Author Archives: ReasonableIT

How To Install Wazuh Agents with PDQ Deploy

Posted on by
Reply

If you have anymore than 20 computers you want to install Wazuh Agents on, you’re really going to need a deployment package. Who wants to touch every computer one by one to install an agent? Not me. It’s time to exercise some of those Sys Admin skillz you stored away in the attic and dust off those cob webs.

PDQ Deploy to the rescue. PDQ deploy is an invaluable IT tool, one of the Sys Admins best friends in fact. Today we are going to leverage some of the power of PDQ Deploy to do all the leg work for us with installing Wazuh agents to large amounts of networked windows computers.

Let’s Get The Pre-Reqs Out Of The Way

All your Windows endpoints will need a bit of prep in order for a successful PDQ Deployment ->

– Enable file and printer sharing

– Enable Local Token Filter (Run cmd as admin and copy paste the following cmd) ->

reg add “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System” /v “LocalAccountTokenFilterPolicy” /t REG_DWORD /d 1 /f

What is this local token filter thinga ma jig all about?

When you enable LocalAccountTokenFilterPolicy, you’re essentially allowing full administrative rights to administrators when they access the computer remotely via network connections such as Remote Desktop or network shares. Without this enabled, UAC strips administrative privileges from the administrator’s credentials when they are used remotely, which can lead to authentication problems, especially in scenarios where administrative access is required.

As a best security practice, we do recommend disabling LocalAccountTokenFilterPolicy once you’re done with your deployments.

To disable, simply rerun nearly the same command but just change the 1 to a 0 ->

reg add “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System” /v “LocalAccountTokenFilterPolicy” /t REG_DWORD /d 0 /f

While we’re on the topic of best security practices, you may as well plan to revoke admin rights of your deployment user too when you’re done with your deployment job.

Now Back To The Remaining Pre-reqs ->

– Create a local deployment user account that can be used for authentication with PDQ (this user account must have local admin privileges)

– Create a share on your deployment server that will host the Wazuh agent .msi file

– Download the Wazuh agent .msi file and stick it in your share

– Download and install PDQ Deploy 14 day trial (Enterprise mode required)

Yes I know this is quite a bit of prep-work to do across all your Windows endpoints which will basically require more bulk changes in order to make ready for a PDQ Deployment. To accomplish the above Pre-reqs systematically, a walk through on that falls outside the scope of this blog but I recommend you either leverage group policy or PDQ (or both).

Now that you have all your Pre-reqs out of the way, you’re ready to create your Wazuh Agent deployment package. Please skip to the video walk through at this point.

Lastly, here are the relevant commands for your reference…

Install Wazuh Agent ->

C:\wazuh-agent\wazuh-agent-4.7.3-1.msi /q WAZUH_MANAGER=”192.168.10.12″ WAZUH_REGISTRATION_SERVER=”192.168.10.12″

Note: Make sure to replace the IP with your own Wazuh server’s ip and your Wazuh-agent version may be different then mine, so update accordingly.

Restart Wazuh service ->

Restart-Service -Name wazuh

The wazuh-agent folder + agent .msi file that were copied down to your endpoints, is no longer needed after successful deployment. Let’s clean that up with this command ->

Remove-Item -Path “C:\wazuh-agent” -Recurse -Force

Does Adding More RAM To Your Computer Really Make It Faster?

Posted on by
Reply

Adding more RAM to a computer system is not always a silver bullet that will just automatically make it faster and or increase performance.

‘For the most part, increasing RAM capacity alone does not actually speed up your computer, rather, it prevents it from slowing down’ – Reasonable IT

Don’t believe us? Check out this recent, real world scenario testing on a system between 8GB and 16GB. We covered some simple real world scenarios most people would quantify as computer performance, such as, app start up time, system boot time, video rendering time and gaming fps. The entire point of this video was to prove by demonstration that simply increasing ram capacity from 8GB to 16GB on a system that was not previously experiencing RAM over-utilization, leads to no discernible difference in system performance.

