- Details
- Written by: po3dno
- Category: Windows
- Hits: 19
https://dist.nuget.org/win-x86-commandline/latest/nuget.exe
%USERPROFILE%\AppData\Local\Microsoft\WindowsApps
nuget add new_package.1.0.0.nupkg -source \\myserver\packages
Setup Proxy
First you’ll need to tell your PowerShell session to use your proxy. You might also need to change the TLS protocol that’s accepted. Basically, what’s happening above is just a bad error message. It’s not verbose enough to say “HTTPS failure” or anything like that.
$proxy = '<YOUR CORPORATE PROXY HERE>' # update this
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
[system.net.webrequest]::defaultwebproxy = new-object system.net.webproxy($proxy)
[system.net.webrequest]::defaultwebproxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
[system.net.webrequest]::defaultwebproxy.BypassProxyOnLocal = $true
Update Package Providers
This is similar-ish to sudo apt-get update. The first line gives you the package provider itself, the second registers PSGallery and the third installs PowerShellGet, which is basically an installer that a lot of packages use.
Install-PackageProvider -Name nuget -Scope AllUsers -Confirm:$false -Force -MinimumVersion 2.8.5.201
Register-PSRepository -Default -verbose
Install-Module -Name PowerShellGet -Scope AllUsers -Confirm:$false -Force -AllowClobber -MinimumVersion 2.2.4 -SkipPublisherCheck- Details
- Written by: po3dno
- Category: Windows
- Hits: 29
If you used Group Policy, disable the Group Policy setting that you used to enable Windows Defender Credential Guard (Computer Configuration -> Administrative Templates -> System -> Device Guard -> Turn on Virtualization Based Security).
Delete the following registry settings:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LsaCfgFlags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags
If you also wish to disable virtualization-based security delete the following registry settings:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures
If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.
Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
mountvol X: /s
copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
mountvol X: /d- Details
- Written by: po3dno
- Category: Windows
- Hits: 61
Если перед запуском обновления Inplace заданы следующие записи реестра, Windows 11 больше не отображает мастер приветствия для этого пользователя при первом входе в систему (записи относятся к HKCU, поэтому они связаны с пользователем). Вот обязательные записи:
необходимо ввести в соответствующую учетную запись пользователя в Windows 10 перед обновлением. Записи реестра можно установить с помощью пакетной программы. Маркус отметил, что в более крупных средах записи, безусловно, можно развертывать через GPO. Если все работает, Мастер приветствия больше не должен доставлять неудобства.
- Details
- Written by: po3dno
- Category: Windows
- Hits: 264
When you join a machine to the domain, by default it will be placed in the Computers container under the root of the domain. This can be undesirable, particularly if you want to apply distinct Group Policy to machines when they are initially joined to the domain. Fortunately, Active Directory lets you change the default location for new Computer accounts. The best way to make this change is with the redircmp tool that is included with Windows Server. For example, to redirect new computers in the cohovines.com domain to an Organizational Unit called NewComputers, run this command:
redircmp "OU=NewComputers,DC=cohovines,DC=com"
Under the covers, the redircmp tool updates an attribute of the domain NC head object called wellKnownObjects. The wellKnownObjects attribute contains a list of well known GUIDs and a distinguished name for each GUID. By using GUIDs, the path to an object can be dynamic without the client needing to be aware of anything other than the GUID for the object it is searching for. In this case, the aa312825-7688-11d1-aded-00c04fd8d5cd GUID is how Active Directory keeps track of the default location for new computer objects. You can use a tool like LDP to look at the wellKnownObjects attribute of the domain as shown below:
- Details
- Written by: po3dno
- Category: Windows
- Hits: 228
<#
License terms
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.
#>
#get all Shares
$shares = Get-WmiObject -Class Win32_Share
$shareList = New-Object -TypeName System.Collections.ArrayList
foreach ($share in $shares) {
#excluding default shares
if (($share.Name -notmatch '(?im)^[a-z]{1,1}\$') -and ($share.Name -notmatch '(?im)^[admin]{5,5}\$') -and ($share.Name -notmatch '(?im)^[ipc]{3,3}\$') -and ($share.Name -notmatch '(?im)^[print]{5,5}\$') ) {
$shareAccessInfo = ''
$ntfsAccessInfo = ''
#extract permissions from the current share
$fileAccessControlList = Get-Acl -Path $($share.Path) | Select-Object -ExpandProperty Access | Select-Object -Property FileSystemRights, AccessControlType, IdentityReference
#excluding uncritical information as Builtin Accounts as Administratrators, System, NT Service and Trusted installer
foreach ($fileAccessControlEntry in $fileAccessControlList) {
if (($fileAccessControlEntry.FileSystemRights -notmatch '\d') -and ($fileAccessControlEntry.IdentityReference -notmatch '(?i)Builtin\\Administrators|NT\sAUTHORITY\\SYSTEM|NT\sSERVICE\\TrustedInstaller')) {
$ntfsAccessInfo += "$($fileAccessControlEntry.IdentityReference); $($fileAccessControlEntry.AccessControlType); $($fileAccessControlEntry.FileSystemRights)" + ' | '
}
} #END foreach ($fileAccessControlEntry in $fileAccessControlList)
$ntfsAccessInfo = $ntfsAccessInfo.Substring(0,$ntfsAccessInfo.Length - 3)
$ntfsAccessInfo = $ntfsAccessInfo -replace ',\s?Synchronize',''
#getting share permissions
$shareSecuritySetting = Get-WmiObject -Class Win32_LogicalShareSecuritySetting -Filter "Name='$($share.Name)'"
$shareSecurityDescriptor = $shareSecuritySetting.GetSecurityDescriptor()
$shareAcccessControlList = $shareSecurityDescriptor.Descriptor.DACL
#converting share permissions to be human readable
foreach($shareAccessControlEntry in $shareAcccessControlList) {
$trustee = $($shareAccessControlEntry.Trustee).Name
$accessMask = $shareAccessControlEntry.AccessMask
if($shareAccessControlEntry.AceType -eq 0) {
$accessType = 'Allow'
} else {
$accessType = 'Deny'
}
if ($accessMask -match '2032127|1245631|1179817') {
if ($accessMask -eq 2032127) {
$accessMaskInfo = 'FullControl'
} elseif ($accessMask -eq 1179817) {
$accessMaskInfo = 'Read'
} elseif ($accessMask -eq 1245631) {
$accessMaskInfo = 'Change'
} else {
$accessMaskInfo = 'unknown'
}
$shareAccessInfo += "$trustee; $accessType; $accessMaskInfo" + ' | '
}
} #END foreach($shareAccessControlEntry in $shareAcccessControlList)
if ($shareAccessInfo -match '|') {
$shareAccessInfo = $shareAccessInfo.Substring(0,$shareAccessInfo.Length - 3)
}
#putting extracted information together into a custom object
$myShareHash = @{'Name'=$share.Name}
$myShareHash.Add('FileSystemSPath',$share.Path )
$myShareHash.Add('Description',$share.Description)
$myShareHash.Add('NTFSPermissions',$ntfsAccessInfo)
$myShareHash.Add('SharePermissions',$shareAccessInfo)
$myShareObject = New-Object -TypeName PSObject -Property $myShareHash
$myShareObject.PSObject.TypeNames.Insert(0,'MyShareObject')
#store the custom object in a list
$null = $shareList.Add($myShareObject)
} #END if (($share.Name -notmatch '(?im)^[a-z]{1,1}\$') -and ($share.Name -notmatch '(?im)^[admin]{5,5}\$') -and ($share.Name -notmatch '(?im)^[ipc]{3,3}\$') )
} #END foreach ($share in $shares)
$shareList