Does my server need Internet Explorer?

Do I need internet explorer on my server?
A: No, there should be no need to have IE on a server unless you are using an application that specifically requires an IE component or you are using IIS and need to get to localhost to log in. (I have seen companies say that IE is required so they could render a “everything is ok” website from localhost, we can get around this by simply using¬ Invoke-WebRequest … but I digress.)
Continue reading “Does my server need Internet Explorer?”

Is your DFS structure up to date?

Distributed File System is a technology that has been around since the days of NT 4.0 so as you can imagine entropy can run wild in a DFS structure. It is paramount to remove old targers to servers gone the way of the zune player: We have all heard the phrase “My computer is slow” and depending on the end users clout in the company and your position in the company, the ticket for the slow computer may end up on your desk.
Continue reading “Is your DFS structure up to date?”

Securing the Guest account

Thanks to WMI and well known sids we can query a computer for the status of user accounts, lets start with the simple query seen here:








From the results of the query we can see that the SID of the built in guest account ends in ‘-501’. so if we run the query

Get-WmiObject -Class Win32_UserAccount|where {$_.sid -like "*-501"}

or better yet (accounting for domain accounts)

Get-WmiObject -Class Win32_UserAccount -Filter  "LocalAccount='True'" |where {$_.sid -like "*-501"}

which shows us some simple info about the user

ensuring that we have the correct user we can use the command ‘Net User‘ to set the password.¬ below is what I use to set a complex 20 character random password for the guest account:

Net User ((Get-WmiObject -Class Win32_UserAccount -Filter  "LocalAccount='True'" |where {$_.sid -like "*-501"}).name) (('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+='.ToCharArray()|Get-Random -Count 20) -join "")