We are currently building up a Swedish PowerShell User Group.
Powershell User Group Sweden
The Scandinavian PowerShell user group has been down for some time and It was time to get a Swedish one instead.
[In Swedish]
Vi håller på att bygga upp en Svensk PowerShell användargrupp, PowerShell User Group Sweden.
Just nu finns vi på Facebook. Välkommen att göra oss sällskap om du är intresserad av PowerShell.
Windows 8 server beta was released from Microsoft yesterday.
http://www.microsoft.com/en-us/server-cloud/windows-server/v8-default.aspx
I have installed It in my first test environment on my laptop.
And as It was with previous The Windows 8 developer preview, VMWare Workstation
does not like Windows 8 if you don’t have the latest version of it.
So I run the test on Oracle VM VirtualBox.
Preview pictures of Windows 8 server from my laptop.
I personally likes the PowerShell icon that is pinned from the start 
More blog posts will come later about deployment and powershell with Windows 8 server beta.
This is the updated version of my old LName function.
I changed the name to Get-SNames instead of Get-LNames because of
that I know that the correct name is not Last Name and It should be Surname instead.
I use It in my create AD lab script and in a couple of other scripts when I
need “real” peoples name.
My thought have been to update It so that I can use names from other countries
as well.
So I came up with an updated version of the function that can create
a list from USA and It can also create a list from Sweden, as It could
before.
The Swedish list is taken from The Gothenburg University
The US list is taken from mongabay.com’s name site
I have done some changes to the Swedish list as well.
The list is now sorted and saved as UTF-8. The UTF-8 part is for viewing and using names that contains Swedish letters å ä and ö.
The function can be downloaded from here.
Back in 2009 I wrote a Function that took peoples first names from a source in Sweden.
It was top 1000 names here in Sweden.
I use It in my create AD lab script and in a couple of other scripts when I need “real” peoples name.
My thought have been to update It so that I can use names from other countries as well.
So I came up with an updated version of the function that can create a list from USA and It can also create a list from Sweden, as I could before.
The names from USA comes from Social Security Online.
The Swedish names come from the Gothenburg University.
When you run the function you need to have internet access!
The function can be downloaded from here.
I wrote this tool for my friend DXter a year ago or so.
He did an presentation on bitlocker and wanted a tool that shows
TPM Information from inside Windows and with an GUI.
Now It’s a new year and I have been playing around with it and did some changes:
You need to run the script as Administrator!
You can download the tool here.
The tool is provided “as is”.
Over at 2009 I wrote a ping status function.
The function can now be downloaded from the Script Center Repository at Microsoft.
http://gallery.technet.microsoft.com/Get-PingStatus-Function-e375fec3
I use It in my own scripts and just updated It so I hope others can use It too.
.EXAMPLE
Get-PingStatus server01
.EXAMPLE
if (Get-PingStatus server01) { Write-Host “I’m up!” }
.EXAMPLE
if (!(Get-PingStatus server01)) { Write-Host “I’m not up!” }
I will blog more about Deployment and PowerShell from now on.
This is my second week at Mindgrape.
I will be working more with deployment solutions like
MDT 2010/2012, SCCM 2007/2012 and scripting with PowerShell
and Windows Servers. Plus application packaging with Wise and Admin Studio.
And I will blog at least once a week.
Sorry for being absence from the blog right now. A lot of time consuming stuff is happening at work right now, but I will better myself, I promise! 
A very common problem I see regarding ADCS and PKI is that many structures “survive them self” and are used for purposes that they were not initially designed for.
Some problems that I run in to are that people initially install an classic “next-next-finish” Enterprise Root “just to issue some internal SSL certificates” and after two or three years, the CA has got Sub-CA’s for other Issuing or NAP CA’s and suddenly we have requirements of publically available CRL’s for IP-HTTPS in DirectAccess, or even worse, external parties are trusting this structure for their usage or Sub-CA!
So I thought that is a good idea to “lock down” a PKI to the intended purpose of what the structure was actually designed for.
This can very, very easily be done by using (creating) the %WINDIR%\CAPolicy.inf before your install your Enterprise Root.
The following CAPolicy.inf is an example of a PKI lockdown for an internal Enterprise Root:
[Version]
Signature=”$Windows NT$”
[PolicyStatementExtension]
Policies=InternalUseOnly
[InternalUseOnly]
OID=2.5.29.32.0
Notice=”This PKI is intended for internal use only.”
[BasicConstraintsExtension]
PathLength=0
Critical=Yes
[Certsrv_Server]
LoadDefaultTemplates=False
So what does all this text mean? Well, the PolicyStatementExtension section defines the associated policies with the CA. We specify a policy that we call “InternalUseOnly”. First when I tested this, the ADCS wizard did not parse the content of that section if didn’t had and OID (I just wanted the populate the User Notice field).
A quick phone call to my dear friend and mentor Hasain Alshakarti @ http://www.secadmins.com confirmed the conclusion that I already had come to. A OID MUST be specified. But since a Root CA have the “All Issuance Policy” by default, Hasain came up with the clever idea that we can simply walk around that problem by simply specifying that OID for our policy.
The BasicConstraintsExtension is a very powerful section and by specifying PathLength we can specify how many levels of CA’s we allow underneath the root. A very common configuration that I usually do when I design/implement two tiers is that I have a PathLength=1 on the Root CA and a PathLength=0 on the Issuing CA.
The LoadDefaultTemplates part tells the ADCS setup wizard to NOT populate the default list of certificates in the certificateTemplates attribute in the pKIEnrollmentService object in Enrollment Services under Public Key Services that exists in the Configuration partition in Active Directory. By doing this, we do not enroll any certificates “by accident” and we can ourselves choose the exact templates we want to use on our CA. 
Here are some screenshots!
We can clearly see that our critical extension PathLength does not allow any Subordinay CA’s.
We can also see that our notice text is associated with the All Issuance Policy.
// Fredrik “DXter” Jonsson
Microsoft released the PowerShell 3.0 Community Technology Preview (CTP) 1 for Windows 7 sp1 yesterday.
Download and more information can be found here.
More and more people are talking about turning of the new menu in Windows 8.
The Start thing or the Metro.
Both in Windows 8 Server and the Windows 8 client.
My friend Mikael Nyström wrote how to do this with reg.exe for Windows 8 Server
on his blog.
I’m a PowerShell person and I like simple stuff so I created a PowerShell script that will put a Shortcut on the desktop after the first run of the script.
And when you click the Shortcut you are back to the new one again and
now you have a new shortcut.
I have notice that the deletion of the .lnk not shows up directly.
So you might have to hit F5 after the run of the script to see only one shortcut.
The script are made to be in c:\scripts and be named menuwin8.ps1
And you need to change the execution policy before you run the script!
Hit the downloads button for the script…
