How to Change Remote Desktop Protocol Port Number

By default, the port number for RDP is 3389 and if you have Remote Desktop enabled, this is the port that RDP is listening on for incoming connections. This is also a well known attack vector that script kiddies and bots will attempt to target for exploitation.

While you should never leave Remote Desktop open to the outside world, should you choose to do so, you should at least change the port number to something other than the default 3389. This will not thwart a determined attacker from finding the open port via a port scan of the network, but it will cut down on a lot of the automated scans searching only for open connections on this port. Ideally, Remote Desktop should only be allowed on the internal network, and if you need to access it externally, you will use a VPN to first connect, and then RDP to your destination. If this is not feasible, then having an account lockout policy defined on the computer accepting the connections will help combat brute force attacks. We have a write-up on how to configure a lockout policy here: Lockout Policy Creation 

On your Windows server or workstation, follow the below steps to change your RDP port to one of your choosing:

1. Open the registry by going pressing the Windows + R keys and enter "Regedit"

2. Once the Registry Editor is open, browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\ and find the DWord entry "Port Number"

3. Double-click "PortNumber", change the base to decimal, and enter a value between 1025 and 65535. Click Ok and reboot the system.

Now, the only other thing you will need to do is that when you want to connect to this machine you will need to append the port number to the IP address or the host name that you enter into RDP. 

You can view an in depth article on changing your RDP Listening Port by click on this link!

Windows 10, Windows 7 - How to Create a Local Lockout Policy for Bad Password Attempts

Having a lockout policy in place for your computer will help protect against brute force password attacks and there are numerous reasons where someone would want to configure a lockout policy on a local, non-domain joined computer. You may have remote access configured so you can connect to your PC when you are away from home or the office. You may be hosting software that requires an outside connection or you simply may be just a security minded individual who wants an extra layer of security. Whatever the reason, it would be prudent to configure a lockout policy to help prevent against unauthorized intrusion.

All recent versions of Windows provide a built in mechanism for configuring a user account to be locked out due to too many bad password attempts which can be done through the Local Security Policy Editor.

To configure a lockout policy:

1. Launch the local policy editor by clicking the Win + R key, type in "secpol.msc", hit enter. Alternatively, in Win 10, you can also simply do a search for Local Security Policy.

2. Once the editor is launched, expand "Account Policies" and select "Account Lockout Policy".

3. Here, you will find three settings to edit. The first one is the "Account lockout threshold". This will allow you to set the amount of bad password attempts before the account is locked out. You will want to set this between 3 to 5 bad attempts. 

Next, you will likely want to configure the "Account lockout duration". This sets the amount of time the account will remain locked out for. Even setting it to five minutes should be enough to make it extremely difficult to brute force a password. Not configuring the setting will leave the account locked out until it is manually unlocked by another user account with administrator privileges. 

Finally, the "Reset account lockout after" setting lets you set a minimum number of minutes that must elapse after the failed logon attempt before the failed logon attempt counter is reset back to 0 bad logons. 

Click "Ok" once the values are set and now when someone tries to enter too many incorrect passwords, the account will be locked out per the settings you have configured. Do keep in mind that if the lockout timer setting is not configured, the account will remain locked until unlocked by an administrator. It is a good idea to have multiple accounts set up with the ones that are connecting remotely have lesser privileges than an administrator. 

For yet an additional layer of security, you may want to look into a address blocker like IPBan. It is a free Windows port of Fail2Ban that will block the IP address after detecting a brute force attack. Read more on it here: IPBan

List of Free to Use Public DNS Resolvers

What is DNS?

DNS stands for Domain Name Service and translates host names, like google.com or rockhilltek.com, to IP addresses. It is essentially the phone book for the Internet. 

Every device, computer, server, etc that is connected to the internet has a unique IP address, which other computers use to find the device. DNS eliminates the need to remember these addresses, and instead uses a friendly name that is easier to recall. 

Your Internet Service Provider runs their own DNS servers for you, but there are many third party DNS services out there that are free to use and may offer better performance and security over what is provided by your ISP. 

Click here to read our article on setting your PC's DNS servers.

Unfiltered DNS

Cloudflare (DNSSec): 1.1.1.1 and 1.0.0.1

Cloudflare IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001   

             

Google (DNSSec): 8.8.8.8 and 8.8.4.4

Google IPv6: 2001:4860:4860::8888 and 2001:4860:4860::8844

Quad9 (DNSSec): 9.9.9.10    

Quad9 IPv6: 2620:fe::fe and 2620:fe::9  

           

Freenom: 80.80.80.80 and 80.80.81.81

Verisign: 64.6.64.6 and 64.6.65.6

Verisign IPv6: 2620:74:1b::1:1

Filtered DNS (blocks malicious sites)

Quad9: 9.9.9.9

Norton: 185.228.165.165

Filtered DNS (blocks adult content)

Cleanbrowsing: 185.228.168.9 and 185.228.169.9

Cleanbrowsing (adult filter): 185.228.168.10

Cleanbrowsing (family filter): 185.228.168.168

Cleanbrowsing IPv6: 2a0d:2a00:1::2 and 2a0d:2a00:2::2

This list will be updated so check back often. 

