High Resource Utilization – It could be your memory compression

Have you noticed high resource utilization?  CPU, Memory or Disk at 100%? Of course this could be malware, a virus, a startup app or program. It could also be memory compression.

Windows 10 offers memory compression which takes little-used elements and stores them in RAM.   This saves memory and is faster than your pagefile.

If you experience latency or high memory utilization, you can turn off memory compression by using PowerShell.

Open PowerShell and type the following-

Get-mmagent

You should see Memory Compression is True.

If you are having issues with memory, Open PowerShell as an admin and type –
Disable-MMAgent -mc

This will disable memory compression

Reboot

You can enable memory compression by typing-

Enable-MMAgent -mc

There truly is no reason why you should disable memory compression.  Users have reported what they believed was corrupt compressed memory.   After disabling and re-enabling, users reported their systems had stabilized.

If the performance has improved with memory compression disabled, you can leave  Windows 10 with the compressed memory disabled.

You can also see Memory Compression by using the Task Manager or  Resource Monitor.

 

You can also use set-mmagent and use the maximum number of prefetch files  from 1 through 8192.  

Advertisements

Computer not responding? Restart your graphics driver

Computer not responding? Restart your graphics driver by using the following shortcut keys-

Win+Ctrl+Shift+B

It’s not always Ctrl+Alt+Del …

An interview with Fabian Wosar, EMSISOFT’s ransomare killer

Fabian Wosar, CTO of EMSISOFT is known as the most prolific ransomware killer in the world.   We reached out to Fabian and asked him ten questions.

Look for our Live Interview and video late next week…

Steve: You’re the cybercriminal…Create ransomware or steal and sell data?  Why?

Fabian: There can be a whole bunch of motivations at play. Some people are just interested in the challenge. They just want to proof that it is possible to break a system or to write malware for a certain system. Then you have people who just do it “for the lulz” or are somehow politically motivated. These people usually want to highlight certain issues or just want to have fun. The vast majority however, especially when it comes to ransomware, are financially motivated. Decently successful ransomware groups make tens of millions of dollars each month. Gandcrab for example managed to generate 2 billion US dollars worth of ransom money within about a year.

Steve: Do you see patterns from the “cyber gangs” in the reuse of code when they program new ransomware or variants? Are these ‘gangs’ becoming smarter?  Are they recruiting better programmers?

Fabian: It very much depends on the gang and campaign. Ransomware code is readily available not only on blackmarkets but also on places like Github. So the barrier of entry is somewhat low. There are also a whole bunch of “Ransomware as a Service” offers available, where everyone who is interested in getting into ransomware can just sign up, infect a bunch of people, and then get a cut of the revenue generated. That is how Gandcrab operated for example.

The gangs behind ransomware haven’t necessarily have become smarter, but they adjusted and changed tactics a lot. While in the beginning, ransomware very much was a home user problem, the focus has shifted towards companies in the recent years. Instead of spreading ransomware through spam, exploit kits and pirated software, attackers try to break into systems directly in order to encrypt them.

Steve: Are you seeing a collaboration of cybercriminals where opposing criminals are ‘teaming’ up with one another?

Fabian: There definitely is a lot of teaming up going on. Take a look at Ryuk for example, which is often deployed through existing bot infections. Whether the bot herders are behind Ryuk itself or whether the Ryuk gang is buying infected systems from the bot herders isn’t exactly clear. There is obviously also a lot of auxiliary stuff going on. It’s one thing obtaining a large amount of bitcoin. It’s another to turn that bitcoin into clean cash that you can use and buy things with. So the same organised crime structures that are involved in money laundering are present in cyber crime as well.

Steve: Is Microsoft keeping up with updates and patches and are you seeing more neglect from IT personnel?

Fabian: There certainly is a bit of apathy going on. Every couple of weeks there is a new big vulnerability threatening your security. It becomes difficult to keep up, especially when you have lengthy test cycles for new patches to make sure they work in your environment or if you rely on certified hardware and software, that can’t be easily patched without breaking the certification.

