Security Focus: Get CVE Information for WannaCrypt

You’ve no doubt heard that the WannaCrypt ransomware is also a worm. The propagation code exploits a patched SMB vulnerability – CVE-2017-0145. How can we use PowerShell to create a Common Vulnerabilities and Exposures (CVE) report for that vulnerability?   Set-MSRCApiKey -ApiKey XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX $cvrfDoc = Get-MsrcCvrfDocument -ID 2017-Mar $Properties = @{ Vulnerability = ($cvrfDoc.Vulnerability | Where-Object…


[Script Of May. 25] How to query Azure Cosmos DB resources using the REST API by PowerShell

May 25 Script Download: The script is available for download from https://gallery.technet.microsoft.com/How-to-query-Azure-Cosmos-0a9aa517. The sample code demonstrates how to query Azure Cosmos DB resources using the REST API by PowerShell. You can find more All-In-One Script Framework script samples at http://aka.ms/onescriptingallery


PKI: which templates are built-in and which are from my company?

A colleague asked me a question on behalf of his customer. They were doing a discovery in a rather messy PKI environment and the question arose: which templates are standard (default), and which ones were created manually? Hopefully they have a good naming convention to make this immediately obvious, but otherwise a deeper look is needed. After…


SYSTEM CENTER 2016 Operations Manager – Anti-Virus Exclusions

NOTE: Process name exclusions could potentially prevent some dangerous programs from being detected. Therefore exclusions based on processes might expose to security issues and should be avoided.   As we are all aware, antivirus exclusions can affect monitoring data generated, and affect system performance.   Best practice is to implement specific exclusions. Hopefully this table…


Setting up OMS Capacity and Performance

Do you know what your HyperV hosts are doing? Not a HyperV fan, there’s a VMWare solution also here   Documentation https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-capacity Capacity dashboard Details   Troubleshooting dashboard Firewall https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-proxy-firewall Windows Agents https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents   Verify in Operations Manager if you have any error events Event ID 4506 in this case is the Capacity and Performance…


Developer and administrator tools for Microsoft Azure

Christos Matskas takes a look at Azure PowerShell, Azure CLI 2.0, Visual Studio Code and Azure Cloud Shell, detailing the pros and cons of each so that you can decide whether the tools are right for you.


Removing a RemoteApp Session Host

Sometimes Windows Server features are not so straightforward, so here’s one for those who have had/are having this issue and are yet to figure it out. When removing a RemoteApp server from a server pool, I came back to Server with the following message: The following servers in this deployment are not part of the…


PKI: which templates are published where?

Windows Server has two kinds of Certificate Authorities: Standalone and Enterprise. This strangely named difference really only means one thing: an Enterprise CA can (must) use templates for certificates it issues. Using templates you enforce standards for your private certificates, and enable desirable features like autoenrollment. A template exists as an object in the Configuration…


Exchange_AddIn Module

Here is another PowerShell (PS) toolset I have been working on, the ‘Exchange_AddIn’ module. This module is a combination of several other scripts that are either on the internet or action items customers need help with in their day to day tasks. By combining several lines of code into a single verb-noun command let (cmdlet),…