Category: Technical Reference

PowerShell: Drop (remove) the last character from a string

Drop (remove) the last character from a string: $ComputerName = ‘DCCOMP01$’ $ComputerName = $ComputerName.Substring(0,$ComputerName.Length-1) $ComputerName Result is “DCCOMP01″. This works especially well when the last character is a special PowerShell reserved one like “$”.

Installing Kali Linux on Windows 8 Hyper-V

Installing Kali Linux on Windows 8 Hyper-V (Windows 8.1 includes improvements to the Hyper-V platform) Installing Hyper-V: Requirement: Windows 8 Pro or Windows 8 Enterprise which include Client Hyper-V. Requirement: Your computer processor must support virtualization technology (VT), though most processors in the past 5 years support VT (pretty much all Intel i-series processors, i3, …

Continue reading

Microsoft Enhanced Mitigation Experience Toolkit (EMET) 5 Protection Methods

Microsoft Enhanced Mitigation Experience Toolkit (EMET) v5 security technology which I outlined in a previous post has several protection methods which will be detailed here. According to my sources at Microsoft 😉, EMET can be installed on workstations and servers (testing is always highly recommended before placing in production). Given the tremendous security improvements when …

Continue reading

Microsoft EMET 5 Released

Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) is a free download from Microsoft that enhances Windows security by preventing common malware and exploitation software methods. It does need to be well-tested before deployment, but there are several legacy Windows methods leveraged by malware to get into a system and take control. Installing EMET provides very strong protection …

Continue reading

Removing an Orphan (inactive) Active Directory Domain

Removing an Orphan (inactive) Active Directory Domain One of my customers has a forest with several domains, one of which hasn’t been used in a while (call it domain “RedShirt”). The 2 Domain Controllers in the domain, “RedShirt” both tombstoned. Yes, I know, how does that happen? ALWAYS monitor your environment. Since the domain hasn’t …

Continue reading

PowerShell: One-liners to Get You Started

Some of the scenarios covered in the blog post: The server rebooted recently – who did it and when exactly? Is there an easy way to see if KB2862152 is installed? I need to backup all of the GPOs in the domain every day What are the IP settings on my system(s)? What are the …

Continue reading

New 2012 SIDs cause lookup issues for older clients

The crux of the issue is that Windows Server 2012 (and above) introduce two new SIDs. The problem is that Windows 7 and Windows Server 2008 R2 clients do not know about these SIDs because when they (Windows 7 and 2008 R2) were written these particular SIDs didn’t exist. References: http://blogs.technet.com/b/askpfeplat/archive/2014/06/30/troubleshooting-windows-server-2012-r2-domain-controller-new-sids-a-real-world-example.aspx http://support.microsoft.com/kb/2830145

RODC Trick: Remove a User’s Password from a RODC without forcing the user to change her password

TechNet (RODC FAQ) states: How can you clear a password that is cached on an RODC? There is no mechanism to erase passwords after they are cached on an RODC. If you want to clear a password that is stored on an RODC, an administrator should reset the password in the hub site. This way, …

Continue reading

PowerShell: Determine PowerShell Version

$PSVersionTable.PSVersion If the variable doesn’t exist, then the system is running version 1.0.

LSASS Crashing, CNF Objects May Be the Cause

What Happens and How Do I Know if I’m Affected? When CNF mangled NTDS settings objects are created, the Lsass.exe process may crash and unexpectedly reboot one or more domain controllers. So there is a pretty good chance you’ll know about it. You may not know the root cause of the crash. More specifically though …

Continue reading