Outsourcing was often seen as a solution to this problem, but especially recently there have been attacks on MSPs, often with catastrophic results. We have seen cases where MSPs got hacked and thousands of their clients got hit by ransomware that was deployed through the RMM sytems used by those MSPs.

Steve: IoT and Network Area Storage is getting hit by Ransomware today.   Do you foresee new threats that go into Automotive/Transportation, SCADA/PLC, Linux and Mac Oss that involve a more sophisticated Ransomware?

Fabian: We have already seen some of those cases. A while ago a bunch of PHPBB communities got targeted by a rather unique ransomware. They replaced the database driver on those communities with one that would transparently encrypt and decrypt all data during access. The forums continue to work fine, often for months, until the attacker pulls the key out of the driver, making the database inaccessible. Since the driver often has been there for months, backups may have already been rotated out. But even if they weren’t, a large portion of content that was added since the attack may be encrypted with no recovery possible. I would suggest more of these types of attacks in the future.

Steve: When did you first notice code in Ransomware had your name in it?  Were you shocked?  Is this something you are seeing more of?  Are you constantly receiving threats?

Fabian: The first time it happened was about 3 years ago in a ransomware called Radamant. I wasn’t exactly shocked to be honest. I was more surprised and also a little bit proud. It’s the greatest form of compliment you can get in my line of work. It still happens occasionally in addition to ransomware authors contacting me directly on Twitter or in various online communities. The threats have become less, but they still happen occasionally. The biggest reason for that is that I am less public about my work and often help victims directly or provide information to other researchers who then release the decrypters.

Steve: Generally how long does it take to reverse engineer ransomware and provide keys if possible?

Fabian: That very much depends on the ransomware. But on average, it takes me less than 30 minutes to take the ransomware apart, find the encryption routines, and figure out whether the encryption scheme is secure or not. Writing a decrypter then takes another couple of hours. About 4 on average I would say. A lot of QA and testing goes into these decrypters. The last thing we want is damage the user’s files after all. So we tend focus on being careful instead of being the first. However, more often than not we are the first anyway.

Steve: Are you seeing more shady security companies who negotiate with the cybercriminals without the victim knowing?

Fabian: It continues to happen, yes. It’s important to drag these companies into the open and tell people what they are doing. People often think I am against paying the ransom under any circumstance. While that would obviously be the ideal, I am well aware that when it comes push to shove, people prefer to part with a large sum of cash rather than kiss their entire livelihood goodbye. So I am not against paying the ransoms per se, if there truly is no other way, and I also don’t think that a data recovery company should be ashamed of paying ransoms. Quite frankly engaging with a company that has experience with these types of negotiations can be quite beneficial. Not to mention that your accountants will probably prefer you paying a legitimate third party instead of buying bitcoins and sending them somewhere without any kind of invoice.

Ideally data recovery companies should just be honest about how they came up with the amount they charge their clients and outline exactly what they are doing. That doing so can make you hugely successful can be seen in the case of Coveware for example, who are very open about their processes and cost structure.

Steve: How did you get involved in Information Technology?

Fabian: I bought my first PC when I was about 10 years old. It didn’t take long until I got my first computer virus (Tequila.B). I was really fascinated by the concept, so I went into the library (sort of an offline Wikipedia for the young people out there ;)) and they actually had a bunch of books about computer viruses. So I got really into the topic, which led me to eventually learning assembly and Pascal programming and writing my own little anti-virus tools when I was about 11 years old. I never really moved away from that.

Steve: Finally, what is your recommendation other than the usual protection methods that someone can use to protect themselves against ransomware?

