Disabling the Scripting.FileSystemObject ComObject (When you get the 0x8002801c error)

UnRegister scrrun.dll Error
UnRegister scrrun.dll Error

When working with a customer to automate the hardening process (STIG: Security Technical Implementation Guide) for IIS servers, we ran into a problem (error 0x8002801c) when we tried to run the following command in order to disable (unregister) the Scripting.FileSystemObject ComObject C:\Windows\System32\regsvr32.exe /u scrrun.dll The 0x8002801c error translates to TYPE_E_REGISTRYACCESS. Using Sysinternal’s Process Monitor (aka…

1

Add permissions to a Session Configuration

Add permissions to a Session Configuration
Add permissions to a Session Configuration

Though the recommended approach would be to upgrade to PowerShell 5.1 and implement JEA (preferable with DSC and the JEA DSC module), there sometimes might be a need to programmatically add permissions to a PowerShell session configuration. Continuing the mentioned above, and a question asked on the reddit forum, below is an example on how…

0

Embed PowerShell code in a batch file

Embed PowerShell code in a batch file
Embed PowerShell code in a batch file

In a certain scenario, I needed a batch file (bat or cmd extension) that runs PowerShell code, and I could have only one file, so I couldn’t go with the easy way of a batch file calling PowerShell.exe with the -File parameter specifying the path to a ps1 file. For this, I created a special…

5

Get the certificate selected in Get-Credential

Following Matt Bongiovi’s post at the Hey, Scripting Guy! Blog about PowerShell support for certificate credentials, I ported the main parts of the c# code he references in his post to PowerShell. So here you have, a quick-and-dirty Get-CertificateFromCredential function you can use to get the certificate for the credentials the user selected from the…

1

Install and Configure a Group Managed Service Account with PowerShell

Managed Service Accounts (MSAs) were introduced in Windows Server 2008, and Group Managed Service Accounts (gMSAs) were introduced in Windows Server 2012. Since then, a lot has been said about gMSAs (see the references section at the bottom). So in this post, I’ll just summarize the flow and the PowerShell commands needed for each step…

2

Export-CACertificatesForDscEncryption

(Updated @ 2016/05/18) When you use Desired State Configuration (DSC) and a Pull server, you should encrypt any credentials in your configurations documents. More information on this here: https://blogs.msdn.microsoft.com/powershell/2014/01/31/want-to-secure-credentials-in-windows-powershell-desired-state-configuration/But instead of harvesting the certificates from the remote computers themselves (as described in the blog post above), I decided to query the CA directly, and get…

0

Disable Invoke-Expression

There was an interesting discussion in one of our internal discussion groups about disabling Invoke-Expression, so I decided to roll up my sleeves and check if it can really be done.   First of all, what is Invoke-Expression? “The Invoke-Expression cmdlet evaluates or runs a specified string as a command and returns the results of…

2