Group Policy for TPM 1.2 and 2.0

Posted by robd on January 23, 2019
Encyrption / No Comments

We have two GPO’s one for TPM 1.2 and one for TPM 2.0, the reason being is TPM 1.2 is not compataible with 256 encryption.


Here’s a handy table Dell have produced:


Algorithm Type Algorithm Name TPM 1.2 TPM 2.0
Asymmetric RSA 1024 Yes Optional
RSA 2048 Yes Yes
ECC P256 No Yes
ECC BN256 No Yes
Symmetric AES 128 Optional Yes
AES 256 Optional Optional
Hash SHA-1 Yes Yes
SHA-2 256 No Yes
HMAC SHA-1 Yes Yes
SHA-2 256 No Yes


We then use WMI filtering to distinguish TPM 1.2 from 2.0.


The TPM 1.2 WMI filter:




Select * from win32_tpm WHERE SpecVersion like "%1.2%"


The TPM 2.0 WMI filter:




Select * from win32_tpm WHERE SpecVersion like "%2.0%"


Tags: , ,

Find WWN for a Converged network Adapeter via PowerCLI

Posted by robd on October 26, 2016
Encyrption / No Comments

As per the title:

# All hosts connected in vCenter
$scope = Get-VMHost     
#OR specify a cluster
#$scope = Get-Cluster -Name 'Vsphere.Cluster01' | Get-VMHost

foreach ($esx in $scope){
Write-Host "HostName:", $esx
$hbas = Get-VMHostHba -VMHost $esx -Type FibreChannel
foreach ($hba in $hbas){
$wwpn = "{0:x}" -f $hba.PortWorldWideName
Write-Host `t $hba.Device, "|", $hba.model, "|", "World Wide Port Name:" $wwpn

Tags: , , ,

Find which ESXi host a VM is on

Posted by robd on April 21, 2016
Encyrption / No Comments

To identify the host on which the virtual machine runs, use one of these methods:


Query the vCenter Server database in MSSQL:

  1. Log in to to the Microsoft SQL 2005/2008 Server as an administrator.
  2. Open SQL Management Studio.
  3. Right-click the database that vCenter Server is using.
  4. Open a new query window and ensure that the vCenter Server database is selected.
  5. Run this SQL statement :
    SELECT vpxv_vms.vmid, vpxv_vms.NAME, vpxv_vms.hostid, vpxv_hosts.NAME
    FROM vpxv_vms
    WHERE (
    (vpxv_hosts.hostid = vpxv_vms.hostid)
    AND (vpxv_vms.NAME = '<b><em>virtual_machine_name</em></b>')

    This query returns the virtual machine ID, virtual machine name, host ID, and host name.



Posted by robd on June 22, 2015
Encyrption / No Comments

So VPN’s in my world normally surround work related matters such as a site-to-site VPN to connect two sites or buildings together.  That was however until NordVPN very kindly sent me a free trial of the software…..and I must admit I’m impressed.

So to begin with you get a huge array of download options including some Raspberry Pi and DD-WRT:


The install itself is a breeze, firstly it installs virtual NIC (which is normal practice, Dell and Cisco etc all do the same with their VPN clients):


Next…well its done:


Before I login, click the settings button and here’s the bit I like:

DNS Servers – This fixes a common problem “DNS Leak”, yes having a VPN is great unless your DNS isn’t working properly and your “leaking” meaning potentially your DNS is being hijacked (spoofed or injected with false IPs) or being snooped upon.  This settings sorts this issue and so long as you trust NordVPN who have promised me they don’t keep any logs!

Below this is Process Kill List, which means if the VPN drops for any reason then the list processes you’ve added will be stopped.


Once you login you’ll be presented with a huge array of countries to connect to and two options, either TCP or UDP:

TCP is a reliable protocol like a phone call its two way,

UDP protocol is like a post card, you know if it gets to its destination or not but is faster than TCP.


So that’s pretty much it, you can test your VPN is working by opening:

https://www.dnsleaktest.com/ – if its not then close and reopen your browser.

You now have a “safe” connect to the interweb and all its content!!



Tags: , , ,

How to clear Browser Cache

Posted by robd on May 06, 2015
Encyrption / No Comments

Desktop browsers


  1. In the browser bar, enter:
  2. Select the following:
    • Browsing history
    • Download history
    • Cookies and other site and plug-in data
    • Cached images and files

    From the Obliterate the following items from: drop-down menu, you can choose the period of time for which you want to clear cached information. To clear your entire cache, select the beginning of time.

  3. Click Clear browsing data.
  4. Exit/quit all browser windows and re-open the browser.


  1. From the History menu, select Clear Recent History.

    If the menu bar is hidden, press Alt to make it visible.

  2. From the Time range to clear: drop-down menu, select the desired range; to clear your entire cache, select Everything.
  3. Next to “Details”, click the down arrow to choose which elements of the history to clear; to clear your entire cache, select all items.
  4. Click Clear Now.
  5. Exit/quit all browser windows and re-open the browser.

Internet Explorer 9 and higher

  1. Select Tools (via the Gear Icon) > Safety > Delete browsing history….

    If the menu bar is hidden, press Alt to make it visible.

  2. Deselect Preserve Favorites website data, and select:
    • Temporary Internet files or Temporary Internet files and website files
    • Cookies or Cookies and website data
    • History
  3. Click Delete. You will see a confirmation at the bottom of the window when the process is complete.
  4. Exit/quit all browser windows and re-open the browser.


  1. From the Opera menu, select Settings, and then Delete Private Data….
  2. In the dialog box that opens, select the items you want to clear, and then click Delete.
  3. Exit/quit all browser windows and re-open the browser.


Safari 8

  1. From the Safari menu, select Clear History and Website Data….
  2. Select the desired time range, and then click Clear History.
  3. Go to Safari > Quit Safari or press Command-Q to exit the browser completely.

Safari 7 and below

  1. From the Safari menu, select Reset Safari….
  2. Select the items you want to reset, and then click Reset. As of Safari 5.1, Remove all website data includes both cookies and cache.
  3. Go to Safari > Quit Safari or press Command-Q to exit the browser completely.

Tags: , , , , ,


Posted by robd on January 20, 2015
Encyrption / No Comments

Here’s a quick 5 min Https redirect on Windows Server IIS.

1. Open IIS on the web server that hosts your website, select your website from the the folder sites in the left hand column.

2. In the IIS section in the middle open “Error Pages”



3.  Once open click “Add” from the Actions tab on the right. A new windows will open, enter the following.


4. Finished! Test your new redirect.

Tags: , ,

Create a file with a specific size

Posted by robd on May 31, 2012
Encyrption / No Comments

On occasion I’ve needed to create a file of a decent size so I can test a copy script or upload or download times.  Here’s how to create a file:

Code to run from a command prompt:

fsutil file createnew <filename> <length>

Length being bytes!


fsutil file createnew STUPID_FILE.FILE 40000


Encrypt your laptop

Posted by robd on January 11, 2012
Encyrption / No Comments

Now if you like me work in IT then at some point in your life you will have had to encrypt a laptop with one of the various corporate encryption tools such as:

McAfee Endpoint Encryption


Check point

etc etc etc….

Now I’m sure they all have benefits like remote kill switches and what not but personally I’ve never liked them, any of them……some take ages, some fail misserably and occasionally I have to re-build a laptop!

Recently though I came across something that for once I actually liked and its been under my nose for bloody ages!!

TrueCrypt, it encrypts and encrypts well with various Encryption Algorithms (such as AES with 256 bit key)!  So well in fact I may encrypt my own laptop with it and when it comes to IT at home I’m proper lazy!!

Also its easy, no servers and no thought, just three things!
A laptop
A Strong password
The software

(maybe a tutorial)

I would bore you with the how to install it but honestly I cant be bothered!! Search the interwebs and be amazed with the ease!