Diskpart – Dual partition boot disk for Windows

Posted by on 30. J 2024 in Blog

If the media creation tool is failing for some reason – you can make a bootable USB yourself. This is for my reference. cmd (run as administrator) diskpart list disk (select the disk, that is the usb drive) fx: select disk 2 clean convert mbr create partition primary size=1024 format fs=fat32 quick assign active create partition primary select partition 2 format fs=ntfs quick assign exit copy everything but sources-folder to the fat32-drive copy sources to ntfs-drive...

Read More »

AD CS – PKI – Maintenance

Posted by on 27. J 2024 in Blog

Here are the commands to clenaup a Microsoft Certificate Authority. It doesn’t do it by itself. This is a good thing, if you’re using some Key Archival-tech. But I’ve only ever used it for Always on VPN or Wi-Fi-access, so I don’t care if the expired certificates get cleaned up. Now you’re warned 🙂 This can take a LONG time, if you’ve never done it before – I recommend doing it in batches. First, find out how old your earliest...

Read More »

Microsoft Edge – Disable annoyances via registry

Posted by on 20. J 2023 in Blog

Annoying features, that I’d like default disabled (but perhaps configurable by user, if they actively seek it) [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\Recommended] “EdgeShoppingAssistantEnabled”=dword:00000000 “FavoritesBarEnabled”=dword:00000000 “PinBrowserEssentialsToolbarButton”=dword:00000000 “QuickSearchShowMiniMenu”=dword:00000000 “TranslateEnabled”=dword:00000000...

Read More »

Windows Firewall / Wi-Fi Public vs Private profiles

Posted by on 14. J 2023 in Blog

This is just for my personal notes – I’m using this method to make sure that a machine is unable to browse the internet, unless VPN is connected. Ofc you also need to define outbound rules for your vpn-host. And also make a rule, that allow connecting to your DCs from any profile (that way it can detect if it’s on a domain-network instead and change a profile to that). If using Always-On-VPN, then also make a rule to let NlaSvc-service connect to anything ...

Read More »

Powershell – SecureString in batchjobs / Scheduled Tasks

Posted by on 29. J 2023 in Blog

For automation and security purposes, you can create a file with an encrypted password. The encrypted password is only usable with the same user, that creates the file and it has to be on the same machine. So there’s no use in copying the file around and using another user. You could probably also store this string in registry, if you’d like to. I haven’t tried this, though. Create file with encrypted password: Read-Host "Enter password" -AsSecureString |...

Read More »