Disable TLS 1.0, TLS 1.1 and weak ciphers with Powershell

$RegistryPaths = @(
            #Protocols
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server"

            #Ciphers
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168"

            #Hashes
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5"
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA"

            #KeyExchangeAlgorithms
            "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS"


        )
        Foreach ($RegistryPath in $RegistryPaths)
        {
            If (-not (Test-Path $RegistryPath))
            { New-Item $RegistryPath -Force -ErrorAction Stop }
            New-ItemProperty -Path $RegistryPath -Name "Enabled" -Value "0x0" -PropertyType DWORD -Force -ErrorAction Stop

        }
Posted in Powershell, Windows | Comments Off on Disable TLS 1.0, TLS 1.1 and weak ciphers with Powershell

Split PFX into cert and key without password

Set-Location 'C:\OpenSSL-Win64\bin'
$PfxPath = "C:\Cert\cert.pfx"
$WorkingDirectory = [io.path]::GetDirectoryName($PfxPath)
$FileName = [io.path]::GetFileNameWithoutExtension($PfxPath)

#Password for the pfx file
$Password = "password"
	
$CertCommand = ".\openssl.exe pkcs12 -in $PfxPath  -out $("$WorkingDirectory\$FileName.crt") -nokeys -passin pass:$Password"
Invoke-Expression -Command $CertCommand
Start-Sleep 2
		
$KeyCommand = ".\openssl.exe pkcs12 -in $PfxPath -out $("$WorkingDirectory\$FileName.key") -nocerts -nodes -passin pass:$Password"
Invoke-Expression -Command $KeyCommand
Posted in Uncategorized | Comments Off on Split PFX into cert and key without password

Set Powershell to ignore certificate check

add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
Posted in Uncategorized | Comments Off on Set Powershell to ignore certificate check

Powershell JEA Just Enough Administration Session client IP

To get the IP from inside a session you can use Get-WSManInstance. If you run the endpoint as a group managed service account it has to be administrator on the local machine. Otherwise you will get access denied. The variable $PID exist inside the JEA Session.

Function Get-IP
{
    Get-WSManInstance -ConnectionURI http://localhost:5985/wsman -ResourceURI shell -Enumerate | Where { $_.ProcessId -eq $PID }
}

Posted in Powershell | Tagged , | Comments Off on Powershell JEA Just Enough Administration Session client IP

Adopt Unifi Ubiquiti AP

  1. SSH to the IP address of the AP
  2. Log on with username “ubnt” and password “ubnt”
  3. Run command “set-inform http://ip-of-controller:8080/inform”
Posted in Uncategorized | Comments Off on Adopt Unifi Ubiquiti AP

Powershell Force TLS 1.2

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Posted in Uncategorized | Comments Off on Powershell Force TLS 1.2

Install WSUS Updates with Powershell

$Computers = Get-ADComputer -SearchBase "OU=Servrar,DC=contoso,DC=com" -Properties operatingSystem,dnshostname -Filter * | Select -ExpandProperty dnshostName 

#Ta bort de som redan har körts
$ExceptServers = (Import-Csv $LogFile -Delimiter "," -Header ComputerName,Status).ComputerName 
$Computers = $Computers | Where {$ExceptServers -notcontains $_}
$LogFile = "C:\Temp\WsusForce.txt"

Foreach ($Computer in $Computers)
{

Try 
{
$InstallScript = @'
####
$Criteria = "IsInstalled=0 and Type='Software'"

    #Search for relevant updates.
    $Searcher = New-Object -ComObject Microsoft.Update.Searcher
    $SearchResult = $Searcher.Search($Criteria).Updates
    #Download updates.
    $Session = New-Object -ComObject Microsoft.Update.Session
    $Downloader = $Session.CreateUpdateDownloader()
    $Downloader.Updates = $SearchResult
    $Downloader.Download()

    #Install updates.
    $Installer = New-Object -ComObject Microsoft.Update.Installer
    $Installer.Updates = $SearchResult
    $Result = $Installer.Install()

#####
$TS = New-Object -ComObject Schedule.Service
$TS.Connect($env:COMPUTERNAME)
$TaskFolder = $TS.GetFolder("\")
$Tasks = $TaskFolder.GetTasks(1)
$TaskToDelete = "WsusForce"
foreach($Task in $Tasks)
    {
    If($Task.Name -eq $TaskToDelete)
        {$TaskFolder.DeleteTask($Task.Name,0)}
    }
#Ta bort sig själv
Remove-Item -LiteralPath $MyInvocation.MyCommand.Path -Force
'@
			Set-Content -Path "\\$Computer\C$\Windows\Temp\WsusForce.ps1" -Value $InstallScript -ErrorAction SilentlyContinue
						
