24PinTech Wiki - User contributions [en]

DHCP

2025-10-20T17:28:26Z

Bchamberlain:

[[Category:Windows]]
=Our DHCP Setup=
Our DHCP is run on [[Odin]] and [[Friia]]. DHCP is what gives out the IP addresses to the devices on our network. Without it, we would have to use static IP addresses, or we would not be able to communicate properly. Both of the servers keep each other synced on what IP addresses have been given out to ensure there are no conflicts.
==Address Pool==
Our scope is 10.21.25.0, as that is our network. The DHCP server only distributes addresses in from 10.21.25.30 to 10.21.25.247. The rest in the network are reserved for servers and printers, or anything else that needs a static IP. The following chart represents our current setup...
{| class="wikitable"
|+Reservations
!Hostname
!IP Address
|-
|Gateway
|10.21.25.1
|-
|Valhalla
|10.21.25.2
|-
|Fenrir
|10.21.25.3
|-
|Friia
|10.21.25.4
|-
|Yggdrasil
|10.21.25.5
|-
|Odoo
|10.21.25.6
|-
|Asgard
|10.21.25.7
|-
|Heimdall
|10.21.25.8
|-
|
|10.21.25.9
|-
|TrueNAS
|10.21.25.10
|-
|Logan
|10.21.25.11
|-
|McGill
|10.21.25.12
|-
|
|10.21.25.13
|-
|Alpha
|10.21.25.14
|-
|
|10.21.25.15
|-
|Bravo
|10.21.25.16
|-
|IOlan
|10.21.25.17
|-
|OpenGear
|10.21.25.18
|-
|
|10.21.25.19
|-
|
|10.21.25.20
|-
|vMotion (Val)
|10.21.25.21
|-
|
|10.21.25.22
|-
|vMotion (Asg)
|10.21.25.23
|-
|ESXI (Echo)
|10.21.25.24
|-
|
|10.21.25.25
|-
|vSphere Rep
|10.21.25.26
|-
|
|10.21.25.27
|-
|Datacenter Switch
|10.21.25.28
|-
|FOG
|10.21.25.29
|-
|
|10.21.25.129
|-
|LaserPrint
|10.21.25.241
|-
|LaserColorPrint
|10.21.25.243
|}
==Address Leases==
These are all of the current DHCP releases that the DHCP servers have put out that are active.
==Reservations==
This is where all of our static DHCP-side reservations for our servers, printers, NAS, etc., are located. You can double click any of them to edit their specific settings.
==='''Hostname IP address'''===
LoganWeb (VM on Valhalla) 10.21.25.11

NAS 24PinTech 10.21.25.16

SC-P8000Series-2D6580 10.21.25.90

NPI7C274C (HP LaserJet P4014) 10.21.25.241

NPI82FF0E (HP Color LaserJet M553) 10.21.25.243
==Scope Options==
This is where we configure our DHCP options. To configure options that we don't already have set, right click "Scope Options" and click on "Configure Options" and configure what you need. Below are the options we already have set:

[[File:DHCP_Options.PNG]]

These options set where the computers will look for DNS, what our domain name is ([[CISCOACA.local]]) and the other options tell computers to PXE boot from [[FOG]] and configures the settings they need to boot from [[FOG]].
==Policies==
These are settings that are applied to certain devices based off of rules defined by the policy, like IP address range, vendor, etc.

The only policy we have currently configured is called UEFI, which applies to network booting via UEFI. It sets options 66 and 67 to make sure devices will boot properly off of [[FOG]]. 67 is set to ipxe.efi, and 66 is set to 10.21.25.4.
==Server Options==
This is where settings can be configured globally across the whole DHCP server. We have none of these currently configured.
==Policies (Not within scope)==
Same as above policies but global, we do not have this configured.
==Filters==
This allows you to block or allow certain MAC addresses from receiving DHCP addresses.

DHCP

2025-03-25T16:48:06Z

Bchamberlain: added Oodo

[[Category:Windows]]
=Our DHCP Setup=
Our DHCP is run on [[Odin]] and [[Friia]]. DHCP is what gives out the IP addresses to the devices on our network. Without it, we would have to use static IP addresses, or we would not be able to communicate properly. Both of the servers keep each other synced on what IP addresses have been given out to ensure there are no conflicts.
==Address Pool==
Our scope is 10.21.25.0, as that is our network. The DHCP server only distributes addresses in from 10.21.25.30 to 10.21.25.247. The rest in the network are reserved for servers and printers, or anything else that needs a static IP. The following chart represents our current setup...
{| class="wikitable"
|+Reservations
!Hostname
!IP Address
|-
|Gateway
|10.21.25.1
|-
|Valhalla
|10.21.25.2
|-
|Fenrir
|10.21.25.3
|-
|Friia
|10.21.25.4
|-
|Yggdrasil
|10.21.25.5
|-
|Odoo
|10.21.25.6
|-
|Asgard
|10.21.25.7
|-
|Heimdall
|10.21.25.8
|-
|
|10.21.25.9
|-
|TrueNAS
|10.21.25.10
|-
|Logan
|10.21.25.11
|-
|McGill
|10.21.25.12
|-
|
|10.21.25.13
|-
|Alpha
|10.21.25.14
|-
|
|10.21.25.15
|-
|Bravo
|10.21.25.16
|-
|IOlan
|10.21.25.17
|-
|OpenGear
|10.21.25.18
|-
|
|10.21.25.19
|-
|
|10.21.25.20
|-
|vMotion (Val)
|10.21.25.21
|-
|
|10.21.25.22
|-
|vMotion (Asg)
|10.21.25.23
|-
|
|10.21.25.24
|-
|
|10.21.25.25
|-
|vSphere Rep
|10.21.25.26
|-
|
|10.21.25.27
|-
|Datacenter Switch
|10.21.25.28
|-
|FOG
|10.21.25.29
|-
|
|10.21.25.129
|-
|LaserPrint
|10.21.25.241
|-
|LaserColorPrint
|10.21.25.243
|}
==Address Leases==
These are all of the current DHCP releases that the DHCP servers have put out that are active.
==Reservations==
This is where all of our static DHCP-side reservations for our servers, printers, NAS, etc., are located. You can double click any of them to edit their specific settings.
==='''Hostname IP address'''===
LoganWeb (VM on Valhalla) 10.21.25.11

NAS 24PinTech 10.21.25.16

SC-P8000Series-2D6580 10.21.25.90

NPI7C274C (HP LaserJet P4014) 10.21.25.241

NPI82FF0E (HP Color LaserJet M553) 10.21.25.243
==Scope Options==
This is where we configure our DHCP options. To configure options that we don't already have set, right click "Scope Options" and click on "Configure Options" and configure what you need. Below are the options we already have set:

[[File:DHCP_Options.PNG]]

These options set where the computers will look for DNS, what our domain name is ([[CISCOACA.local]]) and the other options tell computers to PXE boot from [[FOG]] and configures the settings they need to boot from [[FOG]].
==Policies==
These are settings that are applied to certain devices based off of rules defined by the policy, like IP address range, vendor, etc.

The only policy we have currently configured is called UEFI, which applies to network booting via UEFI. It sets options 66 and 67 to make sure devices will boot properly off of [[FOG]]. 67 is set to ipxe.efi, and 66 is set to 10.21.25.4.
==Server Options==
This is where settings can be configured globally across the whole DHCP server. We have none of these currently configured.
==Policies (Not within scope)==
Same as above policies but global, we do not have this configured.
==Filters==
This allows you to block or allow certain MAC addresses from receiving DHCP addresses.

Wazuh

2023-07-11T17:06:22Z

Bchamberlain: changed the version number of the wazuh agent

Wazuh is the SIEM software that is used to make sure that all of our computers are up to standard in terms of system health and to monitor any security events. The Wazuh server lives on Valhalla in an Ubuntu virtual machine called McGill which is named after Chuck McGill from Better Call Saul. The previous Wazuh server which was replaced due to instability was called Gustavo which was named after the manager of Los Pollos Hermanos and a kingpin in a criminal syndicate in the television series Breaking Bad. There are also agents that are deployed onto each device which collect necessary information that will be needed to make a full report on any issues that may be occurring on said system. All of the data is then processed and sent to the manager which takes all of the data and organizes it into one source. It also utilizes Elasticstack which visualizes all of the data the manager has so that everything going on in 24Pintech's systems can be monitored without much hassle.

ㅤ
== Configuring Wazuh Agents ==
=== Installation Process===
'''Wazuh Agent''' '''Windows Configuration'''

If you need to the Wazuh agent can be downloaded from [https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-windows.html https://documentation.wazuh.com/current/installation-guide]
* Get Wazuh running on a computer that already has it installed
# Open command prompt ('''admin''')
# Run the command below
# <code>'''"C:\Program Files (x86)\ossec-agent\agent-auth.exe" -m 10.21.25.12 -P password'''</code>
# If this command worked you are done. If this command fails you need to remove the agent from the list.
* Get Wazuh running on a 24pintech computer that does not have it installed
# In file explorer navigate to Cisco Curriculum in Midgard (Q:)
# Copy the Deployed Applications folder and paste it in C:
# Change the folder name to DeployedApplications
#Run Windows PowerShell as '''ADMIN'''
# Enter: <code>'''cd c:\DeployedApplications'''</code>
# Enter the command: <code>'''.\wazuh-agent-4.4.1-1.msi /q WAZUH_MANAGER="10.21.25.12" WAZUH_REGISTRATION_SERVER="10.21.25.12" WAZUH_REGISTRATION_PASSWORD="password"'''</code>
'''Wazuh Agent''' '''Mac Configuration'''
* Log in to the computer with the '''24pintech''' account. You may also open this wiki page on that computer to copy and paste commands.

* Open a terminal window and install Wazuh agent using this command: <code>'''curl -so wazuh-agent-4.3.9.pkg <nowiki>https://packages.wazuh.com/4.x/macos/wazuh-agent-4.3.9-1.pkg</nowiki> && sudo launchctl setenv WAZUH_MANAGER '10.21.25.12' && sudo installer -pkg ./wazuh-agent-4.3.9.pkg -target /'''</code> (If prompted, use the 24pintech account password to finish the installation)
* Run this command to start Wazuh: '''<code>sudo /Library/Ossec/bin/wazuh-control start</code>'''
* Verify that the agent has been added in wazuh after refreshing the page.
[[File:Image.png|thumb|This is the menu, also known as the agent manager that opens when you insert <code>'''/var/ossec/bin/manage_agents'''</code>]]
'''Wazuh Agent Manager'''

Running this command will open the menu to add, remove, and edit agents (see picture on the right)

<code>'''/var/ossec/bin/manage_agents'''</code>
* '''Add an agent (A)'''
By entering "A" you can add an agent to the list. All you need is to input the name of the computer you want to add and the computers IP address.
* '''Extract key for an agent (E)'''
By entering "E" you can get a new key for an agent. All you need is to input the ID number of the agent. This can be done to help get a new key however this is likely unnecessary as you just need to run one command from command prompt on the agent you are trying to give a key to. (See "'''Wazuh Agent Windows Configuration'''")
* '''List already added agents (L)'''
By entering "L" you can view a list of every agent and that agents ID number. This can also be viewed from the Wazuh manager page in more detail however this is often a very convenient command when you need to check the list for one agent.
* '''Remove an agent (R)'''
By entering "R" you can remove an agent from the manager by entering the agents ID number. This is useful to remove agents we do not need or to remove faulty agents to fix them and get them running properly.
* '''Quit (Q)'''
By entering "Q" or alternatively "Quagmire" you can close the menu and return to the normal terminal screen.
== Monitoring Wazuh ==
===How to Monitor===
There is a lot of information present on the manager page with details on everything connected. Mainly, all the information that will want to be looked at is present on the Security Events, Integrity Monitoring, Agents, and Manager tabs for the information that we will be troubleshooting and coming up with solutions for. The main thing that will need to be looked for are going to be any failures seen on one of the servers or workstations. You will also want to look at the agents connected to see if things are in order or not with connection to the manager. Another thing would be vulnerabilities detected by the manager within our systems and note what kind of vulnerability that it is. The processes being made will also be something that needs to be monitored for any issues on the systems.
===What to look for===
====='''Modules'''=====
*
'''Security information management'''
*Security Events
**Alerts - This will be the main place to look for all of the systems current events taking place as far back as you need to. This will go over any login failures, malware, or anything of that nature will be viewed here across all agents. The key to looking at this all is section through the level of alert going from 1 - 12 with each increase in level being a higher alert that needs to be looked at. Anything above 7 will typically be what is unwanted unless another technician is performing a task that is causing said alerts. Take the proper steps as listed within the policy when any alert is worth being taken to the higher ups for proper handling.
'''Auditing and Policy Monitoring'''
*Security Configuration Assessments
**Here will be the most important place to look as you will need to monitor for any faults detected in the system's security. One of each device (All servers need to be checked) and then you as a tech will need to research into the issue if it is important. If there is a major security issue then this can be dealt with either by informing a higher up and getting the all clear to fix it, or if you are already in charge of fixing the security of the systems.
====='''''Management'''''=====
'''Administration'''
*This will probably be the most unused section of the SIEM, but if multiple technicians ever take it on then here is where all accounts would be managed depending on the trust within that technician, so restrictions can be set to ensure that all users have the correct access on the server, ensuring that nothing will be used against policy. This is also where rules will be configured for the nodes and clusters mainly for what will be showed on the virtual machine
'''Status and Reports'''
*This is where you will be able to generate a status report of the SIEM as well as seeing the status of each manager/cluster. By generating a report you will be given a detailed pdf of everything that has been logged for when you set it and you will be able to go over it and see anything that sticks out instead of having to check each individual module on the SIEM. You will also view the cluster health by seeing if one of the nodes has gone down and needs to be repaired to get it in working order once more.
====='''Agent'''=====
*Any and all issues that are had within the agent monitoring page can be checked for in the troubleshooting section of the [[SIEM: Configuration|SIEM: Configuration wiki page]].
'''Active'''
*Here you will be looking for any and all agents connected to the SIEM. You will look here for any newly added agents that are supposed to be there as well as if they have properly connected.
'''Disconnected'''
*You will look here to see if any important agents such as the servers are disconnected due to it being turned off or if it has been inactive for quite a while as they may need to be reset which can be done in many ways.
'''Never connected'''
*This will be used to check for any agents that have been connected improperly due to human error or any oversight that had happened during the configuration. If this happens to occur then some of the issues with the setup of an agent should be able to be fixed by viewing previous troubleshooting, but if the issue is unknown, then consult either the Wazuh documentation or a manager.
===Reporting===
[[File:Email.png|thumb|Config for email|294x294px]][[File:Report.png|thumb|Config for reports|277x277px]]Reports from the manager can be set up to email the information directly to us. In order to do this the '''Ossec.conf file''' needs to be edited to set up automatic reports by using the command With this you can choose who will receive it, the frequency of emails, and the level of alert it will send an email for once your information is filled into the box. Once you have made it in there will be a section to input a sending email and the recipient email, whatever your purpose is for receiving the email will most likely be for the higher alerts that need fixing immediately.
This is the command needed to access the ossec.conf file on the virtual machine.

<code>sudo nano /var/ossec/etc/ossec.conf</code>

'''''Warning: Configuring the Ossec.Conf file on either of the nodes or the server web page can lead to the server malfunctioning. Make sure you know exactly what you are doing and you have a backup ready before changing anything.'''''
== Creating a new Wazuh Server ==
For whatever reason we may need to make a new Wazuh server. This could be due to the system breaking and we are unable to fix it or maybe the server starts to have problems over time and needs to be rebuilt to get rid of any bugs. Creating a new server sounds like it would be tough but it is actually ridiculously easy and simple. The steps for creating a new Wazuh server only consist of making a new VM running Ubuntu Linux and to run a handful of easy commands that do not require any Linux knowledge. After this all of the agents that were connected to the previous server will automatically transfer over to the new server.
==== Step 1: Create a new server ====
Create the new server in ESXi for Wazuh to run on. '''''Note that you should have approval from a leader of the systems team or Chamberlain before you make a new server.'''''
# First you need to name the server. All Wazuh servers are to be named after Breaking Bad/Better Call Saul characters. Currently we have already decided that if McGill ever needs to be replaced the server that fills its place should be named Schrader.
#Give it 4-8 CPU cores, 8 Gb of ram, and 250 Gb of storage.
#Put Desktop Ubuntu on the virtual machine. You will likely be using version 22.04 which is already on the 24PinTech shared storage however you should search and verify that this is still the recommended version of Linux. You should also use Desktop Ubuntu rather than Server Ubuntu because you lose a lot of functionality that is key to running Wazuh effectively if you use Server Ubuntu.
#Set up Linux on the image by simply going through the setup. Be sure to read what you are doing and do not just click through it.
[[File:Wired Settings Config.png|thumb|Settings for IPv4]]
==== Step 2: Install Wazuh ====
'''''Note: You may open this wiki page on the server using Firefox and copy and paste commands instead of typing them manually.'''''
# In a terminal window type this command: <code>'''sudo curl -sO <nowiki>https://packages.wazuh.com/4.4/wazuh-install.sh</nowiki> && sudo bash ./wazuh-install.sh -a'''</code>
# You will likely need to wait 5-15 minutes or potentially longer for this command to run. Just be patient.
==== Step 3: Change the password ====
# Enter this command: <code>'''sudo curl -so wazuh-passwords-tool.sh <nowiki>https://packages.wazuh.com/4.4/wazuh-passwords-tool.sh</nowiki>'''</code>
# Enter this command and '''change the text in the brackets to the chosen password''': <code>'''sudo bash wazuh-passwords-tool.sh -u admin -p [PASSWORD]'''</code>
==== Step 4: Change the IP ====
# Open the menu in the top right of the screen. Go to Wired Connected and then open Wired Settings. Click on the gear on the Connected option and go to IPv4.
#Set the '''IPv4 Method''' to '''Manual'''. You will now need to set the Address to "'''10.21.25.12'''". You must use this IP for all of the agents to automatically connect to your new server. Set the Netmask to "'''255.255.255.0'''". Set the gateway to "'''10.21.25.1'''". Set the DNS to "'''10.21.25.3, 10.21.25.4'''". To the right there is a picture of how the settings should look to use as a reference. Everything should be exactly the same. Once you are done hit '''Apply''' in the top right.
#On the previous screen turn '''Connected''' off and then back on. This should have applied the settings from last step.
==== Step 5: Verify Connectivity ====
# Go to the Wazuh servers web page. To access it enter '''<nowiki>https://10.21.25.12</nowiki>''' into your search bar.
# For the username ender "'''admin'''" and for the password type in what you set the password as in step 3. You should now have access to the dashboard.
# Check to see if agents are connecting. If agents have connected you are done with the installation process and are now ready to begin monitoring.
==== Troubleshooting: ====
Type in the command <code>'''sudo apt install net-tools'''</code> and now enter the command <code>'''ifconfig'''</code> to see the IP. If the IP is anything besides '''10.21.25.12''' then you messed up in step 4. If necessary you can google a different tutorial in changing the IP online that may be more in depth.
#

#
== Wazuh Commands: ==
====Agent Config (Agent Side). ====
* <code>'''net stop wazuh'''</code>
** Stops Wazuh
* <code>'''net start wazuh'''</code>
** Starts Wazuh
* <code>'''Restart-Service -Name wazuh'''</code>
*<code>'''systemctl restart wazuh-manager'''</code>
** Restarts Wazuh manager (This command sometimes entirely breaks Wazuh beyond repair. Be sure you have a snapshot before running this command)
* <code>'''"C:\Program Files (x86)\ossec-agent\agent-auth.exe" -m 10.21.25.12 -P password'''</code>
** Obtains a new key and activates an agent
==== Agent Config (Server Side)====
* <code>'''/var/ossec/bin/manage_agents'''</code>
** Opens agent manager. More info on the manager under "'''Wazuh Agent Manager'''"
====Server Config - Nano====
* <code>'''systemctl start/status/stop/restart wazuh-manager'''</code>
* <code>'''/usr/share/kibana/data/wazuh/config/wazuh.yml'''</code>
* <code>'''/var/ossec/etc/shared/dbms/agent.conf'''</code>
* <code>'''/var/ossec/etc/ossec.conf'''</code>
* <code>'''/etc/filebeat/filebeat.yml'''</code>
* <code>'''/etc/kibana/kibana.yml'''</code>
* <code>'''/var/ossec/bin/wazuh-control -j info'''</code>
* <code>'''/var/ossec/logs/active-responses.log'''</code>

Wiki Management

2023-05-10T18:43:08Z

Bchamberlain: Added sidebar editing

==Introduction==
Managing the Wiki is pretty straightforward. This article is only for the specific tasks that you might find yourself doing as a webmaster. Anything else that you'd need to do for the Wiki can easily be found on Google, as the MediaWiki foundation has thoroughly documented their everything that you could possibly need to know. Because of this, this page is probably going to end up being pretty short.

[[File:Create account.png|left|thumb|screenshot of Special:CreateAccount]]

==Creating Users==
To create an account, go to the [[Special:CreateAccount|Create account]] page listed under [[Special:SpecialPages|Special Pages]]. If the page doesn't show, it's because your account does not have the proper role, must be an administrator or bureaucrat to create users. Refer to the next section to learn how to do this.

When you're creating an account, make sure that you check <code>Use a temporary random password and send it to the specified email address</code>. This lets the user set their own password without having to do it at your workstation, and they also are entering their email address in so that in the event that they forget their password they can reset it. If you're not using the <code>first initial + last name</code> format for usernames, putting their real name in the <code>Real name</code> field is a good idea.
[[File:User rights.png|thumb|screenshot of Special:UserRights]]

==Assigning Roles==
Just like creating an account, assigning roles is also easy. Navigate to the [[Special:UserRights|User rights]] page, enter a username, and assign the roles that you'd like that person to have. This will not work if your account doesn't have the bureaucrat role.

== Editing the Sidebar ==
To edit the sidebar you simply search for the following page - MediaWiki:Sidebar. It will bring up the following page. You can then edit the page to fit the specification you need in the sidebar.
[[File:Sidebar.png|center|thumb|Sidebar page]]

File:Sidebar.png

2023-05-10T18:38:05Z

Bchamberlain:

sidebar

Wazuh

2022-11-03T18:56:53Z

Bchamberlain:

Wazuh is the SIEM software that is used to make sure that all of our computers are up to standard in terms of system health and to monitor any security events. The Wazuh server lives on Valhalla in an Ubuntu virtual machine named Sleipnir. There are also agents that are deployed onto each device which collect necessary information that will be needed to make a full report on any issues that may be occurring on said system. All of the data is then processed and sent to the manager which takes all of the data and organizes it into one source. It also utilizes Elasticstack which visualizes all of the data the manager has so that everything going on in 24Pintech's systems can be monitored without much hassle.

