Category: PowerShell

VPN Connection and Device Authentication

Automatically establish a VPN connection if a specific application is launched. So your users cannot forget to launch it first and will not call you therefor 😉

Add-VpnConnection -Name VPN -ServerAddress myid.myfritz.net -AuthenticationMethod MSChapv2 -DnsSuffix fritz.box -EncryptionLevel Optional -IdleDisconnectSeconds 0 -TunnelType Pptp -UseWinlogonCredential
Add-VpnConnectionTriggerApplication -ApplicationID %windir%\system32\mstsc.exe -ConnectionName VPN -Force
Add-VpnConnectionTriggerTrustedNetwork -ConnectionName VPN -DnsSuffix fritz.box -Force

The Example uses pptp seriously you should not use pptp today.
Encryption should be set to Required as a bare minimum, Maximum is recommended.
The username and password used for authentication are those of the actually logged on user “UseWinlogonCredential”.

If you try to implement a Machine based authentication instead of a user one, you have to use IkeV2 (TunnelType) with MachineCertificate (AuthenticationMethod) and also the option “AllUserConnection” should be checked. May you also want to add “LogonUI.exe” as a trigger application, so your logon scripts can run (if the user has internet connection at this point, many network cards need some time to wake up, keep this in mind)

SMB: Short file name creation should be disabled

If the Best Practive Analyzer is showing this error, you can disable the 8dot3 Names by running the following commands

Enter-PSSession <<ServerName>>
fsutil behavior set disable8dot3 1

The number one stands for one of the following options:
0 – Enable 8dot3 name creation on all volumes on the system
1 – Disable 8dot3 name creation on all volumes on the system
2 – Set 8dot3 name creation on a per volume basis
3 – Disable 8dot3 name creation on all volumes except the system volume

https://technet.microsoft.com/en-us/library/ff633453(WS.10).aspx

Documentation of a given infrastructure

Getting the same information from every pc especially in a very complex and grown environment can be a tedious work. So why don’t just call a script to help out 😉

# Network Drives
Get-WmiObject -Class Win32_MappedLogicalDisk | Select-Object Name,ProviderName

# Powershell Version
$PSVersionTable.PSVersion

# Get all Printer
Get-WMIObject -Class Win32_Printer | Select-Object -Property Name,PortName,Default | Sort-Object Name |Sort-Object Default -Descending | Out-String

# Get Office
Get-WmiObject -Class Win32_Product -Filter "name like '%office%'" | Select-Object -Property Vendor,Name,Version | Out-String

# Get all Applications
Get-WmiObject -Class Win32_Product | Select-Object -Property Vendor,Name,Version | Out-String

# Local Drives (with ntfs):
Get-WmiObject win32_volume -Filter "filesystem like 'ntfs'" | Sort-Object Name | Select-Object Name,Label | Out-String

# Find all local PST-Files
# Get-ChildItem -Path C:\ -Filter *.pst -Recurse -ErrorAction SilentlyContinue
Get-WmiObject win32_volume -Filter "filesystem like 'ntfs' and DriveLetter like '%'" | foreach-object {Get-ChildItem -Path $_.name -Filter *.pst -Recurse -ErrorAction SilentlyContinue | Select-Object FullName | Out-String}

# Processor and Windows Architecture
Get-WmiObject Win32_processor | Select-Object Name,Caption,AddressWidth,DataWidth | Out-String
Get-WmiObject Win32_OperatingSystem | Select-Object OSArchitecture | Out-String

# Get Bios Information
Get-WmiObject win32_bios | Select-Object SerialNumber,Manufacturer,BiosVersion,ReleaseDate,SMBIOSBIOSVersion,SMBIOSMajorVersion,SMBIOSMinorVersion | Format-Table | Out-String
Get-WmiObject Win32_ComputerSystem | Select-Object Manufacturer,Model,NumberOfProcessors,NumberOfLogicalProcessors | Out-String

# Environment Variables
Get-ChildItem Env: | Out-String

# # Get EventLog
# Get-EventLog -LogName *