How to Change Your DNS Settings on Windows 10

While your ISP provides your public DNS for you, you can change your DNS settings to use a public service that can provide better security and performance over that of what your ISP gives.

Check out our list of free public DNS servers here: Public DNS

You can easily update your DNS settings in Windows 10 by launching the control panel and editing your network adapters DNS.

By default, your DNS configuration is set to automatically pull the settings from whatever your ISP provides. To manually set a DNS server in Windows 10, do the following:

1. In the Windows search field at the bottom left, type "Control Panel" and click on the control panel app.

2. In the top right of the window, select "small icons" from the "View By" drop down, and then click on the "Network and Sharing Center"

3. On the next window that opens, on the left, click on the "Change Adapter Settings". This will launch a window which shows all the installed network adapters on your machine

4. Right click on the network adapter you want to set the DNS for and select "Properties". If you are on wireless, select your wifi adapter, if you have a wired connection, choose "Ethernet".

5. With the properties window open, find the option for "Internet Protocol Version 4", highlight it, and then click on the "Properties" button.

5. Here, you will select the radial button, "Use the Following DNS Server Addresses",and set the address to a DNS server of your choosing. 

Note: For the sake of reliability and redundancy, it is recommended you set the preferred and alternate DNS servers to ones provided by separate companies. 

How to Set Network Type in Windows 10 Using PowerShell

There are three default network types Windows will use, which are simply pre-defined firewall configurations. They are "Public", "Private", and "domain". 

When you connect to a network for the first time, Windows will normally ask if you want your computer to be discoverable by other devices on the network and if you select yes, it sets your network type to "private". If you are on public wifi somewhere, and set your network type to the same, your device will not be discoverable on this network (though your traffic will still be susceptible to interception unless it is encrypted). 

Sometimes, you will find that even though you are on a private, hopefully secure network, your network type is still set to "public", preventing you from accessing any network resources (printers, fileshares, etc). 

To easily determine your network type, open a PowerShell window and run the following:

Get-NetworkConnectionProfile

Here, you will find the name of the network you are connected to, whether it is wired or wireless, the network type, and whether the network is using IPv4 or IPv6 addressing. 

If the NetworkCategory is showing as "Public" and you would like to change it to "Private", run the following: 

Set-NetworkConnectionProfile -Name "[wireless network name]" -NetworkCategory Private

How to Simply and Quickly Add Hyper-V to Windows 10

You can easily add the Hyper-V role to Windows 10 by running a simple PowerShell command.

Requirements:
- Windows 10 Professional, Enterprise, or Educational
- 64-bit Processor with Second Level Address Translation (SLAT)
- CPU support for VM Monitor Mode Extension (VT-c on Intel CPUs)
- Minimum 4 GB of RAM

Launch a PowerShell console as administrator by clicking Start > Type "PowerShell" > Right click on the result and select "Run As Administrator".

Once open, simply run the following command:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -ALL

After this is complete, reboot and you are done.

You can view more details on installing the Hyper-V role in Windows 10/11 here!

How to Resolve VSS Writer Errors

What are VSS Writers?

VSS writers are a function of the Volume Shadowcopy Service, a Windows service which allow for backups or snapshots of files or volumes to be made even while locked or in use. Many, if not most, enterprise and mid-level backup solutions on the market these days utilize VSS, so when you find your backups to be failing, it is often due to underlying issues with the Volume Shadow Service. 

When troubleshooting failed backups, one of the first places to look should be at the VSS writers since often times writers that are in a failed state will prevent backups from completing successfully. 

How to view VSS Writers:

To view the list of writers and the active state they are in, pull up a command prompt(as administrator) or PowerShell window and run the following command:

VSSAdmin list writers

This command displays a list of VSS writers and what state they are in. If you find any writers in an error state, you will need to find the corresponding service that it belongs to and restart that service. If the command hangs or does not return any data, this suggest that the VSS service or one of its dependent tasks is in a bad state, causing the VSS audit to fail. 

The writer name corresponds to a Windows service which Microsoft conveniently does not display in the results of the "list writers" command. You can cross reference the writers name with its service in the table below. Once the service is found, restart start it and then rerun the "VSSAdmin list writers" command. If the service is still in an error state or fails to restart, reboot the server. 