Increasing RAM capacity in a computer is often hailed as a solution to boost performance. We’re here today to help you make an informed decision and not waste time or money on increasing your systems memory when it may very well not be the best upgrade path for you. But then why does adding more RAM not always lead to a faster system? Let’s explore this idea further ->

Understanding RAM Bottlenecks

Before rushing to upgrade RAM, it’s crucial to evaluate whether your system actually requires additional memory. RAM, or Random Access Memory, serves as a temporary storage for active programs and processes. When your system runs out of available RAM, it resorts to slower storage devices, causing performance slowdowns. This scenario is known as a RAM bottleneck and in most cases, if your computer isn’t experiencing a RAM bottleneck, increasing RAM capacity may not yield significant improvements.

So How Will I Know If I Have A RAM Bottleneck On My System?

Identifying bottlenecks in your system falls outside the scope of this blog but in short, you’ll want to monitor the memory usage of your system with performance monitoring tools such as Task Manager or Performance Monitor (which are built into Windows OS). These tools display metrics such as total RAM usage, available RAM, and memory usage by individual processes.

If you consistently observe high levels of RAM usage close to or at maximum capacity, accompanied by performance degradation such as slow application responsiveness or frequent disk swapping, it may indicate that your system is experiencing RAM bottlenecks. In such cases, increasing your system’s RAM capacity can significantly improve performance. However, it’s important to note that the increase in speed will only bring your PC back up to its expected performance level, rather than exceeding it.

The Law of Diminishing Returns

Remember, once your system has enough RAM to handle its workload efficiently, further increases in capacity may offer diminishing returns (if any at all) in terms of performance enhancement. If you are not experiencing a RAM bottle neck but still desire increased system performance, consider investing in other hardware upgrades (such as an SSD/faster SSD) or optimizing software configurations for better value.

Conclusion

While increasing RAM capacity can enhance system performance under genuine memory shortages, it’s important to recognize that it’s not a one-size-fits-all solution. Before investing in a RAM upgrade, carefully evaluate your system’s requirements and identify potential bottlenecks. Adopting a holistic approach to system optimization, considering factors beyond just RAM capacity, is crucial for achieving optimal performance and efficiency.

#will adding more ram to my computer really make it faster?
#should i add more ram to my computer?
#does increasing ram really make my computer faster?

Apply FRESH Thermal Paste To Your Refurbished Computers

Posted on by
Reply

Thermal paste, also known as thermal compound or thermal grease, is a substance applied between a CPU (Central Processing Unit) and a heat sink to improve the thermal conductivity between them. Its primary purpose is to fill in microscopic imperfections on the surfaces of the CPU and heat sink, ensuring better heat transfer.

When a CPU operates, it generates heat, and efficient heat dissipation is crucial to prevent the CPU from overheating. The thermal paste helps in enhancing the thermal conductivity between the CPU and the heat sink, allowing heat to transfer more effectively from the CPU to the heat sink. This, in turn, helps to keep the CPU temperature within safe operating limits.

Our Recommendation

If you’ve recently acquired an older refurbished computer, we highly recommend monitoring current cpu temps to see if they are optimal and if not, we suggest applying  fresh thermal paste. We typically just do this by default in most cases with refurbs and based off the age of the computer.

But how often do I really need to re-apply fresh thermal paste?

The frequency of reapplying thermal paste depends on various factors, including the type of thermal paste used, the quality of the initial application, and the operating conditions of the computer. In general, it’s not necessary to reapply thermal paste very often. Here are some guidelines:

  1. Factory Applied Paste: If your computer is brand new or has factory-applied thermal paste, there’s usually no need to reapply it for several years.
  2. High-Quality Paste: If you used a high-quality thermal paste during the initial application, it can remain effective for a longer time. Some premium thermal pastes can last for several years without significant degradation.
  3. Normal Usage: For most users with standard computer usage patterns (e.g., browsing, office work, occasional gaming), it’s typically recommended to check the thermal paste every 3-5 years.
  4. Intensive Usage: If your computer undergoes heavy usage, such as gaming, video editing, or other resource-intensive tasks, you might consider checking and potentially reapplying thermal paste every 2-3 years.
  5. Temperature Monitoring: Regularly monitoring your CPU temperatures can provide insights. If you notice a significant increase in temperatures over time, it might be an indicator that the thermal paste needs replacement.

10 year old CPU still using the same original thermal paste from the factory, got a fresh coat today, yay! We used Corsair’s TM30 Performance Thermal Paste in the below example ->