Windows

Ubuntu 20.04/20.10: How to enable RDP access from Windows PC.

Posted on by test_ll6rez

There have been a number of times that I have wanted to access my Ubuntu 20.04/20.10 PC from a Windows PC using Remote Desktop Access (RDP). This is how I have configured it to work.

Enable RDP on the Ubuntu 20.04/ 20.10 PC:

Open the terminal and type the following command:

sudo apt install xrdp
Ubuntu 20.04/20.10 - How to enable RDP access from Windows PC.

Type your password and enter.

RDP - Password

Enter Y and enter.

RDP - Type Y

Xrdp will be installed:

RDP - Installing

Once installed the installer will return to the command line:

RDP - Done

Enable xrdp to start after reboot and to run now type:

sudo systemctl enable --now xrdp
RDP - enable

The command will run and then return to the command line:

RDP - Done

Run the following command to open the rdp port on the local firewall for incoming traffic.

sudo ufw allow from any to any port 3389 proto tcp
RDP - Open Firewall

The rules will be added:

RDP - Done

Run the following command to find the ip address of the machine. This will be needed to rdp from the windows machine.

sudo ip a

The ip address of the machine is highlighted in red:

RDP - Get IP

This is all you have to do on the Ubuntu PC. Now go onto the windows PC and connect to the Ubuntu PC as follows:

Connecting to the Ubuntu PC from Windows using RDP.

Click on the start button and type mstsc. Click on Open.

RDP - Open RDP

Type in the ip address of the Ubuntu PC and click Connect.

RDP add IP

Click Yes.

RDP - Click Yes

Type the username and password and click OK.

RDP - Add user and password

You will now have access to the linux desktop. Yay.

RDP - Connected.

To log off again just click on the x of the RDP window or log out:

RDP - Logout
RDP - Logout

Troubleshooting:

Black Screen at logon:

If there is a user logged in on the Ubuntu PC you may get a black screen when you rdp to the PC. This can be resolved by logging off of the Ubuntu PC.

For more things to do with your new Ubuntu 20.10 Desktop go to my other articles HERE.

Authentication Required login

In some cases you will get the following window appear and even though you log in it will not disappear:

A permanent fix for this is to edit the following file:

sudo vim /usr/share/polkit-1/actions/org.freedesktop.color.policy

Go to the defaults section and modify no to yes

<defaults>
    <allow_any>auth_admin</allow_any>
    <allow_inactive>yes</allow_inactive>
    <allow_active>yes</allow_active>
</defaults>

To:

Save the changes and log off and back on again and you should not see the popup again.

Windows 10: How to install Windows 10 updates.

Posted on by test_ll6rez

Although running Windows 10 updates is a simple procedure it is a crucial process for keeping a Windows 10 machine as secure as possible so it is worth documenting.

For more information about Windows updates take a look at this great post on TechRepublic.

Install Windows 10 Updates:

To run windows updates click on the start button

Running Windows updates on Windows 10 - click start

Click on the Settings button

Running Windows updates on Windows 10 - click Settings

Scroll to the bottom and select Update & Security

Running Windows updates on Windows 10 - Click Updates & Security

Click Check for updates and wait for Windows to check if it has any missing updates

Running Windows updates on Windows 10 - click check for updates

Windows will then start installing the updates

Running Windows updates on Windows 10 - wait for updates to install

If the updater asks for a reboot click Restart Now to reboot:

Windows 10 updates - reboot

Updates will then be installed and the PC will be rebooted

Windows 10 updates - Installing updates

Once the Updates have installed and the PC has rebooted log in and check to see if there are any more updates needing installing

There will most likely be more to install so continue installing until there are no new updates to install:

Your Windows 10 PC is now fully up to date.

For more Windows 10 related posts click HERE.

