Active Directory, GPO, Network, Security, Windows Server

Securing zone levels in Internet Explorer

November 9, 2020 Gayan

Securing zone levels in Internet Explorer

Managing and configuring Internet Explorer can be complicated. This is especially true when users meddle with the numerous settings it houses. Users may even unknowingly enable the execution of malicious codes. This highlights the importance of securing Internet Explorer.

In this blog, we’ll talk about restricting users from changing security settings, setting trusted sites, preventing them from changing security zone policies, adding or deleting sites from security zones, and removing the Security tab altogether to ensure that users have a secure environment when using their browser.

Restricting users from changing security settings

A security zone is a list of websites at the same security level. These zones can be thought of as invisible boundaries that prevent certain web-based applications from performing unauthorized actions. These zones easily provide the appropriate level of security for the various types of web content that users are likely to encounter. Usually, sites are added or removed from a zone depending on the functionality available to users on that particular site.

Continue reading →

Active Directory, Domain Controller, Windows Server

PowerShell: Export Active Directory Group Members

February 19, 2020February 19, 2020 Gayan

To accomplish this we can use PowerShell.

In this tutorial, I will walk through the steps for exporting group members to a csv file.

Let’s get started.

Step 1: Load the Active Directory Module

To connect and query an AD group with PowerShell the Active Directory module needs to be loaded.

The Active Directory module can be installed with the following methods:

Having RSAT tools installed
Windows Server 208 R2 and above with the AD DS or AD LDS server roles

You can run the following command to see if you have installed

Get-Module -Listavailable

Continue reading “PowerShell: Export Active Directory Group Members” →

GPO, Security, Utilities, Windows

Add Local intranet site via GPO

January 1, 2020January 1, 2020 Gayan

Add Local intranet via GPO

1. Prepare

– DC : Domain Controller (testdc.com)

– WINClient : Domain Member

2. Step by step guide :

Add Local intranet site via GPO

+ DC : Add the Website URL or IP https://testsite.com to Local intranet via GPO

– Server manager > Group Policy Management > Right click “Default Domain policy” : Edit

– User configuration > Policies > Administrative templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Site to Zone assignment list : Enable

Continue reading “Add Local intranet site via GPO” →

PowerShell, Windows, Windows Server

[PowerShell] Delete all files and folders but exclude a sub-folder

December 3, 2019 Gayan

The -recurse switch does not work properly on Remove-Item. Better to use Get-Childitem.

Get-ChildItem -Path C:\TestFolder -Exclude SubFolder1,SubFolder2 | Remove-Item -Recurse -Force

Updates, Windows, Windows Server, WSUS

Patch Tuesday

September 26, 2019September 26, 2019 Gayan

Details on Microsoft’s security updates.

Patch Tuesday is the name given to the day each month that Microsoft releases security and other patches for their operating systems and other software.

Patch Tuesday is always the second Tuesday of each month and more recently is being referred to as Update Tuesday.

Non-security updates to Microsoft Office tend to occur on the first Tuesday of each month and firmware updates for Microsoft’s Surface devices on the third Tuesday of every month.

NOTE : Most Windows users will experience more of a Patch Wednesday because they’re prompted to install, or notice the installation of, the updates downloaded via Windows Update on Tuesday night or Wednesday morning.

Image result for Patch Tuesday

Continue reading “Patch Tuesday” →

Network, Windows Server

How to disable IP auto-configuration in server

August 14, 2019January 1, 2020 Gayan

If you add a static IP in a core server, you may see that the auto-configuration is on and giving a 169.0.0.0 number as the preferred address and the new static IP as the duplicate address. This will not work. When using a Core server, use the following steps to fix the issue.

Step 1: Run > cmd > ipconfig /all

Continue reading “How to disable IP auto-configuration in server” →

IIS, Windows Server

IIS: Disappearing SSL Certificate Problem Resolved

June 13, 2019June 13, 2019 Gayan

I followed the many different articles outlining how to import SSL certificates into IIS exactly and everything worked great except for the fact that when I navigated away from the Server Certificates window, the certificate would disappear. I could see the certificate in the server’s Personal Certificate Store using MMC (Microsoft Management Console) but it wouldn’t show up in IIS.

My problem was that the certificate that I was trying to import only contained the public key and not the private. For decryption to work correctly, the server obviously needs to have both the public and the private key. To resolve the problem I created the needed PKCS #12 Certificate File following the steps outlined here, and then clicked on the Import link (not the Complete Certificate Request… link) in the Server Certificates window in IIS.

Continue reading “IIS: Disappearing SSL Certificate Problem Resolved” →

Exchange, Outlook, Windows, Windows Server

Issue: Display shows organizer’s name instead of subject

January 15, 2019January 15, 2019 Gayan

Solution to a common Office 365 & Exchange Resource Mailbox Issue

In Office 365 & Microsoft Exchange, by default, your resource mailbox won’t show your Meeting Subject. Instead, it replaces this with your organizer’s name. This occurs for privacy reasons, but it’s only the default. Most organizations opt to see meeting subjects instead.

Consider the following:

A Resource mailbox is configured to AutoAccept in an Microsoft Exchange Server or Office 365 environment.
You send a meeting request to the Resource mailbox.
The meeting request is accepted automatically, and the meeting subject is displayed correctly in the organizer’s mailbox.

In this scenario, when you log on to the Resource mailbox, you see that the meeting subject is replaced with the organizer’s name.

Continue reading “Issue: Display shows organizer’s name instead of subject” →

Active Directory, Domain Controller, PowerShell, Windows Server

How to check Active Directory user account created date

January 6, 2019January 6, 2019 Gayan

Here’s the PowerShell command:

Get-ADUser <UserName> -Properties whenCreated | Format-List Name,whenCreated

or 
Get-ADUser -Filter * -Properties * | Select Name, whenCreated, whenChanged, LastlogonDate

In the Active Directory

Go to account properties > Attribute Editor > check for “whenCreated” attribute.

Domain Controller, PowerShell, Windows Server

How to Get AD Users Password Expiration Date

January 3, 2019January 3, 2019 Gayan

In this guide, I’ll show you how to get the password expiration date for Active Directory User Accounts.

This is very easy to do.

I will provide a few examples that go over how to get this information for a single user and how to get the expiration date for all AD users.

Check it out.

Method 1: Using Net User command to Display User Expiration Date

This first method uses the net user command that is built into windows. This command is used to add, remove and make changes to user and computer accounts.

To determine when the password will expire for a single account open the command prompt and type the following command:

Net user USERNAME /domain

In the below screenshot is an example for the user mfoster.

In addition to displaying the password expires date it also provides other useful information such as password last set, when the password can be changed, if the account is active and so on.

That is it for method 1.

Continue reading “How to Get AD Users Password Expiration Date” →