ㅤ

== Configuring Wazuh ==

=== Installation Process===
===='''Wazuh Manager''' ====
The manger can either be installed as a all in-one or distributed deployment. The deployment that has been used is all in-one which has all of the components of Wazuh installed onto the server, Sleipnir, through Ubuntu. Each of the components gets installed through the use of a [https://documentation.wazuh.com/current/installation-guide/open-distro/all-in-one-deployment/unattended-installation.html script] in terminal in order to make the process efficient. Once the script has finished installing all of the packages for the software, the manager can be accessed the web by typing in the IP address of system that the manager was installed on into the search bar '''(https://<manager ip>)'''. Once that is done, you will be taken to the manager page and type in the user name and password, then all of the information on the systems added can be viewed.

'''Wazuh Agent''' '''Windows Configuration'''

* Get Wazuh running on a computer that already has it installed
# Open command prompt ('''admin''')
# Run the command below
# <code>'''"C:\Program Files (x86)\ossec-agent\agent-auth.exe" -m 10.21.25.12 -P password'''</code>
# If this command worked you are done. If this command fails you need to remove the agent from the list.

* Get Wazuh running on a computer that does not have it installed

# In file explorer navigate to Cisco Curriculum in Midgard (Q:)
# Copy the Deployed Applications folder and paste it in C:
# Change the folder name to DeployedApplications
#Run Windows PowerShell as '''ADMIN'''
# Enter: <code>cd c:\DeployedApplications</code>
# Enter the command: <code>.\wazuh-agent-4.2.5-1.msi /q WAZUH_MANAGER="10.21.25.12" WAZUH_REGISTRATION_SERVER="10.21.25.12" WAZUH_REGISTRATION_PASSWORD="password"</code>

'''Wazuh Agent''' '''Mac Configuration'''

When installing on a mac, once the package is installed, configure it to whatever drive it will be on and make sure to keep the package after the installation of the agent is complete. When that is finished, check the library to see if the '''Ossec file''' for the agent is there to ensure it has been installed properly. After that you will then open up terminal and run the command down below to register the agent with the manager. Then you will be able to run the command to start the agent and it will automatically relay the data to the manager. If the start up of the agent fails or the agent is shown as never connected on the manager page, make sure that the manger IP is set correctly in the '''ossec.conf''' '''file''' as well as the protocol if the manager IP is correct.*Install the package if not installed already.
*Find the mac version of Wazuh ('''Note: The Macs are very weird to work with and there are plenty of common errors.)'''
*#Go to [https://documentation.wazuh.com/current/installation-guide/packages-list.html#macos this link] and install the correct OS (Mac OS) and version.
*#Open the file and run it. Hit continue for all fields.
*#Open terminal. If it is not on the taskbar go to appfinder>applications>the utilities folder>terminal to access it.
*#Run this command <code>sudo /Library/Ossec/bin/agent-auth -m 10.21.25.12</code> ('''Note: If this fails try using the next command''')
*#If the command from above is asking for a password try running this command <code>sudo /Library/Ossec/bin/agent-auth -m 10.21.25.12 -P password</code>
*#Check if your agent came online. If so you are done. If not follow the steps under whichever bullet point applies to you

* '''''If you were prompted that the agent was added follow these steps'''''
*#Run this command <code>sudo /Library/Ossec/bin/wazuh-control start</code>
*#Verify that the mac is running and is connected. Check the never connected tab

* '''''If you were prompted that there is a duplicate agent follow these steps'''''
*# Remove the agent through ESXI. Look under '''Wazuh Agent Manager''' for steps to do this.
*# Try running the command from step 4. ('''Note: If the command didnt work for you when you tried it then use the one from step 5''')

'''There are many issues we may have. Here is what to do if the agent cannot connect to the manager'''
* Add the manager IP through the ossec config file
*#Access the terminal using the instructions from step 3 of the setup.
*#Use the command “sudo nano /Library/Ossec/etc/ossec.conf”. If you are not familiar with NANO go [https://www.unomaha.edu/college-of-information-science-and-technology/computer-science-learning-center/_files/resources/CSLC-Helpdocs-Nano.pdf here]
*#Once in the config file navigate down to the manager ip line using the arrow keys.
*# Change the “MANAGER_ IP” address to “10.21.25.12” if it is not already.
*#Make sure that it is using “TCP” for the protocol.
*#Save any changes made to the file by holding CTRL X and then pressing enter twice.

*Restart the agent
*#Using the terminal again, run the command “Sudo /Library/Ossec/bin/ossec-control restart”.
*#Make sure the agent is registered.[[File:Image.png|thumb|This is the menu, also known as the agent manager that opens when you insert <code>'''/var/ossec/bin/manage_agents'''</code>]]
'''Wazuh Agent Manager'''

Running this command will open the menu to add, remove, and edit agents (see picture on the right)

<code>'''/var/ossec/bin/manage_agents'''</code>

* '''Add an agent (A)'''
By entering "A" you can add an agent to the list. All you need is to input the name of the computer you want to add and the computers IP address.
* '''Extract key for an agent (E)'''
By entering "E" you can get a new key for an agent. All you need is to input the ID number of the agent. This can be done to help get a new key however this is likely unnecessary as you just need to run one command from command prompt on the agent you are trying to give a key to. (See "'''Wazuh Agent Windows Configuration'''")
* '''List already added agents (L)'''
By entering "L" you can view a list of every agent and that agents ID number. This can also be viewed from the Wazuh manager page in more detail however this is often a very convenient command when you need to check the list for one agent.
* '''Remove an agent (R)'''
By entering "R" you can remove an agent from the manager by entering the agents ID number. This is useful to remove agents we do not need or to remove faulty agents to fix them and get them running properly.

* '''Quit (Q)'''

By entering "Q" you can close the menu and return to the normal terminal screen.

== Monitoring Wazuh ==

===How to Monitor===
There is a lot of information present on the manager page with details on everything connected. Mainly, all the information that will want to be looked at is present on the Security Events, Integrity Monitoring, Agents, and Manager tabs for the information that we will be troubleshooting and coming up with solutions for. The main thing that will need to be looked for are going to be any failures seen on one of the servers or workstations. You will also want to look at the agents connected to see if things are in order or not with connection to the manager. Another thing would be vulnerabilities detected by the manager within our systems and note what kind of vulnerability that it is. The processes being made will also be something that needs to be monitored for any issues on the systems.
===What to look for===
====='''Modules'''=====
*
'''Security information management'''
*Security Events
**Alerts - This will be the main place to look for all of the systems current events taking place as far back as you need to. This will go over any login failures, malware, or anything of that nature will be viewed here across all agents. The key to looking at this all is section through the level of alert going from 1 - 12 with each increase in level being a higher alert that needs to be looked at. Anything above 7 will typically be what is unwanted unless another technician is performing a task that is causing said alerts. Take the proper steps as listed within the policy when any alert is worth being taken to the higher ups for proper handling.
'''Auditing and Policy Monitoring'''
*Security Configuration Assessments
**Here will be the most important place to look as you will need to monitor for any faults detected in the system's security. One of each device (All servers need to be checked) and then you as a tech will need to research into the issue if it is important. If there is a major security issue then this can be dealt with either by informing a higher up and getting the all clear to fix it, or if you are already in charge of fixing the security of the systems.
====='''''Management'''''=====
'''Administration'''
*This will probably be the most unused section of the SIEM, but if multiple technicians ever take it on then here is where all accounts would be managed depending on the trust within that technician, so restrictions can be set to ensure that all users have the correct access on the server, ensuring that nothing will be used against policy. This is also where rules will be configured for the nodes and clusters mainly for what will be showed on the virtual machine
'''Status and Reports'''
*This is where you will be able to generate a status report of the SIEM as well as seeing the status of each manager/cluster. By generating a report you will be given a detailed pdf of everything that has been logged for when you set it and you will be able to go over it and see anything that sticks out instead of having to check each individual module on the SIEM. You will also view the cluster health by seeing if one of the nodes has gone down and needs to be repaired to get it in working order once more.
====='''Agent'''=====
*Any and all issues that are had within the agent monitoring page can be checked for in the troubleshooting section of the [[SIEM: Configuration|SIEM: Configuration wiki page]].
'''Active'''
*Here you will be looking for any and all agents connected to the SIEM. You will look here for any newly added agents that are supposed to be there as well as if they have properly connected.
'''Disconnected'''
*You will look here to see if any important agents such as the servers are disconnected due to it being turned off or if it has been inactive for quite a while as they may need to be reset which can be done in many ways.
'''Never connected'''
*This will be used to check for any agents that have been connected improperly due to human error or any oversight that had happened during the configuration. If this happens to occur then some of the issues with the setup of an agent should be able to be fixed by viewing previous troubleshooting, but if the issue is unknown, then consult either the Wazuh documentation or a manager.
===Reporting===
[[File:Email.png|thumb|Config for email|294x294px]][[File:Report.png|thumb|Config for reports|277x277px]]Reports from the manager can be set up to email the information directly to us. In order to do this the '''Ossec.conf file''' needs to be edited to set up automatic reports by using the command With this you can choose who will receive it, the frequency of emails, and the level of alert it will send an email for once your information is filled into the box. Once you have made it in there will be a section to input a sending email and the recipient email, whatever your purpose is for receiving the email will most likely be for the higher alerts that need fixing immediately.

This is the command needed to access the ossec.conf file on the virtual machine.

<code>sudo nano /var/ossec/etc/ossec.conf</code>

'''''Warning: Configuring the Ossec.Conf file on either of the nodes or the server web page can lead to the server malfunctioning. Make sure you know exactly what you are doing and/or you have a backup ready before changing anything.'''''

== Wazuh Commands: ==

====Agent Config (Agent Side)====

* <code>'''net stop wazuh'''</code>
** Stops Wazuh
* <code>'''net start wazuh'''</code>
** Starts Wazuh
* <code>'''Restart-Service -Name wazuh'''</code>
*<code>'''systemctl restart wazuh-manager'''</code>
** Restarts Wazuh manager
* <code>'''"C:\Program Files (x86)\ossec-agent\agent-auth.exe" -m 10.21.25.12 -P password'''</code>
** Obtains a new key and activates an agent
==== Agent Config (Server Side)====

* <code>'''/var/ossec/bin/manage_agents'''</code>
** Opens agent manager. More info on the manager under "'''Wazuh Agent Manager'''"

====Server Config - Nano====

* <code>'''systemctl start/status/stop/restart wazuh-manager'''</code>
* <code>'''/usr/share/kibana/data/wazuh/config/wazuh.yml'''</code>
* <code>'''/var/ossec/etc/shared/dbms/agent.conf'''</code>
* <code>'''/var/ossec/etc/ossec.conf'''</code>
* <code>'''/etc/filebeat/filebeat.yml'''</code>
* <code>'''/etc/kibana/kibana.yml'''</code>
* <code>'''/var/ossec/bin/wazuh-control -j info'''</code>
* <code>'''/var/ossec/logs/active-responses.log'''</code>

Wazuh

2022-11-03T18:56:34Z

Bchamberlain:

Wazuh is the SIEM software that is used to make sure that all of our computers are up to standard in terms of system health and to monitor any security events. The Wazuh server lives on Valhalla in an Ubuntu virtual machine named Sleipnir. There are also agents that are deployed onto each device which collect necessary information that will be needed to make a full report on any issues that may be occurring on said system. All of the data is then processed and sent to the manager which takes all of the data and organizes it into one source. It also utilizes Elasticstack which visualizes all of the data the manager has so that everything going on in 24Pintech's systems can be monitored without much hassle.

ㅤ

== Configuring Wazuh ==

=== Installation Process===
===='''Wazuh Manager''' ====
The manger can either be installed as a all in-one or distributed deployment. The deployment that has been used is all in-one which has all of the components of Wazuh installed onto the server, Sleipnir, through Ubuntu. Each of the components gets installed through the use of a [https://documentation.wazuh.com/current/installation-guide/open-distro/all-in-one-deployment/unattended-installation.html script] in terminal in order to make the process efficient. Once the script has finished installing all of the packages for the software, the manager can be accessed the web by typing in the IP address of system that the manager was installed on into the search bar '''(https://<manager ip>)'''. Once that is done, you will be taken to the manager page and type in the user name and password, then all of the information on the systems added can be viewed.

'''Wazuh Agent''' '''Windows Configuration'''

* Get Wazuh running on a computer that already has it installed
# Open command prompt ('''admin''')
# Run the command below
# <code>'''"C:\Program Files (x86)\ossec-agent\agent-auth.exe" -m 10.21.25.12 -P password'''</code>
# If this command worked you are done. If this command fails you need to remove the agent from the list.

* Get Wazuh running on a computer that does not have it installed

# In file explorer navigate to Cisco Curriculum in Midgard (Q:)
# Copy the Deployed Applications folder and paste it in C:
# Change the folder name to DeployedApplications
# Note that there is likely another folder called DeployedApplications. Be sure not to get them mixed up when renaming the folder
#Run Windows PowerShell as '''ADMIN'''
# Enter: <code>cd c:\DeployedApplications</code>
# Enter the command: <code>.\wazuh-agent-4.2.5-1.msi /q WAZUH_MANAGER="10.21.25.12" WAZUH_REGISTRATION_SERVER="10.21.25.12" WAZUH_REGISTRATION_PASSWORD="password"</code>

'''Wazuh Agent''' '''Mac Configuration'''

When installing on a mac, once the package is installed, configure it to whatever drive it will be on and make sure to keep the package after the installation of the agent is complete. When that is finished, check the library to see if the '''Ossec file''' for the agent is there to ensure it has been installed properly. After that you will then open up terminal and run the command down below to register the agent with the manager. Then you will be able to run the command to start the agent and it will automatically relay the data to the manager. If the start up of the agent fails or the agent is shown as never connected on the manager page, make sure that the manger IP is set correctly in the '''ossec.conf''' '''file''' as well as the protocol if the manager IP is correct.*Install the package if not installed already.
*Find the mac version of Wazuh ('''Note: The Macs are very weird to work with and there are plenty of common errors.)'''
*#Go to [https://documentation.wazuh.com/current/installation-guide/packages-list.html#macos this link] and install the correct OS (Mac OS) and version.
*#Open the file and run it. Hit continue for all fields.
*#Open terminal. If it is not on the taskbar go to appfinder>applications>the utilities folder>terminal to access it.
*#Run this command <code>sudo /Library/Ossec/bin/agent-auth -m 10.21.25.12</code> ('''Note: If this fails try using the next command''')
*#If the command from above is asking for a password try running this command <code>sudo /Library/Ossec/bin/agent-auth -m 10.21.25.12 -P password</code>
*#Check if your agent came online. If so you are done. If not follow the steps under whichever bullet point applies to you

* '''''If you were prompted that the agent was added follow these steps'''''
*#Run this command <code>sudo /Library/Ossec/bin/wazuh-control start</code>
*#Verify that the mac is running and is connected. Check the never connected tab

* '''''If you were prompted that there is a duplicate agent follow these steps'''''
*# Remove the agent through ESXI. Look under '''Wazuh Agent Manager''' for steps to do this.
*# Try running the command from step 4. ('''Note: If the command didnt work for you when you tried it then use the one from step 5''')

'''There are many issues we may have. Here is what to do if the agent cannot connect to the manager'''
* Add the manager IP through the ossec config file
*#Access the terminal using the instructions from step 3 of the setup.
*#Use the command “sudo nano /Library/Ossec/etc/ossec.conf”. If you are not familiar with NANO go [https://www.unomaha.edu/college-of-information-science-and-technology/computer-science-learning-center/_files/resources/CSLC-Helpdocs-Nano.pdf here]
*#Once in the config file navigate down to the manager ip line using the arrow keys.
*# Change the “MANAGER_ IP” address to “10.21.25.12” if it is not already.
*#Make sure that it is using “TCP” for the protocol.
*#Save any changes made to the file by holding CTRL X and then pressing enter twice.

*Restart the agent
*#Using the terminal again, run the command “Sudo /Library/Ossec/bin/ossec-control restart”.
*#Make sure the agent is registered.[[File:Image.png|thumb|This is the menu, also known as the agent manager that opens when you insert <code>'''/var/ossec/bin/manage_agents'''</code>]]
'''Wazuh Agent Manager'''

Running this command will open the menu to add, remove, and edit agents (see picture on the right)

<code>'''/var/ossec/bin/manage_agents'''</code>

* '''Add an agent (A)'''
By entering "A" you can add an agent to the list. All you need is to input the name of the computer you want to add and the computers IP address.
* '''Extract key for an agent (E)'''
By entering "E" you can get a new key for an agent. All you need is to input the ID number of the agent. This can be done to help get a new key however this is likely unnecessary as you just need to run one command from command prompt on the agent you are trying to give a key to. (See "'''Wazuh Agent Windows Configuration'''")
* '''List already added agents (L)'''
By entering "L" you can view a list of every agent and that agents ID number. This can also be viewed from the Wazuh manager page in more detail however this is often a very convenient command when you need to check the list for one agent.
* '''Remove an agent (R)'''
By entering "R" you can remove an agent from the manager by entering the agents ID number. This is useful to remove agents we do not need or to remove faulty agents to fix them and get them running properly.

* '''Quit (Q)'''

By entering "Q" you can close the menu and return to the normal terminal screen.

== Monitoring Wazuh ==

===How to Monitor===
There is a lot of information present on the manager page with details on everything connected. Mainly, all the information that will want to be looked at is present on the Security Events, Integrity Monitoring, Agents, and Manager tabs for the information that we will be troubleshooting and coming up with solutions for. The main thing that will need to be looked for are going to be any failures seen on one of the servers or workstations. You will also want to look at the agents connected to see if things are in order or not with connection to the manager. Another thing would be vulnerabilities detected by the manager within our systems and note what kind of vulnerability that it is. The processes being made will also be something that needs to be monitored for any issues on the systems.
===What to look for===
====='''Modules'''=====
*
'''Security information management'''
*Security Events
**Alerts - This will be the main place to look for all of the systems current events taking place as far back as you need to. This will go over any login failures, malware, or anything of that nature will be viewed here across all agents. The key to looking at this all is section through the level of alert going from 1 - 12 with each increase in level being a higher alert that needs to be looked at. Anything above 7 will typically be what is unwanted unless another technician is performing a task that is causing said alerts. Take the proper steps as listed within the policy when any alert is worth being taken to the higher ups for proper handling.
'''Auditing and Policy Monitoring'''
*Security Configuration Assessments
**Here will be the most important place to look as you will need to monitor for any faults detected in the system's security. One of each device (All servers need to be checked) and then you as a tech will need to research into the issue if it is important. If there is a major security issue then this can be dealt with either by informing a higher up and getting the all clear to fix it, or if you are already in charge of fixing the security of the systems.
====='''''Management'''''=====
'''Administration'''
*This will probably be the most unused section of the SIEM, but if multiple technicians ever take it on then here is where all accounts would be managed depending on the trust within that technician, so restrictions can be set to ensure that all users have the correct access on the server, ensuring that nothing will be used against policy. This is also where rules will be configured for the nodes and clusters mainly for what will be showed on the virtual machine
'''Status and Reports'''
*This is where you will be able to generate a status report of the SIEM as well as seeing the status of each manager/cluster. By generating a report you will be given a detailed pdf of everything that has been logged for when you set it and you will be able to go over it and see anything that sticks out instead of having to check each individual module on the SIEM. You will also view the cluster health by seeing if one of the nodes has gone down and needs to be repaired to get it in working order once more.
====='''Agent'''=====
*Any and all issues that are had within the agent monitoring page can be checked for in the troubleshooting section of the [[SIEM: Configuration|SIEM: Configuration wiki page]].
'''Active'''
*Here you will be looking for any and all agents connected to the SIEM. You will look here for any newly added agents that are supposed to be there as well as if they have properly connected.
'''Disconnected'''
*You will look here to see if any important agents such as the servers are disconnected due to it being turned off or if it has been inactive for quite a while as they may need to be reset which can be done in many ways.
'''Never connected'''
*This will be used to check for any agents that have been connected improperly due to human error or any oversight that had happened during the configuration. If this happens to occur then some of the issues with the setup of an agent should be able to be fixed by viewing previous troubleshooting, but if the issue is unknown, then consult either the Wazuh documentation or a manager.
===Reporting===
[[File:Email.png|thumb|Config for email|294x294px]][[File:Report.png|thumb|Config for reports|277x277px]]Reports from the manager can be set up to email the information directly to us. In order to do this the '''Ossec.conf file''' needs to be edited to set up automatic reports by using the command With this you can choose who will receive it, the frequency of emails, and the level of alert it will send an email for once your information is filled into the box. Once you have made it in there will be a section to input a sending email and the recipient email, whatever your purpose is for receiving the email will most likely be for the higher alerts that need fixing immediately.

This is the command needed to access the ossec.conf file on the virtual machine.

<code>sudo nano /var/ossec/etc/ossec.conf</code>

'''''Warning: Configuring the Ossec.Conf file on either of the nodes or the server web page can lead to the server malfunctioning. Make sure you know exactly what you are doing and/or you have a backup ready before changing anything.'''''

== Wazuh Commands: ==

====Agent Config (Agent Side)====

* <code>'''net stop wazuh'''</code>
** Stops Wazuh
* <code>'''net start wazuh'''</code>
** Starts Wazuh
* <code>'''Restart-Service -Name wazuh'''</code>
*<code>'''systemctl restart wazuh-manager'''</code>
** Restarts Wazuh manager
* <code>'''"C:\Program Files (x86)\ossec-agent\agent-auth.exe" -m 10.21.25.12 -P password'''</code>
** Obtains a new key and activates an agent
==== Agent Config (Server Side)====

* <code>'''/var/ossec/bin/manage_agents'''</code>
** Opens agent manager. More info on the manager under "'''Wazuh Agent Manager'''"

====Server Config - Nano====

* <code>'''systemctl start/status/stop/restart wazuh-manager'''</code>
* <code>'''/usr/share/kibana/data/wazuh/config/wazuh.yml'''</code>
* <code>'''/var/ossec/etc/shared/dbms/agent.conf'''</code>
* <code>'''/var/ossec/etc/ossec.conf'''</code>
* <code>'''/etc/filebeat/filebeat.yml'''</code>
* <code>'''/etc/kibana/kibana.yml'''</code>
* <code>'''/var/ossec/bin/wazuh-control -j info'''</code>
* <code>'''/var/ossec/logs/active-responses.log'''</code>

Bradley Chamberlain

2022-09-22T14:53:38Z

Bchamberlain:

== About ==
[[File:Bradley1.jpg|thumb]]
The god of creation and ending. . Bradley Chamberlain is the man who has founded 24PinTechnologies with his own bare two hands, and single-handedly became a legend among former gods, he has dethroned every god known to man and has become something inevitable. Bradley Chamberlain.

== Origin ==
It all began on November 1st, 1967. The man who will destroy anything and everything was born. Not much is known about Bradley's childhood life, but many speculate that Bradley Chamberlain lead a normal childhood life. In Bradley's young adult life, he engaged in the playing of a sport. That sports name would happen to be foosball... and it would change his life forever.

== Foosball era (appx. 1986-1994) ==
Bradley Chamberlain had taken a keen interest to Foosball. This is the first thing in Bradley's life that makes since to him, and allows him to truly be ''free''. One occasion during these Foosball days, appx. 1989, Bradley had come in contact with a very import man in the tech industry, a ''god'' named Scott Manchester. This Deity, ''Scott Manchester'' had challenged everyone in the establishment to a duel in Foosball. Scott had claimed that there was no one in the world who could dethrone Scott as the Foosball champion, and the ''Digital Deity™''. Scott had caused a riot. "''hmm, what's this?''" Bradley curiously denounced. Bradley took a look around to see everyone going crazy over something, but what? People stared cheering, "'''Di-gi-tal De-i-ty, Di-gi-tal De-i-ty'''". This chant piqued Bradley's interest. Bradley located the source of the chanting, the stage. Bradley walked up to the stage and challenged Scott Manchester to a Foosball duel to the death.

=== The rise of a legend ===
Scott noticed Bradley among all of the other smelly nerds, and silenced the crowd. "'''''So you wish to duel me? To the death?'''''" Scott responded. Bradley didn't reply. This made Scott furious. Bradley simply watched. As the crowd grew louder, Scott scoffed. Bradley finally made his way up to the ring with Scott Manchester waiting for him. Scott smirked, and began to speak, "WELC-"! Immediately Bradley teleported behind Scott Manchester with a blank face staring down. "Are you sure you'd like to finish that?" Bradley exclaimed.

=== The tale to be told for ages ===
Scott gulped. Without talking he started setting up the foosball table. Bradley walked to his side very slowly. When Bradley arrived to the table, the referee stated the stakes of this battle, "'''''You are betting your pride, titles, and lives. Do you both consent.'''''" Both of them nodded. Each of them gripped their handles, Scott grabbing a defensive and offensive handle, while Bradley grabbed two offensive handles. Scott smirked and thought, "''He's so stupid! Two offensive???''" Bradley said out loud, "'''Don't think so soon Scotty.'''" The game went on for approximately 4 minutes and 23 seconds. Bradley swept the floor with Scott. The crowd was in awe. As the last point was given to Bradley, Scott began begging for his life, and to be shown mercy. Bradley complied. Bradley would come to be known as one of the most merciful beings in existence. This battle is what allowed Bradley to gain his title as the '''Digital Deity'''.

== Beginning of the End (appx. 1997-2009) ==
This is a very unknown part of Bradley's life, as he does not remember this era very well and it hasn't been documented well. What is known about this time period, is that Bradley had began his reign as the '''Digital Deity'''. Bradley would pillage any town if someone gave him the slightest attitude. The theory goes something along the lines of, "Bradley found a person who made him happy. This so called person didn't like the pointless violence that Bradley partook in, and therefore told him that if he didn't end the pointless violence and destruction, they would leave forever. This person eventually showed Bradley the meaning of compassion." Bradley had finally learned '''''some''''' compassion. Instead of directing his anger at random civilians and towns, Bradley took it out on people who deserved it. Bradley gained his title as "'''The Merciless Bounty Hunter'''" through the only time in this era that has been documented.

=== The Merciless Bounty Hunter ===
With Bradley's newfound compassion, he decided to use it for good. Bradley took to the streets, looking for people who have a price to pay. At first Bradley had begun to destroy petty criminals, with an axe that he had in his garage, but learned of the big time criminals who had a bounty on their heads. Bradley had set out to find his first victim, whomst was very difficult to locate. One Bradley did locate this first criminal however, he was slowly put to rest. ''The AxeTM'' wasn't enough. Although Bradley put up a fight, he was pounced on by this criminal. This brought Bradley back to the drawing board. Bradley had never felt so embarrassed in his life, so therefore he had decided to curate a brand new weapon. The likes of which no one has ever seen before. Bradley spent weeks in the garage designing and perfecting this unholy weapon. Bradley had taken multiple ethernet cords, and combined them all together to create a whip of sorts. Bradley decided to name this the ''EtherWhipTM''. Bradley did not need practice with this new weapon, as it was completely natural to him. This was a part of Bradley already. Bradley immediately set forth to find the same criminal, and when he did... let's just say that Bradley obtained a nice amount of money. This newfound way to bring out his violence and aggression mixed with the fact that he gets paid to do this pushed Bradley to become a name to fear. Everyone who obtained a bounty feared for their very lives, as Bradley would always find them, and finish them swiftly.

== The founding of 24PinTechnologies (appx. 2010-present) ==
After several years of gaining money through bounties, Bradley become quite tired, though Bradley's thirst for excitement was not quite quenched yet. Bradley had always thought that his dream would be to start a business where he can truly be himself, and with his compassion he had acquired, he wanted to help others be themselves as well. Bradley used his title as the '''Digital Deity''' to start a nonprofit IT business through the local school in his town. The business became a booming success, with people finding their places through his program. Bradley had also benefited from this as he could still "punish" the bad kids, RIP, and gain passive income, all while being who he truly wants to be. Bradley had finally found true happiness.

FOG

2022-09-07T22:12:04Z

Bchamberlain: added video link

==Initial Setup==
Format and install Ubuntu 17.04 on the computer that will be hosting the FOG Server (or whatever version of Linux you prefer). You can download it [https://www.ubuntu.com/download here].

==Getting Things Ready==
Download FOG (it is recommended that you get the latest version from [https://fogproject.org/download here]).

==Installing FOG==
Run these commands in the download directory ''(this requires an internet connection)'': <code>tar -xzvf FOG_FILENAME_HERE.tar.gz && cd FOG_FILENAME_HERE/bin && sudo ./install.sh</code>

''TIP: After starting the install command <code>(sudo ./install.sh)</code>, don’t cancel while the installation is in progress as some files will remain and may cause issues when trying to install later.''

''TIP: If you need some help with the early steps that are not mentioned here go to this video -'' https://www.youtube.com/watch?v=uleFAPmCo7Y

==Configuring Your FOG Installation==
The last command will initialize the install process, which is fairly straightforward. If you need help with the install process, or are using a different OS, visit the FOG wiki: [https://wiki.fogproject.org/wiki/index.php?title=Main_Page]. Some of the settings require you know the basics of your network setup, so it will vary depending on the network.

More info on installation specifically can be found here: [https://wiki.fogproject.org/wiki/index.php?title=Installation FOG Official Install Guide]

===Setting up FOG to be Used on Another Network===

FOG when installing will automatically pull the network information from the network adapter you tell it that you would like to use. To configure FOG to be used on another network, during the start of the install your network adapter will need to be configured with the settings of the other network. It will seem wrong, as you will have no internet (or limited access) but it is the only way to trick FOG.

Then once you reach the point to where you have configured all of your settings, it will show all of the settings and ask if you'd like to continue the installation with those settings. '''Before typing y to continue''' you must have internet access. So you must set your network adapter to work with your current network, as the rest of the install will be pulling necessary files and programs from the internet. '''Even if the dependencies are already installed''' you must have internet and follow all the way through the install, as it does internet connectivity tests and does not create all of the necessary FOG, MySQL, and database files until the very end.

'''If you have installed before, and now want to move to a new network''' you need to remove the /opt/fog folder. Do so by running the command: <code>sudo rm -r /opt/fog</code> this will remove the old installation configuration information, but will keep all important things like your images, just follow the directions for setting up FOG for another network if you want to set it up for a different network you are not on, or do the normal installation on the new network.

==Access the FOG GUI==
This can be done by opening a browser tab on any computer on the same network by typing the IP of the FOG server and ending it with /fog.
There you can access the settings and manage images and accounts.

For example: 10.21.25.4/fog

==DHCP Setup==
In order for Fog to work correctly you will need to make some adjustments to the Scope Options in DHCP. You will need to do two settings for both BIOS and UEFI machines using scope options 66 and 67. I have included a picture of the scope settings on our server.
[[File:DHCP Scope Options Fog.png|left|thumb|520x520px]]

Here are some helpful links from the Fog Wiki to assist you.

[https://wiki.fogproject.org/wiki/index.php?title=BIOS_and_UEFI_Co-Existence BIOS and UEFI Co-Existence]

[https://wiki.fogproject.org/wiki/index.php?title=Windows_DHCP_Server Windows DHCP Server]

==PXE Booting Your Computer==
You will need to access the BIOS and turn on network boot if not already enabled, and enable legacy network boot if available for better compatibility. You may need to turn off the secure boot setting depending on the device.

==Registering==
To register computers, you must PXE boot them into FOG, and it recommended that you use full host registration. Then follow the on screen steps to register your device. The registration process itself remains the same across all devices, but PXE booting will be different across devices.

==Updating a FOG Imaging Server==
This will be a quick rundown of how to update a FOG imaging server, and how to fix some common issues you may run into while doing so.
This was written for the Linux version of FOG (specifically Ubuntu) it may be different on other Linux distros and is very different. If you are running a Windows version of FOG, at the time of writing that is not officially supported by FOG Project, so you are pretty much on your own for now.

===The Initial Steps===
If you are updating to a newer FOG version, you need to download the appropriate fog_x.x.x.tar.gz file (if you are new to Linux tar.gz files are basically a .zip, .rar, or .7zip in Windows). You will the need to run this set of commands to unzip it and run the install script inside of it. If you have installed FOG before, this is the same process and doing an installation, just the install file uses your existing FOG server settings and only changes the files that it needs to (so don't worry it's not a total reinstall everything will still be there).

[https://fogproject.org/download FOG Download]

''(this requires an internet connection and must be run in the Downloads directory)'':

<code>tar -xzvf fog_x.x.x.tar.gz

cd fog_x.x.x/bin

sudo ./install.sh</code>

The install.sh file as you can see must be run as sudo or root to be able to properly install, so you will need the password for that level of access if necessary.

The script will run, and may ask you to confirm your current settings, and will update FOG and it's dependencies to the latest version accordingly. A restart of the host afterwards is recommended.

More info on an initial install can be found here: [https://wiki.fogproject.org/wiki/index.php?title=Installation FOG Official Install Guide]

===Kernel Updates===
After you update FOG you will need to update the kernel that fog uses for the bzimage and bzimage32. These files are what the computers and devices PXE booting from the server will use to boot, and the newer versions add compatibility for newer devices (such as ones with finicky UEFI BIOS'). To update the kernel you will need to open the FOG management console (either by localhost/fog on the host machine or by the IP address you set to it on another machine with /fog). You will then click on the wrench in the top right to get to the FOG Configuration page. On the right there is a kernel update link you need to click on. Then there will be a list of kernels available if your kernel is not up to date. You will need to install two kernels, both the latest version. The ones at the top will be the latest, so click download button (big green downward arrow) below the first kernel labeled x86_64. You can rename the kernel, but for most instances that is unnecessary so click next and it will update. Repeat this for a x64 kernel.

More info on kernel updates can be found here: [https://wiki.fogproject.org/wiki/index.php?title=Kernel_Update Official FOG Kernel Update Guide]

==Imaging Microsoft Surfaces (Surface Pro 2) with FOG==
Here are the details for making a FOG server work with Surface Pros and other devices that might be particular in the same way:

===PXE Booting Your Surface Pro 2===
To PXE boot a microsoft surface you must first disable secure boot. This can be done by holding the volume up button and holding power, and releasing the power button when the Surface screen is displayed. Then click on the secure boot option and click disable then save and exit.

To PXE boot the microsoft surface, you then hold down the volume down button and power at the same time. Once the Surface screen is displayed, release the power button. Then the PXE boot screen will come up. (make sure it is connected to a network via ethernet adapter before PXE booting)

When the FOG menu pops up, you can capture an image to use for the rest of the surfaces.

===More Information on Surfaces and Other Special Device Booting===
The IPXE protocol version used by microsoft surfaces is only supported by the latest versions of FOG. Version 1.4.4 (september 2017) is what was used for this, along with the surface pro 2 tablets, and this used a windows 8 Pro installation (as windows 10 is not natively supported by the original surfaces). FOG was installed on a small computer inside of the Ubuntu 17.04 OS. If you are going to use computers such as these (ones with UEFI or very custom BIOS') then you must use the latest version possible of FOG.

If you have any errors with DHCP and UEFI, I recommend looking [https://wiki.fogproject.org/wiki/index.php?title=BIOS_and_UEFI_Co-Existence here].

==Troubleshooting==
Here are different solutions we have found to various FOG problems that you may encounter:

==="What if FOG is blocked?" (During Installation)===
If the download fails during the install process, check your proxy settings on your network or ask your network administrator if it is blocked. If so, have the admin allow access, use a VPN (with proper permission), or take it to another network.

(If installed on another network, once it is moved to another network all IP settings for the server will need to be reconfigured. If it is installed on the same network it is being used on, then skip the next step)

(only do this if installed on a different network than it will be used on, or if there are IP configuration errors.)
Look through all of the settings in the FOG server gui, and make sure all things that reference IP addresses are properly configured for your network. This varies by FOG version and type of install, so it is a tedious but necessary process. Then, you will need to edit the fog configuration file, which you can find by checking the wiki as it’s location varies by OS and FOG version. You will also need to edit the dhcpd.conf file and the network config settings of the Ubuntu operating system to have the correct IP config settings. (This may vary by Ubuntu version, or linux version, so check the wiki and the proper documentation for that OS).

===TFTP Errors===
The error looks like this or something similar depending on configuration:

[[File:ftp_put_error.jpg|550px]]

If you get a tftp or ftp_put() error when trying to update the kernel, these are the solutions we've found:

====Solution 1: Credentials====
There are a few different places where FOG uses credentials to manage different files using the fog user account. If the credentials mismatch in any of the places, some functionality will not work. In total there are four different places where those credentials should match (on a standard installation at least, if you need it different you know what you are doing and probably don't need this).
The places where credentials need to match can be found in these places:

*Web Interface -> Storage Management -> [Your storage node] -> Management Username & Management Password
*Web Interface -> FOG Configuration -> FOG Settings -> TFTP Server -> FOG_TFTP_FTP_USERNAME & FOG_TFTP_FTP_PASSWORD
*The local 'fog' user's password on the Linux FOG server
*Server file: /opt/fog/.fogsettings -> username and password settings (For recent FOG Trunk versions only. 1.2.0 does not have this setting. 1.3.0 and newer versions at the time of writing will contain this.)

The first two are easy to check, just use the FOG web interface using a web browser on the host or a machine on the same network.

The fog user password can be changed by using the command:

<code>sudo passwd fog</code>

The server file can be edited using vim in the Linux terminal:

<code>vi /opt/fog/.fogsettings</code>

(More info on vim or vi can be found [https://wiki.fogproject.org/wiki/index.php?title=Vi here].

Official FOG documentation on this issue can be found [https://wiki.fogproject.org/wiki/index.php?title=Troubleshoot_FTP#Credentials_.2F_Passwords here].

====Solution 2: Use a Kernel Install Script====
If the first solution doesn't fix the problem, then this probably will. This solution is to manually install the kernel update through a script in the terminal, and as long as you have the correct permissions and a somewhat new version of Linux (CentOS 7+, Fedora 19+, RHEL 7+, Debian8+, and Ubuntu14+) this should work fine.

This script will backup the old kernel versions you already have installed in case of emergency, and will update to the newest ones. It has comments within it to make it easy to understand exactly what each step does.
<code>#Delete previous backed up kernels & inits.

rm -rf /var/www/html/fog/service/ipxe/old

#Make a directory to put old kernels & inits into.

mkdir /var/www/html/fog/service/ipxe/old

#Move old inits, get new ones.

mv /var/www/html/fog/service/ipxe/init.xz /var/www/html/fog/service/ipxe/old

wget https://fogproject.org/inits/init.xz -O /var/www/html/fog/service/ipxe/init.xz

mv /var/www/html/fog/service/ipxe/init_32.xz /var/www/html/fog/service/ipxe/old

wget https://fogproject.org/inits/init_32.xz -O /var/www/html/fog/service/ipxe/init_32.xz

#Move old kernels, get new ones.

mv /var/www/html/fog/service/ipxe/bzImage /var/www/html/fog/service/ipxe/old

wget https://fogproject.org/kernels/bzImage -O /var/www/html/fog/service/ipxe/bzImage

mv /var/www/html/fog/service/ipxe/bzImage32 /var/www/html/fog/service/ipxe/old

wget https://fogproject.org/kernels/bzImage32 -O /var/www/html/fog/service/ipxe/bzImage32</code>

<code>#Reset Ownership:</code>

<code>#Fedora, CentOS, RHEL:</code>

<code>chown -R fog:apache /var/www/html/fog/service/ipxe</code>

<code>#Ubuntu, Debian:</code>

<code>chown -R fog:www-data /var/www/html/fog/service/ipxe</code>

<code>#Set permissions:</code>

<code>chmod -R 775 /var/www/html/fog/service/ipxe</code>

<code>#Script complete.</code>

<code>echo DONE!</code>

The official FOG documentation can be found [https://wiki.fogproject.org/wiki/index.php?title=Kernel_Update here] at the bottom of the page.

===Multicast Not Working===
If after an update Multicast stops functioning, or you find it stops working at some point, this is what has worked in the past.

''Please note this will not fix any and all Multicast problems, but it did fix our issue where it would open partclone and not start the cast itself, and it showed the error <code> This is not the master node</code> in the logs for multicast''

====Multicast Repair Step One====
This first step may seem scary, but it will not damage any of the FOG images or files.

We are going to delete the directory /opt/fog
<code>sudo rm -r /opt/fog</code>

''(The -r is necessary to delete directories)''

Then rerun the installer by downloading the version of FOG you were using (or the latest one available if you're not using it). Then try running a multicast and see if it works. If not, move on to step two.

====Multicast Repair Step Two====
This step will require us to modify the MySQL tables by running some commands in the terminal. You should run <code>sudo su</code> before running the script to make things easier.

Below are the commands you will need to run:

<code>mysql</code>

<code>use fog</code>

<code>DELETE FROM `multicastSessions` WHERE 1;</code>

<code>DELETE FROM `multicastSessionsAssoc` WHERE 1;</code>

<code>DELETE FROM `tasks` WHERE `taskTypeID` = 8;</code>

<code>quit</code>

This will clear the MySQL tables. After this you will need to rerun the installer and everything should work fine from there.

The official Multicast FOG Documentation can be found [https://wiki.fogproject.org/wiki/index.php?title=Troubleshoot_Downloading_-_Multicast Here].

===For Issues You Can't Solve with This Page===
Check the [https://wiki.fogproject.org/wiki/index.php?title=Main_Page FOG Project Wiki] and the [https://forums.fogproject.org/ FOG Project Forums]. These pages should solve any other issues you have, and any issues you solve that aren't on here should be properly documented here to help future 24PinTechs.

===The Sanders-Cure-All===

If there is an issue with FOG that is not easily solvable, you can follow these steps and 9/10 times it will fix it. All of these steps are found in different solutions for other problems, but done in this order can solve many common problems that seemingly can't be explained. Trust me. I've tried.

''When we run commands, they are run in the Linux terminal, and run them as sudo (that means do the command <code>sudo su</code> before running them to make it easier, if it throws an error saying not to run as sudo, then open a new terminal and don't run the sudo command first.''

====Step One====

First we run the manual kernel update script, to ensure that all our kernels aren't broke and are the latest version:

<code>#Delete previous backed up kernels & inits.

rm -rf /var/www/html/fog/service/ipxe/old

#Make a directory to put old kernels & inits into.

mkdir /var/www/html/fog/service/ipxe/old

#Move old inits, get new ones.

mv /var/www/html/fog/service/ipxe/init.xz /var/www/html/fog/service/ipxe/old

wget https://fogproject.org/inits/init.xz -O /var/www/html/fog/service/ipxe/init.xz

mv /var/www/html/fog/service/ipxe/init_32.xz /var/www/html/fog/service/ipxe/old

wget https://fogproject.org/inits/init_32.xz -O /var/www/html/fog/service/ipxe/init_32.xz

#Move old kernels, get new ones.

mv /var/www/html/fog/service/ipxe/bzImage /var/www/html/fog/service/ipxe/old

wget https://fogproject.org/kernels/bzImage -O /var/www/html/fog/service/ipxe/bzImage

mv /var/www/html/fog/service/ipxe/bzImage32 /var/www/html/fog/service/ipxe/old

wget https://fogproject.org/kernels/bzImage32 -O /var/www/html/fog/service/ipxe/bzImage32</code>

<code>#Reset Ownership:</code>

<code>#Fedora, CentOS, RHEL:</code>

<code>chown -R fog:apache /var/www/html/fog/service/ipxe</code>

<code>#Ubuntu, Debian:</code>

<code>chown -R fog:www-data /var/www/html/fog/service/ipxe</code>

<code>#Set permissions:</code>

<code>chmod -R 775 /var/www/html/fog/service/ipxe</code>

<code>#Script complete.</code>

<code>echo DONE!</code>

====Step Two====

Now we delete everything that has to do with FOG from the MySQL server. Cause MySQL hates us so we fight fire with fire.

<code>mysql</code>

<code>use fog</code>

<code>DELETE FROM `multicastSessions` WHERE 1;</code>

<code>DELETE FROM `multicastSessionsAssoc` WHERE 1;</code>

<code>DELETE FROM `tasks` WHERE `taskTypeID` = 8;</code>

<code>quit</code>

====Step Three====

Now we need to delete most of the FOG files that are on the server, cause FOG itself hates us to. Don't worry, it's not you, it's them.

<code>sudo rm -r /opt/fog</code>

''(This doesn't delete any settings or images don't worry''

====Step Four====

Now we start to reinstall FOG, because a lot of it is no longer there. '''IF THERE IS A NEWER VERSION, THIS IS A GOOD TIME TO UPGRADE. IT'S ALREADY BROKEN, AND NEWER VERSIONS HAVE GOTTEN A LOT MORE STABLE PLEASE'''

Download FOG (it is recommended that you get the latest version from [https://fogproject.org/download here]).

If there isn't a new version and the FOG files are still in the downloads folder, then you can skip this step.

