[Win10] Download Enterprise ISO with Media Creation tool / check ISO for available editions

Download latest Enterprise ISO

To download the latest Windows 10 Enterprise ISO:

Go to https://www.microsoft.com/de-de/software-download/windows10 and download the latest Media Creation tool
Open a admin powershell and launch said tool with some parameters

.\MediaCreationTool20H2.exe /Eula Accept /Retail /MediaArch x64 /MediaLangCode en-US /MediaEdition Enterprise

You will need to enter the license key / serial to be able to download the Enterprise style ISO (you will not be able to chose any type, this is done by the /MediaEdition switch, as well as the language etc..)

Check ISO for version information and available editions

mount ISO in Windows 10 (here mounted as D:)
execute this

dism /Get-WimInfo /WimFile:D:\sources\install.esd

you will get infos about what is in the ISO (in old versions, the install.esd was known as install.wim, then you need to launch that tool with install.wim instead of install.esd at the end)

Deployment Image Servicing and Management tool
Version: 10.0.18362.1316

Details for image : D:\sources\install.esd

Index : 1
Name : Windows 10 Education
Description : Windows 10 Education
Size : 15.736.130.486 bytes

Index : 2
Name : Windows 10 Education N
Description : Windows 10 Education N
Size : 14.956.748.370 bytes

Index : 3
Name : Windows 10 Enterprise
Description : Windows 10 Enterprise
Size : 15.736.284.481 bytes

Index : 4
Name : Windows 10 Enterprise N
Description : Windows 10 Enterprise N
Size : 14.956.654.647 bytes

Index : 5
Name : Windows 10 Pro
Description : Windows 10 Pro
Size : 15.734.489.825 bytes

Index : 6
Name : Windows 10 Pro N
Description : Windows 10 Pro N
Size : 14.959.031.814 bytes

The operation completed successfully.

If you start the tool a second time with a specific index, you can find out more about that "shard", e.g.to find out more about the Enterprise version, launch the tool with

dism /Get-WimInfo /WimFile:D:\sources\install.esd /index:3

you will get these infos

Deployment Image Servicing and Management tool
Version: 10.0.18362.1316

Details for image : D:\sources\install.esd

Index : 3
Name : Windows 10 Enterprise
Description : Windows 10 Enterprise
Size : 15.736.284.481 bytes
WIM Bootable : No
Architecture : x64
Hal : acpiapic
Version : 10.0.19041
ServicePack Build : 631
ServicePack Level : 0
Edition : Enterprise
Installation : Client
ProductType : WinNT
ProductSuite : Terminal Server
System Root : WINDOWS
Directories : 24132
Files : 96485
Created : 19/11/2020 - 04:20:58
Modified : 10/02/2021 - 14:13:25
Languages :
        en-US (Default)

The operation completed successfully.

[Win10] Offline installation of FoD like OpenSSH Server without VLSC ISO

Windows 10 comes with a lot of additional options to install, which are not part of the "local" installationmedia.
That means things like e.g. the OpenSSH Server component. These options are called "Features on Demand" (FoD) and do need either an active internet connection to download and install, or a specializied FoD ISO which you only can download from the Microsoft Volume Licensing Service Center (VLSC). If you need to install these options for your Windows 10 Professional or similar offline - without having a valid subscription, you cannot get the needed offline files that way.

However, there is another option by using a second computer with the same Major Release (e.g. Windows 10 1909 / 2004 / or 20H2 aka 2009) and possible latest patches installed to grab those files from the internet and then use these for offline installation.

Example, we want to get the OpenSSH Server package for Windows 10 20H2 / 2009 and install it offline afterwards.

