Due to conditional access policies , users could not join devices to Azure AD

April 8, 2021Research

With a Cloud Apps conditional access policy only allowing users access to the network if they enrolled in Azure AD ( MDM ) or Registered to Azure AD ( MAM ) , it block them from Joining Azure AD in the first place with the message:

You can't get there from here- Office 365 - Microsoft Community

We had to remove All Cloud Apps and change this just to Office 365 per below

GD Star Rating
loading...

No Comments

How to create an NFS Share in server 2019

March 28, 2021Research

Recently needed to create an NFS share to hosts some ISO's for Xen server


New-NfsShare -Name "NFSshare01" -Path "C:\NFSshare" -EnableUnmappedAccess $True -Authentication Sys 


Grant-NfsSharePermission -Name "NFSshare01" -ClientName "10.0.0.110" -ClientType "host" -Permission "readwrite" -AllowRootAccess $True

GD Star Rating
loading...

No Comments

Force Kill Frozen Hyper V VM

March 28, 2021Research

When you can’t shutdown or power off a VM , this is how to force kill it

Open this directory in File Explorer and find the folder with the same name as your virtual machine has. Copy the GUID that is specified in the name of the VM configuration file with the *.vmcx extension.

Run the Task Manager and go to the Details tab. All virtual machines are running in their own instance of vmwp.exe. To determine which process is responsible for your VM, you need the GUID of the hung-up VM you obtained earlier. Locate the process vmwp.exe that has the GUID of your VM in the User name column. Kill this process (End Task).

GD Star Rating
loading...

No Comments

365 DKIM

March 27, 2021Research

Add the DNS Records below

Host name: selector1._domainkey
CNAME: selector1-pariswells-com._domainkey.pariswells.onmicrosoft.com
TTL: 3600

Host name: selector2._domainkey
CNAME: selector2-pariswells-com._domainkey.pariswells.onmicrosoft.com
TTL: 3600

Once created , powershell

New-DkimSigningConfig -DomainName “google.com” -Enabled $true

If keys have already been created , run the below

Set-DkimSigningConfig -Identity “google.com” -Enabled $true

Disable the onmicrosoft.com.au DKIM and enable on all of the customers domain

GD Star Rating
loading...

No Comments

Existing CSV shared storage disk adding hyper-v host as RAW

March 27, 2021Research

Any existing CSV Shared Storage Disk was trying to be added to a new host on a different cluster however came up as RAW

What needed to run was the below ( for Disk 0 ) and I could see the CSNTFS permissions again

clear-clusterdiskreservation -disk 0

GD Star Rating
loading...

No Comments

“You can’t get there from here” register device

March 23, 2021Research

Trying to enroll a device for MAM and the below error messaged showed up

The user was not in the right groups assigned for Enrolling devices in MAM , changing this fixes the Error

Unable to see the intune enrolled windows 10 device in Azure portal – You can't get there from here – All about Microsoft Endpoint Manager

GD Star Rating
loading...

No Comments

AD Account Lockout Script

March 18, 2021Research

<#  
	.SYNOPSIS  
	Displays list of accounts that have been locked out in AD since the last time each DC's Event Log has rolled over.

	.DESCRIPTION
	By default, this script displays list of accounts that have been locked out on the current domain since the last time the Event Log rolled over. Results can be filtered by using parameters.

	.PARAMETER forest
	Queries all DCs in the current forest

	.PARAMETER Domain
	Queries only DCs within the specified domain. If no domain is listed, it will default to the current domain.
	
	.PARAMETER DCs
	Queries only specified DCs
	
	.PARAMETER Start
	Filter by start time in 'MM/dd/yyyy HH:mm:ss' format.
	
	.PARAMETER End
	Filter by end time in 'MM/dd/yyyy HH:mm:ss' format.
	
	.NOTES  
	Author  : Chrissy LeMaire 
	Requires:     PowerShell Version 3.0
	DateUpdated: 2015-Feb-5
	Version: 1.1
	 
	.LINK
	
	 
	.EXAMPLE
	.\Get-LockoutHistory.ps1
	Gets all locked out accounts in the current domain.
	
