Windows Server 2016–Blacklist Mobile devices on WIFI network

June 21, 2019

Let’s assume you have 2 WIFI networks. 1 for the Office users and 1 for the Guests on a separate VLAN.

Now you don’t want to have all the Office users using there mobile device to log on to the local LAN.

Most challenging is that if you apply MAC address filtering on the Access Point.

It will block the device on both WIFI networks Sad smile

PREQUISITES :

On your DHCP server you need to activate the BLOCK MAC address filtering

Open the DHCP console and enable the DENY LIST using the FILTERS Tab

image

Now you can add the BLOCKED Mac ADDRESSES in the DENY section

image

Tip :

You can also use WILDCARDS like this :

image

Solution :

Windows 2008r2 :

You can use the NETSH command to block MAC addresses on your local LAN.

netsh dhcp server v4 add filter deny 00-0c-29-fe-dd-60 "Mary's PC"

If you need to automate this on a Windows 2008r2 server you need to apply some regular expressions to grab the  MAC address ,-)

Took me more then a day to figure that out how to make it work Sad smile

Windows 2012r2 and higher :

You can use the DHCP Powershell cmdlets

Get-DhcpServerv4Scope -cn YourServer

Set-DhcpServerv4FilterList -ComputerName "YourServer" -Allow $False -Deny $True

Get-DhcpServerv4FilterList

Add-DhcpServerv4Filter -List Allow -MacAddress "F0-DE-F1-7A-00-5E" -Description "Laptop 09"

Remove-DhcpServerv4Filter -MacAddress "F0-DE-F1-7A-00-5E","F0-DE-F1-7A-00-5E"

See also here how to build a Blacklist for PUBLIC IP addresses.

Enjoy !

Advertisements

Windows 2016 – How to Blacklist Public IP Addresses, Alert Event ID 20271

June 21, 2019

If you notice unauthorised attacks on you network in your event viewer Event ID 20271 Remote Access

image

image

 

SOLUTION :

Create a BLACKLIST rule using Windows Firewall

Open Windows Firewall with Advanced Security by running wf.msc

On the left, select Inbound Rules, then under the Action menu, choose New Rule

On the Rule Type page, choose Custom.

image
On Program, choose “All programs”

image
On Protocol and Ports, leave the default of Any

image
On Scope, select “These IP addresses” in the remote addresses section and add the problematic IP address in the Add dialog

image
On Action, choose “Block the connection”

image

On Profile, leave the defaults of everything checked.

image

Finally, on Name give the rule a name like “Blacklisting”, and optionally a description.

image

 

See here on how to automate this using PowerShell Event Viewer Scanning & Firewall rules

1. First check if the DENY property is set on your DHCP server

Get-DhcpServerv4FilterList

image

If not you can activate it like this

Set-DhcpServerv4FilterList -ComputerName "YourDHCPServer" -Allow $False -Deny $True

Next you can list all IP’s

Get-DhcpServerv4Filter

And check if they exist as blocked.

image

If you need to add extra you can use this Cmd

Add-DhcpServerv4Filter -List Deny -MacAddress "F0-DE-F1-7A-00-5E" -Description "iphone 09"

 

See here on how to Blacklist based on MAC Address

 

Safety First …

Done !


PowerShell – Report Designer Assembly in a .NET GUI

June 4, 2019

If you need a Report Designer that has all basic functionality needed.

And can connect to multiple Data Sources…

image

Print Preview

image

And more …

image

This is the way to go.

Prerequisites :

Download the Assembly from here 

(if you don’t find it there you can email the developer and he will send it over)

Save the Assembly somewhere locally.

SOLUTION :

This script will trigger the GUI that give you full functionality in PowerShell in less then 10 lines of code !

This is because PS can access .NET Assemblies Smile

CLS

Add-Type -AssemblyName System.Windows.Forms
Add-Type -Path "C:\_\Apps\_PowerShell\_GUI Forms\.NET Report Builder\MySql.Data.dll"
Add-Type -Path "C:\_\Apps\_PowerShell\_GUI Forms\.NET Report Builder\ReportDesigner5.dll"


$rd = New-Object ReportDesigner5.Designer


#$rd.Dock = [System.Windows.Forms.DockStyle]::Fill
$rd.ShowDialog()
$rd.ShowProperty()
$rd.ShowReportTree()

image

One TIP : Winking smile

– You also need to run it in PS x86 bit for the moment.

– You need to play around with the ZOOM scalar to get the report visible 

Alternatively you can as well download the EXE  here :

That has the same possibilities if you don’t want to use PS.

image

A new version was released on my request to add SQLite as a data source Smile

image

image

Keep in mind that you need to reference 2 additional Assemblies for this version :

1. QRCoder.dll version 1.3.5

2. SQLIte.dll version 1.0.109

Many thanks the to developer to create this nice Reporting tool and providing the Assembly !

Enjoy !