Check out my new post on technet:
https://gallery.technet.microsoft.com/Scan-for-Ransomware-and-cb075ccb
Friday, March 18, 2016
Tuesday, March 15, 2016
Protect your systems against Ransomware / CrypVault using GPO
Hi guys,
In this post I will show you how to block the gpg.exe that is used by Ransomware named CrypVault for file encryption.
Create a GPO (I will attach my GPO so you can import the settings!)
User Configuration/Policies/Windows Settings/Software Restriction Policies/Additional Rules
Create Path and Hash Rules for the known gpg.exe Versions.
The virus will not able to execute the tool anymore.
I would recommend to add all gpg.exe hashes to the Policy, because the exclusion of gpg.exe and gpg2.exe will not apply if the EXE will be renamed!
The attached GPO including the paths and all Hashes of gpg.exe up to version 2.3.0.
You can import this GPO by creating a new GPO, right-click it and Select Import Settings. Follow the wizard to import the settings.
Please test before you implement this setting and also verify that this tool is not used by your users.
If your users are using the gpg.exe, you can only restrict the execution to %temp%, because the virus will copy the gpg.exe to this location the most time...
In this post I will show you how to block the gpg.exe that is used by Ransomware named CrypVault for file encryption.
Create a GPO (I will attach my GPO so you can import the settings!)
User Configuration/Policies/Windows Settings/Software Restriction Policies/Additional Rules
Create Path and Hash Rules for the known gpg.exe Versions.
The virus will not able to execute the tool anymore.
I would recommend to add all gpg.exe hashes to the Policy, because the exclusion of gpg.exe and gpg2.exe will not apply if the EXE will be renamed!
The attached GPO including the paths and all Hashes of gpg.exe up to version 2.3.0.
You can import this GPO by creating a new GPO, right-click it and Select Import Settings. Follow the wizard to import the settings.
Please test before you implement this setting and also verify that this tool is not used by your users.
If your users are using the gpg.exe, you can only restrict the execution to %temp%, because the virus will copy the gpg.exe to this location the most time...
Wednesday, March 9, 2016
Monday, March 7, 2016
Unlock AD User account using Powershell after entering the username
This script is to unlock an AD user account after entering the username.
You have to enter the username and after that the account will be unlocked.
If the account is not locked out you will receive a message that the account is not locked out.
SCRIPT DOWNLOAD
You have to enter the username and after that the account will be unlocked.
If the account is not locked out you will receive a message that the account is not locked out.
SCRIPT DOWNLOAD
Labels:
Active Directory,
Powershell,
User Accounts
Thursday, March 3, 2016
Check AD User Credentials based on entered username using Powershell
This script is to verify credentials for a specified user.
After you run this script you have to enter the username and password.
Find attached a screenshot how the outputs should look like ->
Download the script
If you want to verify multiple AD user accounts you can use my other script.
After you run this script you have to enter the username and password.
Find attached a screenshot how the outputs should look like ->
Download the script
If you want to verify multiple AD user accounts you can use my other script.
Labels:
Active Directory,
LDAP,
Powershell,
User Accounts
Subscribe to:
Posts (Atom)