LAPS WinForm 2

New and improved LAPS WinForm because the original one, found here, was kind of crap. It didn’t handle exceptions very well and I don’t think the group policy update worked at all after some further debugging.

I am please to present the new GUI for LAPS:

The best place to download this from would be my TechNet gallery

Enjoy!

Resetting pwdLastReset Attribute in Active Directory

This sort of thing is useful if you have a bunch of users that have passwords which are set to not expired, but then you decide that they do need to expire. But if you simply untick the “Password doesn’t expired” attribute then it will instantly make them change their password because the “pwdLastSet” date will be from when the user was first set-up.

This trick will set the “pwdLastSet” date to today so that they have some warning before being told to reset their password.

First of all, make sure that you have “Advanced Features” turned on from the “View” menu.

Now find the user that you want to reset the value for and edit their properties. Navigate to the “Attribute Editor” tab and scroll down until you see the “pwdLastSet” attribute.

Edit the value to be “0“, this means that the value has never been set. See screenshot below.

Changed to 0

Now click okay on all of the boxes until the users properties window has closed. Now reopen the users window, go back to the attributes editor and change pwdLastSet to “-1. See screenshot below:

Changed to -1

Now press okay to all the boxes until the users properties window has closed. Now when you check for the pwdLastSet attribute it will be set to the current date.

Hope this helped you, enjoy!

Secure Password Generation In PowerShell

Nice simple one today. Very short and easy. Just made a big post to my job automation project which is why I made the following script in PowerShell. Basically what I needed was to be able to reset multiple user account passwords in Active Directory. This meant that I needed to generate secure passwords, this was to ensure that they would meet the minimum requirements, and also convert them to something that PowerShell and Active Directory “liked”.

The below 3 lines of code should do the trick:

[string]$initialpassword = ([char[]](Get-Random -input $(47..57 + 65..90 +97..122) -count 8)) + (Get-Random -minimum 0 -maximum 10)

$passwordwithspacesremoved = $initialpassword.Replace(' ','')

$convertedpassword = ConvertTo-SecureString -AsPlainText $passwordwithspacesremoved -Force

I had the add the extra “Get-Random -Minimum 0 -Maximum 10” because, since its randomly generated, sometimes it didn’t include a single number. This obviously would make the password not secure enough to be used within Active Directory. So rather than waste time trying to define the randomness to include some sort of number, I simply made damn sure that there would always be a random digit at the end. Both ensuring sufficient security to be used in Active Directory and also still being random. (Wouldn’t be good if all the passwords ended in 3 :p )

How I used this code, only if you’re interested though is like this:

Set-ADAccountPassword -Identity $USERNAME$ -Reset - NewPassword $convertedpassword -PassThru | Enables-ADAccount | Unlock-ADAccount

As you can see, I have passed the secure string password into the account reset command. Works like a charm. Some of the other parameters (such as -PassThru) stops the process being weird /breaking.

Enjoy!

Changing Script Execution Policies with Powershell

First, load up a Powershell prompt in Administrator mode.

Using the command:

Get-ExecutionPolicy -List

will bring up all of the execution policies for the different scopes. This can be seen in the screenshot below.

1

Now that we have our existing execution policies, we want to change them so that scripts can be run on your machine. The two we’re interested in is the “CurrentUser” and the “LocalMachine” scopes.

Given this, we want to change the execution policy for these two to be “RemoteSigned”. This way only the scripts that you authorize will be run, instead of the “Unrestricted” option with would allow Powershell to run ANY script. Obviously this could be a large security risk. With RemoteSigned, it also means that any downloaded scripts will need to be trusted in order to work.

Using the command:

Set-ExecutionPolicy RemoteSigned

When you are presented with the following screen, you want to select the “Yes to All” option or type “A”

2

Finally, we can run the command:

Get-ExecutionPolicy -List

Again which will show that the execution policy has now been changed.

3

You should now be able to run Powershell scripts. Please note that you may need to load then in Powershell ISE and run them which should ask you to make the script trusted or not.

Renaming NICs with Netsh

First, you want to open a command prompt in Administrator mode.Open CMD

Secondly, open up a netsh prompt by typing “netsh” into the command prompt and pressing enter.Open Netsh

Thirdly, we want to list the interfaces that are currently available on the computer. Then find the one that you want to change the name for. You can list the interfaces by typing “interface show interface”.List Interfaces

Now we have found the interface that we want to change the name for, LET’S CHANGE THE NAME ALREADY! You’ll want to type:

interface set interface name="connectionnamehere" newname="newname"

Below in the screenshot are the values I added. Obviously making the connection name more Recognisable.command entered

Finally, when listing the interfaces again,  you can see that the interface’s name has changed.

result

You may have noticed that the command prompts permission level changed to Administrator mode after the first screenshot… I completely forgot that I needed to be in administrator mode to perform a rename on a NIC. Hope this was useful to you!