How to Block Internet Access with Group Policy (GPO)

This how to will show you how to block internet access for a user, users or computer within an Active Directory Group Policy Object.  I’ve tested this on Windows 7 and Windows 10 and it works great!

There are plenty of tutorials out there detailing a way to block access is via enforcing a non-existent proxy. This method will work for some things, but the problem is not all software necessarily uses these settings to connect to the internet and doesn’t necessarily stop a determined user or bad guy.

Continue reading →

Enforcing Microsoft Office 365 and Azure Tennancy with McAfee Web Gateway (MWG)

McAfee Web Gateway (MWG) is a pretty phenominal product, if you’re looking for a commercial web filtering solution then MWG should certainly be something you should investigate.  If however you already have a MWG and are looking at a rule base to make sure that your users can only logon to your approved Microsoft Office 365 domains then read on.

Microsoft Office 365 (O365) is a pretty phenominal product, if you’re looking for a collaboration system then O365 should be something you should investigate.  If however you want to make sure that only your organisation can log on to O365 via your network then read on.

Continue reading →

Scanning Subnet for Issuing Certificate Authority with OpenSSL

I was asked a question if there was an easy way to scan an entire subnet and display not the certificate of each device or service but the certificate authority which provided it.  I thought there has to be a relatively easy way of doing so, and here it is!  This is a relatively simple solution and doesn’t take account of things like SNI.  If you need SNI support you will have to tweak the code below and probably include the -servername switch in the initial s_client line.  Drop a comment below if you want a help with this.

Continue reading →

How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi

In a corporate environment shared key encryption is rarely used due to the problems associated with distributing the appropriate keys. In the corporate wireless world many organisations prefer to use 802.1x or Radius authentication so that their users can log on to the wireless networks with their domain credentials.

I was recently asked to set up just s system with Unifi access points and controllers on Windows Server 2012 with Microsofts own Radius solution NPS (or Network Policy Server) and 802.1x. There is plenty of information out there but I found that some of it was out of date and others were missing some fairly key components. So I present this tutorial to hopefully helps others get this up and running as quickly as possible.

Continue reading →

Steam & Valve IP Ranges

After spending a fair amount of time trying to find the IP subnets which Steam uses I came up a blank, so I went to Arin.

Continue reading →