Joerg Hochwald jhochwald

## IIS_SSLConfig.ps1
#requires -Version 1.0

function Set-EnableStrongSSLConfig
{
	<#
			.SYNOPSIS
			Make IIS SSL Config more secure

			.DESCRIPTION
			Enales a stronger SSL configuration in IIS

## office2016_postinstall.sh
#!/usr/bin/env bash

###
#
# office2016_postinstall.sh
#
# This little helper suppresses the "What’s New" dialog for Office 2016 apps,
# and it also prevents the transfer of the telemetry data to Microsoft.
# Outlook 2016 and OneNote need an addition setting;
# The script takes care about that!

## fix_adfs_for_Windows10_and_edge.ps1
<#
  Tweaked Version that prevents the Auth Pop-Up on non Windows devices a bit better
  These Devices should get the regular Forms based (HTML Page) instead.

  I was asked: Nope, 'Mozilla/5.0 (Windows NT' is correct, not an error ;-)
#>

# Execute this on your ADFS Server
# If you have more then one, use your primary ADFS server, this is essential!
Set-ADFSProperties -ExtendedProtectionTokenCheck None

## Create_new_Storage_Space.ps1
#requires -Version 3.0 -Modules Storage

# Get all Physical Disks
<#
		.SYNOPSIS
		Create a new Storage Space for my Hyper-V Server

		.DESCRIPTION
		Creates a new Storage Space with a SSD and a HDD Tier for my Hyper-V Server


## Exchange-Migration_proxy_fix.ps1
<#
		.SYNOPSIS
		Fix Exchange Migration Endpoint Proxy

		.DESCRIPTION
		Disable and enable MRSProxyEnabled on the Exchange WebServicesVirtualDirectory

		.NOTES
		I had an issue while enable a hybrid deployment.
		The Wizard enabled it (as he should), but then failed during the test.

## ADFS_Snippets.ps1
# Turn off Certificate Rollover
Set-AdfsProperties -AutoCertificateRollover $false

# Allow Login via Mail (And UPN)
Set-AdfsClaimsProviderTrust -TargetIdentifier "AD AUTHORITY" -AlternateLoginID mail -LookupForests $ADDom


<#
	Enable SNI (Might be needed)

## Protect_all_OUs_in_AD-Domain.ps1
# Protect all existing OUs in your domain from accidental deletion
# As required from the Active Directory Best Practices Analyzer (BPA)
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | Where-Object -FilterScript {
	$_.ProtectedFromAccidentalDeletion -eq $false
} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true

## Tweak_AD_DNS_Zones.ps1
<#
	Modify all Primary DNS Zones
#>

# Defaults (Check this)
$NoRefreshInterval  = New-TimeSpan -Days '7'
$RefreshInterval    = New-TimeSpan -Days '7'
$ScavengingInterval = New-TimeSpan -Days '4'

# Select the DNS Zones to modify

## Remove_all_DNS_RootHints.ps1
Get-DnsServerRootHint | Remove-DnsServerRootHint -Force
# Might be a good idea if you use forwarders (e.g. Google DNS, OpenDNS, or others)
# I remove them because I use a a Linux based DNS Servers as forwarder. They run a caching Name Server based on unbound.

## invoke-DisableNetbiosOnServers.ps1
function invoke-DisableNetbiosOnServers
{
	<#
			.SYNOPSIS
			Disables the NetBIOS of all NICs on all servers within the AD

			.DESCRIPTION
			Disables the NetBIOS of all NICs on all servers within the AD and Unchecks the DNS registration of all non AD pointing NICs (based on the IP Address)

			.EXAMPLE
	#requires -Version 1.0

	function Set-EnableStrongSSLConfig
	{
	<#
	.SYNOPSIS
	Make IIS SSL Config more secure

	.DESCRIPTION
	Enales a stronger SSL configuration in IIS
	#!/usr/bin/env bash

	###
	#
	# office2016_postinstall.sh
	#
	# This little helper suppresses the "What’s New" dialog for Office 2016 apps,
	# and it also prevents the transfer of the telemetry data to Microsoft.
	# Outlook 2016 and OneNote need an addition setting;
	# The script takes care about that!
	<#
	Tweaked Version that prevents the Auth Pop-Up on non Windows devices a bit better
	These Devices should get the regular Forms based (HTML Page) instead.

	I was asked: Nope, 'Mozilla/5.0 (Windows NT' is correct, not an error ;-)
	#>

	# Execute this on your ADFS Server
	# If you have more then one, use your primary ADFS server, this is essential!
	Set-ADFSProperties -ExtendedProtectionTokenCheck None
	#requires -Version 3.0 -Modules Storage

	# Get all Physical Disks
	<#
	.SYNOPSIS
	Create a new Storage Space for my Hyper-V Server

	.DESCRIPTION
	Creates a new Storage Space with a SSD and a HDD Tier for my Hyper-V Server
	<#
	.SYNOPSIS
	Fix Exchange Migration Endpoint Proxy

	.DESCRIPTION
	Disable and enable MRSProxyEnabled on the Exchange WebServicesVirtualDirectory

	.NOTES
	I had an issue while enable a hybrid deployment.
	The Wizard enabled it (as he should), but then failed during the test.
	# Turn off Certificate Rollover
	Set-AdfsProperties -AutoCertificateRollover $false

	# Allow Login via Mail (And UPN)
	Set-AdfsClaimsProviderTrust -TargetIdentifier "AD AUTHORITY" -AlternateLoginID mail -LookupForests $ADDom


	<#
	Enable SNI (Might be needed)
	# Protect all existing OUs in your domain from accidental deletion
	# As required from the Active Directory Best Practices Analyzer (BPA)
	Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion \| Where-Object -FilterScript {
	$_.ProtectedFromAccidentalDeletion -eq $false
	} \| Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true
	<#
	Modify all Primary DNS Zones
	#>

	# Defaults (Check this)
	$NoRefreshInterval = New-TimeSpan -Days '7'
	$RefreshInterval = New-TimeSpan -Days '7'
	$ScavengingInterval = New-TimeSpan -Days '4'

	# Select the DNS Zones to modify
	Get-DnsServerRootHint \| Remove-DnsServerRootHint -Force
	# Might be a good idea if you use forwarders (e.g. Google DNS, OpenDNS, or others)
	# I remove them because I use a a Linux based DNS Servers as forwarder. They run a caching Name Server based on unbound.
	function invoke-DisableNetbiosOnServers
	{
	<#
	.SYNOPSIS
	Disables the NetBIOS of all NICs on all servers within the AD

	.DESCRIPTION
	Disables the NetBIOS of all NICs on all servers within the AD and Unchecks the DNS registration of all non AD pointing NICs (based on the IP Address)

	.EXAMPLE