Skip to content

Instantly share code, notes, and snippets.

View Celoxocis's full-sized avatar

Celoxocis

3 followers · 0 following
View GitHub Profile
@Celoxocis
Celoxocis / Post-Install Configuration
Created February 23, 2018 12:39
$crllist = Get-CACrlDistributionPoint; foreach ($crl in $crllist) {Remove-CACrlDistributionPoint $crl.uri -Force};
Add-CACRLDistributionPoint -Uri C:\Windows\System32\CertSrv\CertEnroll\BEDROCK-ROOT%8%9.crl -PublishToServer -PublishDeltaToServer -Force
Add-CACRLDistributionPoint -Uri http://pki.bedrock.domain/pki/BEDROCK-ROOT%8%9.crl -AddToCertificateCDP -AddToFreshestCrl -Force
Get-CAAuthorityInformationAccess | where {$_.Uri -like '*ldap*' -or $_.Uri -like '*http*' -or $_.Uri -like '*file*'} | Remove-CAAuthorityInformationAccess -Force
Add-CAAuthorityInformationAccess -AddToCertificateAia http://pki.bedrock.domain/pki/BEDROCK-ROOT%3%4.crt -Force
certutil.exe –setreg CA\CRLPeriodUnits 20
certutil.exe –setreg CA\CRLPeriod “Years”
certutil.exe –setreg CA\CRLOverlapPeriodUnits 3
certutil.exe –setreg CA\CRLOverlapPeriod “Weeks”
certutil.exe –setreg CA\ValidityPeriodUnits 10
@Celoxocis
Celoxocis / Install Certificate Services
Last active February 23, 2018 13:11
# On RootCA
Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
Install-AdcsCertificationAuthority -CAType StandaloneRootCA -CACommonName "Bedrock Root Certificate Authority" -KeyLength 4096 -HashAlgorithm SHA256 -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" -ValidityPeriod Years -ValidityPeriodUnits 20 -Force
# On SubCA
Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
Install-AdcsCertificationAuthority -CAType EnterpriseSubordinateCA -CACommonName "Bedrock Enterprise Certificate Authority" -KeyLength 4096 -HashAlgorithm SHA256 -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" -Force
@Celoxocis
Celoxocis / CaPolicy.inf
Created February 23, 2018 12:26
[Version]
Signature=”$Windows NT$”
[PolicyStatementExtension]
Policies=InternalPolicy
[InternalPolicy]
OID= 1.2.3.4.1455.67.89.5
URL=http://pki.adatum.com/pki/cps.html
[Certsrv_Server]
RenewalKeyLength=4096
RenewalValidityPeriod=Years
@Celoxocis
Celoxocis / powershell_commands.md
Created February 14, 2018 13:26
Collection of handy PowerShell commands

PowerShell Commands

Sanity check (i.e., change term window size)

mode con:cols=150 lines=50

Set execution policy

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

Unset execution policy

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Undefined

@Celoxocis
Celoxocis / Install-ADDSDomainController
Last active February 7, 2018 12:35
# Install-ADDSDomainController -NoGlobalCatalog:$true -Credential (Get-Credential) -CriticalReplicationOnly:$false -DatabasePath "C:\Windows\NTDS" -DomainName "adatum.com" -InstallDns:$false -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -ReplicationSourceDC "NE-DC1.adatum.com" -SiteName "Default-First-Site-Name" -SysvolPath "C:\Windows\SYSVOL" -Force:$true
Invoke-Command -ComputerName NE-DC2 { Install-ADDSDomainController -NoGlobalCatalog:$true -Credential (Get-Credential) -CriticalReplicationOnly:$false -DatabasePath "C:\Windows\NTDS" -DomainName "adatum.com" -InstallDns:$false -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -ReplicationSourceDC "NE-DC1.adatum.com" -SiteName "Default-First-Site-Name" -SysvolPath "C:\Windows\SYSVOL" -Force:$true -SafeModeAdministratorPassword (Read-Host -Prompt "SafeModeAdministratorPassword" -AsSecureString) }
@Celoxocis
Celoxocis / cryptos
Created February 7, 2018 11:12
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002" -Name "Functions" -Value "TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA"
@Celoxocis
Celoxocis / RID check
Created February 6, 2018 10:59
dcdiag /test:ridmanager /v
danach runter scrollen zu:
Starting test: RidManager
* Available RID Pool for the Domain is 2100 to 1073741823
* NE-DC1.adatum.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1600 to 2099
* rIDPreviousAllocationPool is 1600 to 2099
@Celoxocis
Celoxocis / Global Catalog
Created February 5, 2018 13:04
Deaktivieren
Set-ADObject -Identity (Get-ADDomainController -Identity $env:ComputerName).NTDSSettingsObjectDN -Replace @{options='0'}
Aktivieren
Set-ADObject -Identity (Get-ADDomainController -Identity $env:ComputerName).NTDSSettingsObjectDN -Replace @{options='1'}
wobei "$env:ComputerName" = aktueller DC.
@Celoxocis
Celoxocis / fix_roaming_profile_perms.bat
Created January 24, 2018 13:08 — forked from chetan/fix_roaming_profile_perms.bat
Fix permissions on a roaming profile folder
REM usage: fix_perms.bat <username>
REM Recursively assign ownership to Administrators. Answer prompts with "Y".
takeown /R /A /F %1 /D Y
REM Grant Full permissions on folder and subfolders to Administrators, SYSTEM, and the user
cacls %1 /T /E /P "Administrators":F
cacls %1 /T /E /P SYSTEM:F
cacls %1 /T /E /P %1:F
REM Set owner back to UserName
subinacl.exe /noverbose /subdirectories %1\*.* /setowner=%1