Windows AD FS provides enterprise Identity and Authentication services, which includes support for OAuth2 and OIDC authentication flows. In this article, we will create and configure an ADFS Application group that supports the Authorization Code flow. This flow allows an application to access a 3rd party API on behalf of the end user as illustrated … Microsoft: configuring an Application Group for OAuth2/OIDC on ADFS 2019
Based on my previous article on creating a Windows2019 Windows Domain Controller from a Sysprep template, we now want to move on to creating an Windows 2019 ADFS server in a similar fashion. Once this new Windows 2019 guest OS is provisioned, we will prepare it and then run Powershell scripts that will enable the … KVM: Creating a Windows2019 ADFS server using Powershell
Based on my previous article on creating a Windows2019 base template using Sysprep, we can now move on to creating a Windows Domain Controller using this template as a backing file. Once this new Windows 2019 guest OS is provisioned, we will prepare it and then run Powershell scripts that will enable the Active Directory … KVM: creating a Windows2019 Domain Controller using Powershell
In the world of Linux containers where deployment takes on the order of seconds, even the best-case scenario for spinning up a new Windows host can seem like an eternity. Clearly, you don’t want to wait for the entire Windows install process each time you bring up a Windows guest OS. Even automated, this would … KVM: configuring a base Window2019 instance with Sysprep
WireGuard aims to be the successor to IPsec and more performant than OpenVPN. It is a general purpose VPN that is secure enough for servers, yet light enough to run on embedded devices. In this article, I will show how to install WireGuard on an Ubuntu server and then access it using a Windows client. … Ubuntu: WireGuard VPN for Ubuntu servers, with a Windows client
Using ldapsearch to query against the insecure port of a Windows Domain Controller is straightforward. However, it can be challenging to get all the pieces in place for a production environment where the secure port must be used and the root CA certificate is typically not from a public CA. Assuming the standard insecure port … Ubuntu: using ldapsearch to query against a secure Windows Domain Controller
A centralized authentication/authorization mechanism is a key part of a security stance as well as a convenience to end users. There are multiple packages and systems to achieve this, and in this article I will focus on integrating back into Windows Active Directory using SSSD for login and group membership. When complete, you will have … Ansible: Login to Ubuntu with Windows Active Directory using SSSD
If you are using version 4+ of PowerShell, then instead of using the older makecert utility or the IIS Manager you can simply use New-SelfSignedCertificate cmdlet. In this article I’ll provide a small Powershell script that can assist in creating a self-signed certificate in the local machine personal store.
If you are using a newer version of PowerShell, then by all means use the New-ScheduledTaskAction, New-ScheduledTaskTrigger, and Register-ScheduledTask and to create a Windows schedule task using PS scripting. But if you still need to be compatible back to PowerShell 2.0, and want to keep it simple, you can avoid using the Schedule.Service COM interface, … PowerShell: Create Windows Scheduled Task to run Powershell script every hour
Putty is one of the first tools I install on any host or jumpbox. And creating a saved session definition is extremely helpful so I can get the right window size, scrollback, keep alives, color scheme, etc. but creating each session definition by hand is time consuming. In this article, I will show you how … PuTTy: Bulk import PuTTy session definitions into the registry using Powershell
The Windows Zabbix Agent provides a native interface to the Windows Performance Counters. and Event Log. This means that with minimal overhead, and no additional shells out to Powerscript or the command line, you can collect any of the metrics available from PerfMon or Event Viewer.
Many developers like to use Vagrant from HashiCorp to standardize the workflow of virtual machines: creation, running, destroying, taking snapshots, etc.. Usually Vagrant is used for Linux hosts, but it also works with Windows as long as you prepare the template properly. In a previous article I went over the detailed steps to create a template image for … Windows: Windows 2012 Sysprep for Vagrant readiness
In the world of Linux containers where deployment takes on the order of seconds, even the best-case scenario for spinning up a new Windows host can seem like an eternity. Clearly, you don’t want to wait for the entire Windows install process each time you bring up a Windows guest OS. Even automated, this would … Ubuntu: Standing up a Windows 2012 instance on Ubuntu using Sysprep
Ansible is an agentless configuration management tool that helps operations teams manage installation, patching, and command execution across a set of servers. Ansible was started as a Linux only solution, leveraging ssh to provide a management channel to a target server. However, starting at Ansible 1.7, support for Windows hosts was added by using Powershell … Ansible: Managing a Windows host using Ansible
A nice feature of the Go language is the ability to build binaries for multiple platforms directly from a single source system. As an example, even from a development Windows 7 32-bit machine, you can build binaries for both 64 bit Linux and Windows 2012 Servers. Before Go 1.5, you needed a compiler for the target architecture, … GoLang: Cross Compiling for Linux and Windows platforms
If the logs you are shipping to Logstash are from a Windows OS, it makes it even more difficult to quickly troubleshoot a grok pattern being sent to the Logstash service. It can be beneficial to quickly validate your grok patterns directly on the Windows host. Here is an easy way to test a log … Logstash: Testing Logstash grok patterns locally on Windows
When working from the Windows command line, you can do a quick test to validate your SMTP connectivity using PowerShell: c:\> Powershell -executionpolicy bypass PS c:\> Send-MailMessage –to <TO> –from <FROM> –subject “testing123” –body “this is a test” –smtpserver <SMTPServer> -port 25 And if the mail server is accessed over TLS/SSL with SMTP authentication … Sending SMTP Mail from Windows Using PowerShell