Enter-PSsession: Run PowerShell Remote Commands

Enter-PSsession: Run PowerShell Remote Commands @vexpert #vmwarecommunities #100daysofhomelab #homelab #PowerShellRemotingBasics #EnterPSSessionCommands #PowerShellRemoteServer #RemoteSystemManagement #WindowsServerPowerShell #NewPSSessionUsage

Windows PowerShell has changed how we manage our Windows Server environments. One of the powerful features of PowerShell is PowerShell remoting, which enables the execution of PowerShell commands or scripts on a remote computer. The Enter-PSSession command, a core part of PowerShell remoting, allows us to establish an interactive session with a remote system, fundamentally changing how we…

View On WordPress

Move Ahead with Confidence: Microsoft Training Courses That Power Your Potential

Why Microsoft Skills Are a Must-Have in Modern IT

Microsoft technologies power the digital backbone of countless businesses, from small startups to global enterprises. From Microsoft Azure to Power Platform and Microsoft 365, these tools are essential for cloud computing, collaboration, security, and business intelligence. As companies adopt and scale these technologies, they need skilled professionals to configure, manage, and secure their Microsoft environments. Whether you’re in infrastructure, development, analytics, or administration, Microsoft skills are essential to remain relevant and advance your career.

The good news is that Microsoft training isn’t just for IT professionals. Business analysts, data specialists, security officers, and even non-technical managers can benefit from targeted training designed to help them work smarter, not harder.

Training That Covers the Full Microsoft Ecosystem

Microsoft’s portfolio is vast, and Ascendient Learning’s training spans every major area. If your focus is cloud computing, Microsoft Azure training courses help you master topics like architecture, administration, security, and AI integration. Popular courses include Azure Fundamentals, Designing Microsoft Azure Infrastructure Solutions, and Azure AI Engineer Associate preparation.

For business professionals working with collaboration tools, Microsoft 365 training covers everything from Teams Administration to SharePoint Configuration and Microsoft Exchange Online. These tools are foundational to hybrid and remote work environments, and mastering them improves productivity across the board.

Data specialists can upskill through Power BI, Power Apps, and Power Automate training, enabling low-code development, process automation, and rich data visualization. These tools are part of the Microsoft Power Platform, and Ascendient’s courses teach how to connect them to real-time data sources and business workflows.

Security is another top concern for today’s organizations, and Microsoft’s suite of security solutions is among the most robust in the industry. Ascendient offers training in Microsoft Security, Compliance, and Identity, as well as courses on threat protection, identity management, and secure cloud deployment.

For developers and infrastructure specialists, Ascendient also offers training in Windows Server, SQL Server, PowerShell, DevOps, and programming tools. These courses provide foundational and advanced skills that support software development, automation, and enterprise system management.

Earn Certifications That Employers Trust

Microsoft certifications are globally recognized credentials that validate your expertise and commitment to professional development. Ascendient Learning’s Microsoft training courses are built to prepare learners for certifications across all levels, including Microsoft Certified: Fundamentals, Associate, and Expert tracks.

These certifications improve your job prospects and help organizations meet compliance requirements, project demands, and client expectations. Many professionals who pursue Microsoft certifications report higher salaries, faster promotions, and broader career options. 

Enterprise Solutions That Scale with Your Goals

For organizations, Ascendient Learning offers end-to-end support for workforce development. Training can be customized to match project timelines, technology adoption plans, or compliance mandates. Whether you need to train a small team or launch a company-wide certification initiative, Ascendient Learning provides scalable solutions that deliver measurable results.

With Ascendient’s Customer Enrollment Portal, training coordinators can easily manage enrollments, monitor progress, and track learning outcomes in real-time. This level of insight makes it easier to align training with business strategy and get maximum value from your investment.

Get Trained. Get Certified. Get Ahead.

In today’s fast-changing tech environment, Microsoft training is a smart step toward lasting career success. Whether you are building new skills, preparing for a certification exam, or guiding a team through a technology upgrade, Ascendient Learning provides the tools, guidance, and expertise to help you move forward with confidence.

Explore Ascendient Learning’s full catalog of Microsoft training courses today and take control of your future, one course, one certification, and one success at a time.

For more information, visit: https://www.ascendientlearning.com/it-training/microsoft

“How to Restrict Server Access for Teams Using RHosting’s Custom Controls”

When managing a shared server environment, not every team member needs full access. Whether it’s for security, compliance, or operational clarity, restricting access based on roles is essential. That’s why RHosting offers powerful custom control features — so you can manage exactly who can access what, and how.

In this guide, we’ll show you how to use RHosting’s built-in controls to restrict server access for teams — without complex IT configurations or third-party tools.

🔐 Why Access Restrictions Matter

Unrestricted access increases the risk of:

Accidental file deletions or edits

Unauthorized use of sensitive applications

Data breaches or compliance violations

Confusion and clutter for end users

With RHosting’s granular access settings, you can provide the right level of access to every user — and nothing more.

🛠️ Step-by-Step: How to Restrict Access Using RHosting’s Custom Controls

Step 1: Log in to the RHosting Admin Portal

Access the RHosting Admin Dashboard using your credentials. From here, you’ll manage users, permissions, and server settings.

Step 2: Create or Select a User Group

If you're managing a team:

Navigate to User Groups

Create a new group (e.g., “Finance Team”, “Dev Interns”, “HR”)

Or, select an existing group to edit

Grouping users by role or department simplifies future management.

Step 3: Assign Server Access Controls

Within the group settings:

Choose which servers the group can access

Select folders or drives available to the group (e.g., restrict “Finance” from accessing “Dev”)

Set time-based access if needed (e.g., office hours only)

Step 4: Set Application-Level Restrictions (Optional)

RHosting also lets you control which applications are visible and usable by each user or group.