Get a Windows 10 20H2 computer connected to the internet, patched to latest version
Download Everything ( https://www.voidtools.com/ - the portable version will do ) - this is a tool to scan for changes in the windows filesystem
Start it, if it asks for admininistrative rights, say yes
Enter "C:\Windows\" in the search path, so that only changes in the Windows path will be shown in Everything, so that you don't drown in information

5. Open an admininistrative Powershell - you can know search for the latest version of the FoD package you want to install, like
Get-WindowsCapability -Online |? Name -like 'OpenSSH.Server*'

This will get us info like:

Name  : OpenSSH.Server~~~~0.0.1.0
State : NotPresent

Now, this is were it gets tricky. You need to start the download of the package, track it traversing through the filesystem with Everything and copy it before it gets deleted again by Windows after installation. You might need to repeat the process several times, but here it is in a full write up

6a. Enter
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
which will start the download & installation

6b. Watch the Everything window. At some point a cab file with OpenSSH will pop-up within the C:\Windows\SoftwareDistribution\Download folder. Select that file. And press CTRL+C to copy it.

6c. Move the focus of the mouse to your Desktop or other folder, at some point the file path of the selected file will change to C:\Windows\CbsTemp because it was done with downloading and will start to be installed. Your selection and copy will still be valid and now target this new file. Hence you need to hit CTRL+V to paste/copy it to your desktop fast, because it will disappear within seconds.

6d. If everything went ok, you will have the cab file with some MB size (in case of OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab its just ~1.22 MB) and thats what we need. If you were to slow, you can try again by uninstalling the OpenSSH Server via powershell using
Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
then start at 6a and repeat until it works

6e. One word of caution - the filename will stay the same for all Windows 10 Release Versions. So it would be wise to put it into a folder with the version name - so that you don't mix up differnt versions. Also don't change the filename of the cab file, otherwise it cannot be used for installation anymore.

Move the file to your target / isolated system.
Powershell with Admin Rights to the correct folder with e.g. OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab in it, then execute the installation command:
Add-WindowsCapability -Online -Name "OpenSSH.Server~~~~0.0.1.0" -Source "." -LimitAccess

It is going to be installed. But as additional stuff…

// Set Services to Autostart
Set-Service sshd -StartupType Automatic
Set-Service ssh-agent -StartupType Automatic
// Check if Firewall Rule is activated
Get-NetFirewallRule -Name *ssh*
// There should be a firewall rule named "OpenSSH-Server-In-TCP", which should be enabled
// If the firewall does not exist, create one
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
// Configuration of OpenSSH Server
// You can set Powershell as default shell
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
// Start Service 
Start-Service sshd
Start-Service ssh-agent

xkcdpass - secure passwords for transport

Passwords are problematic. Always. Especially during COVID-19 - were you have to securely transport data via insecure means. What I want to say: Sending confidential data via email. Actually, thats quite easy: (7)-zip everything with AES256 using a long enough key - transfer the key via additional, more secure lines of communication (e.g. phone) and you are ok for the most part.

However, spelling %-FoPN#~OeJQ0h9g3_JWrvnq9h^ip))srzg{\vnj via phone is "a bit cumbersome". Thats the moment you recall Randall Munroe's xkcd #936 Password strength:

And with this basic idea, xkcdpass was born. It can generate passwords from multiple dictonary entries, seperated by some symbols and generate things like showcase surging swoosh bakeshop smoked duffel - and you can also tweek the settings to change the amount of words used, length, delimters, etc.

It is written in python and can be installed via a quick pip install xkcdpass and then used with the command line paramter xkcdpass

All infos are in the Git repo found here.

Long enough sentences are good enough - and are awesome as "transfer keys" to secure the real data.

[PiAndMore] Raspberry Pi Introduction Presentation

Here is my presentation to the Raspberry Pi Introduction @ PiAndMore 12 1/4 (23.01.2021)

RPi_PiAndMore1214.pdf

Videorecording of the talk can be found here

[WSL2/Win10] virt-manager for kvm on Windows

kvm Virtualisiation is great, however, useable tools to create and manage said VMs are rare. The best tool for the job, virt-manager is only available for Linux machines. But what if you want to manage said VMs also via Windows 10? WSL2 to the rescue: Just install WSL2 as shown by the excellent Microsoft Guide, install i.e. a Debian/GNU Linux instance and then launch into it.

