Find OS version in registory


Advertisements

Passwords in Group Policy Preferences


We can keep the same policy and enable the local administrator password change settings through GPO. Updating the password option is greyed now.

Microsoft has released security bulletin MS14-025. Group Policy Preferences password functionality is being removed

Reference article : https://support.microsoft.com/en-us/help/2962486/ms14-025-vulnerability-in-group-policy-preferences-could-allow-elevati

Need to uninstall the patch “KB2928120” in one DC and check the functionality of local administrator password change settings option is able to view or greyed out.

LAPS:

https://dirteam.com/sander/2014/05/23/security-thoughts-passwords-in-group-policy-preferences-cve-2014-1812/

https://dirteam.com/sander/2015/05/02/security-thoughts-microsoft-local-administrator-password-solution-laps-kb3062591/

Important event logs in AD


Description Event Type Windows Event ID / ProviderSID field in LEM Audit Policy Category / Subcategory Corresponding Rule
Group member added to security group NewGroupMember 4728 Account Management / Security Group Management User Added to Group

New Critical Group Member

Group member removed from security group DeleteGroupMember 4729 Account Management / Security Group Management User Removed from Group
User account created NewDomainMember 4720 Account Management / User Account Management User Account Created
User account deleted DeleteDomainMember 4726 Account Management / User Account Management User Account Deleted
User account enabled UserEnable 4722 Account Management / User Account Management User Account Enabled
User account disabled UserDisable 4725 Account Management / User Account Management User Account Disabled
Account lockout UserDisable 4740 Logon/Logoff / Account Lockout User Account Lockout

Find open DNS port


netstat  -o  |find “53”  |find “TCP”

performance log Convert .blg to .csv


relog DataCollector01.blg -f CSV -t 05 -o newlog.csv

Script:

$blgfiles = Get-ChildItem -Recurse -Path “C:\PerfLogs\Admin\Report1” -Filter *.blg
$csvfile = “C:\PerfLogs\Admin\Report1.csv”

foreach ($blgfile in $blgfiles) {
relog -f csv $blgfile -o $csvfile
}

Found on Spiceworks: https://community.spiceworks.com/topic/1971705-powershell-convert-blg-files-to-csv-files-in-subdirectories?utm_source=copy_paste&utm_campaign=growth

 

 

GPO report


Display GPOs applied to a specific computer

gpresult /r /scope:computer

Display GPOs applied on a remote computer

gpresult /s pc2 /r

Display GPOs applied to a specific user

gpresult /r /scope:user

Installed patch details using win32_quickfixengineering


Get-WmiObject -Class “win32_quickfixengineering” | Select-Object -Property “Description”, “HotfixID”, @{Name=”InstalledOn”; Expression={([DateTime]($_.InstalledOn)).ToLocalTime()}}

%d bloggers like this: