ProTips

Category for various tips and tricks

0

Quick Tip–Verify Which Hyper-V VMs Have ISO Mounted

Posted on by Rhoderick Milne [MSFT]
Use PowerShell to Easily Show All Mounted ISO

It’s very common that we mount ISO files when needed, then forget to remove them after the fact.

This is generally a non issue until you want to move the mounted ISO file as Hyper-V may have a lock on the file.  Yes we could open up the properties of each VM in the console, but nope.  Not doing that.

Rather than search VMs one by one to see which is the offending VM, just run the below command in Po… Read the rest “Quick Tip–Verify Which Hyper-V VMs Have ISO Mounted”

0

Upgrade to Azure Standard Load Balancer

Posted on by Rhoderick Milne [MSFT]
Azure Outbound Network Options

On September 30, 2025, the Azure Basic Load Balancer will be retired. For more information, see the official announcement. If you are currently using Basic Load Balancer, make sure to upgrade to Standard Load Balancer prior to the retirement date.

You can use the guidance to upgrade, please ensure that all of the steps are followed when you test and then implement the change.  This is due to the fact… Read the rest “Upgrade to Azure Standard Load Balancer”

0

Quick Tip–Verify VHDs Mounted In Hyper-V VMs

Posted on by Rhoderick Milne [MSFT]
Using PowerShell to List All Virtual Hard Disks

If you want to easily view all of the VHD or VHDX files that have been configured on Hyper-V VMs, the below PowerShell command makes this easy.

Since I may use a temporary VHDX as a mechanism to copy files into VMs, it sometimes get left mounted and this makes it easy to see which VM has that particular disk file attached.  Creating a temporary VHDX makes it easier to copy large source files to VMs… Read the rest “Quick Tip–Verify VHDs Mounted In Hyper-V VMs”

1

How To Generate File Hash Using Certutil

Posted on by Rhoderick Milne [MSFT]
Create File Hash using Certutil

Windows has the ability to easily generate a hash for a given file using the Certutil.exe utility.  Administrators may have previously used to this tool when they need to generate TLS certificates or to perform other tasks against AD Certificate Services.  As an example of the former, this was a common task for AD FS certificates as described in this post.

To generate the file hash we will use the … Read the rest “How To Generate File Hash Using Certutil”

0

Using PowerCfg To Set Server Power Plan From Command Line

Posted on by Rhoderick Milne [MSFT]
Set Power Plan Via Command Line

Being able to automate and set Power Plan options via the command is useful for both automation and tasks on Server Core.  We can use powercfg.exe to control power plans - also called power schemes - to use the available sleep states, to control the power states of individual devices, and to analyze the system for common energy-efficiency and battery-life problems.

Below are multiple examples of the … Read the rest “Using PowerCfg To Set Server Power Plan From Command Line”

0

Stale DNS Server Blocking Captive Portal Or Simply Inaccessible

Posted on by Rhoderick Milne [MSFT]
Stale DNS Server Entries Causing Issues On Windows 10 and 11

It’s always DNS.  That’s the typical mantra when troubleshooting AD issues.

But what about a fully updated Windows 10/11 machine totally ignoring the DNS server it was told to use via DHCP?  Yes, that unfortunately was a recent problem.  On the machine it appeared to have the public Google DNS server (8.8.8.8) stuck.  Regardless of what network the machine connected to, it ignored the DNS server as… Read the rest “Stale DNS Server Blocking Captive Portal Or Simply Inaccessible”

0

Quick Tip – Easily Allow JIT to Azure VMs In A Resource Group

Posted on by Rhoderick Milne [MSFT]
Azure Portal Connect to VM

Controlling connections to Azure VMs using the just in time (JIT) policy of Microsoft Defender for Cloud (MDC) certainly improves the overall security of the Azure resource.  However, then having to enable JIT on a given VM runs into issues pretty quickly.

Azure Portal Too Permissive

Who thought it was a great idea to have “All configured IPs” as the default option? No thanks – I do not want to enab… Read the rest “Quick Tip – Easily Allow JIT to Azure VMs In A Resource Group”

0

Quick Tip – Easily Start All Azure VMs In A Particular Resource Group

Posted on by Rhoderick Milne [MSFT]
Quick Tip Easily Start Azure VMs Using Azure Cloud Shell

Manually starting up lab VMs is painfully slow, and since many organisations will implement management policy to auutomatically shut them down to save costs you may find yourself powering them on a lot...

While you can set up automated tasks to power them on, not all really need to be running every day.  For example, I always want the DC's running so they are able to maintain replication and there … Read the rest “Quick Tip – Easily Start All Azure VMs In A Particular Resource Group”

0

Kerberos Issues November 2022

Posted on by Rhoderick Milne [MSFT]
Kerberos Issues November 2022

The November 8, 2022 and later Windows updates address a  security bypass and elevation of privilege vulnerability with Authentication Negotiation by using weak RC4-HMAC negotiation.

This update will set AES as the default encryption type for session keys on accounts that are not marked with a default encryption type already.

To help secure your environment, install the Windows update that is dated … Read the rest “Kerberos Issues November 2022”

0

Check If AD FS WSTrust Endpoint Enabled

Posted on by Rhoderick Milne [MSFT]
Check WSTrust Endpoint Configuration

Active Directory Federation Services (AD FS) uses endpoints to provide access to features.  There are a series of different endpoints which each serve a different purpose from password reset, publishing federation metadata or multiple web services protocols.  It is important to ensure that only the required features are actually enabled, and also if those features are to be made available internal… Read the rest “Check If AD FS WSTrust Endpoint Enabled”