====Step Five====

Run these commands in the download directory ''(this requires an internet connection)'': <code>tar -xzvf FOG_FILENAME_HERE.tar.gz && cd FOG_FILENAME_HERE/bin && sudo ./install.sh</code>

''TIP: After starting the install command <code>(sudo ./install.sh)</code>, don’t cancel while the installation is in progress as some files will remain and may cause issues when trying to install later.''

''PPS: It should find the old settings and try and pull some of the config. It might not. Verify all settings while running the installer.''

====Step Six====

Now FOG may have changed some passwords. Yeah, it can do that.

There are a few different places where FOG uses credentials to manage different files using the fog user account. If the credentials mismatch in any of the places, some functionality will not work. In total there are four different places where those credentials should match (on a standard installation at least, if you need it different you know what you are doing and probably don't need this).
The places where credentials need to match can be found in these places:

*Web Interface -> Storage Management -> [Your storage node] -> Management Username & Management Password
*Web Interface -> FOG Configuration -> FOG Settings -> TFTP Server -> FOG_TFTP_FTP_USERNAME & FOG_TFTP_FTP_PASSWORD
*The local 'fog' user's password on the Linux FOG server
*Server file: /opt/fog/.fogsettings -> username and password settings (For recent FOG Trunk versions only. 1.2.0 does not have this setting. 1.3.0 and newer versions at the time of writing will contain this.)

The first two are easy to check, just use the FOG web interface using a web browser on the host or a machine on the same network.

The fog user password can be changed by using the command:

<code>sudo passwd fog</code>

The server file can be edited using vim in the Linux terminal:

<code>vi /opt/fog/.fogsettings</code>

(More info on vim or vi can be found [https://wiki.fogproject.org/wiki/index.php?title=Vi here].

Official FOG documentation on this issue can be found [https://wiki.fogproject.org/wiki/index.php?title=Troubleshoot_FTP#Credentials_.2F_Passwords here].

'''''If you need to run as sudo and it says the password has already changed (like you can't run sudo) look at the .fogsettings file and it will contain the *new* password in plaintext. It is gonna be long and is gonna suck. If you are logged out and need to get back in, log in as guest or as another user, or boot off of a bootable linux live usb, and go to the file and take a picture of the password.'''''

====Step Seven====

The FOG Server may be fixed at this point, and if so yay! You're done. If it is still acting up there is more to do.

Run steps two through six again and it should work, it usually is always good after a second try. If that doesn't work you'll have to do more than the cure-all, cause every time it's gone more than two it was a more in depth issue.

==xRDP==

This is a very useful tool that is currently installed on our FOG server. This allows for any Windows user to use remote desktop to remotely control the host Linux system with full GUI support. To connect just use the FOG IP, and when prompted type in the login.

To learn more about xRDP, go to the wiki page: [[xRDP]]

==Rsync==
Rsync is a tool that is used to transfer certain files and directories to a local or remote host. We use rsync to do monthly backups of all of the fog images. These will be stored on Unraid (10.21.25.13) and will be made automatic using another tool called cron, which allows you to schedule commands or scripts to automatically run at a certain time.

===Backup Procedures===

====Installing Rsync====
Go to 10.21.25.2 and login to esxi with your id and password. Then go to fog and log into the console with the admin account. Open the terminal and run the following command to install rsync. We need to run this command as sudo to grant the user the same security privileges as the superuser.

<code>sudo apt install rsync</code>

====Checking For Ssh Keys====
To automate these backups, we need to be able to login without a password by creating ssh keys. First, you should check if these already keys exist using the following command.

<code>ls -al ~/.ssh/id_*.pub</code>

====Creating Ssh Keys====
If the keys don't exist, they should be created using the following command. When prompted for a password press enter to set it to no password. (just hit enter at the prompt don't type anything)

<code>ssh -keygen -t rsa</code>

This key also needs to be on the destination so the key should be copied to Unraid.

<code>ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.21.25.13</code>

====Automatic Rsync====
To automate rsync, we need to use cron and create a cronjob.

<code>crontab -e</code>

We want it to run once a month so we will set beginning part of the command to run monthly. The first part represents the minute, second is hour, third is day, fourth is month, and fifth is day of the week.

<code>MM HH DD MTMT DAY command</code>

Once we change it to monthly, we need to add the rsync command after. This command will use rsync to backup up the fog images to the backups folder on Unraid.

<code>0 0 1 * * rsync -e 'ssh -p 22' -avp /images/ 10.21.25.13:/mnt/user0/Backups/Fog_Images/</code>

This will now backup the fog images at the beginning of every month.

==FOGBANK SERVER==
the fogbank server is the server that runs our fog server for our classroom, this computer cannot be accessed via remote desktop, you need to go into the back in order to access the computer.

*Processor: Intel Xeon CPU @2.80 CPU
*Memory:
*Storage: Samsung SSD 850 GB
*System:

ESXi

2022-03-31T16:37:56Z

Bchamberlain:

[[Category:VMWare]]
==What is it==
[[File:VMwareESXiHostClientSummary.png|thumb|640x640px|General image of ESXi web interface|link=https://10.21.25.11//wiki.24pin.tech/File:VMwareESXiHostClientSummary.png]]ESXi is an OS designed to hold many virtual machines on one physical machine. It is identified as a type-1 hypervisor developed by VMware. We are using it currently for at least 4 of our machines in the classroom. Those machines are Heimdall, Thor, Asgard, and Valhalla. Heimdall and Thor are using the 6.7 license as explained in the Installation of ESXi heading. Asgard and Valhalla are using version 7.0+ which we paid for the licenses.
==Installation of ESXi==
The installation method of ESXi is pretty simple. All you will need is a computer/server and a flash drive. To be able to actually access the server you'll end up needing the machine to be connected to the internet. The procedure is as follows:

*Grab a image of ESXi from VMware's page. Depending on the importance or role of the server, you should use vSphere 6.7 for testing and small project purposes. Use 7.0+ as a limited resource since we only have so many activations available. You can grab all of our ISOs from the following directory on our domain, [https://10.21.25.11//wiki.24pin.tech/Mhs.24pin.tech mhs.24pin.tech], \\10.21.25.13/Cisco Curriculum/vSphere Downloads/ESXi ISOs/
*The rest of the installation process is pretty simple and can be found here: https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.install.doc/GUID-6FFA928F-7F7D-4B1A-B05C-777279233A77.html
*Once installed go to manage>licensing and input your license key, or you can use evaluation mode for up to at least 30 days. Though if you are using version 6.7 you can use the following key: 144AH-AU10P-W8888-0A22K-85912 and if you are going to use 7.0+ you can grab the product key from our vSphere Downloads folder from above.

==Management of a ESXi Machine's Local Interface==
[[File:VCenter interface.png|thumb|310x310px|link=https://10.21.25.11//wiki.24pin.tech/File:VCenter_interface.png]]After you install ESXi you should be greeted with a screen like shown to the right. (The screenshot is one of the vCenter server but a ESXi local interface should look similar)Through this screen you will be able to change management settings such as hostname, basic management networking, etc. A specific list of what you can do from the machine locally can be found below, to access these options you need to press f2 and use the login you created for the machine.

*Configure local password
*Configure lockdown
*Configure/Restart/Test Management Network and restore default networking settings
*Configure keyboard
*Troubleshooting Options
*View systems logs, support information
*Reset System Configurations

==Accessing ESXi's web interface==
To actually be able to get into ESXi you'll need to be able to access the server using a web interface. To get into the server simply put the ip address of the server into your web browser like this, [http://10.21.25.2/ http://10.21.25.2]. Once prompted to login, use the default username root and the root password you set during installation. You will be able to add the device to the domain and be able to create other users once logged in with root.
==Creating a VM==
Creating a VM on ESXi is pretty simple. The big thing is that you have to make sure your server/ESXi host has enough resources to share with it's VMs. You can create as many VMs as you want as long as you have the resources to see fit. Its best practice to try to limit your resources you give to a single machine to a minimum. For example, you won't be giving a domain controller tasked with basic tasks such as DNS, Active Directory, and DHCP 1 TB of storage and 32 logical cores. To determine the correct resources for your machine you'll want to research the best practices for that type of machine. The following is the steps of creating a virtual machine:[[File:Friia config.png|thumb|382x382px|Basic settings of Friia our secondary domain controller|link=https://10.21.25.11//wiki.24pin.tech/File:Friia_config.png]]

*Move into the Virtual Machines tab of ESXi as shown in the image at the top of the page.
*From there you will want to press create/register a VM
*You will be prompted with three options, to create a new VM, deploy a machine from OVF or OVA, or register a existing machine. For our purposes we will be creating a new VM.
*Next you will want to enter the name of the VM (this is only for the ESXi interface and has no effect on the VM itself) and choose what OS the VM will be. This is for management purposes.
*The next step asks you where you would like the machine to be actually located. This gets pretty in depth and lets you choose a storage point other than the local machine. Choosing a storage point other than the local machine is usually used when implanting redundancy. For our purposes we will be choosing the local storage.
*Now you actually get to assign the resources to your VM. You'll be able to set how many logical cores, ram, and storage the VM has. Once again do research on what the basic requirements of the VM you are creating. When choosing your networking settings use the machines default for now. This can get pretty in depth but once again we are staying basic here. Here you will also be able to choose the ISO file you are using to setup the machine. You simply want to choose it as a CD drive and upload the image either through the network or locally though a USB.
*That's it. Now you can go ahead and finalize the process of creating the VM.

==Adding ESXi to the domain==
Adding ESXi to the domain can easily be done by heading over to the manage tab on the left of the ESXi web interface. From there you will want to go into the Security & Users tab and down into Authentication. You should see something like this screenshot below. Here you will be able to press join domain. All you will have to do is enter the domain name, in our case mhs.24pin.tech and a admin login for that domain. That's how you add a ESXi machine to the domain.[[File:Asgard Domain.png|center|thumb|601x601px|link=https://10.21.25.11//wiki.24pin.tech/File:Asgard_Domain.png]]
==ESXi Networking==
===Brief Overview===
The ESXi machine basically has its own local environment built into it. Once you setup the machine and access the networking portion from the web interface you'll see that the machine has it's own vNICs, vSwitches, vVLANs, etc. If you want to get experienced with ESXi and know how to manage machines networking wise you'll need to know about these. A brief breakdown of this networking portion is that you'll have a VM Port group all assigned to a Virtual Switch which connects the VMs to the physical NICs. You can do many other things with this networking environment like making closed off test environments, separating VLANs, and configuring VMWare offered features like vMotion.
===Management===
When you initially setup the ESXi machine you create a management IP address. This is used to initially setup the machine and to access the web interface whenever you need it. You could also use the DNS name of the server once that is setup as well. If anything ever goes wrong on the networking side and you can't remotely access the server, you may need to go into the local server and reset the networking on the machine. This could be done easily with the following steps:

#Go into the local machine and press F2, it will ask for the root login that you created on initial setup.
#This interface is used to change anything management wise for the ESXi machine. (You can reset root password, reset networking, etc.)
#For our purpose we will go into the reset management network, what this will do is reset the NICs on the machine and VLANs that way it goes back to its original setup, this will usually fix networking issues.
#In this interface you can also edit the assigned VLAN, NIC teaming, etc. It is very helpful for troubleshooting.

===NIC Teaming===
Whenever you plug in a new cable to the physical machine it should automatically pick it up as a physical NIC and assign it a MAC address. To actually assign all the other cables other than the management cable to a interface on the machine you'll need to manually assign it to a Virtual Switch. After that you have to make and assign all the VMs to a port group and assign that port group to the switch that is connected to the NIC team. The process of creating a NIC team can be followed with this process:

#Open up the web interface for the ESXi machine. For my example I will be using Valhalla (10.21.25.2)
#Go to the networking portion of ESXi which can be found on the list of drop downs to the left.
#You'll see multiple tabs including Port Groups, Virtual Switches, Physical NICs, VMKernel NICs, TCP/IP Stacks, Firewall Rules. We can leave VMKernel, TCP/IP Stacks, and the Firewall alone for now.
#Go into the Physical NIC tab to verify that all of your NICs are activated and plugged in.
#Next you will want to create a new Virtual Switch (by switching to the Virtual Switch tab and pressing add new switch), name this something that you'll easily identify.
#Leave pretty much everything the same and click add.
#Once the virtual switch has been made you'll want to click create new uplink, these are the physical NICs and assigns them to the virtual switch.
#After assigning the uplinks go into the settings of the switch to verify that they are assigned. You can leave the rest of the settings the same, or change them depending on your purposes or knowledge.
#Now go into the Port Group tab. You can either use the default Port Group (recommended if you already have VMs running on the machine) or create a new one with your own name. If you do use the default Port Group you will have to go into the settings of it and assign it to the new vSwitch. These are what you will assign the VMs to so that they are connected.
#Once done you should verify all the connections of the VMs and make sure they are all connected to the correct Port Group. Ta-da you are done.

==Moving a pre existing machine to or from ESXi==
[[File:Word-image-51.png|thumb|442x442px|Starwind converter|link=https://10.21.25.11//wiki.24pin.tech/File:Word-image-51.png]]The process of moving pre existing machines onto ESXi and copying them off is pretty easy. You can do this by using [https://10.21.25.11//wiki.24pin.tech/Starwind Starwind]. [https://10.21.25.11//wiki.24pin.tech/Starwind Starwind] will allow you to choose a remote image, local file, or physical machine and put that image onto another machine locally or as a VM. It became pretty helpful in our process of virtualizing all of our physical servers onto one machine.

Another way of doing this could be through vMotion. This moves a VM from one vSphere machine to another while keeping the VM running and functional. Though to set this up you will need to assign a new vNIC to each machine the destination and source and that will require a IP address from our domain.
==Probable Issues==

*One day a cable came slightly unplugged and the domain controllers started acting up. The web server also had some issues. We don't know if this was the

==Helpful Links==
For those that would like more information than what I can provide:

*https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/virtual_networking_concepts.pdf #General piece on VMWare Virtual Networking, a bit dated
*https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-B57FBE96-21EA-401C-BAA6-BDE88108E4BB.html #Best practices, should probably follow

Spiceworks Installation (Retired)

2022-03-31T16:14:40Z

Bchamberlain:

[[Category:Webserver]]
[[Category:Deprecated]]
==Spiceworks==
Spiceworks is a work order management system and ticketing system utilized by 24PinTech. The software uses applications like NMap to find issues and vulnerabilities in the network and systems on it in order to better protect itself and the business. Spiceworks also sends email alerts to all members including alerts about specific hardware in the netspace.

== Procedures ==
=== Installation Procedure ===

#Download or access the Spiceworks.exe file from \\logan\Spiceworks\
#Run the Application with Administrator Rights
#Leave the Webserver port number as default (80)
#Check "Also install NMap and WinPCap"
#Select a folder with at least 176.3 MB available
#Allow the program to install Spiceworks
#Click continue and check the boxes for 'Install desktop shortcut' and 'Start Spiceworks now'

=== Configuration Procedure ===

#Allow for Spice works to start up (this will begin the webserver and launch spiceworks immediately after installing)
#When it finishes 'heating up' it will land to the page pictured, put in a strong password and current Email address then hit 'Get Started'

[[File:SPICE1.PNG|600px|text]]

#Once logged in it will bring you to this page, From here there is an unassigned ticket that will explain some of the basics of using Spiceworks. However, for the current Procedure, hit the settings button in the top right.

[[File:SPICE2.PNG|600px|text]]

#After hitting settings you will be brought to the Email settings page (as pictured). Here you plug in the information pertaining to the current Email addresses that will be used for outgoing or incoming.

[[File:SPICE3.PNG|600px|text]]

#On this Settings page you are also able to utilize Active Directory, Alerts, and the Portal. Each setting is extremely easy to work with.

===User Add/Delete/Modify Procedure ===

*From the Main Page click on the drop down selector that says 'Help Desk', and Select 'Inventory'

[[File:SPICE1.PNG|600px|text]]

*From the Inventory Page, click on the drop down menu 'My Network' and select 'People'

[[File:SPICE4.PNG|600px|text]]

*In order to add people to the Spiceworks system you can either go through Spiceworks or through Active Directory. For this we will be going over Spiceworks.
*In order to add a new user, click on the 'New Person' button. (As Pictured)

[[File:SPICE5.PNG|600px|text]]

*Fill out the Form that pops up to the best of your ability.
*You have now added a person to your team.

== Security of Spiceworks ==
=== Scanner ===
The inventory section of the main interface provides information on each system in the netspace that it can connect to. It does this by utilizing a program called 'NMap' (nmap.org). Its main purpose is to scan hardware to find current running services and, in the case of Spiceworks, Issues with each system

===IDS===
It also acts as an IDS (Intrusion Detection System) notifying administrators of attempted logins or connections from 'dangerous IP's' it does this by using a system called 'Alien Vault'.

Apache (Retired)

2022-03-31T16:13:36Z

Bchamberlain:

[[Category:Webserver]]
[[Category:Deprecated]]
== Introduction and Summary ==
Apache is one of the most common, versatile, and supported web servers of all time due to its easy installation and high functionality. This article is meant to guide you through the process of installing and configuring a fresh new install of Apache and the libraries it works well with (PHP and MySQL) on a Windows environment. This specific type of install is called a '''WAMP stack''' (Windows, Apache, MySQL, and PHP.)

== Selecting the Proper Environment ==
Another great thing about Apache is that it runs well on most (if not all) operating systems and provides the same functionality. Before you get started, you want to select which OS you are going to run the web server on. You as the server administrator (or poor soul assigned this agonizing task) should note the features you need and what OS they work best on. If you need a utility that runs better on a Linux server distro than on Windows Server, you might want to select a Linux distro that works well for you (vice versa Windows server.)

If you only need an Apache server running, the general consensus is that it will run the same regardless of OS on most modern hardware, but some disagree. ([https://serverfault.com/questions/245354/apache-php-mysql-work-faster-in-linux-than-windows serverfault discussion about LAMP vs WAMP stacks])

== Dependencies and Prerequisites ==
<div id="notice">— DO NOT CONTINUE UNTIL YOU HAVE COMPLETED EVERYTHING IN THIS SECTION —</div>

Before you begin, you're obviously going to need to download Apache. You can find this [https://httpd.apache.org/download.cgi here], or at the bottom of this section. Once you have it downloaded, unzip the folder called Apache24 and paste it into the C:\ drive (or whatever drive your primary partition is on.) Repeat the same process with PHP, except create a folder on the C:\ drive called PHP and extract the .zip file's contents into there.

For MySQL, download the

All of the download links can be found here:

* [https://httpd.apache.org/download.cgi Apache]
* [http://php.net/downloads.php PHP]
* [https://dev.mysql.com/downloads/windows/installer/5.7.html MySQL]
* [https://www.phpmyadmin.net/downloads/ phpMyAdmin]

== Apache Installation ==
Open a new command prompt window as administrator and navigate to the bin folder in the Apache directory you unzipped by running <pre>cd C:/Apache24/bin</pre> and then run the command: <pre>httpd -k install</pre> You should now see "The 'Apache2.4' service is successfully installed." on the 2nd line of the output.

After this, start Apache by running the command in the same directory: <pre>httpd -k start</pre>

''Note: For future reference, in order to manage the Apache service, you can either run the httpd -k command with the options start, restart, or stop. Alternatively, you can manage the service by opening services.msc, finding the Apache2.4 service, and then right clicking on it to manage it there.''

Go to your browser and visit http://localhost/ and you should see a page load. You've successfully installed Apache! 👏

=== httpd.conf ===
httpd.conf is the main configuration file Apache uses and references it whenever any HTTP request is sent to the website, which is why it's so important you have everything configured properly. First and foremost, if you want your website to be accessible via LAN you're going to need to access this file and tell it to listen on the server's IP. To start, open a new command prompt window and run ipconfig and find where it says "IPv4 Address . . . ." in the output (it'll say "IPv6 Address" if you're a communist) and copy the IP.

[[File:Ipconfig.jpg]]

Open your favorite text editor as an administrator (it matters that you run as administrator) and then open the file C:/Apache24/bin/httpd.conf, and then add the following code at the bottom of the file (location doesn't matter, bottom is just the easiest):

<pre>Listen [IP]:80</pre>

Just replace [IP] with the IP you copied and save the file, and then restart Apache (httpd -k restart or services.msc in case you forgot.)

=== VCURNTIME140.dll ===
----
In the event that you get the following error, follow the steps below:

<pre>"The program can't start because VCRUNTIME140.dll is missing from your computer. Try reinstalling the program to fix this issue."</pre>

[https://www.dll-files.com/vcruntime140.dll.html Go here] and scroll below the ''"DLL-files.com Client Demo"'' button where it says "VCRUNTIME140.DLL, 7 AVAILABLE VERSIONS" and download both the 64-bit and 32-bit file if you have a 64-bit OS, and only the 32-bit file if you have a 32-bit OS.

This will get a little confusing, but this is where to put the file(s):

==== 64-bit OS ====

64-bit File → C:/Windows/System32

32-bit File → C:/Windows/SysWOW64

==== 32-bit OS ====

32-bit File → C:/Windows/System32

== PHP Installation ==
After following the instructions for installing PHP as instructed in the Dependencies and Prerequisites section, open a text editor as administrator and open the file C:/Apache24/bin/httpd.conf. Next, at the bottom, add the following lines:

<pre>
LoadModule php7_module "C:/PHP/php7apache2_4"
AddHandler application/x-httpd-php .php
PHPIniDir C:/PHP
</pre>

Save the configuration file and restart Apache. Next, find the following code in httpd.conf:

<pre>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
</pre>

Once you've found it, replace it with:

<pre>
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
</pre>

Save your file and restart Apache (httpd -k restart or services.msc in case you forgot.) Once you've restarted that, navigate to C:/Apache24/htdocs, create a new file called index.php, and edit it to have only the following code (reminder to edit it with a text editor that has been ran as administrator):

<pre>
<?php
phpinfo();
?>
</pre>

Save the file, and then navigate back to http://localhost/. A page that contains information about your PHP install should display. You've successfully installed (and enabled) PHP! 👏

== Installing MySQL ==
Installing MySQL is easy when you use the provided installer, which can be found [https://dev.mysql.com/downloads/windows/installer/5.7.html here]. Make sure you get an installer that ends with the .msi file extension.

[[File:mysql-installer-msi.png]]

After you click the download button, it'll tell you that you have to register for a new account, but there's a button below it that lets you skip that entirely and go straight to your download.

[[File:skip-registration-mysql.png]]

Once you download it, run the installer, and go through it. The default settings it has should be sufficient, but if you're unsure if you need something research it. When you get to the part of the installation that tells you to enter credentials for MySQL, be sure to document the credentials that you enter so you don't lose them.