VSS Writer	Service Name	Service Display Name
ADAM $instanceName Writer	ADAM_$instanceName	$instanceName
ASR Writer	VSS	Volume Shadow Copy
BITS Writer	BITS	Background Intelligent Transfer Service
Certificate Authority	CertSvc	Active Directory Certificate Services
COM+ REGDB Writer	VSS	Volume Shadow Copy
DFS Replication service writer	DFSR	DFS Replication
DHCP Jet Writer	DHCPServer	DHCP Server
FRS Writer	NtFrs	File Replication
FSRM writer	srmsvc	File Server Resource Manager
IIS Config Writer	AppHostSvc	Application Host Helper Service
IIS Metabase Writer	IISADMIN	IIS Admin Service
Microsoft Exchange Replica Writer	MSExchangeRepl	Microsoft Exchange Replication Service
Microsoft Exchange Writer	MSExchangeIS	Microsoft Exchange Information Store
Microsoft Hyper-V VSS Writer	vmms	Hyper-V Virtual Machine Management
MSMQ Writer (MSMQ)	MSMQ	Message Queuing
MSSearch Service Writer	WSearch	Windows Search
NPS VSS Writer	EventSystem	COM+ Event System
NTDS	NTDS	Active Directory Domain Services
OSearch VSS Writer	OSearch	Office SharePoint Server Search
OSearch14 VSS Writer	OSearch14	SharePoint Server Search 14
OSearch15 VSS Writer	OSearch15	SharePoint Server Search 15
Registry Writer	VSS	Volume Shadow Copy
Shadow Copy Optimization Writer	VSS	Volume Shadow Copy
SharePoint Services Writer	SPWriter	Windows SharePoint Services VSS Writer
SMS Writer	SMS_SITE_VSS_WRITER	SMS_SITE_VSS_WRITER
SPSearch VSS Writer	SPSearch	Windows SharePoint Services Search
SPSearch4 VSS Writer	SPSearch4	SharePoint Foundation Search V4
SqlServerWriter	SQLWriter	SQL Server VSS Writer
System Writer	CryptSvc	Cryptographic Services
TermServLicensing	TermServLicensing	Remote Desktop Licensing
WDS VSS Writer	WDSServer	Windows Deployment Services Server
WIDWriter	WIDWriter	Windows Internal Database VSS Writer
WINS Jet Writer	WINS	Windows Internet Name Service (WINS)
Windows Server Storage VSS Writer	WseStorageSvc	Windows Server Essentials Storage Service
WMI Writer	Winmgmt	Windows Management Instrumentation

For additional information on VSS and what services writers do, check out this article from Microsoft: In-Box VSS Writers

Office 365 - How to set an Automatic Reply / Out of Office via Powershell

At some point, as an Office 365 administrator, it is likely you will be asked to set an automatic reply for someone who forgot to do so themselves. 

You can easily do so via PowerShell by first connecting to the Office 365 Exchange module:

$Credential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.exchange -ConnectionURI https://outlook.office365.com/powershell-liveid/ -Credential $Credential -Authentication Basic -AllowRedirection

Import-PSSession $Session

And once connected run the following command:

Set-MailboxAutoReplyConfiguration -Identity user@contoso.com -AutoReplyState Enabled -ExternalMessage $msg -InternalMessage $msg -ExternalAudience All

$msg = ‘<html><body><div><p>Set Automatic Reply Message Here!</p><p>Next line will go here!</p></div></body></html>’

Once the above command is run, the user@contoso.com account will immediately begin to send automatic replies.

To disable the users Automatic Reply

To disable this users Automatic Reply, run the following:

Set-MailboxAutoReplyConfiguration -Identity user@contoso.com -AutoReplyState Disabled

Run this command to disable the auto reply as well as clear out the message:

Set-MailboxAutoReplyConfiguration -Identity user@contoso.com -AutoReplyState Disabled -InternalMessage "" -ExternalMessage ""

How to Connect to Office 365 via PowerShell

In this tutorial, we will show how to connect to your Office 365 Exchange via PowerShell.

Prerequisites:

• Account must be a member of the organizations global admin group
• Download and install the following PowerShell modules from Microsoft
• Microsoft Online Services Sign-In Assistant for IT Professionals RTW
• Install the Microsoft Azure Active Directory Module by running the following command within PowerShell:


• Install-Module -Name AzureAD


• If prompted about installing a module from an untrusted repository, type Y and press ENTER.

• Microsoft .Net framework 4.5.X and above

Once the prerequisites have been completed, run the following:

$Credential = Get-Credential

Enter your Office 365 admin credentials and hit OK. This inputs your credentials into a variable named "Credential" and will be called on in the next step. 

Next, enter the following command:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange - ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Credential -Authentication Basic -AllowRedirection

After this command has been run, run the last command: 

Import-PSSession $Session

If this is the first time making an Office365 connection with PowerShell, you will need to set the execution policy:

set-ExecutionPolicy remotesigned

And that is it. To test the connection, simply run the Get Mailbox command:

get-mailbox

It is also a good habit to close your active PowerShell connection. Run this to close the active session: 

Remove-ActiveSession $PSSession