tag:blogger.com,1999:blog-85046799970291239222024-03-16T09:11:01.741+08:00Dino9021技術記事與生活Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.comBlogger423125tag:blogger.com,1999:blog-8504679997029123922.post-46308524150774371052024-01-30T10:35:00.004+08:002024-01-30T10:53:36.974+08:00Windows Firewall Block Public InBound 80 PortWindows Firewall Block Public InBound 80 Port$FWGroupName = "BlockPublicInBound80Port";# Remove Rule$Remove = New-NetFirewallRule -DisplayName "RemovePrepare" -Group $FWGroupName -Direction inbound -Program "C:\windows\system32\calc.exe" -Action Block -RemoteAddress $BlockIPsRemove-NetFirewallRule -Group $FWGroupName -Confirm:$False# Add Rule$BlockIPs = @("0.0.0.1-9.255.255.255", "Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-2834475841907033572023-12-12T16:28:00.001+08:002023-12-20T16:29:27.628+08:00 40號桌。40號桌。在等待慣性遲到的她抵達之前,先見到的竟是我相依為命的母親。母親在那套著縫縫補補椅套的桌前坐了下來,我問:「待會兒她來了,妳是要去樓上吃飯還是先回家?」母親眼睛咕溜溜地轉了一下,停了半晌:「我先回去好了。」登時心中五味雜陳:『我沒有趕妳回去的意思呀。』就在母親起身時,貌似老年癡呆的感覺襲上心頭,而遠處見到她正向這裡走來。於是夢醒了,沒有見著她長得什麼模樣,臉是一團模糊的馬賽克。『嘛,還好只是個夢』Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-84589106261928235602023-08-30T14:37:00.002+08:002023-12-20T16:43:30.673+08:00PowerShell Script to Change Public IP Address of VM on Azure需搭配 Connect-AzAccount with Saved Encryped Credential in Powershell 實現自動化
Param (
[String]$VMName = ''
);
if ($VMName -eq '') {
exit;
};
Set-Location -Path ('C:\ChangeVMPublicIP');
if (Test-Path -Path (($VMName) + '.Lock')) {
if ((Get-Date) -lt (Get-Item -Path (($VMName) + '.Lock')).LastWriteTime.AddMinutes(5)) {
Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-70917694087043408802023-08-28T13:13:00.005+08:002023-08-28T13:13:56.546+08:00PowerShell 取得 UTF-8 中英文夾雜之字串長度 $StringLength = 0; foreach ($Word in ($String -Split '')) { if ([System.Text.Encoding]::UTF8.GetByteCount($Word) -gt 1) { $StringLength += 2; } else { $StringLength += [System.Text.Encoding]::UTF8.GetByteCount($Word); }; };Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-42050832256210265192023-07-18T14:37:00.006+08:002023-07-18T14:37:47.634+08:00PowerShell Escape HTML Code UrlEncodePowerShell Escape HTML Code UrlEncode [URI]::EscapeUriString($URL);Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-26684885450125341372023-02-20T14:37:00.007+08:002023-02-20T14:37:49.471+08:00指定 PowerShell AD Command 作用的 Domain Controller $PSDefaultParameterValues=@{ "*-ADGroupMember:Server"="DC01.Contoso.com"}Add-ADGroupMember -Identity "GroupName" -Members "Dino9021"Reference:https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parameters_default_values?view=powershell-5.1Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-61485610927651809492022-10-06T16:36:00.005+08:002022-10-06T16:38:55.612+08:00Enable support for TLS 1.2 for Microsoft Cloud Service (Exchange、AVD、Teams....etc.)