Get hardware serial number from within Windows

Did you ever had the situation that you need to the get the serial number of a Server or PC at a remote location and you only had a remote desktop connection to this device? There is a solution that may work in this situation. Execute the following command from the command line:

wmic bios get serialnumber

That should generate an output like this:


<span style="font-family:Courier New;">SerialNumber</span>
<span style="font-family:Courier New;">CZ12345678</span>

If you configured WMI for remote access you can execute this command directly over the network with the following command line:


<span style="font-family:Courier New;">wmic /node:MyServer01.contoso.com bios get serialnumber</span>

Allow Web Ads in Sophos UTM

One of my customers uses the Sophos UTM with the web filter option (aka proxy server) enabled. The customer also uses search engines a lot to find companies in his area.
Some of the results are shown as advertising in the result list. If users click on one of those links Sophos shows the following message:
Content blocked

While trying to retrieve the URL:
https://www.googleadservices.com/pagead/...
The content is blocked due to the following condition:
The URL you have requested is blocked by Surf Protection. If you think this is wrong, please contact your administrator.
Report:
Blocked Category (Web Ads)

So it looks like Sophos blocks web ads which is normally fine but in that case causes trouble. There are at least two solutions for this problem:

Solution 1: Allow all web ads

This is done in Web Protection / Filtering Options / Categories / Suspicious. Here you can disable the option “Web ads”. This will allow all web ads.

Solution 2: Allow the specific web ad url

You can allow only some of the web ads by adding the urls to the white list of allowed domains. This can be done under Web Protection / Filtering Options / Exceptions.
Add a new exception list with the name “Allowed Ads” and add the web ad urls (hostnames) with the option “URL filter” enabled and “Matching these URLs” selected. Add the regex filter of the web ad service like this:

^https?://([A-Za-z0-9.-]*\.)?googleadservices\.com/pagead/aclk\?
This string will allow Google web ads.

 

Installing opnsense 17.1 on Hyper-V Server 2008 R2

A customer wants an Installation of the opnsense Firewall on a Hyper-V Server 2008 R2. So I got the zipped iso file from one of the mirrors, unpacked it and started the installation. During the setup the installer told me that it was unable to find a suitable IDE or SCSI drive:

no-ide-or-scsi-drives-found

“The installer could not find any disks suitable for Installation (IDE or SCSI) attached to this Computer…”

I installed opnsense a couple of days before on a Hyper-V Server 2016 so I thought it would no problem to also install it on Hyper-V on Server 2008 R2 but that is not the case. It seems that BSD has a problem on Hyper-V on Server 2008 R2. This issue is also documented on TechNet:

https://technet.microsoft.com/de-de/library/dn848317.aspx

The page also has a solution for the problem in section “Disable the Fast IDE Driver“. You need to exit the boot loader an disable the fast IDE driver. To do this in opnsense boot the CD and exit the boot loader with menu item 3 (Escape to loader prompt):

exit-boot-loader-to-console

Then enter the following commands:

set hw.ata.disk_enable=1

boot

This disables the fast IDE driver and boots the installer so that you are able to install opnsense. The change is not permanent, if you boot the opnsense vm the next time you have to repeat the procedure. To make the change stay we have to edit the file “/boot/loader.conf.local”. It is also possible to edit the file “loader.conf” directly but if you change something in the configuration of the vm (add a network card for example) this file will be overwritten. So the right file to edit is “loader.conf.local” and not “loader.conf”.

To do this start the opnsense vm and exit the boot loader and enter the commands again. Opnsense will now boot and automatically assign the interfaces if you don’t invoke the manual interface assignment. Logon with the default logon data, “root” as username and “opnsense” as password. Opnsense should display the console menu:

console-menu

Exit the console menu with “8” and enter the following command to load the text editor and edit the file loader.conf.local:

ee /boot/loader.conf.local

In the text editor add a new line with the following text:

hw.ata.disk_enable="1"

The content should look like this after the Change:

Press “Escape” and select “a) leave editor” and save the changes:

Now you can reboot the vm without any manual tasks, the entry in the loader.conf.local will permanently disable the fast IDE driver.