Tips N Tricks

Various Tips and Tricks

0

QuickTip – Use WIM File As DISM Repair Source

Posted on by Rhoderick Milne [MSFT]
DISM Mount for WinSXS Repair

The Windows servicing stack relies heavily on the WinSxS (Windows Side-by-Side) component store, which houses all the system files, manifests, and metadata required to service, patch, and maintain the operating system. Corruption within this store can manifest as persistent update failures, integrity check errors, or an inability to apply new servicing operations. Traditional file-level repair met… Read the rest “QuickTip – Use WIM File As DISM Repair Source”

0

QuickTip – PowerShell Unable To Run MSIEXEC Command Line

Posted on by Rhoderick Milne [MSFT]
PowerShell MSIExec Help File - Command Failed

In this case there was an issue uninstalling the Azure Migrate Mobility Service, but the same principal will apply to running MSIEXEC commands in PowerShell that are not correctly formatted.  The Azure Migrate Mobility Service is a key component used during server replication to Azure. The Mobility Service agent is installed on machines to capture disk information and send it to the Azure Migrate … Read the rest “QuickTip – PowerShell Unable To Run MSIEXEC Command Line”

0

Stale DNS Server Blocking Captive Portal Or Simply Inaccessible

Posted on by Rhoderick Milne [MSFT]
Stale DNS Server Entries Causing Issues On Windows 10 and 11

It’s always DNS.  That’s the typical mantra when troubleshooting AD issues.

But what about a fully updated Windows 10/11 machine totally ignoring the DNS server it was told to use via DHCP?  Yes, that unfortunately was a recent problem.  On the machine it appeared to have the public Google DNS server (8.8.8.8) stuck.  Regardless of what network the machine connected to, it ignored the DNS server as… Read the rest “Stale DNS Server Blocking Captive Portal Or Simply Inaccessible”

0

Quick Tip – Easily Allow JIT to Azure VMs In A Resource Group

Posted on by Rhoderick Milne [MSFT]
Azure Portal Connect to VM

Controlling connections to Azure VMs using the just in time (JIT) policy of Microsoft Defender for Cloud (MDC) certainly improves the overall security of the Azure resource.  However, then having to enable JIT on a given VM runs into issues pretty quickly.

Azure Portal Too Permissive

Who thought it was a great idea to have “All configured IPs” as the default option? No thanks – I do not want to enab… Read the rest “Quick Tip – Easily Allow JIT to Azure VMs In A Resource Group”

0

Quick Tip – Easily Start All Azure VMs In A Particular Resource Group

Posted on by Rhoderick Milne [MSFT]
Quick Tip Easily Start Azure VMs Using Azure Cloud Shell

Manually starting up lab VMs is painfully slow, and since many organisations will implement management policy to auutomatically shut them down to save costs you may find yourself powering them on a lot...

While you can set up automated tasks to power them on, not all really need to be running every day.  For example, I always want the DC's running so they are able to maintain replication and there … Read the rest “Quick Tip – Easily Start All Azure VMs In A Particular Resource Group”

1

Remediate SWEET32 — Disable TLS_RSA_WITH_3DES_EDE_CBC_SHA For Windows Server 2012 R2

Posted on by Rhoderick Milne [MSFT]
Remediate Sweet32

Admins have become very aware of the need to adjust the Schannel protocol settings for TLS to enable TLS 1.2 and to disable older versions.  However, the cipher suites do not always receive the same amount of attention and may be left at their default values.

If you are reading this post there is a good chance that your security auditors have flagged a weak cipher is enabled on your server, and the… Read the rest “Remediate SWEET32 — Disable TLS_RSA_WITH_3DES_EDE_CBC_SHA For Windows Server 2012 R2”

0

Remote Desktop Connection Manager Download (RDCMan) 2.90

Posted on by Rhoderick Milne [MSFT]
RDCMan 2.90

Welcome to 2022 and a new release of Remote Desktop Connection Manager (RDCMan) version 2.90!

The Sysinternals blog lists the following changes to RDCMan which are well worth reviewing from a security standpoint.

Receives support for Restricted Admin (/restrictedAdmin from mstsc) and Remote Credential Guard (/remoteGuard from mstsc) and bug fixes.

RDCMan Version 2.90

Below you can see the Security Settings tab with these… Read the rest “Remote Desktop Connection Manager Download (RDCMan) 2.90”

0

Ghost In The (Power)Shell

Posted on by Rhoderick Milne [MSFT]
Exchange PowerShell Output - Not What Was Expected

After taking an existing Exchange PowerShell script, and running on a newer version of Exchange, the output was not as expected.    This is a pretty simple script that just iterates through all of the Exchange virtual directories and writes the output to the screen.  Yes it uses Write-Host and some consider that to be evil.  Others say "Friends do not let Friends use Write-Host".  Oh well. This is… Read the rest “Ghost In The (Power)Shell”

0

Updating to RDCMan 2.8

Posted on by Rhoderick Milne [MSFT]
RDCMan 2.7 Version

Now that we have a new version of Remote Desktop Connection Manager (RDCMan), I wanted to list out some of my initial thoughts and upgrade experience as I did encounter  a couple of minor bumps.  Please add a comment if you are running into issues as well please.

Like many other administrators, I heavily used RDCMan 2.2 and 2.7 over the last 11 years.  This was my primary tool for managing a wide r… Read the rest “Updating to RDCMan 2.8”

0

Create Azure Az VM Using Existing UnManaged VHD

Posted on by Rhoderick Milne [MSFT]

The days change, but sometimes the issues stay the same.  This is a redux of an existing post where there was an issue back in 2016 when I was not able to easily re-create a VM in a different Availability Set.  As you can see in Create Azure RM VM Using Existing VHD – 250 Hello (rmilne.ca)  PowerShell was used to re-create the VM as it allowed all of the resources to be specified.

The original VM was… Read the rest “Create Azure Az VM Using Existing UnManaged VHD”