Fabian: Backups are by far the best protection. I recommend everyone who isn’t on some data limited plan to go with a cloud based backup solution. Preferably one that can operate using “zero-knowledge”, so that your data is encrypted on your system and the backup provider has no knowledge of what data is being stored on their service. Besides backups, practicing proper cyber hygiene is key. Stick to well known software and keep it updated. Don’t download and install software from places that aren’t trustworthy. Don’t have your data laying around openly on the internet. Have all access points to your network and systems protected using strong authentication (ideally based on certificates, not passwords; but if you have passwords, make sure they are of high complexity). Things like that.

Security software can obviously help quite a bit as well, but there are limits. I am always surprised how customers who had RDP enabled on their systems and trivial passwords complain that our product didn’t protect them. No product will in those cases. The attacker can just turn them off or uninstall them before running their ransomware. Once someone gained access to your system like that, it is game over.

Best regards,

Fabian Wosar
Chief Technology Officer EMSISOFT

EMSISOFT

Need to optimize and check a MySQL database on Windows?

Need to optimize and check a MySQL database on a Windows computer?

Open a command prompt as an administrator.

Change into the folder where your MySQL is located.

An example is below –

type cd\Program Files\MySQL\MySQL Server 5.7\bin

Hit enter

type mysqlcheck -u root -p –optimize –databases {enter your database name here}

Hit enter

Be patient and wait.  You may be asked to enter your root password for your MySQL when prompted

 

Moodle 3.7+ Notifications – Cron failed to run in 200 seconds

If you receive “Cron failed to run in 200 seconds, you can write a batch file and place the batch file in a folder under c: drive (name the folder cron).  The script below is if you are running Moodle on a Windows based server.

The content of the batch file should contain the follow:
echo on
c:
rem enter the path to your php on the next line
cd\Program Files\php\v7130
php c:\inetpub\wwwroot\{your moodle directory}admin\cli\cron.php
echo Cron Job Success!
rem the next line waits 180 seconds to prevent resource usage

timeout 180
cd\cron\cronhourly
start cmd /k Call c:\cron\cronhourly.bat
exit

CLI vs GUI – Basic CLI commands

The CLI or Command Line Interface, is a text-based interface used to program devices such as switches and other network equipment.  So it’s 2019.  Why are we still using a CLI?

The reason? It allows a granular ability to program devices for hundreds of configurations.   You see, a GUI is going to be limited (even though some have hundreds of options) and CLI uses less resources and truly can give you more control of the configuration.

Thus you can generally program a CLI faster than a GUI interface once you become skilled using the CLI.   With a CLI, you aren’t waiting between commands and with a GUI interface, you are.

Below is a series of screenshots and several commands on the Dell N1548 switch (For more information on how technical it can be, see the 2410 page Dell PDF) .   In this tutorial, we’ll show a novice how they can take a switch with no IP address and program the switch so that it can be accessed by a GUI interface with a static IP address.

While there are a million more options using a CLI, this is only an introduction to the CLI and does not imply this is the only way to program switches by any means.  CLI commands can vary on manufacturers.

In order to use the CLI, you can use Putty or other software on your computer.  You’ll also need the console cable that came with the device or a standard console cable.

With the switch off, connect the console cable to your computer and plug the opposite end into the console port of the switch.

Open Putty and select the serial connection or SSH (this will depend on your device).  Generally a speed of 9600 will be ok if connecting via a serial cable.

Power the switch on and click Open on Putty.  You should see the boot sequence for the device.   If your screen is garbled, trying increasing the baud rate.

As the device loads, you will see information about the device scroll by on your console screen.

Once the device boots, you will (in this case) see console>

Next, type enable. This enables commands and the programming of the switch.

Once you hit enter, you will see console#

Next type configure in order to begin the configuration of the switch and hit Enter.  You can normally type help or ? in order to get the command syntax as you enter different areas of the CLI.

Next type username {username you want} password {The password you want} and privilege 15

Note: The password and username used in this example are just that – examples.  Privilege  levels are determined by the switch or device manufacturer.

