Category Archives: sysadmin

Linux, sysadmin

DDC/CI monitor control on Linux

DDC/CI is a set of protocols for controlling monitor features like brightness, contrast, color temperature, input source, … over the display cable (VGA, DVI, HDMI, Display port, …).

The protocol is fairly old (1998) and nowadays most devices support it.

I’m currently using it to:

  • Adjust the brightness of my two monitors depending on my room lighting.
  • Switch the input source of my monitors for different devices (my laptop, a tower PC and a virtual machine with dedicated GPU). The big advantage here is that you don’t need to buy an expensive KVM switch to support 4K displays / high refresh rates.

How

Required packages

You must install the ddcutil package for your Linux distribution. The official website contains extensive information for troubleshooting.

Kernel modules

Ddcutil connects to your screen over an I2C connection, and requires the i2c-dev kernel module to be loaded.

You can load the module at runtime using sudo modprobe i2c-dev.

To make it persistent across reboots, you need to add the module to /etc/modules-load.d/i2c-dev.conf:

i2c-dev

Once the module is loaded, some files should appear in /dev/i2c-*.

Allow the user to use DDC

By default the i2c dev files are owned by root, preventing other users to control them. One solution to allow your user to control DDC without using sudo is to add a custom udev rule:

/etc/udev/rules.d/99-ddcutil-i2c.rules

KERNEL=="i2c-[0-9]*", GROUP="your-user", MODE="0660", PROGRAM="/usr/bin/ddcutil --bus=%n getvcp 0x10"
Udev

This rule automatically detects which i2c devices are DDC-capable, and allows members of the group “your-user” to control the file.

You can reload udev rules without rebooting by executing sudo udevadm trigger

If you have multiple users, you can create a new group and add your user to the group:

groupadd ddc
usermod -aG ddc $USER
Bash

Note: ddcutil --bus=%n getvcp 0x10 is used to get the current brightness of the monitor. This only work with the assumption that all monitors supporting DDC/CI control can be queried for their brightness, which is likely to be true for the immense majority of them.

Identify your monitor info

How to address your monitor

The following command queries general information on your connected displays:

ddcutil detect
# You should see entries like:
# Display 1
#    I2C bus:             /dev/i2c-0
#    EDID synopsis:
#       Mfg id:           DEL
#       Model:            DELL U2419H
#       Serial number:    833L1N6
#       Manufacture year: 2018
#       EDID version:     1.4
#    VCP version:         2.1
Bash

There are multiple methods to address your monitor:

  • By display number using --display
  • By model name using --model
  • By serial number using --sn
  • By i2c bus ID using --bus

The bus ID method is way faster than the others, but may be unreliable if your hardware changes often.

Which features can be controlled

The following command queries which display features can be get/set for a given monitor:

ddcutil capabilities --bus=0
# You should see something like:
# MCCS version: 2.1
# Commands:
#    Command: 01 (VCP Request)
#    Command: 02 (VCP Response)
#    Command: 03 (VCP Set)
#    Command: 07 (Timing Request)
#    Command: 0c (Save Settings)
#    Command: e3 (Capabilities Reply)
#    Command: f3 (Capabilities Request)
# VCP Features:
#    Feature: 10 (Luminosity)
#    Feature: 12 (Contrast)
#    Feature: 14 (Select color preset)
#       Values:
#          04: 5000 K
#          05: 6500 K
#          06: 7500 K
#          08: 9300 K
#          09: 10000 K
#          0b: User 1
#          0c: User 2
#    Feature: 16 (Video gain: Red)
#    Feature: 18 (Video gain: Green)
#    Feature: 1A (Video gain: Blue)
#    Feature: 60 (Input Source)
#       Values:
#          0f: DisplayPort-1
#          11: HDMI-1
#    Feature: AA (Screen Orientation)
#       Values:
#          01: 0 degrees
#          02: 90 degrees
#          03: 180 degrees
#          04: 270 degrees
Bash

You can get/set those features using:

  • Get: ddcutil --bus=0 getvcp $FEAT_ID
  • Set: ddcutil --bus=0 setvcp $FEAT_ID $VALUE

Script examples

Change brightness

ddc-setbrightness

#!/bin/bash
# Usage: ddc-setbrightness 50
ddcutil --bus=0 setvcp 10 "$1" &
ddcutil --bus=1 setvcp 10 "$1" &
wait
Bash

Since DDC commands can be slow to execute (especially without --bus addressing), it is best to run them in parallel and wait for completion.

Switch input sources

Very useful when you need to change input sources very often, and don’t have a dedicated button on the monitor (or for automating it).

ddc-switch-inputs

#!/bin/bash
# Usage: ddc-switch-inputs 1
case "$1" in
   1 )
      # Config 1: Main PC
      OUT=("0x0f" "0x20")
      ;;
   2 )
      # Config 2: Virtual machine
      OUT=("0x11" "0x21")
      ;;
   * )
      echo "Unknown input '$1'"
      exit 1
      ;;
esac

ddcutil --bus=0 setvcp 60 ${OUT[0]} &
ddcutil --bus=1 setvcp 60 ${OUT[1]} &
wait
Bash

Reduce eyestrain

ddc-daylight

#!/bin/bash
# Usage: ddc-daylight night
case "$1" in
   "day" )
      BRIGHTNESS=100
      TEMPERATURE=0x09
      ;;
   "evening" | "morning" )
      BRIGHTNESS=60
      TEMPERATURE=0x06
      ;;
   "night" )
      BRIGHTNESS=30
      TEMPERATURE=0x04
      ;;
   "dark" )
      BRIGHTNESS=0
      TEMPERATURE=0x04
      ;;
   * )
      echo "Unknown time of day '$1'"
      exit 1
      ;;
esac

ddcutil --bus=0 setvcp 10 $BRIGHTNESS &
ddcutil --bus=1 setvcp 10 $BRIGHTNESS &
ddcutil --bus=0 setvcp 14 $TEMPERATURE &
ddcutil --bus=1 setvcp 14 $TEMPERATURE &
wait
Bash

Updates:
2022-01-13: Replaced i2c-[0-9]+ with i2c-[0-9]* since udev doesn’t support the + extension. Thanks Hendrik W. !

