Intro:

I’ve always been the strong one—at home, at work, in faith. The one people come to for answers, comfort, and solutions. But lately, I’ve been sitting in a kind of silence that echoes deeper than I expected. When the texts stop, when the calls go unanswered, when temple appointments fade into the background—I start to feel it: even the strong get tired.

This week, I found myself in a strange place—surrounded by truth, but pierced by silence. I sat at my desk feeling the weight of isolation. No messages, no check-ins, no unexpected “Hey, how are you?” from anyone. It felt like my soul was stuck in a paused moment, waiting for a response that never came.

But I remembered Alma 26:27:

“Now when our hearts were depressed, and we were about to turn back, behold, the Lord comforted us…”

Even Ammon and his brethren—men of God—were depressed. These weren’t weak men. These were spiritual giants who had seen miracles, preached the gospel with power, and endured rejection. And still, they felt what I’m feeling now.

Tomorrow, I’ll walk into the Oquirrh Mountain Temple after more than a month. I’m not going to ask for miracles. I’m going because I need to be in the presence of Heaven. I need to let my spirit breathe again. I need to feel my Father’s love, even when words fail.

Quote for Reflection:

“Your silence is deafening.” — The Fault in Our Stars
But maybe… God’s silence isn’t absence. It’s invitation.

“When Silence Speaks” — Oquirrh Refrain

When silence came like falling snow,
And all the noise had ceased to be,
I felt a pull, a quiet glow—
The temple gates were calling me.

At Oquirrh’s base I bowed my head,
Not for answers—just for peace instead,
A quiet place where tears are shed,
And unseen angels softly tread.

Inside the stillness, soft and wide,
The Celestial Room embraced my soul—
I reached to write, with God as guide,
Yet someone’s name first filled the scroll.

No knock, no text, no morning sound,
Yet still I stood with faith intact.
Some bonds may sleep beneath the ground,
But truth remains, and light comes back.

Not every path must be explained,
Not every bond can bear a name—
But in that light, I still remained,
And walked back out, no longer flame… but flame.

A Gentle Addition (Post-Poem):

Before I left for the temple that day, my hand wrote a name I didn’t expect. It reminded me that sometimes God places people in our hearts not by accident, but by design. I won’t name them here. I’ll just say this: I’m grateful for the quiet nudges that guide us back to love—even when words are few and time is short.

Sometimes, the name written in silence is the one Heaven hears the loudest.

© 2012–2025 Jet Mariano. All rights reserved.

For usage terms, please see the Legal Disclaimer.

Even techs get stuck. Yesterday reminded me that sometimes, the person everyone calls for help also hits a wall. I was working remotely via VPN, ready to assist a teammate, when my own RDP session froze on “Please wait.” I couldn’t move, couldn’t connect, and couldn’t help. It was like watching a surgeon get locked out of the operating room.

What Happened:
From home, I connected to VPN and tried to RDP into my office desktop, but I got stuck at the “Please wait” screen. VPN was up, but Remote Desktop was frozen. I launched a Command Prompt window and ran:

query session /server:xx.xx.xx.xx

Note: IP address redacted for security.

Here’s a redacted example of the output:

 SESSIONNAME       USERNAME       ID   STATE   TYPE
 services                          0    Disc    
 rdp-tcp#16        johdoe          1    Active  rdpwd
 console           johdoe          2    Conn    wdcon

From the list above, I saw that ID 1 was in a Disc (Disconnected) state — an orphaned session that blocked me from connecting normally.

To fix it, I ran:

reset session 1 /server:xx.xx.xx.xx

After a few seconds, I reconnected via RDP successfully — and the session loaded instantly.

Conclusion:
This was a humbling moment. VPN doesn’t mean much if a stuck session locks you out. Knowing how to query session and reset session remotely is like having a digital master key. When the helper needs help, this trick puts you back in the game.

© 2012–2025 Jet Mariano. All rights reserved.

For usage terms, please see the Legal Disclaimer.

Father’s Day this year came with more than just cards and hugs—it came with quiet reflection, a few emotional flashbacks, and a full heart.

After work on Friday, I found myself doing something I rarely stop for: slowing down. I cleaned the house top to bottom, did laundry—including fresh bedding—and made sure everything smelled just right. I even went grocery shopping with purpose… because my wife, my son, and his family were driving from out of state to visit me.

I had to make it special.

Saturday Night: Baked Salmon & Family Time
That evening, I surprised them with something I’m still learning to master—cooking. I baked fresh salmon for dinner. I’m not usually known for my kitchen skills, but there was something sacred about preparing a meal with my own hands for the people I love.

We gathered at the table, shared stories, laughed over seconds, and created a memory I didn’t know I needed.

Sunday Morning: Blueberry Pancakes & That Peter Pan Moment
I woke up early on Father’s Day and made blueberry pancakes for my wife and grandson. I plated them with sliced bananas, strawberries, blackberries, and a side of protein shakes—my quiet way of saying “thank you” for the joy they bring into my life.

And in that stillness, as I looked at my breakfast creation and heard the house stirring awake, I had a moment—a flashback.

I remembered holding my kids when they were small. The scraped knees, the sleepy hugs, the silly jokes. I heard myself whisper something I once told them years ago, a line from Peter Pan:

“I wish we never grew up.”

Not because I regret the years passing, but because I wish I could freeze-frame every laugh, every moment of chaos and wonder. I miss being their superhero. I miss us.

