System Administrator command line shortcuts to popular Microsoft Management Consoles (MMCs).

Admin Snap-inCommandCategory

The commands above can be entered from START ➞ Run, or from the command line.
Availability will vary by OS and by the features installed.

“I don’t do anything in order to cause trouble. It just so happens that what I do naturally causes trouble.
 I'm proud to be a troublemaker” ~ Sinead O'Connor

Related commands

How-to: ms-settings - Shortcuts to settings.
How-to: Run Commands
How-to: Keyboard shortcuts For CMD, PowerShell and Windows.

사용자 지정 Active Directory 특성 만들기

기존 특성을 사용할 수 없는 사용자 지정 Active Directory 특성을 만드는 방법에 대해 설명합니다. 예를 들어 사용자의 "메디케어 카드 번호"를 보유할 속성을 만듭니다.

 

사용자 지정 특성을 추가하려면 스키마 관리자 및 엔터프라이즈 관리자 그룹의 구성원이어야 하는 AD 스키마의 수정이 포함됩니다. 기본적으로 관리자 계정은 스키마 관리자 그룹의 구성원입니다.

또는 스키마를 확장하는 대신 스키마를 확장하지 않고 사용자 지정 데이터를 저장하는 데 사용할 수 있는 ExtensionAttribute1부터 ExtensionAttribute15까지의 기존 특성이 있습니다.

사용자 속성의 속성 편집기 탭을 통해 사용자 개체 속성을 볼 수 있습니다.

스키마에 속성을 추가하기 전에 기본적으로 Active Directory 스키마는 관리 콘솔에서 사용할 수 없으므로 스키마 스냅인을 등록해야합니다.

• 시작 > 실행 >mmc로 이동합니다.

• 파일 열기 > 스냅인 추가/제거를 엽니다.

 

• "활성 디렉토리 스키마"가 없음을 알 수 있습니다.

• 스키마 스냅인을 등록하려면 실행 텍스트 상자에 RegSvr32 SchmMgmt.dll를 입력하고 확인을 누릅니다.

• SchmMgmt.dll 등록에 성공하면 Windows에 정보 메시지 상자가 표시됩니다.

 

• 스키마 스냅인을 엽니다. 시작 > 실행 > mmc.exe > 파일 >스냅인 추가/제거 >Active Directory 스키마 > 추가

• Active Directory 스키마를 확장하고 특성을 마우스 오른쪽 단추로 클릭한 다음 "특성 만들기.."를 클릭합니다.

• 계속을 클릭하면 스키마 개체 생성 경고 메시지가 표시됩니다.

다음 단계를 진행하려면 고유 X500 개체 ID 필드에 대한 OID(개체 식별자)를 생성해야 합니다.
PowerShell 또는 VBScript를 사용하여 OID를 생성할 수 있습니다.

PowerShell을 사용하여 OID 생성(Microsoft Link):

Windows PowerShell > Windows PowerShell
> 모든 프로그램 > 액세서리 >시작 시작으로 이동하여 PowerShell 창에 다음 문을 복사하여 붙여넣습니다.

#---
$Prefix="1.2.840.113556.1.8000.2554"
$GUID=[System.Guid]::NewGuid(). ToString() $Parts=@()

$Parts+=[UInt64]::P arse($guid. SubString(0,4),"AllowHexSpecifier")
$Parts+=[UInt64]::P arse($guid. SubString(4,4),"AllowHexSpecifier")
$Parts+=[UInt64]::P arse($guid. SubString(9,4),"AllowHexSpecifier")
$Parts+=[UInt64]::P arse($guid. SubString(14,4),"AllowHexSpecifier")
$Parts+=[UInt64]::P arse($guid. SubString(19,4),"AllowHexSpecifier")
$Parts+=[UInt64]::P arse($guid. SubString(24,6),"AllowHexSpecifier")
$Parts+=[UInt64]::P arse($guid. SubString(30,6),"AllowHexSpecifier")
$OID=[String]::Format("{0}.{ 1}. {2}. {3}. {4}. {5}. {6}. {7}",$prefix,$Parts[0],$Parts[1],$Parts[2],$Parts[3],$Parts[4],$Parts[5],$Parts[6])
$oid
#---

OID 문자열(점으로 구분된 숫자 문자열)을 복사하여 고유한 X500 개체 ID 필드에 붙여넣습니다.

VBScript (마이크로 소프트 링크)를 사용하여 OID 생성 :
웹 브라우저에서 다음 링크를 열고 VB 스크립트 코드를 복사하여 메모장에 붙여 넣습니다.

