PowerShell

Hyper-V Virtualization: Turning Hyper-V On and Off

I recently started using Hyper-V on my Windows 10 workstation to task advantage of using technologies such as Docker that leverages Hyper-V to run its container images.  I also run VMware Player for running virtual machines.

The following commands make it a simpler task to toggle Hyper-V on and off again.

To Turn Hyper-V off, run the following command then restart your computer:

bcdedit /set hypervisorlaunchtype off

To turn Hyper-V back on, run the following command then restart your computer:

bcdedit /set hypervisorlaunchtype on (or auto start)

 

Note:  Quick method to check the status of Hyper-V – Get-WindowsOptionalFeature -Online -FeatureName *hyper*

Microsoft: Meltdown and Spectre Check via PowerShell

Like many folks around the world, I was wondering if this Meltdown and Spectre flaw would impact my computers and virtual machines.  Microsoft has started to release emergency fixes for Windows 10 and its been said that Windows 8 and legacy 7 will also receive patches.

Microsoft has released a PowerShell script that lets users check whether they have protection in place.

Steps to take:

  1. Open PowerShell (I like to use PowerShell ISE)
  2. Run PowerShell as as Administrator.
  3. Type Install-Module SpeculationControl and press Enter.
  4. When the installation completes, type Import-Module SpeculationControl and press Enter.
  5. Type Get-SpeculationControlSettings and press Enter.

In the list of results that’s displayed, you’re looking to see that a series of protections are enabled — this will be listed as True.  Ref: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Should reassemble 

Speculation control settings for CVE-2017-5715 [branch target injection]

  • Hardware support for branch target injection mitigation is present: True
  • Windows OS support for branch target injection mitigation is present: True
  • Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

  • Hardware requires kernel VA shadowing: True
  • Windows OS support for kernel VA shadow is present: True
  • Windows OS support for kernel VA shadow is enabled: True
  • Windows OS support for PCID optimization is enabled: True

 

 

 

Office 365: Use Content Search to delete unwanted Emails from Organization

Office 365: Use Content Search to delete unwanted Emails from Organization

As an admin you can use the Content search located under Security & Compliance to search for and delete email message from select or all mailbox in your organization.  This is particularly useful to remove high-risk emails such as:

  • Message that contains sensitive data
  • Messages that were sent in error
  • Message that contain malware or viruses
  • Phishing message

 

To start the process, we begin with creating a content search:

  1. Log into your Office 365 protection center – https://protection.office.com
  2. Click on Search & investigation, then select Content search
  3. From Content search click on the “New” Icon
  4. Enter a name for this search job
  5. Select either specific mailboxes or “all mailboxes”
  6. Select “Search all sites”, public folders are an option depending on your search criteria
  7. Click Next
  8. Enter in keywords to search of leave blank to search for all content
  9. Add Conditions – In my example I am looking for a subject (ex. Microsoft account unusual sign-in activity)

  10. Click Search

 

The search will start and results will be displayed in the right pane.

When completed you a preview the results and export to computer as a report.

Now the you have generated a search you can move to deleting the content you had searched for.

To do this we will need to connect to the Security & Compliance Center using remote PowerShell.

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session -AllowClobber -DisableNameChecking

$Host.UI.RawUI.WindowTitle = $UserCredential.UserName + ” (Office 365 Security & Compliance Center)” 

 

Once successful authenticated, and connected to the compliance center you can creation a new action to delete the items found in our previous search.

This is done by using the following example:

New-ComplianceSearchAction -SearchName “Phishing” -Purge -PurgeType SoftDelete

 

Online PowerCLI Installation, Quick Steps

Here are some quick steps to installing PowerCLI onto your computer to get you started. I performed the steps listed below on a Windows 10 Computer.

 

Overview

VMware PowerCLI is a command-line and scripting tool built on Windows PowerShell, and provides more than 600 cmdlets for managing and automating vSphere, vCloud, vRealize Operations Manager, and VMware Horizon environments.

Requirements

PowerShell or PowerShell ISE, Internet Connection

Steps

Validate that you have an internet connection. Once done we need to confirm that you can connect to the PowerShell gallery online.

This is done by issues the following command: Find-Module -Name VMware.PowerCLI

 

Next we issue the command: Install-Module -Name VMware.PowerCLI –Scope CurrentUser

If prompted to accept the repository, choose Yes to All and continue

The installation process will begin to download the modules

Later unzipping them

And a short while later the installation will complete

Verify the module by using the following command: Get-Module VMware* -ListAvailable

That’s it, your done.

 

Command list:

Find-Module -Name VMware.PowerCLI
Install-Module -Name VMware.PowerCLI –Scope CurrentUser
Get-Module VMware* -ListAvailable

 

 

How to demote a Windows Server 2012 Domain Controller

In this short write up I will go over steps to demote a Server 2012 domain controller.

If you have worked in Active Directory and Windows Domain Administration over the years you may recall that in previous version of Windows Server that you would use the command line tool of ‘DCPROMO’ to promote or demote a server. Since Server 2012, the use of DCPROMO has been deprecated. In fact, if you attempt to use it you will be inform of this via the Active Directory Domain Service Installed.

In Server 2012 and later versions the use of Server Manager or PowerShell is required to promote / demote a server to/from a Domain Controller (DC). Below I provide steps on how to demote a server with some illustration along the way. Also, here is a quick YouTube video on the process: https://youtu.be/sBK2_APaDdg

Log into the domain controller you intend on demoting and Launch the Server Manager, select the Manage drop down menu, select Remove roles and features.

On the server selection page, select the desired server from the pool.

On the Remove Roles and Features Wizard, un-tick the Active Directory Domain Services box

The Remove Roles and Features dialog box will open. Click Remove features

On the Remove Roles and Features Wizard dialog box Validation Results box will appear. The domain controller must be demoted before continuing. Click on Demote this domain controller.

On the Active Directory Domain Services Configuration Wizard enter the required credentials to demote this server, click Next.

You will have several removal options. From the forced remove of failed domain member, to removing of the last domain in your forest. Make the selections which is appropriate for your remove task and click Next

Finally you will arrive on the New Administrator Password, enter and confirm the new local administrator account password, click Next.

On the Review Options verify the information is correct and click Demote.

After the server has restarted it will no longer be a domain controller

And that is it.