Clik here to view.
How to with Regular expressions
Examples: .at matches any three-character string ending with “at”, including “hat”, “cat”, and “bat”. [hc]at matches “hat” and “cat”. [^b]at matches all strings matched by .at except “bat”. [^hc]at...
View ArticleClik here to view.
How to dump events from Windows event logs ?
From event viewer eventvwr (GUI) you can export events in a log file You can use eventwatchnt (GUI) from http://www.netikus.com To dump events from the command line you can use: 1) psloglist from...
View ArticleClik here to view.
Failover clustering in command line
How to install the Windows failover clustering from the command line ? First, you should make sure that the nodes, running Windows Server 2012 R2 that you are intending to add to the cluster are part...
View ArticleClik here to view.
Understanding streams redirection and write-host in powershell
http://blogs.technet.com/b/heyscriptingguy/archive/2014/03/30/understanding-streams-redirection-and-write-host-in-powershell.aspx
View ArticleClik here to view.
Getting Started with Office 365 and PowerShell
http://blogs.technet.com/b/heyscriptingguy/archive/2014/03/24/getting-started-with-office-365-and-powershell.aspx
View ArticleClik here to view.
Better protect against “Pass the Hash” attacks
Resources materials: http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating-Pass-the-Hash-Attacks-and-Other-Credential-Theft-Version-2.pdf...
View ArticleClik here to view.
Advanced XML filtering in the Windows Event Viewer
http://blogs.technet.com/b/askds/archive/2011/09/26/advanced-xml-filtering-in-the-windows-event-viewer.aspx http://blog.oneboredadmin.com/2013/05/filtering-windows-event-log-using-xpath.html
View ArticleClik here to view.
List of most common and useful Windows Event IDs
Here is a list of the most common / useful Windows Event IDs. Event Log, Source EventID EventID Description Pre-vista Post-Vista Security, Security 512 4608 Windows NT is starting up. Security,...
View ArticleClik here to view.
Powershell: How to test if a string contains Uppercase or Lowercase
Here is a new Powershell tip to detect if a string contains Uppercase (all characters or some characters only): Use case1: check if the string contain at least one character in uppercase ! ex: $var=...
View ArticleClik here to view.
Powershell: One-liners to Get You Started
The server rebooted recently – who did it and when exactly? Event ID 1074 covers a few activities beyond reboots, such as shutdown Get-EventLog -log system –newest 1000 | where-object {$_.eventid –eq...
View ArticleClik here to view.
How to use WUSA to install hotfixes
wusa <update>.msu /quiet /norestart /log example: wusa d:\hotfixes\Windows8.1-KB29456426.msu /quiet /norestart You can use the Windows Management Instrumentation Command-line (WMIC) to view the...
View ArticleClik here to view.
ADFS v2.1
ADFS deep dive planning and design: http://blogs.technet.com/b/askpfeplat/archive/2014/11/24/adfs-deep-dive-planning-and-design-considerations.aspx Main Portal:...
View ArticleClik here to view.
WinRM: using and troubleshooting CredSSP
Back in the Windows Vista days, we introduced a new security delegation module called Credential Security Service Provider (CredSSP). This was originally designed to work with Terminal Services because...
View ArticleClik here to view.
Windows Forensics: WinRM – who is connected to your computer?
Finding remote session connected to your computer? who is running a (hidden) remote PowerShell on your machine? Here’s a simple one-liner: Get-WSManInstance -ConnectionURI (‘http://{0}:5985/wsman’ -f...
View ArticleClik here to view.
How to install Windows feature using Powershell?
How to list and to install Windows feature from Powershell ? Import-Module servermanager Get-WindowsFeature | Where-Object {$_.installed} | Format-Table -AutoSize Get-WindowsFeature | Where-Object...
View ArticleClik here to view.
How to update group membership without logoff / logon /restart
This might be very useful for certain situations where you want to update a user’s or computer’s group membership without the need to re-logon / restart. The whole magic is behind the issued kerberos...
View ArticleClik here to view.
Monitoring Event ID with Powershell or SCOM
Using Powershell: http://msexchange.me/2014/06/05/monitoring-event-id-thru-powershell/ http://community.spiceworks.com/topic/282720-powershell-event-log-monitor-email-alert-script-central-monitor Using...
View ArticleClik here to view.
SFTP using Powershell
How to use SFTP with Powershell? http://www.powershellmagazine.com/2014/07/03/posh-ssh-open-source-ssh-powershell-module/ https://github.com/darkoperator/Posh-SSH or Using WinSCP:...
View ArticleClik here to view.
Converting .cer to .pem etc…
Certificate converter: https://www.sslshopper.com/ssl-converter.html using openssl to convert a certificate format to another format:...
View ArticleClik here to view.
Be protect against “Pass the Hash” attacks
Resources materials: https://www.nsa.gov/ia/_files/app/Reducing_the_Effectiveness_of_Pass-the-Hash.pdf https://www.nsa.gov/ia/_files/app/Spotting_the_Adversary_with_Windows_Event_Log_Monitoring.pdf...
View Article