I needed to find all the GPOs that were not currently linked.  Here is the script I cam up with.

Fortigate renew GoDaddy Cert

 Have a GoDaddy cert that has expired, and you need to update your Fortinet device, here are the steps I use to update it.

1. Renew Cert @ Godddy
2. Download certificate with server type = Other
3. Extract the zip file
4. With a text Editor open the .crt file that does not start with "gd"
5. Copy the contents of the file to your clipboard
6. Log into Fortigate
7. Open Command line / Terminal
8. Type: config vpn certificate local
9. Type: show (Verify the name of the cert you are updating"
10. Type: edit sslvpn (or your cert name)
11. See Example at the end of this post, however type this sequence 
1. Type: set certificate “
2. Paste the contents of the .crt file
3. Type: "
4. Type: enter
5. Type: End
12. The Cert should now show valid

 set certificate “—–BEGIN CERTIFICATE—– YBBAGCNxUHBm7xorRWhO7dYIcmuTrsCeCCA0gwPQYJKwDAwLgYmKwYBBAGCNxUIKtkziB9KY0PjDQDYkYHKcTrGa6aLYfd+BwIDAQABo4IDTDH7e1w1uM7kdaBAjyAgM>—–END CERTIFICATE—–“

Navigating trough may different regulatory compliance is rough.  When they start to layer on top of each other when they have their own difference almost makes it impossible.

I really like what the folks over at Secure Controls Framework has done my combining all the controls into a blended model.  This is available for download in Excel Here, or via their Github Here

Windows Firewall rules for Fortinet SSO Collector

The Fortinet SSO Collector service will collect login information from all domain controllers, and forward user / machine / IP information to the FortiGate.

I recently installed new Windows 2022 Domain Controllers in core mode (No GUI).  For the SSO collector and agent communication firewall ports needed to be installed to allow the incoming communications.

References:

Fortinet Community #1

Fortinet Community #2

Fortinet Community #3

Fortinet Guru #1

Tail Windows Defender Firewall Log

 

Grab a NIC IP information and dynamically create a reset script

 I had a request to figure out how to record a NIC's IP information and make it easy to put the config back if required.  the result us a run-able $outfile PowerShell script to reset the settings.

Native Windows 10 packet Sniffer PKTMON

I had to troubleshoot connectivity issues from a Window 10 machine, and really did not want to install Wireshark.  Then I remember reading this document for the built in sniffer: pktmon | Microsoft Docs

 Basically here are the steps:

• Change directory to where you want the results to be saved (I.E. c:\temp)
• Add Filters for the IP you want to monitor for
• pktmon filter add -i 8.8.8.8
• pktmon filter add -i 9.9.9.9

• Start pktmon
• pktmon start –etw  (this will send to PktMon.etl file only)
• pktmon start --etw -l real-time (Will send to PktMon.etl file and the screen)
• Generate the traffic

• Stop pktmon
• pktmon stop

The native file PktMon.etl can only be read by Microsoft’s NetMon.  If you have WireShark installed you can run this command to convert it:

• pktmon pcapng pktmon.etl -o log.pcapng

 

Also for reference, the on screen verbose (-l real-time) of opening nslookup and connecting to 8.8.8.8 would look like this:

 

 

 

There are other options in the linked doc but to get a quick view of traffic, not bad….  Enjoy!

Get all active directory users properties

Need to grab all the properties for all your AD users? Here you go!

Rename Files to a random name

 I had a bunch of photos that I wanted to randomize on a photo frame.  The frame processes photos alphabetically by file name. Since the original filename had the date / time the picture was taken, meant there was no randomness to what was displayed.

I wrote this to change the filenames to a random number.

Remove WSUS GPO settings

Most companies deploy Windows Software Update Services (WSUS) via a group policy to keep all corporate systems updated.  However sometimes nerd in me wants the latest and greatest, before corporate approves them.  So run these commands in a Administrative Powershell Session.  This will remove the WSUS settings until the next GPO sync.