	.EXAMPLE
	.\Get-LockoutHistory.ps1 -forest
	Gets all locked out accounts in the current forest
	
	.EXAMPLE
	.\Get-LockoutHistory.ps1 -domain ad.local -start '1/28/2015' -end '1/29/2015'
	Gets all locked out accounts in the ad.local domain, starting at 01/28/2015 00:00:00 and ending at 01/29/2015 00:00:00
#> 
#Requires -Version 3.0
[CmdletBinding(DefaultParameterSetName="Default")]

Param(
	[switch]$forest,
	[string]$domain,
	[string[]]$dcs,
	[datetime]$start,
	[datetime]$end
	)

if ($domain.length -ne 0) { $domain = $domain.toLower() }

if (($forest -eq $true -or $domain -ne $null) -and $dcs.length -eq 0) {
	$currentforest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
	$currentdomains = $currentforest.Domains
	
	if ($domain.length -ne 0) {
		$singledomain = ($currentdomains | Where-Object { $_.Name -eq $domain })
		if ($singledomain -eq $null) { throw "$domain could not be found in the forest." }
		$dcs = $singledomain.DomainControllers.name 
	} else { $dcs = $domains.DomainControllers.name }
} 

if ($dcs -eq $null) {
	$currentdomain = [directoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
	$dcs = $currentdomain.FindAllDomainControllers()
}

$filter = @{LogName='Security';Id=4740;}

if ($start -ne $null) {
	$start = (Get-Date $start -Format 'MM/dd/yyyy HH:mm:ss')
	$filter += @{StartTime=$start;}
	Write-Host "Filter Start: $start" -ForegroundColor Yellow
}

if ($end -ne $null) {
	$end = (Get-Date $end -Format 'MM/dd/yyyy HH:mm:ss')
	$filter += @{EndTime=$end;}
	Write-Host "Filter End: $end" -ForegroundColor Yellow
}

$allevents = $null; $lockedout = @()

foreach ($dc in $dcs) {
Write-Host "Contacting $dc" -ForegroundColor Green
	try {
		$allevents = (Get-WinEvent -ComputerName $dc -FilterHashtable $filter   -ErrorAction Stop).ToXml()
		$allevents = "<root>$allevents</root>"

		foreach ($event in ([xml]$allevents).root.Event) {
			$user = ($event.EventData.data |  Where-Object { $_.Name -eq "TargetUserName" }).'#text'
			$from = ($event.EventData.data | Where-Object { $_.Name -eq "TargetDomainName" }).'#text'
			$dc = (($event.EventData.data | Where-Object { $_.Name -eq "SubjectUserName" }).'#text').TrimEnd("$")
			$domain = ($event.EventData.data | Where-Object { $_.Name -eq "SubjectDomainName" }).'#text'
			$entrytime = [datetime]$event.System.TimeCreated.SystemTime
			$status = (Get-ADUser -Identity $user  -Server $DC -Properties LockedOut).LockedOut
		
			$lockedout += [pscustomobject]@{User=$user; From=$from; DC=$dc; Domain=$domain; Timestamp=$entrytime; "Currently Locked Out"=$status}
		}
	}
	catch {
		$msg = $_.Exception.Message
		if (!$msg.StartsWith("No events were found")) {
			Write-Warning "$dc was unreachable or otherwise unparsable."
			Write-Warning "Ensure your account has Read access to the DC's Security log and the appropriate firewall ports are open."
		}
	}
}

if ($lockedout.count -eq 0) {
	Write-Host "No locked out events could be found."
} else {
	$lockedout | Out-Gridview
}

GD Star Rating
loading...

No Comments

Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.11.6.17763_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca as Unavailable/Unavailable. The error:

March 16, 2021Research

Symptoms

Start menu not working for all users

System Event log shows the following error

EventID:10001 – Source: DCOM

Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.11.6.17763_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca as Unavailable/Unavailable. The error:

“0”

Happened while starting this command:

“C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe” -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Fix

Backup registry key below (could take awhile 1 hr+)

In powershell

Remove-Item “HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso\FirewallRules”

New-Item “HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso\FirewallRules”

Set DWORD “DeleteUserAppContainersOnLogoff = 1
in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

GD Star Rating
loading...

No Comments

Credential Guard Server 2016

March 16, 2021Research

** If using Windows 10 you will need Enterprise License

Guide

Enable the Virtual Machine for Secure Boot \ EUFI and Enable Virtualisation CPU on CPU Settings
Install Hyper V Role on the server
TPM Doesn’t seem to be enabled but its working
Enable GPO

Tool

GD Star Rating
loading...

No Comments

KB5000871 Exchange Server 2019, 2016, and 2013 Issues

March 16, 2021Research

https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b

Update fails to stop all services ( do this manually )
Exchange services might remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition might occur if the service control scripts experience a problem when they try to return Exchange services to their usual state.

To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update at an elevated command prompt. For more information about how to open an elevated Command Prompt window, see Start a Command Prompt as an Administrator.

GD Star Rating
loading...

No Comments