Windows LAPS and the migration from Microsoft LAPS

September 6, 2023August 9, 2023 by Fabian Niesen

In this era, the topic of IT security is becoming more and more important. A possible attack vector has always been the local admin passwords. In most cases, these were hard-wired into the installation image and had not been changed for years. Not only a risk from former employees. The lateral movement also poses a … Read more

The Windows SID – and an old problem

September 26, 2022 by Fabian Niesen

Get the Windows SID with script and PSGetSid

Problems with the same Windows SID have been around for a long time, be it with KMS, WSUS or in support cases. I will show you how to check this.

Set Windows target release

December 1, 2021 by Fabian Niesen

Especially in test environments, you often need an older release of Windows 10, but how can you set Windows to a target release? Many companies are currently still using Windows 10 1909, and the Enterprise Edition is still supported until 11.05.2022. Unfortunately, I can only defer the feature upgrade in Windows 10 for 365 days. This means that a newly installed Windows 10 1909 updates to 20H2.

SSTP VPN with Let’s Encrypt certificates

November 22, 2021 by Fabian Niesen

SSTP requires an SSL certificate accepted by the client. If you have an internal certificate authority, you can use this. The only thing that must be ensured is that the client can also reach the blacklist on the Internet. Many fail with this requirement. So why not use another certificate, for example a free one from Let’s encrypt.

BIOS Password managing with Dell Command | Monitor and workspace One

September 27, 2021September 27, 2021 by Sven Riebe

Today I will write me first English private Blog to share with you my project experience.

My learning since a couple of years are everyone is talking about BIOS passwords as part of security but in real life the most BIOS password will be set one time and never change in the time of using the device. With modern work and more mobility, it would be more and more complicated to change BIOS settings because not all devices are in your own network. I will show you in this blog how you could set a BIOS password on a device by PowerShell and Configuration Service Provider (CSP). All scripts are free, and you could use this own your risk without support.

German Federal Office for Information Security (German BSI) security recommendations for Windows 10

June 24, 2021June 22, 2021 by Fabian Niesen

The German Federal Office for Information Security (BSI) has published new documents on Microsoft Windows 10 and how to secure it. I looked at the BSI security recommendations for Windows 10 before I wanted to report on them. The background to this is that in the past, publications in this direction were sometimes more than outdated when they were published or they were very superficial.

Intune packaging made simple

June 24, 2021June 7, 2021 by Fabian Niesen

Excerpt from the PowerShell execution of the command Invoke-Upload.ps1

I like to work with installation wrappers for packaging. It doesn’t matter whether it’s Microsoft System Center Configuration Manager (SCCM) or Microsoft Endpoint Configuration Manager (MECM) or the Microsoft Deploment Tollkit (MDT), I have also used them for Microsoft Intune packaging.

Software management with Chocolatey

September 27, 2021May 4, 2021 by Fabian Niesen

This time it is about a so-called “freemium” software management solution. Feemium is made up of the two words “Free” and “Premium” and means that the software can be used free of charge, but certain functions cost extra. With mobile apps, this also means banner ads and annoying video commercials, but that is not the case here. This article is exclusively about the free version.

A new home for the downloads

June 24, 2021March 12, 2021 by Fabian Niesen

Microsoft Support LifeCycle for Windows Client Operating Systems

After my download solution annoyed me a few times, I outsourced the download. The new home for the downloads is GitHub. This also makes it easier for me to maintain and update.

“Domain Controller Enforcement mode” will be activated as of 9 February 2021

January 18, 2021 by Fabian Niesen

With the security update of 11 August 2020, Microsoft has addressed a security vulnerability (CVE-2020-1472). This has not yet been closed automatically, as compatibility problems may occur. How to close the vulnerability beforehand is explained in KB article 455722.