Monday, August 26, 2013

Three hints for Active Directory

1: How to get distinguished name through powershell from a computer without using Active Directory module


$filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$env:COMPUTERNAME))"
([adsisearcher]$filter).FindOne().Properties.distinguishedname

Compliments to Shay: http://stackoverflow.com/questions/11146264/get-current-computers-distinguished-name-in-powershell-without-using-the-active


2: How to get Domain controller to see Security Policies.

Apparently, as part of the design, AD will not see security properties from it's own GPO unless they are defined at the global scope.

Which mean, if you're trying to lock down AD to some security spec, such as CIS, you'll have to define hardened policies at the global scope. If you dont want your nodes to be as locked down as the AD, you'll have to enforce the GPO with relaxed settings at the node OU to overwrite global.

A bit of a headache if you ask me.... especially since it took me nearly a day and a half to find an answer.
http://support.microsoft.com/kb/259576


3:  Exposing MSS settings (some hardening specs such as CIS calls for it)

Note: You can edit GPO from any server where GPMC is installed, so this tool can be installed on any 2k8 server in the domain (no reason to clutter up the AD).

* Install Security Compliance Management Toolkit.
(http://www.microsoft.com/downloads/details.aspx?FamilyID=5534bee1-3cad-4bf0-b92b-a8e545573a3e&displaylang=en)
-- the installer will probably fail to work...it's probably by design.

* Install SQL express manually. Use any version.
* Re-run Security Compliance Management Toolkit installer.
* Click the Start, click All Programs, Microsoft Security Compliance Manager, Local GPO.
* Install LocalGPO.MSI
* Go to the folder where you installed the MSI (default is C:\Program Files (x86)\LocalGPO) and
* From Administrative command prompt run: cscript LocalGPO.wsf /ConfigSCE and then press ENTER.
* Open GPO editor
* Navigate to Computer Config -> Policies -> Windows settings -> Security Settings -> Local Policies -> Security Options

BOOM MSS is now visible.



Monday, August 5, 2013

Subduing sublime - moving out of quotes with ease

Yet another entry shamelessly stolen from another blog.

I just started using Sublime and I really dig the bracket and quote auto completion, but it immediately became apparent to me, that it pisses me off as much as it helps me. There is no really good way to move out of the brackets without either typing them out - which defeats the purpose of auto completion in the first place, using arrow keys, using end key, or god forbid using the mouse.

The only built in functionality is control+enter which gets you a new line - not something you want every time.

The answer is to create your own key binding - below example gets you out of all kinds of brackets (the kind I use at least) and gives you a good template for setting it up for your own use.

For practice I setup 2 keys to do same thing: Tab and Enter. Might end up changing it later, or making it Shift+Enter or something


Preferences > Key Bindings -- User



{ "keys": ["enter"], "command": "move", "args": {"by": "characters", "forward": true},
  "context":
  [
      { "key": "following_text", "operator": "regex_contains", "operand": "^[})\\]'\"]", "match_all": true },
      { "key": "preceding_text", "operator": "regex_contains", "operand": "[{(['\"]", "match_all": true },
      { "key": "auto_complete_visible", "operator": "equal", "operand": false }
  ]
},
{ "keys": ["tab"], "command": "move", "args": {"by": "characters", "forward": true},
  "context":
  [
      { "key": "following_text", "operator": "regex_contains", "operand": "^[})\\]'\"]", "match_all": true },
      { "key": "preceding_text", "operator": "regex_contains", "operand": "[{(['\"]", "match_all": true },
      { "key": "auto_complete_visible", "operator": "equal", "operand": false }
  ]
}


Plug goes out to: http://www.codejury.com/fixing-some-of-sublime-texts-annoyances/