Skip to content

Instantly share code, notes, and snippets.

View albert-widjaja's full-sized avatar

Albert Widjaja albert-widjaja

View GitHub Profile
@lukehutton
lukehutton / EnableSchUseStrongCrypto.ps1
Last active May 7, 2024 07:15
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379810(v=vs.85).aspx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto Instructs Schannel to disable known weak cryptographic algorithms, cipher suites, and SSL/TLS protocol versions that may be otherwise enabled for better interoperability.
New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value 1 -PropertyType 'DWord' -Force | Out-Null
@jbratu
jbratu / setupiisforsslperfectforwardsecrecy_v17.ps1
Last active November 19, 2024 21:48
Great powershell script for tightening HTTPS security on IIS and disabling insecure protocols and ciphers. Very useful on core installations.
# Copyright 2019, Alexander Hass
# https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12
#
# After running this script the computer only supports:
# - TLS 1.2
#
# Version 3.0.1, see CHANGELOG.txt for changes.
Write-Host 'Configuring IIS with SSL/TLS Deployment Best Practices...'
Write-Host '--------------------------------------------------------------------------------'
@joegasper
joegasper / ConvertFrom-DN
Last active June 5, 2024 02:37
Convert between DistinguishedName and CanonicalName
#Updated ConvertFrom-DN to support container objects
function ConvertFrom-DN {
[cmdletbinding()]
param(
[Parameter(Mandatory, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)]
[ValidateNotNullOrEmpty()]
[string[]]$DistinguishedName
)
process {
@githubfoam
githubfoam / windows ADBA KMS cheat sheet
Last active August 8, 2024 06:17
windows ADBA KMS cheat sheet
==========================================================================================================
#Slmgr.vbs Options for Volume Activation
Attempting to manage an older system from Windows 7 or Windows Server 2008 R2 will generate a specific version mismatch error
==========================================================================================================
#ChatGPT
Explain Key Management Server in windows.
A Key Management Server (KMS) is a feature in Microsoft Windows that allows organizations to activate volume licensed versions of Windows and Office products within their network environment without the need for individual activation keys for each computer.
@dafthack
dafthack / azure_client_ids.txt
Created June 16, 2023 11:57
A collection of client IDs that can be used to authenticate a user, and their associated application name that shows up in Azure Sign-In logs.
00b41c95-dab0-4487-9791-b9d2c32c80f2 - Office 365 Management
04b07795-8ddb-461a-bbee-02f9e1bf7b46 - Microsoft Azure CLI
0ec893e0-5785-4de6-99da-4ed124e5296c - Office UWP PWA
18fbca16-2224-45f6-85b0-f7bf2b39b3f3 - Microsoft Docs
1950a258-227b-4e31-a9cf-717495945fc2 - Microsoft Azure PowerShell
1b3c667f-cde3-4090-b60b-3d2abd0117f0 - Windows Spotlight
1b730954-1685-4b74-9bfd-dac224a7b894 - Azure Active Directory PowerShell
1fec8e78-bce4-4aaf-ab1b-5451cc387264 - Microsoft Teams
22098786-6e16-43cc-a27d-191a01a1e3b5 - Microsoft To-Do client
268761a2-03f3-40df-8a8b-c3db24145b6b - Universal Store Native Client
@richardhicks
richardhicks / Optimize-DomainControllerTlsCipherSuites.ps1
Last active March 22, 2024 18:53
Disable Insecure TLS Cipher Suites for LDAPS on Domain Controllers
# This Gist is a PowerShell script to set the SSL Cipher Suite Order Group Policy Object (GPO) for Windows Server 2016 and 2019/2022.
# Reference: https://www.dsinternals.com/en/active-directory-domain-controller-tls-ldaps/
# Security optmized cipher suite list for Windows Server 2019/2022
$Ciphers2022 = 'TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
# Security optmized cipher suite list for Windows Server 2016
$Ciphers2016 = 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
$GpoName = 'Domain Controller Security Baseline'
@nathanmcnulty
nathanmcnulty / gist:8c2e28b76f18dcdec12f78799724cffe
Created September 6, 2024 01:48
CA policy for pim-strong-reauth-compliant-device
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/conditionalAccess/policies/$entity",
"id": "876aef31-50a3-4c79-b77a-7ba8f8941317",
"createdDateTime": "2024-09-06T01:23:30.5342067Z",
"displayName": "PIM - Require strong re-authentication from compliant device",
"state": "enabledForReportingButNotEnforced",
"conditions": {
"clientAppTypes": [ "all" ],
"signInRiskLevels": [ ],
"userRiskLevels": [ ],