Microsoft

Bitlocker Powershell Script to check encryption status | Thanks Jijo Chacko

Big thanks to “Jijo Chacko” for sharing this script with me.  Very useful to check the Bitlocker encryption status of computers in your environment. 

 

 

Function Get-BitlockerInfo()
<#
.SYNOPSIS
Retrieves Bitlocker Encryption information.
.DESCRIPTION
Retrieves Bitlocker Encryption information from Multiple computers.
.PARAMETER Machinelist
File name and path of the file contains machine information.
.B.N.E
Bit-locker Not Enabled
.EXAMPLE
Get-BitlockerInfo -Machinelist C:\Users\jijo\Desktop\Check.txt -LogfileName C:\Users\jijo\Desktop\Bitlocker.csv
.CREATED BY
Jijo Chacko,jijochacko2005@gmail.com
#>
{
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)][string]$Machinelist,
[Parameter(Mandatory=$True)] [String]$LogfileName
)
Clear-Host
$machines=Get-Content -Path $Machinelist
$Bitlockerforprint=@()
Foreach($Computer in $Machines)
{
$ping = Test-Connection $Computer -Count 1 -ErrorAction SilentlyContinue
if ($ping.statuscode -eq 0)
{
Try
{
$EncryptionStatus=Manage-bde -computername $Computer -status C:
$Size=$EncryptionStatus|Where-Object{$_ -like ‘*Size:*’}
If ($size -ne $null)
{
$Newsize=$size.Substring(26)
}
Else
{
$Newsize=”B.N.E”

}
$Conversionstatus=$EncryptionStatus|Where-Object{$_ -like ‘*Conversion Status:*’}
If ($Conversionstatus -ne $null)
{
$newConversionstatus=$Conversionstatus.Substring(26)
}
Else
{
$newConversionstatus=”B.N.E”

}
$Percentage=$EncryptionStatus|Where-Object{$_ -like ‘*Percentage Encrypted:*’}
If ($Percentage -ne $null)
{
$newpercentage=$Percentage.Substring(26)
}
Else
{
$newpercentage=”B.N.E”

}
$Protectionstatus=$EncryptionStatus|Where-Object{$_ -like ‘*Protection Status:*’}
If ($Protectionstatus -ne $null)
{
$newprotectionstatus=$Protectionstatus.Substring(26)
}
Else
{
$newprotectionstatus =”B.N.E”

}

$details=New-object psobject
$details|Add-Member -Type NoteProperty -Name “Computer Name” -Value $Computer
$details|Add-Member -Type NoteProperty -Name Size -Value $Newsize
$details|Add-Member -Type NoteProperty -Name “Percentage Completed” -Value $newpercentage
$details|Add-Member -Type NoteProperty -Name “Protection Status” -Value $newprotectionstatus
$details|Add-Member -Type NoteProperty -Name “Conversion Status” -Value $newConversionstatus
$Bitlockerforprint += $details
$Newsize= $null
$newpercentage = $null
$newprotectionstatus = $null
$newConversionstatus = $null

}
Catch
{
Write-Host ($_.Exception.Message) -ForegroundColor Red
}
}
Else
{
Write-Warning “Destination Host Unreachable $Computer “
}
}
$Bitlockerforprint|Select-Object “Computer Name”,Size,”Percentage Completed”,”Conversion Status”,”Protection Status”|format-table -AutoSize
$Bitlockerforprint|Select-Object “Computer Name”,Size,”Percentage Completed”,”Conversion Status”,”Protection Status”|Export-Csv $LogfileName -force -encoding “unicode” -NoClobber -Append
}

Install Microsoft SQL on Linux – Ubuntu Server

I recently had the pleasure of installing Microsoft SQL Server on Linux – Ubuntu Server. This was a very straight-forward installed and just works. The following steps are what were taken to install and configure this server.