近幾個月微軟更新雲端服務,幾乎各種連線都開始只支援 TLS 1.2如果還沒更新或開啟的話就會出現各種連不上、帳號驗證失敗等等問題參考微軟說明開啟即可Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows上述網頁中的 EasyFix 直連按這裡或是跑 PowerShellSet-ExecutionPolicy -ExecutionPolicy RemoteSigned -ForceIf (-Not (Test-Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319')) { New-Item 'HKLM:\SOFTWARE\WOW6432Node\Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-34200186030135236972022-10-04T09:26:00.005+08:002022-10-04T09:31:10.069+08:00Store Birlocker Recovery Password To AD via GPO and PowershellComputer Configuration (Enabled)=> Policies=> => Windows Settings=> => => Scripts=> => => => Startup=> => => => => StoreBitlockerRecoveryRasswordToAD.ps1 =======================================================ACL Add Allow Domain Computers to Read and Execute=======================================================$keyID = Get-BitLockerVolume Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-60693497466783809642022-10-03T09:47:00.015+08:002022-10-04T09:28:48.109+08:00Deal with Azure Virtual Desktop FSLogix failed to attach user profile disk (Open File)User 在登入 Azure Virtual Desktop 的時候出現無法掛載 User Profile Disk 的問題經過檢查該 User 沒有任何殘留的 Session 在同一個 Host Pool 的任何一台 Session Host 上思考方向是 User Profile Disk 在某個 Sign-out event 沒有被正常 Detached 導致 Open File 的問題處理方式:以 PoweShell 先登入 Azure Account Connect-AzAccount選取可管理該 User Profile Disk 所存放 Storage Account 的 Subscription Select-AzSubscriptionSelect -subscriptionid 'Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-30633268352223603282022-09-29T10:20:00.013+08:002022-09-29T10:21:21.460+08:00Password Recover for Remote Desktop Connection Manager (RDCM 密碼找回)把 RDCMan.exe Copy 並變更副檔名為 dll => RDCMan.dllPowerShell 指令: Import-module [Path]\RDCMan.dll用純文字編輯軟體 (ex: Notepad、Notepad++) 開啟儲存的 RDCM.rdg 檔案找到需要的連線目標項目裡面的 <password> 段並複製該段內容揮揮魔法棒實現還原魔法$pwdstring= '步驟4複製的加密內容';$EncryptSettings = new-object -TypeName RdcMan.EncryptionSettings;$PlantPassword = [RdcMan.Encryption]::DecryptString($pwdstring,$EncryptSettings)$PlantPasswordDino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-83527846512000814772022-09-27T10:23:00.006+08:002022-09-29T10:21:41.084+08:00Apache 圖片網址根據解析度 RewiteLine Bot 發送圖片需要有各種解析度的 URL但若要產生各種解析度的圖片會耗費太多時間造成 Timeout所以直接寫 Rewrite 到最高解析度的圖片 URL 就好寫在 Virtual Host 段如果有多個不同路徑都會用到相同功能可以寫多個 Directory <VirtualHost *:80> <Directory "${SITEROOT}/www.contoso.com/image"> <IfModule rewrite_module> RewriteEngine On RewriteRule ^(.*)/240 /image/$1 [L] RewriteRule ^(.*)/300 /image/$1 [L] RewriteRule ^(.*)/460 /image/$1 [L] RewriteRuleDino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-42525285306924965752022-09-26T12:51:00.006+08:002022-09-26T13:08:00.614+08:00用 DNS Record 驗證 Let's Encrypt 後打包丟給 Web Server 提供下載 Part-3本系列共三篇:用 DNS Record 驗證 Let's Encrypt 後打包丟給 Web Server 提供下載 Part-1用 DNS Record 驗證 Let's Encrypt 後打包丟給 Web Server 提供下載 Part-2用 DNS Record 驗證 Let's Encrypt 後打包丟給 Web Server 提供下載 Part-3承上一篇 用 DNS Record 驗證 Let's Encrypt 後打包丟給 Web Server 提供下載 Part-2本篇是以 PowerShell 向 Web Server 自動下載憑證的階段 (雙向加密傳輸)WebRoot/AAPI/Cert/GetCert.php on Web Server#-----------------------------------------------------------Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-54457731108218635322022-09-26T12:31:00.013+08:002022-09-26T13:03:01.769+08:00用 