Allow only necessary apps like Tally, Excel, or custom software

Block access to tools unrelated to the user’s role

Prevent command-line or admin-level tools from being launched

Step 5: Enable Session Monitoring & Logs

Activate activity logging for transparency and compliance:

See login times, session durations, and accessed resources

Export logs for audits or internal reviews

Identify unusual behavior or access patterns

🔄 Real-World Example: Restricting Access for Interns

Let’s say your dev team hires interns for a 3-month period. Using RHosting:

Create an “Interns” group

Give them access to a specific development server only

Block access to client databases or financial systems

Restrict usage of PowerShell or admin tools

Auto-disable access after 90 days

This keeps your systems secure while enabling interns to contribute productively.

✅ Benefits of Using RHosting’s Custom Controls

Enhanced security for sensitive data and critical systems

Simplified user management for IT teams

Tailored access that matches your organizational structure

Peace of mind knowing every user has just the access they need

🚀 Take Full Control of Your Remote Environment

RHosting’s custom access controls are designed to give you precision, flexibility, and confidence in how your team interacts with remote servers.

Whether you’re onboarding new employees, managing contractors, or supporting multiple departments — you’re in control.

Master IT Infrastructure: Windows Server Administration Course in Australia

In today’s digitally driven world, servers are the foundation of every business’s IT operation. From hosting applications and managing user access to maintaining data security, servers do it all—and the professionals who manage them are critical to every organization's success. If you’re an IT professional in Australia looking to enhance your system administration skills, the Windows Server Administration Course in Australia offered by Xelware is your ideal next step.

This course is specially designed for both aspiring and experienced administrators, giving you practical, real-world skills to configure, manage, and maintain Windows Server environments effectively. Whether you're aiming to boost your resume, prepare for certification, or support your organization's infrastructure more confidently, this training is your gateway.

Why Learn Windows Server Administration?

Windows Server is one of the most widely used operating systems for managing enterprise-level IT infrastructure. It powers file servers, domain controllers, DNS, DHCP, and much more. With the continued growth of hybrid environments—mixing on-premise and cloud technologies—the need for skilled Windows Server administrators is only increasing.

By mastering Windows Server administration, you can:

Improve the performance, stability, and security of IT environments

Manage networks, users, and policies with precision

Ensure business continuity with proper backup and recovery practices

Reduce system downtime and boost productivity across the organization

Become a key resource in IT operations, infrastructure design, and support

What You’ll Learn in the Course

The Windows Server Administration Course in Australia from Xelware is based on Microsoft’s official curriculum and is updated to reflect the latest best practices and technologies in system administration.

Key areas covered include:

Installing and configuring Windows Server roles and features

Managing Active Directory Domain Services (AD DS)

Implementing DNS, DHCP, and IPAM

Maintaining server performance and monitoring systems

Ensuring security with group policies, file permissions, and firewall configurations

Automating tasks with PowerShell and administrative templates

Performing regular backups and disaster recovery

The course also emphasizes practical labs and case studies so you can apply what you’ve learned in realistic scenarios.

Why Choose Xelware in Australia?

Xelware is a trusted name in professional IT training, known for delivering industry-relevant content with expert instruction. Their Windows Server Administration Course is tailored for Australian learners and businesses, offering flexible schedules, local time zones, and trainers with hands-on experience in enterprise IT environments.

Here’s what sets Xelware apart:

Instructor-led sessions delivered live and online across Australia

Microsoft-certified trainers who teach from real-world experience

Interactive labs and assignments that build job-ready skills

Certification preparation and guidance to help you succeed

Post-training support and resources to reinforce your learning

Whether you're in Sydney, Brisbane, Adelaide, Melbourne, or working remotely from any corner of Australia, Xelware makes high-quality IT training accessible to you.

Who Should Take This Course?

This course is ideal for:

IT support professionals seeking to move into system administration

Network administrators wanting to broaden their expertise

System administrators responsible for Windows-based infrastructure

Students and recent graduates looking to specialize in server technology

IT managers who want to better understand their infrastructure

A basic understanding of networking concepts and the Windows operating system is recommended, but the course is structured to guide learners at all levels.

Final Thoughts: Build a Reliable IT Backbone

Every successful business relies on stable, secure, and efficient server infrastructure. As a Windows Server Administrator, you’ll play a vital role in ensuring the smooth operation of IT systems. The Windows Server Administration Course in Australia from Xelware gives you the skills and confidence to take on that responsibility with expertise.

10 Must-Have PowerShell Scripts Every IT Admin Should Know

As an IT professional, your day is likely filled with repetitive tasks, tight deadlines, and constant demands for better performance. That’s why automation isn’t just helpful—it’s essential. I’m Mezba Uddin, a Microsoft MVP and MCT, and I built Mr Microsoft to help IT admins like you work smarter with automation, not harder. From Microsoft 365 automation to infrastructure monitoring and PowerShell scripting, I’ve shared practical solutions that are used in real-world environments. This article dives into ten of the most useful PowerShell scripts for IT admins, complete with automation examples and practical use cases that will boost productivity, reduce errors, and save countless hours. 

Whether you're new to scripting or looking to optimize your stack, these scripts are game-changers.

Automate Active Directory User Creation

Provisioning new users manually can lead to errors and wasted time. One of the most widely used PowerShell scripts for IT admins is an automated Active Directory user creation script. This script allows you to import user details from a CSV file and automatically create AD accounts, set passwords, assign groups, and configure properties—all in a few seconds. It’s a perfect way to speed up onboarding in large organizations. On MrMicrosoft.com, you’ll find a complete walkthrough and customizable script templates to fit your unique IT environment. Whether you're managing 10 users or 1,000, this script will become one of your most trusted tools for Active Directory administration.

Bulk Assign Microsoft 365 Licenses

In hybrid or cloud environments, managing Microsoft 365 license assignments manually is a drain on time and accuracy. Through Microsoft 365 automation, you can use a PowerShell script to assign licenses in bulk, deactivate unused ones, and even schedule regular audits. This script is a great way to enforce licensing compliance while reducing costs. At Mr Microsoft, I provide an optimized version of this script that’s suitable for large enterprise environments. It’s customizable, secure, and a great example of how scripting can eliminate repetitive administrative tasks while ensuring your Microsoft 365 deployment runs smoothly and efficiently.

