Wednesday, June 20, 2018

PowerShell Get and copy LAPS generated Admin password to clipboard

My new script just get the Administrator password generated by LAPS and save it to clipboard.
You just have to enter the computer name.
The password will be shown in your PS Console and copied to your clipboard.

https://gallery.technet.microsoft.com/Get-and-copy-LAPS-0a9bb700?redir=0

Monday, June 18, 2018

Sunday, May 27, 2018

"CredSSP encryption oracle remediation” error when connect via RDP

Updates

Updates which switches a flag to protect against the CredSSP attack.

Operating system, RollUp, Update
Windows 7 Service Pack 1 / Windows Server 2008 R2 Service Pack 1, KB4103718 (Monthly Rollup) KB4103712 (Security-only update)
Windows Server 2012, KB4103730 (Monthly Rollup), KB4103726 (Security-only update)
Windows 8.1 / Windows Sever 2012 R2, KB4103725 (Monthly Rollup), KB4103715 (Security-only update)
Windows 10 Version 1607 / Windows Server 2016, KB4103723
Windows 10 Version 1703, KB4103731
Windows 10 1709, KB4103727

Solution:

To resolve this issue, the May updates including this patch have to be installed on all Servers and Clients!

Workaround:

If you can´t do this you can apply the following workaround.
Note: After you change the following setting, an unsecure connection is allowed that will expose the remote server to attacks.

Updated clients cannot communicate with non-updated servers
If you installed the May Updates on your DC you can apply a GPO to set these settings.
GPO Path
Computer Configuration > Policies > Administrative Templates > System > Credentials Delegation > Encryption Oracle Remediation
Setting
Change the Encryption Oracle Remediation policy to Enabled, and then change Protection Level to Vulnerable.

or apply the following Regkey
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters] "AllowEncryptionOracle"=dword:00000002


Non-updated clients cannot communicate with patched servers
GPO Path
Computer Configuration > Policies > Administrative Templates > System > Credentials Delegation > Encryption Oracle Remediation
Setting
Change the Encryption Oracle Remediation policy to Enabled, and then change Protection Level to Vulnerable.

or apply the following Regkey
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters] "AllowEncryptionOracle"=dword:00000002

Monday, May 14, 2018

How to find largest files using Powershell


If your hard drive is running out of space, you need to know which files causing this issue!
To establish this we will use Get-ChildItem.
Use the following command to get the top three files.
Get-ChildItem -r| sort -descending -property length | select -first 3 name, Length



The Length will be displayed in Bytes, if you have large files it´s better to display it in Mega Bytes, so let´s calculate the responding property length into MB.
Get-ChildItem -r|sort -descending -property length | select -first 3 name, @{Name="Megabytes";Expression={[Math]::round($_.length / 1MB, 2)}}



Now we get all files, where are these files located? Just select DirectoryName as well, to get it.
Get-ChildItem -r|sort -descending -property length | select -first 3 name, DirectoryName, @{Name="Megabytes";Expression={[Math]::round($_.length / 1MB, 2)}}


Thursday, May 3, 2018

Get and set DFS-R primary member

You can use the following command to get and set the DFSR primary member.

Get which DFSR member is primary member
Dfsradmin Membership List /RGname:<replication group name> /attr:MemName,RFName,IsPrimary

Set the primary member for a replication group
dfsradmin Membership Set /RGName:<replication group name> /RFName:<replication folder name> /MemName:<primary member> /IsPrimary:True

Run "dfsrdiag pollad" to update Active Directory configuration.

Wednesday, April 18, 2018

How to find all AD Users with a specidfic profilepath or homeDirectory


If you try to search for a specific homeDirectory or profilepath that are assigned to users, you have to filter on this path.

Therefore, let´s assume you have a DFS share named \\domain.com\DFSShare\User and in this share you have all homeDirectories. To find all users using this path you could expect that you can use a query like this:
Get-ADUser -Filter "homedirectory -like '\\domain.com\DFSShare\User*'" -Properties homedirectory | select samaccountname, homedirectory

If you run this line, the output will be empty, even if some users using this share as homeDirectory.

Why? A network path has backslashes and a backslash „\” is a special character. Therefore, if you filter on those paths, you have to replace every \ with \5c.

For more information check out the following MS article:

If we do that our PowerShell query looks like this:
Get-ADUser -Filter "homedirectory -like '\5c\5cdomain.com\5cDFSShare\5cUser*'" -Properties homedirectory | select samaccountname, homedirectory

Now we see all users that have a homeDirectory located in \\domain.com\DFSShare\User