Time for the continuation of ESET basics and practises with this part 2 post.
If you have not read Part 1 yet, you can find it here.
This second part will go more into basic policies, their way of applying and some basic practises.
These basics will not go into specific settings and/or details, but will mostly discuss the logic behind them.
Specific policy settings will also not be looked at in detail.
As this is both way easier as well as totally different compared to Kaspersky policies for example, I will need to explain the logic behind the policies with ESET Security Management Center.
Today I will go into some tips and tricks regarding the usage of the ESET Security Management Center.
Most of the discussed material will be regarding best practises and ways to set up/make use of specific parts of the software.
As I was mostly used to the managing of Kaspersky Security Center, I have noticed there were a few distinct steps in logic within the ESET way of doing things.
Hopefully, we can look at those and get your ESMC in the correct direction.
These basics will not go into specific settings and/or details, but will mostly discuss the logic behind them.
Part 1 will focus on Groups, Tasks and Triggers.
Today I will look at a Powershell script made to retrieve (and if needed, alert on/work with) certificate expiration data.
As of last weekend I have full moved to my new home so I hopefully will have more time to spend on informative posts.
An important part of a workstation’s security is its Antivirus or Security software.
However, how to see which device is already protected? Because before you know it, you might have devices in a network that don’t have a security product as someone has forgotten to install it. Let us look at where to find this information!
As I am moving homes I have not had enough time lately to create too much blog material. I spend most of my time on actions like painting and cleaning right now (Also important ofcourse).
Nonetheless, a very small script here to allow for you to set a default printer within Windows using Powershell. This can be useful in combination with remote monitoring software or similar when customers don’t make use of GPO’s or other means of easier deployment.
My apologies for the lengthy silence, but it has been very busy in my life.
Holidays, several important matters like the purchase of a house and a ton of work at my job have been keeping me busy.
It is important to finish what I started though so part 2 of the basic use of regex (Regular Expressions).
Hopefully, everyone is still staying safe.
I have kept myself busy with more and more work within the company to be much impacted by the current situation.
Anyway, time for some timesaving additions to our Powershell scripts. Shortcuts that allow us to reduce even a single action by up to 3 lines.
I am talking about... Regex, also known as Regular Expressions.
Hopefully everyone is staying safe and healthy in these harsh days. As always I will simply have to keep working from office, though with some slight communication- and interaction-restrictions.
Today I want to bring you a Powershell script, or at least the base, that allows for automatic and randomized restores using the Veeam Backup and Replication software.
I have posted a similar script before. This however is an improved version as this one first tries restore locations on whether they exist before trying to restore them.
Now the question would be, why would I want an automated randomized restore?
Today I will look at the basics of System Protection and how to monitor and/or manage it through Powershell, either remote or locally.
For this, we have multiple Powershell commands and ways to use those commands.
Let us look at a few options!
Today, another small one.
At times, you will have a certain process, service or software package that during faulty periods takes take up a lot of memory.
To counter this, we can have a script take automatic remedial actions.
Another quick Powershell script.
Even though it is already 2020, there are still enough servers with older disks capable of slowing down because of fragmentation.
So, how can we make sure we stay up to date on the fragmentation?
Hopefully, everyone is having a good start of their 2020!
Time to continue that good start with more troubleshooting. This time I will list some common problems and mistakes that you can encounter within a Kaspersky Security Center.
So let’s start by listing some issues and mistakes I have seen and/or encountered within Kaspersky Security Center.
Good day and a Merry Christmas to everyone!
Lately there have been a good few holidays so not enough time to keep the flow of content high. I have a bigger script regarding automating Veeam Restores, and the testing of it, in the pipeline so better get ready for that one in 2020.
Today there will only be a very quick and basic one. How can we use CMD to remotely/GPO-wise turn off “Fast Start-up”?
Lately I have been having more issues regarding deploying software that depends on scheduled tasks it should create itself/would have to be manually created.
Most of the time we do not want to have to manually create scheduled tasks and the software itself won't always create scheduled tasks when deployed/installed remotely.
So we have to create the scheduled tasks within the Task Scheduler ourselves! And what better way to do it than using Powershell?
It has been a while, but more posts will come soon.
For now, an easier one that has more informational value than any actual use.
