Browsed by
Category: Microsoft

Tagging Azure Resources

Tagging Azure Resources

Tag Limits Not all resource types support tags. This means that you will not be able to apply tags to everything in Azure. A resource or resource group is limited to 15 tags. Each resource can have different tags. Tag names cannot exceed 512 characters. For storage accounts, tag names are limited to 128 characters. Tag values cannot exceed 256 characters. VMs cannot exceed 2048 characters for all tag names and values combined. Tags are not inherited by child resources….

Read More Read More

Decode Windows Autounattend.xml password using PowerShell

Decode Windows Autounattend.xml password using PowerShell

Recently I needed to recover the password that I forgot from Windows unattended installer file Autounattend.xml. Password is stored in this file as Base64 encoded value which can be easily decoded with following lines of PowerShell script. $EncodedText = “UABhAHMAcwB3AG8AcgBkAA==” $DecodedText = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($EncodedText)) $DecodedText To encode using PowerShell: $EncodedText = “UABhAHMAcwB3AG8AcgBkAA==” $DecodedText = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($EncodedText)) $DecodedText

DNS Security – DNSSEC

DNS Security – DNSSEC

Technorati Tags: 70-744 DNSKEY This record stores the public key that is used to crytographically validate signed DNS records. In public key infrastructure (PKI), the DNS server signs the records with its private key, and validates the records’ integrity by using its corresponding public key. Note that in DNSSEC it’s the DNS server that performs the record validation on behalf of DNS clients. Technorati Tags: dnssec RRSIG This record is the digital signature for a particular DNS record. If a…

Read More Read More

Hyper-V Just-Enough-Administration (JEA)

Hyper-V Just-Enough-Administration (JEA)

I decided to write series of articles about Securing Windows Server what I  frequently do. This is first one in this topic. Problem Statement: Company owns virtualization infrastructure with some Virtual Machines. Hyper-V Admins are responsible for overall company virtual machines and have full access to Hyper-V host servers. Together with this admins company has group of other admins that are responsible only for particular Virtual Machines and need control them. In our case this is Monitoring VM. Until JEA…

Read More Read More

Local Admin Password Solution (LAPS) STEP-BY-STEP

Local Admin Password Solution (LAPS) STEP-BY-STEP

Today we will deploy Microsoft LAPS solution to manage local administrator passwords in computers. Its an excellent tool that takes the burden of rotation of local administrator account password or to avoid cases when all workstation have the same password for local administrator account. First we need to download LAPS from the MS download center and install it on Management Computer (Domain Controller). LAPS is installed to “%ProgramFiles%\LAPS”. https://www.microsoft.com/en-us/download/details.aspx?id=46899 For “Managed computers” we can run the installer to install same…

Read More Read More

Active Directory Group Nesting

Active Directory Group Nesting

Group Scope There are four group scopes: Local Global Domain Local Universal The characteristics that define each scope fall into these categories: Replication. Where is the group defined, and to what systems is the group replicated? Membership. What types of security principals can the group contain as members? Can the group include security principals from trusted domains? Availability. Where can the group be used? Is the group available to add to another group? Is the group available to add to…

Read More Read More

AD Domain Rename Step-By-Step

AD Domain Rename Step-By-Step

My first blog post will be about domain rename in Microsoft Active Directory Domain. We have test domain Bigapple.local which we will rename to Bigapple.main 1. First we need to install at least AD DS and AD LDS tools RSAT from Add Roles and Features 2. Create new Primary AD integrated DNS zone corresponding to the new Domain name from DNS Manager. Do not forget to restart Netlogon service from services console so that SRV records for newly created zone…

Read More Read More