Category: Windows Server/Client


https://dnschecker.org

 

https://www.whois.net/

 

https://mxtoolbox.com/

 

https://whatismyipaddress.com/

 

http://ping-test.org/

 

https://www.portcheckers.com/

 

 

Advertisements

Microsoft security compliance toolkit:

Il remplace Security Compliance Manager. Cet outil permet de planifier, créer, et monitorer des baselines de sécurité pour vos postes clients. Le remplacement a été choisi par Microsoft du fait de la complexité de SCM et de la difficulté à maintenir l’outil pour chaque version de Windows. Aujourd’hui, SCT ne supporte pas Desired Configuration Management de System Center Configuration Manager ou SCAP.

https://www.microsoft.com/en-us/download/details.aspx?id=55319

Other references:

2012 R2 hardening (CIS):

https://www.cisecurity.org/wp-content/uploads/2017/04/CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0.pdf

Windows 10 hardening:

https://www.asd.gov.au/publications/protect/Hardening_Win10.pdf

 

 

 

How to change Users folder from default location to the D: drive ?

Computer\HKEY_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList

Note: You Change All Users Profile Path. For That You Have To Change “ProfileDirectory” Path From ProfileList key (see above). Its Applicable For New User Login !

Article:

https://www.quora.com/How-could-I-change-my-user-folder-default-location-from-C-to-D-in-Windows-10

 

 

 

To test SSL/TLS and much more you can use the free online tool from Qualys:

https://www.ssllabs.com/ssltest/index.html

Links related to TLS which I have consulted: Solving the TLS problem ==> https://www.microsoft.com/en-us/download/details.aspx?id=55266

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll ==> https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc

TLS/SSL Settings ==> https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx#BKMK_SchannelTR_TLS10

Managing SSL/TLS Protocols and Cipher Suites for ADFS:

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

https://jorgequestforknowledge.wordpress.com/2017/03/01/hardening-disabling-weak-ciphers-hashes-and-protocols-on-adfs-wap-aad-connect/

 

https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-for-IT-pros-in-Windows-10-version-1803/ba-p/188568

A colleague of mine found this interesting article:

https://blogs.msdn.microsoft.com/chiranth/2013/09/20/ntlm-want-to-know-how-it-works/

 

GPO Basics:

1) Structure of a GPO:

Group Policy Container (GPC) which exists in Active Directory

and the Group Policy Template (GPT) where the actual content of your GPOs resides.

A third component, known as Client-Side Extensions (CSEs) can be found on client devices and are necessary for them to properly process the Group Policies assigned to them.

ref: http://blogs.technet.com/b/musings_of_a_technical_tam/archive/2012/02/13/understanding-the-structure-of-a-group-policy-object.aspx

2) GPO processing (LSDOU):

ref: http://blogs.technet.com/b/musings_of_a_technical_tam/archive/2012/02/15/understanding-the-structure-of-a-group-policy-object-part-2.aspx

3) GPO troubleshooting:

http://social.technet.microsoft.com/wiki/contents/articles/22457.10-common-problems-causing-group-policy-to-not-apply.aspx

https://technet.microsoft.com/en-us/magazine/ccba8171-2b4a-4437-ab45-bbdee8323ee2

 

GPO management with PowerShell:

Powershell – how to translate a GPO GUID to Name?

Get-GPO -GUID “{AD7E3746-7135-496B-A1F5-B5B11871F96F}”

Powershell – how list all GPOs?

Get-GPO -all

Get-GPo -all | ft -autosize

Get-GPO -all | out-gridview

Powershell – how many GPOs?

(get-gpo -all).count
203

Powershell – how to translate a GPO Name to GUID?

PS Z:\ADGPO management> Get-GPO -all | where {$_.id -like “bd9df1be-3663-4cb4-bb71-35f7e27c691f”} | select id,displayname | ft -autosize

Id                                   DisplayName
—                                   ———–
bd9df1be-3663-4cb4-bb71-35f7e27c691f Corporate-A-All-Settings-Restore

 

Powershell – create and link a GPO?

 

PS C:\> Get-GPStarterGPO -Name “Laptops”
Next, you can use the New-GPO cmdlet to create the new GPO from your Starter GPO as follows:

PS C:\> New-GPO -Name “France-Laptops” -StarterGpoName “Laptop”

Finally, you can link the new GPO to the targeted OU as follows:

PS C:\> New-GPLink -Name “France-Laptops” -Target “ou=computers,ou=France,dc=hq,dc=mydomain,dc=com”

Alternatively, by using the Windows PowerShell pipeline feature, you can create and link the GPO using a single command.

https://cloudblogs.microsoft.com/windowsserver/2018/03/20/introducing-windows-server-2019-now-available-in-preview/?MC=WinServer&MC=MSAzure&MC=SysMagSof&MC=Windows&MC=Virtual

 

Windows Admin Center:

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/overview

https://blogs.technet.microsoft.com/servermanagement/2018/04/12/windows-admin-center-formerly-project-honolulu-is-now-generally-available/

https://cloudblogs.microsoft.com/windowsserver/2018/04/12/announcing-windows-admin-center-our-reimagined-management-experience/

Installation:

You can install Windows Admin Center on the following Windows operating systems:

Version Installation Mode
Windows 10 (1709) Desktop mode
Windows Server, version 1709 Gateway mode
Windows Server 2016 Gateway mode

Desktop Mode: Connect to the Windows Admin Center gateway from the same computer on which it’s installed (for example, https://localhost:6516)

Gateway Mode: Connect to the Windows Admin Center gateway from a client browser on a different machine (for example, https://servername)

PowerShell remoting with SSH:

https://docs.microsoft.com/en-us/powershell/scripting/core-powershell/ssh-remoting-in-powershell-core?view=powershell-6

========================================================================================

How to use SFTP (and SSH) with Powershell?

http://www.powershellmagazine.com/2014/07/03/posh-ssh-open-source-ssh-powershell-module/

https://github.com/darkoperator/Posh-SSH

or Using WinSCP: http://winscp.net/eng/docs/library_powershell#using_from_powershell

Else other:

SFTP powershell snap-in: http://www.k-tools.nl/index.php/download-sftp-powershell-snap-in/

and paying software: http://www.powershellserver.com/download/

 

example of code using POSH SSH to use SFTP for secure file transfer (certified working! ;)))

$sftpUser = “myaccount”
$sftpServer = “103.x.y.z”
$LocalFile = “d:\data\filetoupload.txt”
$sftpPass = ConvertTo-SecureString -String “ttIJP0YPuPS6” -AsPlainText -Force
$sftpCred = new-object -typename System.Management.Automation.PSCredential -argumentlist $sftpUser, $sftpPass
$sftpSession = New-SFTPSession -ComputerName $sftpServer -Credential $sftpCred

Set-SFTPFile -SFTPSession $sftpSession -LocalFile $Localfile -RemotePath “/tmp/mydirectory/” -Overwrite