Sep 08 2011

Sign an Excel macro with a certificate issued by your enterprise PKI

This article describes how to digitally sign an Excel VBA project with a certificate issued by your ADCS PKI. You can use the same method to sign any Office VBA project but in this post we will focus on Excel. For an introduction on how to sign Office macros you can read these KB and MSDN articles.
Read more »

Aug 23 2011

GPO: Loopback processing and Group Policy Preferences

In this post we talk about loopback processing of group policy and what interesting new feature is available when combining with Group Policy Preferences.

If you need a detailed explanation on how loopback processing of group policy works I suggest you read this 4sysops two part blog post (part 1, part 2).

Read more »

Jul 28 2011

MMC tales…

In this post we will discuss some issues we had when using Microsoft Management Consoles to manage DNS (dnsmgmt.msc), Group Policy Objects (rsop.msc, gpmc.msc) and AD accounts (dsa.msc). No, we don’t use just powershell or command line tools to manage a Microsoft infrastructure: We click a lot 🙂
Read more »

May 31 2011

Powershell: WSUS clients inventory

In this post we will describe how to make a WSUS clients inventory, we will search for the computers in your domain which are not able to receive MS security updates because they are not supported any more or because there is a misconfinguration on the WSUS client. Below is a tab listing supported OS and Service Packs versions:

Read more »

Apr 29 2011

Powershell: Enterprise CA, Create SAN certificates for IIS7 servers

We will show in this post how to create a SAN certificate for IIS 7 using an Enterprise PKI. This kind of certificate permits you to host multiple SSL sites on a single server. To achieve this with a powershell script we will use the PSRemoting and the IIS CmdLets.

We launch the script from the server where we administrate the PKI with ADCS RSAT. We will use PSRemoting for many things: Before sending the certificate request to the Certificate Authority in order to create the CSR on the IIS server. Once the certificate is issued we will retrieve it and install it to the IIS 7 server certificate store. Finally we will configure IIS 7 to use this certificate on the default web site.
Read more »

Apr 14 2011

The WinRM client cannot complete the operation within the time specified.

After configuring WinRM on a Windows 2008R2 server we launched the following command in order to test the installation:

winrm id -r:%machinename%

Unfortunately we had this error message:
Read more »

Mar 30 2011

Powershell: Use GPO to configure firewall settings

In this post we will set up firewall rules using Group Policy Objects under Windows 2008 Server. When you install a windows role or feature the installer will configure firewall rules automatically upon installation. Some third party installers reconfigure the default Windows Firewall port settings and no further configuration is needed (e.g. Xenapp 5.0 for Windows 2008 to allow incoming connections, such as those from ICA traffic and the IMA service), some others don’t… For those applications we will configure the firewall rules and import those settings into an existing GPO with the netsh advfirewall command.
Read more »

Mar 02 2011

Windows 2008 Event Collector: XP and 2003 clients

In this post we will describe how to configure a Windows 2008 Event Collector server to process events forwarded from Windows XP and Windows 2003 clients. The event forwarding system (aka syslog) relies on WinRM, there are two versions of the WinRM service: v1.1 and v2.0, each version of the service listen on a different default port (HTTP 80 + HTTPS 443 for WinRM 1.1, HTTP 5985 + HTTPS 5986 for WinRM 2.0). That is why you should upgrade WinRM 1.1 to WinRM v2.0 on your XP and 2003 clients in order to use event forwarding. For more details abour WinRM I suggest you read this article.

Read more »

Feb 08 2011

User account migration: Domain users primary group

After an AD domain migration, some user accounts migrated in the target domain were not membres of the domain users group. In order to identify those accounts we used the following ActiveRoles Management Shell command:

Get-QADUser -NotMemberof 'ldap389\domain users' | export-csv domusers.csv

Read more »

Jan 31 2011

Adprep 2008 troubleshooting

In this post we will describe some issues we had when extending the schema for Active 2008 or 2008R2. The steps to prepare the schema for AD 2008 are described in this askDS post.
Read more »

WordPress Themes

Blossom Icon Set

Software Top Blogs