AD CS – PKI – Maintenance

Posted by on 27. J 2024 in Blog

Here are the commands to clenaup a Microsoft Certificate Authority. It doesn’t do it by itself. This is a good thing, if you’re using some Key Archival-tech. But I’ve only ever used it for Always on VPN or Wi-Fi-access, so I don’t care if the expired certificates get cleaned up. Now you’re warned 🙂 This can take a LONG time, if you’ve never done it before – I recommend doing it in batches. First, find out how old your earliest...

Read More »

Microsoft Edge – Disable annoyances via registry

Posted by on 20. J 2023 in Blog

Annoying features, that I’d like default disabled (but perhaps configurable by user, if they actively seek it) [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\Recommended] “EdgeShoppingAssistantEnabled”=dword:00000000 “FavoritesBarEnabled”=dword:00000000 “PinBrowserEssentialsToolbarButton”=dword:00000000 “QuickSearchShowMiniMenu”=dword:00000000 “TranslateEnabled”=dword:00000000...

Read More »

Windows Firewall / Wi-Fi Public vs Private profiles

Posted by on 14. J 2023 in Blog

This is just for my personal notes – I’m using this method to make sure that a machine is unable to browse the internet, unless VPN is connected. Ofc you also need to define outbound rules for your vpn-host. And also make a rule, that allow connecting to your DCs from any profile (that way it can detect if it’s on a domain-network instead and change a profile to that). If using Always-On-VPN, then also make a rule to let NlaSvc-service connect to anything ...

Read More »

Powershell – SecureString in batchjobs / Scheduled Tasks

Posted by on 29. J 2023 in Blog

For automation and security purposes, you can create a file with an encrypted password. The encrypted password is only usable with the same user, that creates the file and it has to be on the same machine. So there’s no use in copying the file around and using another user. You could probably also store this string in registry, if you’d like to. I haven’t tried this, though. Create file with encrypted password: Read-Host "Enter password" -AsSecureString |...

Read More »

ConfigMgr – Remove Google Chrome with batch-file .cmd

Posted by on 07. J 2022 in Blog

I got an assignment. Remove Google Chrome completely from all computers in the organisation. Even if it’s user-based (aka not admin-installed but user-based) Chrome can be installed in many different way: User-based (AppData\Local) msi-based (msiexec /i googleenterprise.msi /passive /norestart) other-thingie-based (where there’s a setup.exe ensuring updates, I think) The last one and user-based are tricky, when wanting to uninstall every Chrome in the...

Read More »