Set a desktop wallpaper using Group Policy

So, we are in an Windows Active Directory environment and we want to deploy the same wallpaper for all the users in the domain.

First, we need the create a share, readable by all the users, and put the wallpaper image inside that share. The share can be on the DC itself or on another domain-joined server.

Next step, we go to the DC, open Group Policy Management, select the domain and create a new GPO:

We give a name to the GPO and save it. Next, we right click on the newly created GPO and select Edit:

In the editor, we navigate to User Configuration – Policies – Administrative Templates – Desktop – Desktop:

On the list of policies, we open the one called Desktop Wallpaper and do two things:

  1. indicate the path and the name of the image
  2. enable the policy

Click OK and we’re done.
Note that it will take a log off / log on cycle on the client pc to see the policy in action.
The policy can be further customized according to some specific needs, but the basics are here.

Have fun!

Adding free SSL certificate in Ubuntu with Let’s Encrypt

So, we have a Virtual Private Server (I prefer Digital Ocean) hosting a website or a WordPress blog, and we want to look serious by adding an SSL certificate, so the visitors could use https instead of http.

There are a couple of easy steps to do that. First, I will assume you only have one site on that VPS, so no virtual hosts are set up. First two commands are for installing certbot:

sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt-get install python-certbot-apache

Next, we will obtain an SSL certificate:

sudo certbot –apache -d -d

Of course, we need to replace with the actual name of the domain.

Enter your email address, then agree with the Terms of Service.

When asked if we want to redirect all http traffic to https, answer yes by choosing number 2.

Also, when asked about the virtual host, choose the second one (since we don’t have virtual hosts configured), that is the one with our domain name next to it. In my case, the virtual host file was named 000-default-le-ssl.conf

Once the certificate is successfully installed, run this:

sudo certbot renew –dry-run

If we see no errors, then the auto-renewal is enabled.

Now, there is a glitch to this: The browser might show a yellow exclamation mark, like this:

If the website already has images or other internal links on it, the URL’s that points to those images have to be changed to https://path_to_image. Yes, just by adding an s to the link, nothing else. So, it is a better practice to add the certificate before deploying the website or installing WordPress.

If all is done, the browser will give a green light. Like this:

Warning messages after installing Nextcloud server

In a previous post, we installed Nextcloud on Ubuntu Server 16.04 LTS. All good, but once we go to User  – Settings – Basic Settings we see several messages written in red, telling us we need to perform additional tasks.

Now, Nextcloud will work without those corrections, but if we want maximum responsiveness from our server, it’s better to take care of them. Let’s start with the first one:

Your data directory and your files are probably accessible from the internet. Your .htaccess files is not working.

Log in to the server and make a small change in the apache2.conf file:

sudo nano /etc/apache2/apache2.conf

Look for those lines:

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted

Replace None with All. Then save and close the file and restart the apache service:

sudo service apache2 restart

The first warning message is gone. We are going to ignore the second message (Accessing site insecurely via HTTP), since our server is not public and it doesn’t have a domain name, so it doesn’t need and can’t have an SSL certificate.

No memory cache has been configured. To enhance performance, please configure a memcache

We start by installing APCu and Redis to enable caching. That will make our server faster when displaying media files and generating thumbnails:

sudo apt-get install php-apcu redis-server php-redis
sudo nano /etc/redis/redis.conf

In the file, make the following changes:

  • port 6379 to port 0
  • uncomment the line:   unixsocket /var/run/redis/redis.sock
  • uncomment the line:   unixsocketperm 700
  • on the same line, change 700 to 770

Save and close the file, then add the apache user www-data to the redis group, then restart apache service and start the redis service:

sudo usermod -a -G redis www-data
sudo service apache2 restart
sudo service redis-server start
sudo systemctl enable redis-server

Next, we open the Nextcloud configuration file:

sudo nano /var/www/html/nextcloud/config/config.php

Add the following block of code at the end of the file, BEFORE the last closing bracket:

‘memcache.local’ => ‘\OC\Memcache\Redis’,
‘memcache.locking’ => ‘\OC\Memcache\Redis’,
‘filelocking.enabled’ => ‘true’,
‘redis’ =>
array (
‘host’ => ‘/var/run/redis/redis.sock’,
‘port’ => 0,
‘timeout’ => 0.0,

Reboot the server for the configuration to take effect.

