TechShizz | All posts by rich

Setting up WPA2-Enterprise Authenticated WiFi (Connect to WiFi with AD Credentials)

1. Set up Radius Server as a DC
 a. Make server a DC
2. Create a Security Group to Add users to. "WiFi - CorporateUsers"
3. Install a Certification Authority
 a. Install the role
 b. Configure the ADCS
 Choose Enterprise CA
 Keep all defaults (Choose Root CA)
 Set Certificate to 2 years and create a scheduled task somewhere to replace this certificate before it expires.
 c. Request computer certificate for the Domain Controller Certificate on the RADIUS Server.
4. Install NPS
 a. -
 b. Configure RADIUS server in FortiCloud / (Your Access Points)
 c. Authentication on WPA2-Enterprise
    Port 1812
    Enter a the "Secret" PSK.
 d. In the NPS config, change from NPS to RADIUS 802.1x
 e. Add a RADIUS client (the AP)
 f. For Auth Method, choose EAP.
 g. Add the "WiFi - CorporateUsers" group.
 h. Click on the NPS(Local) root node in the NPS Snap in, then click the Action > Register Server in Active Directory.
5. Export the DC Certificate, and deploy it to all devices that can join WiFi
6. Deploy WiFi Settings and certificate via Group Policy
 a. Put the exported certificate in SYSVOL\DOMAIN\Scripts\
 b. Create Group policy, ComputerConfiguration > Policies > Windows Settings > Security Settings > Public Key Policies > Trusted Publishers
 c. Import the certificate
 d. Next in the same policy go to ComputerConfiguration > Policies > Windows Settings > Security Settings > Public Key Policies > Wireless Network (IEEE 802.11) Polices
 e . Create a new Network Connection
 f . Enter to Policy Name, Click Add and then "Infrastructure".
 g. Enter Profile Name, SSID for the Netowrk. On the Security tab choose WPA2-Enterprise/AES, EAP(PEAP).
 h. In the same window, click properties, TICK:"Connect to these servers" and enter the FQDN of the RADIUS Server e.g. HVDC2.DOMAIN.local
 i. From the Trusted Root Certification Authorities window, find and tick your certificate you imported earlier.
 j. Next Click "Configure" - Here you can untick this to make users enter their password, or leave it ticked to have a Pass Thru style authentication.
7. Test
 a. Connect to a laptop (With LAN connection if remote) and try to login with AD credentials. (If you opted for Pass Thru it should just connect).

List a Client Machine informations with PowerShell

Here are two scripts, which can assist in getting hardware information about the computers on an active directory network. It'll get you the following information in a CSV file:

  1. Hostname
  2. Model
  3. RAM
  4. CPU
  5. Serial Number
  6. Manufacturer
  7. Operating System
  8. HDD Capacity
  9. HDD Space
  10. IP Address

If your DC has PowerShell V2 use this:

## FOR MACINES WITH POWERSHELL V2
Import-Module ActiveDirectory
$ComputerList = Get-ADComputer -filter * -Properties *
$csvpath = "C:\users\icuadminaccount\Desktop\Computers.csv"
foreach ($Computer in $ComputerList) {
##Title
$computerSystem = Get-WmiObject -ComputerName $Computer.Name -Class CIM_ComputerSystem
$output = "System Information for: " + $computerSystem.Name +"`n"
$output = $output + "Model: " + $computerSystem.Model +"`n"
$output = $output + "RAM: " + "{0:N2}" -f ($computerSystem.TotalPhysicalMemory/1GB) + "GB"+"`n"
##CPU
$computerCPU = Get-WmiObject -ComputerName $Computer.Name -Class CIM_Processor
$output = $output + "CPU: " + $computerCPU.Name +"`n"
Out-file -FilePath $csvpath -append
##BIOS
$computerBIOS = Get-WmiObject -ComputerName $Computer.Name -Class CIM_BIOSElement
$output = $output + "Serial Number: " + $computerBIOS.SerialNumber +"`n"
$output = $output + "Manufacturer: " + $computerBIOS.Manufacturer +"`n"
Out-file -FilePath $csvpath -append
##OS
$computerOS = Get-WmiObject -ComputerName $Computer.Name -Class CIM_OperatingSystem
$output = $output + "Last Reboot: " + $computerOS.LastBootUpTime +"`n"
$output = $output + "Operating System: " + $computerOS.caption + ", Service Pack: " + $computerOS.ServicePackMajorVersion +"`n"
Out-file -FilePath $csvpath -append
##Disks
$computerHDD = Get-WmiObject -ComputerName $Computer.Name -Class Win32_LogicalDisk -filter "DeviceID = 'C:'"
$output = $output + "HDD Capacity: " + "{0:N2}" -f ($computerHDD.Size/1024) + "GB" +"`n"
$output = $output + "HDD Space: " + "{0:P2}" -f ($computerHDD.FreeSpace/1024) + " Free (" + "{0:N2}" -f ($computerHDD.FreeSpace) + "KB)" +"`n"
$output | Out-file -FilePath $csvpath -append
}