Next type ip default-gateway {Enter your gateway address}

Next type interface vlan 1

You will now see console {config-if-vlan1} – you can now type the IP address and subnet that you want by entering ip address {your ip address} {your subnet}

Next, type exit

To check your configuration, type show ip interface vlan 1

You should now be able to login to your switch using a browser by typing in the IP address in the address bar – This of course is after setting a static number on your NIC if your computer is not on your lan and has not  received a DHCP number.

Log into the switch and you can hit the save button to make sure your configuration is saved.

Again, this is a tutorial for beginners.  While you should disable protocols such as http, telnet and limit users on the switch, you have to remember there are hundreds of CLI commands and GUI configurations.

Always update your firmware and disable protocols that are not secure.

 

2019 Middle Tennessee Cyber Conference Agenda

The TN Department of Safety and Homeland Security along with TCAT Shelbyville and the Cyber Conference committee are working on the 2019 Middle TN Cyber Conference agenda.  Look for speakers such as Jayson E. Street (http://jaysonestreet.com/), Brent White of We Hack People, (https://wehackpeople.wordpress.com/), Daniel Elliot (National Cybersecurity Alliance) and Mark Burnett, Derek Rush, & Bill Dean (LBMC-Anatomy of a Hack).
Other speakers will be announced soon.
Join the 400+ professionals and register at:
https://middletncyberconf.com

2019 Middle TN Cyber Conference

Register now for the 2019 Middle Tennessee Cyber Conference – Register Now

Rockwell Directory Configuration Wizard Unknown Error 0x80005000

Have the above error?  Copy and paste this in a command prompt as administrator.   This will work a majority of the time.   This configuration error re-registers the dlls that may have issues during or after an upgrade.

cd\
cd\windows\system32
For /F %s in (‘dir /b *.dll’) do regsvr32 /s %s
cd\
cd\Program Files (x86)\Common Files\Rockwell
For /F %s in (‘dir /b *.dll’) do regsvr32 /s %s

pause

Note:  You may have to replace the ‘ symbol with the apostrophe.  Also this often corrects other programs that display this error.

 

what3words – Did you know the world has been divided into 3m x 3m squares?

The world is divided into a grid of 3m x 3m squares and each grid is assigned a unique 3 word address.

Because most of the world is not addressed, you can locate any place on the planet by three words.   Take a look at the technology and features behind what3words –  https://what3words.com/about/

 

Error Writing to Database – Moodle after an upgrade

If you get an error on Moodle that states “Error Writing to Database” generally when logging on, that WAS working prior to upgrading, clear or purge the Moodle Cache.  Generally when you shutdown Apache or IIS to upgrade, the sessions or cached sessions may be corrupt.

By purging the cache, it will flush the cache and new sessions will be initiated. This is why it is important to announced maintenance at a predetermined time and to place Moodle in Maintenance Mode.

Where do you Purge all cache?  Go to Site Administration, Development and Purge All Caches.

Remember, if you get “Error Writing to Database other than logging in (randomly), try purging the cache first.

Cannot connect to Microsoft SQL server after installing an IIS SSL Certificate

If you cannot connect to your Microsoft SQL Server after installing a web SSL Certificate, you may need to get the thumbprint of your certificate and copy it (without spaces) to your registry.

Go to Hkey_Local_Machine\software\Microsoft\Microsoft SQL Server\{Find your instance of SQL}\MSSQLServer\SuperSocketNetLib

There you will find a string that says Certificate – put the thumbprint of your certificate there without spaces – reboot your computer.

If the string does not exist, create a string that says certificate

Remember – Always have a backup of your server (configuration, database and other information) before working with the registry.

AlphiMAX PTP Estimator provides an excellent way to align your wireless antennas

When you are networking computers, wireless access points, printers and other nodes in multiple rooms, try to avoid daisy-chaining switches or using small 4-8 port switches when you are in a hurry.  Replace any hubs on your network as soon as you can.

