Yearly Archives: 2013

Windows 8.1 Enterprise Preview is available for download

Yesterday Microsoft released the Windows 8.1 Enterprise Preview. While the consumer edition has been available as a Preview Edition the Enterprise version has just been released.

According to Microsoft the differences between the editions are as follows:

Windows 8.1 is the basic edition for home users. It includes the core feature set that home users require but does not include key business features, such as support for the ability to join domains, process Group Policy, and so on. Windows 8.1 Pro is for small- and medium-sized businesses. It provides enhanced features that help to easily connect to company networks, access files on the go, encrypt data, and more. Last, Windows 8.1 Enterprise edition is available through Windows Software Assurance. It includes all the capabilities of Windows 8.1 Pro, plus premium features such as Windows To Go, DirectAccess, BranchCache, AppLocker, Virtual Desktop Infrastructure (VDI), and Windows 8 app deployment.

Notable features of the Enterprise version of Windows 8.1 include:

  • DirectAccess – Seamless access to company resources without the need for VPNs
  • Windows To Go – Create your own portable Windows 8.1 installation on a USB Stick
  • Start Screen Control – Gives administrators control on what is shown on the start screen

It is however important to know the Preview Edition does not have a supported upgrade path to the final edition. So this should be taken into consideration when upgrading your current workstation to Windows 8.1. If that is not a problem for you then you can use Windows 8.1 Enterprise Preview until January 2014.

What’s New in Windows 8.1
http://technet.microsoft.com/en-us/windows/dn140266
Download Windows 8.1 Enterprise Preview
http://technet.microsoft.com/en-US/evalcenter/dn237246.aspx
Windows 8.1 Preview: Frequently Asked Questions
http://technet.microsoft.com/en-us/windows/jj721676.aspx
Share

PowerCLI Sessions at VMworld 2013 San Francisco announced

The following PowerCLI sessions have been announced for VMworld San Francisco next month:

VAPP5473 – Automated Management of Tier-1 Applications on VMware
https://vmworld2013.activeevents.com/connect/sessionDetail.ww?SESSION_ID=5473
VSVC4944 – PowerCLI Best Practices – A Deep Dive
https://vmworld2013.activeevents.com/connect/sessionDetail.ww?SESSION_ID=4944
VSVC5931 – PowerCLI What’s New? Administrating with the CLI Was Never Easier
https://vmworld2013.activeevents.com/connect/sessionDetail.ww?SESSION_ID=5931

Head over to the VMWare blogs to read an summary blog post on the PowerCLI related sessions at VMworld:

http://blogs.vmware.com/vipowershell/2013/07/powercli-session-at-vmworld-2013-san-francisco.html

Share

Active Directory Friday: Find user accounts that have not changed password in 90 days

Today I am starting a new section my blog. Each friday I will post an example of a task I have performed in Active Directory using PowerShell. For this I will usually not use any of the Active Directory Cmdlets, so there is no dependancy on any modules to be present on a system in order to execute these queries. If you have any suggestions for a task or query that could be discussed, please drop me a line in the comments and I will consider it for next week. Today I will start with a query that gathers the samaccountname, pwdlastset and if an account is currently enabled or disabled. Note that the commands in this article only query Active Directory so no changes to objects will be made. First we will create a variable, $PwdDate, that contains the filetime of a date ninety days ago:

1
$PwdDate = (Get-Date).AddDays(-90).ToFileTime()

Then an DirectoryServices.DirectorySearcher object will be created with the LDAP Query to locate only user accounts that have their passwords last set on a date 90 or more days ago:

1
2
3
4
$Searcher = New-Object DirectoryServices.DirectorySearcher -Property @{
    Filter = "(&(objectclass=user)(objectcategory=person)(pwdlastset<=$PwdDate))"
    PageSize = 500
}

ForEach user account found we output its samaccountname, pwdlastset and enabled or disabled state of the account:

1
2
3
4
5
6
7
$Searcher.FindAll() | ForEach-Object {
    New-Object -TypeName PSCustomObject -Property @{
        samaccountname = $_.Properties.samaccountname -join ''
        pwdlastset = [datetime]::FromFileTime([int64]($_.Properties.pwdlastset -join ''))
        enabled = -not [boolean]([int64]($_.properties.useraccountcontrol -join '') -band 2)
    }
}

