Make a read-able windows DNS debug log file

Normally we turn on the DNS debugging to find out the source client IP addresses and the queried records. And, here is the script that will covert the DNS Debug Log file into a more flexible csv format, though you will have to rename the file to .csv if needed. New lines, whitespace and header information will be ignored during conversion. The script supports DNS Debug log of Server 2012, 2016 and 2019 (not tested on Server 2008 and if you can do it successfully, please comment). This script should not be run on Domain Controllers/DNS Servers as it consumes certain amount of processing power. Continue reading “Make a read-able windows DNS debug log file”

Find the Missing/Mismatch or Duplicate DNS Forward and Reverse Records

I recently need to check the DNS records for one of my customer’s DNS server. It’s more than 500+ records to verify that the ‘A’ and ‘PTR’ records are updated properly and which records are missing. Most of the online scripts I found only check for single PTR records. So finally, I need to get my hands dirty, spending a few hours in powershell to make a script the can verify the relationship between forward and reverse records in local or remote DNS servers. Continue reading “Find the Missing/Mismatch or Duplicate DNS Forward and Reverse Records”

Install and Manage DNS Server Running on Nano Server

In this post, we will install DNS service on Nano Server and manage via the DNS Manager Console from other computer. If you want to create Nano Server Image GUI wizard, you can check out here. In our post we are going to create Nano Sever Image by the Nano Server Generator powershell script that comes with installation ISO.

There will be two Scenarios in our testing and you can just use either depending on your environment. Continue reading “Install and Manage DNS Server Running on Nano Server”

Find who reset my password: The Powershell Script to Audit User Accounts Changes

Getting the account management activity is an essential process for auditing purpose. We can check it at the windows event log if the auditing for account management is enabled. To automate this tiresome job, I wrote this powershell script to make life easier.
This script will show you all the changes that admin made to the user/system account, such as the time when the password was reset and who reset the password; who added user to specified group; which attributes of user account was changed. Before running this script, you’ll have to enable auditing of account management to ‘Success’ in local security policy, for the enough of the time so that required events are collected. Don’t worry I have included the user’s option to enable from within this script. Continue reading “Find who reset my password: The Powershell Script to Audit User Accounts Changes”

Find all SNMP Settings of Windows Machine in Powershell

SNMP has a long history with Microsoft Windows. And Microsoft now said that it has been deprecated (moreover, snmp v1 or v2 is less secure than the latest snmp v3, but windows natively doesn’t support version 3 till now) and recommend using CIM for managing hardware and software layers. In this article, we will find the SNMP community string by batch method and powershell method. Continue reading “Find all SNMP Settings of Windows Machine in Powershell”

Assign SQL service start,stop permission to Non-Administrator Account and SDDL explained

For full syntax of SDDL(Security Descriptor Definition Language) and ACEs (Access Control Lists), you can refer this TechNet article.
Here we will assign the start/stop permission of MSSQLSERVER to ‘MyUser’ domain user. Assume that computer has been SQL 2012 installed in domain environment. We can easily assign the necessary permission the by Powershell Access Control Module and will check which permissions are changed.Before doing this, we will run sc sdshow mssqlserver and check the initial service permission. See Fig-1.

Continue reading “Assign SQL service start,stop permission to Non-Administrator Account and SDDL explained”

Enumerate and Check DNS Records between two Windows DNS Servers

Update on 22.May.2023 : I do not review my scripts regularly. Thanks to Frank Dub  who modified the script by removing the Server 2008 execution code and fixed the PTR record section, which was not working properly. You can find it as the latest script with version 1.1 attached in this post. For the previous version, see here.

———————————————————————————————————–

Today, I finished up the script which can check the DNS records between two DNS servers. Powershell DNS Client module is only available from Windows 8, Server 2012/R2, which makes powershellers easy for dns query & administration. But as I want to include the old server 2008 in this scenario, I scripted the ‘nslookup’ command in this script. Continue reading “Enumerate and Check DNS Records between two Windows DNS Servers”

Create FTP with Local User Isolation (in GUI Method)

The magic of ftp with user isolation is that every users has his own directory and this user cannot see or browse other users’ directories. In linux, it is similar to “chroot” option after the user has logged in. This feature came from since IIS 7.5 (server2008R2).
In this tutorial, we are going to create FTP with user isolation in Graphical Mode. Continue reading “Create FTP with Local User Isolation (in GUI Method)”

The Magic of FTP with user isolation and how to automate the setup with Powershell (with Domain Users)

Unlike a normal FTP server, the magic of FTP with user isolation is that every user
is jailed in this own directory and the user cannot see or write to other users’ directories, as well as changing to the parent root directory. In linux, it is similar to “chroot” option after the user has logged into his home directory.
Today, I will show you how to make ftp with user isolation in IIS 8.5 (also tested on server 2008R2 with IIS 7.5) with Domain user accounts in graphical Mode. Also, I have made a good powershell script to automate this ftp setup process for thousand of users ;P. Continue reading “The Magic of FTP with user isolation and how to automate the setup with Powershell (with Domain Users)”

How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 4

Go to >> Part-1:Install ADCS service and configure Code Signing Certificate Template
Go to >> Part-2: Request the certificate to sign the script by user1
Go to >> Part-3: Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers

Now, it’s time to test running the script. Let’s say user2 has recently joined to your company and try to run some script downloaded from internet on Node-2 computer which is a newly domain joined computer. Also, don’t forget to “gpupdate” on client computers after your GPO is changed. Continue reading “How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 4”