You should update the instance to the latest version first:

sudo apt update && sudo apt upgrade -y && sudo apt dist-upgrade -y

then you can install virt-manager

sudo apt install -y virt-manager ssh-askpass

the last thing you would need is to install an X server on your windows machine, i.e. Xming or MobaXterm (which contains Xming) and launch it. Then you need to setup the X forwarding in your WSL2 instance, by entering

export DISPLAY="grep nameserver /etc/resolv.conf | sed 's/nameserver //':0"
export DISPLAY="sed -n 's/nameserver //p' /etc/resolv.conf:0"
export DISPLAY=$(ip route|awk '/^default/{print $3}'):0.0

after that, you can launch virt-manager by entering

virt-manager

and configure it to connect to your KVM instance via SSH.

Ubuntu 20.04 Update bricked KVM Virt

I updated an older Ubuntu 18.04 LTS system to the latest LTS and had (among other things) Docker and KVM installed. KVM is actually quite nice if you "just need" a small VM (pfsense ;)). I actually prefer Proxmox and ESXi, but hey, the right tool for the right job.

After the upgrade to 20.04, kvm did not work anymore and I got a lot of lvm2 errors during apt update / apt upgrade sessions, so a short google later I found this. I was a bit nervous, but the fix did neither hurt my kvm nor my Docker instances

sudo apt purge lvm2 && sudo apt install lvm2

(The fix is deleting and reinstalling lvm2)

After reinstalling lvm2, I could successfully execute a virsh list and got my list of running KVM machines back:

 Id   Name      State
-------------------------
 1    pfsense   running

[Win10] Random ports blocked while using Docker / WSL / HyperV

I have been using Windows Subsystem for Linux (WSL) and Docker on my Laptop since a long time. And during last Docker Con, WSL 2 was released to which I switched instantly - which I did not regret.

(Note: Upgrading to WSL 2 and the native Docker for WSL 2 version will cost you your containers and Docker images, there is even a Thanos meme coming around - so I have to give this fair warning ;))

However: Said Laptop started acting strange as suddenly local MariaDB instances or Apache2 did cease to work and even some nodeJS projects on port 9000. All these ports were not taken directly by any application, but somehow it did not work anymore. It turns out that a faulty HyperV update led to the hypervisor reserving too many ports across the board.

Luckily there is a solution to correct this issue as shown here by Christopher Pietrzykowski.

To make it easy and fast: Open up a powershell or cmd prompt as admin user and enter

netsh int ipv4 show dynamicport tcp
netsh int ipv6 show dynamicport tcp

If it comes up with startport 1025 and a huge number of reserved ports, you are experiencing the same problem. Please enter these commands to realign the startport to 49152 for both IPv4 and IPv6

netsh int ipv4 set dynamic tcp start=49152 num=16384
netsh int ipv6 set dynamic tcp start=49152 num=16384

after a reboot, everything should be fixed again 🙂

Bash for sending and receiving raw IP packets

I stumbled across this feature during my bachelor studies:

echo "Hello World" > /dev/tcp/127.0.0.1/5000
echo "Hello World" > /dev/udp/127.0.0.1/5000

You need to be root (obviously) and its supported in bash environment - but not on all systems. You can also cat on the ports and use dns adresses. Its neat to just get a byte out :).

And if you need something more sophisicated, be sure to use the good old netcat ("nc")

Quickly check python imports

If you happen to write a lot of python scripts and just want to check which of the added "imports" are actually needed to function - and do not want to use an IDE - just check out https://pypi.org/project/importchecker/ - it comes down to a quick

easy_install importchecker

and afterwards you can check your scripts by using

importchecker myScript.py

It will only output the imports NOT needed, which you can then remove by hand

Upgrade SonarQube 6.7 to 7.9

That was surprisingly easy: Just swaped the "sonarqube:6.7-community" for the "sonarqube:7.9-community" image entry in my docker-compose.yml and restarted the Docker container. Upon boot, the container restarted due to an error:

ERROR: [2] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

This could be resolved by executing sudo sysctl -w vm.max_map_count=262144 on my Ubuntu 18.04 LTS / Docker Host. After another restart of the container, it worked and I could start the update using a webbrowser under http://IP:9000/setup

(also add the option vm.max_map_count=262144 to the /etc/sysctl.conf)