Category: Microsoft Windows 8.1

Microsoft Active Directory – Trust Relationship Failure with Primary Domain

If you’ve worked with Microsoft Active Directory, then it’s very likely you’ve seen the following error message while trying to login to a server or workstation using domain credentials: “The trust relationship between this workstation and the primary domain failed.”

Typically, this is resolved by removing the server or workstation from the domain then rejoining it to the domain. However, the Reset-ComputerMachinePassword cmdlet may be used to change the computer account password that the computer uses to authenticate to domain controllers in the domain. For example, you may use the following syntax: Reset-ComputerMachinePassword -Server DC01 -Credential DOMAIN\– USER. As this is an example, you’ll need to substitute the DC01 field with a domain controller in your Microsoft Active Directory domain. Additionally, you’ll need to substitute the DOMAIN\– USER field with the domain and username of a user in your Microsoft Active Directory domain.

I believe this solution is preferable due to the fact that the Microsoft Active Directory computer object continues to use the same SID, remains in the appropriate OU, and remains in any necessary groups.

More information on this cmdlet may be found here.


Amazon Web Services – Verify AWS CLI Installation

You may use the following link to receive instructions on installing the AWS CLI. Additionally, to verify the installation, navigate to C:\Program Files\Amazon\AWSCLI for x64 operating systems and C:\Program Files (x86)\Amazon\AWSCLI for x86 operating systems.

Lastly, you may verify the version of the AWS CLI using the aws –version command from a Windows Command Prompt or Windows PowerShell session.


Microsoft Windows PowerShell – View Reboot and Uptime

The Microsoft Windows PowerShell script below will query a Windows hosts for the time it was rebooted and the time it completed it’s reboot.

<#
.SYNOPSIS
This script will request the hostname of a server then provide the time it was shutdown and completed it’s reboot.
.DESCRIPTION
This script will request the hostname of a server then provide the time it was shutdown and completed it’s reboot.
.EXAMPLE
N/A.
.AUTHOR
Written by Noel Enrique Alvarez on Friday, May 10, 2019.
#>

#Request the hostname of the server
$HOSTNAME = Read-Host “What is the hostname of the server?”

#Message
Write-Host The date and time below indicate the time the server was shutdown -ForegroundColor Green

#Provide the uptime of the server
Get-EventLog -Logname System -ComputerName $HOSTNAME | Where-Object {$_.EventID -EQ 6006} | Select-Object -First 1

#Message
Write-Host The date and time below indicate the uptime of the server -ForegroundColor Green

#Provide the uptime of the server
Get-EventLog -Logname System -ComputerName $HOSTNAME | Where-Object {$_.EventID -EQ 6005} | Select-Object -First 1

#End of script


Microsoft Windows PowerShell – Get Host Architecture

You may use the following Microsoft Windows PowerShell script below to get the architecture, physical or virtual, of a Windows host on a network.

<#
.SYNOPSIS
This script will provide the architure (physical of virtual) of a host.
.DESCRIPTION
This script will provide the architure (physical of virtual) of a host.
.EXAMPLE
systeminfo /s $HOSTNAME | findstr /c:”Model:” /c:”Host Name”
.AUTHOR
Written by Noel Enrique Alvarez on Tuesday, April 23, 2019.
#>

#Requst the hostname of the host
$HOSTNAME = Read-Host “What is the hostname of the server?”

#Provide the architure of the host
systeminfo /s $HOSTNAME | findstr /c:”Model:” /c:”Host Name”


Telnet – Testing Network Ports

You may use the command below, in the Windows command prompt or Windows PowerShell, to verify network ports are open on a specific host in your network. The example below is verifying that port Transmission Control Protocol (TCP) port 80 is open on Internet Protocol (IP) address 192.168.1.1.

Syntax: telnet <<<HOST>>> <<<PORT>>>
Example: telnet 192.168.1.1 80


Microsoft Windows PowerShell – Scheduling a Microsoft Windows PowerShell Script

You may use the following settings to configure a Microsoft Windows PowerShell script to run as an automated task in Task Scheduler. This is a very helpful feature for running scripts during the evening.

  • General
    • When running the task, use the following user account: DOMAIN\– USERNAME
    • Run whether user is logged on or not
  • Actions
    • Start a program
    • powershell.exe -file “<<<INSERT PATH TO SCRIPT>>>”
  • Settings
    • Allow task to be run on demand
    • run task as soon as possible after a scheduled start is missed
    • Stop the task if it runs longer than: 3 days
    • If the running task does not end when requested, force it to stop

Microsoft Windows Server 2012 R2 – Map a Network Drive

You may use the following command to map a network drive using the Microsoft Command Prompt or Microsoft Windows PowerShell. Additionally, replace the <HOSTNAME> and <SHARE> variables with the appropriate server and share name.

NET — USE Z: \\<HOSTNAME>\<SHARE>

Enjoy!


Group Policy Object – Standard Security Settings GPO

You may use the following Windows Server 2012 Group Policy Object (GPO) settings to configure basic security settings for Windows Server 2008/2012/2012 R2 or Windows 7/8/8.1.

 

Local Logon and Local Administrators

GPO Path: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Right Assignment

GPO Setting: Allow log on locally (used to define this user group)

GPO Path: Computer Configuration\Policies\Windows Settings\Security Settings\Restricted Groups

GPO Settings: Administrators (used to define this user group)

 

Desktop Lockout Configuration

GPO Path: User Configuration\Policies\Administrative Templates\Control Panel\Personalization

GPO Setting: Enable Screen Saver

GPO Setting: Force Specific Screen Saver (Screen saver executable name: C:\Windows\System32\scrnsave.scr)

GPO Setting: Password protect the screen saver

GPO Setting: Screen saver timeout (seconds: 180)

GPO Path: Computer Configuration\Policies\Administrative Templates\System\Group Policy

GPO Setting: Policy Setting: Configure user Group Policy loopback processing mode

 

RDP Configuration

GPO Path: Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile

GPO Setting: Windows Firewall: Allow ICMP exceptions

GPO Setting: Windows Firewall: Allow inbound Remote Desktop exceptions

GPO Path: Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Sessions Host\Connections

GPO Setting: Allow users to connect remotely by using Remote Desktop Services

GPO Path: Computer Configuration\Policies\Windows Settings\Security Settings\Restricted Groups

GPO Setting: Remote Desktop Users (used to define this user group)

 

Firewall Allow ICMP (Ping) Requests

GPO Path: Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Inbound Rules

 

Enjoy!