A Handwritten Card & A Jersey Mike’s Gift
A few days before Father’s Day, I received a card from my firstborn daughter. She made it personal—printed with an old photo of me holding her as a baby, and a handwritten message that simply said, “Hoping you feel our love.” Inside was a Jersey Mike’s gift card—she remembered it’s my favorite sandwich spot.

That card brought me back 35 years. I smiled. I teared up. I felt young again.

🟩👔 A Shirt That Spoke Volumes

Later in the afternoon, I received a thoughtful gift from my youngest daughter—a Julep Green, long-sleeve button-down shirt. It was simple, stylish, and exactly my kind of color. She has an eye for things I’d never think to get for myself. It wasn’t just a shirt—it was her way of saying, “Dad, I see you.”

Grateful Moments 💝

One of the most meaningful parts of this Father’s Day weekend was the unexpected gestures from loved ones. A beautifully wrapped gift appeared on the table—simple, thoughtful, and quietly affirming. It added a layer of warmth to a weekend already filled with home-cooked meals and heartfelt greetings.

Reflections from the Heart

I don’t share these things to impress or prove anything.
I write them down to remember—because life moves fast, and these quiet moments remind me I’ve done something right.
Even when life feels distant or heavy, love has a way of showing up.

© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.

PowerShell remains my go-to tool for automating everyday IT tasks. In this post, I share real-world examples and weekly routines that help streamline system administration.

Sample One-Liner:

Get-EventLog -LogName System -EntryType Error -Newest 5 | Format-Table TimeGenerated, Source, EventID, Message -AutoSize

This quick script shows the last 5 system errors on a Windows machine—great for fast troubleshooting without opening Event Viewer.

© 2012–2025 Jet Mariano. All rights reserved.

For usage terms, please see the Legal Disclaimer.

Introduction

Whether you’re fixing a misconfigured router, debugging PowerShell scripts, or tracking down a memory leak in a cloud app—troubleshooting in IT demands more than technical skills. It requires discipline, logic, and humility. After three weeks of blogging about health and discipline, let’s talk about the fitness of your mind—the kind that solves problems.

The Ultimate Troubleshooting Framework

1. Observe First, React Later
Don’t panic. The biggest failures come from rushing. Rebooting blindly or clicking wildly rarely fixes anything long-term. Start with awareness—what changed? When did it work last?

2. Replicate the Issue
Can you consistently reproduce the error? Replicating the issue puts you in control of the variables. Screenshot everything, test on another device, or simulate in a lab. If it’s not reproducible, it’s not solvable—yet.

3. Isolate the Fault Line
Is this a client-side or server-side issue? Is the failure network-based or application-specific? Drill down layer by layer—network > system > application > user. Think like a detective following leads.

4. Validate What Works
Don’t just look for what’s broken—look for what still works. This narrows the gap. If ping works but DNS fails, your network isn’t down; your resolution layer is. Know the baseline.

5. Eliminate, Don’t Guess
Avoid shotgun fixes. Remove assumptions through testing. Disable policies, roll back updates, swap hardware. Let evidence drive your conclusions—not your emotions.

6. Document the Process
Take notes. Every screenshot and command helps build tribal knowledge for the team. Great IT pros don’t just fix—they record and teach.

7. When You’ve Hit a Wall—Call in Experts
If all else fails, this is where humility shines. Bring in the vendor, escalate to support, or call your team. Vendors will often start from ground zero, treating you like a novice. Swallow your pride. Be a team player. The goal is resolution, not recognition.

8. Loop in Your Peers
Sometimes the fix is just one conversation away. Your teammate might’ve solved it last week. Break the silence, share your screen, and troubleshoot together.

Conclusion

Troubleshooting is not a talent—it’s a craft. And like any craft, it’s forged through practice, patience, and process. This framework doesn’t belong to one domain of IT—it belongs to every discipline. Whether you’re in the trenches of a VMware outage or debugging a line of Python, the rules are the same.

Train your mind as you train your body. Master your process and the problems will surrender.

© 2012–2025 Jet Mariano. All rights reserved.

For usage terms, please see the Legal Disclaimer.

In today’s fast-paced IT world, embracing the cloud isn’t optional—it’s mission-critical. Whether you’re managing hybrid infrastructure or securing endpoints across continents, mastering cloud tools separates the reactive techs from the proactive engineers.

Here are five powerful cloud solutions I’ve used in the trenches throughout my IT career.

1. Microsoft Azure

“Scalable. Scriptable. Secure.”

Azure remains the backbone of enterprise cloud. From spinning up VMs to enforcing conditional access, Azure gives you granular control and powerful automation—especially when paired with PowerShell or Azure CLI.

Use Cases:

• VM provisioning via templates
• Azure AD security policies
• Hybrid join deployments
• Log Analytics and Sentinel integration

2. Microsoft Intune + Autopilot

“Endpoint management that actually works.”

Modern endpoint management has moved beyond on-prem GPOs. Intune and Autopilot let you enroll, configure, and secure devices—from factory to desk—with zero IT touch.

Use Cases:

• BYOD device compliance
• Windows Autopilot provisioning
• App deployment without VPN

3. Microsoft 365 Admin Tools

“Collaboration is nothing without control.”

Exchange Online, SharePoint, Teams, and OneDrive all live under the M365 umbrella—but it’s how you manage access, retention, and security that defines your IT strength.

