Tag: XML

How to Migrate or Import VM from Windows Server 2008 R2 to Windows Server 2012 R2?

This is my first time doing VM migration or import/export of VM from server 2008 R2 to server 2012 R2. At first, I used the export function from the Hyper-V in server 2008 R2 and I notice the export result was different from the server 2012 R2. Thus, when I try to import the VM from server 2008 R2 to server 2012 R2, it was unable to recognize.

Always make a backup copy! Don’t modify the original!

This is because 2008 or 2008 R2 are legacy servers, and choosing the export feature to export the VM will result of export EXP file instead of XML file. In server 2012 R2, VM that is exported has XML file.

The best way to import VM from legacy server is to copy the entire VM folder to server 2012 R2. When I mean entire VM folder, means its VHD and etc..

This VM that I am importing does not have any checkpoints or snapshot, so I am unsure that do you required to delete the copied snapshots before you import.

So what I did was,

  1. At server 2008 R2, shut down the VM
  2. Locate the entire Data folder of the VM in File Explorer
  3. Right click the folder > Properties > Share > Advanced Sharing > Add the specific user account (server 2012 R2) and the computer (server 2012 R2) > Full Control
    • Is up to your choice on how you want your destination server to retrieve the source information (VM), it could be via a Network Share, a USB, or an external Hard Disk
  4. At server 2012 R2, open file explorer
  5. At the top bar, type “\\<2008 R2 server name/IP address>\<vm folder name>\”
  6. Copy the entire folder and paste it into server 2012 R2 (your comfortably location/driver/directory)
  7. Remember to remove the share permission of the folder in server 2008 R2, after you finish copying the folder  from server 2008 R2 to server 2012 R2
  8. Create a new folder in server 2012 R2 and rename it as your actual/original VM’s folder naming in server 2008 R2, this folder will be the new location of your VM
  9. Go to Hyper-V in server 2012 R2 > select the Import Virtual Machine at the right side bar
  10. Browse and locate the VM folder that you just copied
  11. Select the import type “Copy the virtual machine“, this allows you to create a new unique ID of the virtual machine and also allows you to choose your new location to store this VM in sever 2012 R2
    • Capture
  12. Make sure the new location are browse to the new folder that you just created in server 2012 R2
  13. Then you click next > finish and wait for the importing to complete
  14. Make sure the VM in server 2008 R2 is Shut down
  15. Start or Boot up the VM in server 2012 R2 (If required to change IP address of the VM then change)
  16. Everything is fine and monitor for 48 hours, then only decide to remove the VM in server 2008 R2

 

After import the VM, Hyper-V do not start the VM automatically. You have to start the VM manually, after import completed.

Office 365 Custom DLP: How to create custom Sensitive Information?

Yes this is interesting topic for me because it involve programming! I will make this topic as simple as learning alphabet, because I will be showing you the importance on how to create your very own DLP sensitive information. DLP templates are come in the form of xml file format.

*Note: You may need to spend some time in this. Practice makes perfect result.

Importance that you must include into your xml are:

  1. Rule
  2. Entity
  3. Pattern
  4. Identity Match/Id Match/Format/RegularExpression

#This is the flow chart

Rule -> Entity -> Pattern -> Identity Match/Format/Regular Expression

Ok, now you know what are the importance, next will be things you need to take note on the “importance” that can have multiple section. That is “Pattern” & “Identity Match”. You can only have 1 rule consist with 1 Entity, where that Entity can have multiple unique pattern types and each pattern can have its own unique ID Match.

Below is a sample of my code on how it looks like in xml;

*Note: You have to change the GUID of the highlighted red parts, as you can see there are 4 GUIDs, but only 2 GUID are the same. To get new GUID, you simple have to open your PowerShell and type the command “[guid]::newguid()”.

<?xml version="1.0" encoding="UTF-8"?>
<RulePackage xmlns="http://schemas.microsoft.com/office/2011/mce">
<!-- Need to change guid, rule package guid, [guid]::newguid()-->
<RulePack id="872155dc-1234-4e3e-a10d-x"> 
<Version build="0" major="1" minor="0" revision="0"/> 
<!-- Need to change guid, publisher guid --> 
<Publisher id="6907d14a-1234-4023-87cd-x"/> 
<Details defaultLangCode="en-us"> <LocalizedDetails langcode="en-us"> <PublisherName>Company Group</PublisherName> 
<Name>ID Custom Rule Pack</Name>
<Description> This rule package contains the custom ID entity. </Description> </LocalizedDetails> 
</Details>
</RulePack>

<!--This orange part, is your rule type-->
<Rules>
<!-- ID --> 
<!--This blue part, is your entity-->
<!-- need to change guid, entity guid--> 
<Entity id="b660289d-189e-1234-9e0a-x" patternsProximity="300" recommendedConfidence="70">
<!--This green part, is your pattern type-->
<Pattern confidenceLevel="80"> 
<!--This purple part, is your Identity match name-->
<IdMatch idRef="Regex_id1"/> 
</Pattern>
<Pattern confidenceLevel="80">
<IdMatch idRef="Regex_id2"/> 
</Pattern> 
</Entity>

<!--This pink part is your Regular Expression-->
<!--Format: AB-C-DE-FGH--> 
<Regex id="Regex_id1">(\d{2})[-](\d{1})[-](\d{2})[-](\d{3})</Regex> 
<!--Format: ABCDEFGMANNN -->
<Regex id="Regex_id2">(\d{7})[mM][a-zA-Z](\d{3})</Regex> 

<LocalizedStrings> 
<!-- Resource guid same as rule guid --> 
<Resource idRef="b660289d-189e-1234-9e0a-x">
<Name default="true" langcode="en-us">ID</Name>
<Description default="true" langcode="en-us"> A custom classification for detecting IDs. </Description> 
</Resource> 
</LocalizedStrings>

</Rules>

</RulePackage>

The above xml consist of 2 patterns both are set with accuracy of 80%, means if DLP scanned your mail/sharepoint/onedrive consist what is inside the pattern and has 80% match percentage will trigger the rule. Inside each pattern consist unique identity which name “Regex_id1”  and “Regex_id2”. After that, is comes to setting the format for each unique identities. As you can see above, the format i had state in the comment.

*Note: The code above doesn’t limit your needs, you could play around with what you wish to include, such as keywords, false positive, or etc.. You could learn more about twerking around the codes by reading below references. You can also use any online tester site to test out regex of your code .

References:

  1. https://support.office.com/en-us/article/Create-a-custom-sensitive-information-type-82c382a5-b6db-44fd-995d-b333b3c7fc30
  2. https://docs.microsoft.com/en-us/dotnet/standard/base-types/regular-expression-language-quick-reference
  3. https://justaucguy.wordpress.com/2014/11/21/adventures-in-custom-dlp-rules-part-one/