Send Password Expiry Notifications Automatically

One of the most common helpdesk tickets? Password expiry. Through simple IT infrastructure automation, a PowerShell script can send automatic email notifications to users whose passwords are about to expire. It reduces last-minute password reset requests and keeps users informed. At Mr Microsoft, I share a plug-and-play script for this task, including options to adjust frequency, messaging, and groups. It’s a lightweight, server-friendly way to keep your user base informed and proactive. With this script running on a schedule, your IT team will have fewer disruptions and more time to focus on high-priority tasks.

Monitor Server Disk Space Remotely

Monitoring disk space across multiple servers—especially in hybrid cloud environments—can be difficult without the right tools. That’s why cloud automation for IT pros includes disk monitoring scripts that remotely scan storage, trigger alerts, and generate reports. I’ve posted a working solution on Mr Microsoft that connects securely to servers, logs thresholds, and sends alerts before critical levels are hit. It’s ideal for IT teams managing Azure resources, Hyper-V, or even on-premises file servers. With this script, you can detect space issues early and prevent downtime caused by full partitions.

Export Microsoft 365 Mailbox Size Reports

For admins managing Exchange Online, mailbox size tracking is essential. With the right Microsoft 365 management tools, like a PowerShell mailbox report script, you can quickly extract user sizes, quotas, and growth over time. This is invaluable for storage planning and policy enforcement. On Mr Microsoft, I’ve shared an easy-to-adapt script that pulls all mailbox data and exports it to CSV or Excel formats. You can automate it weekly, track long-term trends, or email the results to managers. It’s a simple but powerful reporting tool that turns Microsoft 365 data into actionable insights.

Parse and Report on Windows Event Logs

If you’re getting started with scripting, working with event logs is a fantastic entry point. Using PowerShell for beginners, you can write scripts that parse Windows logs to identify system crashes, login failures, or security events. I’ve built a script on Mr Microsoft that scans logs daily and sends summary reports. It’s lightweight, customizable, and useful for security monitoring. This is a perfect project for IT pros new to scripting who want meaningful results without complexity. With scheduled execution, this tool ensures proactive monitoring—especially critical in regulated or high-security environments.

Reset Passwords for Multiple Users

Resetting passwords one at a time is inefficient—especially during mass onboarding, offboarding, or policy enforcement. Using IT admin productivity tools like a PowerShell batch password reset script can streamline the process. It’s secure, scriptable, and ideal for both on-premises AD and hybrid Azure AD environments. With added functionality like expiration dates and enforced resets at next login, this script empowers IT admins to enforce password policies with speed and consistency.

Automate Windows Update Scheduling

If you’re tired of unpredictable updates or user complaints about restarts, this is for you. One of the most effective PowerShell scripts for IT admins automates the installation of Windows updates across workstations or servers. With this tool, you can check for updates, install them silently, and even reboot during off-hours. This reduces patching delays, improves compliance, and eliminates the need for manual updates or GPO complexity—especially useful in remote or hybrid work environments.

Cleanup Inactive Users with Graph API

Inactive user accounts are a security risk and resource drain. With the Microsoft Graph API, you can automate account cleanup based on login activity or license usage. My detailed Microsoft Graph API tutorial on Mr Microsoft walks through how to connect securely, pull activity data, and disable or archive stale accounts. This not only tightens security but also saves licensing costs. It’s a must-have script for admins managing large Microsoft 365 environments. Plus, the tutorial includes reusable templates to make your deployment faster and safer.

Automate SharePoint Site Provisioning

Provisioning SharePoint sites manually is tedious and error-prone. With Microsoft 365 automation, you can instantly create SharePoint sites based on predefined templates, permissions, and naming conventions. I’ve built a reusable script on Mr Microsoft that automates this entire process. It’s ideal for departments, projects, or onboarding flows where consistency and speed are critical. This script integrates with Teams and Exchange setups too, giving your IT team a full-stack provisioning workflow with minimal effort.

Final Thoughts – Automate Smarter, Not Harder

Every script above is built from real-life IT challenges I’ve encountered over the years. At Mr Microsoft, my goal is to share solutions that are practical, secure, and ready to use. Whether you're managing hundreds of users or optimizing workflows, automation is your edge—and PowerShell scripts for IT admins are your toolkit. Want more step-by-step guides and tools built by a fellow IT pro? 

Visit MrMicrosoft.com and start automating smarter today.

Install Remote Server Administration Tools on Windows 11

Remote Server Administration Tools (RSAT) for Windows includes Server Manager, Microsoft Management Console (MMC) snap-ins, consoles, Windows PowerShell cmdlets and providers, and command-line tools for managing roles and features that run on Windows Server. In this guide, we shall discuss the steps to install Remote Server Administration Tools on Windows 11. Because these steps have slightly…

Enhance Your PowerShell Automation with These 3 Third-Party Tools

PowerShell is an incredibly powerful tool that can help system administrators automate tedious tasks, manage servers, and streamline processes. However, as your automation tasks grow in complexity, PowerShell alone may not be enough to handle advanced features like error handling, logging, scheduling, and cross-platform automation. That’s where third-party tools come into play.

In this article, we’ll explore three popular third-party tools that can supercharge your PowerShell automation by adding powerful features, simplifying complex tasks, and enhancing overall efficiency. Whether you’re looking for better error management, cross-platform automation, or a more streamlined way to run and monitor your scripts, these tools will provide the extra power you need.

1. ScriptRunner: Take Control of Your PowerShell Automation

One of the biggest challenges in automating with PowerShell is ensuring that your scripts are error-proof, auditable, and easily accessible. ScriptRunner is a dedicated PowerShell automation platform that helps you manage, delegate, and monitor PowerShell scripts across your environment.

