Wednesday, August 21, 2019

Disable LLMNR and Netbios via DSC

Here is some DSC code to help prevent some LLMNR vulnerabilities and disable Netbios over TCP

Wednesday, July 03, 2019

Azure Get MFA Default Method

I recently had to audit the MFA methods that users registered for and their default method.  Here is the code that helped me.

import-module MSOnline
$now = Get-Date -UFormat "%Y-%m-%d_%H-%M-%S"
$filepath = 'C:\temp\MFA_Users_' + $now + '.csv'
Get-MsolUser -All | Select-Object UserPrincipalName, DisplayName, Title,
    @{n="MFA"; e={$_.StrongAuthenticationRequirements.State}},
    @{n="Default Method"; e={($_.StrongAuthenticationMethods | where-object isdefault -eq 'true').MethodType}},
    @{n="Methods"; e={($_.StrongAuthenticationMethods).MethodType}} | Export-Csv -Path $filepath -NoTypeInformation

Monday, June 12, 2017

Get OS information

Get-CimInstance Win32_OperatingSystem | Select  Name,Caption,OSType,Version,BuildNumber,OperatingSystemSKU

Sunday, December 18, 2016

FortiSwitch 3.4.1 MAC to Port

diagnose switch mac-address list

MAC: ec:b1:d7:38:68:b6  VLAN: 1031 Port: port4(port-id 4)
  Flags: 0x00010c40 [ used ]
MAC: 00:15:65:71:e7:77  VLAN: 1031 Port: port17(port-id 17)
  Flags: 0x00010c40 [ used ]
MAC: 90:6c:ac:14:3f:1b  VLAN: 1028 Trunk: fortilink(trunk-id 0)
  Flags: 0x08001080 [ trunk ]
MAC: 00:0e:08:d7:0d:d8  VLAN: 1031 Port: port22(port-id 22)
  Flags: 0x00010c40 [ used ]
MAC: 88:51:fb:81:4d:c5  VLAN: 1031 Port: port20(port-id 20)
  Flags: 0x00010c40 [ used ]

Sunday, August 28, 2016

Windows installer while in Safe mode

Ever have a issue where you need to uninstall something while in safe mode?

Here is how to accomplish this task:
  1. Enter Safe mode with Networking
  2. Open a CMD prompt as Administrator
  3. Type
    REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer" /VE /T REG_SZ /F /D "Service"
  4. The type net start msiserver

Thursday, August 25, 2016

Get Chassis SFP info

For years we have been forced to send a chassis dump to HP for them to tells us if we might have a bad FC SFP.  Looking into something today I found the magic command.


You need to ssh directly into the Interconnect to do this.  Also this works for the Ethernet ports also, looking for flapping ports.  To get the port name run the command:  show uplinkport


Then you can run this command

->show statistics enc2:3:1

Name                         Value
numAddressErrors             0
numBBCreditZero              3686202469
numBytesRx                   14626120606464
numBytesTx                   46264920278580
numCRCErrors                 0
numClass3Discards            0
numDelimiterErrors           0
numEncodingDisparityErrors   0
numFBSYFrames                0
numFRJTFrames                0
numFramesRx                  14417009468
numFramesTooLong             0
numFramesTx                  25907421945
numInputBuffersFull          0
numInvalidOrderedSets        174004860
numInvalidTransmissionWords  863573
numLRsRx                     32
numLRsTx                     9
numLinkFailures              5954
numLossOfSignal              58944
numLossOfSync                58919
numMcastFramesRx             0
numMcastFramesTx             0
numMcastTimeouts             0
numPBSYFrames                0
numPRJTFrames                0
numPrimitiveSeqProtocolErr   0
numRxBadEOFs                 0
numRxCRCs                    0
numRxClass1Frames            0
numRxClass2Frames            0
numRxClass3Frames            1532107566
numRxEncOutFrames            863573
numRxLCs                     6
numRxOfflineSequences        9
numRxTruncFrames             0
numTooManyRdys               0
numTxOfflineSequences        28
rxBytePeakRate               58194757
rxByteRate                   0
rxFramePeakRate              120552
rxFrameRate                  0
samplingRate                 5
sfpStatus                    SFP_IN_SYNC
txBytePeakRate               85914851
txByteRate                   0
txFramePeakRate              150399
txFrameRate                  0

Wednesday, May 04, 2016

Powershell Change Screen Resoultion

In Server 2012 there is a install feature called Minimal GUI that removes Windows Explorer and Internet explorer.  You get a GUI but only server manager and a dos prompt.  In my case a new VM had too small of resolution, and in MinGui you cannot open control panel, or right click to change it.

PowerShell to the rescue:
  1. go to the DOS window
  2. Type PS to enter PowerShell
  3. Type Set-DisplayResolution -width 1440 -height 900 -force

All Done