I am looking for the powershell scripts/commands to get the details of below points
| Key | OutPut |
| ------------------------------ | ---------------- |
| Seurity [FIPS Alogithm Policy] | Enabled/Disabled |
| Is Client SSL 2.0 Enabled? | Enabled/Disabled |
| Is Server SSL 2.0 Enabled? | Enabled/Disabled |
| Is Client SSL 3.0 Enabled? | Enabled/Disabled |
| Is Server SSL 3.0 Enabled? | Enabled/Disabled |
| Is Client TLS 1.1 Enabled? | Enabled/Disabled |
| Is Server TLS 1.1 Enabled? | Enabled/Disabled |
| Is Client TLS 1.2 Enabled? | Enabled/Disabled |
| Is Server TLS 1.2 Enabled? | Enabled/Disabled |
I have tried the below code but getting different different errors.
$Socket = New-Object System.Net.Sockets.Socket([System.Net.Sockets.SocketType]::Stream, [System.Net.Sockets.ProtocolType]::Tcp)
$Socket.Connect($ComputerName, $Port)
$NetStream = New-Object System.Net.Sockets.NetworkStream($Socket, $true)
$SslStream = New-Object System.Net.Security.SslStream($NetStream, $true)
$SslStream.AuthenticateAsClient($ComputerName, $null, $ProtocolName, $false)
I have Sql Server 2014 installed with the latest updates.
I am looking for the Correct Powershell scripts to get the details for the FIPS Algorithm status and the status of protocol (SSL and TLS) for client/server.
I tried the above code but its not working.
Related
Hey i'm trying to get the device code that's being printed to the console in powershell when running "Connect-ExchangeOnline -Device". However it doesn't get appended to the output file along with everything else when I use start transcribe.
Start-Transcript -path "Path" -append
$DebugPreference = 'Continue'
$VerbosePreference = 'Continue'
$InformationPreference = 'Continue'
Connect-ExchangeOnline -Device -Verbose
Expected output:
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code CDWS27A56 to authenticate.
Actual output:
The module allows access to all existing remote PowerShell (V1) cmdlets in addition to the 9 new, faster, and more reliable cmdlets.
|--------------------------------------------------------------------------|
| Old Cmdlets | New/Reliable/Faster Cmdlets |
|--------------------------------------------------------------------------|
| Get-CASMailbox | Get-EXOCASMailbox |
| Get-Mailbox | Get-EXOMailbox |
| Get-MailboxFolderPermission | Get-EXOMailboxFolderPermission |
| Get-MailboxFolderStatistics | Get-EXOMailboxFolderStatistics |
| Get-MailboxPermission | Get-EXOMailboxPermission |
| Get-MailboxStatistics | Get-EXOMailboxStatistics |
| Get-MobileDeviceStatistics | Get-EXOMobileDeviceStatistics |
| Get-Recipient | Get-EXORecipient |
| Get-RecipientPermission | Get-EXORecipientPermission |
|--------------------------------------------------------------------------|
To get additional information, run: Get-Help Connect-ExchangeOnline or check https://aka.ms/exops-docs
Send your product improvement suggestions and feedback to exocmdletpreview#service.microsoft.com. For issues related to the module, contact Microsoft support. Don't use the feedback alias for problems or support issues.
----------------------------------------------------------------------------
Is it possible to manually map all users when switching the Azure Active Directory connection for Azure DevOps?
The directory that we're switching to has guest accounts for the source UPN set up for 95% of the users in ADO, so they're automatically mapped. Rather than that happening, we'd like to map each source user to their new UPN in the destination domain.
What's happening
| Source UPN | Source Type | | Destination UPN | Destination Type |
| ---------- | ----------- | ---- | --------------- | ---------------- |
| user#a.com | Member | \ | user#b.com | Member |
| | | -> | user#a.com | Guest |
What we want to happen
| Source UPN | Source Type | | Destination UPN | Destination Type |
| ---------- | ----------- | ---- | --------------- | ---------------- |
| user#a.com | Member | ---> | user#b.com | Member |
| | | | user#a.com | Guest |
Is it possible to manually map all users when switching the Azure Active Directory connection for Azure DevOps?
I am afraid there is no such way to manually map all users when switching the AAD connection for Azure DevOps. Automatically map behavior is by designed, in order to provide us with convenience when switching AAD.
If we want to manually map the users, we need to delete those users from target AAD before switching AAD. In this case, when we switch AAD, Azure Devops says "X member(s) of the xxx organization can't sign in because they're not in the XX AAD. Delete any unwanted users in Organization settings, and then Resolve for remaining members.". Hit the resolve button a page shows up with the Users, then we can match them manually.
In my Windows Firewall, I've created certain rules that give me more control over my PC. But my rules have become somewhat useless since Windows and other apps are kept adding rules that I don't want.
I've tried to prevent this from happening, but the only way I've found is to use a third-party tool like Tinywall, which isn't exactly what I'm looking for.
So, to fix this, I want to create a PowerShell script that will disable and rename all rules that are not added by me. This way, I can manage them easily.
Rules that are added by me can be easily recognized because all of them start with certain words.
In this case, let's assume it starts with either 'Sample XYZ' or 'Sample ABC'.
Sample XYZ - Windows Update
Sample ABC - MPC-HC
Sample ABC - Firefox
Sample XYZ - Windows News
So far, this is what I have done.
In this part, the script will filter all the rules that I have created and then it'll disable & block all other rules.
To my surprise, this is working as expected.
# This will get all firewall rules
$NR = Get-NetFirewallRule
# This will exclude all the rules added by the user
$NR = $NR | Where-Object DisplayName -NotMatch "Sample ABC"
$NR = $NR | Where-Object DisplayName -NotMatch "Sample XYZ"
# Disable all other rules that are not added by the user
$NR | Set-NetFirewallRule -Enabled False
# Set rules' action to block
$NR | Set-NetFirewallRule -Action Block
These are the parts that don't work.
Task: Add a custom word to the beginning of the rules' display name
Example: If a rule name is 'Microsoft Photos', then it'll be renamed to 'IDWTFR - Microsoft Photos'.
# Add a custom word to the beginning of the rules' display name
# Custom word = 'IDWTFR - '
# Attempt 01: Fail
$NR | Set-NetFirewallRule -DisplayName "IDWTFR - " + $NR.DisplayName
# Attempt 02: Fail
$NR = $NR | ForEach-Object -MemberName DisplayName "IDWTFR - " + $NR.DisplayName | Set-NetFirewallRule
Task: Add unwanted rules to a group named 'Junk Rules'.
# Add to a group
# Attempt 01: Fail
$NR | Set-NetFirewallRule -DisplayGroup "Junk Rules"
To clarify it a bit more, this is the summary of what I am trying to do.
+-----------------------------+---------------------------+----------------+----------------+----------------+-------------+
| Rule Name | New Rule Name | Group | Action | Status | Created by |
+-----------------------------+---------------------------+----------------+----------------+----------------+-------------+
| Sample XYZ - Windows Update | Same as before | Same as before | Same as before | Same as before | User |
| Sample ABC - MPC-HC | Same as before | Same as before | Same as before | Same as before | User |
| Sample ABC - Firefox | Same as before | Same as before | Same as before | Same as before | User |
| Sample XYZ - Windows News | Same as before | Same as before | Same as before | Same as before | User |
| Microsoft Photos | IDWTFR - Microsoft Photos | Junk Rules | Block | Disable | Not by user |
| App Installer | IDWTFR - App Installer | Junk Rules | Block | Disable | Not by user |
| Feedback Hub | IDWTFR - Feedback Hub | Junk Rules | Block | Disable | Not by user |
| Microsoft Edge | IDWTFR - Microsoft Edge | Junk Rules | Block | Disable | Not by user |
+-----------------------------+---------------------------+----------------+----------------+----------------+-------------+
I'm new to PowerShell, so any help will be appreciated. Thanks.
Since this is your special use case, it's going to a challenge for one to validate without setting up an environment as close as possible to what you show here. I am in no position to do that.
Yet, looking at what you say you have done, here is a refactor option to try. Refactor a bit (again, not tested)
# Get all firewall rule name, and filter out the named rules
Get-NetFirewallRule |
Where-Object -Property Name -notlike 'Sample ABC|Sample XYZ' |
ForEach {
# Disable all other rules that are not added by the user
Set-NetFirewallRule -Name $PSItem.DisplayGroup -Enabled False
# Set rules' action to block
$PSItem.DisplayName |
Set-NetFirewallRule -Action Block
# Rename firewall rule
If ($PSItem.DisplayName -like '*Microsoft*')
{Rename-NetFirewallRule -Name $PSItem.DisplayName -NewName "IDWTFR-$($PSitem.DisplayName)"}
# Create new firewall group
$PSItem.Group = 'JunkRules' |
Set-NetFirewallRule -NewDisplayName $PSItem.DisplayName
}
I've created a .net application with Azure AD B2B and it works fine, but whenever i try to login it redirect to Microsoft page there it ask for credentials then it come back to my application.
Redirects create user confusion. I want to create the full user experience without the customer leaving our Application. We want to take advantage of secure technologies though.
