How to with Regular expressions
Examples: .at matches any three-character string ending with “at”, including “hat”, “cat”, and “bat”. [hc]at matches “hat” and “cat”. [^b]at matches all strings matched by .at except “bat”. [^hc]at...
View ArticleHow to dump events from Windows event logs ?
From event viewer eventvwr (GUI) you can export events in a log file You can use eventwatchnt (GUI) from http://www.netikus.com To dump events from the command line you can use: 1) psloglist from...
View ArticleFailover clustering in command line
How to install the Windows failover clustering from the command line ? First, you should make sure that the nodes, running Windows Server 2012 R2 that you are intending to add to the cluster are part...
View ArticleUnderstanding streams redirection and write-host in powershell
http://blogs.technet.com/b/heyscriptingguy/archive/2014/03/30/understanding-streams-redirection-and-write-host-in-powershell.aspx
View ArticleGetting Started with Office 365 and PowerShell
http://blogs.technet.com/b/heyscriptingguy/archive/2014/03/24/getting-started-with-office-365-and-powershell.aspx
View ArticleBetter protect against “Pass the Hash” attacks
Resources materials: http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating-Pass-the-Hash-Attacks-and-Other-Credential-Theft-Version-2.pdf...
View ArticleAdvanced XML filtering in the Windows Event Viewer
http://blogs.technet.com/b/askds/archive/2011/09/26/advanced-xml-filtering-in-the-windows-event-viewer.aspx http://blog.oneboredadmin.com/2013/05/filtering-windows-event-log-using-xpath.html
View ArticleList of most common and useful Windows Event IDs
Here is a list of the most common / useful Windows Event IDs. Event Log, Source EventID EventID Description Pre-vista Post-Vista Security, Security 512 4608 Windows NT is starting up. Security,...
View ArticlePowershell: How to test if a string contains Uppercase or Lowercase
Here is a new Powershell tip to detect if a string contains Uppercase (all characters or some characters only): Use case1: check if the string contain at least one character in uppercase ! ex: $var=...
View ArticlePowershell: One-liners to Get You Started
The server rebooted recently – who did it and when exactly? Event ID 1074 covers a few activities beyond reboots, such as shutdown Get-EventLog -log system –newest 1000 | where-object {$_.eventid –eq...
View ArticleHow to use WUSA to install hotfixes
wusa <update>.msu /quiet /norestart /log example: wusa d:\hotfixes\Windows8.1-KB29456426.msu /quiet /norestart You can use the Windows Management Instrumentation Command-line (WMIC) to view the...
View ArticleADFS v2.1
ADFS deep dive planning and design: http://blogs.technet.com/b/askpfeplat/archive/2014/11/24/adfs-deep-dive-planning-and-design-considerations.aspx Main Portal:...
View ArticleWinRM: using and troubleshooting CredSSP
Back in the Windows Vista days, we introduced a new security delegation module called Credential Security Service Provider (CredSSP). This was originally designed to work with Terminal Services because...
View ArticleWindows Forensics: WinRM – who is connected to your computer?
Finding remote session connected to your computer? who is running a (hidden) remote PowerShell on your machine? Here’s a simple one-liner: Get-WSManInstance -ConnectionURI (‘http://{0}:5985/wsman’ -f...
View ArticleHow to install Windows feature using Powershell?
How to list and to install Windows feature from Powershell ? Import-Module servermanager Get-WindowsFeature | Where-Object {$_.installed} | Format-Table -AutoSize Get-WindowsFeature | Where-Object...
View ArticleHow to update group membership without logoff / logon /restart
This might be very useful for certain situations where you want to update a user’s or computer’s group membership without the need to re-logon / restart. The whole magic is behind the issued kerberos...
View ArticleMonitoring Event ID with Powershell or SCOM
Using Powershell: http://msexchange.me/2014/06/05/monitoring-event-id-thru-powershell/ http://community.spiceworks.com/topic/282720-powershell-event-log-monitor-email-alert-script-central-monitor Using...
View ArticleSFTP using Powershell
How to use SFTP with Powershell? http://www.powershellmagazine.com/2014/07/03/posh-ssh-open-source-ssh-powershell-module/ https://github.com/darkoperator/Posh-SSH or Using WinSCP:...
View ArticleConverting .cer to .pem etc…
Certificate converter: https://www.sslshopper.com/ssl-converter.html using openssl to convert a certificate format to another format:...
View ArticleBe protect against “Pass the Hash” attacks
Resources materials: https://www.nsa.gov/ia/_files/app/Reducing_the_Effectiveness_of_Pass-the-Hash.pdf https://www.nsa.gov/ia/_files/app/Spotting_the_Adversary_with_Windows_Event_Log_Monitoring.pdf...
View Article