September 18th, 2019 | Tags:

Sources of Free S/MIME Certificates

Free certificates usable for S/MIME are available from:

  • Actalis
  • CAcert (CAcert is NOT one of the trusted authorities built-in to FireFox and ThunderBird. The connection is also untrusted)
  • Comodo (They’ve changed their name to Sectigo and no longer offer free S/MIME certificates/)
  • GlobalSign (No longer offer free certificates)
  • InstantSSL (free certificate is now a 30 day trial)
  • Secorio (Affiliated Partner of Sectigo (formerly called Comodo) that links to InstantSSL if you want a free certificate)
  • StartCom (StartCom certificates have been revoked by Mozilla) [1]
  • Wosign (WoSign certificates have been revoked by Mozilla)

Currently only Actalis seems to offer a free S/MIME certificate for personal use that is good for one year. Everybody else appears to offer a free certificate for personal use for only 30 days, or require you to buy one. It can also cost money to revoke a free certificate. [2]

Let’s Encrypt does not currently offer S/MIME certificates. See https://community.letsencrypt.org/t/s-mime-certificates/153 for a thread explaining why you can’t use their SSL/TLS certificates for S/MIME.

September 18th, 2019 | Tags:
If you would like to restrict Remote Desktop access to your Dedicated server to an IP address or range of IP addresses, you can do so by following the instructions below.
Edit Existing Firewall Rule

Read more…

September 18th, 2019 | Tags:

https://gallery.technet.microsoft.com/Windows-Backup-wbadmin-2014479e

September 18th, 2019 | Tags:

Block 1: Connect to the WSUS server and set the configuration.
We are first going to set the property “Download update files to this server only when updates are appoved”, turn off all update languages, and then set the only update language to English. At the end, this would all be pointless if we didn’t commit our changes with .Save.

Of course there are a lot more things you can do, just let intellisense go to work for you.

$wsus = Get-WSUSServer -Name wsus.domain.local -PortNumber 8530
$wsusConfig = $wsus.GetConfiguration()
$wsusConfig.DownloadUpdateBinariesAsNeeded = $True
$wsusConfig.AllUpdateLanguagesEnabled = $false
$wsusConfig.SetEnabledUpdateLanguages("en")
$wsusConfig.Save()

Block 2: Verifying an Auto-Approval rule is set and enabled.
In this example, we are simply going to check and see if “My Approval Rule” is created, and enabled. Read more…

September 18th, 2019 | Tags:

This script will look for GPOs which have no settings at all and delete them.

Import-Module GroupPolicy
$GPOs = Get-GPO -All
foreach ($GPO in $GPOs)
{
if (($GPO.Computer.DSVersion -eq 0) -and ($GPO.User.DSVersion -eq 0)) {
    write-host $GPO.DisplayName is an empty GPO.
    $GPO.DisplayName | Remove-GPO
    }
}
September 18th, 2019 | Tags:

These policies generally are meant for just computer or user settings. This script will disable the empty settings (for example, if a GPO has only computer setttings, it will disable user settings). This is important as it does speed up performance by not having to process empty policies.

Import-Module GroupPolicy
$GPOs = Get-GPO -All
foreach ($GPO in $GPOs)
{
if (($GPO.Computer.DSVersion -eq 0) -and ($GPO.GpoStatus -ne "ComputerSettingsDisabled")) {
    write-host $GPO.DisplayName has no computer settings and not disabled.  Disabling...
    $GPO.GpoStatus="ComputerSettingsDisabled"
    }
 
if (($GPO.User.DSVersion -eq 0) -and ($GPO.GpoStatus -ne "UserSettingsDisabled")) {
    write-host $GPO.DisplayName has no user settings and not disabled.  Disabling...
    $GPO.GpoStatus="UserSettingsDisabled"
    }
}
September 18th, 2019 | Tags: , ,

Unlinked GPOs are just simply policies that aren’t applied to any OU or site. These policies aren’t

$BackupPath="C:\temp\GPOBackups"
Get-GPO -All | Sort-Object displayname | 
Where-Object { If ( $_ | Get-GPOReport -ReportType XML | 
Select-String -NotMatch "<LinksTo>" )
{
Backup-GPO -name $_.DisplayName -path $BackupPath
$_.DisplayName | Out-File $BackupPath\unlinked.txt -Append
#Outputting the results to the screen
$_.Displayname | Select-Object DisplayName
#Uncomment this when you're ready to delete all the ones the script finds..
# $_.Displayname | remove-gpo
}
}
September 18th, 2019 | Tags:

System Environment

Read more…

September 17th, 2019 | Tags:

A very simple fix can take care of this issue. In this repro, the following applies:

  • I have a rule by GPO scoped to allow RDP to all systems from any IP. This is administrator defined, and cannot be changed.
  • Only the IP 192.168.1.36 will be able to access 192.168.1.39 with RDP
  • No other ports or connectivity will be affected

Read more…

September 5th, 2019 | Tags:

Mound the VHD,将 C:/Windows/System32/osk.exe 做个备份;
将同路径下的cmd.exe重命名为osk.exe;
重启,进入Windows登录界面,选择辅助功能,开启屏幕小键盘;
此时弹出来的是命令提示符,我们新增一个用户,输入
net user 用户名 密码 /add
再将刚才新增的用户添加到管理员组
net localgroup administrators 用户名 /add
重启,使用刚才新增的管理员账户登录吧。