Is there any way to consume a Azure AD services which help us to login AzureAD without redirecting to Microsoft page?
Please advice!
This is impossible.
This is for the security consideration. The web app which protected by Azure Active Directory requires to login the users via the page proved by Microsoft. This is how OAuth 2.0 Authorization Framework work. You can refer the flow from below. The Authorization Server stands the server provided by Microsoft.
+--------+ +---------------+
| |--(A)- Authorization Request ->| Resource |
| | | Owner |
| |<-(B)-- Authorization Grant ---| |
| | +---------------+
| |
| | +---------------+
| |--(C)-- Authorization Grant -->| Authorization |
| Client | | Server |
| |<-(D)----- Access Token -------| |
| | +---------------+
| |
| | +---------------+
| |--(E)----- Access Token ------>| Resource |
| | | Server |
| |<-(F)--- Protected Resource ---| |
+--------+ +---------------+
If the web app provided the login-page to input the Azure AD account, the site looks like a phishing site which will not be trusted by users.
Is it possible to run and access a mesos master on a machine that is placed behind a proxy?
I have successfully succeeded to deployed a MesosMaster/Marathon/MesosSalve on my local infrastructure.
The problem arises when I want to put the MesosSlave somewhere in the internet, so that MesosSlave and MesosMaster shall communicate through public IPs
My conf is the following:
Internet My Infra
.----------------------. .-----------------. .-----------------. .-------------------------------------------------.
| Mesos Slave VM | | Front Machine | | Proxy | | Tool-VM |
| 178.22.17.248 | | 39.224.147.94 | | 10.2.0.57 | | 10.1.10.176 |
|----------------------| | my.domain.com | |-----------------| | 192.168.5.1 (docker bridge) |
| | |-----------------| | | |-------------------------------------------------|
| | | | | | | |
| __________ | | __________ | | __________ | | .-----------------------------. |
| [_...__..5051.°]| |[_..5050.__...°] |<---|[_..5050.__...°] |<------------^| | Mesos-Master Container | |
| | | | | | \ __________ | 192.168.5.4 (docker bridge) | |
| | | __________ | | __________ | |[_..5050.__...°]^|-----------------------------| |
| | |[_..2181.__...°] |<---|[_..2181.__...°] |<------------^| \ __________ | |
| | | | | | \ __________ |[_..5050.__...°] | |
| | | | | | |[_..2181.__...°]^| __________ | |
| | | | | | | \[_..2181.__...°] | |
| | | | | | | '-----------------------------' |
'----------------------' '-----------------' '-----------------' '-------------------------------------------------'
However:
My domain infra redirect everthing that arrives from outside on ports 5050 (for Mesos) and port 2181 (zookeeper) ONLY for requests that are addressed to the domain 'my.domain.com' (which is a virtualhost of 39.224.147.94). But not for the other requests (that are arriving on 39.224.147.94).
So I try to execute the service through CLI for the moment:
Execute Mesos Master(in Mesos Master Container)
/usr/sbin/mesos-master --ip=192.168.5.4 --work_dir=~/Mesos/mesos-0.23.0/workdir/ --zk=zk://192.168.5.4:2181/mesos --quorum=1 --log_dir=/var/log/mesos --external_log_file=/dev/stdout
Execute Marathon (in Mesos Master Container)
/usr/bin/marathon --zk zk://192.168.5.4:2181/marathon --master zk://my.domain.com:2181/mesos
Execute Mesos Slave (in Mesos Slave VM)
/usr/sbin/mesos-slave --master=my.domain.com:5050 --work_dir=/var/lib/mesos/agent --port=8009 --containerizers=docker --executor_registration_timeout=3mins --log_dir=/var/log/mesos
The Mesos Master can see the Slave resources.
However, when I send a Job through Marathon, this job stay in a waiting state.
It seems that the slave is not able to communicate on the hostname of the Master, but only using it's public IP:
I have this in the Slave logs:
New master detected at master#39.224.147.94:5050
However incoming traffic on 39.224.147.94:5050 is blocked by my infra (only my.domain.com:5050 is accepted)
So, is it possible to create a connection between Master and Slaves, using domain names, but not IPs?
It's a bit confusing to bee honest. What I don't understand is that you seem to use the 192.168.5.4 ip for the Master process, but it's nowhere to be found in your diagram. I'd expect to use 39.224.147.94 instead.
Furthermore, I'd recommend to use the ip addresses instead of hostname in all connection strings, you're using a mixture...
Additionally, you can try to set the LIBPROCESS_IP environment variable to the respective ip addresses for the agent and Marathon processes.
Another question would be why you use such an old version of Mesos... Mesos 1.1.0 is out already!