Written on 5. January 2024

Enhancing PowerShell Security with the Activation of Constrained Language Mode

In addition to the PowerShell signing method discussed in my previous post, I’d like to introduce another crucial aspect of PowerShell security: the “Constrained Language Mode”. This mode is a powerful security feature in PowerShell that limits the language elements available to scripts, reducing the surface area for attacks.

What is Constrained Language Mode?

Constrained Language Mode restricts PowerShell to a subset of its language features, disabling potentially dangerous operations. This mode is especially useful in environments where security is paramount and the risk of script-based attacks is high.

Read more…
Written on 17. December 2023

Powershell Signing

In the realm of Windows domain security, ensuring the execution of only signed PowerShell scripts is a crucial aspect of maintaining a robust defense against unauthorized code. With the proliferation of scripts either written in-house or generated by AI tools, it’s increasingly important to have a mechanism that verifies the authenticity and integrity of these scripts. Signing your PowerShell scripts, and configuring a Group Policy to allow only signed scripts to run, plays a vital role in safeguarding your IT environment. In this step-by-step guide, we will walk through the process of creating a suitable certificate, signing a PowerShell script, verifying its signature, and setting up a Group Policy Object (GPO) to enforce the execution of only signed scripts across all clients and servers.

Read more…
Written on 17. December 2023

Move FSMO Roles and demote old Domain Controller

In the dynamic world of my IT environment, a pivotal change was due. An old domain controller, running on Windows Server 2012, needed to be demoted and removed from the domain. This task required a meticulous approach, beginning with the transfer of FSMO roles to a newer server, followed by the decommissioning of the old one. Here’s a walkthrough of how I tackled this challenge.

Read more…
Written on 2. January 2023

Synology Active Backup for Business – Last backup to USB drive

Here is a PowerShell script that can be used to copy the last Active Backup for Business backup from your Synology to an external USB drive:

Synology – Active Backup for Business
Read more…
Written on 3. February 2022

Message Copy for send email in shared mailbox

To save a copy of a send email in a shared mailbox just execute the following two powershell commands.

set-mailbox <mailbox name> -MessageCopyForSentAsEnabled $True
set-mailbox <mailbox name> -MessageCopyForSendOnBehalfEnabled $True