My Setup:

  • Ubuntu 17.10 Server – VMware Template
  • Network Connectivity
  • SQL Server Management Studio 17 – Testing connectivity to SQL Server

Prerequisites:

  • Ubuntu Linux Server – Memory: 3.25, Disk Space: 6GB, CPU (x64): 2 Cores
  • Internet Access – Offline Installs are also possible
  • Root or SU Access
  • Time – 5-6 Minutes

Steps:

  1. Log into Ubuntu Linux server via console or SSH (Preferred), su into root
  2. We need to import the repository GPG Keys by first downloading and adding it with he following command: curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add –
  3. Next we register the repository by entering: add-apt-repository “$(curl https://packages.microsoft.com/config/ubuntu/16.04/mssql-server-2017.list)”
  4. Next we need to upload the repository list and install SQL with the following commands: apt update | apt install mssql-server -y
  5. After the SQL Server package has completed installing.  You will be instructed to run mssql-config setup to setup the SQL Server version you will be installing, in addition to password credentials.  This is done by issue the following command: /opt/mssql/bin/mssql-conf setup
  6. Optional – Open your firewall if enabled to allow for SQL’s TCP/1433 from remote hosts.
  7. Test connecting to your newly install SQL Server via SSMS.
  8. Done!

Screenshot:

Video:

Tech Short: How To Change The MTU – Server 2016

 

Troubleshooting an application issues which could possibly be network related.  I found myself needing to make some adjustment to the maximum transmission unit (MTU) setting of my server.  As such what better time to post a quick technical short on how to go about doing this.

 

How To Change The MTU – Windows Server 2016

Requirements:

  • Logon and Administrator permission on Server
  • Network Connectivity
  • Time to reboot

 

Procedure:

From the desktop of your Windows Server 2016 server open an Administrative command prompt by Right-Clicking on the start button and select  – Command Prompt (Admin).

Once in the command prompt you we be using netsh to determine the IDX of the installed interface devices. this is performed by using the following command:  netsh interface ipv4 show interfaces

Take note of the IDX interface that you would like to change the MTU on as this is what we need to specify when changing the MTU settings.

Using netsh again you issue the following command: netsh interface ipv4 set subinterface “number-goes-here” mtu=1400 store=persistent

Please note that the subinerface will be the IDX number from the first netsh command and that the MTU setting is a value less than the original 1500.

Now you can reboot to have the changes take effect.  I have also noticed the disabling the interface and  re-enabling also works.

 

 

Microsoft Patched the KRACK Vulnerability Last Week

Last week, Microsoft released an update Windows 10 Cumulative Update KB4041676. Guess what was also included within this… Yup! The Patch for the Krack Vulnerability.  At this time the KRACK vulnerability that was not publicly disclosed, until Monday, October 16 2017.

Very slick move on the part of Microsoft slipping this in to protect its customers against such a threat.  For those who dig deep into the updates notes would have arrived at Microsoft’s Security TechCenter post which reads.

“A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network.”

For the post and affected Microsoft products:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

 

Windows 10 Cumulative Update KB4041676 Fixed

On Tuesday, October 10, 2017 Microsoft released KB4041676 as an update that includes quality improvements. What many started to notice was that it was accompanied by an issue included systems unable to boot and those cause in boot-loops.

 

Jump to quick fix: for those of you who already installed this

In the cmd line of the advanced repair options type:

Dism /Image:C:\ /Get-Packages (could be any drive, had it on D, F, and E.)
Dism /Image:C:\ /Remove-Package /PackageName:package_ for_###
(no space between package_ and for)

Remove every update that’s pending – There are 3 updates that are causing the issue they are:

  • Rollupfix_wrapper~31bf3856ad364e35~amd64~14393.1770.1.6
  • Rollupfix~31bf3856ad364e35~amd64~14393.1770.1.6
  • Rollupfix~31bf3856ad364e35~amd64~14393.1715. 1.10

 

Microsoft explained in a support article that this has been caused by what it describes as a “publishing issue,”

““We have corrected the publishing issue as of the afternoon of October 10th and have validated the cumulative security updates. We recommend all customers take these cumulative security updates,”.

 

At the office and in the lab:

I have taken steps to flush the update from my WSUS environments as a precaution and to allow for the corrected package to be downloaded.

 

ref:

https://support.microsoft.com/en-ca/help/4049094/windows-devices-may-fail-to-boot-after-installing-october-10-version-o