Key Features of ScriptRunner:

Script Library: Organize your PowerShell scripts into a centralized library. You can easily search, categorize, and manage your scripts in one place.

Delegation & Role-Based Access: Delegate script execution to other team members or even end-users without giving them full access to your systems. ScriptRunner allows you to set up role-based access control (RBAC), which ensures security while giving the right people the right level of access.

Error Handling and Logging: ScriptRunner automatically logs every action taken during script execution, providing you with detailed records. It also offers error handling features to ensure that your scripts run smoothly and with minimal interruptions.

Cross-Platform Support: Whether you're automating tasks on Windows, Linux, or macOS, ScriptRunner can run your PowerShell scripts across multiple platforms, making it easier to manage your entire environment.

By incorporating ScriptRunner into your workflow, you can automate with more security, better management, and peace of mind.

Why Choose ScriptRunner? ScriptRunner helps streamline script management, error handling, and automation in a way that enhances collaboration and makes scaling automation efforts much easier. If you're looking for a comprehensive platform that simplifies PowerShell automation, ScriptRunner is a fantastic choice.

2. Attune: Automate Across Multiple Nodes with Ease

If you're looking to automate PowerShell scripts across multiple servers or remote nodes, Attune is a great solution. This advanced orchestration and automation tool allows you to manage your scripts across different environments, making automation faster and more efficient.

Key Features of Attune:

Multi-Node Orchestration: With Attune, you can execute PowerShell scripts on multiple nodes simultaneously, whether those nodes are local or remote. This reduces the time spent on manual intervention and ensures consistency across your environment.

Real-Time Iteration: Attune allows you to debug and modify scripts on the fly while they’re running. This is incredibly helpful for rapid iteration, especially in complex environments.

Cross-Platform Support: Automate tasks across different operating systems, including Windows, Linux, and macOS, without rewriting your scripts.

Automatic Error Handling: Attune has built-in safeguards to handle errors automatically, so you don’t have to worry about interrupted tasks or incomplete automation.

By leveraging Attune for PowerShell automation, you can scale and automate tasks across multiple servers or nodes more quickly, with greater precision and fewer errors.

Why Choose Attune? Attune excels in environments where multi-node orchestration and real-time debugging are crucial. If you need to manage automation across various systems with seamless integration, Attune is a great tool to help accelerate your PowerShell automation.

3. Fortra Automate: No-Code Automation for PowerShell Scripts

Fortra Automate is an RPA (Robotic Process Automation) tool that complements PowerShell by offering no-code automation for tasks that would otherwise require complex scripting. It’s particularly useful for IT professionals who want to extend their automation capabilities without having to write every line of code manually.

Key Features of Fortra Automate:

Drag-and-Drop Interface: If you’re not a scripting expert or want to simplify your workflows, Fortra Automate’s intuitive drag-and-drop interface allows you to create automation workflows without writing complex scripts.

Cross-Platform Support: Fortra Automate supports both Windows and Linux systems, enabling you to run PowerShell scripts across multiple environments without issues.

Enhanced Security: PowerShell scripts often deal with sensitive data or perform critical tasks. Fortra Automate ensures that your scripts run securely with features like role-based security and audit logging.

Event-Based Triggers: Instead of manually running your PowerShell scripts, Fortra Automate allows you to set up event-based triggers, so your scripts run automatically based on specific conditions or events.

By integrating Fortra Automate with your PowerShell workflows, you can create robust automation with less manual effort, freeing up time for other important tasks.

Why Choose Fortra Automate? Fortra Automate is a great tool for IT professionals who want to simplify automation processes. Its no-code interface, combined with powerful PowerShell integration, makes it a versatile choice for automating everything from routine tasks to complex workflows.

Conclusion

While PowerShell is a powerful tool for automating IT tasks, using third-party tools can greatly enhance your automation capabilities. Whether you're looking for better error handling and logging, cross-platform support, or a no-code interface, there are several great tools available that can make your PowerShell scripts more efficient and easier to manage.

Here’s a quick summary of the tools mentioned:

ScriptRunner: Best for script management, delegation, and enhanced security features.

Attune: Ideal for multi-node orchestration and real-time iteration, especially in complex environments.

Fortra Automate: Perfect for IT professionals looking for no-code automation with PowerShell integration.

These tools can help you get the most out of your PowerShell scripts, enabling you to automate faster, more reliably, and with less hassle.

If you haven’t already, consider giving these tools a try to take your PowerShell automation to the next level!

By integrating these third-party tools, you’re not only enhancing your PowerShell automation but also enabling your team to work more efficiently and securely across a wide variety of environments.

Happy automating! 🚀

Como habilitar o RDP no Windows 10/11

O RDP (Remote Desktop Protocol) é um protocolo de comunicação desenvolvido pela Microsoft para facilitar o acesso remoto a servidores Windows, permitindo que usuários controlem desktops e aplicativos à distância. Baseado na família de padrões T.120, o RDP oferece uma conexão segura e eficiente entre o Terminal Server e o Cliente do Terminal Server, sendo capaz de transmitir dados como interface gráfica, comunicação de dispositivos e informações criptografadas. O protocolo opera através do TCP, criptografando e encapsulando os dados em pacotes antes de enviá-los pela rede. Esses dados passam por processos de segmentação, criptografia e encaminhamento, garantindo a segurança e integridade da comunicação.

Os principais componentes do RDP incluem:

- MCSMUX: Gerencia a comunicação entre múltiplos pontos, criando canais virtuais. - GCC: Controla a criação e exclusão de sessões e a comunicação em grupo. - Wdtshare.sys e Tdtcp.sys: Drivers responsáveis pela interface do usuário, compactação e criptografia dos dados. Além disso, o RDP é projetado para ser independente de protocolos de rede, embora atualmente funcione com TCP/IP.

