Here is a quick example I’m using to segregate my IoT vlan from the rest of the network. If you’re on the latest IOS version you can use object groups to simplify the RFC1918 rules seen below. The following communication flows are allowed: vl10 <–> vl20 all traffic vl10 <–> internet vl20 <–> internet vl50 […]
A quick google search for Synology NFS VAAI will get some decent results but the step by step documentation could use some TLC. Especially for 6.7 hosts where even after adding the .zip package manually to update manager it will list 6.7 hosts as compliant without performing any remediation tasks. Place ESXi host into maintenance […]
Reference: https://support.microsoft.com/en-us/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties
I ran into some trouble getting PT to run on Ubuntu 19.04 and after a bit of research it looks like not only is the libpng12 package required but it needs further customization due to /lib being a symlink to /usr/lib now. While I appreciate the folks dropping links to custom .deb packages I wanted […]
The homelab was in dire need of an upgrade recently and I landed on some Supermicro X10 motherboards. The 2U case I selected came with some built-in 80mm fans which had a max of 2000 RPM. During initial boot the fans would cycle between idle and max speed. I could see in the IPMI dash […]
Welly, well, well…when in need of a TFTP server why not build your own, leave SELinux enabled, create a custom repo, fight against SELinux, find some help on the internets, and end up spending up way too much time on what was supposed to be a quick task. I’m sure this page will get four […]
Take a domain running multiple versions of Windows domain controllers across multiple AD sites and replicating just fine, add Server 2019 as a DC to the mix, and what do you get? Say it with me now “DCs mostly replicating just fine but KCC re-evaluated connections and one DC is now spamming event 1645 and […]
So you’ve combed through 7 year old TechNet forum posts, cursed the limitations of Event Log Readers group when trying to use Get-WinEvent, and then tried to decipher SDDL to no avail. A treatment for all those woes:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
function Add-EventLogAccess { [cmdletbinding(supportsshouldprocess=$true)] param( [ValidateScript({Get-ADObject -ld "(samaccountname=$_)"})] [string]$Identity, [ValidateSet('Application','Security','System')] [string]$LogName, [ValidateSet('RO','RW')] [string]$Permission ) try{ #get original permissions in SDDL format $origValue = ((wevtutil.exe gl $LogName | ? {$_ -match '^channelAccess'}) -split ': ')[-1].trim() #create new SDDL syntax switch($Permission){ 'RO' {$PermissionHex = '0x1'} 'RW' {$PermissionHex = '0x3'} } $ADsid = (Get-ADObject -ld "(samaccountname=$Identity)" -prop ObjectSid).ObjectSid.Value if($origValue -match $ADsid){write-host "$ADsid already set in SDDL, manual inspection required`nCurrent Value: $origValue" -f yellow; return} $newValue = "$origValue(A;;$PermissionHex;;;$ADsid)” write-host "CustomSD original value: $origValue" write-host "CustomSD new value: $newValue" $Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Eventlog\$logName" if($PSCmdlet.ShouldProcess("$logname log with value $newValue","Set-ItemProperty")){ #NOTE removing customSD allows channelaccess to return to default, verified with wevutil.exe gl $LogName Set-ItemProperty -Path $path -Name 'CustomSD' -Value $newValue -Type string -ErrorAction Stop -Force $regACL = Get-Acl $Path if($regacl.Access | ? {$_.identityreference -like "*$Identity" -and $_.RegistryRights -eq 'ReadKey' -and $_.AccessControlType -eq 'Allow'}){ write-host "`n$Identity already has ability to read $Path" -f Yellow } else{ write-host "`nAdd $Identity permission to $path" -f Green $rule = New-Object System.Security.AccessControl.RegistryAccessRule($Identity,'ReadKey','ContainerInherit,ObjectInherit','None','Allow') $regACL.AddAccessRule($rule) Set-Acl -AclObject $regACL -Path $regACL.Path -ErrorAction Stop } } } catch{ throw $_ } } Add-EventLogAccess -Identity 'MY_AD_GROUP' -LogName Security -Permission RO |
The basic gist here is that the CustomSD registry value will contain your new permissions and […]
So the shiny and new Windows 10 v1809 has RSAT available as features on demand you can install simply using Add-WindowsCapability. Great! Unfortunately for me somewhere along the line my Windows 10 system, which had the 1803 RSAT tools installed, obtained standard Windows updates and the RSAT options were removed from Windows Features menu. I […]
I found that the latest version of PowerCLI 10 ran fine in 32-bit mode but VS Code, Powershell ISE, or Powershell console in 64-bit mode were unable to load the module. I would get the following errors when trying to import the newly installed module: Could not load file or assembly ‘log4net, Version=1.2.10.0, Culture=neutral, PublicKeyToken=692fbea5521e1304’ […]