With a hub, collisions can be >20% and utilization can stand at >50%.   By replacing a hub alone, you can reduce collisions to 5% on switches in rooms and <1% in the server room.  Switches help to isolate traffic, relieve congestion, separate collision domains (reduce collisions), segment and restart distance/repeater rules.

Daisy Chaining Switches -what not to do

Real world scenarios may require you to temporarily daisy chain switches.  If you do, test the network and run additional backbones or replace core switches to accommodate more nodes as soon as you can. (remember, replace any hubs in your network)

One of many solutions is to run independent lines to the core switch

Basic tips on optimization of your network –

• Use stackable managed switches
• Purchase switches that support
  IEEE 802.1D , IEEE 802.1p , IEEE 802.1Q , IEEE 802.1s , IEEE 802.1w , IEEE 802.1x , IEEE 802.3 , IEEE 802.3ab , IEEE 802.3ad (LACP) ,
  IEEE 802.3ae , IEEE 802.3u , IEEE 802.3x , IEEE 802.3z
• Use a battery backup on the switches

This is the very basics behind network switch infrastructure.  Managing switches and using the IEEE standards above along with optimizing your network and managing the network infrastructure is important.

Excellent articles on Networking Infrastructure

http://www.lantronix.com/resources/net-tutor-switching.html

http://www.techrepublic.com/blog/it-consultant/only-novices-daisy-chain-switches/

Wireless Dropping? Change your Scan Valid Interval

Is your Wireless dropping?  Update your driver of course and then try changing your Scan Valid Interval.   By default, most wireless cards are set to 60.   This is the amount of time before your wireless ‘looks’ for other access points (for roaming).   Try changing the interval to 120.

Open the device manager, double click on the wireless adapter, under advanced, click on Scan Valid Interval – change this to 120.   If you have a card that has roaming under advanced, select the lowest option.

 

Note:  If you have a laptop and are moving around in an area, you may need to lower this number.

Also, you may want to lower the Beacon Interval in your router if your signal is low or if you have drops.  This sends beacons more frequently and can help with your signal.   This may slightly decrease your bandwidth (wireless) and use a little extra battery on mobile devices.

While the default is 100, did you know if you increase this time (assuming you have a great signal in your home or business) that you can increase wireless bandwidth (slightly) and even increase your battery life of devices?

Got Atheros? Follow this link to drivers.

Also, do a quick survey of your entire home.  As you can see, one side of our house has interference on channel 11.   Because the ‘user’ of the other wireless is using Channel 6 + 10 (40 mhz ) spread, Channel 6 and 11 are NOT optimal.  Therefore, channel 1 is the optimal channel (you can see two devices – my AP and printer)

Left – host computer  Right – TightVNC into another computer in my home.

Remember, router position and direction matters.  As you can see below, repositioning the router got rid of “Saw Tooth” (signal that goes up and down).

AlphiMAX PTP Estimator provides an excellent way to align your wireless antennas

It is important to perform a wi-fi survey so that you can determine not only the perfect place to locate your access point or bridge but to gain an understanding of the channel co-existence challenge you may face.  With wireless access points in surrounding neighborhoods and businesses, you will need to  perform a survey by walking around and mapping out the BSAs (Basic Service Area) of wireless that surrounds you and your organization.

Below is an example of our school’s perimeter.  Matt, Chris and James, students in the Computer Information Technology, class performed a survey using a Microsoft GPS and Vistumbler.  This survey revealed access points and their channels of current wireless at our institution and  includes APs in surrounding businesses and neighborhoods.  These were mapped using Google Earth after exporting their KML file from Vistumbler.

This type of survey allows IT professionals to analyze data exported to ensure the correct channels can be used at their organization.