Como habilitar o RDP no Windows 10/11

Veremos como habilitar o RDP no Windows 11 de maneira simples e rápida! - Prompt de Comando (CMD) - Powershell - Painel de controle Habilitar o RDP via CMD Siga estas etapas para habilitar o RDP no seu sistema usando o Prompt de Comando (CMD): 1. Na aba de pesquisas do menu iniciar, pesquise por CMD e execute como Administrador. 2. Execute o comando abaixo para permitir conexões RDP: 3. Em seguida, execute o comando para permitir que o firewall aceite conexões RDP: Após executar esses comandos, o **RDP** estará habilitado no seu sistema. Habilitar RDP via Powershell Abra o Powershell como administador e execute os comandos: Em seguida execute o próximo comando: Habilitar RDP via Painel de controle do Windows - Pressione a tecla Win e pesquise digitando Painel de Controle. - No Painel de Controle, clique em Sistema e Segurança e, em seguida, em Sistema. - Na janela Sistema, no menu à esquerda, clique em Configurações avançadas do sistema. - Na janela Propriedades do Sistema, vá até a guia Remoto. - Em Área de Trabalho Remota, marque a opção Permitir conexões remotas a este computador. - Clique em Aplicar e depois em OK.

Verifique configure o Firewall

O Firewall do Windows geralmente ajusta automaticamente as configurações para permitir o RDP. Caso necessário, acesse Painel de Controle > Todos os Itens do Painel de Controle > Windows Defender Firewall > Permitir um aplicativo ou recurso através do Windows Defender Firewall. Certifique-se de que a opção Área de Trabalho Remota esteja marcada.

Dicas Para otimizar o desempenho do RDP

- Usar conexões de alta largura de banda para melhorar a fluidez. - Habilitar a compressão de dados em redes com largura de banda limitada. - Manter o sistema atualizado para garantir segurança e performance. Read the full article

PowerShell Kill a Process from the Command Line

PowerShell Kill a Process from the Command Line #homelab #PowerShellProcessManagement #TerminatingProcessesInWindows #UsingTaskkillCommand #PowerShellVsCommandPrompt #AutomateKillingProcesses #PowerShellForceTermination #ManagingRemoteServerProcesses

Killing processes in Windows has long been the easiest way to deal with unresponsive programs that won’t close using the usual means by clicking the “X” in the top right-hand corner. Generally speaking, using the Windows Task Manager is the first method most use to find and close processes that are not responding. However, using the command line, we can leverage command prompt commands and…

View On WordPress

Discover AWS Systems Manager Cross-Account Management

What is AWS Systems Manager?

AWS Systems Manager is a solution that facilitates the management, viewing, and control of your infrastructure in multicloud, on-premises, and AWS settings.

AWS Systems Manager’s advantages

Boost visibility throughout your whole node infrastructure

A consolidated view of all the nodes across the accounts and regions of your company is offered by AWS Systems Manager. Get node information quickly, including its name, ID, installed agents, operating system information, and tags. You may find problems and act more quickly by using Amazon Q Developer to query node metadata in natural language.

Use automation to increase operational efficiency

Reduce the time and effort needed to maintain your systems by automating routine operational chores. Systems Manager eliminates the need for remote PowerShell, SSH, or bastion hosts by enabling you to safely and securely manage your nodes at scale without logging into your servers. It offers a straightforward method for automating routine operational tasks, like software and patch installations, registry modifications, and user administration, across groups of nodes.

Make node management easier at scale in any setting

Any AWS, on-premises, or multicloud environment can run the Systems Manager Agent (SSM Agent), enabling Systems Manager to offer out-of-the-box visibility and simplifying managed node maintenance. Set up diagnostics to run automatically in order to find problems with the SSM Agent. Issues with pre-defined runbooks can then be fixed. Once under control, nodes can efficiently carry out vital operational functions including remotely executing commands, starting logged sessions, and patching nodes with security updates.

Tools

You can use the entire suite of AWS Systems Manager tools to securely connect to nodes without managing bastion hosts or SSH keys, patch nodes with security updates, automate operational commands at scale, and obtain thorough fleet visibility once your nodes are managed by Systems Manager.

Use cases

Control every node you have

Gain thorough insight into your hybrid and multicloud systems, as well as your node infrastructure across Amazon Web Services accounts and regions. Rapidly detect and resolve agent problems to restore unmanaged nodes and efficiently carry out crucial operational duties, such applying security updates to nodes, starting and recording sessions, or executing operational commands.

Automate your processes

Make your computational resources available, configure them, and deploy them automatically. To address common problems like misconfigured agents, keep infrastructure up to date with SSM Agent diagnosis and remediation. Execute essential operational activities, like automatically applying fixes for applications and operating systems on a regular basis.

Increase the effectiveness of operations

Prioritize increasing operational effectiveness, cutting expenses, and growing your company. Across your hybrid and multicloud setups, AWS Systems Manager is your enterprise-grade solution for managing nodes at scale with cross-account and cross-region visibility.

Presenting a fresh AWS Systems Manager experience

AWS is presenting an enhanced version of AWS Systems Manager today, which offers the much-desired cross-account and cross-region experience for large-scale node management.

All of your managed nodes, including different kinds of infrastructure like Amazon Elastic Compute Cloud (EC2) instances, containers, virtual machines on other cloud providers, on-premise servers, and edge Internet of Things (IoT) devices, can be seen centrally with the new System Manager experience. When they are linked to Systems Manager and have the Systems Manager Agent (SSM Agent) installed, they are called “managed nodes.”

A node is referred to be a “unmanaged node” if an SSM Agent ceases operating on it for any reason, at which point Systems Manager no longer has access to it. The latest version of Systems Manager also makes it easier to find and troubleshoot unmanaged nodes. To resolve any problems and restore connectivity so they can once more be managed nodes, you may run and even schedule an automated diagnosis that gives you suggested runbooks to follow.