== phpMyAdmin ==
As the [https://en.wikipedia.org/wiki/PhpMyAdmin Wikipedia] page puts it:

<pre>
phpMyAdmin is a free and open source administration tool for MySQL and MariaDB. As a portable web application written primarily in PHP, it has become one of the most popular MySQL administration tools, especially for web hosting services.
</pre>

Installng it is pretty straightforward. Download it from the [https://www.phpmyadmin.net/downloads/ link provided], and unzip the contents into a folder called "phpMyAdmin" (or whatever you'd like) to the main document path in Apache (by default it's C:\Apache24\htdocs\) and proceed.

== Configuring PHP ==
PHP will not work properly if it is not configured, which is why it's crucial that you do. To start, navigate to C:/PHP and rename php.ini-production to php.ini. Open that file in a text editor and search for the line that says ;extension=php_mbstring.dll, and then remove the semicolon before it. Repeat the same process on the line that reads ;extension=php_mysqli.dll.

== Verifying Functionality ==
Testing functionality is as easy as opening a web browser, typing in the IP address of your Apache server, and pressing enter. If it loads, it works! If it doesn't, try researching and debugging some things to see where you went wrong. A little bit of research goes a long way.

Try visiting /phpmyadmin and checking things out. The login credentials are the same as what you used to install MySQL, but if they don't work verify that you're properly typing them and then reinstall MySQL.

If everything is working properly, you have correctly configured and installed your WAMP stack!

==Current Configuration ==
Aside from the default <code>httpd.conf</code> configurations and other uncommented changes, this is everything that I have manually added to the configuration file for Apache. If you make any changes, remember to restart the Apache service either by running <code>httpd -k restart</code> or restarting the service in <code>services.msc</code>. Until we get HTTPS, this configuration should remain the same.<pre>
ServerRoot "c:/Apache24"
Listen 10.21.25.11:80

DocumentRoot "c:/Apache24/htdocs"
<Directory "c:/Apache24/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

LoadFile "C:/PHP/php7ts.dll"
LoadModule php7_module "C:/PHP/php7apache2_4.dll"
AddHandler application/x-httpd-php .php
PHPIniDir C:/PHP

RewriteCond %{HTTP_HOST} ^www\.24pin\.tech$
RewriteRule ^(.*)$ http://24pin.tech/$1 [R=301,L]

<VirtualHost *:80>
ServerName 24pin.tech
DocumentRoot "C:\Apache24\htdocs"
</VirtualHost>

<VirtualHost *:80>
ServerName wiki.24pin.tech
DocumentRoot "C:\Apache24\htdocs\wiki"
</VirtualHost>

<VirtualHost *:80>
ServerName forum.24pin.tech
DocumentRoot "C:\Apache24\htdocs\forum"
</VirtualHost>

# RedirectMatch "/wiki/" "http://wiki.24pin.tech/$1"
RedirectMatch "/forum/" "http://forum.24pin.tech/$1"

<Directory "C:/Apache24/htdocs/wiki">
Allow from 127.0.0.1
Satisfy Any
</Directory>
</pre>

24PinTech Apps

2022-03-31T16:11:48Z

Bchamberlain:

[[Category:Deprecated]]
==What are 24pintech Apps?==
24pintech apps is a folder that is located in the Shared Storage drive in the [http://wiki.24pin.tech/index.php?title=Loki Loki] server. The folders inside have multiple apps that we have used over the years that are useful on running 24pintech. Each of the applications are used to either, open Virtual Machines, ISO folders, terminal editors, antivirus etc. \\loki\shared storage\24pintech apps

==Why are these applications important?==
These applications are very useful to an average technician who needs to use certain tools to make something easier.

==Terminal Editor Software==
PuTTY, SecureCRT, and TeraTerm are all open-sourced terminal editors, which give you access to [http://wiki.24pin.tech/index.php?title=OpenGear_Console_Server_Documentation OpenGear] and let you edit configurations that are in the terminal. We use these applications for our servers which keep the 24pintech website up and running.

Spiceworks (Retired)

2022-03-31T16:00:08Z

Bchamberlain:

[[Category:Deprecated]]
[[Category:Webserver]]
==Accessing and Using Spiceworks==

'''What is Spiceworks?'''

Spiceworks is the site at which 24PinTech can access all work orders that have been assigned to a technician. Once a technician is logged in, they can view, edit, and comment about their work order as well as complete any documentation that is affiliated with the work order.

'''Accessing Spiceworks'''

Any computer in the 24PinTech classroom can access the Spiceworks service. To access the 24PinTech's reserved section in Spiceworks type the upcoming URL into the address bar and it will take you to the login screen for Spiceworks.
<pre>
http://surtr/pro_users/login
</pre>

'''Assigning Work Orders (Manager)'''

#Log into Spiceworks using your email and password.
#Towards the top left of the screen you will see a drop down box with “Inventory," click to drop down other options and navigate to the tab that is labeled “Help Desk."
#To enter a work order process into Spiceworks click on “New Ticket” found towards the top middle of the screen.
#Using information found in the Google work order spreadsheet, give the ticket a name that is related to the customer. In the description text field, include the customer's name, email address and brief breakdown of the issue. Then assign the ticket to a technician (make sure the assigned technician is the same as the one assigned in the google sheets).
##Under the comments, enter the client's email address that the technician should use to contact.
#Inform the technician that they have a new ticket.

'''Adding a New User to Spiceworks'''

#Log into Spiceworks using your email and password.
#Navigate to the "Help Desk" section.
#On the right-hand side of the screen you will see a box labeled "Settings". Click on it.
#On the left side of the web page under help desk, you will see “User Accounts." Click on it and it will take you to all the users available on Spiceworks.
#Towards the right side of the screen you will see “Add Users," click on it.
#Fill out the invitation with first and last names and the email the technician uses most often. Assign them a proper role in Spiceworks. (Put billing rate as $0.00)
#Send invitation

'''Checking Tickets'''

#Log into Spiceworks
#Towards the top left of the screen you will see a drop down box with “Inventory," click to drop down other options and navigate to the tab that is labeled “Help Desk."
#Next to “Tickets” there is a gray drop down box. The default is labeled “Unassigned Tickets." Click the drop down box and navigate to “My Tickets."
#You will see your assigned work order, with a description and the customer's contact information.

Spiceworks (Retired)

2022-03-31T15:59:25Z

Bchamberlain:

[[Category:Webserver:Deprecated]]
==Accessing and Using Spiceworks==

'''What is Spiceworks?'''

Spiceworks is the site at which 24PinTech can access all work orders that have been assigned to a technician. Once a technician is logged in, they can view, edit, and comment about their work order as well as complete any documentation that is affiliated with the work order.

'''Accessing Spiceworks'''

Any computer in the 24PinTech classroom can access the Spiceworks service. To access the 24PinTech's reserved section in Spiceworks type the upcoming URL into the address bar and it will take you to the login screen for Spiceworks.
<pre>
http://surtr/pro_users/login
</pre>

'''Assigning Work Orders (Manager)'''

#Log into Spiceworks using your email and password.
#Towards the top left of the screen you will see a drop down box with “Inventory," click to drop down other options and navigate to the tab that is labeled “Help Desk."
#To enter a work order process into Spiceworks click on “New Ticket” found towards the top middle of the screen.
#Using information found in the Google work order spreadsheet, give the ticket a name that is related to the customer. In the description text field, include the customer's name, email address and brief breakdown of the issue. Then assign the ticket to a technician (make sure the assigned technician is the same as the one assigned in the google sheets).
##Under the comments, enter the client's email address that the technician should use to contact.
#Inform the technician that they have a new ticket.

'''Adding a New User to Spiceworks'''

#Log into Spiceworks using your email and password.
#Navigate to the "Help Desk" section.
#On the right-hand side of the screen you will see a box labeled "Settings". Click on it.
#On the left side of the web page under help desk, you will see “User Accounts." Click on it and it will take you to all the users available on Spiceworks.
#Towards the right side of the screen you will see “Add Users," click on it.
#Fill out the invitation with first and last names and the email the technician uses most often. Assign them a proper role in Spiceworks. (Put billing rate as $0.00)
#Send invitation

'''Checking Tickets'''

#Log into Spiceworks
#Towards the top left of the screen you will see a drop down box with “Inventory," click to drop down other options and navigate to the tab that is labeled “Help Desk."
#Next to “Tickets” there is a gray drop down box. The default is labeled “Unassigned Tickets." Click the drop down box and navigate to “My Tickets."
#You will see your assigned work order, with a description and the customer's contact information.

Spiceworks (Retired)

2022-03-31T15:58:50Z

Bchamberlain:

[[Category:Webserver,Deprecated]]
==Accessing and Using Spiceworks==

'''What is Spiceworks?'''

Spiceworks is the site at which 24PinTech can access all work orders that have been assigned to a technician. Once a technician is logged in, they can view, edit, and comment about their work order as well as complete any documentation that is affiliated with the work order.

'''Accessing Spiceworks'''

Any computer in the 24PinTech classroom can access the Spiceworks service. To access the 24PinTech's reserved section in Spiceworks type the upcoming URL into the address bar and it will take you to the login screen for Spiceworks.
<pre>
http://surtr/pro_users/login
</pre>

'''Assigning Work Orders (Manager)'''

#Log into Spiceworks using your email and password.
#Towards the top left of the screen you will see a drop down box with “Inventory," click to drop down other options and navigate to the tab that is labeled “Help Desk."
#To enter a work order process into Spiceworks click on “New Ticket” found towards the top middle of the screen.
#Using information found in the Google work order spreadsheet, give the ticket a name that is related to the customer. In the description text field, include the customer's name, email address and brief breakdown of the issue. Then assign the ticket to a technician (make sure the assigned technician is the same as the one assigned in the google sheets).
##Under the comments, enter the client's email address that the technician should use to contact.
#Inform the technician that they have a new ticket.

'''Adding a New User to Spiceworks'''

#Log into Spiceworks using your email and password.
#Navigate to the "Help Desk" section.
#On the right-hand side of the screen you will see a box labeled "Settings". Click on it.
#On the left side of the web page under help desk, you will see “User Accounts." Click on it and it will take you to all the users available on Spiceworks.
#Towards the right side of the screen you will see “Add Users," click on it.
#Fill out the invitation with first and last names and the email the technician uses most often. Assign them a proper role in Spiceworks. (Put billing rate as $0.00)
#Send invitation

'''Checking Tickets'''

#Log into Spiceworks
#Towards the top left of the screen you will see a drop down box with “Inventory," click to drop down other options and navigate to the tab that is labeled “Help Desk."
#Next to “Tickets” there is a gray drop down box. The default is labeled “Unassigned Tickets." Click the drop down box and navigate to “My Tickets."
#You will see your assigned work order, with a description and the customer's contact information.

Category:Deprecated

2022-03-31T15:57:56Z

Bchamberlain: Created page with "==== This category is for older wiki entries that are no longer used, or retired pages. ===="

==== This category is for older wiki entries that are no longer used, or retired pages. ====

CISCOACA.local (Retired)

2022-03-31T15:56:44Z

Bchamberlain:

[[Category:Deprecated]]
= Our Domain Setup =

The CISCOACA.local domain is setup to run off of the servers called [[Loki]] and [[Logan]]. The both run [[Active Directory]], [[DNS]], and [[DHCP]]. [[Loki]] is configured as the main server by default, and [[Logan]] is configured as the hot standby. They will failover or trade roles if there is ever an issue. [[Logan]] may also occasionally switch to the main server leaving [[Loki]] as the hot standby, which is fine as they will still have redundancy. [[Logan]] is the default standby, as [[Logan]] also runs the web server VMs so it has more load already.

To learn more about any of these things, click their respective links throughout this page.

== Active Directory ==

[[Active Directory]] controls who gets all of our [[Group Policy]]/[[Security Policy]] and how they are applied. Basically, [[Active Directory]] controls how all of the computers in our domain behave, and is what allows us to have our unique logins that work on every computer. Without it, we are unable to login, we lose our shared folders, and we lose all our [[Security Policy]].

== Domain Name Services ==

Domain Name Services (or [[DNS]]) is what translates website names to IP addresses (like 24pin.tech to our public IP to Logan). Without it, accessing the internet and other computers on the network would require us to have all of the IPs memorized. That is bad. We like [[DNS]]. [[DNS]] is also needed for things to function properly since our network is in the middle of MUSD.local's things, so we need to forward properly through them.

== DHCP ==

[[DHCP]] is run on [[Loki]] as the main server, and [[Logan]] is the hot standby. Our [[DHCP]] setup is fairly basic, but we do have special settings configured for [[FOG]] and for our servers and printers we have [[DHCP]] reservations.

== Group Policy ==

[[Group Policy]] is where all of the settings and changes that we want to make to all of the computers in our network are made. Pretty much every Windows setting you have ever heard of, and many you haven't heard of, can be changed here and applied to some or all of the computers or servers in our network. We have different [[Group Policy]] settings set for our normal computers than the servers, and different ones are applied to computers that may run through our [[Active Directory]] but are in different rooms. Our [[Security Policy]] is part of [[Group Policy]] but has it's own page, as it is very important to keep things controlled and needed more of an explanation than other parts of [[Group Policy]].

File:HESK settings.PNG

2022-02-18T15:12:38Z

Bchamberlain:

Hesk/Help Desk

2022-02-18T15:12:08Z

Bchamberlain:

==About==
HESK is a basic, lightweight, help desk program that we use to process our work orders for 24PinTech. We downloaded the software from [[HESK.COM]] and it fully integrated with our 24Pin.tech website. The URL to access the new software is at [https://service.24pin.tech. service.24pin.tech.]

=='''Installation'''==
The installation of HESK required a download from hesk.com. We downloaded and installed [https://www.hesk.com/download.php HESK 3 (version 3.2.2)] The installation was somewhat problematic due to lack of documentation regarding the installation process for Nginx. I used the following documents to piece together the process.

*https://www.hesk.com/demo/docs/step-by-step-guide.html
*https://www.digitalocean.com/community/questions/how-to-create-subdomain-with-nginx-server-in-the-same-droplet

====Step 1====
Download [https://www.hesk.com/download.php Hesk 3.2.2 (or latest version)] to a known directory.

====Step 2====
This step will use a tool called PuTTY ''64x86'' which can be downloaded from [https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html their website]. After installing you will open a new CMD window and navigate to the PuTTY install directory. ''My command...'' <code>cd C:\Program Files\PuTTY</code>. Once you have successfully navigated to the installation directory you will enter the command to send the zip to the webserver... <code>pscp.exe <LocalFilePath> <user>@<RemoteHost>:<RemoteDirectory></code> ... <code>pscp.exe ZIP_FILE_LOCATION pintech@10.21.25.11:/home/pintech</code>. The zip has to be placed in the users home due to permission issues.

====Step 3====
Navigate to <code>etc/nginx/sites-available</code> and create a new config in nginx. In this instance I will be creating the service.24pin.tech file. Use an editor like nano or vim to edit the config file. Here is an example <code>sudo nano service.24pin.tech</code> '''''OR''''' <code>sudo nano /etc/nginx/sites-available/service.24pin.tech</code>. Once in the editor create a config file, see the nginx article in this wiki in the section [[Nginx|Configuring Nginx]] for assistance.

====Step 4====
At this point you should be on step 4 of the HESK install file. The URL may be slightly different than what is used on the document. [[File:Hesk snip.png|thumb|150x150px|HESK admin homepage|center]]

====Step 5====
[[File:PhpMyAdmin.png|thumb|phpMyAdmin - add a My SQL database|150x150px]]
During the HESK install you will be asked to set up a MySQL database for HESK. You will use phpMyAdmin to accomplish this. You will naviagate to the [https://24pin.tech/phpMyAdmin/index.php phpMyAdmin] URL and log in. Get the credentials from Chamberlain. Once logged in you will navigate to the Databases page. Type in the name of your new database and use that name when prompted to during the HESK install. '''IMPORTANT:''' MAKE SURE YOU ARE CREATING A NEW DATABASE AND NOT USING AN OLD DATABASE!!!

== '''Updating HESK''' ==

When updating HESK from one version to the next please make sure to update the general settings. There is a section in there where you have to put in our specific URL information for our website and domain. See the photo.

=='''HESK Admin Information'''==
[[File:Hesk login page.png|left|thumb|346x346px|Login section of main page]]

==Initial Login:==

*Navigate to https://service.24pin.tech/admin

*User name: ''First Name'' and ''First Letter of last name'' (ex: Todd H)
*Password: MHSschool

==Ticket==
[[File:Ticket Page.png|thumb|500x500px|Ticket page of Hesk]]

*Main Page

*You can see it in the tickets area with different information
*Changing information about the ticket, as well as assigning, is below the tickets to the right
**You can change information or reply to the customer when clicking on the ticket ID and subject area in main menu
*You can view certain types of tickets
*You can find specific ticket based on certain information

*Under a ticket
**You can look at the message/description they give about their device
**Below the description you can add a hidden note
**You can reply to the customer (do not use this, use it through your email)
***You can choose not to send the email with assigning the ticket, and changing priority
**After the changes you can change ticket status, category, priority, and assignee
**Finally there is ticket internal information, like tracking ID, date it as introduced, that cannot be changed except due date

==Categories:==

*Function:
**Categories allow customers to choose what kind of device they have and is apart of the ticket creation process they do
**They choose this option first when submitting a ticket
*Changing:
**Each category has a set priority, and type if needed to change
**To create a new category click “New Category” in the top right and choose a name, set priority, and whether it is a public or private option
***Public is for the customer choosing the category
***Private is for 24PinTech if needed to change to a specific category

==Team (Users):==
[[File:Creating a new user.png|left|495x495px|thumb|What you see when creating a new user]]

===Creating Users===

*In the top left click new Team member and fill out basic information
*Under Permissions put everyone as staff except the people who require all access.
**Every permission can be left to default or give access to specific areas. Which can allow for allocation within the system.
*Signatures are unneeded. It is just an end of a message
*Preferences are unneeded. Keep default
*Notifications can vary. keep default for everyone
*You can only finish creating a user under the notification tab

===User Editing===

*Admin can edit anything about a user but are very few
*Normal users can edit anything except permissions about their account. Permissions allow the user access specific areas of HESK

*Staff member editing access
**In the top right of the site click their name then click view profile
**Then edit profile
**Under profile information in the password subsection the user can change their password to their preferred password
***You can only save the settings in the notifications tab

==Tools==

===Ban Emails===

*This will be a section where it is Forbidden to ban an account without explicit permission.
*'''Do not add/change'''

===Ban IPs===

*This will be a section that Administrators can never touch under no circumstance.
*'''Do not add/change'''

[[File:Service message 1.png|thumb]]

===Service Messages===

#Display a service message in the customer area, for example to notify them about known issues and important news.
#The Service message can be any of the following: Success, info, notice, or error. in the setting sections
#The service messages will be about something that is unavailable with our services.

===Email Templates===

#The email templates allow you to change/modify emails that are sent to customers and staff members.
#There is nothing able to change in this section.
#To create a canned response go under the Template section under responses .

===Custom Fields===

*This section is used to add custom fields to require additional information from the customer through the ticket process.
*Creating a field:
*#This is a new field for information that the customer has to fill out
*#Everything is self explanatory except category
*##If only a specific device needs it the categories are listed and get rid of the unwanted device

===Statuses===

*This section is used to create new ticket statuses.
*Allows viewing of all tickets and where they fall within the different statuses.
*Creating statuses:
*#Choose the name, color and if customer want to change the status (do not let customers change statuses

==Settings==

===General===

*General Settings:
*#Allows you to change the website title, URL, and Email center.
*#These should never change under any circumstances, or if CEO of 24PinTech requires
*Language:
*#Allows multiple language access
*#Language folders are required to add different languages but must be through the server sides of things and not The website
*Data Base:
*#This is about the server hosting of Hesk
*#'''DO NOT CHANGE'''

===Help Desk===

*Help Desk Settings:
*#This is where the storage on the server of tickets and customizing the message of ticket responses
*#It customizes the home look of tickets from the admin view
*#Change only if necessary
*Features:
*#This is the requirements of filling out a ticket on the customer side
*#It also allows ticket auto-assigning, but it is unnecessary
*#Change only if necessary
*SPAM Prevention:
*#SPAM prevention does what it says, prevents SPAM
*#There can be different types of SPAM prevention, even custom ones
*#Some troubleshooting methods if it does not work: https://www.hesk.com/knowledgebase/index.php?article=27
*#Change only if needed
*Security:
*#This is about the login and having staff users when logging in
*#View tickets is for customers seeing their ticket without requiring their email, but they still need ticket ID
*#'''DO NOT CHANGE FROM FRAMES ONWARD'''
*Attachments:
*#This allows customers to attach any attachments if they want

===Knowledgebase===

*This can make HESK an information base instead of a ticketing system
*'''DO NOT CHANGE'''

===Email===

*Email:
*#This changes the type of emailing system that is used
*#When and who Hesk sends emails: https://www.hesk.com/knowledgebase/index.php?article=94
*#'''DO NOT CHANGE'''
*Email Loops:
*#Changes the responding time of emails
*#'''DO NOT CHANGE'''
*Detect Email Typos:
*#Self explanatory
*#Add any emails that would be used but are not listed
*Notify Customers:
*#Self explanatory
*Other:
*#This is minor things about email filling out whether logged in the setting or filling out a ticket
*#Change only if necessary

===Ticket List===

*Fields in Ticket List:
*#This is what categories are on the ticket page when viewing tickets
*Other:
*#Both things under this section are about the date and time formats of a ticket

==='''Misc'''===

*Date and Format:
*#This is the format of the Date and Time shown anywhere
*#Change if necessary
*Other:
*#IP WHOIS shows the IP address of the customer, The customer will not be able to see it
*#Maintenance mode will turn off the ticketing system for customers
*#Admin link is to see an admin link on the customer request form
*#Submit notice will let the customer see their IP address and warn them it will be tracked
*##'''DO NOT CHANGE'''
*#Users online let you see what users are on and how long ago they were online
*#Updates: Self Explanatory

Thor

2022-02-14T21:45:52Z

Bchamberlain:

Thor is the server that hosts our virtual machines for the IT trainees to use for training. There are 26 total virtual machines, with 6 of them only existing to serve as a base for the other 20. It has 4 gigabit connections that are nic-teamed.

==System Information==
-Processor: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz

-Memory: 71.99 GB

-Operating system: VMWare EXSi 6.7.0 Update 3 (Build 17167734)

==How to connect to Thor==
To connect to the ESXi server, go to 10.21.25.9 in a web browser to get to the login. Login using the same credentials you use for the domain.

After logging in, you will be brought to the host page. This gives all sorts of info about Thor, such as specs like RAM and CPU, and overall load. You can also restart or shutdown the server by clicking the buttons at the top.