Use Cases:

• eDiscovery & retention policies
• Shared mailbox automation
• Microsoft Purview for compliance

4. PowerShell + Graph API

“Automate everything—or drown in tickets.”

The real power of cloud lies in scripting. With PowerShell and Graph API, you’re not just managing users—you’re managing scale.

Use Cases:

• Bulk license assignment
• Dynamic group creation
• Real-time audit scripting

5. Cloud-Based Backups (Veeam, Acronis, etc.)

“Your last line of defense is only as strong as your last backup.”

Whether you’re backing up M365 mailboxes or Azure VMs, cloud-native backups ensure business continuity, ransomware defense, and fast recovery.

Use Cases:

• Immutable backup storage
• Backup alerts and automation
• Hybrid backups (local + cloud)

Final Thoughts:

Cloud mastery doesn’t mean knowing everything—it means knowing what works, and how to leverage automation to reduce human error. I’ve learned this through real-world pressure, testing, and relentless problem-solving.

© 2012–2025 Jet Mariano. All rights reserved.

For usage terms, please see the Legal Disclaimer.

 The Problem

After spinning up a few test VMs in Azure, I realized the costs were creeping up from unused resources. Manual cleanup was time-consuming, especially when tracking which NICs, disks, and IPs belonged to what. I needed a faster, cleaner solution—one script to deploy, another to destroy.

 The Solution

I wrote two PowerShell scripts:

1. New-AzServerVmRdp-20250509_GitHub.ps1: Fully automates deployment of a Windows Server 2019 VM with RDP access.
2. Remove-AzServerVmRdp-20250509_GitHub.ps1: Cleans up the entire environment by removing the resource group.

These scripts not only deploy the VM but configure the VNet, subnet, NSG, public IP, and NIC—all with one command.

 The Code

Deploy Script:

New-AzResourceGroup -Name "MyTestRG" -Location "westus"
# ... other setup commands
New-AzVM -ResourceGroupName "MyTestRG" -Location "westus" -VM $vmConfig

Cleanup Script:

Remove-AzResourceGroup -Name "MyTestRG" -Force -AsJob

 The Result

I can now spin up a fresh, RDP-ready Windows Server in under 10 minutes and wipe it clean with a single line. I tested the RDP connection, confirmed the VM’s performance, and removed the environment—no residual charges, no clutter.

 🔗 View on GitHub

© 2012–2025 Jet Mariano. All rights reserved.

For usage terms, please see the Legal Disclaimer.

Automate the full lifecycle of a Windows Server VM in Azure — from deployment to secure RDP access and safe cleanup — using PowerShell.

Step-by-Step Process:

1. Azure Login and Subscription Setup

Connect-AzAccount
Set-AzContext -SubscriptionId "<your-subscription-id>"

2. Create Resource Group

New-AzResourceGroup -Name "MyTestRG" -Location "westus"

3. Create Virtual Network and Subnet

$subnetConfig = New-AzVirtualNetworkSubnetConfig -Name "MySubnet" -AddressPrefix "10.0.1.0/24"
$vnet = New-AzVirtualNetwork -Name "MyVNet" -ResourceGroupName "MyTestRG" -Location "westus" -AddressPrefix "10.0.0.0/16" -Subnet $subnetConfig

4. Create Network Security Group with RDP Access

$rdpRule = New-AzNetworkSecurityRuleConfig -Name "Allow-RDP" -Protocol "Tcp" -Direction "Inbound" -Priority 1000 -SourceAddressPrefix "*" -SourcePortRange "*" -DestinationAddressPrefix "*" -DestinationPortRange 3389 -Access "Allow"
$nsg = New-AzNetworkSecurityGroup -Name "MyNSG" -ResourceGroupName "MyTestRG" -Location "westus" -SecurityRules $rdpRule

5. Create Public IP Address

$publicIp = New-AzPublicIpAddress -Name "MyPublicIP" -ResourceGroupName "MyTestRG" -Location "westus" -AllocationMethod Static -Sku Basic

6. Create Network Interface

$subnet = Get-AzVirtualNetworkSubnetConfig -Name "MySubnet" -VirtualNetwork $vnet
$nic = New-AzNetworkInterface -Name "MyNIC" -ResourceGroupName "MyTestRG" -Location "westus" -SubnetId $subnet.Id -NetworkSecurityGroupId $nsg.Id -PublicIpAddress $publicIp

7. Enter Credentials

$cred = Get-Credential  # Use a simple username like 'azureadmin'

8. Configure the Server VM

$vmConfig = New-AzVMConfig -VMName "MyServerVM" -VMSize "Standard_B1s"
$vmConfig = Set-AzVMOperatingSystem -VM $vmConfig -Windows -ComputerName "MyServerVM" -Credential $cred
$vmConfig = Set-AzVMSourceImage -VM $vmConfig -PublisherName "MicrosoftWindowsServer" -Offer "WindowsServer" -Skus "2019-Datacenter" -Version "latest"
$vmConfig = Add-AzVMNetworkInterface -VM $vmConfig -Id $nic.Id

9. Deploy the Server VM

New-AzVM -ResourceGroupName "MyTestRG" -Location "westus" -VM $vmConfig

10. Connect via Remote Desktop

1. Launch Remote Desktop (RDP)
2. Enter the Public IP of your VM
3. Click “More choices” > “Use a different account”
4. Log in with:
   • Username: azureadmin
   • Password: the one you specified
5. Accept the certificate prompt

✅ You’re connected!

