PowerMe!

Thanks Wolfgang for the note.
1)
I liked Windows Admin Center as it gives everything on the same platform. A quick and nice way to monitor updates on a remote machine, RDP, PS-remote-ing and also SMB. It uses TLS too. Windows Admin Center seems to have a module (to be subscribed) for accessing Windows servers on Azure.
2)
With the rise of Ransomware, RDP and PowerShell based remote-ing is always under scrutiny by security teams.
3)
Anyone have successfully implemented a 2FA with the RDP? I would be interested in that. I tried a 2FA using JumpCloud that was not possible, although it worked perfect on the host’s terminal. Absence of an MFA option in the Windows machines scares me most. Sometime I wonder why Microsoft is ignoring that.

Thanks Bo for the info about Cygwin- I never realized that as I always used linux too. Thanks for the reference too. Now there you go- if we are using the tool from Cygwin (unix-like) why not use a dedicated linux host.

In my experience, adding troubleshooting-tools to a production server (may be a bit our of scope. for our discussion) should be a last resort. The problem is that if you are using a buggy piece of software or forgot one that has acquired a vulnerability, you expose the production server to security risks. The only one I ever used was a portable wireshark and winpcap to troubleshoot LDAP authentication issues and to analyze packets that uses older protocols such as SMB1. But I remove them once the troubleshooting is done.

Nice article.
1) When working on network servers, I tend not add any tools unless required. My favorite in windows was pathping where I was able to assess packet loss and latency in the different hops in the connectivity test. In one used case, it helped us identify packet loss in a BGP route that was affecting a VPN to a data center. With the path ping data we were able to convince the ISP to adopt a different route.
2) When troubleshooting network congestion, I normally create test VM / host with iperf to simulate the server-client traversing a switch or firewall.
3) Thanks for the tip about fast.com. It seems like with the settings button there one can configure it to use multiple servers.

Ah makes sense. You are right that is not available with ciminstance!

I was reading, it appears they have removed get-wmiobject in powershell-6: https://docs.microsoft.com/en-us/powershell/scripting/whats-new/differences-from-windows-powershell?view=powershell-7.2#wmi-v1-cmdlets

I found a reference that used cim to achieve this, doing a Query – thought might be of interest:

https://powershell.one/wmi/root/cimv2/win32_networkadapterconfiguration-SetTcpipNetbios

win32_networkadapterconfiguration seems to be an interesting class for network config tweaking.

Great discussion on SMB.
– If you deploy Windows Admin center it alerts hosts using SMB1.
– I then wrote an brief NMAP (https://nmap.org/nsedoc/scripts/smb-protocols.html) to map the SMB version of hosts in my network. It was amazing- there were old linux servers people forgot running SMB1!
– Then I wrote a powershell script, similar to what you have shown, to change the SMB version on the windows hosts and we had people fix the linux ones.
>>> Careful though running NMAP in a network – it is always advisable to get approval from the security team!

Very nice article! The netbios ports (137-139) are scary I manually turn them off on firewall. But this is cool.

Just to share my favorite gcim (or Get-CimInstance) over Get-WmiObject. Its been a few years I am away from powershell but I remember there was a recommendation on using gcim over get-wmiobject. I think it was a security concern related to get-wmiobject (TCP 135). Here is a nice short artcile: https://devblogs.microsoft.com/scripting/using-the-powershell-cim-cmdlets-for-fun-and-profit/. Gcim also formats outputs nicely, e.g., try $adapters = (Gcim Win32_NetworkAdapterConfiguration | where {$_.IPEnabled -ne $true}) ; $adapters, I set it to “-ne ” as you probably have nbt turned off.