Windows

Enable TLS 1.2 in Powershell

Posted on by Andy

Enable TLS 1.2 per powershell session:

Open your Windows PowerShell and type:

[Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;

Another way is to manipulation your windows registry. As always when working inside the registry, do a backup beforehand…

# set strong cryptography on 64 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
# set strong cryptography on 32 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

Deploy Acrobat Reader DC through GPO

Posted on by Andy

Well this was more difficult than i thought to have an updated version installed through GPO. There are many howtos but only this worked for me. So here now the RIGHT WAY:

Download the latest enterprise version here:

https://get.adobe.com/uk/reader/enterprise/

Now save it to your local disk, open powershell and goto where the file is saved. Extract all installer files with:

PS> .\AcroRdrDC1900820071_en_US.exe -sfx_o"C:\AcroRdrDC_Deploy" -sfx_ne

Note that the filename may be different due to newer or older versions.

Great! You should now have several files, including an .MSI in the extracted folder. Now go there:

PS> cd C:\AcroRdrDC_Deploy

Now the following step is optional and only needed if you want to customize your MSI:

Download the Adobe Customiser here:

https://www.adobe.com/devnet-docs/acrobatetk/tools/Wizard/index.html

After installing the Customiser, launch it and open the C:\AcroRdrDC_Deploy\AcroRead.msi file. Do your customisations and save the transformation file next to the MSI. This will generate a .MST file.

Now you need to create an AIP folder with:

PS> msiexec.exe /a AcroRead.msi

An installer opens up. Follow the wizard and save to a folder, e.g. C:\AcroRdrDC_Deploy\AIP

Copy the .MSP update file AcroRdrDCUpdXXXXXXXXX.msp and AcroRead.mst file to C:\AcroRdrDC_Deploy\AIP

When done, go to the AIP folder and execute:

PS> msiexec.exe /a AcroReader.msi /p AcroRdrDCUpd2001320074.msp

This applies the patch. Then copy the whole AIP to a network share and go to your Group Policy Management.

To deploy the MSI now you need to add the software as ADVANCED, not ASSIGNED. Go to the Modifications tab and select the .MST file here.

Launch an gpupdate /force on your client machine and after a reboot, the latest Adobe Reader DC should be installed.

Configure Windows Server to query an external NTP Server

Posted on by Andy

This is generally performed on DCs in an Active Directory domain. Then all workstations use AD to get time from the DCs. This could also be used on a non-DC windows machine to be your NTP server for your network that you point to for all of your switches/routers and various other devices.

First, open PowerShell and stop the Windows Time Service:

> net stop w32time

then set the used NTP servers using

> w32tm /config /syncfromflags:manual /manualpeerlist:"0.us.pool.ntp.org,1.us.pool.ntp.org,2.us.pool.ntp.org,3.us.pool.ntp.org"

(get the best servers for your region from https://www.ntppool.org)

mark the servers as reliable with

> w32tm /config /reliable:yes

and last, start the service again.

> net start w32time

You can check the configuration by using following commands:

> w32tm /query /configuration
> w32tm /query /status