Clean Up: Delete Azure Windows Server VM and Resources to Avoid Charges

To prevent ongoing charges after testing, it’s important to delete all associated resources, including:

• The Virtual Machine (MyServerVM)
• Public IP Address
• Network Interface (MyNIC)
• Network Security Group (MyNSG)
• Virtual Network and Subnet (MyVNet, MySubnet)
• Managed Disk
• And any other resource under the resource group

You can remove all of these at once using the following command:

Remove-AzResourceGroup -Name "MyTestRG" -Force -AsJob

🔗View on GitHub

© 2012–2025 Jet Mariano. All rights reserved.

For usage terms, please see the Legal Disclaimer.

📜 The Price of Gaining Respect in the IT World

By Jet Mariano

Respect in IT isn’t handed out with certifications, job titles, or seniority. It’s earned — quietly, repeatedly — through solutions delivered under pressure, systems recovered when no one else could, and long hours spent automating what others assumed had to be manual.

I’ve restored failed VMs when the backups looked hopeless.
I’ve rebalanced VMware clusters to keep production workloads running efficiently.
I’ve automated daily cloud operations across Azure — from onboarding to Defender alert responses — reducing hours of repetitive tasks into seconds of silent execution.

In one instance, proactive Azure Defender tuning flagged behavior that could have led to a ransomware attack. No one ever knew how close it came — and that’s the point. The better your work, the less noise it makes.

I’ve diagnosed why provision-on-demand failed in a live CTS environment, traced financial VM crashes back to Veeam I/O timing conflicts, and implemented site-to-site VPN connections that quietly brought entire departments online again.

No one claps for any of it.
No one sees the nights spent scripting, or the documentation created while others sleep.

But that’s where respect lives in IT —
Not in applause, but in quiet confidence.
Not in recognition, but in results.

You don’t demand respect in this field.
You build it.

One restored environment at a time.
One secure connection at a time.
One automated fix before someone even files the ticket.

🔥 Final Thought:

If you’re still working toward that respect —
Don’t force it.
Deliver, document, and repeat.

Sooner or later, your work will do all the talking.

🛡️

© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.

Why SIEM matters:
Security Information and Event Management (SIEM) provides centralized visibility into security alerts, system logs, and suspicious activities — helping organizations detect and respond to threats faster.

What SIEM solves:

• Detects intrusions and anomalies in real time
• Helps meet compliance standards like HIPAA, PCI-DSS, and SOX
• Centralizes event monitoring across hybrid cloud and on-premises environments

How to Implement SIEM:

• Deploy Azure Sentinel for cloud-native SIEM integration
• Integrate Cisco Meraki logs, VMware security logs, and endpoint protection (XDR) tools like Palo Alto
• Set up detection rules, incident response playbooks, and dashboards
• Full SIEM Implementation Guide with PowerShell

© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.

In addition to monitoring, managing VMs is a key task for administrators. Below are simple PowerCLI commands for cloning and deleting VMs.

Cloning a VM

$sourceVM = Get-VM -Name "template-vm"
$targetHost = Get-VMHost -Name "esxi-host-01"
$datastore = Get-Datastore -VMHost $targetHost | Where-Object {$_.Name -like "vsanDatastore"}

New-VM -Name "cloned-vm" `
       -VM $sourceVM `
       -VMHost $targetHost `
       -Datastore $datastore `
       -ResourcePool ($targetHost | Get-ResourcePool)

Deleting a VM

Get-VM -Name "cloned-vm" | Remove-VM -DeletePermanently -Confirm:$false

These commands are especially useful for lab environments or when automating template-based VM provisioning.

Conclusion Use this PowerShell command as part of your regular cluster health checks. When combined with vCenter’s vSAN resync and health dashboards, it gives you the full picture to maintain optimal performance and avoid storage imbalances.

Stay tuned for a follow-up post on triggering manual rebalancing using RVC (Ruby vSphere Console).

© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.

Introduction: Keeping your vSAN environment healthy and balanced is critical to maintaining performance and avoiding bottlenecks. One of the best ways to stay ahead of potential issues is by proactively monitoring your ESXi host’s CPU and memory usage using PowerShell and PowerCLI. In this post, we’ll walk through a script that provides a quick overview of resource usage across your vSAN cluster — a valuable step before deciding whether to initiate a manual rebalance.

PowerShell Script to Monitor vSAN Host Resource Usage

Get-VMHost | Select Name, `
    @{N="CPU Usage MHz"; E={($_.CpuUsageMhz)}}, `
    @{N="Total CPU MHz"; E={($_.CpuTotalMhz)}}, `
    @{N="Memory Usage GB"; E={[math]::Round($_.MemoryUsageGB, 2)}}, `
    @{N="Total Memory GB"; E={[math]::Round($_.MemoryTotalGB, 2)}}

Sample Output

What This Tells You

• CPU Load: In the sample output, CPU usage is consistently low (<10%), meaning the compute load is healthy.
• Memory Load: Memory usage ranges from ~24% to ~39%, suggesting room for optimization or upcoming load balancing.

When to Rebalance

If you see disproportionate usage — for example, one host consistently nearing 80%+ memory while others are underutilized — it may be time to initiate a vSAN rebalance.

This script gives you the confidence to proceed with rebalance safely during production hours, especially when CPU usage is low and no resync activities are ongoing.

Conclusion Use this PowerShell command as part of your regular cluster health checks. When combined with vCenter’s vSAN resync and health dashboards, it gives you the full picture to maintain optimal performance and avoid storage imbalances.

Stay tuned for a follow-up post on triggering manual rebalancing using RVC (Ruby vSphere Console).

© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.

Introduction

In today’s digital landscape, cybersecurity is more than just antivirus software and firewalls—it’s about layered security across endpoints, networks, identities, and applications. With cyber threats evolving daily, businesses must adopt proactive monitoring and defense mechanisms. This is where Security Information and Event Management (SIEM), Application Performance Monitoring (APM), and Privileged Access Management (PAM) come into play.

This guide will cover the importance of these tools, best practices, and how to integrate them with enterprise-grade security solutions like Cisco MX, Cisco Umbrella, CyberArk, and DUO.

1. Security Information and Event Management (SIEM)

SIEM solutions aggregate, analyze, and correlate security data from multiple sources, providing real-time visibility into potential threats.

Why SIEM Matters:

• Centralized Log Management: Collects logs from firewalls, servers, endpoints, and applications.
• Threat Detection: Uses AI and correlation rules to identify anomalies.
• Incident Response: Sends alerts when suspicious activity is detected.
• Compliance: Helps meet PCI-DSS, HIPAA, SOX, and Hi-Trust requirements.

Recommended SIEM Solutions:

✅ Splunk – Enterprise-level security analytics.
✅ Microsoft Sentinel – Cloud-native SIEM for Microsoft ecosystems.
✅ DataDog – Lightweight SIEM with cloud integrations.
✅ Elastic SIEM – Open-source alternative.

2. Application Performance Monitoring (APM)

APM tools monitor application behavior, uptime, and response times to ensure optimal performance and detect security anomalies.

Why APM Matters:

• Proactive Threat Identification: Detects application-layer attacks.
• Performance Optimization: Reduces downtime and enhances user experience.
• Integration with SIEM: Provides deeper insights into suspicious activity.

Recommended APM Tools:

✅ Datadog APM – Cloud monitoring with SIEM integration.
✅ Dynatrace – AI-powered full-stack monitoring.
✅ AppDynamics – Deep visibility into application health.
✅ SolarWinds APM – Cost-effective solution for IT teams.

3. Privileged Access Management (PAM) & Multi-Factor Authentication (MFA)

Privileged accounts are the biggest attack targets. Implementing PAM with MFA ensures that admin accounts are secure.

Why PAM & MFA Matter:

• Least Privilege Enforcement: Restricts admin access to critical systems.
• Prevents Credential Theft: Limits exposure to compromised passwords.
• Logs & Audits: Tracks administrative actions for compliance.

Best Practices:

✅ Use CyberArk for managing privileged accounts.
✅ Require MFA (DUO, Microsoft Authenticator, YubiKey).
✅ Separate Personal & Admin Accounts:

• Personal Account → No admin rights.
• Admin Account → Requires 15-min auto MFA renewal (best practice in enterprises like PIMCO & CNB).

4. Endpoint Protection with XDR

Extended Detection & Response (XDR) provides real-time protection across endpoints, emails, and cloud workloads.

Why XDR Matters:

• AI-powered Threat Detection: Blocks malware, ransomware, and phishing attempts.
• Zero Trust Security: Ensures only verified endpoints can access corporate networks.
• SIEM Integration: Sends endpoint logs for analysis.

Recommended XDR Solutions:

✅ Microsoft Defender XDR – Built-in for Microsoft environments.
✅ CrowdStrike Falcon – AI-driven endpoint security.
✅ SentinelOne XDR – Autonomous threat response.

5. Network Perimeter Security: Cisco MX & Cisco Umbrella

Firewalls alone are not enough. Organizations need cloud-based DNS security & perimeter defense.

Why Cisco MX & Umbrella Matter:

• Protects Against DNS-layer Attacks (e.g., phishing & malware sites).
• Prevents Data Exfiltration (blocks malicious domains before connections happen).
• Works with SIEM & XDR (for full security visibility).

Best Practices:

✅ Deploy Cisco MX for firewall + SD-WAN security.
✅ Use Cisco Umbrella to block malicious internet traffic.
✅ Segment Networks to isolate critical resources.

Conclusion: Security Requires Layered Defense

Cybersecurity isn’t just about one tool—it’s about a layered approach:

1. SIEM for centralized monitoring.
2. APM for app performance & security insights.
3. PAM & MFA for privileged access control.
4. XDR for endpoint protection.
5. Cisco MX & Umbrella for perimeter security.

Implementing these tools reduces risk, improves compliance, and protects IT infrastructure from modern threats.

Next Steps:

✅ Read our Step-by-Step Guides for each tool (coming soon).
✅ Explore PowerShell automation for security hardening.
✅ Contact us for enterprise security consulting (if applicable).

🔗 Stay tuned for more guides on securing your IT infrastructure!

© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.

Introduction

In today’s cybersecurity landscape, Security Information and Event Management (SIEM) plays a crucial role in protecting organizations from threats. A robust SIEM system centralizes security monitoring, aggregates logs, detects anomalies, and helps security teams respond to incidents in real time. However, SIEM is only one piece of a comprehensive security framework. To maximize its effectiveness, it should be integrated with other advanced security solutions such as APM tools, privileged access management (CyberArk), multi-factor authentication (Duo), and endpoint detection and response (XDR).

The Role of SIEM in Security

A SIEM system provides the following key functions:

• Centralized Log Management: Aggregates and normalizes logs from different sources.
• Real-Time Threat Detection: Uses correlation rules and AI-driven analytics to detect anomalies.
• Incident Response: Helps security teams investigate alerts and mitigate threats.
• Compliance & Auditing: Meets regulatory requirements for PCI-DSS, HIPAA, SOX, and Hi-Trust.

Recommended SIEM Solutions:

1. Splunk – Market leader in log analysis and threat detection.
2. IBM QRadar – Integrates well with enterprise IT infrastructure.
3. Microsoft Sentinel – Cloud-based SIEM with strong integration into Microsoft’s security ecosystem.
4. LogRhythm – Offers automation and advanced analytics.

Integrating APM Tools for Security & Performance Monitoring

APM (Application Performance Monitoring) tools work alongside SIEM to ensure application security and performance. APM tools help in:

• Detecting performance bottlenecks before they become security vulnerabilities.
• Correlating security events with application behavior.
• Enhancing log visibility for forensic analysis.

Recommended APM Tools:

1. Datadog – Offers monitoring for applications, logs, and security events.
2. Dynatrace – AI-powered analytics for anomaly detection.
3. New Relic – Provides application telemetry and distributed tracing.
4. AppDynamics – Deep visibility into application performance.
5. SolarWinds – A cost-effective alternative with performance monitoring capabilities.

The Importance of CyberArk for Privileged Access Management

Why Privileged Access Management (PAM) Matters? Privileged accounts are the highest-value targets for cybercriminals. CyberArk provides:

• Credential Vaulting – Securely stores and rotates privileged credentials.
• Session Isolation – Prevents direct access to critical systems.
• Least Privilege Enforcement – Ensures users only have access to what they need.
• Audit Logging – Records privileged activity for compliance.

Best Practices: Personal vs. Admin Accounts with Duo MFA

Many enterprises make the mistake of using a single account for both personal and administrative tasks, increasing security risks. Best practices recommend:

• Personal Account for Day-to-Day Use:
  • No elevated privileges.
  • Limited access to sensitive data.
  • MFA enforced for login.
• Admin Account for Privileged Tasks:
  • Protected by Duo MFA with time-based authentication every 15 minutes.
  • Password resets automatically every 15 minutes (e.g., CyberArk enforcement).
  • No direct internet access (restricted browsing and email access).

Endpoint Protection with XDR

Endpoints are the most vulnerable attack surface. Extended Detection and Response (XDR) solutions provide:

• Advanced Threat Detection: AI-driven monitoring for malware, ransomware, and behavioral anomalies.
• Automated Response: Blocks and isolates compromised endpoints.
• Integration with SIEM & SOAR: Security teams can automate investigations and threat responses.

Recommended XDR Solutions:

1. Microsoft Defender XDR – Natively integrates with Microsoft’s security suite.
2. CrowdStrike Falcon XDR – Lightweight agent with cloud-native capabilities.
3. SentinelOne – AI-driven threat hunting.
4. Palo Alto Cortex XDR – Strong perimeter and endpoint defense.

Perimeter Security: Cisco MX & Cisco Umbrella

Perimeter Security & Zero Trust Architecture A properly configured perimeter ensures that malicious traffic is blocked before it reaches endpoints or internal servers.

• Cisco Meraki MX – Next-generation firewall with content filtering, VPN, and IPS/IDS.
• Cisco Umbrella – Cloud-delivered security that blocks malicious domains and phishing attempts at the DNS level.

Conclusion

An effective security framework requires a layered defense strategy that integrates SIEM, APM, PAM, MFA, XDR, and Perimeter Security.

By implementing these solutions, organizations ensure: ✔ Proactive threat detection and response ✔ Regulatory compliance (PCI-DSS, HIPAA, SOX, Hi-Trust) ✔ Minimized attack surface ✔ Reduced impact of security breaches

Cybersecurity is not just about having tools—it’s about implementing the right tools, enforcing best practices, and continuously monitoring for evolving threats. The Force is always within you, but having the right technology stack ensures that you are always prepared for battle.

© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.

When a team member leaves your organization, it’s critical to offboard them securely and efficiently. Here’s a step-by-step PowerShell-based offboarding process that covers:

✅ Disabling the user in Local Active Directory
✅ Disabling the Azure AD account
✅ Removing all licenses
✅ Disabling MFA
✅ Converting the mailbox to a shared mailbox
✅ Granting full mailbox access to the supervisor

Step 1 – Disable the User in Local Active Directory

powershellCopyEditDisable-ADAccount -Identity jdoe

Step 2 – Disable Azure AD User Account

powershellCopyEditConnect-AzAccount
Set-AzureADUser -ObjectId [email protected] -AccountEnabled $false

Step 3 – Remove Microsoft 365 Licenses

powershellCopyEditConnect-MgGraph -Scopes "User.ReadWrite.All", "Directory.ReadWrite.All"
$UserId = (Get-MgUser -UserId [email protected]).Id
Set-MgUserLicense -UserId $UserId -AddLicenses @() -RemoveLicenses @("tenant:licenseGUID")

📝 Replace tenant:licenseGUID with the appropriate license GUID assigned to your tenant.

Step 4 – Disable MFA

powershellCopyEditConnect-MsolService
Set-MsolUser -UserPrincipalName [email protected] -StrongAuthenticationRequirements @()

Step 5 – Convert Mailbox to Shared

powershellCopyEditConnect-ExchangeOnline
Set-Mailbox -Identity [email protected] -Type Shared

Step 6 – Grant Supervisor Full Access to the Shared Mailbox

powershellCopyEditAdd-MailboxPermission -Identity [email protected] -User [email protected] -AccessRights FullAccess -InheritanceType All

Summary

Using PowerShell for offboarding saves time and ensures consistency. Always document changes and communicate them to HR or management for final closure.

© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.

Introduction
In many enterprise environments, automatic Windows 10 updates can disrupt critical applications. This guide provides step-by-step instructions on preventing updates, forcefully logging off users without rebooting, and managing remote machines efficiently using PowerShell, Command Prompt, and PsExec.

Step 1: Prevent Windows 10 from Installing Updates

Option 1: Disable Windows Update Service (Quick & Easy)

1. Open Run (Win + R), type services.msc, and press Enter.
2. Locate Windows Update in the list.
3. Right-click and select Properties.
4. Set Startup type to Disabled.
5. Click Stop, then Apply and OK.

💡 This prevents Windows from automatically downloading and installing updates.

Option 2: Use Group Policy to Block Updates

1. Open Run (Win + R), type gpedit.msc, and press Enter.
2. Navigate to:Computer Configuration → Administrative Templates → Windows Components → Windows Update
3. Double-click Configure Automatic Updates.
4. Select Disabled, then click Apply and OK.

Option 3: Delete Pending Updates Using PowerShell

If Windows updates are already downloaded and pending installation:

Stop-Service wuauserv -Force
Stop-Service bits -Force
Remove-Item -Path "C:\Windows\SoftwareDistribution\Download\*" -Recurse -Force
Start-Service wuauserv
Start-Service bits

💡 This clears pending updates, preventing them from being installed.

Step 2: Completely Cancel Pending Updates and Remove Notification

Option 1: Clear the Update Queue from Windows Update

If stopping services alone doesn’t remove pending updates, run this in PowerShell:

Remove-Item -Path "C:\Windows\WinSxS\pending.xml" -Force -ErrorAction SilentlyContinue
Remove-Item -Path "C:\Windows\SoftwareDistribution\*" -Recurse -Force

💡 This removes Windows’ record of pending updates.

Option 2: Flush Update Status from Windows Registry

If the notification persists, remove any registry traces of pending updates:

Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" -Name "RebootRequired" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending" -ErrorAction SilentlyContinue

💡 This tells Windows that no updates are waiting for a reboot.

Option 3: Reset Windows Update Components

Run the following commands in CMD (Admin):

net stop wuauserv
net stop cryptsvc
net stop bits
net stop msiserver
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 Catroot2.old
net start wuauserv
net start cryptsvc
net start bits
net start msiserver

💡 This resets Windows Update components so the system forgets pending updates.

Force Windows to Acknowledge No Updates Are Pending

Run:

wuauclt.exe /resetauthorization /detectnow

or

gpupdate /force

💡 This forces Windows to recheck update policies and clear any pending update flags.

Reboot Without Installing Updates

To make sure Windows doesn’t install the update after a reboot, run:

shutdown /r /t 0

💡 This reboots without triggering pending updates.

Step 3: Remotely Log Off a User Without Rebooting

Option 1: Using PowerShell (Requires Admin Privileges)

1. Open PowerShell as Administrator.
2. Run:query user /server:RemotePCName
3. Identify the Session ID of the user you want to log off.
4. Log them off with:logoff <SessionID> /server:RemotePCName

💡 This logs off the user without shutting down the VM.

Option 2: Using PsExec (If PowerShell Remoting is Blocked)

1. Download PsExec.
2. Extract it to C:\PSEXEC.
3. Open Command Prompt as Administrator.
4. Navigate to the PsExec folder:cd C:\PSEXEC
5. Check who is logged in:psexec \RemotePCName -u Administrator -p YourPassword query session
6. Log off the user:psexec \RemotePCName -u Administrator -p YourPassword logoff <SessionID>

💡 This method works even if WinRM and RPC are blocked.

Option 3: Using Command Prompt (WMI-Based Logoff)

If PsExec fails, try using WMI:

wmic /node:RemotePCName /user:Administrator /password:YourPassword computersystem where name="RemotePCName" call Win32Shutdown 4

💡 This forces all logged-in users to log off without rebooting! 🚀

Step 4: Ensure Remote Management Works for Future Use

Once you regain access, run this on the remote VM to prevent future lockouts:

Enable-PSRemoting -Force
Set-Service -Name RemoteRegistry -StartupType Automatic
New-NetFirewallRule -DisplayName "Allow RDP and RPC" -Direction Inbound -Protocol TCP -LocalPort 135,3389 -Action Allow

💡 This allows future remote PowerShell and PsExec commands to execute successfully.

Conclusion

By following this guide, you can prevent Windows 10 from automatically updating, remotely log off users without rebooting, and ensure seamless remote access to your systems. This is critical for IT environments where stability is a priority.

