Posted by robd
on January 23, 2019
Encyrption /
No Comments
We have two GPO’s one for TPM 1.2 and one for TPM 2.0, the reason being is TPM 1.2 is not compataible with 256 encryption.
Here’s a handy table Dell have produced:
https://www.dell.com/support/article/us/en/04/sln312590/tpm-12-vs-20-features?lang=en
Algorithm Type |
Algorithm Name |
TPM 1.2 |
TPM 2.0 |
Asymmetric |
RSA 1024 |
Yes |
Optional |
|
RSA 2048 |
Yes |
Yes |
|
ECC P256 |
No |
Yes |
|
ECC BN256 |
No |
Yes |
Symmetric |
AES 128 |
Optional |
Yes |
|
AES 256 |
Optional |
Optional |
Hash |
SHA-1 |
Yes |
Yes |
|
SHA-2 256 |
No |
Yes |
HMAC |
SHA-1 |
Yes |
Yes |
|
SHA-2 256 |
No |
Yes |
We then use WMI filtering to distinguish TPM 1.2 from 2.0.
The TPM 1.2 WMI filter:
Namespace:
root\cimv2\security\microsofttpm
Query:
Select * from win32_tpm WHERE SpecVersion like "%1.2%"

The TPM 2.0 WMI filter:
Namespace:
root\cimv2\security\microsofttpm
Query:
Select * from win32_tpm WHERE SpecVersion like "%2.0%"

Tags: bitlocker, Group Policy, WMI
Posted by robd
on October 26, 2016
Encyrption /
No Comments
As per the title:
# All hosts connected in vCenter
$scope = Get-VMHost
#OR specify a cluster
#$scope = Get-Cluster -Name 'Vsphere.Cluster01' | Get-VMHost
foreach ($esx in $scope){
Write-Host "HostName:", $esx
$hbas = Get-VMHostHba -VMHost $esx -Type FibreChannel
foreach ($hba in $hbas){
$wwpn = "{0:x}" -f $hba.PortWorldWideName
Write-Host `t $hba.Device, "|", $hba.model, "|", "World Wide Port Name:" $wwpn
}}
Tags: esx, PowerCLI, PowerShell, vSphere
Posted by robd
on April 21, 2016
Encyrption /
No Comments
To identify the host on which the virtual machine runs, use one of these methods:
Query the vCenter Server database in MSSQL:
- Log in to to the Microsoft SQL 2005/2008 Server as an administrator.
- Open SQL Management Studio.
- Right-click the database that vCenter Server is using.
- Open a new query window and ensure that the vCenter Server database is selected.
- Run this SQL statement :
SELECT vpxv_vms.vmid, vpxv_vms.NAME, vpxv_vms.hostid, vpxv_hosts.NAME
FROM vpxv_vms
JOIN vpxv_hosts on VPXV_VMS.HOSTID = VPXV_HOSTS.HOSTID
WHERE (
(vpxv_hosts.hostid = vpxv_vms.hostid)
AND (vpxv_vms.NAME = '<b><em>virtual_machine_name</em></b>')
)
This query returns the virtual machine ID, virtual machine name, host ID, and host name.

Posted by robd
on June 22, 2015
Encyrption /
No Comments
So VPN’s in my world normally surround work related matters such as a site-to-site VPN to connect two sites or buildings together. That was however until NordVPN very kindly sent me a free trial of the software…..and I must admit I’m impressed.
So to begin with you get a huge array of download options including some Raspberry Pi and DD-WRT:

The install itself is a breeze, firstly it installs virtual NIC (which is normal practice, Dell and Cisco etc all do the same with their VPN clients):

Next…well its done:

Before I login, click the settings button and here’s the bit I like:
DNS Servers – This fixes a common problem “DNS Leak”, yes having a VPN is great unless your DNS isn’t working properly and your “leaking” meaning potentially your DNS is being hijacked (spoofed or injected with false IPs) or being snooped upon. This settings sorts this issue and so long as you trust NordVPN who have promised me they don’t keep any logs!
Below this is Process Kill List, which means if the VPN drops for any reason then the list processes you’ve added will be stopped.

