如何從AD裡抓出過期的電腦

  在AD架構下只要有電腦加入網域就會在AD裡增加一個電腦名稱
如果同樣一部電腦換了電腦名稱原本的電腦名稱是不會跟著改名稱，久而久之會在AD裡的computer裡看到越來越多無用的電腦名稱在裡面，可以用windows裡內鍵的指令撈出無用的電腦再刪除。

  撈出AD電腦
在網域主機上開啟命令提示字元或是power shell
 dsquery computer -inactive 30   <撈出超過30週沒跟AD連線的電腦>

撈出後可以把記錄導出至記事本，如
dsquery computer -inactive 30 > c:\computer.txt

之後可以貼到excel做檢查，之後刪除電腦名稱
dsrm "CN=XXX,CN=Computers,DC=XXX,DC=XXX"

如果不需詢問直接刪除就多下一個 -noprompt就會不詢問直接刪除，如
dsrm -noprompt "CN=XXX,CN=Computers,DC=XXX,DC=XXX"


利用這種半自動方式就不用麻煩寫script了


by Johnny

恆逸-ISO27001主導稽核員訓練課程學習心得

  在恆逸上過ISO 27001資訊安全管理系統主導稽核員的課程，發現恆逸的上課環境真不錯，空間相對來說比一般坊間的電腦補習班來的大，除了教室的空間比較大之外還有很貼心的咖啡喝到飽啊~~~其實重點才是這個，哈哈……，言歸正傳，在上主導稽核員的過程會發現講師上課都是蠻專業的，因為自己公司也有在做ISO27001所以上課的講師就是來稽核我們公司的稽核員，就真的很巧，所以相對上課就會比較專心啦，想說做ISO真的很累，很多事情就會要照很多辦法來比照，奉勤要做ISO27001的公司除非真的很有心否則不要輕易嘗試啊。

  在恆逸上課除了喝不完的飲料之外不知道是不是這個課比較特別的關係，中午還有供餐，下午休息還會附水果，跟一般坊間的補習班差蠻多的，然後他們的服務人員又很親切，就連上起課來都比較開心。

  主導稽核員的課程分為5天，基本上如果完全沒有底的話去聽會比較吃力一點，沒有資訊的底會聽比較辛苦，不過原則上不是在講技術，而是針對怎麼樣去稽核資訊的東西，上課的方式也比較特別，採分組討論的方式進行，所以既然分組免不了就會自我介紹一下之類的，然後跟講師的互動會比較多，會時不時的問相關的問題，通常都是很重要的提示，對考試會很有幫助，所以基本上如果課都有老實的去上，上課都有專心的聽講，幾乎人人都會考過的，重點當然還是要稍微看一下書，免得到時考試完全不知道要怎麼寫。

  考試的重點就是要寫快一點，因為所有的題目都是問答題，全部都要用手寫出來，題型分四大題，每一大題又分好幾個小題，如果沒記錯好像要70分才會及格，每一大題如果有一大題0分還是不及格，所以每一大題都要拿超過一半以上的分數才會及格，如果有好好聽課幾乎都寫得出來，唯一最困難的是最後一大題，要判斷題目所描述的事情有沒有符合法規，如果沒有要舉證為何沒有符合，這一大題如果判斷符合結果實際不符合就直接0分，因為有點主觀，所以有點困難，答題技巧就是全部寫不符合然後去舉證最起碼會有7分，不過如果可以很清楚的判斷出來的話就照實寫會比較好，只要有寫就有分，努力去寫就會過啦~~~

恆逸訓練中心http://www.uuu.com.tw 網址，有需要的人可以參考看看
以上心得給大家參考

利用AxCrypt自動對檔案加密

 

