在 Windows 下讓 del 有個 alias name: rm

在 Windows 下讓 del 指令有個 alias name: rm

方法:

• 建立 C:\Windows\System32\rm.cmd
• 內容:
  @echo off
  del %*

結果: c:\> rm a.txt

等於: c:\> del a.txt

Open "Find Printers" by Hyperlink

Microsoft Edge

# AutoOpenFileTypes: qds

GPO: Computer Configuration → Administrative Templates → Microsoft Edge → List of file types that should be automatically opened on download

New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\AutoOpenFileTypes" -Force | Out-Null

New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\AutoOpenFileTypes" -Name "1" -Value "qds" -PropertyType String -Force | Out-Null

# AutoOpenAllowedForURLs: 只允許 intranet.contoso.com

GPO: Computer Configuration → Administrative Templates → Microsoft Edge → URLs where AutoOpenFileTypes can apply

New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\AutoOpenAllowedForURLs" -Force | Out-Null

New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\AutoOpenAllowedForURLs" -Name "1" -Value "intranet.contoso.com" -PropertyType String -Force | Out-Null

          Verify: edge://policy

Google Chrome

Make a Windows 11 Local Account Passwordless

Change this from 2 to 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device]
"DevicePasswordLessBuildVersion"=dword:00000000

Create a .reg file with the following:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device]

"DevicePasswordLessBuildVersion"=dword:00000000

Next:

Command: netplwiz
➨ Check: Users must enter a user name and password to use this computer

Deploy Java Deployment Rule Set (Eneterprise White List)

由於 PLM 版本太舊，其中的 Java 程式憑證過期，使用者使用時會彈出警告視窗
所以需要設定企業白名單，而白名單需要進行數位簽章，所以還要有憑證架構

jdk1.8.0_202 Download
https://master.dl.sourceforge.net/project/msi-installers/msi-archive-files/Java/v8u31/jre-8u31-windows-i586.exe

先產生 ruleset.xml

<?xml version="1.0" encoding="UTF-8"?>

<ruleset version="1.0+">

  <rule>

    <id location="https://plmap.contoso.com.tw/"/>

    <action permission="run"/>

  </rule>

  <rule>

    <id location="https://plmifs.contoso.com.tw:8080/"/>

    <action permission="run"/>

  </rule>

  <rule>

    <id/>

    <action permission="default"/>

  </rule>

</ruleset>

Elevate privileges using PowerShell

Start-Process cmd -Verb RunAs

Configure IIS SMTP Service to receive mail over TLS and forward to a non-TLS SMTP service on one Windows Server

Scenario

1. An older custom SMTP service only accepts unencrypted SMTP connections and does not support TLS.
2. A solution is required to receive emails over TLS using IIS SMTP Service and relay them to the custom SMTP service without encryption.
3. The goal must be achieved on a single virtual machine.

---

Environment Setup

Install two network interfaces on a single Windows Server with the following IP addresses:

• Network Interface 1: 10.11.11.11 (physical NIC)
• Network Interface 2: 10.22.22.22 (Description: Microsoft KM-TEST Loopback Adapter)

批次建立 win-acme 用 DNS Record 取得憑證的任務

批次建立 win-acme 用 DNS Record 取得憑證的任務

$RecordNames = @();
$RecordNames += "www";

$Domain = "contoso.com";

foreach ($RecordName in $RecordNames) {
    
    $FQDN = ($RecordName + '.' + $Domain);
    write-host ('Request Certificate for ' + $FQDN);

在 Azure DNS Zone 用 DNS Record 來驗證 Let's Encrypt 的 PowerShell Script

前情提要: 在 Microsoft DNS Server 上用 DNS Record 來驗證 Let's Encrypt 的 PowerShell Script

AzureDNSZoneVerification.ps1

# -Step "create" -Identifier "{Identifier}" -RecordName "{RecordName}" -Token "{Token}"

# -Step "delete" -Identifier "{Identifier}" -RecordName "{RecordName}" -Token "{Token}"

param (

[string]$Step,

[string]$Identifier,

[string]$RecordName,

[string]$Token

);

[string]$AzureResourceGroupName = "Infra_Network"

[string]$ZoneName = "contoso.com"

[int]$TTL = 3600

write-host ('Step: ' + $Step);

write-host ('Identifier: ' + $Identifier);

write-host ('RecordName: ' + $RecordName);

write-host ('Token: ' + $Token);

PowerShell 更新 IIS Site Bind SSL Cert

$PublishedURL = "www.contoso.com"
$IISSiteName = "www.contoso.com"

$PFXPath = "C:\Cert\Cert\"
$Password = "password"

$PFXFullPath = "$PFXPath$PublishedURL.pfx"

$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfx.Import($PFXFullPath, $Password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::EphemeralKeySet)

Import-Module IISAdministration

在 Exchange Online 如果寄給某個外部網域的信件無法送達，不要退信給原寄件者

在 Exchange Online 如果寄給某個外部網域的信件無法送達，不要退信給原寄件者
方法是透過 Remote Domain 設定停用 NDR（Non-Delivery Report）

首先要建立 Remote Domain (在 EAC Mail flow -> Accepted domains)
New-RemoteDomain -Name "DomainNameOne" -DomainName "Domain.Name.One"
New-RemoteDomain -Name "DomainNameTwo" -DomainName "Domain.Name.Two"

停用 NDR必須用 PowerShell 指令，EAC 不支援 (這裡的 -Identity 是上面的 -Name)

Set-RemoteDomain -Identity "DomainNameOne" -NDREnabled $false
Set-RemoteDomain -Identity "DomainNameTwo" -NDREnabled $false