Richard M. Hicks richardhicks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This Gist contains PowerShell commands to enable NAT64 on a Windows server. | |
| # Reference: https://learn.microsoft.com/en-us/powershell/module/networktransition/new-netnattransitionconfiguration | |
| # Define variables | |
| $AcceptInterface = 'LAN' # The interface name or alias that will accept NAT64 traffic | |
| $SendInterface = 'DMZ' # The interface name or alias that will send NAT64 traffic | |
| $Nat64Prefix = '64:ff9b::/96' # The NAT64 prefix | |
| $Ipv4Address = '172.16.1.216' # The IPv4 address of the NAT64 server | |
| # Configure NAT64 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This Gist contains PowerShell commands to enable DNS64 on a Windows server. | |
| # Reference: https://learn.microsoft.com/en-us/powershell/module/networktransition/set-netdnstransitionconfiguration | |
| # Define variables | |
| $AcceptInterface = 'LAN' # The interface name or alias that will accept DNS64 traffic | |
| $SendInterface = 'LAN' # The interface name or alias that will send DNS64 traffic | |
| $Nat64Prefix = '64:ff9b::/96' # The NAT64 prefix | |
| # Configure DNS64 | |
| Set-NetDnsTransitionConfiguration -State Enabled -AcceptInterface $AcceptInterface -SendInterface $SendInterface -PrefixMapping "$Nat64Prefix,0.0.0.0/0" -PassThru |
richardhicks
/ Optimize-DomainControllerTlsCipherSuites.ps1
Last active
March 22, 2024 18:53
Disable Insecure TLS Cipher Suites for LDAPS on Domain Controllers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This Gist is a PowerShell script to set the SSL Cipher Suite Order Group Policy Object (GPO) for Windows Server 2016 and 2019/2022. | |
| # Reference: https://www.dsinternals.com/en/active-directory-domain-controller-tls-ldaps/ | |
| # Security optmized cipher suite list for Windows Server 2019/2022 | |
| $Ciphers2022 = 'TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' | |
| # Security optmized cipher suite list for Windows Server 2016 | |
| $Ciphers2016 = 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' | |
| $GpoName = 'Domain Controller Security Baseline' |