If your DC has PowerShell V3+ use this:

## FOR MACINES WITH POWERSHELL V3+
Import-Module ActiveDirectory
$ComputerList = Get-ADComputer -filter * -Properties *
$csvpath = "C:\users\icuadminaccount\Desktop\Computers.csv"
foreach ($Computer in $ComputerList) {

$computerSystem = Get-CimInstance CIM_ComputerSystem
$computerBIOS = Get-CimInstance CIM_BIOSElement
$computerOS = Get-CimInstance CIM_OperatingSystem
$computerCPU = Get-CimInstance CIM_Processor
$computerHDD = Get-CimInstance Win32_LogicalDisk -filter "DeviceID = 'C:'"


$output = "System Information for: " $computerSystem.Name -BackgroundColor DarkCyan
$output = $output + "Manufacturer: " + $computerSystem.Manufacturer
$output = $output + "Model: " + $computerSystem.Model
$output = $output + "Serial Number: " + $computerBIOS.SerialNumber
$output = $output + "CPU: " + $computerCPU.Name
$output = $output + "HDD Capacity: " + "{0:N2}" -f ($computerHDD.Size/1GB) + "GB"
$output = $output + "HDD Space: " + "{0:P2}" -f ($computerHDD.FreeSpace/$computerHDD.Size) + " Free (" + "{0:N2}" -f ($computerHDD.FreeSpace/1GB) + "GB)"
$output = $output + "RAM: " + "{0:N2}" -f ($computerSystem.TotalPhysicalMemory/1GB) + "GB"
$output = $output + "Operating System: " + $computerOS.caption + ", Service Pack: " + $computerOS.ServicePackMajorVersion
$output = $output + "User logged In: " + $computerSystem.UserName
$output = $output + "Last Reboot: " + $computerOS.LastBootUpTime
$output | Out-file -FilePath $csvpath -append
}

Enable the Password Reset Option in Exchange Server

1. Log in to exchange server with your admin credentials.

Add-pssnapin microsoft*

Install-CannedRbacRoles

Install-CannedRbacRoleAssignments

3. Log in to the Exchange Admin Center and click on Permissions.

Right-click ‘Organization Management’ and then click Edit.

Click the ‘+’ sign on the roles section. Select ‘Reset Password’ and then click Add. Click OK and then click Save.

4. Log out from the Exchange Admin Center.

5. When you log in again to the Exchange Admin Center and open any existing user mailbox properties, you should see the reset password option.      

Windows 10 hangs on Black Screen when logging in

Problem

 Windows 10 hangs on Black Screen when logging in. This normally happends on a normal domain account (but can be any account).

Cause

 Windows 10 Bug

Solution

If on Black screen, press CTRL + ALT + DEL and log out

Sign in with a local admin account

Run Services.msc

Right click App Rediness > Properties

Set startup type to disabled.

Reboot machine and log into effected user.

Once logged in Install all windows updates as this issue was resolved in an anniversary updatre.

Reference, Links and Images

https://h30434.www3.hp.com/t5/Desktop-Boot-and-Lockup/SOLVED-For-everyone-who-is-having-black-screen-after-login/m-p/6319827#M45440 

 

Which switches to use for ROBOCOPY

robocopy "\\uncpath\to the SOURCE folder you want to copy" "C:\local path\to the DESTINATION folder" /e /r:10 /COPY:DATSOU /LOG:C:\copy_result_log_file.txt

 

/e

Copies subdirectories. Note that this option includes empty directories.

/r:<N>

Specifies the number of retries on failed copies.

/copy:<CopyFlags>

Specifies the file properties to be copied. The following are the valid values for this option:
D Data
A Attributes
T Time stamps
S NTFS access control list (ACL)
O Owner information
U Auditing information
The default value for CopyFlags is DAT (data, attributes, and time stamps).

/log:<LogFile>

Writes the status output to the log file (overwrites the existing log file).