Cloud Infrastructure Monitoring
Exam 303 – What might be the required skills?
The free training – 9 Modules for both AZ303 and AZ304 – the paid training for AZ303: 15 Modules:
how to map the 15 AZ303-Modules into the 9 AZ303/AZ304-Modules?
