Citrix ADC (Netscaler) Backend Server Authentication

Citrix ADC does not authenticate the backend server certificate by default. This can be enabled in the Service or the Service Group.

  1. Go to Load Balancing – Serivce/Service Group
  2. To the left, click SSL Parameters
  3. Check Enable Server Authentication and enter desired common name
Posted in Uncategorized | Comments Off on Citrix ADC (Netscaler) Backend Server Authentication

Change Clock format on Windows 10 logon screen

  1. Press Win+R, type intl.cpl and press Enter (Region settings)
  2. Set your different time formats and click Apply
  3. Select the “Administrative” tab, then click the “Copy settings..” button.
  4. At the bottom, check the box for “Welcome screen and system accounts”.
  5. Click the “OK” button. Done

Posted in Uncategorized, Windows | Comments Off on Change Clock format on Windows 10 logon screen

Disable TLS 1.0, TLS 1.1 and weak ciphers with Powershell

$RegistryPaths = @(
            #Protocols
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server"

            #Ciphers
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168"

            #Hashes
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA"

            #KeyExchangeAlgorithms
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS"


        )
        Foreach ($RegistryPath in $RegistryPaths)
        {
            If (-not (Test-Path $RegistryPath))
            { New-Item $RegistryPath -Force -ErrorAction Stop }
            New-ItemProperty -Path $RegistryPath -Name "Enabled" -Value "0x0" -PropertyType DWORD -Force -ErrorAction Stop

        }
Posted in Powershell, Windows | Comments Off on Disable TLS 1.0, TLS 1.1 and weak ciphers with Powershell

Split PFX into cert and key without password

Set-Location 'C:\OpenSSL-Win64\bin'
$PfxPath = "C:\Cert\cert.pfx"
$WorkingDirectory = [io.path]::GetDirectoryName($PfxPath)
$FileName = [io.path]::GetFileNameWithoutExtension($PfxPath)

#Password for the pfx file
$Password = "password"
	
$CertCommand = ".\openssl.exe pkcs12 -in $PfxPath  -out $("$WorkingDirectory\$FileName.crt") -nokeys -passin pass:$Password"
Invoke-Expression -Command $CertCommand
Start-Sleep 2
		
$KeyCommand = ".\openssl.exe pkcs12 -in $PfxPath -out $("$WorkingDirectory\$FileName.key") -nocerts -nodes -passin pass:$Password"
Invoke-Expression -Command $KeyCommand
Posted in Uncategorized | Comments Off on Split PFX into cert and key without password

Set Powershell to ignore certificate check

add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
Posted in Uncategorized | Comments Off on Set Powershell to ignore certificate check

Powershell JEA Just Enough Administration Session client IP

To get the IP from inside a session you can use Get-WSManInstance. If you run the endpoint as a group managed service account it has to be administrator on the local machine. Otherwise you will get access denied. The variable $PID exist inside the JEA Session.

Function Get-IP
{
    Get-WSManInstance -ConnectionURI http://localhost:5985/wsman -ResourceURI shell -Enumerate | Where { $_.ProcessId -eq $PID }
}

Posted in Powershell | Tagged , | Comments Off on Powershell JEA Just Enough Administration Session client IP

Adopt Unifi Ubiquiti AP

  1. SSH to the IP address of the AP
  2. Log on with username “ubnt” and password “ubnt”
  3. Run command “set-inform http://ip-of-controller:8080/inform”
Posted in Uncategorized | Comments Off on Adopt Unifi Ubiquiti AP

Powershell Force TLS 1.2

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Posted in Uncategorized | Comments Off on Powershell Force TLS 1.2

Install WSUS Updates with Powershell

$Computers = Get-ADComputer -SearchBase "OU=Servrar,DC=contoso,DC=com" -Properties operatingSystem,dnshostname -Filter * | Select -ExpandProperty dnshostName 

#Ta bort de som redan har körts
$ExceptServers = (Import-Csv $LogFile -Delimiter "," -Header ComputerName,Status).ComputerName 
$Computers = $Computers | Where {$ExceptServers -notcontains $_}
$LogFile = "C:\Temp\WsusForce.txt"

Foreach ($Computer in $Computers)
{

Try 
{
$InstallScript = @'
####
$Criteria = "IsInstalled=0 and Type='Software'"

    #Search for relevant updates.
    $Searcher = New-Object -ComObject Microsoft.Update.Searcher
    $SearchResult = $Searcher.Search($Criteria).Updates
    #Download updates.
    $Session = New-Object -ComObject Microsoft.Update.Session
    $Downloader = $Session.CreateUpdateDownloader()
    $Downloader.Updates = $SearchResult
    $Downloader.Download()

    #Install updates.
    $Installer = New-Object -ComObject Microsoft.Update.Installer
    $Installer.Updates = $SearchResult
    $Result = $Installer.Install()

