I improve security for enterprises around the world working for TrimarcSecurity.com Read the About page (top left) for information about me. :) https://adsecurity.org/?page_id=8
Sean Metcalf
Author's posts
Jun 20 2014
PowerShell: Identifying Cloned Computers by CMID or SID
Here’s the PowerShell command for identifying the computer SID by finding local accounts: Get-WmiObject -class Win32_UserAccount This command shows the Information for the first account in the list which should be local: (Get-WmiObject -class Win32_UserAccount)[0] Here’s a PowerShell command to run on each of the servers. If the result is the same, they have the …
Jun 17 2014
57 Tips Every Admin Should Know
GFI’s 57 Tips Every Admin Should Know: The longer a person serves as a network admin, the more tips and tricks they are likely to pick up along the way. Some could be shortcuts, others might seem like magic, but all are intended to save you time and help you solve problems. Assume that all …
Jun 12 2014
New APT Approaches
The Trend Micro Security Intelligence Blog has an interesting article on how hackers are using legitimate tools as part of APT attacks. In our 2013 predictions, we noted how malware would only gradually evolve without much in the way of significant change. This can be seen in the use of some (otherwise legitimate) hacking tools …
Jun 10 2014
PowerShell 101: PowerShell Guide/CheatSheet
Michael Sorens has put together a comprehensive guide to using PowerShell: This series of articles evolved out of my own notes on PowerShell as I poked and prodded it to show me more. As my collection burgeoned, I began to organize them until I had one-line recipes for most any simple PowerShell task. Simple, though, …
Jun 05 2014
Great InfoWorld Interview with Mark Russinovich on Azure and Cloud Computing
InfoWorld has a great Interview with Mark Russinovich, Microsoft Technical Fellow, on Azure and Cloud Computing. I included my favorite quotes below: Intro: Mark Russinovich is a legendary figure in the computer industry. A former teenage hacker who went on to earn a PhD in computer engineering from Carnegie Mellon, Russinovich cofounded Winternals Software — …
Jun 03 2014
PowerShell is Central to Everything Microsoft
So how important is Windows PowerShell? Well for starters, Windows PowerShell grabbed three of the top ten TechEd 2014 talks in Houston this year. PowerShell.Org printed out 3,000 DSC Resource guide books to hand out at the Scripting Guys booth, and to give out in presentations – they were gone in two days. In addition, …
Jun 02 2014
Active Directory 2012 DCPromo
Starting with Windows Server 2012, DCPromo is no longer used to promote a member server to be a Domain Controller. Since DCPromo no longer works (Microsoft calls this featured deprecated), there is a new GUI option and associated Powershell commandlets. There are major changes to the promotion process which integrate the process. This simplified process …
May 29 2014
PowerShell: Useful WMI Classes
Here are some WMI Classes I have found useful: Get-WmiObject -Class Win32_BIOS Get-WmiObject -Class Win32_ComputerSystem Get-WmiObject -Class Win32_OperatingSystem Get-WmiObject -Class Win32_NetworkAdapter Get-WmiObject -Class Win32_NetworkAdapterConfiguration Get-WmiObject -Class Win32_Product Enumerating Win32 WMI Classes: [array]$WMINames = Get-WmiObject -Query ‘Select * From Meta_Class WHERE __Class LIKE “win32%”‘ | Where-Object { $_.PSBase.Methods } | Select-Object Name, Methods $WMINames = $WMINames …
May 27 2014
PowerShell Code: Get & Set Active Directory Tombstone Lifetime and Active Directory Delete & Recycle Operations
Active Directory is a multi-master database replicated among multiple Domain Controllers. In order to ensure that objects are fully replicated before deletions are processed (purged), objects that are marked for deletion before they are completely purged from Active Directory. Active Directory marks the object as deleted by performing the following actions on the object: The …
May 22 2014
Microsoft TechEd 2014 Sessions Posted
One of the toughest parts of being in the IT field is staying up to date with technology trends, directions, and products. I have found that free-to-view online content is a great way to do this. Microsoft has TechEd sessions posted going back to 2008: 2014 2013 2012 2011 2010 2009 2008 Here are some …
Recent Comments