			
			Invoke-Command -ScriptBlock {
				# The name of the scheduled task
				$TaskName = "WsusForce"
				# The description of the task
				$TaskDescr = "WsusForce"
				# The Task Action command
				$TaskCommand = "powershell.exe"
				# The PowerShell script to be executed
				$TaskScript = "C:\Windows\Temp\WsusForce.ps1"
				# The Task Action command argument
				$TaskArg = "-WindowStyle Hidden -NonInteractive -Executionpolicy unrestricted -file $TaskScript"
				
				# The time when the task starts
				$TaskStartTime = [datetime]::Now.AddSeconds(10)
				# Attach the Task Scheduler com object
				$service = new-object -ComObject ("Schedule.Service")
				# connect to the local machine. 
				# http://msdn.microsoft.com/en-us/library/windows/desktop/aa381833(v=vs.85).aspx
				$Service.Connect()
				$RootFolder = $service.GetFolder("\")
				
				$TaskDefinition = $service.NewTask(0)
				$TaskDefinition.RegistrationInfo.Description = "$TaskDescr"
				$TaskDefinition.Settings.Enabled = $true
				$TaskDefinition.Settings.AllowDemandStart = $true
				
				$Triggers = $TaskDefinition.Triggers
				#http://msdn.microsoft.com/en-us/library/windows/desktop/aa383915(v=vs.85).aspx
				$Trigger = $Triggers.Create(1) # Creates a "One time" trigger
				$Trigger.StartBoundary = $TaskStartTime.ToString("yyyy-MM-dd'T'HH:mm:ss")
				$Trigger.Enabled = $true
				
				# http://msdn.microsoft.com/en-us/library/windows/desktop/aa381841(v=vs.85).aspx
				$Action = $TaskDefinition.Actions.Create(0)
				$Action.Path = "$TaskCommand"
				$Action.Arguments = "$TaskArg"
				
				#http://msdn.microsoft.com/en-us/library/windows/desktop/aa381365(v=vs.85).aspx
				$RootFolder.RegisterTaskDefinition("$TaskName", $TaskDefinition, 6, "System", $null, 5)
				
				
				
			} -ComputerName $Computer -ErrorAction Stop

    Add-Content $LogFile "$Computer,OK"
}
Catch
    {
    Add-Content $LogFile "$Computer,$($_.Exception.Message)"
    }
}
Posted in Uncategorized | Comments Off on Install WSUS Updates with Powershell

Homebridge example file, Home Assistant and ffmpeg

[codesyntax lang=”php”]

{
   "bridge":{
      "name":"HomebridgeDocker",
      "username":"CC:22:3D:E3:CE:30",
      "port":51826,
      "pin":"031-45-154"
   },
   "description":"This is an example configuration file. You can use this as a template for creating your own configuration file containing devices you actually own.",
   "accessories":[

   ],
   "platforms":[{
		"platform": "HomeAssistant",
		"name": "HomeAssistant",
		"host": "http://ha.domain.com:8123",
		"supported_types": ["automation", "binary_sensor", "climate", "cover", "device_tracker", "fan", "group", "input_boolean", "light", "lock", "media_player", "remote", "scene", "sensor", "switch"],
		"default_visibility": "hidden",
		"logging": false
	},
      {
         "platform":"Camera-IP",
         "cameras":[
            {
               "name":"Kamera1",
               "videoConfig":{
                  "source":"-re -i rtsp://Username:Password@192.168.10.23:554/Streaming/channels/102/",
                  "stillImageSource":"-i http://Username:Password13@192.168.10.23/Streaming/channels/1/picture",
                  "maxStreams":2,
                  "maxWidth":1280,
                  "maxHeight":720,
                  "maxFPS":30
               }
            },{
               "name":"Kamera2",
               "videoConfig":{
                  "source":"-re -i rtsp://Username:Password13@192.168.10.24:554/Streaming/channels/102/",
                  "stillImageSource":"-i http://Username:Password13@192.168.10.24/Streaming/channels/1/picture",
                  "maxStreams":2,
                  "maxWidth":1280,
                  "maxHeight":720,
                  "maxFPS":30
               }
            }
         ]
      }
   ]
}

[/codesyntax]

Posted in Uncategorized | Comments Off on Homebridge example file, Home Assistant and ffmpeg

Windows Live Photo Gallery database location

%userprofile%\AppData\Local\Microsoft\Windows Live Photo Gallery

To clear the database, close the program and remove all files under here.

Posted in Windows | Comments Off on Windows Live Photo Gallery database location

Active Directory performance counters, Security System-Wide Statistics

Problem:
You cannot see the counterset “Security System-Wide Statistics” with powershell when you run the command Get-Counter -ListSet “Security System-Wide Statistics”

Or when you run the “Get-Counter “\Security System-Wide Statistics\Kerberos Authentications” you get “Internal performance counter API call failed. Error: c0000bb8”

Soloution:
Start powershell.exe with Run asAdministrator. The UAC prevents the ListSet from being displayed.

Posted in Active Directory, Performance | Comments Off on Active Directory performance counters, Security System-Wide Statistics