==Connecting to virtual machines==
To connect to the virtual machines, click the "Virtual Machines" tab on the left. This will bring up the list of all the virtual machines. You can select some, or all, and power them on or shut them down from here. Or you can click on the name of the virtual machine to bring up more information about it, connect, and do more detailed things. Once in a virtual machine's page, you can power it on or shut it down, view ram and processor usage, network info, storage, connect to the VM, and edit it's settings. We really should only need to power on/off, connect, and occasionally restore the virtual machine from snapshots if something goes wrong. To connect, a virtual machine must be powered on. Once it is powered on, click on the "Console" button at the top left. This will give you some options to connect. You can open it as a window in the ESXi console with "open browser console", or you can open it in a new browser tab or window with the new tab or new window links. You can also use VMRC, which is a proprietary connection made by VMWare, this has not been tested on our servers at the time of writing.

To restore a virtual machine from a snapshot, you must be in the virtual machine's page (by clicking it's name in the list of virtual machines), then click actions. Then click snapshots from the dropdown, and then restore snapshot. It will ask you if you want to restore from the latest one, and click restore if the newest one works (We currently only have one snapshot saved for all of them, which is confirmed good). To manually pick a snapshot to restore from, choose manage snapshots instead of restore snapshots, and it will take you to the list of snapshots. At the time of writing the "Original" snapshot is the only one that exists, which is the first snapshot that we made after creating. This is the one to go to if all else fails, and will probably be the only snapshot. When you know which one you want to choose from the list, click the name, then click restore snapshot from the top of the popup window. Then confirm by clicking restore.

==Mounting a USB or portable HDD==
In order to add software to a VM it is necessary to have the ability to transfer files from a USB or a portable HD. The following will guide you through that process. Download the software you need to a portable HD or a USB drive and attach the drive to Thor. Then power on the VM you wish to install the software to. Then right click on the VM and edit settings. Click the add other device link and choose USB device. You should then see the device that you attached to the computer in the drop down list, choose it and click save. Then log into the VM and open file explorer. You should now see the device you attached, just open it to access your file and install the software as you normally would. Here is a link that explains the process.

https://www.youtube.com/watch?v=cdvPNhG1GYg

==Cloning an Image==

*Right click on the image to be cloned
*Click export with images
*Choose only the vmdk file
*Export
*Click "Create/Register VM"
*Click "Deploy a virtual machine from an OVF or OVA file"
*Name it "<name of original image> (<iteration>)"
**Example: Networking Image (1)

*Upload the exported OVF template and VMDK file
*Hit next and select literally any disk except for "Images for cloning"
*hit next twice
*Finish

==Installing EXSI==
https://my.vmware.com/en/web/vmware/evalcenter?p=free-esxi6

DHCP

2022-01-18T21:14:14Z

Bchamberlain:

=Our DHCP Setup=

Our DHCP is run on [[Loki]] mainly, but [[Logan]] is on hot standby. DHCP is what gives out the IP addresses to the devices on our network. Without it, we would have to use static IP addresses, or we would not be able to communicate properly. Both of the servers keep each other synced on what IP addresses have been given out to ensure there are no conflicts.

==Address Pool==

Our scope is 10.21.25.0, as that is our network. The DHCP server only distributes addresses in from 10.21.25.30 to 10.21.25.247. The rest in the network are reserved for servers and printers, or anything else that needs a static IP. The following chart represents our current setup...

===Hostname IP address===
Gateway 10.21.25.1

Valhalla 10.21.25.2

Odin 10.21.25.3

Friia 10.21.25.4

Yggdrasil 10.21.25.5

MacMini 10.21.25.6

Asgard 10.21.25.7

Heimdall (ESXI VM's) 10.21.25.8

Thor 10.21.25.9

Not assigned 10.21.25.10

LoganWeb (VM Valhalla) 10.21.25.11

Sleipnir (VM Valhalla) 10.21.25.12

Midgard (Unraid) 10.21.25.13

Macmini Backup 10.21.25.15

NAS 24PinTech 10.21.25.16

Perle IOLAN Console Serv 10.21.25.17

Opengear 10.21.25.18

Sleipnir 2 10.21.25.19

vSphere Purposes 10.21.25.20-25

Fog 10.21.25.29

==Address Leases==

These are all of the current DHCP releases that the DHCP servers have put out that are active.

==Reservations==

This is where all of our static DHCP-side reservations for our servers, printers, NAS, etc., are located. You can double click any of them to edit their specific settings.

==='''Hostname IP address'''===
LoganWeb (VM on Valhalla) 10.21.25.11

NAS 24PinTech 10.21.25.16

SC-P8000Series-2D6580 10.21.25.90

NPI7C274C (HP LaserJet P4014) 10.21.25.241

NPI82FF0E (HP Color LaserJet M553) 10.21.25.243

==Scope Options==

This is where we configure our DHCP options. To configure options that we don't already have set, right click "Scope Options" and click on "Configure Options" and configure what you need. Below are the options we already have set:

[[File:DHCP_Options.PNG]]

These options set where the computers will look for DNS, what our domain name is ([[CISCOACA.local]]) and the other options tell computers to PXE boot from [[FOG]] and configures the settings they need to boot from [[FOG]].

==Policies==

These are settings that are applied to certain devices based off of rules defined by the policy, like IP address range, vendor, etc.

The only policy we have currently configured is called UEFI, which applies to network booting via UEFI. It sets options 66 and 67 to make sure devices will boot properly off of [[FOG]]. 67 is set to ipxe.efi, and 66 is set to 10.21.25.4.

==Server Options==

This is where settings can be configured globally across the whole DHCP server. We have none of these currently configured.

==Policies (Not within scope)==

Same as above policies but global, we do not have this configured.

==Filters==

This allows you to block or allow certain MAC addresses from receiving DHCP addresses.

24PinTech Business Plan

2021-05-25T19:24:42Z

Bchamberlain:

==Executive Summary==
The 24PinTech team aims to satisfy each customer’s needs by supplying a number of services regarding computer and electronic repairs. The business will allow the students to be able to gain experience in Information Technology, thus preparing them for future careers within the industry.

Intended customers are the students and staff of Maricopa High School that are experiencing any sort of problem with their electronics, whether it be a Mac, PC, laptop, mobile device, or any other electronic device.

The employees of 24PinTech will be students enrolled in the Computer Maintenance 2 class at Maricopa High School which is taught by our sponsor, Mr. Chamberlain. This class focuses on the business running work orders for students and staff on their electronic devices that need repairs. Each employee also furthers their technological knowledge by enrolling in courses through the TestOut Corporation, an industry recognized certification agency for Information Technologies. A minimum of two new certifications per school year is required of each employee.

With this business, we hope to accomplish a few tasks; while increasing our knowledge of the I.T. industry, gain hands-on experience within the industry, and provide a free alternative to local computer-repair businesses. We know a lot of people in the community simply don’t have the funds to spend on a simple computer fix. With our help, we hope to create a free alternative that enables more people to get the electronic support they require, without the heavy expense that is required of our competitors.
==Workshop Description==
Considering that we are an up and coming business there will be many things to learn. But we also have some goals and objectives that we aim to achieve within our time of running this business. A couple of goals and objectives vary from the ability to provide precise and improved services, keep our skills current, have a wide range of customers, and acquire first-hand experiences with networks, mobile devices, computer software and/or hardware support.

Our primary target markets are mobile owners followed by PC or Windows-based systems owners, and Mac owners. This can range from basic hardware repairs to installing operating systems or running cables for a business. Our team specializes in a variety of IT fields, ranging from networking to hardware to software. This enables us to have an impressive skill base when supporting customers. If one member of the team needs help in a certain area, there will be other team members able to assist them. If the entire team lacks the knowledge, we also have the ability to learn and find out what we need to accomplish, due to a basic understanding of all IT fundamentals, giving us an advantage over the average user.

Using AzSTRUT and the Apple Store as an example we have moved the shop into the back room where the TV studio used to be. We have installed shelving to store all our large equipment as well as a reception table and wait area for customers. The TV studio control room has been cleared out and will be replaced with work tables for 24pintech technicians. I-top has been set up and will be used for inventory of all equipment. We are currently using Spiceworks as the work order system but will transition over to I-top during the 2018 - 2019 school year.
==Provided Services==

All services provided by 24PinTech will be given at no charge to the customer, the only cost that customers bear is the cost of parts needed to perform the repair. There are various services that an IT Support Services company needs to provide. From hardware maintenance to software solutions, or even cables and networks; there are many tasks that need to be completed in order for a company such as 24PinTech to flourish.

To start, a majority of our work will be relating to hardware maintenance, whether it be cables, computers or mobile devices. The following is a comprehensive list of the various hardware support we provide:

*Help consult and build custom PC’s for customers
*Install and maintain computer components and peripherals
*Install, maintain and route cables using cable management techniques
*Support and repair various technology
*Replace outdated systems

Another key category of our work will be software-related. The following is a list of software support and administration we can provide:

*Data recovery services
*Updating, imaging, or repairing Windows, Linux and OSX-based operating systems
*Removal of malware, viruses, adware or spyware
*Installing and maintaining applications

In addition, our company will deal with network troubleshooting and solutions. Networks involve both physical and internal systems, so we will provide the following:

*Scan networks for faults, and knowing how well certain computers would run in certain networks or other groups
*Design, install and maintain networks for customers
*Install internal firewall systems
*Analyze networks for security risks

==Marketing Plan==
'''Problem:''' The problem is that computers and mobile devices break, and the common person is either unaware of how to fix it, or resorts to spending an excessive amount of money on other services.

'''Solution:''' 24PinTech: a free IT Support Services company that can fix computers and even mobile devices.

'''Mission Statement:''' 24PinTech aims to give the customer the best repair experience possible.

'''Competitors''':

*Data Doctors of Maricopa
*Computer Experts
*Hart Computer Solutions
*Fast-Teks On-Site Computer Service
*Precision Computer Repair LLC

'''Target Markets:'''

*Primary - people experiencing issues with technology

*Secondary - people wishing to upgrade technology

'''Costs:''' Services will be free of charge but customers may be required to purchase components and materials.

'''Income Potential:''' There is no income potential due to the fact that we are a non-profit business.

'''Promote:''' We will promote our company through the use of commercials and social media.

'''Budget:''' The budget being used for tools and basic supplies is the District CTE Budget.

'''Customer Outreach:''' Appointments will have to be made after schooling hours or during lunch.

==Operational Plan==
During an average day, we will come to class and immediately log into our private helpdesk ticket system. We will review the tickets that are assigned, and then proceed to have a team meeting at least once a week. During the meeting, we will discuss what we need to accomplish the day of, the week of, and any upcoming events or items we need to be aware of. This shouldn’t take longer than 15 minutes. The managerial team will proceed to meet and discuss work performance, tickets needing to be assigned, and any other items of importance.

From there, the team will either: 1) Work on the personal tickets they were assigned. Or: 2) work on specific class assignments or continue professional training using TestOut training and certification system.

A majority of time will be spent in the classroom, the workshop, or after school under the supervision of Mr. Chamberlain. The end goal is to provide a valuable service to the community. There will be times when people are asked to stay after school or come in to work on the weekends. Treating this like a business will give students the opportunity to understand and gain experience of a real work environment.

Professionalism, work ethic, attending events and learning are all part of real world jobs, so they will be heavily graded as part of this program. During the work day, all members of the team are expected to display a sense of professionalism as they go about their tasks. When working they not only represent the I.T. program and Mr.Chamberlain, but they represent Maricopa High School and the surrounding community. It is vitally important to always be working as hard and as well as you can. Any infractions on any level determined by the managers/supervisors/Mr. Chamberlain will be put on suspension and be put on a PIP (Performance Improvement Plan) and/or be terminated from the company.

==Job Titles and Descriptions==
The following is a list of the job titles and descriptions:

'''Data Recovery Technician'''

A Data Recovery Technician will manage and take care of any data related problems with the customer’s devices.

'''Windows Computer Technician'''

Technicians will service and repair Windows-based computer systems, regarding both hardware and software. They will also help troubleshoot, suggest and perform solutions to each customer’s problem(s).

'''Manager'''

Managers are to consult and guide workers, take care of customers and make assignments based on the needs of the company.

'''Customer Service Technician'''

Computer Service Technicians assess, repair, and maintain computers for companies, businesses, or consumers.

'''System Administrator'''

System Administrators will work on designing, organizing, modifying, and supporting the company’s computer systems. They will design and install different types of networks such as LANs and WANs.

'''Mobile Device Technician'''

A Mobile Device Technician diagnoses and performs repairs on electronic devices such as smartphones and tablets.

'''SOHO Support'''

The SOHO Support position is responsible for the support and management of a client’s local network upon order. The SOHO Support will function as a network administrator and must have experience in the computer networking field.

'''General Consultant'''

A General Consultant works with different customers to set up their computer, and network systems. They find flaws in their systems and think of solutions to fix these problems along with what proprietary services they would be able to cover. The point of a Consultant is to go to a company looking to upgrade or update their computers, network, or other technological systems and assist them in finding services that their company does.

== Link to Original Document ==
https://docs.google.com/document/d/1PZWtILi96oqMKEDsDASeqC72lFgFtyKkW56acWrKoBo/edit

Mac Configuration

2021-05-05T17:18:38Z

Bchamberlain:

===Adding a Mac to Active Directory===
Before a student can log in and use a mac the computer must be bound to the CTE Active Directory Domain ([https://wiki.24pin.tech/index.php?title=Mhs.24pin.tech mhs.24pin.tech]). To do this follow the instructions below carefully.

====Delete all users====
[[File:Screen Shot 2021-05-05 at 7.00.19 AM.png|thumb|428x428px]]
Click on the system preferences icon located on the application bar at the bottom of the screen and open users and groups.

Click on the padlock in the lower right hand corner and enter the local admin username and password so you can change the settings. The only two users that should be located here are MUSD and Guest. Guest should be off. Highlight any other users and click the - button to remove them. Close the Window.
[[File:Screen Shot 2021-05-05 at 7.01.32 AM.png|left|thumb|Users folder contents]]
Next open finder, it is the blue and white happy face in the application bar. Then go to the menu bar at the top of the desktop and click go and choose computer from the menu. Then click on MAC HD then click on the users folder.

Once in the folder there should only be two icons, MUSD and Shared. Please move any other folders to the trash and then empty the trash.

====Check for updates====
Next check for updates by clicking on the App store icon, it is a blue circle with a white A, located in the application bar. Open it up and navigate to updates. Run any updates that the computer needs. If you need to authenticate to the App Store contact Brad Chamberlain for the username and password to the Apple account linked to our systems.

====Bind to AD====
[[File:Screen Shot 2021-05-05 at 7.04.18 AM.png|thumb|Directory Utility Search]]
[[File:Screen Shot 2021-05-05 at 7.05.27 AM.png|left|thumb|255x255px|Bind to AD and change computer name]]
Now you will bind your system to Active Directory. The first thing you need to do is to open the Directory Utility. Open a finder window and in the search tab in the upper right hand corner type in Directory Utility. Once there open up the Directory Utility click on the padlock in the lower right hand corner and enter your local admin credentials to make changes. Click on Active Directory then click on the pencil just above the padlock to edit the directory settings.

Notice the image to the left. In the Active Directory Domain field type in mhs.24pin.tech. In the field Computer ID make sure to type in the computer name. Each computer in your lab should use the following naming conventions.

*Photography - Photo followed by the number i.e. Photo1

*Graphic Design - graphics- followed by the number i.e. graphics-1

[[File:Screen Shot 2021-05-05 at 7.05.58 AM.png|thumb|AD Admin Prompt]]
[[File:Screen Shot 2021-05-05 at 7.06.43 AM.png|left|thumb|Mobile account settings]]
When done click the bind button. You will then be prompted to put in your AD Credentials, see the box to the right. If you don't know your credentials ask Brad Chamberlain. Once done click OK. You will not be back at the directory utility window. You will see on the left hand side of the window "Show Options" with a triangle next to it. Click on the triangle show show your options, see the image to the left.
[[File:Screen Shot 2021-05-05 at 7.08.38 AM.png|thumb|computer name]]
Check the bus that says "Create mobile account at login. When done click OK. You now only have one final step and the process will be completed. Close all windows and then open up your "System Preferences" again. Click on the icon that says "Sharing". At the top of the window is a field called "Computer Name" In that field make sure the name exactly matches the name you used when you bound the system to AD. Once done then click on the edit button and change the name in there to the same name. Please note it will say .local after the computer name, that is fine you will not be able to change it. Once done click OK and close out of any remaining open windows.

To test your configuration please reboot the computer and when prompted at the login use your AD username and password. Once you log back in you will have to set up your computer as if it were the first time. You will only have to do this for your first login. Subsequent logins will go straight to the desktop. Please do the following for each step.

*Fire Vault - You will be prompted to set up Fire Vault with a username and password, please bypass this step by pressing the bypass button
*Apple ID - If you have an Apple ID that you wish to link to this computer please enter it now, it will only be linked to this specific login and other users will not be able to use it. If not just click the "set up later" link at the top of the window.
*Screen Time - click on "set up later"
*Siri - Disable Siri by unchecking the box and then clicking "continue"
*Choose your look - choose which ever you are most comfortable with.

Walla!!!! you are now finished. If you have any problems with this process please contact [http://24pin.tech 24pin.tech] and put in a work order for assistance.

=== Unbinding a Mac from Open Directory ===
You mac may have been bound to Open Directory prior to 2021. If so you should unbind it before the start of the 2021 school year as the Open Directory servers are being retired in May of 2021. Please follow the following steps to unbind the Macs.

* Open your System Preferences and click on users and groups.
* Click on the padlock and unlock it with the local administrator credentials.
* Click on Login Options in the lower left hand corner.
* Click on the Edit button in the Network Account Server field.
* Choose any Open Directory Server, it most likely will say Macmini.local, by clicking it.
* Click the minus button on the bottom left hand corner and finish removing it by following the prompts.
* When done close the Users and Groups window.

Mac Configuration

2021-05-05T16:55:02Z

Bchamberlain:

===Adding a Mac to Active Directory===
Before a student can log in and use a mac the computer must be bound to the CTE Active Directory Domain ([https://wiki.24pin.tech/index.php?title=Mhs.24pin.tech mhs.24pin.tech]). To do this follow the instructions below carefully.

====Delete all users====
[[File:Screen Shot 2021-05-05 at 7.00.19 AM.png|thumb|428x428px]]
Click on the system preferences icon located on the application bar at the bottom of the screen and open users and groups.

Click on the padlock in the lower right hand corner and enter the local admin username and password so you can change the settings. The only two users that should be located here are MUSD and Guest. Guest should be off. Highlight any other users and click the - button to remove them. Close the Window.
[[File:Screen Shot 2021-05-05 at 7.01.32 AM.png|left|thumb|Users folder contents]]
Next open finder, it is the blue and white happy face in the application bar. Then go to the menu bar at the top of the desktop and click go and choose computer from the menu. Then click on MAC HD then click on the users folder.

Once in the folder there should only be two icons, MUSD and Shared. Please move any other folders to the trash and then empty the trash.

====Check for updates====
Next check for updates by clicking on the App store icon, it is a blue circle with a white A, located in the application bar. Open it up and navigate to updates. Run any updates that the computer needs. If you need to authenticate to the App Store contact Brad Chamberlain for the username and password to the Apple account linked to our systems.

====Bind to AD====
[[File:Screen Shot 2021-05-05 at 7.04.18 AM.png|thumb|Directory Utility Search]]
[[File:Screen Shot 2021-05-05 at 7.05.27 AM.png|left|thumb|255x255px|Bind to AD and change computer name]]
Now you will bind your system to Active Directory. The first thing you need to do is to open the Directory Utility. Open a finder window and in the search tab in the upper right hand corner type in Directory Utility. Once there open up the Directory Utility click on the padlock in the lower right hand corner and enter your local admin credentials to make changes. Click on Active Directory then click on the pencil just above the padlock to edit the directory settings.

Notice the image to the left. In the Active Directory Domain field type in mhs.24pin.tech. In the field Computer ID make sure to type in the computer name. Each computer in your lab should use the following naming conventions.

*Photography - Photo followed by the number i.e. Photo1

*Graphic Design - graphics- followed by the number i.e. graphics-1

[[File:Screen Shot 2021-05-05 at 7.05.58 AM.png|thumb|AD Admin Prompt]]
[[File:Screen Shot 2021-05-05 at 7.06.43 AM.png|left|thumb|Mobile account settings]]
When done click the bind button. You will then be prompted to put in your AD Credentials, see the box to the right. If you don't know your credentials ask Brad Chamberlain. Once done click OK. You will not be back at the directory utility window. You will see on the left hand side of the window "Show Options" with a triangle next to it. Click on the triangle show show your options, see the image to the left.
[[File:Screen Shot 2021-05-05 at 7.08.38 AM.png|thumb|computer name]]
Check the bus that says "Create mobile account at login. When done click OK. You now only have one final step and the process will be completed. Close all windows and then open up your "System Preferences" again. Click on the icon that says "Sharing". At the top of the window is a field called "Computer Name" In that field make sure the name exactly matches the name you used when you bound the system to AD. Once done then click on the edit button and change the name in there to the same name. Please note it will say .local after the computer name, that is fine you will not be able to change it. Once done click OK and close out of any remaining open windows.

To test your configuration please reboot the computer and when prompted at the login use your AD username and password. Once you log back in you will have to set up your computer as if it were the first time. You will only have to do this for your first login. Subsequent logins will go straight to the desktop. Please do the following for each step.

* Fire Vault - You will be prompted to set up Fire Vault with a username and password, please bypass this step by pressing the bypass button
* Apple ID - If you have an Apple ID that you wish to link to this computer please enter it now, it will only be linked to this specific login and other users will not be able to use it. If not just click the "set up later" link at the top of the window.
* Screen Time - click on "set up later"
* Siri - Disable Siri by unchecking the box and then clicking "continue"
* Choose your look - choose which ever you are most comfortable with.

Walla!!!! you are now finished. If you have any problems with this process please contact [http://24pin.tech 24pin.tech] and put in a work order for assistance.

Mac Configuration

2021-05-05T16:30:13Z

Bchamberlain: Changed info to bind macs to AD

File:Screen Shot 2021-05-05 at 7.08.38 AM.png

2021-05-05T16:28:02Z

Bchamberlain:

computer name

File:Screen Shot 2021-05-05 at 7.06.43 AM.png

2021-05-05T16:18:39Z

Bchamberlain:

Mobile account

File:Screen Shot 2021-05-05 at 7.05.58 AM.png

2021-05-05T16:15:38Z

Bchamberlain:

AD Prompt

File:Screen Shot 2021-05-05 at 7.05.27 AM.png

2021-05-05T16:10:36Z

Bchamberlain:

Bind to the directory and change computer name.

File:Screen Shot 2021-05-05 at 7.04.18 AM.png

2021-05-05T16:04:54Z

Bchamberlain:

Directory Utility

File:Screen Shot 2021-05-05 at 7.01.32 AM.png

2021-05-05T14:21:23Z

Bchamberlain:

Users folder

File:Screen Shot 2021-05-05 at 7.00.19 AM.png

2021-05-05T14:16:05Z

Bchamberlain:

users and groups

Mhs.24pin.tech

2021-04-29T22:02:37Z

Bchamberlain:

=Our Domain Setup=
The mhs.24pin.tech domain is setup to run off of the servers called Odin and Friia. They both run [https://10.21.25.11//wiki.24pin.tech/Active_Directory Active Directory], [https://10.21.25.11//wiki.24pin.tech/DNS DNS], and [https://10.21.25.11//wiki.24pin.tech/DHCP DHCP]. Odin is configured as the main server by default, and Friia is configured as the hot standby. They will failover or trade roles if there is ever an issue. Friia may also occasionally switch to the main server leaving Odin as the hot standby, which is fine as they will still have redundancy. Friia is the default standby, as Friia also runs the web server VMs so it has more load already.

To learn more about any of these things, click their respective links throughout this page.
==Active Directory==
[https://10.21.25.11//wiki.24pin.tech/Active_Directory Active Directory] controls who gets all of our [https://10.21.25.11//wiki.24pin.tech/Group_Policy Group Policy]/[https://10.21.25.11//wiki.24pin.tech/Security_Policy Security Policy] and how they are applied. Basically, [https://10.21.25.11//wiki.24pin.tech/Active_Directory Active Directory] controls how all of the computers in our domain behave, and is what allows us to have our unique logins that work on every computer. Without it, we are unable to login, we lose our shared folders, and we lose all our [https://10.21.25.11//wiki.24pin.tech/Security_Policy Security Policy].
===Domain Name Services===
Domain Name Services (or [https://10.21.25.11//wiki.24pin.tech/DNS DNS]) is what translates website names to IP addresses (like 24pin.tech to our public IP to Friia). Without it, accessing the internet and other computers on the network would require us to have all of the IPs memorized. That is bad. We like [https://10.21.25.11//wiki.24pin.tech/DNS DNS]. [https://10.21.25.11//wiki.24pin.tech/DNS DNS] is also needed for things to function properly since our network is in the middle of MUSD.local's things, so we need to forward properly through them.
===DHCP===
[https://10.21.25.11//wiki.24pin.tech/DHCP DHCP] is run on Odin as the main server, and Friia is the hot standby. Our [https://10.21.25.11//wiki.24pin.tech/DHCP DHCP] setup is fairly basic, but we do have special settings configured for [https://10.21.25.11//wiki.24pin.tech/FOG FOG] and for our servers and printers we have [https://10.21.25.11//wiki.24pin.tech/DHCP DHCP] reservations.
===Group Policy===
[https://10.21.25.11//wiki.24pin.tech/Group_Policy Group Policy] is where all of the settings and changes that we want to make to all of the computers in our network are made. Pretty much every Windows setting you have ever heard of, and many you haven't heard of, can be changed here and applied to some or all of the computers or servers in our network. We have different [https://10.21.25.11//wiki.24pin.tech/Group_Policy Group Policy] settings set for our normal computers than the servers, and different ones are applied to computers that may run through our [https://10.21.25.11//wiki.24pin.tech/Active_Directory Active Directory] but are in different rooms. Our [https://10.21.25.11//wiki.24pin.tech/Security_Policy Security Policy] is part of [https://10.21.25.11//wiki.24pin.tech/Group_Policy Group Policy] but has it's own page, as it is very important to keep things controlled and needed more of an explanation than other parts of [https://10.21.25.11//wiki.24pin.tech/Group_Policy Group Policy].

== Binding Computers to the Domain ==

=== Binding Macs ===
[[File:Screen Shot 2021-04-29 at 2.56.35 PM.png|left|thumb|Directory Utility Bind Window]]
[[File:Screen Shot 2021-04-29 at 2.25.32 PM.png|thumb|Sharing setting window]]
Binding Macs is a very simple process. Log into the machine locally. Open system settings and navigate to sharing.

Once there in the computer name box enter the correct computer name. Please make sure that below that it says the name.local. If it does not just go the the edit box in the right and open it and close it, that should correct the issue.

Now close that window and open the directory utility to begin the process of binding your system to the domain. You may have to search for it by opening the finder, clicking applications, then typing in directory utility in the search bar. Once it is open click on the padlock on the bottom and log in with your local admin credentials. Highlight active directory and click on the edit button, looks like a little pencil in the lower left hand corner.

This will open the bind window. Enter the name of our domain in the dialogue box (mhm.24pin.tech) and make sure the Computer ID matches the computer name you set up in Sharing. Also make sure you check the create mobile account at login, and the require confirmation before creating a mobile account check box just below it. The click OK. You will then be prompted to use your Domain Admin username and password from AD to join the system to the domain. Reboot the machine and log in using your MHS.24PIN.Tech credentials to ensure that it works.

File:Screen Shot 2021-04-29 at 2.56.35 PM.png

2021-04-29T21:57:23Z

Bchamberlain:

Directory Utility Bind Window

File:Screen Shot 2021-04-29 at 2.25.32 PM.png

2021-04-29T21:26:15Z

Bchamberlain:

Mac settings

Active Directory

2021-04-27T20:31:36Z

Bchamberlain:

=Our Active Directory Setup=
If you are not sure how our domain works, start at the [[Mhs.24pin.tech]] specific page.

Our active directory setup is quite simple, in our Active Directory, we just have the users that use the lab (which is organized into classes) and the computers we use that are on our domain. We have the computers also organized by room and number.

==Computers==

In Active Directory Users and Computers, all of our computers are located in the "All Computers" folder. Within that folder they are organized by room, and also may be organized by number within that to make things easier to view.

The servers are located in the "Domain Controllers" section, separate from all of the other computers.

Different group policy settings are assigned to different folders. The "Domain Controllers" folder has different settings for the computers within than the "All Computers" folders for example. This is because different computers in different areas may need different settings.

===Computer Groups===
We have a few groups to help control computers in group policy.

====Domain Computers====

All of the computers except for domain controllers are in the Domain Computers group. This puts all of the settings that are created in group policy for the lab onto these computers based on the group's settings.

====Domain Controllers====

Our two domain controllers [[Loki]], and [[Logan]] are currently the only computers in this group. That is because computers that control the domain need separate settings and controls applied to them, so this helps ensure that.

Active Directory

2021-04-27T20:30:39Z

Bchamberlain:

=Our Active Directory Setup=
If you are not sure how our domain works, start at the [[MHS.24PIN.Tech]] specific page.

Our active directory setup is quite simple, in our Active Directory, we just have the users that use the lab (which is organized into classes) and the computers we use that are on our domain. We have the computers also organized by room and number.

==Computers==

In Active Directory Users and Computers, all of our computers are located in the "All Computers" folder. Within that folder they are organized by room, and also may be organized by number within that to make things easier to view.

The servers are located in the "Domain Controllers" section, separate from all of the other computers.

Different group policy settings are assigned to different folders. The "Domain Controllers" folder has different settings for the computers within than the "All Computers" folders for example. This is because different computers in different areas may need different settings.

===Computer Groups===
We have a few groups to help control computers in group policy.

====Domain Computers====

All of the computers except for domain controllers are in the Domain Computers group. This puts all of the settings that are created in group policy for the lab onto these computers based on the group's settings.

====Domain Controllers====

Our two domain controllers [[Loki]], and [[Logan]] are currently the only computers in this group. That is because computers that control the domain need separate settings and controls applied to them, so this helps ensure that.

Nginx

2021-04-26T21:54:55Z

Bchamberlain: added troubleshooting section

==About==
Nginx (pronounced engine-x) is web server which can also be used proxy, load balancer, mail proxy and HTTP cache. It's also a modern alternative to something like Apache, IIS, or Caddy.

==Prerequisites==
An nginx installation should be pretty accessible regardless of your OS. This guide is specifically written for Ubuntu Server 18.04 LTS, but should work on any other type of Unix operating system. The setup that we're using is commonly referred to as a LEMP stack (Linux, nginx, MySQL, PHP.)

*nginx/1.14.0 (Ubuntu)
*PHP 7.2.10-0ubuntu0.18.04.1 (cli)
*MySQL v14.14 Distribution 5.7.24

If you've just installed a new operating system, you'll want to update your local package index by running <code>sudo apt-get update</code>, and then add the Universe repository by running <code>sudo apt-add-repository universe</code>.

==Installing nginx==
To start, you're going to want to install nginx using the aptitude package manager. You can do this by running <code>sudo apt-get install nginx</code>. Once you run that, you'll want to go through the configuration prompt that appears.

.

After nginx and its subsequent dependencies have finished installing, you'll want to let it through the firewall by running <code>sudo ufw allow 'Nginx HTTP'</code>. Check what your current IP is by running <code>ifconfig</code>, and then look for whatever interface looks correct. In this instance, the proper interface is <code>eth0</code>.

.

[[File:Ifconfig-example.png|left|frame|an example of the results from ifconfig]]
After running the command, the first indented line should say '''''inet''''' and then an IP address afterwards. Verify functionality of nginx by going to your web browser and typing <code><nowiki>http://{ip}/</nowiki></code> where <code>{ip}</code> is what follows after '''''inet'''''.

If the default nginx page displays, continue to the next section.

.

.

.

.

.

==Installing MySQL==
The process of installing MySQL is fairly similar to installing nginx, although MySQL does require a little bit of configuration before it will function properly. Start off by running <code>sudo apt-get install mysql-server</code>, and then once it finishes run the setup script by typing <code>sudo mysql_secure_installation</code>.

.

The first thing that the installations script will ask you is if you'd like to enable the <code>VALIDATE PASSWORD PLUGIN</code>, but don't. If you don't care about why, then skip to the next paragraph, but if you do, keep reading. Essentially, the plugin throws errors if passwords don't meet specific criteria. This causes issues if you either a.) use weak passwords, or b.) install a package that automatically compiles and creates a default account with basic credentials. '''It is always good practice to use strong passwords for everything, and database credentials are no exception.'''

.

Say yes to the rest of the questions and use good judgement if it asks something that requires anything other than a Y/N input.

==Installing PHP==
Again, installing PHP is very similar to two sections preceding this one. Start off by installing the <code>php-fpm</code> and <code>php-mysql</code> packages by running <code>sudo apt-get install php-fpm php-mysql</code>. After it installs, you'll want to edit <code>php.ini</code> by running <code>sudo vim /etc/php/7.2/fpm/php.ini</code>.

.

'''''Note:''' If the file isn't found, check'' the directory path by using the <code>cd</code> command and seeing where something doesn't exist.

.

If you're using Vim, type a <code>?</code> and search for <code>cgi.fix_pathinfo</code>. You should be taken to a line that's commented out and says <code>;cgi.fix_pathinfo=0</code> or something similar. Press the <code>i</code> key to start editing and remove the <code>;</code> to uncomment it. If the variable is set to 1, change it to 0. Press the <code>escape</code> key and type <code>:wq</code> to save and quit your changes. If you didn't run Vim as a superuser (if you didn't run the command with <code>sudo</code>), it will throw and error and the file won't save.

.

Once the file saves, run <code>sudo systemctl restart php7.2-fpm</code> to restart PHP.

==Configuring nginx==
The configuration for nginx is a little different compared to anything you might be used to. To start, there are two directories: <code>sites-available</code> and <code>sites-enabled</code>. The former directory actually contains the configuration files, while the latter contains symbolic links to the configuration files and enables them.

.

To start, lets say that we wanted to configure our nginx server to work with the domain <code>example.ms</code>. First, we'd want to verify that the directory <code>/var/www/example.ms</code> exists. Move to the <code>sites-available</code> directory by entering the command <code>cd /etc/nginx/sites-available</code>. Next, you'll want to create a new configuration file with the name of the domain. You can either by running <code>sudo touch example.ms && sudo vim example.ms</code> or simply by running <code>sudo vim example.ms</code> since Vim creates the file if it doesn't exist. Again, press <code>i</code> to edit the file. Once you're in edit mode, you'll want the contents to look something like this:<pre>
server {
listen 80;
listen [::]:80;

# this is a comment! you don't have to include this, but if you're not
# going to be using a domain, then you can replace it with an IP
server_name example.ms;

root /var/www/example.ms;
index index.php index.html index.htm;

location = /favicon.io {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location / {
try_files $uri $uri/ /index.php$args;
}

location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_intercept_errors on;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
</pre>'''''Tip:''' You can periodically save your configuration file by pressing <code>escape</code>, typing <code>:w</code> , and then pressing <code>i</code> again to edit the file.''

'''''Tip''''': If you are adding another domain the <code>listen 80;</code> and <code>listen [::]:80;</code> isn't needed and you can go from <code>server {</code> to <code>server_name example.ms;</code>

''.''

Once you're completely done editing, save and quit the file by pressing the escape key and typing <code>:wq</code>. Finally, you can check your configuration file for errors by running <code>sudo nginx -t</code>. If there are any errors, refer back to your configuration file and see where you went wrong. In the event that nginx threw an error, review your configuration file and look for any missing <code>{</code>, <code>}</code>, or <code>;</code>. Every line that doesn't have curly brackets should end in a semicolon, which is probably the issue. If that isn't, then refer to your favorite search engine and start researching.

.

If nothing went wrong, and your configuration file is completely free of errors, run <code>cd ../sites-enabled</code> to move to the sites-enabled directory. Finally, to enable your website, run <code>sudo ln -s /etc/nginx/sites-available/example.ms ./</code> to create the symbolic link to your configuration file, and then run <code>sudo systemctl restart nginx</code> to restart nginx and make your changes go live.

==Verifying Functionality==
Of course, you'll want to make sure that everything you just did actually works. Run <code>cd /var/www/example.ms && sudo vim info.php</code> to move to your websites home directory and create the file <code>info.php</code>. Inside of the file, type the following:<pre>
<?php
phpinfo();
?>
</pre>... and then save and quit the file by pressing <code>escape</code> and typing <code>:wq</code>. Now, go to <code><nowiki>http://example.ms/info.php</nowiki></code>. If you didn't configure the nameservers for your domain to point to your new nginx server, then just replace the domain name with the IP of the server (refer to the <code>ifconfig</code> part of the [[Nginx#Installing nginx|Installing nginx]] section if you don't know how.)

.

If everything worked properly, you should see a PHP information page with a bunch of library authors and enabled modules. If it doesn't, research!

== Troubleshooting ==
Over time we have run into a few quirks with this server that we listed here....

=== Resetting the IP address ===
Unfortunately we have found that from time to time on server reboots the server forgets the IP address for the webserver. Here is what you need to do to fix it.

Open up the ESXI sesson on .2 and access the webserver. Login with the server admin credentials, ask Chamberlain if you don't know. Enter the following commands...

sudo ifconfig ens32 x.x.x.11 netmask 255.255.255.0 (where x.x.x are the network address of our subnet)

sudo route add default gw x.x.x.1 ens32 (where x.x.x are the network address of our subnet)

==Subdomains==
Adding subdomains is really easy and doesn't require a lot of effort. You'll just need to remember the general process from the [[Nginx#Configuring nginx|Configuring nginx]] section.

.

To start, navigate to the <code>sites-available</code> directory by running <code>cd /etc/nginx/sites-available</code>. Then, you can either copy a pre-existing configuration by running <code>sudo cp example.ms subdomain.example.ms</code> or creating a new file by running <code>sudo vim subdomain.example.ms</code>. If you copied it, edit the file by running <code>sudo vim subdomain.example.ms</code>.

===What needs to be changed===
The only important things that need to be changed are the <code>root</code> and <code>server_name</code> variables. Press <code>i</code> to start editing the file in Vim, and then find where the variables are located. Change the <code>root</code> variable to an updated path where the contents for the subdomain can be found. Generally, good practice for this is to create a new folder in the primary domains path with the name of the subdomain. So, if we were trying to create <code>subdomain.example.ms</code>, we'd create a new folder by running the command <code>sudo mkdir /var/www/example.ms/subdomain</code>. Then, we'd modify our <code>root</code> variable to look something like this:<pre>
# before
root /var/www/example.ms;

# after
root /var/www/example.ms/subdomain;
</pre>The <code>server_name</code> variable is just as simple. Just add the subdomain prefix to the beginning of your domain:
# before
server_name example.ms;

# after
server_name subdomain.example.ms;
Once you've made the proper changes, save and quit the file by pressing <code>escape</code> and typing <code>:wq</code>. Then, run <code>cd ../sites-enabled && sudo ln -s /etc/nginx/sites-available/subdomain.example.ms ./</code> and restart nginx by running <code>sudo systemctl restart nginx</code>.

==Adding other domains (that aren't subdomains)==
The process is exactly the same as adding a subdomain, except instead of adding a prefix the value of <code>server_name</code> you'll just completely change the domain. Again, don't forget to create the symbolic link to the configuration file and ''especially'' don't forget to restart nginx after saving the config/creating the symbolic link. When you're creating the folder to contain the contents for the server, create a new folder that has the name of the domain. So, for instance, if I was creating example2.ms, I'd run <code>sudo mkdir /var/www/example2.ms</code>. Now that the domain is ready go to [http://wiki.24pin.tech/index.php?title=WordPress WordPress]if you are planning on using WordPress as your editor.

==Adding HTTPS to a domain with LetsEncrypt (certbot)==
If you're adding a new domain to Nginx and want to enable https on a new domain, run <code>sudo certbot --nginx -d domain.com</code> where <code>domain.com</code> is the domain that you want to add. Once you've done this, check the domain and look for a lock icon in the url bar of your browser. In the event that you don't already have certbot installed, run the following commands:

*<code>sudo apt-get install certbot</code>
*<code>sudo apt-get install python-certbot-nginx</code>

'''Note:''' '''It could possibly take up to 24-72 hours for it to be enabled, although at the time of writing the changes propagated almost immediately.'''

==Conclusion==
By now, your nginx server should be up and fully operational. As always, if you're having any issues please STFW before you ask people for advice!

.

Thank you,

- Tyler

CISCOACA.local (Retired)

2021-04-26T21:16:36Z

Bchamberlain: Bchamberlain moved page CISCOACA.local to CISCOACA.local (Retired): Retired as on April 2021

= Our Domain Setup =

The CISCOACA.local domain is setup to run off of the servers called [[Loki]] and [[Logan]]. The both run [[Active Directory]], [[DNS]], and [[DHCP]]. [[Loki]] is configured as the main server by default, and [[Logan]] is configured as the hot standby. They will failover or trade roles if there is ever an issue. [[Logan]] may also occasionally switch to the main server leaving [[Loki]] as the hot standby, which is fine as they will still have redundancy. [[Logan]] is the default standby, as [[Logan]] also runs the web server VMs so it has more load already.

To learn more about any of these things, click their respective links throughout this page.

== Active Directory ==

[[Active Directory]] controls who gets all of our [[Group Policy]]/[[Security Policy]] and how they are applied. Basically, [[Active Directory]] controls how all of the computers in our domain behave, and is what allows us to have our unique logins that work on every computer. Without it, we are unable to login, we lose our shared folders, and we lose all our [[Security Policy]].

== Domain Name Services ==

Domain Name Services (or [[DNS]]) is what translates website names to IP addresses (like 24pin.tech to our public IP to Logan). Without it, accessing the internet and other computers on the network would require us to have all of the IPs memorized. That is bad. We like [[DNS]]. [[DNS]] is also needed for things to function properly since our network is in the middle of MUSD.local's things, so we need to forward properly through them.

== DHCP ==

[[DHCP]] is run on [[Loki]] as the main server, and [[Logan]] is the hot standby. Our [[DHCP]] setup is fairly basic, but we do have special settings configured for [[FOG]] and for our servers and printers we have [[DHCP]] reservations.

== Group Policy ==

[[Group Policy]] is where all of the settings and changes that we want to make to all of the computers in our network are made. Pretty much every Windows setting you have ever heard of, and many you haven't heard of, can be changed here and applied to some or all of the computers or servers in our network. We have different [[Group Policy]] settings set for our normal computers than the servers, and different ones are applied to computers that may run through our [[Active Directory]] but are in different rooms. Our [[Security Policy]] is part of [[Group Policy]] but has it's own page, as it is very important to keep things controlled and needed more of an explanation than other parts of [[Group Policy]].

Logan (Retired)

2021-04-26T21:14:31Z

Bchamberlain: Bchamberlain moved page Logan to Logan (Retired): Server is retired

==General Overview==
Logan (10.21.25.10) 1 out of 2 of the Dell PowerEdge R430's that we have in Mr. Chamberlain's room. It primarily functions as a print server, BDC (backup domain controller), a host for our DHCP/DNS backups, and a LEMP (NGINX) server.

==System information==
Logan runs the Windows Server 2016 Standard Edition OS Version 10.0 Build 14393, has 16.0 GB of memory available. Processor is Intel Core Xeon CPU E5-2620 @ 2.10GHz (16CPUs).

==Services==
Since Logan is one of our Domain Controllers, there are services that Logan runs in order to keep everything running smoothly. Services include:

DHCP

DNS

Active Directory

IDRAC

NGINX

Parsoid

==Programs==
These applications were installed onto Logan to help support and secure the network even further.

BeyondTrust Network Scanner

DCdiag

Spiceworks

LoganWeb

Hyper-V Manager

==Startup==
There is currently only 1 file in the startup folder which is a visual basic script to start up the Parsoid server. The code for that can be seen as follows:<pre>
set w = CreateObject("WScript.Shell")
w.Run chr(34) & "C:\Program Files\nodejs\parsoid\parsoid.bat" & chr(34), 0
set w = Nothing
</pre>

==Print Services==
There are currently 2 active print servers on Logan: one for the <code>Brother HL-4570CDW</code> printer, and one for the <code>HP LaserJet P4014 UPD PCL 6</code> printer.

[[File:Logan_PrintAllPrinters.png]]

Below is the advanced configuration page for both of the main printers.

[[File:Printers-advanced_logan.png|frameless|600x600px]]

==Backup Domain Controller==
Logan is a backup domain controller for Loki, meaning it is on hot standby for [[DNS]] and [[Active Directory]].

==DHCP==
Logan runs as a backup [[DHCP]] server for [[Loki]].