Once you login you’ll be presented with a huge array of countries to connect to and two options, either TCP or UDP:
TCP is a reliable protocol like a phone call its two way,
UDP protocol is like a post card, you know if it gets to its destination or not but is faster than TCP.

So that’s pretty much it, you can test your VPN is working by opening:
https://www.dnsleaktest.com/ – if its not then close and reopen your browser.
You now have a “safe” connect to the interweb and all its content!!
Boom
Tags: NordVPN, TCP, UDP, VPN
Posted by robd
on May 06, 2015
Encyrption /
No Comments
Desktop browsers
Chrome
- In the browser bar, enter:
chrome://settings/clearBrowserData
- Select the following:
From the drop-down menu, you can choose the period of time for which you want to clear cached information. To clear your entire cache, select .
- Click .
- Exit/quit all browser windows and re-open the browser.
Firefox
- From the menu, select .
If the menu bar is hidden, press Alt
to make it visible.
- From the drop-down menu, select the desired range; to clear your entire cache, select .
- Next to “Details”, click the down arrow to choose which elements of the history to clear; to clear your entire cache, select all items.
- Click .
- Exit/quit all browser windows and re-open the browser.
Internet Explorer 9 and higher
- Select (via the Gear Icon) > > .
If the menu bar is hidden, press Alt
to make it visible.
- Deselect , and select:
- Click . You will see a confirmation at the bottom of the window when the process is complete.
- Exit/quit all browser windows and re-open the browser.
Opera
- From the menu, select , and then .
- In the dialog box that opens, select the items you want to clear, and then click .
- Exit/quit all browser windows and re-open the browser.
Safari
Safari 8
- From the menu, select .
- Select the desired time range, and then click .
- Go to > or press
Command-Q
to exit the browser completely.
Safari 7 and below
- From the menu, select .
- Select the items you want to reset, and then click . As of Safari 5.1, includes both cookies and cache.
- Go to > or press
Command-Q
to exit the browser completely.
Tags: browser, cache, chome, firefox, ie, internet explorer
Posted by robd
on January 20, 2015
Encyrption /
No Comments
Here’s a quick 5 min Https redirect on Windows Server IIS.
1. Open IIS on the web server that hosts your website, select your website from the the folder sites in the left hand column.
2. In the IIS section in the middle open “Error Pages”

3. Once open click “Add” from the Actions tab on the right. A new windows will open, enter the following.

4. Finished! Test your new redirect.
Tags: HTTP, HTTPS, IIS
Posted by robd
on May 31, 2012
Encyrption /
No Comments
On occasion I’ve needed to create a file of a decent size so I can test a copy script or upload or download times. Here’s how to create a file:
Code to run from a command prompt:
fsutil file createnew <filename> <length>
Length being bytes!
Example:
fsutil file createnew STUPID_FILE.FILE 40000
Posted by robd
on January 11, 2012
Encyrption /
No Comments
Now if you like me work in IT then at some point in your life you will have had to encrypt a laptop with one of the various corporate encryption tools such as:
McAfee Endpoint Encryption
Sophos
Check point
etc etc etc….
Now I’m sure they all have benefits like remote kill switches and what not but personally I’ve never liked them, any of them……some take ages, some fail misserably and occasionally I have to re-build a laptop!
Recently though I came across something that for once I actually liked and its been under my nose for bloody ages!!
TrueCrypt, it encrypts and encrypts well with various Encryption Algorithms (such as AES with 256 bit key)! So well in fact I may encrypt my own laptop with it and when it comes to IT at home I’m proper lazy!!
Also its easy, no servers and no thought, just three things!
A laptop
A Strong password
The software
(maybe a tutorial)
I would bore you with the how to install it but honestly I cant be bothered!! Search the interwebs and be amazed with the ease!