You can easily run one or multiple programs at logon without messing with the Registry by using Group Policy Object (GPOs).

Under User (or Computer) configuration > Administrative Templates > System > Logon > Run these programs at user logon you can insert the path of the executable. Very clean and straight forward.

You probably have stumbled upon this common problem: When logging into a Domain Computer with a Domain user, this error appears: The trust relationship between this workstation and the primary domain failed.

What does it mean? Well, it basically means that the Domain Computer cannot authenticate against Active Directory, because the Computer Account password on the workstation is not valid anymore (this can occur when using Sytem Restore or when restoring from a backup).

How do you solve this issue? Pretty easy. Just remove the computer from the Domain and re-join. That works, but there is a cleaner and faster solution with one line of PowerShell code:

Test-ComputerSecureChannel -Repair -Credential (Get-Credential)

You will need to enter domain user credentials that can create or modify computer accounts in the Active Directory Domain.

You can check if the password of the Domain computer changed by viewing the attribute pwLastSet in the Attribute Editor.

If a computer is in an Active Directory Domain environment with Exchange On-Prem installed, Outlook clients might connect to local Exchange instead of Exchange Online, because they query Active Directory first.

This Registry key will avoid SCP Lookup in Active Directory.

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover
DWORD ExcludeSCPLookup 1

If you are curious, SCP is located here (you can view it with ADSIEdit inside the Configuration Partition):

CN=Services, CN=Microsoft Exchange,CN=Organization, CN=Administrative Groups,CN=Exchange Administrative Group, CN=Servers,CN=YourServer,CN=Protocols,CN=Autodiscover,

References:

https://jacob.gardiner-moon.co.uk/2016/06/13/outlook-autodiscover-connecting-local-exchange-server-instead-office-365/

If you ever need to copy NTFS permissions of a folder, there is a quick PowerShell one-liner that will save your day:

Get-Acl C:\SourceFolder| Set-Acl D:\DestinationFolder

Have fun!

Apache Virtual Hosts are great because they let you host multiple websites on the same server. The public IP address can also be re-used - Apache knows, based on the HTTP host header, which website to show.

But have you considered this scenario? website1.com gets compromised and some malicious person has access to the server. What can they do? Most certainly they have access to every other website on the server because, by default, every Virtual Host runs under the same user www-data. Fortunately, there is a module that allows us to use different users for every Apache2 Virtual Host called apache2-mpm-itk.

It is very easy to install:

apt-get install libapache2-mpm-itk

a2enmod mpm_itk

If you face any issues, disable mpm-prefork and try enabling mpm_itk again.

a2dismod mpm_prefork

Now, in the Virtual Host config file, insert these lines (user www-site1 and group www-site1):

<IfModule mpm_itk_module>
AssignUserId www-site1 www-site1
</IfModule>

The user could be added with useradd:

useradd www-site1

Lastly, give owner rights to the new user and no one else.

chown www-site1:www-site1 -R /var/www/site1

Or even better, give the www-site user write rights on the upload folder. Everything else is readable only.

find /var/www/site1/ -type d -exec chmod 0755 {} \; #Change directory permissions rwxr-xr-x

find /var/www/site1/ -type f -exec chmod 0644 {} \; #Change file permissions rwxr-xr-x

chown ajni:ajni -R /var/www/site1/ # Let your useraccount be owner

chown www-site1:www-site1 -R /var/www/site1/uploads/ #Let apache be owner of upload folder

Oh yeah. Don't forget to restart apache:

service apache2 restart

References:

https://cloudkul.com/blog/apache-virtual-hosting-with-different-users/