==LEMP Stack (Nginx Server)==
Everything you need to know about our web server can be found on the [http://wiki.24pin.tech/index.php?title=Nginx Nginx] page. It covers everything ranging from installation to configuration, and covers the basics to troubleshooting.

Hesk/Help Desk

2021-04-16T20:28:49Z

Bchamberlain:

==About==
HESK is a basic, lightweight, help desk program that we use to process our work orders for 24PinTech. We downloaded the software from [[HESK.COM]] and it fully integrated with our 24Pin.tech website. The URL to access the new software is at [https://service.24pin.tech. service.24pin.tech.]

==Installation==
The installation of HESK required a download from hesk.com. We downloaded and installed [https://www.hesk.com/download.php HESK 3 (version 3.2.2)] The installation was somewhat problematic due to lack of documentation regarding the installation process for Nginx. I used the following documents to piece together the process.

*https://www.hesk.com/demo/docs/step-by-step-guide.html
*https://www.digitalocean.com/community/questions/how-to-create-subdomain-with-nginx-server-in-the-same-droplet

====Step 1====
Download and unzip [https://www.hesk.com/download.php Hesk 3.2.2]

====Step 2====
Use PUTTY to login to 10.21.25.11 type in <code>cd /www/var</code> and make a new directory. The directory should be the same as your URL. In this instance I created the ''service.24pin.tech'' directory using the md command. Take the files you unzipped and copy them into this directory.

====Step 3====
Navigate to <code>etc/nginx/sites-available</code> and create a new config in nginx. In this instance I will be creating the service.24pin.tech file. Use an editor like nano or vim to edit the config file. Here is an example <code>sudo nano service.24pin.tech</code>. Once in the editor create a config file, see the nginx article in this wiki in the section [[Nginx|Configuring Nginx]] for assistance.

====Step 4====
At this point you should be on step 4 of the HESK install file. The URL may be slightly different than what is used on the document. [[File:Hesk snip.png|thumb|150x150px|HESK admin homepage|center]]

====Step 5====
[[File:PhpMyAdmin.png|thumb|phpMyAdmin - add a My SQL database|150x150px]]
During the HESK install you will be asked to set up a MySQL database for HESK. You will use phpMyAdmin to accomplish this. You will naviagate to the [https://24pin.tech/phpMyAdmin/index.php phpMyAdmin] URL and log in. Get the credentials from Chamberlain. Once logged in you will navigate to the Databases page. Type in the name of your new database and use that name when prompted to during the HESK install.

=='''Hesk Admin Information'''==

===Initial Logon:===

* Navigate to https://service.24pin.tech/admin

*User name: First Name First Letter of last name (ex: Todd H)
*Password: MHSschool

===Ticket===

*Main Page
**You can see it in the tickets area with different information
**Changing information about the ticket, as well as assigning, is below the tickets to the right
***You can change information or reply to the customer when clicking on the ticket ID and subject area in main menu
**You can view certain types of tickets
**You can find specific ticket based on certain information
*Under a ticket
**You can look at the message/description they give about their device
**Below the description you can add a hidden note
**You can reply to the customer (do not use this, use it through your email)
***You can choose not to send the email with assigning the ticket, and changing priority
**After the changes you can change ticket status, category, priority, and assignee
**Finally there is ticket internal information, like tracking ID, date it as introduced, that cannot be changed except due date

===Categories:===

*Function
**Categories allow customers to choose what kind of device they have and is apart of the ticket creation process they do
**They choose this option first when submitting a ticket
*Changing
**Each category has a set priority, and type if needed to change
**To create a new category click “New Category” in the top right and choose a name, set priority, and whether it is a public or private option
***Public is for the customer choosing the category
***Private is for 24PinTech if needed to change to a specific category

===Team (Users):===

*Creating Users

*In the top left click new Team member and fill out basic information
*Under Permissions put everyone as staff except the people who require all access.
**Every permission can be left to default or give access to specific areas. Which can allow for allocation within the system.
*Signatures are unneeded. It is just an end of a message
*Preferences are unneeded. Keep default
*Notifications can vary. keep default for everyone
*You can only finish creating a user under the notification tab

*Editing Users
**Admin can edit anything about a user but are very few
**Normal users can edit anything except permissions about their account. Permissions allow the user access specific areas of HESK
*Staff member editing access
**In the top right of the site click their name then click view profile
**Then edit profile
**Under profile information in the password subsection the user can change their password to their preferred password
***You can only save the settings in the notifications tab

==These next sections if you are unsure you can click 🛈 for more information==

===Tools===

*Ban emails
*#This will be a section where it is Forbidden to ban an account without explicit permission.
*#'''Do not add/change'''
*Ban IPs
*#This will be a section that Administrators can never touch under no circumstance.
*#'''Do not add/change'''
*Service Messages
*#Display a service message in the customer area, for example to notify them about known issues and important news.
*Email Templates
*#Cannot change anything within this section.
*Custom Fields
*#This section is used to add custom fields to require additional information from the customer through the ticket process.
*#Creating a field
*##This is a new field for information that the customer has to fill out
*##Everything is self explanatory except category
*###If only a specific device needs it the categories are listed and get rid of the unwanted devices
*Statuses
*#This section is used to create new ticket statuses.
*#Allows viewing of all tickets and where they fall within the different statuses.
*#Creating statuses
*##Choose the name, color and if customer want to change the status (do not let customers change statuses)

===Settings===

*General
*#General settings
*##Allows you to change the website title, URL, and Email center.
*##These should never change under any circumstances, or if CEO of 24PinTech requires
*#Language
*##Allows multiple language access
*##Language folders are required to add different languages but must be through the server sides of things and not The website
*#Data base
*##This is about the server hosting of Hesk
*##'''DO NOT CHANGE'''
*Help Desk
*#Help Desk settings
*##This is where the storage on the server of tickets and customizing the message of ticket responses
*##It customizes the home look of tickets from the admin view
*##Change only if necessary
*#Features
*##This is the requirements of filling out a ticket on the customer side
*##It also allows ticket auto-assigning, but it is unnecessary
*##Change only if necessary
*#SPAM prevention
*##SPAM prevention does what it says, prevents SPAM
*##There can be different types of SPAM prevention, even custom ones
*##Change only if needed
*#Security
*##This is about the login and having staff users when logging in
*##View tickets is for customers seeing their ticket without requiring their email, but they still need ticket ID
*##'''DO NOT CHANGE FROM FRAMES ONWARD'''
*#Attachments
*##This allows customers to attach any attachments if they want
*Knowledgebase
*#This can make HESK an information base instead of a ticketing system
*#'''DO NOT CHANGE'''
*Email
*#Email
*##This changes the type of emailing system that is used
*##'''DO NOT CHANGE'''
*#Email Loops
*##Changes the responding time of emails
*##'''DO NOT CHANGE'''
*#Detect email typos
*##Self explanatory
*##Add any emails that would be used but are not listed
*#Notify customers when
*##Self explanatory
*#Other
*##This is minor things about email filling out whether logged in the setting or filling out a ticket
*##Change only if necessary
*Ticket List
*#Fields in ticket list
*##This is what categories are on the ticket page when viewing tickets
*#Other
*##Both things under this section are about the date and time formats of a ticket
*Misc
*#Date and Format
*##This is the format of the Date and Time shown anywhere
*##Change if necessary
*#Other
*##IP WHOIS shows the IP address of the customer, The customer will not be able to see it
*##Maintenance mode will turn off the ticketing system for customers
*##Admin link is to see an admin link on the customer request form
*##Submit notice will let the customer see their IP address and warn them it will be tracked
*###'''DO NOT CHANGE'''
*##Users online let you see what users are on and how long ago they were online
*##Updates: Self Explanatory

Hesk/Help Desk

2021-04-16T20:27:03Z

Bchamberlain: /* Step 5 */

==About==
HESK is a basic, lightweight, help desk program that we use to process our work orders for 24PinTech. We downloaded the software from [[HESK.COM]] and it fully integrated with our 24Pin.tech website. The URL to access the new software is at [https://service.24pin.tech. service.24pin.tech.]

==Installation==
The installation of HESK required a download from hesk.com. We downloaded and installed [https://www.hesk.com/download.php HESK 3 (version 3.2.2)] The installation was somewhat problematic due to lack of documentation regarding the installation process for Nginx. I used the following documents to piece together the process.

*https://www.hesk.com/demo/docs/step-by-step-guide.html
*https://www.digitalocean.com/community/questions/how-to-create-subdomain-with-nginx-server-in-the-same-droplet

====Step 1====
Download and unzip [https://www.hesk.com/download.php Hesk 3.2.2]

====Step 2====
Use PUTTY to login to 10.21.25.11 type in <code>cd /www/var</code> and make a new directory. The directory should be the same as your URL. In this instance I created the ''service.24pin.tech'' directory using the md command. Take the files you unzipped and copy them into this directory.

====Step 3====
Navigate to <code>etc/nginx/sites-available</code> and create a new config in nginx. In this instance I will be creating the service.24pin.tech file. Use an editor like nano or vim to edit the config file. Here is an example <code>sudo nano service.24pin.tech</code>. Once in the editor create a config file, see the nginx article in this wiki in the section [[Nginx|Configuring Nginx]] for assistance.

====Step 4====
At this point you should be on step 4 of the HESK install file. The URL may be slightly different than what is used on the document. [[File:Hesk snip.png|thumb|150x150px|HESK admin homepage|center]]

====Step 5====
[[File:PhpMyAdmin.png|thumb|phpMyAdmin - add a My SQL database|150x150px]]
During the HESK install you will be asked to set up a MySQL database for HESK. You will use phpMyAdmin to accomplish this. You will naviagate to the [https://24pin.tech/phpMyAdmin/index.php phpMyAdmin] URL and log in. Get the credentials from Chamberlain. Once logged in you will navigate to the Databases page. Type in the name of your new database and use that name when prompted to during the HESK install.

=='''Hesk Admin Information'''==

===Initial Logon:===

*User name: First Name First Letter of last name (ex: Todd H)
*Password: MHSschool

===Ticket===

*Main Page
**You can see it in the tickets area with different information
**Changing information about the ticket, as well as assigning, is below the tickets to the right
***You can change information or reply to the customer when clicking on the ticket ID and subject area in main menu
**You can view certain types of tickets
**You can find specific ticket based on certain information
*Under a ticket
**You can look at the message/description they give about their device
**Below the description you can add a hidden note
**You can reply to the customer (do not use this, use it through your email)
***You can choose not to send the email with assigning the ticket, and changing priority
**After the changes you can change ticket status, category, priority, and assignee
**Finally there is ticket internal information, like tracking ID, date it as introduced, that cannot be changed except due date

===Categories:===

*Function
**Categories allow customers to choose what kind of device they have and is apart of the ticket creation process they do
**They choose this option first when submitting a ticket
*Changing
**Each category has a set priority, and type if needed to change
**To create a new category click “New Category” in the top right and choose a name, set priority, and whether it is a public or private option
***Public is for the customer choosing the category
***Private is for 24PinTech if needed to change to a specific category

===Team (Users):===

*Creating Users

*In the top left click new Team member and fill out basic information
*Under Permissions put everyone as staff except the people who require all access.
**Every permission can be left to default or give access to specific areas. Which can allow for allocation within the system.
*Signatures are unneeded. It is just an end of a message
*Preferences are unneeded. Keep default
*Notifications can vary. keep default for everyone
*You can only finish creating a user under the notification tab

*Editing Users
**Admin can edit anything about a user but are very few
**Normal users can edit anything except permissions about their account. Permissions allow the user access specific areas of HESK
*Staff member editing access
**In the top right of the site click their name then click view profile
**Then edit profile
**Under profile information in the password subsection the user can change their password to their preferred password
***You can only save the settings in the notifications tab

==These next sections if you are unsure you can click 🛈 for more information==

===Tools===

*Ban emails
*#This will be a section where it is Forbidden to ban an account without explicit permission.
*#'''Do not add/change'''
*Ban IPs
*#This will be a section that Administrators can never touch under no circumstance.
*#'''Do not add/change'''
*Service Messages
*#Display a service message in the customer area, for example to notify them about known issues and important news.
*Email Templates
*#Cannot change anything within this section.
*Custom Fields
*#This section is used to add custom fields to require additional information from the customer through the ticket process.
*#Creating a field
*##This is a new field for information that the customer has to fill out
*##Everything is self explanatory except category
*###If only a specific device needs it the categories are listed and get rid of the unwanted devices
*Statuses
*#This section is used to create new ticket statuses.
*#Allows viewing of all tickets and where they fall within the different statuses.
*#Creating statuses
*##Choose the name, color and if customer want to change the status (do not let customers change statuses)

===Settings===

*General
*#General settings
*##Allows you to change the website title, URL, and Email center.
*##These should never change under any circumstances, or if CEO of 24PinTech requires
*#Language
*##Allows multiple language access
*##Language folders are required to add different languages but must be through the server sides of things and not The website
*#Data base
*##This is about the server hosting of Hesk
*##'''DO NOT CHANGE'''
*Help Desk
*#Help Desk settings
*##This is where the storage on the server of tickets and customizing the message of ticket responses
*##It customizes the home look of tickets from the admin view
*##Change only if necessary
*#Features
*##This is the requirements of filling out a ticket on the customer side
*##It also allows ticket auto-assigning, but it is unnecessary
*##Change only if necessary
*#SPAM prevention
*##SPAM prevention does what it says, prevents SPAM
*##There can be different types of SPAM prevention, even custom ones
*##Change only if needed
*#Security
*##This is about the login and having staff users when logging in
*##View tickets is for customers seeing their ticket without requiring their email, but they still need ticket ID
*##'''DO NOT CHANGE FROM FRAMES ONWARD'''
*#Attachments
*##This allows customers to attach any attachments if they want
*Knowledgebase
*#This can make HESK an information base instead of a ticketing system
*#'''DO NOT CHANGE'''
*Email
*#Email
*##This changes the type of emailing system that is used
*##'''DO NOT CHANGE'''
*#Email Loops
*##Changes the responding time of emails
*##'''DO NOT CHANGE'''
*#Detect email typos
*##Self explanatory
*##Add any emails that would be used but are not listed
*#Notify customers when
*##Self explanatory
*#Other
*##This is minor things about email filling out whether logged in the setting or filling out a ticket
*##Change only if necessary
*Ticket List
*#Fields in ticket list
*##This is what categories are on the ticket page when viewing tickets
*#Other
*##Both things under this section are about the date and time formats of a ticket
*Misc
*#Date and Format
*##This is the format of the Date and Time shown anywhere
*##Change if necessary
*#Other
*##IP WHOIS shows the IP address of the customer, The customer will not be able to see it
*##Maintenance mode will turn off the ticketing system for customers
*##Admin link is to see an admin link on the customer request form
*##Submit notice will let the customer see their IP address and warn them it will be tracked
*###'''DO NOT CHANGE'''
*##Users online let you see what users are on and how long ago they were online
*##Updates: Self Explanatory

Hesk/Help Desk

2021-04-16T20:22:36Z

Bchamberlain:

==About==
HESK is a basic, lightweight, help desk program that we use to process our work orders for 24PinTech. We downloaded the software from [[HESK.COM]] and it fully integrated with our 24Pin.tech website. The URL to access the new software is at [https://service.24pin.tech. service.24pin.tech.]

==Installation==
The installation of HESK required a download from hesk.com. We downloaded and installed [https://www.hesk.com/download.php HESK 3 (version 3.2.2)] The installation was somewhat problematic due to lack of documentation regarding the installation process for Nginx. I used the following documents to piece together the process.

*https://www.hesk.com/demo/docs/step-by-step-guide.html
*https://www.digitalocean.com/community/questions/how-to-create-subdomain-with-nginx-server-in-the-same-droplet

====Step 1====
Download and unzip [https://www.hesk.com/download.php Hesk 3.2.2]

====Step 2====
Use PUTTY to login to 10.21.25.11 type in <code>cd /www/var</code> and make a new directory. The directory should be the same as your URL. In this instance I created the ''service.24pin.tech'' directory using the md command. Take the files you unzipped and copy them into this directory.

====Step 3====
Navigate to <code>etc/nginx/sites-available</code> and create a new config in nginx. In this instance I will be creating the service.24pin.tech file. Use an editor like nano or vim to edit the config file. Here is an example <code>sudo nano service.24pin.tech</code>. Once in the editor create a config file, see the nginx article in this wiki in the section [[Nginx|Configuring Nginx]] for assistance.

====Step 4====
At this point you should be on step 4 of the HESK install file. The URL may be slightly different than what is used on the document. [[File:Hesk snip.png|thumb|343x343px|HESK admin homepage|center]]

====Step 5====
[[File:PhpMyAdmin.png|left|thumb|phpMyAdmin - add a My SQL database]]
During the HESK install you will be asked to set up a MySQL database for HESK. You will use phpMyAdmin to accomplish this. You will naviagate to the [https://24pin.tech/phpMyAdmin/index.php phpMyAdmin] URL and log in. Get the credentials from Chamberlain. Once logged in you will navigate to the Databases page. Type in the name of your new database and use that name when prompted to during the HESK install.

=='''Hesk Admin Information'''==

===Initial Logon:===

*User name: First Name First Letter of last name (ex: Todd H)
*Password: MHSschool

===Ticket===

*Main Page
**You can see it in the tickets area with different information
**Changing information about the ticket, as well as assigning, is below the tickets to the right
***You can change information or reply to the customer when clicking on the ticket ID and subject area in main menu
**You can view certain types of tickets
**You can find specific ticket based on certain information
*Under a ticket
**You can look at the message/description they give about their device
**Below the description you can add a hidden note
**You can reply to the customer (do not use this, use it through your email)
***You can choose not to send the email with assigning the ticket, and changing priority
**After the changes you can change ticket status, category, priority, and assignee
**Finally there is ticket internal information, like tracking ID, date it as introduced, that cannot be changed except due date

===Categories:===

*Function
**Categories allow customers to choose what kind of device they have and is apart of the ticket creation process they do
**They choose this option first when submitting a ticket
*Changing
**Each category has a set priority, and type if needed to change
**To create a new category click “New Category” in the top right and choose a name, set priority, and whether it is a public or private option
***Public is for the customer choosing the category
***Private is for 24PinTech if needed to change to a specific category

===Team (Users):===

*Creating Users

*In the top left click new Team member and fill out basic information
*Under Permissions put everyone as staff except the people who require all access.
**Every permission can be left to default or give access to specific areas. Which can allow for allocation within the system.
*Signatures are unneeded. It is just an end of a message
*Preferences are unneeded. Keep default
*Notifications can vary. keep default for everyone
*You can only finish creating a user under the notification tab

*Editing Users
**Admin can edit anything about a user but are very few
**Normal users can edit anything except permissions about their account. Permissions allow the user access specific areas of HESK
*Staff member editing access
**In the top right of the site click their name then click view profile
**Then edit profile
**Under profile information in the password subsection the user can change their password to their preferred password
***You can only save the settings in the notifications tab

==These next sections if you are unsure you can click 🛈 for more information==

===Tools===

*Ban emails
*#This will be a section where it is Forbidden to ban an account without explicit permission.
*#'''Do not add/change'''
*Ban IPs
*#This will be a section that Administrators can never touch under no circumstance.
*#'''Do not add/change'''
*Service Messages
*#Display a service message in the customer area, for example to notify them about known issues and important news.
*Email Templates
*#Cannot change anything within this section.
*Custom Fields
*#This section is used to add custom fields to require additional information from the customer through the ticket process.
*#Creating a field
*##This is a new field for information that the customer has to fill out
*##Everything is self explanatory except category
*###If only a specific device needs it the categories are listed and get rid of the unwanted devices
*Statuses
*#This section is used to create new ticket statuses.
*#Allows viewing of all tickets and where they fall within the different statuses.
*#Creating statuses
*##Choose the name, color and if customer want to change the status (do not let customers change statuses)

===Settings===

*General
*#General settings
*##Allows you to change the website title, URL, and Email center.
*##These should never change under any circumstances, or if CEO of 24PinTech requires
*#Language
*##Allows multiple language access
*##Language folders are required to add different languages but must be through the server sides of things and not The website
*#Data base
*##This is about the server hosting of Hesk
*##'''DO NOT CHANGE'''
*Help Desk
*#Help Desk settings
*##This is where the storage on the server of tickets and customizing the message of ticket responses
*##It customizes the home look of tickets from the admin view
*##Change only if necessary
*#Features
*##This is the requirements of filling out a ticket on the customer side
*##It also allows ticket auto-assigning, but it is unnecessary
*##Change only if necessary
*#SPAM prevention
*##SPAM prevention does what it says, prevents SPAM
*##There can be different types of SPAM prevention, even custom ones
*##Change only if needed
*#Security
*##This is about the login and having staff users when logging in
*##View tickets is for customers seeing their ticket without requiring their email, but they still need ticket ID
*##'''DO NOT CHANGE FROM FRAMES ONWARD'''
*#Attachments
*##This allows customers to attach any attachments if they want
*Knowledgebase
*#This can make HESK an information base instead of a ticketing system
*#'''DO NOT CHANGE'''
*Email
*#Email
*##This changes the type of emailing system that is used
*##'''DO NOT CHANGE'''
*#Email Loops
*##Changes the responding time of emails
*##'''DO NOT CHANGE'''
*#Detect email typos
*##Self explanatory
*##Add any emails that would be used but are not listed
*#Notify customers when
*##Self explanatory
*#Other
*##This is minor things about email filling out whether logged in the setting or filling out a ticket
*##Change only if necessary
*Ticket List
*#Fields in ticket list
*##This is what categories are on the ticket page when viewing tickets
*#Other
*##Both things under this section are about the date and time formats of a ticket
*Misc
*#Date and Format
*##This is the format of the Date and Time shown anywhere
*##Change if necessary
*#Other
*##IP WHOIS shows the IP address of the customer, The customer will not be able to see it
*##Maintenance mode will turn off the ticketing system for customers
*##Admin link is to see an admin link on the customer request form
*##Submit notice will let the customer see their IP address and warn them it will be tracked
*###'''DO NOT CHANGE'''
*##Users online let you see what users are on and how long ago they were online
*##Updates: Self Explanatory

Hesk/Help Desk

2021-04-16T20:11:25Z

Bchamberlain:

File:PhpMyAdmin.png

2021-04-16T20:09:02Z

Bchamberlain:

How to add a My SQL database

Hesk/Help Desk

2021-04-13T15:37:46Z

Bchamberlain:

File:Hesk snip.png

2021-04-13T15:36:58Z

Bchamberlain:

HESK

Hesk/Help Desk

2021-04-13T14:59:24Z

Bchamberlain:

Hesk/Help Desk

2021-04-13T14:19:10Z

Bchamberlain: