Thursday, November 14, 2024

Azure script to create test machines quickly

 Script to us in Azure to create Windows 11 test devices:


#Create Windows 11 test device

$ProjectName = "Project" #Name of what I'm working on so that I know which RG is which

$ComputerNumber = "01" #In case I need more than one computer for the same project I can increment this

$RGPrefix = "RG-Temp-" #Prefix for the resource group.  I use this to automate deletion of all of my temp resources nightly in order to avoid running up costs in Azure

$vmName = $ProjectName + $ComputerNumber


$myResourceGroup = $RGPrefix + $ProjectName #Concatonates the Prefix with the Project name to create the resource group name

$vnetName = $myResourceGroup + "-vNet" #Name for the virtual network

$subnetName = $myResourceGroup + "-subnet" #name for the subnet

$publicIpName = $myResourceGroup + "-PubIP" #name for the public IP

$nsgName = $myResourceGroup + "-netsecGroup" #name for the network security group

$nicName = $vmName + "-NIC"

$adminUser = $vmName + "Admin"

$adminPassword = $adminUser + "PW"


az group create --name $myResourceGroup --location 'Canada Central'  #create the resource group for the new test machine

az network vnet create --name $vnetName --resource-group $myResourceGroup --subnet-name $subnetName #create the public IP address for the machine

az network public-ip create --name $publicIpName --resource-group $myResourceGroup

az network nsg create --name $nsgName --resource-group $myResourceGroup #create the network security group

az network nic create --name $nicName --resource-group $myResourceGroup --vnet-name $vnetName --subnet $subnetName --public-ip-address $publicIpName --network-security-group $nsgName #create a virtual nic

az vm create --resource-group $myResourceGroup --name $vmName --image MicrosoftWindowsDesktop:Windows-11:win11-22h2-pro:latest --admin-username $adminUser --admin-password $adminPassword --nics $nicName --nsg-rule RDP #Create the VM

az network nsg rule create --resource-group $myResourceGroup --nsg-name $NsgName --name Allow-RDP --protocol Tcp --direction Inbound --priority 1000 --source-address-prefixes '*' --source-port-ranges '*' --destination-address-prefixes '*' --destination-port-ranges 3389 --access Allow #ensure RDP is allowed on the network security group



Friday, May 24, 2024

Remediate ICMP Timestamp Request Remote Date Disclosure

If your security team is sending you vulnerabilities about ICMP Timestamp Request Remote Date Disclosure, they might look like "Filter out the ICMP timestamp requests (13) and the outgoing ICMP timestamp replies (14)." Then the solution is to either create a GPO to manage a couple of firewall rules or create them locally.  Below is a quick script to create them locally:

$fwICMP13 = @{
    DisplayName = "Disable inbound ICMP timestamp requests"
    Direction = "Inbound"
    Protocol = "ICMPv4"
    ICMPType = 13
    Action = "Block"
}
$fwICMP14 = @{
    DisplayName = "Disable outbound ICMP timestamp replies"
    Direction = "Inbound"
    Protocol = "ICMPv4"
    ICMPType = 14
    Action = "Block"
}
 
New-NetFirewallRule @fwICMP13
New-NetFirewallRule @fwICMP14


Enjoy! 

Friday, May 17, 2024

Intune - Useful Entra-AD (Azure AD) Group Dynamic Queries

 Intune - Software Updates Deployment Ring 2
A random selection of aproximately 10% of the Windows devices in the environment

(device.deviceManagementAppId -eq "0000000a-0000-0000-c000-000000000000") and (device.deviceTrustType -eq "ServerAD") and (device.deviceOwnership -contains "Company") and (device.deviceOSType -eq "Windows") and (device.objectId -match ".{32}(2|3|b).{3}")

Intune - All Corporately Owned Windows Devices
All Windows devices that are joined to either Entra-AD or On-Prem AD and are corporately owned

(device.deviceOSType -eq "Windows") and ((device.deviceTrustType -eq "ServerAd") or (device.deviceTrustType -eq "AzureAd")) and (device.deviceOwnership -eq "Company")

- 

Tuesday, April 16, 2024

Intune - Detection and Remediation scripts for BitLocker key escrow to Entra-AD (Azure AD / AAD)

The following detection and remediation scripts should fix 99% of all escrowing problems.  The biggest surprise item that I found in working with my client trying to remediate escrow problems was that if there was more than one Password Protector key the escrow would fail.  The remediation takes care of that issue (along with others).

Detection Script: