If you come across a machine that has disconnected from the domain, and you don’t have a system to recover the local administrator password, you’ll need to break in. If you have physical access to the machine, and can access the OS files from another OS (disk is not encrypted), then you can make offline changes to Windows. Boot into your Windows Preinstallation Environment (WinPE), typically used for OS deployment. See Microsoft Deployment Toolkit.
If you’re accessing intranet websites using Blackberries and other mobile platforms like Good for Enterprise you can get Kerberos working to provide single sign-on/passthough authentication. Staff can then browse intranet pages that are secured by Windows authentication, URL filtering or NTFS without having to type in their (probably complex) Windows password on a teeny tiny phone keypad.
I use the Active Server Page (ASP) below on IIS to test if Kerberos is working.
Had a requirement to monitor a website for changes. Used free online tool www.changedetection.com. But set up a second monitoring tool using PowerShell and a scheduling system. Remix the following code in your own monitoring projects. Maybe turn it into a function. Maybe test for an expected string (eg the HTML for login form). There’s no defensive code to recover if the website is inaccessible (needs a try-catch there). Could add some code to raise a SNMP trap, or create a support ticket.
Recently showed NetMon to a developer for troubleshooting IntelliJ. The Java development environment app was freezing and we found it was attempting to go direct to Maven central repository instead of our internal repository or out via the web proxy. NetMon is a network capture tool. Rather than showing you raw data like wireshark, it breaks down the traffic into “conversations” per process (and process ID). This makes it easier to see the forest for the trees, or the tree you’re interested in instead of the whole forest.
PowerShell 3 installs without help files. You download these from Microsoft using the command update-help. Use the following PowerShell to make the .Net web client pass your session credentials to the (auto detected) proxy. Now you can wget, curl or update-help
$wc = New-Object System.Net.WebClient $wc.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials update-help This tip was from_:_ http://blog.stangroome.com/2013/08/02/powershell-update-help-and-an-authenticating-proxy/
Attended a security webinar titled 11 Most Effective Ways to Lockdown Active Directory. The 10 Immutable Laws of Security was referenced (in the context of VMware admins having equivalent of physical access to VMs, law #3).
Law #1: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.
Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
