Wanted to use group policy to disable icmp redirect

Found here

 

http://arnavsharma.net/1/post/2014/03/enabling-mss-setting-on-windows-server.html

 

By default MSS settings are not visible in Windows Operating system and Servers.

Eg. MSS: (AutoAdminLogon) Enable Automatic Logon, MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes etc

These additional group policy settings were developed by the Microsoft Solutions for Security group and are documented in the appropriate security guides.

For Windows Server 2008 is available here: http://www.microsoft.com/en-us/download/details.aspx?id=17606

There are two methods to enable MSS settings :

1.       Using Microsoft Security Compliance tool.
2.       Editing sceregvl.inf file.

  • Using Microsoft Security Compliance tool.

1.       Download Security compliance manager from here : http://technet.microsoft.com/en-us/solutionaccelerators/cc835245.aspx
2.       Install SCM
3.       After installing SCM, copy  “LocalGPO.msi” file from the following path: “C:\Program Files (x86)\Microsoft Security Compliance             Manager\LGPO\LocalGPO.msi”
4.       Run and install the file “LocalGPO.msi” on the server.
5.       Open command prompt and browse to : “C:\Program Files (x86)\LocalGPO”
6.       Run following command “Cscript LocalGPO.wsf /ConfigSCE”
7.       Now MSS Settings will be visible in Security Options in Local Group policy settings.

  • Editing sceregvl.inf file.

1.       Browse to %systemroot%\inf
2.       Take ownership of sceregvl.inf and full access on your ID.
3.       Open sceregvl.inf using notepad.
4.       Scroll down to [Register Registry Values] part and copy the contents of this file under [Register Registry Values].
5.       Now browse to [Strings] part and copy the contents of this file under [Strings].
6.       Save sceregvl.inf
7.       Run this command on elevated command prompt “regsvr32 scecli.dll
8.       Now MSS Settings will be visible in Security Options in Local Group policy   settings.

Powershell to add remove computers from group policy security filter

Install Group Policy Management (on a server 2008 R2 or higher)

Then you are able to run import-module grouppolicy

So, to add a computer to a ‘security filter’ you need to add GpoApply (which is both read and apply permissions) and it will then show in the security filtering pane

The command to do so is

Set-GPPermissions -Name “MyTest” -PermissionLevel GpoApply -TargetName “TheComputer” -TargetType Computer

To Remove the computer is quite simple, same command but set permissionlevel to none

Set-GPPermissions -Name “MyTest” -PermissionLevel None -TargetName “TheComputer” -TargetType Computer

#zerto review

So far this software is in the camp of it just works :)

Once you get the ZVM created you create the VRA’s

After that you log into the web portal and create the VPG’s and done.

So besides the alphabet soup :) its pretty dang easy!

#zerto rant, just show me the software

Hello, Zerto. All over your webpage it says I can download your trial software

… it has been three days.

I’m really trying to like your software…..

But, I would, you know like to try the software….

Installing ephesoft v4.0.2.0 in ubuntu 14.04.03, maybe

So, first off they hide the installer in plain site.

Yup, on this page http://wiki.ephesoft.com/community-edition-v4-0-2-0

you can click on

Ok, grab yourself a copy of ubuntu server, I just took the defaults

run this

sudo apt-get install openssh-server

Now you can use winscp to transfer over the files.

Now I just basically followed this guide http://www.ephesoft.com/wiki/index.php?title=Linux_Installation

Version 4.0 asks slightly different questions, but I just rolled with it.

after a wait… of an hour or two… Ephesoft installed successfully :)

Wow! It actually works!

So, been messing with it a bit. On second thought the Ubuntu desktop might be a better fix (I just like GUI’s and all)

So I used.

sudo aptitude install ubuntu-desktop

To try and get a desktop gui and resolve some conflicts. hmm well now the ephesoft no worky.Oh well, this time I’ll try a ubuntu desktop install from the beginning

…. second stab using ubuntu desktop, I have a desktop and ephesoft! score

sonicwall sso setup

Installing SonicWALL Directory Connector ( SSO Component )

This is a short and sweet mini-guide to setting up the SonicWALL Directory Connector. This should be everything that you need to get it up and running, from there you can setup the more advanced functionality, such as Terminal Services Integration on your own.

  1. Download and the SonicWALL Directory Connector for either 32 bit or 64 bit systems from mysonicwall.com
  2. Install the product with its defaults, when prompted for credentials enter a domain admin’s credentials.
  3. When Prompted to enter SonicWALL Device information enter the Internal IP of your SonicWALL, and create a shared key to be used by the SSO Component and your Device.
  4. Finish the Installer and then launch it.
  5. Now log into your SonicWALL Device and Expand “Users” in the left pane and then click on “Settings”.
  6. Under the section “Single-sign-on method:” change the drop down box to “SSO Agent” and click on the “Configure” button.
  7. On the “Settings” tab click the “Add…” button to add your agent, modify the IP, Port, and Shared Key to that of your server/workstation running the software. Click Apply. NOTE: If the status light does not turn green, you may need to add a firewall rule on the server/workstation to allow inbound connections on that port. I’ve also had to add both of these .exes to the list of excluded applications to get this software to work through the windows firewall: %ProgramFiles% (x86)\SonicWALL\DCON\CIAService.exe, %ProgramFiles% (x86)\SonicWALL\DCON\SoniCON.exe
  8. Under the “Users” tab make sure to add the Usernames of any Service accounts on the network that should be excluded from SSO reporting.
  9. Create a new Address Group on the sonicwall, and place into it all Devices that should be excluded from SSO Attempts, such as routers, switches, printers, wireless access points, basically anything that isn’t a windows PC. All of these devices will be governed by the “Default” Content Filtering Policy if CFS is in place.

Hopefully you found this helpful and it saved you some time

#Ephesoft Community Edition location

For what ever reason the google doesn’t go right here like it should

http://wiki.ephesoft.com/community-edition-v4-0-2-0

I will commence playing, and let you know what I think

Follow

Get every new post delivered to your Inbox.

Join 256 other followers