Samba4 Setup and configure file shares with Windows ACLs

Posted on by test_ll6rez

Found THIS article on the Samba site on how to configure WIndows ACLs for Samba4 shares:

Preparatory work

Filesystem support

To use the advanced features of Samba, it has to be compiled with ACL support (e. g. RHEL requires the libacl-devel to be installed, when compiling). Also you need a filesystem that supports the “user” and “system” xattr namespaces. It also needs to have ACL and XATTR support.
XFS and ext4 automatically support ACLs. If you are using ext3 for your file system, you may need to include the options “user_xattr” and “acl” in your /etc/fstab entries. Example:
/dev/sda3     /srv/samba/Demo     ext3      user_xattr,acl,barrier=1      1 1
Note: The “barrier=1” option ensures that tdb transactions are safe against unexpected power loss. More information on barriers from RedHat
Please be careful modifying your fstab. It can lead to an unbootable system!
You could test as follows:
# lsof | grep srv/samba/Demo
If there is output, stop the corresponding services cleanly. If there is no output, it is safe to unmount the partition, assuming it is mounted:
# umount /srv/samba/Demo
After making changes to fstab, try remounting the drive:
# mount -a

ACL support on member server

The following is only required on Domain Member Servers and not on Domain Controllers!
  • Add the following to your [global] section of your smb.conf:
     vfs objects = acl_xattr
     map acl inherit = Yes
     store dos attributes = Yes
These options are required on Member Servers, to enable the possibility for real windows ACL’s. Domain Controllers have ACL support enabled globally by default!

SeDiskOperatorPrivilege

  • To configure share permissions, you need an account with „SeDiskOperatorPrivilege“. To grant this privilege, e. g. to the „Domain Admin“ group, run the following command on your AD member server(s):
# net rpc rights grant 'SAMDOMDomain Admins' SeDiskOperatorPrivilege -U'SAMDOMadministrator'
Existing privileges can be reviewed by
# net rpc rights list accounts -U'SAMDOMadministrator'

Adding a new share

  • Create a folder that you want to share
# mkdir -p /srv/samba/Demo/
  • Add a new share to your smb.conf (using no other configuration parameters when first setting up a share is highly recommended!):
[Demo]
     path = /srv/samba/Demo/
     read only = no
  • Reload Samba:
# smbcontrol all reload-config

Setup share permissions

  • Log on to a Windows machine, using an account to which the „SeDiskOperatorPrivilege“ was granted, or an account in a group with the granted privilege.
  • Open the Start Menu and search for „Computer Management“.
  • In the menu bar go to „Action“ / „Connect to another computer“.
  • Enter the name of the Samba server you have create the new share on.
  • Navigate to „System Tools“ / „Shared Folders“ / „Shares“ and select the newly added share.
Computer Management Shares.png
  • Right-click to the share name, choose „Properties“ .
  • Go to the „Share Permissions“ tab. Here you can configure who can access the share and the appropriate permissions.
Demo Share Permissions.png
  • Go to the „Security“ tab, click the „Edit“ button and configure the filesystem permissions.
Demo Share Security.png
  • Save the changes by closing the windows with „OK“.

Change permissions on folders of a share

  • Log on to a Windows machine as Domain Administrator.
  • Navigate to the folder of which you want to change the permissions.
  • Right-click to the folder and choose „Properties“.
  • Go to the „Security“ tab and click the „Edit“ button.
  • Change the permissions to your needs.
Folder Permissions.png
  • Save the changes by closing the windows with „OK“.

Troubleshooting

In certain situations, share configuration parameters which were commonly used with NT-style domains such as “force group” or “force user” may lead to “Access Denied” errors when trying to set permissions on a new share, or other complications, such as losing the ability to even see the Security tab. You may find even after correcting the issues that the problems may persist even after removing and re-adding the share properly. In such cases, it may be helpful to manually wipe out all ACLs on the share and recursively re-grant full control to the Domain Admins group with the setfacl command as follows (may need to run as root):
# setfacl -b /path/to/share
# setfacl -b /path/to/share/*
# setfacl -R -m default:group:domain admins:rwx /path/to/share