Source: DDC/CI monitor control on Linux

microsoft, MicrosoftSucksAss, sysadmin, Win11, Windows

Win11 Setup for local account

Go through the normal installation process until you get to the sign-in screen
Press <Shift> + <F10> to open elevated command prompt

net user "YourUserName" */add
net localgroup administrators "YourUserName" / add
net user "YourUserName" /active:yes
net user "YourUserName" /expires:never
net user "Administrator" /active:no
net user "defaultUser0" /delete

Run net user to ensure that all was done properly. You should see the new user as admin account, and no default user.

Run regedit Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
Delete 3 values: DefaultAccountAction, DefaultAccountSAMName, DefaultAccountSID
Rename value LaunceUserOOBE to SkipMachineOOBE and sure value is 1. Case is important.
Exit regedit.

Reboot machine with shutdown /r /t 0

exploits, malware, microsoft, MicrosoftSucksAss, Open Source, PowerShell, Privacy, Security, surveillance, sysadmin, Win10, Win11, Windows

Welcome to Winutil Documentation!

irm "https://christitus.com/win" | iex

Welcome to the official documentation for Winutil, your go-to utility for optimizing and managing your Windows environment. Whether you’re an IT professional, power user, or regular user, Winutil provides a comprehensive set of tools to enhance your Windows experience.

Source: Welcome to Winutil Documentation!

sysadmin, Win10, Win11, Windows

How to Enable Remote Desktop Using PowerShell?

 by 

Recently, one IT team member asked about a PowerShell script to enable remote desktops. In this tutorial, I will explain how to enable Remote Desktop (RDP) using PowerShell with detailed steps.

Table of Contents

Enable Remote Desktop Using PowerShell

Remote Desktop is useful for administrators and users who need to access their computers remotely. Using PowerShell to enable RDP can save time and ensure consistency across multiple machines.

Note: You need administrative privileges on the target machine to enable RDP.

Now, follow the steps to enable remote desktop using PowerShell.

Step 1: Open PowerShell with Administrative Privileges

To enable Remote Desktop, you need to run PowerShell as an administrator. Right-click on the Start menu, select Windows PowerShell (Admin), and click Yes when prompted by User Account Control (UAC).

Step 2: Check the Current RDP Status

Before enabling RDP, it’s a good practice to check if it is already enabled. You can do this by querying the registry:

Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\' -Name "fDenyTSConnections"

If the output is 1, RDP is disabled. If it is 0, RDP is already enabled.

I executed the above PowerShell script on my local machine; you can see the exact output as 1, which means the RDP is disabled.

Enable Remote Desktop Using PowerShell

Step 3: Enable Remote Desktop

To enable Remote Desktop, modify the registry setting and configure the firewall to allow RDP connections. Here’s the PowerShell script to do this:

# Enable RDP
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\' -Name "fDenyTSConnections" -Value 0

# Enable RDP through the firewall
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

This script sets the fDenyTSConnections value to 0 (enabling RDP) and configures the firewall to allow RDP traffic.

Step 4: Verify RDP is Enabled

After running the script, verify that RDP is enabled by checking the registry value again:

Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\' -Name "fDenyTSConnections"

The output should now be 0.

Check out Rename a Computer Using PowerShell

Enable RDP on Multiple Machines using PowerShell

If you need to enable RDP on multiple machines, you can use PowerShell remoting. Here’s an example script to enable RDP on a list of remote computers:

$computers = @("PC1", "PC2", "PC3") # Replace with your computer names

foreach ($computer in $computers) {
    Invoke-Command -ComputerName $computer -ScriptBlock {
        Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\' -Name "fDenyTSConnections" -Value 0
        Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
    }
}

This script loops through a list of computer names and enables RDP on each one.

Check out Get the Windows Version Using PowerShell

Troubleshoot Common Issues

Now, let me tell you some common issues that you might face while enabling RDP using PowerShell.

Issue 1: PowerShell Remoting Not Enabled

If you encounter an error indicating that PowerShell remoting is not enabled, you can enable it using the following command:

Enable-PSRemoting -Force

This command configures the computer to receive remote commands.

Issue 2: Firewall Blocking RDP

If the firewall is blocking RDP, ensure that the necessary firewall rules are enabled. You can manually check the firewall settings or use the following command:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

This command enables the firewall rules for the Remote Desktop.

Now, let me show you some advanced-level settings you can do using PowerShell.

Read Get a List of Installed Programs Using PowerShell

Configure Network Level Authentication (NLA)

Network Level Authentication (NLA) adds an extra layer of security to Remote Desktop connections. To enable NLA, use the following PowerShell script:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\' -Name "UserAuthentication" -Value 1

This script sets the UserAuthentication value to 1, enabling NLA.

Set RDP Port

By default, RDP uses port 3389. If you need to change this port for security reasons, you can do so using PowerShell:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\' -Name "PortNumber" -Value 3390

Replace 3390 with your desired port number. Ensure you update your firewall rules to allow traffic on the new port.