Amazon Q Developer, the most powerful generative AI-powered software development helper, has also been integrated with Systems Manager. Using natural language, you may ask Amazon Q Developer questions about the nodes you’ve handled. You’ll receive quick answers and links to the Systems Manager where you can take action or carry out more research.

With the new interface with Systems Manager in this edition, you can also leverage AWS Organizations to enable a delegated administrator to centrally manage nodes throughout the business.

AWS Systems Manager pricing

You can monitor and fix operational problems with all of your AWS applications and resources, including Amazon Elastic Compute Cloud (EC2), Amazon Relational Database Service (RDS), Amazon Elastic Container Service (ECS), and Amazon Elastic Kubernetes Service (EKS) instances, as well as in multicloud and hybrid environments, using the unified user interface that AWS Systems Manager offers. With AWS Systems Manager, you may begin using the benefits of the AWS Free Tier without paying a dime. No upfront obligations or minimum costs apply. There may be restrictions.

AWS Free Tier

The following functionalities of AWS Systems Manager are available to you for free as part of the AWS Free Tier. There may be restrictions.

Explorer

Enabling Explorer does not incur any further fees. There may be restrictions.

The dashboard of Explorer is populated by paid OpsCenter APIs (GetOpsSummary). These API queries will incur fees. The Export to CSV option uses an aws:executeScript action step to run an Automation document. The cost of these actions may be determined by Automation pricing.

For more details please visit the AWS systems manager pricing page.

In conclusion

Gaining visibility and control over your computing infrastructure and carrying out operational tasks at scale need the use of Systems Manager. Through a centralized dashboard, the new experience provides a centralized view of all your nodes across AWS accounts, on-premises, and multicloud environments. It also integrates Amazon Q Developer for natural language queries and allows one-click SSM Agent troubleshooting. By going to the Systems Manager panel and following the simple steps, you may activate the new experience without paying more.

What is AWS Systems Manager?

AWS Systems Manager is a solution that facilitates the management, viewing, and control of your infrastructure in multicloud, on-premises, and AWS settings.

AWS Systems Manager’s advantages

Boost visibility throughout your whole node infrastructure

A consolidated view of all the nodes across the accounts and regions of your company is offered by AWS Systems Manager. Get node information quickly, including its name, ID, installed agents, operating system information, and tags. You may find problems and act more quickly by using Amazon Q Developer to query node metadata in natural language.

Use automation to increase operational efficiency

Reduce the time and effort needed to maintain your systems by automating routine operational chores. Systems Manager eliminates the need for remote PowerShell, SSH, or bastion hosts by enabling you to safely and securely manage your nodes at scale without logging into your servers. It offers a straightforward method for automating routine operational tasks, like software and patch installations, registry modifications, and user administration, across groups of nodes.

Make node management easier at scale in any setting

Any AWS, on-premises, or multicloud environment can run the Systems Manager Agent (SSM Agent), enabling Systems Manager to offer out-of-the-box visibility and simplifying managed node maintenance. Set up diagnostics to run automatically in order to find problems with the SSM Agent. Issues with pre-defined runbooks can then be fixed. Once under control, nodes can efficiently carry out vital operational functions including remotely executing commands, starting logged sessions, and patching nodes with security updates.

Tools

You can use the entire suite of AWS Systems Manager tools to securely connect to nodes without managing bastion hosts or SSH keys, patch nodes with security updates, automate operational commands at scale, and obtain thorough fleet visibility once your nodes are managed by Systems Manager.

Use cases

Control every node you have

Gain thorough insight into your hybrid and multicloud systems, as well as your node infrastructure across Amazon Web Services accounts and regions. Rapidly detect and resolve agent problems to restore unmanaged nodes and efficiently carry out crucial operational duties, such applying security updates to nodes, starting and recording sessions, or executing operational commands.

Automate your processes

Make your computational resources available, configure them, and deploy them automatically. To address common problems like misconfigured agents, keep infrastructure up to date with SSM Agent diagnosis and remediation. Execute essential operational activities, like automatically applying fixes for applications and operating systems on a regular basis.

Increase the effectiveness of operations

Prioritize increasing operational effectiveness, cutting expenses, and growing your company. Across your hybrid and multicloud setups, AWS Systems Manager is your enterprise-grade solution for managing nodes at scale with cross-account and cross-region visibility.

Presenting a fresh AWS Systems Manager experience

AWS is presenting an enhanced version of AWS Systems Manager today, which offers the much-desired cross-account and cross-region experience for large-scale node management.

All of your managed nodes, including different kinds of infrastructure like Amazon Elastic Compute Cloud (EC2) instances, containers, virtual machines on other cloud providers, on-premise servers, and edge Internet of Things (IoT) devices, can be seen centrally with the new System Manager experience. When they are linked to Systems Manager and have the Systems Manager Agent (SSM Agent) installed, they are called “managed nodes.”

A node is referred to be a “unmanaged node” if an SSM Agent ceases operating on it for any reason, at which point Systems Manager no longer has access to it. The latest version of Systems Manager also makes it easier to find and troubleshoot unmanaged nodes. To resolve any problems and restore connectivity so they can once more be managed nodes, you may run and even schedule an automated diagnosis that gives you suggested runbooks to follow.

Amazon Q Developer, the most powerful generative AI-powered software development helper, has also been integrated with Systems Manager. Using natural language, you may ask Amazon Q Developer questions about the nodes you’ve handled. You’ll receive quick answers and links to the Systems Manager where you can take action or carry out more research.

With the new interface with Systems Manager in this edition, you can also leverage AWS Organizations to enable a delegated administrator to centrally manage nodes throughout the business.