 

http://gallery.technet.microsoft.com/scriptcenter/56b78004-40d0-41cf-b95e-6e795b2e8a06

C: 드라이브에

"OIDGen.vbs"(큰따옴표로 묶음, 그렇지 않으면 접미사 .txt .vbs 뒤에 접미사) 이름으로 메모장 파일 저장 명령 프롬프트를 열고이 스크립트를 실행하십시오. 시작 > cmd.exe >> CScript.exe C:\OIDGen.vbs
OID 문자열(점으로 구분된 숫자 문자열)을 복사하여 고유한 X500 개체 ID 필드에 붙여넣습니다.

• 새 속성 만들기 대화 상자에 일반 이름(이 경우 메디케어 번호)을 입력합니다.
• LDAP 표시 이름 필드는 일반 이름(공백 없음)에서 자동으로 채워집니다.
• 이전 단계에서 생성한 OID 문자열을 고유 X500 개체 ID 필드에 붙여넣습니다.
• 텍스트 상자에 설명을 씁니다.
• 드롭다운 목록에서 적절한 구문을 선택하여 속성 유형(이 경우 Medicare 번호는 숫자 값)을 선택합니다. 이것은 다른 유형일 수 있으며 각 특성의 사용법에 따라 다릅니다)
• 확인을 클릭합니다.

사용자 지정 속성 medicareNumber가 생성됩니다.

• 이제 이 새 특성을 User 클래스에 추가/연결합니다. 클래스 리프로 이동하여 사용자 클래스를 선택합니다.
• 사용자를 마우스 오른쪽 버튼으로 클릭하고 속성을 클릭합니다.

• 속성 탭으로 이동합니다. 추가를 클릭합니다.

• 메디케어넘버 속성을 찾아 확인을 클릭한 후 다시 확인을 클릭합니다.

• 특성이 User와 연결되었는지 확인하려면 User, 속성을 마우스 오른쪽 단추로 클릭하고 속성 탭으로 이동합니다. medicareNumber 속성은 선택적 속성 목록에 있어야 합니다.

이것으로 사용자 지정 특성 만들기가 완료됩니다.

사용자 및 컴퓨터 스냅인을 열고 사용자 지정 특성에 대한 사용자 속성을 확인합니다.


이 속성의 값은 편집 버튼을 클릭하고 적절한 값을 입력하여 설정할 수 있습니다.


메디케어 카드 번호가 설정된 모든 사용자를 보려면 다음 명령줄 문을 실행할 수 있습니다.

DSQuery * -Filter (medicareNumber=*) -Attr Name, medicareNumber

끝.

So you’ve got some DNS Zones on your Domain Controllers and you’re building a test lab or another domain that you want to copy these to. Easy right – not so easy if they are AD integrated zones. This means the files for these zones are not stored in C:\Windows\System32\dns an normal, they are actually stored and replicated to all DCs inside AD.

I had a requirement to move an integrated forward lookup zone from one domain to another so I’m sharing what I did below.

Logon to your DC with the integrated zone and fireup our friend Powershell.

Get-DNSServerZone

You’ll see your zones listed out.

You’ll see here which zones are integrated and which are not.

The ZoneName column is key for the next bit, make a note of the ZoneName you want to export.

Export-DNSServerZone -Name <ZoneName from the above> -Filename <Yourzone.dns>

There’s no confirmation for this command, but this will export the zone to a file that can be resuable.

Open up C:\Windows\System32\dns in explorer.

You’ll see here you DNS zone file. Take a copy of this and place it somewhere.

Log in to your new DNS server where the zone will be imported.

Open up C:\Windows\System32\dns in explorer and copy the file you just exported into this folder.

Now open the DNZ Management Console.

Right click “Forward Lookup Zones” and select “New Zone”, Select “Next” to get started.

Select the zone type and remember to untick the “Store the zone in Active Directory” option.

I know, I know, we want it to be in AD; don’t worry. It will still be once we are done.

Select “Next”.

Populate the Zone Name and select “Next”.

Select “Use the existing file” and enter the name of the file you copied into “C:\Windows\System32\dns”, select “Next”.

Select “Next” on the dynamic update options. Note: The secure option will be available once we convert this zone to an AD integrated zone.

The zone should now appear fully populated in the DNS console. Now time to convert this zone back to an AD integrated zone.

Right click the zone and select “Properties”.

Select “Change” on the right of “Type”.

You might recognise this screen, Select “Store the zone in Active Directory” and click “OK”. Confirm you want to move the zone to AD.

You now have the option to change the dynamic updates to this zone, select as per your preference.

This wraps up the zone import, the whole process could be easily scripted with Powershell. Happy to take a crack at it if anyone is interested.

