Tuesday, May 18, 2021

Installing AzurePolicyforWindows extension

 Short info for myself: how to install specific extension:


Set-AzVMExtension -ResourceGroupName yourGroup -ResourceName YourServerName `
-Publisher Microsoft.GuestConfiguration -Name AzurePolicyforWindows `
-ExtensionType ConfigurationforWindows -Location westeurope -TypeHandlerVersion 1.1

Set-AzVMExtension -ResourceGroupName yourGroup-ResourceName yourHost `
-Publisher Microsoft.Azure.NetworkWatcher -Type NetworkWatcherAgentWindows `
-TypeHandlerVersion 1.4 -Name "Microsoft.Azure.NetworkWatcher" `
-Location "Central US"
Posted by at No comments:

Saturday, May 15, 2021

How to update user properties with trusted domains

 Goal for this exercise is to setup a two domain contoso.local and foo.local and manage users in domain contoso using some user in domain foo.local.


First goal is to setup both domains with trust between them, there are plenty of solutions for this on internet.

Overall outcome is:

PS C:\Windows\system32> whoami
foo\vagrant
PS C:\Windows\system32> get-adtrust -Filter *


Direction               : BiDirectional
DisallowTransivity      : False
DistinguishedName       : CN=Contoso.local,CN=System,DC=foo,DC=local
ForestTransitive        : True
IntraForest             : False
IsTreeParent            : False
IsTreeRoot              : False
Name                    : Contoso.local
ObjectClass             : trustedDomain
ObjectGUID              : 4a044679-13b3-456b-8b8b-09a30d9b7252
SelectiveAuthentication : False
SIDFilteringForestAware : False
SIDFilteringQuarantined : False
Source                  : DC=foo,DC=local
Target                  : Contoso.local
TGTDelegation           : False
TrustAttributes         : 8
TrustedPolicy           :
TrustingPolicy          :
TrustType               : Uplevel
UplevelOnly             : False
UsesAESKeys             : False
UsesRC4Encryption       : False


I will use user foo\vagrant to update manager property of user contoso\user.

PS C:\Windows\system32> $u = Get-ADUser -Server dc1 -Filter * -Properties manager | ? name -eq "user"
PS C:\Windows\system32> $u


DistinguishedName : CN=user,OU=People,DC=Contoso,DC=local
Enabled           : True
GivenName         : user
Manager           :
Name              : user
ObjectClass       : user
ObjectGUID        : f6380a23-5d28-454f-9978-5455faf94a85
SamAccountName    : user
SID               : S-1-5-21-123626555-3626747555-2727358533-1109
Surname           :
UserPrincipalName : user@Contoso.local

Now another user manager:

PS C:\Windows\system32> $m = Get-ADUser -Server dc1 -Filter * -Properties manager | ? name -eq "manager"
PS C:\Windows\system32> $m


DistinguishedName : CN=Manager,OU=People,DC=Contoso,DC=local
Enabled           : True
GivenName         : Manager
Manager           :
Name              : Manager
ObjectClass       : user
ObjectGUID        : 0abf258d-22b0-4705-b66a-908e5ba2cf4a
SamAccountName    : manager
SID               : S-1-5-21-123626555-3626747555-2727358533-1107
Surname           :
UserPrincipalName : manager@Contoso.local

update manager property:

PS C:\Windows\system32> $uSet-ADUser -Manager $m
PS C:\Windows\system32> $u = Get-ADUser -Server dc1 -Filter * -Properties manager | ? name -eq "user"
PS C:\Windows\system32> $u


DistinguishedName : CN=user,OU=People,DC=Contoso,DC=local
Enabled           : True
GivenName         : user
Manager           : CN=Manager,OU=People,DC=Contoso,DC=local
Name              : user
ObjectClass       : user
ObjectGUID        : f6380a23-5d28-454f-9978-5455faf94a85
SamAccountName    : user
SID               : S-1-5-21-123626555-3626747555-2727358533-1109
Surname           :
UserPrincipalName : user@Contoso.local

PS C:\Windows\system32> whoami
foo\vagrant

Property Manager is updated.

Posted by at No comments:

Wednesday, May 12, 2021

How to load and execute DLL from Powershell.


Compile using Visual Studio Community following code:


Imports System

Public Module HelloWorld

Sub main()
Console.WriteLine("Hello World Using Visual Basic Code!")
'Msgbox("Hello World from My DotNET Assembly !")
    End Sub
End Module



Execution in Powershell:


$filename = "C:\Users\jarekole\source\repos\ConsoleApp1\ConsoleApp1\bin\Debug\netcoreapp3.1\ConsoleApp1.dll"
$assembly = [Reflection.Assembly]::Loadfile($filename)

$assembly.gettype()

$assembly.fullName
$assembly.gettypes()
$assembly.GetName() |select * | fl
$assembly.GetTypes() | select UnderlyingSystemType 
[ConsoleApp1.HelloWorld]::main()


Posted by at No comments:

Thursday, May 6, 2021

 Configuring certificate autoenrollment:

New-Item -path HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\ -name AutoEnrollment

New-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\AutoEnrollment\ -Name AEPolicy -Value 7

New-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\AutoEnrollment\ -Name OfflineExpirationPercent -Value 10

New-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\AutoEnrollment\ -Name OfflineExpirationStoreNames -Value MY


Binding certificate to web size that already has a binding:

Adjust your cert thumbprint


Import-Module WebAdministration

#check validity

Get-Item Cert:\LocalMachine\My\7FCF3A69C4E62637677953CB61F27D669154C6B5 | fl

#set bindings

dir cert:\localmachine\my\7FCF3A69C4E62637677953CB61F27D669154C6B5 | Set-Item IIS:\SslBindings\0.0.0.0!443

Posted by at No comments:
Subscribe to: Posts (Atom)