#####
$TS = New-Object -ComObject Schedule.Service
$TS.Connect($env:COMPUTERNAME)
$TaskFolder = $TS.GetFolder("\")
$Tasks = $TaskFolder.GetTasks(1)
$TaskToDelete = "WsusForce"
foreach($Task in $Tasks)
    {
    If($Task.Name -eq $TaskToDelete)
        {$TaskFolder.DeleteTask($Task.Name,0)}
    }
#Ta bort sig själv
Remove-Item -LiteralPath $MyInvocation.MyCommand.Path -Force
'@
			Set-Content -Path "\\$Computer\C$\Windows\Temp\WsusForce.ps1" -Value $InstallScript -ErrorAction SilentlyContinue
						
			
			Invoke-Command -ScriptBlock {
				# The name of the scheduled task
				$TaskName = "WsusForce"
				# The description of the task
				$TaskDescr = "WsusForce"
				# The Task Action command
				$TaskCommand = "powershell.exe"
				# The PowerShell script to be executed
				$TaskScript = "C:\Windows\Temp\WsusForce.ps1"
				# The Task Action command argument
				$TaskArg = "-WindowStyle Hidden -NonInteractive -Executionpolicy unrestricted -file $TaskScript"
				
				# The time when the task starts
				$TaskStartTime = [datetime]::Now.AddSeconds(10)
				# Attach the Task Scheduler com object
				$service = new-object -ComObject ("Schedule.Service")
				# connect to the local machine. 
				# http://msdn.microsoft.com/en-us/library/windows/desktop/aa381833(v=vs.85).aspx
				$Service.Connect()
				$RootFolder = $service.GetFolder("\")
				
				$TaskDefinition = $service.NewTask(0)
				$TaskDefinition.RegistrationInfo.Description = "$TaskDescr"
				$TaskDefinition.Settings.Enabled = $true
				$TaskDefinition.Settings.AllowDemandStart = $true
				
				$Triggers = $TaskDefinition.Triggers
				#http://msdn.microsoft.com/en-us/library/windows/desktop/aa383915(v=vs.85).aspx
				$Trigger = $Triggers.Create(1) # Creates a "One time" trigger
				$Trigger.StartBoundary = $TaskStartTime.ToString("yyyy-MM-dd'T'HH:mm:ss")
				$Trigger.Enabled = $true
				
				# http://msdn.microsoft.com/en-us/library/windows/desktop/aa381841(v=vs.85).aspx
				$Action = $TaskDefinition.Actions.Create(0)
				$Action.Path = "$TaskCommand"
				$Action.Arguments = "$TaskArg"
				
				#http://msdn.microsoft.com/en-us/library/windows/desktop/aa381365(v=vs.85).aspx
				$RootFolder.RegisterTaskDefinition("$TaskName", $TaskDefinition, 6, "System", $null, 5)
				
				
				
			} -ComputerName $Computer -ErrorAction Stop

    Add-Content $LogFile "$Computer,OK"
}
Catch
    {
    Add-Content $LogFile "$Computer,$($_.Exception.Message)"
    }
}
Posted in Uncategorized | Comments Off on Install WSUS Updates with Powershell

Homebridge example file, Home Assistant and ffmpeg

[codesyntax lang=”php”]

{
   "bridge":{
      "name":"HomebridgeDocker",
      "username":"CC:22:3D:E3:CE:30",
      "port":51826,
      "pin":"031-45-154"
   },
   "description":"This is an example configuration file. You can use this as a template for creating your own configuration file containing devices you actually own.",
   "accessories":[

   ],
   "platforms":[{
		"platform": "HomeAssistant",
		"name": "HomeAssistant",
		"host": "http://ha.domain.com:8123",
		"supported_types": ["automation", "binary_sensor", "climate", "cover", "device_tracker", "fan", "group", "input_boolean", "light", "lock", "media_player", "remote", "scene", "sensor", "switch"],
		"default_visibility": "hidden",
		"logging": false
	},
      {
         "platform":"Camera-IP",
         "cameras":[
            {
               "name":"Kamera1",
               "videoConfig":{
                  "source":"-re -i rtsp://Username:Password@192.168.10.23:554/Streaming/channels/102/",
                  "stillImageSource":"-i http://Username:Password13@192.168.10.23/Streaming/channels/1/picture",
                  "maxStreams":2,
                  "maxWidth":1280,
                  "maxHeight":720,
                  "maxFPS":30
               }
            },{
               "name":"Kamera2",
               "videoConfig":{
                  "source":"-re -i rtsp://Username:Password13@192.168.10.24:554/Streaming/channels/102/",
                  "stillImageSource":"-i http://Username:Password13@192.168.10.24/Streaming/channels/1/picture",
                  "maxStreams":2,
                  "maxWidth":1280,
                  "maxHeight":720,
                  "maxFPS":30
               }
            }
         ]
      }
   ]
}

[/codesyntax]

Posted in Uncategorized | Comments Off on Homebridge example file, Home Assistant and ffmpeg