MKLINK /D <NAME> \\<SERVERNAME>\Sharename
eg, MKLINK /D HyperVisor5 \\SECRETSERVER\aarhusHyperVisor5 is the name the directory will get locally the /D indicate it is a directory junction, and the link will point to \\SECRETSERVER\aarhus (aarhus is the share name on the SECRETSERVER)..
Ohh that was easy you say, yeah – well – it did not work 🙁
When a workstation attempted to access a mapped drive (eg. O:\Archive) it would get the above error.
A bit of googleing let to;
https://blogs.msdn.microsoft.com/junfeng/2012/05/07/the-symbolic-link-cannot-be-followed-because-its-type-is-disabled/
And the solution was simple enough, you need to execute this command on the workstation that has the problem;
(the command above the yellow one show the state of your computer)
And now your workstation can browse the directory (which is actually a pointer to a share on a different server) just like it was on the local server.
This should also be controllable via Group Policy, however I have not had the chance to test it yet;
https://technet.microsoft.com/en-us/library/5c7ffdb9-7066-4bdf-bc7d-eded8db2ce82
The symlink evaluation settings can also be controlled via Group Policy. Go to Computer Configuration > Administrative Templates > System > Filesystem and configure “Selectively allow the evaluation of a symbolic link”.
BeamGun – So what is it all about, and do I need it?
Well, to answer the latter first – “maybe”, if you could ever see yourself inserting a USB key you found somewhere, or if other people have access to your computer….
Background;
All modern computers have USB ports, you can attach all sorts of wonderful devices to USB ports – like mouse and keyboards, well imagine if someone made a device that looked like a USB key, however it actually emulated a keyboard – when you would plug this into your USB port it would tell your computer “Hey, I am totally a USB keyboard, honestly..”, and your computer would say “Hey that is cool, go ahead and be my second keyboard…”. So far so good, however, now this totally honest “keyboard” would start typing commands and your computer not knowing any better would think that it was you typing. So, long story short – any device looking like a USB key that is inserted into your computer has a chance to be an evil “Rubber Ducky USB” (that is the name under which many of these are actually sold), so someone either hands you a USB device and convince you to insert it (hey can you look at the report I just made) – or distracts you for a second and insert the USB device to your computer – BOOM and you are owned – in benign cases it just adds some practical joke (like switch your desktop background etc), but if evil it steals passwords etc. and it is very likely your Antivirus will not pick it up as it will look like commands issued from the local keyboard.
Sadly “no”, this is not Sci-Fi nor expensive, the script kiddie version of USB keys like this cost around 50$ but if you have real coding skills you can do it for 1-3$ 🙁
Ok, so anyone inserting a foreign USB device to your machine could be “hacking you”, or if you find an abandoned/lost USB key and insert it you may cause yourself to be hacked/compromised.
The tool;
https://github.com/JLospinoso/beamgun
BeamGun to the rescue – BeamGun is actually rather nifty, it will monitor your computer – and the moment a new “keyboard” (or something emulating a keyboard) is inserted, it will lock your computer and block the device, it will also show anything this device was trying to do in a popup window.
Mind you, it is an early version and seem a bit rough around the edges, but if you are in the “risk” group this may be a tool you would want to install. But it works (yes I tested it, however it is difficult to show screenshots as the software does a great job of protecting your computer while it display its warning).
Want to see more about these “Rubber Ducky USB” devices, take a look at this video;
https://youtu.be/4kX90HzA0FM
Something similar is also shown in the popular tv-show “Mr Robot”
Want to aspire as an evil hacker (or totally own your friends), buy your own “USB Rubber Ducky” here (yes its actually that simple);
https://hakshop.com/products/usb-rubber-ducky-deluxe
Links;
https://github.com/JLospinoso/beamgun
https://hakshop.com/products/usb-rubber-ducky-deluxe
MDM or Mobile Device Management has become increasingly popular over the last few years. I was surprised to find, that when we implemented it in the company I work for we discovered that there actually was a few users without a pin or password on their mobile device (to be expected out of a few thousand users I guess, but still – NO PIN on your phone, REALLY!!!)!?
Anyhow, there are several reasons to dive into this area – AND the good news is that (depending on the size of your setup) you can actually do much for ZERO $ (Free).
Create Policies;
- Require that users (or family) have a PIN
- Deploy APPS to phones or tablets
- Keep track of installed APPS
- Create geo-fencing – be warned if the device leave a defined area (sadly this does not work well in Denmark as the matching of IP’s to addresses is very limited due to privacy legislation)
You can even choose to implement it in your household to keep track of what apps etc are installed be the kids etc.
So are there great skills required? no not really, perhaps a little in setting it up initially – and there are some minor challenges, especially with the certificate part (which need to maintained/updated yearly), but in general – if you have experience with IT operations it’s more or less a breeze.
To get started here are a few links.
Several free or cheap services exist, to name a few;
The first one “Meraki” I actually tried and is still using (free for up to 100 devices as I recall)
https://account.meraki.com/login/new_account
You can even get a free cloud managed WiFi Access Point if you attend one of their online seminars.
Additionally you can install Windows Clients on Windows PC’s and thus now also have free inventory of your Windows PC’s.
You can see a demo of a related Meraki mobile management pack, it’s not quite the same as the free MDM solution – but it can give you some idea of what is possible.
https://youtu.be/fa95GJZQ0fQ
Another one is Spiceworks, I have not tried their MDM solution – but the “Spiceworks framework” (free IT operations software) in general is quite good and capable.
https://www.spiceworks.com/free-mobile-device-management-mdm-software/