Powershell Security at Enterprise Customers

TL;DR; (“too long; didn’t read”)

There are some people who don´t have the time to read the whole text – if you are familiar with the topic the text in bold includes the most important points and is just for you.

The most important points to enforce Powershell Security is to use the newest Versions (OS and Powershell), use whitelisting and enforcing the usage of the ConstrainedLanguageMode and establish a good rights structure with frequent centralized logging and validate all the new features coming with the new Windows 10 Versions. And now in more detail:

Continue reading

PS – CleanUp HDD

Hello together,

today i want to show you a simple but effective method to cleanup your HDD. This will also remove the installation data of previous installations and may prompt therefore for authorization. Run it with admin rights.

CleanUp.png

More information here

Set-Location 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\'

foreach ($item in $(Get-ChildItem).PSPath)
{
    if (-not (Get-ItemProperty -Path $item -Name 'StateFlags1234'))
    {
        New-ItemProperty -Path $item -Name 'StateFlags1234' -Value 2
    }
}

cleanmgr.exe /sagerun:1234 

Greetings,

David

Client – Repairing Win 10 Apps with PS

Hello together,

today i want to share with you just two Powershell commands to reinstall Cortana or the Windows App Store if you are facing some problems with these:

Cortana:

Get-AppXPackage -Name Microsoft.Windows.Cortana | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}

Windows App Store:

Get-AppXPackage *WindowsStore* -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

Greetings,

David

Client – WMI-Repair

Hello together,

most of you which worked in a servicedesk or with many computers will know WMI-errors. Sometimes the WMI of a computer gets corrupted and depending products like the SCCM-agent stops working properly. Herefore try to use the following script which repairs and rebuilds the WMI of the computer. But see this procedure as last line of defense – if you do not have any other options, try this one and restart twice.
Herefore just copy the whole script into a batch file and execute it as administrator.

winmgmt /resyncperf
winmgmt /salvagerepository
winmgmt /resetrepository
sc config winmgmt start= disabled
net stop winmgmt /y
net stop ccmexec /y
%systemdrive%
cd %windir%\system32\wbem
For /f %%s in ('dir /b *.dll') do regsvr32 /s %%s
::regsvr32 wmisvc.dll
net start winmgmt
net start ccmexec
for /f %%s in ('dir /b *.mof *.mfl') do mofcomp %%s

Good look on reparing the clients.

~ David

Windows Client – failing Updates

Hello together,

i have worked in a 3rd level support desk where we had to fight against many errors with Windows updates. By this time i worked out a script which fixed nearly all of the errors at the first try.

The DISM commands are only availlable on Windows 8 / 10 devices.
Just copy the whole script into a batch file and execute it as administrator.

DISM /Online /Cleanup-Image /CheckHealth
DISM /Online /Cleanup-Image /ScanHealth
DISM /Online /Cleanup-Image /RestoreHealth
DISM /Online /Cleanup-Image /ScanHealth

sfc /scannow
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log > c:\windows\logs\cbs\sfcdetails.log

net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
ren %WINDIR%\SoftwareDistribution SoftwareDistribution.bak
ren %WINDIR%\System32\catroot2 catroot2.bak
net start wuauserv
net start cryptSvc
net start bits
net start msiserver

fsutil resource setautoreset true c:\
echo #### Info:
fsutil resource info C:

echo MSI
sc config msiserver start= demand
Net stop msiserver
MSIExec /unregister
MSIExec /regserver
regsvr32.exe /s %windir%\system32\msi.dll
Net start msiserver
sc config msiserver start= auto

shutdown /g /t 60

In c:\windows\logs\cbs\sfcdetails.log the log of the sfc is stored. It is always good to throw an eye into this log. Sometimes trivial errors are visible in here.

After the usage of the script the computer has to be rebooted twice. This is an experience value because of the sfc and the fsutil command.

If the error persists you have also more steps you can do. One of the first things should be to do a clean boot. Some programs intervent the update process – for example firewall, anti virus etc. If it gets little harder you should analyze the cbs.log which is stored under c:\windows\logs\CBS\cbs.log and also the DISM log (if Win 8 or 10) stored in c:\windows\logs\DISM.

You can gather also some information in the eventlogs. Herefore open the eventviewer and the tab “Installation”. All elements with the ID “3” are errors.

If you use still Windows 7 you have the option to try also the CheckSUR. This “Hotfix” will prove all installed updates and try to repair them. You can find it here.
Be sure that you download the correct version for your OS and let it run. It may take several time up to some hours. When its finished it will also write a log-file in c:\windows\logs\cbs\checksur.log.
You should verify it to get more hints what the main problem is.

If you find any errors you can resolve them like specified here

Good look and please prevent me with feedback if you were lucky using this methode.

~David