Create A Send Connector

The fresh exchange server installation will not have a connector send email to an internet email address. We need to create one to do so. Here are the how-to steps to create a send connector using the Exchange admin center. Login to Exchange Admin Center and goto MailflowàSend Connector. Click Add or + sign on top of the icons.

The New Send Connector wizard will open. Type a descriptive name and select Internet as type.

As we are going to send emails to internet users straight from the exchange server, we are going to select an MX record associated with the recipient domain and click Next.

Add address space, click + sign on the address space commands.

Type * in the FQDN column and click save.

Once the address space has been saved, click next.

On the Source Server, click + sign to add the only server we just installed.

Add the Exchange Server and click OK

We have completed Creating Send connector, click Finish to close the wizard.

Configure Virtual Directories

Exchange Server 2019 Installation and Configuration

We are going to configure virtual directories such as OWA, ActiveSync, and so on with the internal and external URLs using Exchange Management Shel. You can navigate to StartàMicrosoft Exchange Server from the Menu and right-click the Exchange Management shell and choose to run as Administrator to open elevated Shell to configure Virtual Directories.

The following script will set the virtual directories of each feature. We need to specify the Server_Name and FQDN variables relevant to our Exchange Server name and external domain name.

 $Server_name = "ex"
 $FQDN = "mail.mrigotechno.club"
 Get-OWAVirtualDirectory -Server $Server_name | Set-OWAVirtualDirectory -InternalURL "https://$($FQDN)/owa" -ExternalURL "https://$($FQDN)/owa"
 Get-ECPVirtualDirectory -Server $Server_name | Set-ECPVirtualDirectory -InternalURL "https://$($FQDN)/ecp" -ExternalURL   "https://$($FQDN)/ecp"
 Get-OABVirtualDirectory -Server $Server_name | Set-OABVirtualDirectory -InternalURL "https://$($FQDN)/oab" -ExternalURL   "https://$($FQDN)/oab"
 Get-ActiveSyncVirtualDirectory -Server $Server_name | Set-ActiveSyncVirtualDirectory -InternalURL "https://$($FQDN)/Microsoft-Server-ActiveSync" -ExternalURL "https://$($FQDN)/Microsoft-Server-ActiveSync"
 Get-WebServicesVirtualDirectory -Server $Server_name | Set-WebServicesVirtualDirectory -InternalURL "https://$($FQDN)/EWS/Exchange.asmx" -ExternalURL "https://$($FQDN)/EWS/Exchange.asmx"
 Get-MapiVirtualDirectory -Server $Server_name | Set-MapiVirtualDirectory -InternalURL "https://$($FQDN)/mapi" -ExternalURL https://$($FQDN)/mapi 

You would see the Exchange Management Shell as shown in the below out after you copy and paste the script to the EMS.

Configure Outlook Anywhere

To Outlook Clients access from internal and external networks, we need to configure Outlook anywhere from the Servers/Outlook Anywhere settings with the exchange hostname(FQDN) such as mail.comain.com. You can navigate to Outlook Anywhere settings, as shown in the steps on the image.

Click OK to the Warning to Negotiate client authentication.

Set Service Connection Point

Exchange Server 2019 Installation and Configuration

The next step is to set the Autodiscover internal URI for internal outlook clients to get the Autodiscover details from the active directory. The Autodiscover internal URI will set the Service Connection Point(SCP) on the Active Directory.

Set-ClientAccessService -Identity ex -AutodiscoverServiceInternalURI  https://mail.mrigotechno.club/Autodiscover/Autodiscover.xml

Rename default database and move database path

Move mailbox database path to separate disk for database and transactional log files to recover the database quickly in case of disk failure. I have mentioned C: drive where you can substitute with a relevant drive letter with the command below.

Get-MailboxDatabase -Server ex | Set-MailboxDatabase -Name MBX-DB-2019
Move-DatabasePath -Identity MBX-DB-2019 -EdbFilePath C:\ExchangeDatabases\MBX-DB-2019\MBX-DB-2019.EDB -LogFolderPath C:\ExchangeDatabases\MBX-DB-2019_Log

Install Certificate

We are going to create a Certificate Signing Request(CSR) on the Exchange Admin Center and install the certificate for the services like IIS, SMTP, and so on. Login to Exchange Admin Center and go to ServersàCertificate to create certificate signing request (CSR) file to generate a certificate from third-party Certification Authority (CA) like Verisign or GoDaddy.

The Certificate Signing certificate must be created by clicking the + sign on the Certificate tab.  Select “Create a request for a certificate from a Certification Authority” and click Next.

Type a friendly name of the certificate and click Next.