DNS Record 驗證 Let's Encrypt 後打包丟給 Web Server 提供下載 Part-2本系列共三篇:用 DNS Record 驗證 Let's Encrypt 後打包丟給 Web Server 提供下載 Part-1用 DNS Record 驗證 Let's Encrypt 後打包丟給 Web Server 提供下載 Part-2用 DNS Record 驗證 Let's Encrypt 後打包丟給 Web Server 提供下載 Part-3承上一篇 用 DNS Record 驗證 Let's Encrypt 後打包丟給 Web Server 提供下載 Part-1本篇是 Web Server 提供手動下載的階段WebRoot/Cert/config.php#--------------------------------------------------------------------------------<?php// -----$Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-17120183963114591722022-09-26T12:13:00.009+08:002022-09-26T13:02:43.873+08:00用 DNS Record 驗證 Let's Encrypt 後打包丟給 Web Server 提供下載 Part-1本系列共三篇:用 DNS Record 驗證 Let's Encrypt 後打包丟給 Web Server 提供下載 Part-1用 DNS Record 驗證 Let's Encrypt 後打包丟給 Web Server 提供下載 Part-2用 DNS Record 驗證 Let's Encrypt 後打包丟給 Web Server 提供下載 Part-3透過 Microsoft DNS Server 上用 DNS Record 來驗證 Let's Encrypt 的 PowerShell Script 之後需要將取得的憑證丟給目標伺服器使用,但 DNS Server 本身就不太適合再擔任其他服務腳色,容易因為有漏洞而被攻擊,影響 DNS 服務,進而影響整個 Domain 運作。因此在取得更新的憑證後,先以 7-Zip 打包,再透過加密的方式傳輸到 Web Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-17912098818477894212022-09-22T16:26:00.011+08:002022-09-22T16:27:47.725+08:00GPO to Control Chrome Extensions 圖片來源: 土豪哥強制安裝: 套用到這條 GPO 的電腦 Chrome 會自己背景把 Extention 裝起來補充:下載企業專用 Chrome 瀏覽器 - Chrome EnterpriseManage Chrome updates (Windows) - Chrome Enterprise and Education Help (google.com)Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-49598065983562465942022-08-15T11:32:00.003+08:002022-08-15T11:32:13.790+08:00Enable TLS 1.2 for Azure Virtual Desktop Client on Windows 7Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -ForceIf (-Not (Test-Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319')) { New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null;};New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -PropertyType 'Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-86732338847773395052022-07-15T10:27:00.011+08:002022-07-15T12:41:13.291+08:00在 PowerShell 與 PHP 之間交換加密訊息Powershell:#---------------- Function myEncrypt { param ( [String]$Data, [String]$EncryptKey ); PROCESS { $Encode = [System.Text.Encoding]::UTF8; $DataBytes = $Encode.GetBytes($Data); $AES = New-Object System.Security.Cryptography.AESManaged; $AES.BlockSize = 128; $AES.KeySize = 256; $AES.Mode = [System.Security.Cryptography.CipherMode]::CBC; $iv = RandomPassword(($Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-72075541184259685802022-06-29T09:56:00.006+08:002022-06-29T09:58:21.156+08:00MailBox 從 Exchange Online 搬回 On Premise 時因為超過配額而失敗的解決 將 User Account Attribute 的 mDBUseDefaults 這個項目設為 False 就可以搬下來了搬完記得改回 Not SetReferenceDino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-87578705251391661212022-06-22T13:14:00.005+08:002022-06-27T15:07:58.490+08:00Block an Application from accessing Internet with Windows Firewall $ProgramName = 'ProgramName';$ProgramPaths = @();$ProgramPaths += "$env:ProgramFiles\ProgramName";$BlockIPs = @("1.0.0.0-9.255.255.255", "11.0.0.0-126.255.255.255", "128.0.0.0-172.15.255.255", "172.33.0.0-192.167.255.255", "192.169.0.0-255.255.255.255")#----------------------------------------------------------$Remove = New-NetFirewallRule -DisplayName "RemovePrepare" -Group ($ProgramName +Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-87391957822932461022022-06-14T10:20:00.016+08:002022-06-14T11:53:18.886+08:00用 GPO 允許 User 安裝印表機驅動程式的設定GPOComputer Configuration- Policies- Windows Settings- Security Settings- Local Policies- User Rights Assignment- Load and unload device drivers Domain UsersComputer Configuration- Policies- Windows Settings- Security Settings- Local Policies- Security Options- Devices: Prevent users from installing printer drivers Disable Computer Configuration- Policies- Administrative Templates-Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-88377965314504917512022-05-10T14:15:00.010+08:002022-07-25T16:54:19.274+08:00Teams 各種無法登入狀況時的處理太多奇怪的錯誤訊息說無法登入了總之下面這樣處理後大概都能解決Taskkill /f /im teams.exe移除 Teams設定 -> 帳戶 -> 存取公司或學校資源 -> 刪除帳戶移除記住的 Windows 驗證下指令dsregcmd /leave重開機裝 Teams登入 TeamsDino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-77679427844173136352022-02-23T16:50:00.021+08:002023-08-23T17:55:26.692+08:00在 Microsoft DNS Server 上用 DNS Record 來驗證 Let's Encrypt 的 PowerShell Script在 DNS Server 上透過 PowerShell Script 自動建立/刪除驗證用 Record 的方式來取得 Let's Encrypt 憑證Updated: 2023.06.09 更新如果不是 A Record 而是 CNAME 時的處理Updated: 2023.08.23 更新 Create Record 前先檢查,如果 Record 存在就刪除再建立採用工具: https://www.win-acme.com/DNSVerification.ps1# -Step "create" -Identifier "{Identifier}" -RecordName "{RecordName}" -Token "{Token}"# -Step "delete" -Identifier "{Identifier}" -RecordName "{Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-2571027535735403502022-02-11T11:38:00.004+08:002022-02-11T11:42:14.456+08:00查軟體清單 Software List 的工具JSJSS開源x節流:企業應用經驗分享 (一)+(二) [2017/02/03] @臺中市政府 (slideshare.net)WinAudit開源、軟體工具、不用 Server (當然也可以把資料存到 Server)Computer Account Startup Script:\\Server.Contoso.com\WinAudit$\WinAudit.exe /r=gous /T=datetime /f=\\Server.Contoso.com\WinAudit$\Logs\%computername%_macaddress.csvDino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-10358224539573170242022-01-05T10:51:00.007+08:002022-01-05T10:52:39.973+08:00抓出 AD User Account Object 最後一次被異動的時間與內容 簡單版只有抓時間: Get-ADUser UserName -Properties * | select-object whenChanged複雜版什麼鬼東西都抓出來 (JerryChang 大魔神提供) Get-ADReplicationAttributeMetadata ` -Object "CN=UserName,OU=User,DC=Contoso,DC=com" ` -Server DC.Contoso.com | Select-Object ` &Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0tag:blogger.com,1999:blog-8504679997029123922.post-32415167676053957152021-11-22T10:55:00.002+08:002021-11-22T10:55:31.020+08:00PFX 憑證轉 JKS先裝好 Java 取得 keytool.exe接著下指令: "C:\Program Files (x86)\Java\jre1.8.0_311\bin\keytool.exe" -importkeystore -srckeystore "C:\Cert\www.contoso.com.pfx" -destkeystore "C:\Cert\www.contoso.com.jks" -srcstoretype PKCS12 -deststoretype jks -srcstorepass "12345678" -deststorepass "12345678"Dino9021http://www.blogger.com/profile/14413209378078998737noreply@blogger.com0