After exporting the wireless information, you can analyze each access point or wireless device by clicking on it.  Below is an example of the information exported into Google Earth.   Each device shows SSID, Network Type, Mac Address, Channel, Security, Encryption Type, Data Rates, Latitude, Longitude and Manufacturer information.   Analyst using this information can also determine the best placement of wireless devices along with channel information.

Channel co-existence is when access points share channels that are very close to one another.

802.11 wireless on 2.4 Ghz has three non-overlapping channels.  These channels are 1, 6 and 11.  The closer channels are, the more likely interference will take place.  With the amount of wi-fi in use today, IT professionals have to chose between 2.4 Ghz and 5 Ghz and and try to select channels that are not in use if possible.   Professional access points and bridges can also adjust power as necessary.   A dense population can make this very challenging.

If you look at the students’ survey by zooming out to see how many access points can be seen, this is what you are looking at!  Now you can see why site surveys are important at your organization.

In addition to this survey, a secondary survey using a spectrum analyzer is very important to search for interference from other sources.  (See our review of the Airview Spectrum Analyzer)

Channel information (Chart from Wikipedia)

Here’s another look at a wireless survey showing vertical lines and signal strength.  (James M. KML survey)

Atheros Wireless Drivers

Need an update and stable version of your Atheros Wireless Drivers?

Often the wireless drivers found at,  https://www.atheros-drivers.com/atheros-network-drivers.html  , are more stable than the manufacturer.

Should you disable 8dot3 for performance and security?

icrosoft did recommend to disable short names  in a security guide some times back.  There is evidence that file operations in directories (folders) that contain a large number of file can be slowed by short file name creations.  So does it improve performance? The short answer – Yes.

Now should you disable short names?  This answer is going to be on a case by case basis.  Some questions to ask yourself –

• Do you have older programs that use 8dot3 (short names)?
• Do you have a folder with a significant amount of files and coping or creating files is slow?

Below is a pic showing the improvement by disabling and stripping

 

Image:  Blog Technet Microsoft

Here’s what you need to do –

• Always backup your system
• Open a Command Prompt as Administrator
• Type fsutil 8dot3name query c:
  (enter the drive letter at the end)
• Type fsutil 8dot3name set c: 1
  (This will disable 8.3)
• If you want to do this system wide, type –
  –  fsutil behavior set disable8dot3 1
• To strip existing files with a 8.3 short name, this will scan your computer and the system registry and strip the files of their short names type the following-
  –   fsutil 8dot3name strip /s /v c:

Example:

References:

• KB Article on short names: http://support.microsoft.com/kb/121007
• TechNet article with a reference for FSUTIL.EXE 8dot3name: http://technet.microsoft.com/en-us/library/ff621566.aspx
• TechNet article on the registry setting to disable 8.3 names system wide: http://technet.microsoft.com/en-us/library/cc778996.aspx
• https://blogs.technet.microsoft.com/josebda/2012/11/13/windows-server-2012-file-server-tip-disable-8-3-naming-and-strip-those-short-names-too/

 

 

Slow SQL Connection or Network in Windows 10 – Update

Finally found a small problem with Windows 7, 8, 8.1 and 10.  After upgrading, we have discovered that Windows  was responding slow to our SQL Server 2008 and SQL Server / other versions.  What we discovered is below.

Slow response times in Windows to a SQL Server can be due to the LLMNR protocol.  This may be resolved by turning off the LLMNR protocol.

LLMNR is a protocol that allows both IPv6/4 computers to perform name resolution for the NetBIOS names of other computers without requiring a DNS server.

IPv4 hosts can use NetBIOS over TCP/IP (NetBT) to resolve computer names to IPv4 addresses for neighboring computers by broadcasting a NetBIOS Query.

All IPv4-based LLMNR hosts listen on the IPv4 multicast address 224.0.0.252 instruct their Ethernet network adapters to listen for Ethernet frames with a destination multicast address.

Windows -based LLMNR computers do not send or respond to unicast queries.

