Grab a NIC IP information and dynamically create a reset script

 I had a request to figure out how to record a NIC's IP information and make it easy to put the config back if required.  the result us a run-able $outfile PowerShell script to reset the settings.

Native Windows 10 packet Sniffer PKTMON

I had to troubleshoot connectivity issues from a Window 10 machine, and really did not want to install Wireshark.  Then I remember reading this document for the built in sniffer: pktmon | Microsoft Docs

 Basically here are the steps:

• Change directory to where you want the results to be saved (I.E. c:\temp)
• Add Filters for the IP you want to monitor for
• pktmon filter add -i 8.8.8.8
• pktmon filter add -i 9.9.9.9

• Start pktmon
• pktmon start –etw  (this will send to PktMon.etl file only)
• pktmon start --etw -l real-time (Will send to PktMon.etl file and the screen)
• Generate the traffic

• Stop pktmon
• pktmon stop

The native file PktMon.etl can only be read by Microsoft’s NetMon.  If you have WireShark installed you can run this command to convert it:

• pktmon pcapng pktmon.etl -o log.pcapng

 

Also for reference, the on screen verbose (-l real-time) of opening nslookup and connecting to 8.8.8.8 would look like this:

 

 

 

There are other options in the linked doc but to get a quick view of traffic, not bad….  Enjoy!

Get all active directory users properties

Need to grab all the properties for all your AD users? Here you go!

Rename Files to a random name

 I had a bunch of photos that I wanted to randomize on a photo frame.  The frame processes photos alphabetically by file name. Since the original filename had the date / time the picture was taken, meant there was no randomness to what was displayed.

I wrote this to change the filenames to a random number.

Remove WSUS GPO settings

Most companies deploy Windows Software Update Services (WSUS) via a group policy to keep all corporate systems updated.  However sometimes nerd in me wants the latest and greatest, before corporate approves them.  So run these commands in a Administrative Powershell Session.  This will remove the WSUS settings until the next GPO sync.

PCI Antivirus logs

QSA requested proof of Antivirus logging and the retention. Using the LET command I am grabbing the newest and oldest log entries as evidence.

PCI Requirement 2 - Proof MFA in use

I am going through a PCI audit and was requested that I prove that MFA was in use.  I used this Azure KQL against my log analytics workspace to show all sign ins and if MFA was checked.

Who's AD password will be expiring?

Need to know when user's password will be expiring?

Get vNET and Subnet information

Need to dump all vNET and Subnet info for all your subscriptions? Here is a nice little script:

Bypass Windows Store being blocked by GPO

Our company blocks access to the Microsoft Store for downloads of application / updates.  However Microsoft is only distributing some apps via the store I.E. "Microsoft To-Do".

Change these registry values to get access to the store until your next GPO refresh.

PingInfoView

PingInfoView by Nirsoft is the ping util I use when pinging multiple devices, or watching systems during a change.



https://www.nirsoft.net/utils/multiple_ping_tool.html