September 18th, 2019 | Tags:

This script will look for GPOs which have no settings at all and delete them.

Import-Module GroupPolicy
$GPOs = Get-GPO -All
foreach ($GPO in $GPOs)
{
if (($GPO.Computer.DSVersion -eq 0) -and ($GPO.User.DSVersion -eq 0)) {
    write-host $GPO.DisplayName is an empty GPO.
    $GPO.DisplayName | Remove-GPO
    }
}
September 18th, 2019 | Tags:

These policies generally are meant for just computer or user settings. This script will disable the empty settings (for example, if a GPO has only computer setttings, it will disable user settings). This is important as it does speed up performance by not having to process empty policies.

Import-Module GroupPolicy
$GPOs = Get-GPO -All
foreach ($GPO in $GPOs)
{
if (($GPO.Computer.DSVersion -eq 0) -and ($GPO.GpoStatus -ne "ComputerSettingsDisabled")) {
    write-host $GPO.DisplayName has no computer settings and not disabled.  Disabling...
    $GPO.GpoStatus="ComputerSettingsDisabled"
    }
 
if (($GPO.User.DSVersion -eq 0) -and ($GPO.GpoStatus -ne "UserSettingsDisabled")) {
    write-host $GPO.DisplayName has no user settings and not disabled.  Disabling...
    $GPO.GpoStatus="UserSettingsDisabled"
    }
}
September 18th, 2019 | Tags: , ,

Unlinked GPOs are just simply policies that aren’t applied to any OU or site. These policies aren’t

$BackupPath="C:\temp\GPOBackups"
Get-GPO -All | Sort-Object displayname | 
Where-Object { If ( $_ | Get-GPOReport -ReportType XML | 
Select-String -NotMatch "<LinksTo>" )
{
Backup-GPO -name $_.DisplayName -path $BackupPath
$_.DisplayName | Out-File $BackupPath\unlinked.txt -Append
#Outputting the results to the screen
$_.Displayname | Select-Object DisplayName
#Uncomment this when you're ready to delete all the ones the script finds..
# $_.Displayname | remove-gpo
}
}
September 18th, 2019 | Tags:

System Environment

Read more…

September 17th, 2019 | Tags:

A very simple fix can take care of this issue. In this repro, the following applies:

  • I have a rule by GPO scoped to allow RDP to all systems from any IP. This is administrator defined, and cannot be changed.
  • Only the IP 192.168.1.36 will be able to access 192.168.1.39 with RDP
  • No other ports or connectivity will be affected

Read more…

September 5th, 2019 | Tags:

Mound the VHD,将 C:/Windows/System32/osk.exe 做个备份;
将同路径下的cmd.exe重命名为osk.exe;
重启,进入Windows登录界面,选择辅助功能,开启屏幕小键盘;
此时弹出来的是命令提示符,我们新增一个用户,输入
net user 用户名 密码 /add
再将刚才新增的用户添加到管理员组
net localgroup administrators 用户名 /add
重启,使用刚才新增的管理员账户登录吧。

August 15th, 2019 | Tags:

【起因】

zabbix 由于监控条目过多,模板套用不当导致历史数据过大, 因此导致磁盘空间暴涨, 现在准备清理数据库。
Read more…

August 15th, 2019 | Tags:

特别提醒:

a、文中测试的Zabbix版本为 3.0.3 。

b、清理数据属于高危操作,请在测试环境中验证后再执行线上操作!!!

 
Read more…

July 30th, 2019 | Tags:

gpedit.msc
白名单法:
“本地计算机”策略 -> 计算机配置 -> Windows 设置 -> 安全设置 -> 本地策略 -> 用户权利指派 -> 在本地登录
去掉里面所有的用户,只填加你的用户帐号(注:帐号可以是域用户帐号)
这样,这台电脑就只有填加的这个用户能登录了

黑名单法:
“本地计算机”策略 -> 计算机配置 -> Windows 设置 -> 安全设置 -> 本地策略 -> 用户权利指派 -> 拒绝本地登录
效果和上面差不多,在黑名单上的人就不能使用你的电脑了
使用这种方法要注意一点:
不要把本机管理员帐号排除掉

July 20th, 2019 | Tags:

How can I view the allocation unit size of a NTFS partition in Windows?
Read more…