Ever felt like you wanted to know how old the workstation is of a customer? Or how long that old physical server has been standing there?
Now you might be able to figure that out using Powershell.
Some have already seen this error before while others are confused by it appearing when running their script.
I am talking about an error occurring when using the Webclient object in Powershell to download or upload files.
To be specific ... this one:
An exception occurred during a WebClient request.
A small one this time. Whether it is Azure servers, customer servers or workstations ... there can be many reasons why a device can not be running 24/7 and reboots need to happen.
As an example, Azure servers that have been set to turn off after work hours and turn on in the morning. To realize this, you must have set rules or other automation tools to have it shut down and start up again. However, can you trust on it always working? Maybe the server has been online for the last few weeks without you noticing!
The script below checks how long a device has been active for and executes actions depending on the result.
Today I wanted to mix it up a bit more and combine both the informational posts with scripting.
And thus for people who are new to Powershell ... the basics!
Disclaimer. This will not teach you HOW to script and/or most of the scripting language, there are more than enough good quality tutorial video's and reference material on that. This will simply be a small lesson on how Powershell is set up to work and some tips/tricks that might help you create your first working scripts.
After this session you hopefully will be able to see the idea behind the logo shown at the top of this blog post.
Today no script but a small informative post explaining the bare bone basics of SNMP.
Anyone with any knowledge about SNMP will have no use for this information so this really will be more of an introduction into this subject.
So.. What is SNMP?
Today I will be taking a look at a way of gathering basic information on HPE iLO's from the physical servers themselves.
Whether you work on servers remote or locally, the iLO (HPE Integrated Lights Out) is an important part of the extra security you have to make sure that you can manage the device regardless of whether it is on or off and allows for quick access to the health of the device.
Sometimes however, you are either logged in on the device and need some quick information or you are running scripts remotely on multiple servers to retrieve specific information.
There is an easy way to get some basic knowledge without having to log in to the iLO or even have to find the iLO.
Good evening again!
This time I am back with quite an easy one.
The scenario. Users are logged in on their workstation/server and you need to know which group policies they are getting loaded in (either computer or user)! (Assuming there is a reason for doubt on whether or not they are getting the correct ones from the domain GPO)
Another good day to you!
This time I want to talk about an error we will see more and more if the move towards cloud will keep going as steady as it is now.
Azure has options called Automation scripts. These can be used to execute scripts over the Azure platform (within the customers confinements) to different end.
Examples of these are scripts that automatically shut down or start up VM's at specific times.
If you make use of these Automation scripts however, you will notice (mostly after a year) that they might suddenly just stop working.
When looking in the job however you will find an error trying to call out an account with the message that the key and/or thumbprint are expired.
(All upcoming images will have some white squares due to me having to white out certain numbers/names)
Good evening! (ow my, it is already dark outside)
Hereby a batch script that I have running on a good batch of devices on a weekly base.
While this one should technically also work on separate Office 2016 and Office 2019 installations, I have so far only extensively tested on installations of Office365 installations.
What does the script do? Well, it is quite easy.
Office has a registry key that determines at what rate it receives updates and which updates it receives.
First thing the script does is check whether this registry exists. If it does not exist, it will stop the script and not do anything at all.
This time a niche script for those customers that use terminal/remote desktop servers with User Profile Disks.
For people unsure about what User Profile Disks (UPD's) are. They are profile folders located on for example a file server that get loaded onto a terminal server the moment the user it belongs to logs in. These contain the user-data files (documents, appdata etc. etc.). This saves space and allows you to easier set limits to how big their profile is allowed to be.
However .. problems can arise at times and if a UPD gets stuck on one of the terminal servers while the user gets directed to a different one (giving that employee constant temporary profiles) it can get annoying real quick to find out where it is stuck (as usually the best way is to manually disconnect the disk from the server), especially when you have multiple servers with 10+ users on it.
Patrick Berger AKA Powershellder.
[ i ] Parallax section below. Click on the section below to upload image. Don't worry if it looks weird in the Weebly editor. It'll look normal on your published site.
To edit or delete your image, press the "toggle" button below. Then, hover over your image until a popup appears with the "edit" and "delete" options. If you don't want a white content section, leave it blank. It will disappear on your live website.