  最近因為備份資料庫的東西需要做異地備份，但是又被挑戰有沒有加密，如果資料被拿走怎麼辦，好吧，就去找了一個可以加密的軟體，找到的加密軟體為AxCrypt

http://www.axantum.com/AxCrypt/Downloads.html 下載網址

我覺得這個還不錯的是可以做成自解加密檔

然後另外一個就是可以用command line的方式執行，官網也有詳細的參數可以參考

加密成程式的加密格式

"%ProgramFiles%\Axantum\AxCrypt\AxCrypt.exe" -e -k "加密的密碼" -z 要加密的檔案 

缺點是一定要安裝這套加密軟體，不然無法解密

前面的%ProgramFiles%為環境變數，echo出來會是c:\Program Files，安裝完軟體預設會是在這個路徑下

-e為定義所要加密的檔案

-k為要加密的密碼

-z為加密檔案

加密成自解加密檔

"%ProgramFiles%\Axantum\AxCrypt\AxCrypt.exe"  -k "加密的密碼" -j 要加密的檔案

缺點會多增加一個檔案，會多佔用硬碟空間

-j為加密為exe自解檔

詳細參數

-i [.ext]	Install	Set all registry values to default. Set the extension to associate with AxCrypt - default is .axx.
-p	Psp test	Test for the need to install psapi.dll. Only relevant on NT. If return code is 0, no need. This is an installation helper function only.
-u	Uninstall	Clear all registry values.
-x	eXit	End the resident server process, if loaded.
-l	License	Start the license manager dialog.
-b tag	Batch id	Define a tag, or batch id, to be used with subsequent pass phrases. These pass phrases will only be used when the same tag is specified in future calls to AxCrypt. The batch id is a decimal non-zero positive 32-bit signed integer. Odd values are reserved for internal use. If no -b option is given, saved pass phrases are 'global'. All tagged pass phrases are saved until cleared with -t.
-f	Toggle Fast mode	Will modify certain operations to execute fast, rather than safe and/or secure. There is no guaranteed effect. Initially off.
-c	Toggle Copy-only flag	Causes subsequent -d and -z to retain the originals. May be combined with -f for fast copy without wiping of temporaries. Initially off.
-g	Toggle ignore encrypted flag	If set, attempted encryption of already encrypted files will do nothing. Initially off.
-n	Output Name	Defines a file name to be used as output instead of default for the next -z or -d.
-m	Toggle recurse flag	If set, causes subsequent wild card file names to search into sub-directories. Initially off.
-e	Encryption pass phrase definition	Subsequent -a or -k options on this invocation define the default encryption key instead of one of possibly many decryption keys. The -b option may be used to define pass phrases with limited context.
-a	Add pass phrase	Prompt for a pass phrase using the AxCrypt standard safe dialogues. -b and -e may be used as modifiers.
-k "pass phrase"	Cache pass phrase	Cache the given pass phrase, quotes are recommended. The pass phrase is case-sensitive. -b and -e may be used as modifiers. Note that there are restrictions for what passphrases may be used in the AxCrypt dialogs - these are not enforced here! See below for allowed characters in passphrases.
-O "Path2Exe"	Set Open Executable	Modify a subsequent -o (Open for edit) to use the specified executable instead of the automatic association by extension.
-z	encrypt	Encrypt (and if useful compress) the given file(s) with either the current default encryption key, or with one that is prompted for. The originals are wiped. -b, -c, -g, -f and -n may be used as modifiers.
-J	self-decrypt encrypt	Encrypt (and if useful compress) and copy the given file(s) with either the current default encryption key, or with one that is prompted for to a self-decrypting executable archive. -b, -g and -n may be used as modifier. Default is to ignore files that already are self-decrypting.
-K	make Key-file	Generate and store a Key-file in the given folder, or directly to the given full path-name.
-d	Decrypt	Decompress and decrypt the given file(s) with either a cached key, or with one that is prompted for. -b, -c, -f and -n may be used as modifiers.
-o	Open	Open the given file(s) with the appropriate application after temporary decryption and decompression. If they are modified after application exit, they are re-encrypted with the same pass phrase. -b may be used as modifier.
-v n	override wipe passes	Sets an override of the number of passes for wipe for the remainder of the command line. See -V for more info.
-V n	wipe passes	Sets the global persistent default number of wipe passes when overwriting, 1-7. Default if not set is 1. The full set of 7 passes will overwrite in the following sequence: random, ones, zeroes, random, zeroes, ones, random. If less are specified only the last n passes are performed. Thus, -V 3 corresponds to the DoD 5220.22-M standard for sanitizing data on fixed hard disks.
-w	Wipe	Wipe the given files and delete. Show a confirmation warning first.
-s	wipe Silent	Wipe the given files and delete, but do not ask for confirmation.
-q	Query pass phrase cache	Return exit code 0 if all files given have pass phrases in the cache already. -b may be used as modifier.
-h	Anonymous rename	Renames the given file(s) to anonymous names. The original names will be restored on decryption.
-t	Clear pass phrase cache	Clear the internal pass phrase cache. If -b is given, only pass phrases associated with that tag are affected, otherwise all are removed, tagged and un-tagged alike.

by Johnny

如何更新(upgrade)windows Xampp的MySQL

  在XAMPP程式裡會安裝Aparch、MySQL、Perl、PHP等套件，但是如果要更新裡面的套件又不像安裝一般MySQL一樣，更新方式如下：

1、在更新前一定要事先備份，首先要先停止MySQL資料庫服務
指令方式：net stop mysql
GUI方式：電腦右鍵→管理→服務→找到MySQL服務停止

2、備份XMAPP安裝目錄裡的mysql資料夾

3、下載要更新的MySQL程式

4、這時先安裝在其他目錄資料夾下，如c:\或是d:\下面

在安裝過程中只安裝MySQL server就可以，其他不裝

最後裝完也不要啟動configure也不要開啟服務

5、在XMAPP資料夾底下更改mysql資料夾檔名，如mysql-old，之後建立新資料夾mysql

在新安裝的c:\mysql或是d:\mysql資料夾裡複製lib、share、bin三個資料夾到新建立的mysql資料夾

再到mysql-old把data資料夾復製到新mysql資料夾

6、最後最重要的是在mysql-old資料夾裡的bin資料夾找到my.ini檔案，複製到新的mysql資料夾的相同路徑底下

7、開啟服務

net start mysql

結束

By Johnny

win8系統進入安全模式

  看一大堆網頁都進入登入畫面後才做設定進入安全模式，阿就進得去登入畫面了還需要進入安全模式嗎？

只要在電腦開機前按住win鍵+F8再開機會進入到系統修復模式
選擇進階修復後選系統設定會直接重新開機進入boot選單畫面
選項就會有進入安全模式的選項

這樣做會比較合理吧



By Johnny