The PHP OPcache is not properly configured

Open the php.ini configuration file:

sudo nano /etc/php/7.0/apache2/php.ini

Find each one of the following lines, un-comment them and change the settings according to the indications in the warning message. (The Ctr-W combination in the nano editor will help with the search):


There is one more consideration. The maximum file size for uploads is set to 2 MB, which is way too small for a photo or a video. So let’s change that to something bigger, like 1 GB or more. In the same file, find and change those two lines:

upload_max_filesize = 1024M
post_max_size = 1050M

We put the second value a little big bigger, to avoid errors when uploading a file that is EXACTLY 1 GB in size.

One more apache2 restart and we’re done.

How to set up a VPN client in Windows 10

In this short post, we will connect to the VPN server we configured in my other post from a remote computer running Windows 10.

First, we go to Network and Sharing Center, by right-clicking on the Network icon on the desktop and selecting Properties. Next, we select Set up a new connection or network:

Select Connect to a workplace:

Enter your public IP address (or the host name, if you have a dynamic IP and are using a service like NoIP)

Once the VPN connection has been created, we need to change one setting, so we go back to Network Connections and access the properties. Select Use Extensible Authentication Protocol, and click OK.

Double click on the VPN connection, enter your credentials and you’re done.

Now, remember: this connection will only work if you followed my tutorial about setting up VPN in Windows Server 2012 R2, and used the exact same settings. If you set up the VPN server with different security settings, then you will have to set the client accordingly.

Adding VPN role in Windows Server 2012 R2

In this post, we will enable and configure VPN role in Windows Server 2012 R2.

It is a good practice to do that in an Active Directory domain, preferably on a dedicated machine that is a member server, but not a domain controller.

First step is to add the role in Server Manager:

Enable the Remote Access role:

Leave the Features as they are and click Next:

Follow the wizard using the default settings.
Once finished, go back to Server Manager – Tools – Routing and Remote Access. Right click on the name of the server, and select Configure and Enable Routing and Remote Access:

Select Custom configuration and enable the VPN Access service:

Follow the wizard until the end. Then, click on the server name and select Properties:

Navigate to Security tab, and click on Authentication Methods:

Make sure to select the EAP Protocol and MS-CHAP version 2:

Next, we need to enable the PPTP Passthrough (also known as GRE) in the router, and also forward the 1723 TCP port to the IP address of the VPN server.

Last thing to do is allow the two protocols thru the server’s firewall:

Every user that is allowed to connect to that VPN needs to have the Dial-In feature in Active Directory set to Allow access:

This is the most simple setup for a Windows VPN. You can play further with settings to increase security, but the basics are here. Have fun !

Check out my other post about setting up a VPN client in Windows 10.

Error message on MSI workstation: We can’t find your camera

So, I had to troubleshoot an error message on a mobile workstation from MSI. The camera wasn’t detected. Not just a missing driver or a yellow exclamation mark in Device Manager, but nothing. Nada. Here is the error message:

I was sure the camera was simply dead. But, after troubleshooting the issue for a couple of hours, i felt like dumb when I discovered that the camera can be enabled/disabled by pressing Fn+F6. Pressed the combination and, voila!

Apparently, MSI has a hardware switch, and Windows 10 doesn’t know if the camera is there, but it’s disabled, like you disable an Ethernet adapter and still see it grayed out.

Simple three columns responsive website template

This is a sample HTML file that I would use if I want to build a very basic HTML website by hand. It was created by the guys at

It’s only the skeleton that everyone can use to start a website using nothing but HTML and CSS. It looks like this:

The left and right columns take 25% of the width, and the middle column takes 50%. When viewing the page on mobile devices, the right column goes to the bottom of the page, making room for the other two. The left column usually has an Item Menu, and the middle column has the actual content of the articles. That is what designers call a responsive design.

Many more lines of code and custom CSS can be added after that, according to everyone’s taste. But the basics are there.
The file can be downloaded here: Three columns website

Happy coding!