Active Directory UserAccountControl Details
Reference: https://support.microsoft.com/en-us/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties
Author: The Looper
Cisco PacketTracer 7.2.2 fix on Ubuntu 19.04
I ran into some trouble getting PT to run on Ubuntu 19.04 and after a bit of research it looks like not only is the libpng12 package required but it needs further customization due to /lib being a symlink to /usr/lib now. While I appreciate the folks dropping links to custom .deb packages I wanted […]
Supermicro X10 Motherboard Fan Control
The homelab was in dire need of an upgrade recently and I landed on some Supermicro X10 motherboards. The 2U case I selected came with some built-in 80mm fans which had a max of 2000 RPM. During initial boot the fans would cycle between idle and max speed. I could see in the IPMI dash […]
TFTP + CentOS 7 + SELinux
Welly, well, well…when in need of a TFTP server why not build your own, leave SELinux enabled, create a custom repo, fight against SELinux, find some help on the internets, and end up spending up way too much time on what was supposed to be a quick task. I’m sure this page will get four […]
Server 2019 Domain Controller Replication – Unlucky Timing
Take a domain running multiple versions of Windows domain controllers across multiple AD sites and replicating just fine, add Server 2019 as a DC to the mix, and what do you get? Say it with me now “DCs mostly replicating just fine but KCC re-evaluated connections and one DC is now spamming event 1645 and […]
Domain Controller Granular Event Log Delegation
So you’ve combed through 7 year old TechNet forum posts, cursed the limitations of Event Log Readers group when trying to use Get-WinEvent, and then tried to decipher SDDL to no avail. A treatment for all those woes:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
function Add-EventLogAccess { [cmdletbinding(supportsshouldprocess=$true)] param( [ValidateScript({Get-ADObject -ld "(samaccountname=$_)"})] [string]$Identity, [ValidateSet('Application','Security','System')] [string]$LogName, [ValidateSet('RO','RW')] [string]$Permission ) try{ #get original permissions in SDDL format $origValue = ((wevtutil.exe gl $LogName | ? {$_ -match '^channelAccess'}) -split ': ')[-1].trim() #create new SDDL syntax switch($Permission){ 'RO' {$PermissionHex = '0x1'} 'RW' {$PermissionHex = '0x3'} } $ADsid = (Get-ADObject -ld "(samaccountname=$Identity)" -prop ObjectSid).ObjectSid.Value if($origValue -match $ADsid){write-host "$ADsid already set in SDDL, manual inspection required`nCurrent Value: $origValue" -f yellow; return} $newValue = "$origValue(A;;$PermissionHex;;;$ADsid)” write-host "CustomSD original value: $origValue" write-host "CustomSD new value: $newValue" $Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Eventlog\$logName" if($PSCmdlet.ShouldProcess("$logname log with value $newValue","Set-ItemProperty")){ #NOTE removing customSD allows channelaccess to return to default, verified with wevutil.exe gl $LogName Set-ItemProperty -Path $path -Name 'CustomSD' -Value $newValue -Type string -ErrorAction Stop -Force $regACL = Get-Acl $Path if($regacl.Access | ? {$_.identityreference -like "*$Identity" -and $_.RegistryRights -eq 'ReadKey' -and $_.AccessControlType -eq 'Allow'}){ write-host "`n$Identity already has ability to read $Path" -f Yellow } else{ write-host "`nAdd $Identity permission to $path" -f Green $rule = New-Object System.Security.AccessControl.RegistryAccessRule($Identity,'ReadKey','ContainerInherit,ObjectInherit','None','Allow') $regACL.AddAccessRule($rule) Set-Acl -AclObject $regACL -Path $regACL.Path -ErrorAction Stop } } } catch{ throw $_ } } Add-EventLogAccess -Identity 'MY_AD_GROUP' -LogName Security -Permission RO |
The basic gist here is that the CustomSD registry value will contain your new permissions and […]
Windows 10 Remote Server Administration Tools
So the shiny and new Windows 10 v1809 has RSAT available as features on demand you can install simply using Add-WindowsCapability. Great! Unfortunately for me somewhere along the line my Windows 10 system, which had the 1803 RSAT tools installed, obtained standard Windows updates and the RSAT options were removed from Windows Features menu. I […]
VMware PowerCLI 10 Setup
I found that the latest version of PowerCLI 10 ran fine in 32-bit mode but VS Code, Powershell ISE, or Powershell console in 64-bit mode were unable to load the module. I would get the following errors when trying to import the newly installed module: Could not load file or assembly ‘log4net, Version=1.2.10.0, Culture=neutral, PublicKeyToken=692fbea5521e1304’ […]
Remote Desktop Services – High Availability Connection Broker and Powershell
I found RDS cmdlets a tad annoying since you must specify the single “ActiveManagementServer” name instead of the HA connection broker name. If you omit the connection broker value you may see “A Remote Desktop Services deployment does not exist on server.contoso.com. This operation can be performed after creating a deployment. For information about creating […]
VMware Manual Download Not Working
Trying to get at that sweet esxi 6.7 ISO and your manual download button does absolutely nothing? I found https://communities.vmware.com/thread/518378 and since my pfSense DNSBL feed contains PiHole lists I wanted to do some further digging. Running tail -f /var/log/pfblockerng/dnsbl.log while refreshing the download page reveled the following domain block: tags.tiqcdn.com Then a grep -r 'tiqcdn' /var/db/pfblockerng/dnsbl/* showed the domain in […]