Let me know if you need additional troubleshooting steps!

© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.

With the rise of remote work and hybrid environments, many IT professionals access their work machines using VPN and RDP (Remote Desktop Protocol). While this setup provides flexibility, it also presents security risks—especially when working in a cross-domain network or dealing with multiple IT teams.

As an IT professional with experience in Citrix VDI for banking and enterprise security, I’ve implemented best practices to ensure my remote work setup is secure against unauthorized access. Here’s how you can do the same.

🔍 Understanding the Security Risks of VPN + RDP

A typical work-from-home setup involves:
✅ Connecting to a corporate VPN (e.g., Cisco AnyConnect, Fortinet, or Palo Alto GlobalProtect)
✅ Using RDP (Remote Desktop Protocol) to access your work machine

However, if not properly secured, this configuration could expose your computer to:
⚠ Unwanted access from other IT personnel within the VPN network
⚠ Brute-force RDP attacks if port 3389 is open
⚠ Drive redirection vulnerabilities, where attackers can view or copy your files
⚠ Misconfigured VPN routes, allowing unauthorized users to connect to your machine

To prevent these risks, I follow a strict security protocol when using VPN and RDP.

🛡️ Step-by-Step Guide: How to Secure Your Work Computer When Using VPN + RDP

1️⃣ Enforce Network Level Authentication (NLA) for RDP

Network Level Authentication (NLA) ensures that only authenticated users can initiate RDP sessions, blocking unauthorized login attempts.

✅ How to enable NLA:

1. Open System Properties (sysdm.cpl)
2. Go to the Remote tab
3. ✅ Check “Allow connections only from computers running Remote Desktop with Network Level Authentication”
4. Click Apply > OK

🔹 Why it matters? Without NLA, an attacker can initiate an RDP connection and attempt brute-force attacks before authentication.

2️⃣ Restrict RDP Access to VPN-Only IP Ranges

By default, Windows allows RDP connections from any network. To prevent unauthorized access, restrict RDP connections only to your VPN subnet.

✅ How to block all external RDP access except your VPN subnet:

1. Open Windows Defender Firewall
2. Navigate to Advanced Settings > Inbound Rules
3. Find Remote Desktop – User Mode (TCP-In)
4. Right-click > Properties > Scope
5. Under Remote IP Address, choose These IP addresses
6. Add only your VPN subnet (e.g., 172.16.104.0/24)
7. Click Apply > OK

🔹 Why it matters? Even if someone inside your network tries to RDP into your machine, their connection will be blocked unless they are in the allowed VPN range.

3️⃣ Disable Drive Redirection in RDP

RDP allows drive redirection by default, which means that if an attacker gains access, they can browse and copy files from your local machine.

✅ How to disable RDP drive redirection:

1. Open Group Policy Editor (gpedit.msc)
2. Navigate to: pgsqlCopy codeComputer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection
3. Find “Do not allow drive redirection”
4. Set it to Enabled
5. Click Apply > OK

🔹 Why it matters? This prevents your local drives from being exposed during RDP sessions.

4️⃣ Monitor RDP Access Logs for Unauthorized Connections

Since you’re the only one RDPing into your machine, it’s important to monitor login attempts to detect any suspicious activity.

✅ How to check RDP login logs in Event Viewer:

1. Open Event Viewer (eventvwr.msc)
2. Navigate to: nginxCopy codeWindows Logs > Security
3. Look for:
   • Event ID 4624 (successful logins)
   • Event ID 4625 (failed logins)

🔹 Why it matters? If you see failed logins from unknown IPs, someone may be trying to brute-force your RDP connection.

5️⃣ Disable Remote Access for Unauthorized Users

IT admins in your network may have elevated privileges, allowing them to remotely manage your system. To block unauthorized admin access, you can disable remote administration tools.

✅ How to remove unauthorized administrators:

1. Open PowerShell as Administrator
2. Run the following command to list local administrators: powershellCopy codenet localgroup Administrators
3. If you see any unauthorized users, remove them: powershellCopy codenet localgroup Administrators "DOMAIN\Username" /delete

🔹 Why it matters? Even with VPN access, they won’t be able to take control of your system.

💡 Alternative: Using Citrix VDI Instead of RDP for Secure Access

Since I’ve worked with Citrix Virtual Desktop Infrastructure (VDI) for banks, I know that virtual desktops eliminate most RDP risks. Instead of exposing RDP ports, a Citrix setup allows users to access their workstations securely via a web portal.

✅ Why Citrix VDI is better than RDP over VPN:
🚀 No direct RDP connection – Reduces attack surface
🚀 User sessions are isolated – Prevents unauthorized access
🚀 Secured with multi-factor authentication (MFA) – Extra security

If your organization supports it, using Citrix or Windows Remote Desktop Web Access (RD Web) is a safer alternative.

🔎 Final Thoughts

Working remotely via VPN + RDP is convenient, but it must be properly secured to prevent unauthorized access and IT snooping. By implementing:
✅ Network Level Authentication (NLA)
✅ Restricting RDP to VPN-only IP ranges
✅ Disabling drive redirection
✅ Monitoring login logs
✅ Removing unauthorized admin users

You can ensure that your remote work environment remains private and secure.

🔹 If you’re managing an enterprise network, consider moving to Citrix VDI or Windows RD Web for an extra layer of security.

💡 Have questions about securing your remote access? Drop a comment below!