Microsoft | Alex Ø. T. Hansen

Alex Ø. T. Hansen

05/07/2018

SCCM – Create Device Collections Based On Security Groups

I’m back again, with a quick how-to on SCCM.

Have you ever needed to create device collections based on security groups (user accounts) in Active Directory? -Well look no further!
You can use the following WQL in a collection.
Only thing you need to change is the SMS_R_User.UserGroupName=”CONTOSO\\mysecuritygroup”.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client
from SMS_R_System
JOIN SMS_UserMachineRelationship ON  SMS_R_System.Name=SMS_UserMachineRelationship.ResourceName
JOIN SMS_R_User ON  SMS_UserMachineRelationship.UniqueUserName = SMS_R_User.UniqueUserName
WHERE   SMS_UserMachineRelationship.Types=1  AND   SMS_R_User.UserGroupName="CONTOSO\\mysecuritygroup"

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client

from SMS_R_System

JOIN SMS_UserMachineRelationship ON SMS_R_System.Name=SMS_UserMachineRelationship.ResourceName

JOIN SMS_R_User ON SMS_UserMachineRelationship.UniqueUserName = SMS_R_User.UniqueUserName

WHERE SMS_UserMachineRelationship.Types=1 AND SMS_R_User.UserGroupName="CONTOSO\\mysecuritygroup"

Alex Ø. T. Hansen

18/06/2018

SCCM – Cloud Management Gateway and Cloud Distribution Point

The cloud management gateway (CMG) provides a simple way to manage Configuration Manager clients on the internet. By deploying the CMG as a cloud service in Microsoft Azure, you can manage traditional clients that roam on the internet without additional infrastructure. You also don’t need to expose your on-premises infrastructure to the internet.

A cloud-based distribution point is a System Center Configuration Manager distribution point that is hosted in Microsoft Azure. The following information is intended to help you learn about configurations and limitations for using a cloud-based distribution point.

In this step-by-step guide, I will demonstrate how to configure and establish a Cloud Management Gateway (CMG) and Cloud Distribution Point (CDP) in SCCM and Azure.

In order to walk you through the entire process of setting up the Cloud Management Gateway and Cloud Distribution Point features, I am going to break this down into 6 parts.

Overview
Certificates
Azure Service
Cloud Management Gateway
Cloud Distribution Point
Log Files

Alex Ø. T. Hansen

19/05/2018

PowerShell – Intune Local Administrator Password Solution (iLAPS)

If you have devices that is connected to an on-premise, you would certainly configure the Local Administrator Password Solution (LAPS), which allows unique password for each local administrator across the enterprise network.

Unfortunately this method only works when you have on-premise devices, but what about Azure AD Joined machines? – A short answer is “no”.

LAPS takes advantage of 2 attributes in the local Active Directory, these attributes are not available in Azure AD.

Therefor I have created a small application that mimic the same behavior for Azure AD devices, which I call “iLAPS” for Intune Local Administrator Password Solution.

Alex Ø. T. Hansen

17/05/2018

PowerShell – Symmetric Encryption

You can use this PowerShell function to encrypt/decrypt data with a secret key.

I re-wrote the functions from Travis Gan, for a better overview and also added comments to the code.

Use free of charge!

Alex Ø. T. Hansen

16/05/2018

PowerShell – Azure Storage Using REST API

Yo! I’m back again. This time I have been playing around with Azure Table Storage.

Azure Table storage is a service that stores structured NoSQL data in the cloud, providing a key/attribute store with a schema less design. Because table storage is schema less, it’s easy to adapt your data as the needs of your application evolve. Access to Table storage data is fast and cost-effective for many types of applications, and is typically lower in cost than traditional SQL for similar volumes of data.

You need to create a storage account in an Azure subscription and generate a shared access signature, prior before using the code below.

I created some lightweight functions that allows you to insert and get data from a table with PowerShell, using REST API.

Alex Ø. T. Hansen

15/05/2018

PowerShell – Invoke-Ping

Just wrote a small PowerShell function that can output ping results to a file including timeouts and unreachable information. This is not something the native Test-NetConnection cmdlet can do (prove me wrong?) unfortunately.

Use the function free of charge.

Alex Ø. T. Hansen

07/05/2018

Intune – The sync could not be initiated (0x82ac019e)

Recently I had a few users that couldn’t initiate a sync on their Windows device to Microsoft Intune.

The error was “The sync could not be initiated (0x82ac019e)“, luckily the solution is easy.

Alex Ø. T. Hansen

02/05/2018

Azure AD – Access to BitLocker Recovery Keys

Wonder how to give access to see bitlocker recovery keys in Azure AD? – Look no further!

I’m have been searching for a while after how to grant access to the Azure AD (AAD) BitLocker recovery keys by the “least privilege principle” (PoLP).

You need to have global administrator in order to follow this tutorial, if you are ready, let’s go!

Alex Ø. T. Hansen

25/04/2018

Ethical Hacking – Tools for the 5 Phases of Hacking

After finishing two MCSA (Office 365 & Windows Server 2012 R2) certifications, I’m currently studying to take the CEH v10 certification, which is a valuable tool for any IT-professional.

This post is part of a series called “Ethical Hacking”.

While I’m studying for this certification, I’m going to update this post with variety of useful tools and websites. Only use these tools in your own environment for education purposes only.

Alex Ø. T. Hansen

25/10/2017

SolarWinds Orion – Certificate Expiration Template

I’m back again with one more PowerShell script, this time getting certificate expiration warnings from Windows machines.

You can use the PowerShell script below to create a template and get warnings, critical, down etc. if a certificate is close to expiration or already is expired.