Category: System and Network Admins




Microsoft security compliance toolkit:

Il remplace Security Compliance Manager. Cet outil permet de planifier, créer, et monitorer des baselines de sécurité pour vos postes clients. Le remplacement a été choisi par Microsoft du fait de la complexité de SCM et de la difficulté à maintenir l’outil pour chaque version de Windows. Aujourd’hui, SCT ne supporte pas Desired Configuration Management de System Center Configuration Manager ou SCAP.

Other references:

2012 R2 hardening (CIS):

Windows 10 hardening:




To test SSL/TLS and much more you can use the free online tool from Qualys:

Links related to TLS which I have consulted: Solving the TLS problem ==>

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll ==>

TLS/SSL Settings ==>

Managing SSL/TLS Protocols and Cipher Suites for ADFS:


Windows Admin Center:


You can install Windows Admin Center on the following Windows operating systems:

Version Installation Mode
Windows 10 (1709) Desktop mode
Windows Server, version 1709 Gateway mode
Windows Server 2016 Gateway mode

Desktop Mode: Connect to the Windows Admin Center gateway from the same computer on which it’s installed (for example, https://localhost:6516)

Gateway Mode: Connect to the Windows Admin Center gateway from a client browser on a different machine (for example, https://servername)

This was one of the main blockers of Firefox adoption in the enterprise :


PowerShell remoting with SSH:


How to use SFTP (and SSH) with Powershell?

or Using WinSCP:

Else other:

SFTP powershell snap-in:

and paying software:


example of code using POSH SSH to use SFTP for secure file transfer (certified working! ;)))

$sftpUser = “myaccount”
$sftpServer = “103.x.y.z”
$LocalFile = “d:\data\filetoupload.txt”
$sftpPass = ConvertTo-SecureString -String “ttIJP0YPuPS6” -AsPlainText -Force
$sftpCred = new-object -typename System.Management.Automation.PSCredential -argumentlist $sftpUser, $sftpPass
$sftpSession = New-SFTPSession -ComputerName $sftpServer -Credential $sftpCred

Set-SFTPFile -SFTPSession $sftpSession -LocalFile $Localfile -RemotePath “/tmp/mydirectory/” -Overwrite




Microsoft .net Framework is a software package that is used by many applications, it runs in a software environment as opposed to hardware environment.

Free program called .NET Version Detector ( download here ).

PowerShell: how to get version of .net framework on a remote computer:

To query the local Registry using PowerShell, execute the below command in an elevated PowerShell session.

(Get-ItemProperty ‘HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full’  -Name Release).Release

You can then use the table below to reference the installed version of .NET. For instance, if the returned value is 379893, then .NET 4.5.2 is installed.

Those laptops must run the latest Windows 10 OS with all the new security features and security best practices like:

  • Apply a Hardening Security Baseline from Microsoft Security Compliance Manager (SCM)
  • Enable Secure Boot with UEFI
  • Impose Software Restrictions using AppLocker
  • Enable Full Disk Encryption.
  • Impose Restrictions on USB ports.
  • Implement Network Isolation via host firewall
  • Install and configure the Device Guard, Windows defender ATP or equivalent + Crowdstrike or equivalent
  • Don’t allow Internet access from a browser.
  • Install Minimal Software.
  • Allow Minimal Administrative Accounts (gad-xxxx accounts in our case)
  • Implement a Hardened OU for the PAWs into the GAD of MUCMSPDOM