To disable LLMNR:

Modify Group Policy – Go to Search – Type GPEdit.msc – Enter – Navigate to the following and make sure Enabled is checked –

Computer Configuration\Administrative Templates\Network\DNS Client
\Turn off Multicast Name Resolution = Enabled

How does Multicasting Work?  Here’s a good explanation

Update –

LLMNR

Windows Vista and Windows Server “Longhorn” support Link-Local Multicast Name Resolution (LLMNR), which allows IPv6 hosts on a single subnet without a DNS server to resolve each other’s names. This capability is useful for single-subnet home networks and ad hoc wireless networks. Rather than unicasting a DNS query to a DNS server, LLMNR nodes send their DNS queries to a multicast address on which all the LLMNR-capable nodes of the subnet are listening. The owner of the queried name sends a unicast response. IPv4 nodes can also use LLMNR to perform local subnet name resolution without having to rely on NetBIOS over TCP/IP broadcasts.

Dawn M. Babian, GSAE
Instructor

Disabling LLMNR (Below)

Professional or Enterprise (Gpedit.msc)

Home Edition

Create a registry key as follows –

You also should go to your network adapter properties and disable all of the settings under the advanced properties such as TCP/Offload and other advanced settings.  Remember, not all adapters have advanced options – disable any settings that allow you to do so….

Disable your anti-virus and check the speed.  Is your anti-virus causing issues?

See our article –

Phrases you may hear in IT

GUI Maintenace Program for MSSQL or MYSQL

Want an excellent program to manage your MySQL server from Windows?  With MySQL, you can download MySQL Workbench.  MySQL Workbench offers great graphics on your MySQL incident and an interface that offers features such as queries and status of your server.

But what if you want to run maintenance programs such as Analyze, Backup, Check, Checksum, Optimize or to Repair your database quickly?  HeidiSQL offers dozens of features including an excellent maintenance option.  (Support for MySQL and MSSQL)

• Support for MySQL
• Support for MSSQL
• Support for PostgresSQL

Features from HeidiSQL

• Free for everyone, OpenSource since 9 years of active development.
• Connect to multiple servers in one window
• Connect to servers via commandline
• Connect via SSH tunnel, or pass SSL settings
• Create and edit tables, views, stored routines, triggers and scheduled events.
• Generate nice SQL-exports, compress these afterwards, or put them on the clipboard.
• Export from one server/database directly to another server/database
• Manage user-privileges
• Import text-files
• Export table rows as CSV, HTML, XML, SQL, LaTeX, Wiki Markup and PHP Array
• Browse and edit table-data using a comfortable grid
• Bulk edit tables (move to db, change engine, collation etc.)
• Batch-insert ascii or binary files into tables
• Write queries with customizable syntax-highlighting and code-completion
• Pretty reformat disordered SQL
• Monitor and kill client-processes
• Find specific text in all tables of all databases of one server
• Optimize and repair tables in a batch manner
• Launch a parallel mysql.exe command line window using your current connection settings

More information on MYSQL Maintenace

https://dev.mysql.com/doc/refman/5.6/en/table-maintenance-sql.html

Seizing the Operation Master Roles in Windows Server – RID issues

How to repair AD in this state (object can’t be created -users/other)

• command prompt (admin) – Type the following…
• ntdsutil
• roles
• connections
• connect to server
• quit
• seize schema master
• seize naming master
• seize RID master
• seize PDC
• seize infrastructure master

Reboot

Is your SSD or HDD dirty?

You can of course use the Windows GUI to check your SSD or HDD.  But did you know that you should check your drives by typing the following (you can copy and paste in a elevated command prompt and change switches as necessary)-

fsutil dirty query c:
fsutil dirty query c:
chkntfs c:
fsutil repair query c:
fsutil behavior set BugcheckOnCorrupt 1
fsutil repair set c: 0x01
pause

What does it look like when it is ran at an elevated command prompt?