Albert Widjaja albert-widjaja
nathanmcnulty
/ gist:8c2e28b76f18dcdec12f78799724cffe
Created
September 6, 2024 01:48
CA policy for pim-strong-reauth-compliant-device
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/conditionalAccess/policies/$entity", | |
| "id": "876aef31-50a3-4c79-b77a-7ba8f8941317", | |
| "createdDateTime": "2024-09-06T01:23:30.5342067Z", | |
| "displayName": "PIM - Require strong re-authentication from compliant device", | |
| "state": "enabledForReportingButNotEnforced", | |
| "conditions": { | |
| "clientAppTypes": [ "all" ], | |
| "signInRiskLevels": [ ], | |
| "userRiskLevels": [ ], |
richardhicks
/ Optimize-DomainControllerTlsCipherSuites.ps1
Last active
March 22, 2024 18:53
Disable Insecure TLS Cipher Suites for LDAPS on Domain Controllers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This Gist is a PowerShell script to set the SSL Cipher Suite Order Group Policy Object (GPO) for Windows Server 2016 and 2019/2022. | |
| # Reference: https://www.dsinternals.com/en/active-directory-domain-controller-tls-ldaps/ | |
| # Security optmized cipher suite list for Windows Server 2019/2022 | |
| $Ciphers2022 = 'TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' | |
| # Security optmized cipher suite list for Windows Server 2016 | |
| $Ciphers2016 = 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' | |
| $GpoName = 'Domain Controller Security Baseline' |
dafthack
/ azure_client_ids.txt
Created
June 16, 2023 11:57
A collection of client IDs that can be used to authenticate a user, and their associated application name that shows up in Azure Sign-In logs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 00b41c95-dab0-4487-9791-b9d2c32c80f2 - Office 365 Management | |
| 04b07795-8ddb-461a-bbee-02f9e1bf7b46 - Microsoft Azure CLI | |
| 0ec893e0-5785-4de6-99da-4ed124e5296c - Office UWP PWA | |
| 18fbca16-2224-45f6-85b0-f7bf2b39b3f3 - Microsoft Docs | |
| 1950a258-227b-4e31-a9cf-717495945fc2 - Microsoft Azure PowerShell | |
| 1b3c667f-cde3-4090-b60b-3d2abd0117f0 - Windows Spotlight | |
| 1b730954-1685-4b74-9bfd-dac224a7b894 - Azure Active Directory PowerShell | |
| 1fec8e78-bce4-4aaf-ab1b-5451cc387264 - Microsoft Teams | |
| 22098786-6e16-43cc-a27d-191a01a1e3b5 - Microsoft To-Do client | |
| 268761a2-03f3-40df-8a8b-c3db24145b6b - Universal Store Native Client |
githubfoam
/ windows ADBA KMS cheat sheet
Last active
August 8, 2024 06:17
windows ADBA KMS cheat sheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ========================================================================================================== | |
| #Slmgr.vbs Options for Volume Activation | |
| Attempting to manage an older system from Windows 7 or Windows Server 2008 R2 will generate a specific version mismatch error | |
| ========================================================================================================== | |
| #ChatGPT | |
| Explain Key Management Server in windows. | |
| A Key Management Server (KMS) is a feature in Microsoft Windows that allows organizations to activate volume licensed versions of Windows and Office products within their network environment without the need for individual activation keys for each computer. |
joegasper
/ ConvertFrom-DN
Last active
June 5, 2024 02:37
Convert between DistinguishedName and CanonicalName
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Updated ConvertFrom-DN to support container objects | |
| function ConvertFrom-DN { | |
| [cmdletbinding()] | |
| param( | |
| [Parameter(Mandatory, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
| [ValidateNotNullOrEmpty()] | |
| [string[]]$DistinguishedName | |
| ) | |
| process { |
jbratu
/ setupiisforsslperfectforwardsecrecy_v17.ps1
Last active
November 19, 2024 21:48
Great powershell script for tightening HTTPS security on IIS and disabling insecure protocols and ciphers. Very useful on core installations.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2019, Alexander Hass | |
| # https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12 | |
| # | |
| # After running this script the computer only supports: | |
| # - TLS 1.2 | |
| # | |
| # Version 3.0.1, see CHANGELOG.txt for changes. | |
| Write-Host 'Configuring IIS with SSL/TLS Deployment Best Practices...' | |
| Write-Host '--------------------------------------------------------------------------------' |
lukehutton
/ EnableSchUseStrongCrypto.ps1
Last active
May 7, 2024 07:15
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379810(v=vs.85).aspx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto Instructs Schannel to disable known weak cryptographic algorithms, cipher suites, and SSL/TLS protocol versions that may be otherwise enabled for better interoperability.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value 1 -PropertyType 'DWord' -Force | Out-Null |