• Thanks Surender.

    I thought it was a profile issue and tried that earlier- no help.

    I even added Windows PowerShell to the exclusion in defender, no help.

    Its a lab machine where I had my Hyper-v server – I could refresh it but wanted to know the issue in case it affects a production server.

     

  • Hi all,

    I have a strange issue with PowerShell. All forms of access take a long time (~5 min) to load. The window stays in a partially open state as in the screenshot.

    1. PowerShell 5.1, 7
    2. PowershelISE
    3. PowerShell launched from the CLI

    I tried to remove it from Server Manager and restart. I wonder how to troubleshoot this.

     

    unresponsive powershell windows.

  • Thanks Wolfgang for the note.
    1)
    I liked Windows Admin Center as it gives everything on the same platform. A quick and nice way to monitor updates on a remote machine, RDP, PS-remote-ing and also SMB. It uses TLS too. Windows Admin Center seems to have a module (to be subscribed) for accessing Windows servers on Azure.
    2)
    With the rise of Ransomware, RDP and PowerShell based remote-ing is always under scrutiny by security teams.
    3)
    Anyone have successfully implemented a 2FA with the RDP? I would be interested in that. I tried a 2FA using JumpCloud that was not possible, although it worked perfect on the host’s terminal. Absence of an MFA option in the Windows machines scares me most. Sometime I wonder why Microsoft is ignoring that.

  • PowerMe! liked the comment of Wolfgang Sommergut (Rank 3) on Different ways of gaining remote computer access. (So far, Wolfgang Sommergut (Rank 3) has 1 likes for this comment) 6 months, 1 week ago

  • Thanks Bo for the info about Cygwin- I never realized that as I always used linux too. Thanks for the reference too. Now there you go- if we are using the tool from Cygwin (unix-like) why not use a dedicated linux host.

    In my experience, adding troubleshooting-tools to a production server (may be a bit our of scope. for our discussion) should be a last resort. The problem is that if you are using a buggy piece of software or forgot one that has acquired a vulnerability, you expose the production server to security risks. The only one I ever used was a portable wireshark and winpcap to troubleshoot LDAP authentication issues and to analyze packets that uses older protocols such as SMB1. But I remove them once the troubleshooting is done.

  • PowerMe! liked the comment of Bo Geitz (Rank 2) on Free network speed test tools. (So far, Bo Geitz (Rank 2) has 1 likes for this comment) 6 months, 3 weeks ago

  • PowerMe! liked the comment of Bo Geitz (Rank 2) on Free network speed test tools. (So far, Bo Geitz (Rank 2) has 1 likes for this comment) 6 months, 3 weeks ago

  • PowerMe! liked the comment of Surender Kumar (Rank 3) on Free network speed test tools. (So far, Surender Kumar (Rank 3) has 1 likes for this comment) 6 months, 3 weeks ago

  • Nice article.
    1) When working on network servers, I tend not add any tools unless required. My favorite in windows was pathping where I was able to assess packet loss and latency in the different hops in the connectivity test. In one used case, it helped us identify packet loss in a BGP route that was affecting a VPN to a data center. With the path ping data we were able to convince the ISP to adopt a different route.
    2) When troubleshooting network congestion, I normally create test VM / host with iperf to simulate the server-client traversing a switch or firewall.
    3) Thanks for the tip about fast.com. It seems like with the settings button there one can configure it to use multiple servers.

  • PowerMe! liked Free network speed test tools. (So far, This post has 1 likes) 6 months, 3 weeks ago

  • PowerMe! liked the comment of Surender Kumar (Rank 3) on Enable two-factor authentication for SSH in Linux. (So far, Surender Kumar (Rank 3) has 1 likes for this comment) 6 months, 3 weeks ago

  • Ah makes sense. You are right that is not available with ciminstance!

    I was reading, it appears they have removed get-wmiobject in powershell-6: https://docs.microsoft.com/en-us/powershell/scripting/whats-new/differences-from-windows-powershell?view=powershell-7.2#wmi-v1-cmdlets

    I found a reference that used cim to achieve this, doing a Query – thought might be of interest:

    https://powershell.one/wmi/root/cimv2/win32_networkadapterconfiguration-SetTcpipNetbios

    win32_networkadapterconfiguration seems to be an interesting class for network config tweaking.

  • PowerMe! liked the comment of Surender Kumar (Rank 3) on SMB port number: Ports 445, 139, 138, and 137 explained. (So far, Surender Kumar (Rank 3) has 2 likes for this comment) 6 months, 3 weeks ago

  • PowerMe! liked the comment of Surender Kumar (Rank 3) on Set up a VPN server on Windows with SoftEther and connect clients. (So far, Surender Kumar (Rank 3) has 1 likes for this comment) 6 months, 3 weeks ago

  • Great discussion on SMB.
    – If you deploy Windows Admin center it alerts hosts using SMB1.
    – I then wrote an brief NMAP (https://nmap.org/nsedoc/scripts/smb-protocols.html) to map the SMB version of hosts in my network. It was amazing- there were old linux servers people forgot running SMB1!
    – Then I wrote a powershell script, similar to what you have shown, to change the SMB version on the windows hosts and we had people fix the linux ones.
    >>> Careful though running NMAP in a network – it is always advisable to get approval from the security team!

  • Very nice article! The netbios ports (137-139) are scary I manually turn them off on firewall. But this is cool.

    Just to share my favorite gcim (or Get-CimInstance) over Get-WmiObject. Its been a few years I am away from powershell but I remember there was a recommendation on using gcim over get-wmiobject. I think it was a security concern related to get-wmiobject (TCP 135). Here is a nice short artcile: https://devblogs.microsoft.com/scripting/using-the-powershell-cim-cmdlets-for-fun-and-profit/. Gcim also formats outputs nicely, e.g., try $adapters = (Gcim Win32_NetworkAdapterConfiguration | where {$_.IPEnabled -ne $true}) ; $adapters, I set it to “-ne ” as you probably have nbt turned off.

  • Load More
© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account