Publish Remote Apps and Desktop Session at the same time

I was recently building a PoC Lab environment for a client where I only had a couple of virtual machines to play with to build a Remote Desktop Services environment to host a line of business application. I needed to be able to publish the application as a Remote App as well as have a virtual desktop. This is usually straight forward if you have multiple session hosts however requires a registry…

View On WordPress

Configure IIS to allow downloads for file types

I was recently in a bit of a bind and needed to get a large file from a server to another workstation, the server had IIS and was already live on the internet but when I copied across the file and tried to download it but was getting a 404 File not found. The file extension was .bak which isn’t a file type that IIS understands whether to execute or stream or present to a web browser in a…

View On WordPress

Increase Limit of Data Expert for Tables, Views and Stored Procs in Crystal Reports

I’ve been recently doing some consulting for a school using a piece of software (a SIS called Synergetic) that uses Crystal Reports and switching to a new workstation has meant there were a few things I needed to get set up again. One of the frustrations I quickly found was that the Data Expert view wasn’t showing all of the Tables, Views and Stored Procedures I was expecting. While there isn’t a…

View On WordPress

Enable SNMP for PRTG with PowerShell

An MSP I do some consulting for use PRTG for their monitoring of environments. SNMP is a lightweight monitoring method for PRTG which trumps WMI monitoring. and doesn’t require admin rights on the local machine (or the shortcut of using a domain admin account). I’ve got a quick PowerShell script that will install the SNMP service in Windows and then configure the Community Name/String and IP…

Microsoft 365 Admin Notifications to your user mailbox with Plus addressing

Licensing your Entra Administrator accounts for email is a common practice to ensure you are across service health updates, user, security and billing alerts but by doing this it introduces security risks and additional costs for mailbox licensing. As a best practice, privileged accounts should remain isolated from unnecessary communication channels to minimise vulnerabilities or avenues of…

View On WordPress

Handy Tips when troubleshooting Active Directory Replication Issues

Over the years I’ve come across a number of different environments with many running Active Directory in many different states. Replication is an important part of ensuring that your AD environment is healthy and highly available to service end users. I’ve compiled some notes around Active Directory Replication commands and gathering information. Firstly, just give the server a quick look over,…

View On WordPress

Amazon WorkSpaces and SSL Errors with Deep Packet Inspection

I was recently doing a new FortiGate deployment for a customer and one of the requirements included setting up Deep Packet SSL Inspection for their users. The customer already has an Internal CA so we generated a certificate for the FortiGate to use for encryption and clients already trusted the certificate as it was part of their Active Directory deployment. During UAT we found that their VDI…

View On WordPress

Password Protection for Entra and On-Prem Active Directory

One thing I like to get going whenever taking on a new tenant or client is the password protection features. By Default, Entra already has some password protection for your cloud users which detects and blocks known weak passwords such as password and password123 or qwerty as well as looking at well-known passwords that are readily exploited in the wild. You can go further, including custom…

View On WordPress

CrowdStrike Next-Gen SIEM and FortiGate Connector

So I’m working on getting all of our external systems connected into the CrowdStrike Next-Gen SIEM as part of our internal Falcon Complete tenancy. Following the documentation in the CrowdStrike portal, getting and installing the Log Collector and setting up the connector were a pretty straightforward affair. I’ve got a Windows VM setup as a collector with the following basic YAML configuration…

View On WordPress

Migrating Printers on Windows Server: A rough Step-by-Step Guide

I was recently decommissioning an old file and print server and one of the final tasks on our list was moving printers from one to another. It’s been a while since I’ve done this using vanilla print management, but happy to know there is now an import/export wizard for Printers. Since the source is 2019 and we’re going to 2022, It’s a straightforward process of exporting Printers and Drivers you…

View On WordPress

Testing Conditional Access Policies with What If

I was recently helping out a colleague in implementing and testing some new conditional access policies around Geo Blocking and we wanted to understand if what we had setup was going to work. Traditionally this can be quite difficult depending on your scenarios, however Microsoft have recently introduced What If, so that you can test how your Conditional Access Policies will apply to a particular…

View On WordPress

PXE Booting with iVentoy for ISO Images and easy OS installs

I have a usb of Ventoy in my everyday carry, it has Windows, Linux and Recovery images and has saved my bacon a number of times over the years. In my lab environment outside of the VM Host it can often be difficult to get exactly what I need loaded quickly, especially when my bag isn’t around. I recently stumbled on iVentoy written by the same author of Ventoy, which is a free, lightweight PXE…

View On WordPress

Setting Up Geo-Blocking with FortiWeb IP Protection

One of our FortiWeb clients is releasing a new app and they’ve requested us to block IPs not associated with Australia.  There are a number of ways we can achieve this whether it’s via the FortiWeb, a FortiGate in front or other methods. In this instance, we’ll be using the FortiWeb IP Protection feature. This uses the MaxMind Geo IP lists and is a good but not fool-proof way to enable…

View On WordPress

Getting Started with Maester and Entra Security Hardening

So I’ve known about PingCastle and Purple Knight for a little while now and have used them for on-premises audits and Azure AD audits a while back.  I recently stumbled on Maester which is a testing framework that can be used to automate testing for your Entra environment.  I finally had some time to give it a shot, installation and configuration is straight forward and simple and then running…

View On WordPress

New Year, New Theme

Quick one but I’ve spent a bit of time today cleaning up the backend and loaded a new theme.  I’ve also started to clean-up older articles to make sure the fit with the new theme and block editor of WordPress (as I’ve continued to use the “classic” style for quite some time).  More articles and things to come for 2025!

View On WordPress

Route Website via SSL-VPN Split Tunnel on FortiGate

We have a customer who has a few back office staff in the Philippines and we need to get them around a Geo-Block for a particular website they need as part of their role.  The customer has a split-tunnel SSL-VPN in the AWS Sydney Region, we can look to route the traffic via the SSL-VPN tunnel so that it traverses via Australia instead of their home ISP in the Philippines, bypassing the…

View On WordPress

ScreenConnect Router Service Setup

Despite all the things people say about Connectwise, I still hold ScreenConnect or Connectwise Control close to my heart as one of the best support and remote access tools out there. It’s light, friendly and easy to use for support staff and end users and just gets the job done. I look after our own instance along with another for a large software provider and generally set it up so that our Web…

View On WordPress