AWS Systems Manager pricing

You can monitor and fix operational problems with all of your AWS applications and resources, including Amazon Elastic Compute Cloud (EC2), Amazon Relational Database Service (RDS), Amazon Elastic Container Service (ECS), and Amazon Elastic Kubernetes Service (EKS) instances, as well as in multicloud and hybrid environments, using the unified user interface that AWS Systems Manager offers. With AWS Systems Manager, you may begin using the benefits of the AWS Free Tier without paying a dime. No upfront obligations or minimum costs apply. There may be restrictions.

AWS Free Tier

The following functionalities of AWS Systems Manager are available to you for free as part of the AWS Free Tier. There may be restrictions.

Explorer

Enabling Explorer does not incur any further fees. There may be restrictions.

The dashboard of Explorer is populated by paid OpsCenter APIs (GetOpsSummary). These API queries will incur fees. The Export to CSV option uses an aws:executeScript action step to run an Automation document. The cost of these actions may be determined by Automation pricing.

For more details please visit the AWS systems manager pricing page.

In conclusion

Gaining visibility and control over your computing infrastructure and carrying out operational tasks at scale need the use of Systems Manager. Through a centralized dashboard, the new experience provides a centralized view of all your nodes across AWS accounts, on-premises, and multicloud environments. It also integrates Amazon Q Developer for natural language queries and allows one-click SSM Agent troubleshooting. By going to the Systems Manager panel and following the simple steps, you may activate the new experience without paying more.

Read more on govindhtech.com

APT41 Targets Taiwanese Government Research Institute with ShadowPad and Cobalt Strike

Cisco Talos researchers have reported a significant cyber attack on a Taiwanese government-affiliated research institute, attributing the breach to the China-linked group APT41 with medium confidence. The campaign began as early as July 2023 and involved deploying advanced malware tools including ShadowPad and Cobalt Strike. Attack Overview and Attribution The researchers identified several key aspects of the attack: - The campaign targeted a Taiwanese government-affiliated research institute - APT41, a group allegedly comprised of Chinese nationals, is believed to be responsible - Attribution is based on overlaps in tactics, techniques, and procedures (TTPs), infrastructure, and malware families exclusive to Chinese APT groups ShadowPad Malware Deployment A central component of the attack was the use of ShadowPad, a sophisticated modular remote access trojan (RAT): - ShadowPad is known to be sold exclusively to Chinese hacking groups - The malware exploited an outdated vulnerable version of Microsoft Office IME binary as a loader - A customized second-stage loader was used to launch the payload - Two distinct iterations of ShadowPad were encountered during the investigation Cobalt Strike and Custom Loaders The attackers also leveraged Cobalt Strike and developed custom loaders to evade detection: - A unique Cobalt Strike loader written in GoLang was used to bypass Windows Defender - The loader was derived from an anti-AV tool called CS-Avoid-Killing, found on GitHub - Simplified Chinese file and directory paths suggest the attackers' proficiency in the language - PowerShell commands were used to execute scripts for running ShadowPad directly in memory and fetching Cobalt Strike from command and control (C2) servers

The Github repository of Cobalt Strike loader. Exploitation of CVE-2018-0824 APT41 demonstrated advanced capabilities by exploiting a known vulnerability: - The group created a custom loader to inject a proof-of-concept for CVE-2018-0824 directly into memory - This remote code execution vulnerability was used to achieve local privilege escalation - A tool called UnmarshalPwn was employed in the exploitation process Attack Methodology and Persistence The attackers employed various techniques to maintain access and avoid detection: - Three hosts in the targeted environment were compromised - Documents were exfiltrated from the network - A web shell was used to maintain persistence and drop additional payloads - The "quser" command was executed to monitor for other logged-on users, allowing the attackers to pause activities if detected - After deploying backdoors, the web shell and guest account used for initial access were deleted Broader Implications and Ongoing Investigations Cisco Talos researchers emphasized the potential for further discoveries: - Analysis of artifacts from this campaign led to the identification of samples and infrastructure potentially used in different campaigns - Sharing these findings could help the cybersecurity community make connections and enhance ongoing investigations - Indicators of Compromise (IoCs) for this campaign have been released on Cisco Talos' GitHub repository This sophisticated cyber attack on a Taiwanese government research institute highlights the ongoing threat posed by advanced persistent threat (APT) groups like APT41. Complex malware such as ShadowPad, combined with custom loaders and exploitation of known vulnerabilities, demonstrates the evolving tactics employed by state-sponsored threat actors. Read the full article

MacOS Users Beware! The HZ RAT Spy Software Targeting DingTalk and WeChat Exposed

With the rapid development of information technology, network security issues are becoming increasingly prominent. Especially malicious software attacks targeting enterprise-level communication tools are gradually becoming new security challenges. Recently, Kaspersky Lab released a report revealing that a new type of malicious software called HZ RAT is launching large-scale espionage activities against DingTalk and WeChat users on the MacOS platform. This news quickly attracted high attention from the industry.

HZ RAT is a backdoor malicious software initially discovered by the German cybersecurity company DCSO in November 2022. This malicious software is mainly spread through self-extracting zip files or malicious RTF documents. The latter exploits a vulnerability (CVE-2017-11882) that has existed in Microsoft Office for many years. In addition to the traditional Windows platform, the developers of HZ RAT clearly have not ignored the growth potential of the MacOS user group. They have specially designed a version suitable for the MacOS system, enabling this malicious software to run rampant on different operating systems.

According to the discovery of Kaspersky researcher Sergey Puzan, the functions of the HZ RAT MacOS version are similar to those of the Windows version. The difference lies in that it relies on receiving instructions through shell scripts issued by a remote server. This means that whether it is a Windows or MacOS user, once infected with HZ RAT, the attacker can easily remotely control the victim device through the Command and Control (C2) server. HZ RAT can perform a series of dangerous operations, including but not limited to executing PowerShell commands, writing arbitrary files, uploading files to the server, and regularly sending heartbeat information to confirm the status of the target device. These functions make HZ RAT very suitable for stealing credentials and conducting system reconnaissance.

It is worth noting that one of the spreading methods of the HZ RAT MacOS version is to disguise itself as an installation package of a legitimate application, such as OpenVPN Connect. When a user installs this disguised software, the malicious software will establish a connection with the C2 server and start to perform its malicious tasks. Worryingly, HZ RAT can not only extract sensitive information such as WeChat ID, email address, and phone number from DingTalk and WeChat but also obtain more information about the user's organization.

The emergence of the HZ RAT MacOS version indicates that the previous attackers are still active and are constantly evolving their attack methods. Although the main goal of these malicious software currently seems to be to collect user data, considering its lateral movement capabilities, future threats may become more complex and dangerous.

At the same time, this espionage activity targeting MacOS users has once again triggered trust issues about network security products. Looking back at history, the U.S. government once included the products of the Russian cybersecurity giant Kaspersky Lab on the banned sales list due to national security considerations. Now, similar concerns seem to be surrounding Chinese cybersecurity companies. At the beginning of 2024, the U.S. Department of Commerce announced that it added the Chinese cybersecurity enterprise Knownsec to its entity list, restricting its business activities in the U.S. market. This measure is undoubtedly another impact on the global cybersecurity landscape. It not only affects the international business of related enterprises but also triggers extensive discussions about technological autonomy and information security guarantees.

Whether it is the continuous threat of HZ RAT or the frictions generated by international technological competition, they are all reminding us of the importance of network security and the complex situation it faces. In the face of evolving network threats, enterprises and individuals should be more vigilant and strengthen their self-protection awareness. At the same time, governments and enterprises of all countries also need to strengthen cooperation to jointly build a more solid network defense line to ensure the security and stability of the information age.

How to Set Time Zone Using PowerShell: A Step-by-Step Guide

When managing a Remote Desktop Protocol (RDP) server, ensuring that the time zone is correctly set is crucial for maintaining synchronization and avoiding time-related issues. Whether you’re using a free RDP server or have decided to buy RDP services, this guide will walk you through the process of setting the time zone using PowerShell. Follow these steps to ensure your Windows RDP environment is accurately configured.

Understanding the Importance of Setting the Correct Time Zone

Preparing Your Windows RDP Server

Before you begin, make sure you have administrative access to the Windows RDP server. PowerShell is a powerful tool that requires appropriate permissions to make system changes. Whether you’re using a free RDP server or a paid one, administrative rights are a prerequisite for the steps outlined below.

Step-by-Step Guide to Setting the Time Zone Using PowerShell

Step 1: Open PowerShell

First, log into your Windows RDP server. If you’re using an RDP client, connect to your server using the appropriate credentials. Once logged in, open PowerShell with administrative privileges. You can do this by searching for PowerShell in the start menu, right-clicking on it, and selecting “Run as administrator”.

Step 2: Check the Current Time Zone

Before making any changes, it’s a good idea to check the current time zone setting on your RDP server. Use the following command in PowerShell:powershellCopy codeGet-TimeZone

This command will display the current time zone configured on your Windows RDP server. This is especially useful if you’re troubleshooting time zone-related issues on a free RDP server or one that you recently bought.

Step 3: List Available Time Zones

This command will output a list of all time zones that your Windows RDP server supports. Review this list to find the appropriate time zone for your needs. Whether you’re managing a free RDP server or a commercial one, this list is comprehensive and covers all possible configurations.

Step 4: Set the Desired Time Zone

Once you have identified the correct time zone, you can set it using the Set-TimeZone cmdlet. For example, if you want to set the time zone to "Pacific Standard Time", use the following command:powershellCopy codeSet-TimeZone -Name "Pacific Standard Time"

Ensure that you replace “Pacific Standard Time” with the exact name of the time zone you want to set, as listed by the Get-TimeZone -ListAvailable command. This step is the same regardless of whether you're configuring a free RDP server or one you've opted to buy RDP access for.

Step 5: Verify the Change

After setting the new time zone, it’s important to verify that the change has been applied correctly. Use the Get-TimeZone command again to check the current time zone:powershellCopy codeGet-TimeZone

This confirmation step ensures that your Windows RDP server is now operating in the correct time zone. It’s a quick and effective way to double-check your work, whether you’re managing a free RDP server or a purchased one.

Troubleshooting Common Issues

Even though setting the time zone on your Windows RDP server is generally straightforward, you might encounter some issues. Here are a few common problems and how to solve them:

Insufficient Permissions: Ensure you are running PowerShell as an administrator. Without administrative privileges, you won’t be able to change the time zone.

Incorrect Time Zone Name: If you receive an error stating the time zone name is incorrect, double-check the list provided by the Get-TimeZone -ListAvailable command to ensure you have the correct name.

Sync Issues: After setting the time zone, if you still face synchronization issues, check other related settings such as the system clock and time synchronization settings on your RDP server.

Conclusion

Setting the time zone on your Windows RDP server using PowerShell is an essential task for maintaining accurate timekeeping and ensuring the smooth operation of your server environment. Whether you’re managing a free RDP server or a paid service, the steps outlined in this guide will help you configure the time zone correctly. By following this step-by-step guide, you can ensure that your RDP server is always running at the correct time, providing a better experience for all users.

PowerShell: Find Remote Desktop Servers on A Domain

Remote Desktop Servers have a way of multiplying themselves like some kind of organic creature. Most administrators know how to deploy RDS and it is a good to solution for a variety of issues. The simple script below scans domain servers for the installed features. $ErrorActionPreference = "SilentlyContinue"$Servers = Get-ADComputer -Filter 'Operatingsystem -Like "*server*"' -Properties…

View On WordPress

Enable WinRM on Windows Servers and Windows PCs

In this article, we shall discuss how to enable WinRM on Windows Servers and Windows PCs. Windows PowerShell remoting lets you run any Windows PowerShell command on one or more remote computers. You can establish persistent connections, start interactive sessions, and run scripts on remote computers. PowerShell remoting is similar to SSH used in accessing remote computers. Please see how to…