Everything I had read online pointed to having a Public SAN certificate or using a Self-Signed certificate and pushing it out via group policy. I could not find anything about using an Enterprise CA to delve out a certificate for RDS. This got me thinking about using a SAN certificate internally, but how?
On your Enterprise CA you can run the following commands to allow for SAN Certs
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc
Next lets open the Certificates Templates Console
Right-Click the Computer certificate and click “Duplicate Template”.
I just called this template RDS-Cert and set the Validity period to 4 Years.
Below is a quick way to perform a telnet session on a server that is not allowed to have the telnet client for some reason(compliance).
## Create Socket Object
$Socket=New-ObjectNet.Sockets.TcpClient# Suppress error messages
$ErrorActionPreference=‘SilentlyContinue‘# Try to connect
write-host“Port 443 is open”$Socket.Close() ## Destroy the connection
write-host“Port 443 is not open”
One of easiest ways to get a current list of all the inactive Computers in your AD is by using DSQuery. Below you will find two examples of how I use this. You will notice the “-limit 0”. This allows the query to pull back an unlimited amount of computers. At the end I am piping this out to a csv file.
Computer accounts not used in the last 6 months/26 weeks.
dsquery computer -inactive 26 -limit 0 > List_6_months.csv
Computer accounts not used in the last 2 months/8 weeks.
dsquery computer -inactive 8 -limit 0 > List_2_Months.csv
If you receive the following error message when launching the SCCM Console, use the instructions below. You may also see errors in your SMSAdminUI.log file that resemble “The performance counter ‘# result objects in memory’ was not found”.
Go to Control Panel -> Programs and Features. Highlight “Microsoft System Center 2012 Configuration Manager Console” -> click uninstall.
## Some Variables To Use
## Main Window Size
$objForm.Text=“Ping Last User”
Default Instance: Default SQL Install
setspn -A MSSQLSvc/SERVERNAME:PORTNUMBER DOMAIN\SERVICEACCT
setspn -A MSSQLSvc/SERVERNAME.FQDN:PORTNUMBER DOMAIN\SERVICEACCT