Category: Windows Server/Client




Microsoft security compliance toolkit:

Il remplace Security Compliance Manager. Cet outil permet de planifier, créer, et monitorer des baselines de sécurité pour vos postes clients. Le remplacement a été choisi par Microsoft du fait de la complexité de SCM et de la difficulté à maintenir l’outil pour chaque version de Windows. Aujourd’hui, SCT ne supporte pas Desired Configuration Management de System Center Configuration Manager ou SCAP.

Other references:

2012 R2 hardening (CIS):

Windows 10 hardening:




How to change Users folder from default location to the D: drive ?


Note: You Change All Users Profile Path. For That You Have To Change “ProfileDirectory” Path From ProfileList key (see above). Its Applicable For New User Login !





To test SSL/TLS and much more you can use the free online tool from Qualys:

Links related to TLS which I have consulted: Solving the TLS problem ==>

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll ==>

TLS/SSL Settings ==>

Managing SSL/TLS Protocols and Cipher Suites for ADFS:

A colleague of mine found this interesting article:


GPO Basics:

1) Structure of a GPO:

Group Policy Container (GPC) which exists in Active Directory

and the Group Policy Template (GPT) where the actual content of your GPOs resides.

A third component, known as Client-Side Extensions (CSEs) can be found on client devices and are necessary for them to properly process the Group Policies assigned to them.


2) GPO processing (LSDOU):


3) GPO troubleshooting:


GPO management with PowerShell:

Powershell – how to translate a GPO GUID to Name?

Get-GPO -GUID “{AD7E3746-7135-496B-A1F5-B5B11871F96F}”

Powershell – how list all GPOs?

Get-GPO -all

Get-GPo -all | ft -autosize

Get-GPO -all | out-gridview

Powershell – how many GPOs?

(get-gpo -all).count

Powershell – how to translate a GPO Name to GUID?

PS Z:\ADGPO management> Get-GPO -all | where {$ -like “bd9df1be-3663-4cb4-bb71-35f7e27c691f”} | select id,displayname | ft -autosize

Id                                   DisplayName
—                                   ———–
bd9df1be-3663-4cb4-bb71-35f7e27c691f Corporate-A-All-Settings-Restore


Powershell – create and link a GPO?


PS C:\> Get-GPStarterGPO -Name “Laptops”
Next, you can use the New-GPO cmdlet to create the new GPO from your Starter GPO as follows:

PS C:\> New-GPO -Name “France-Laptops” -StarterGpoName “Laptop”

Finally, you can link the new GPO to the targeted OU as follows:

PS C:\> New-GPLink -Name “France-Laptops” -Target “ou=computers,ou=France,dc=hq,dc=mydomain,dc=com”

Alternatively, by using the Windows PowerShell pipeline feature, you can create and link the GPO using a single command.


Windows Admin Center:


You can install Windows Admin Center on the following Windows operating systems:

Version Installation Mode
Windows 10 (1709) Desktop mode
Windows Server, version 1709 Gateway mode
Windows Server 2016 Gateway mode

Desktop Mode: Connect to the Windows Admin Center gateway from the same computer on which it’s installed (for example, https://localhost:6516)

Gateway Mode: Connect to the Windows Admin Center gateway from a client browser on a different machine (for example, https://servername)

PowerShell remoting with SSH:


How to use SFTP (and SSH) with Powershell?

or Using WinSCP:

Else other:

SFTP powershell snap-in:

and paying software:


example of code using POSH SSH to use SFTP for secure file transfer (certified working! ;)))

$sftpUser = “myaccount”
$sftpServer = “103.x.y.z”
$LocalFile = “d:\data\filetoupload.txt”
$sftpPass = ConvertTo-SecureString -String “ttIJP0YPuPS6” -AsPlainText -Force
$sftpCred = new-object -typename System.Management.Automation.PSCredential -argumentlist $sftpUser, $sftpPass
$sftpSession = New-SFTPSession -ComputerName $sftpServer -Credential $sftpCred

Set-SFTPFile -SFTPSession $sftpSession -LocalFile $Localfile -RemotePath “/tmp/mydirectory/” -Overwrite