Note that the -join ” operator this is used to unwrap the properties, which are by default provided as System.DirectoryServices.ResultPropertyValueCollection objects. Alternatively the array indexing notation [0] could be used, this has the downside that when a property is empty it will cause the script to display errors. The full code used in this example is available here in the TechNet Script Repository: http://gallery.technet.microsoft.com/scriptcenter/Query-for-AD-Users-that-b87acf2f

Share

PowerShell 4.0 preview available for download

Microsoft has released the Windows Management Framework 4.0 Preview. This Framework includes the latest version of PowerShell, version 4.0 and also PowerShell ISE 4.0 and other upgrades to the framework.

It is however important to note that PowerShell 4.0 is not compatible with the same range of systems as PowerShell 3.0 was. Here is the list of supported operating systems:

    • Windows 7 with Service Pack 1
    • Windows Server 2008 R2 with Service Pack 1
    • Windows Server 2012

The download, documentation and more information on the Microsoft site:

http://www.microsoft.com/en-us/download/details.aspx?id=39347

Share

New article on PowerShell Magazine: Query MSDN from PowerShell

Recently I have been querying MSDN quite frequently to find out the details of certain Active Directory attributes and the available properties and methods on ComObjects and .Net Classes. In my quest to automate everything I created a PowerShell function that opens up a search query on the MSDN website. This function accepts different cultures as an argument of the -Culture parameter, so it is possible to get search results in the language you are comfortable in. For more information about this function have a look at the article on PowerShell Magazine:

http://www.powershellmagazine.com/2013/06/26/pstip-query-msdn-from-powershell/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PowershellMagazine+%28PowerShell+Magazine%29

The function is available for download in the Technet Scripting Gallery:

http://gallery.technet.microsoft.com/Search-Msdn-a-function-eafee2bb

Share

My day at TechEd Pre-conference

Yesterday I attended the TechEd Europe 2013 Pre-conference. I had signed up for the ‘Lessons from the Field: Useful Hacker Techniques for Administrators’ session by Hasain Alshakarti, Paula Januszkiewicz and Marcus Murray. They were quite knowledgeable on the subject matter and presented their information in an interesting way.

To give a short overview of the topics that were covered:

  • Use a vulnerable .aspx page on an IIS server in combination with several methods of escalation of privilege to compromise a Active Directory domain.
  • Managed Service Accounts as a method to harden application servers
  • Abusing Direct Memory Access used by Firewire/Thunderbolt to compromise a fully patched Windows 8 machine using the Inception tool
  • Using offline registry to compromise a machine
  • Using Aerodump to snif and hack networks
  • www.cloudcracker.com is a website that cracks WPA2 passwords in twenty minutes
  • Using mimikatz to grab username and password from memory
  • Using findstr.exe to grab plain text passwords / hashed passwords from virtual machine memory snapshots
  • Core Impact Professional, a hacking / administrative tool that can useful in both scenarios. Either as a emergency response tool or as a malicious tool to take control of computers.
  • Rubberducky: A usb key that acts as a keyboard which can be used to bypass UAC and other security features to quickly install malware on a sytem.
  • Volitility a memory analysis tool which can be used to gather a variety of information from a dump file. Including passwords and credential hashes

Downloads for this session are available at:

http://sdrv.ms/11ka1Ju
http://cqure.pl
http://truesec.com

 

Share

What is new in Windows 8.1

Together with Server 2012R2, Windows 8.1 has also been released. Some of the notable changes are as follows:

  • Workplace join – Useful for BYOD scenarios, to offer an alternative to domain join a personal device
  • Internet Explorer 11 – Faster and better IE
  • NFC Tap-to-Pair printing – Wonder how that will work with a desktop 😉
  • Boot to Desktop – A lot of people have been asking for this and it is here
  • Improvements to Desktop and Start Screen – Another good one for anyone using Windows 8 on a non-touch device

For the full list of changes, fixes and new features have a look at the Technet article which is available here:

What’s New in Windows 8.1

Share