Sep
08
2011
This article describes how to digitally sign an Excel VBA project with a certificate issued by your ADCS PKI. You can use the same method to sign any Office VBA project but in this post we will focus on Excel. For an introduction on how to sign Office macros you can read these KB and MSDN articles.
Read more »
Aug
23
2011
In this post we talk about loopback processing of group policy and what interesting new feature is available when combining with Group Policy Preferences.
If you need a detailed explanation on how loopback processing of group policy works I suggest you read this 4sysops two part blog post (part 1, part 2).
Read more »
Jul
28
2011
In this post we will discuss some issues we had when using Microsoft Management Consoles to manage DNS (dnsmgmt.msc), Group Policy Objects (rsop.msc, gpmc.msc) and AD accounts (dsa.msc). No, we don’t use just powershell or command line tools to manage a Microsoft infrastructure: We click a lot 🙂
Read more »
May
31
2011
In this post we will describe how to make a WSUS clients inventory, we will search for the computers in your domain which are not able to receive MS security updates because they are not supported any more or because there is a misconfinguration on the WSUS client. Below is a tab listing supported OS and Service Packs versions:
Read more »
Apr
29
2011
We will show in this post how to create a SAN certificate for IIS 7 using an Enterprise PKI. This kind of certificate permits you to host multiple SSL sites on a single server. To achieve this with a powershell script we will use the PSRemoting and the IIS CmdLets.
We launch the script from the server where we administrate the PKI with ADCS RSAT. We will use PSRemoting for many things: Before sending the certificate request to the Certificate Authority in order to create the CSR on the IIS server. Once the certificate is issued we will retrieve it and install it to the IIS 7 server certificate store. Finally we will configure IIS 7 to use this certificate on the default web site.
Read more »
Apr
14
2011
After configuring WinRM on a Windows 2008R2 server we launched the following command in order to test the installation:
winrm id -r:%machinename%
Unfortunately we had this error message:
Read more »
Mar
30
2011
In this post we will set up firewall rules using Group Policy Objects under Windows 2008 Server. When you install a windows role or feature the installer will configure firewall rules automatically upon installation. Some third party installers reconfigure the default Windows Firewall port settings and no further configuration is needed (e.g. Xenapp 5.0 for Windows 2008 to allow incoming connections, such as those from ICA traffic and the IMA service), some others don’t… For those applications we will configure the firewall rules and import those settings into an existing GPO with the netsh advfirewall command.
Read more »
Mar
02
2011
In this post we will describe how to configure a Windows 2008 Event Collector server to process events forwarded from Windows XP and Windows 2003 clients. The event forwarding system (aka syslog) relies on WinRM, there are two versions of the WinRM service: v1.1 and v2.0, each version of the service listen on a different default port (HTTP 80 + HTTPS 443 for WinRM 1.1, HTTP 5985 + HTTPS 5986 for WinRM 2.0). That is why you should upgrade WinRM 1.1 to WinRM v2.0 on your XP and 2003 clients in order to use event forwarding. For more details abour WinRM I suggest you read this article.
Read more »
Feb
08
2011
After an AD domain migration, some user accounts migrated in the target domain were not membres of the domain users group. In order to identify those accounts we used the following ActiveRoles Management Shell command:
Get-QADUser -NotMemberof 'ldap389\domain users' | export-csv domusers.csv |
Get-QADUser -NotMemberof 'ldap389\domain users' | export-csv domusers.csv
Read more »
Jan
31
2011
In this post we will describe some issues we had when extending the schema for Active 2008 or 2008R2. The steps to prepare the schema for AD 2008 are described in this askDS post.
Read more »