We are going to request a Subject Alternative Name (SAN) certificate, so leave the default and click Next.

The request has to be saved on the Exchange server, click browse and select the only exchange server and click ok.

The exchange server has been selected click Next.

We skip this page, and we are going to create a request with some names where we can specify names on the list. Click Next.

Select only the FQDN that we used on the virtual directories and Outlook Anywhere. As you know, we provided the name mail.mrigotechno.club, alongside we need to add the name for Autodiscover, the subject name will be Autodiscover.mrigotechno.club, remove other local hostnames.

The local hostnames are removed and added only FQDN And autodiscover hostnames, click Next.

Type information about your organization and click Next.

Save the request in a file, type the UNC path, and click Next.

The Certificate Request has been created and using the CSR file, and we need to generate a Certificate from a third-party certification authority. Once certificates are received, come back to the Certificate tab on the Exchange Admin Center and select the request entry and click Complete to apply the Certificate.

Type the UNC path of the certificate received from the CA and click ok.

The next step is to assign services to the certificate, open the certificate entry on the EAC, and check the hostnames.

Go to Services on the same window select the services you want this certificate to use IIS and SMTP are selected generally, but if you wish to use IMAP and POP to use the certificate or these services are enabled, select them and click Save.

Click Yes to the confirmation message, and you would see valid in the Certificate Status.

Conclusion

In this article, we have discussed how to Install Exchange Server 2019 using Graphical User Interface and configured the server using the Exchange Admin Center and Exchange Management Shell. In my other three-part article, I have demonstrated how to migrate Exchange Server 2013 to Exchange Server 2019. I have added the link to those articles below. If you are interested in knowing how to install Exchange Server using the Command line, that article covers the installation process. You may have some questions or feedback to share with me, please click the comments below and share your thoughts. I’m so happy to answer your questions.

Preface

In this article, we are going to immerse the installation of Exchange Server 2019 and configure some of the exchange components such as Virtual Directories, Outlook anywhere, etc. This article will cover how to Install and Configure Exchange Server 2019 using  GUI.

I have already created a three-part article for the Migrating Exchange server 2013 to Exchange Server 2019 Installation and Configuration covered in that. It was installed using the command line interface, and most of the admins prefer the Graphical User Interface method to Install and Configure Exchange Server. Having that in mind, I have created this new article for the Exchange admins using GUI. Even though we have demonstrated the Exchange Server 2019 installation in those article series, configuring the Exchange server in the new Exchange Organization is somewhat different from configuring Exchange Server in an existing organization.

Also, this article will cover a complete configuration for a necessary Exchange Server deployment. This article will assume you have a Domain Controller up and running on your network, and you are going to install the Exchange Server 2019 on the active directory environment. If you are doing this installation on no Domain controller installed on the network or Test network, I would recommend installing a domain controller using my other article before installing the Exchange Server 2019. I also recommend going through this Microsoft link if you want to know all the Active Directory schema changes when you install Exchange Server 2019 on your Active Directory environment. You are advised to go through the complete document before starting the installation that way, and you will not get stuck on any step when you are trying to do Install and Configuring Exchange Server 2019. We are going to do the following tasks on Installing and Configuring Exchange Server 2019.

1. Install Exchange Server Pre-requisite
2. Install Exchange Server 2019 using GUI
3. Create new outbound send connector to send emails to internet email
4. Configure Virtual Directories
5. Configure Outlook Anywhere
6. Set Service Connection Point
7. Rename default database and move database path
8. Install Certificate

Pre-requisite to Install and Configure Exchange Server

The Windows Server 2019 has to be prepared and installed with Exchange Server 2019 Pre-requisites installing the Exchange Servers binaries.

The following Windows Server packages need to be installed before installing Exchange 2019 Server

.NET Framework 4.8
Visual C++ Redistributable Package for Visual Studio 2013
Unified Communications Managed API 4.0
Windows feature

Install .NET Framework 4.8

The .Net Framework 4.8 is required to install as a prerequisite software package. The package needs to be downloaded from the link below.

https://go.microsoft.com/fwlink/?linkid=2088631

Exchange Server 2019 Installation and Configuration

Once the offline installer has been downloaded, right-click the package and run it as an administrator to install it on the server.

Check the license agreement checkbox and click install.

Click Finish to complete the installation.

Install Visual C++ Redistributable Package for Visual Studio 2013

The next pre-requisite to install on the server is Visual C++ redistributable package for visual studio 2013. You can download this package from the link below, choose the language that you are planning to install on the server.

https://support.microsoft.com/en-in/help/4032938/update-for-visual-c-2013-redistributable-package

Once the package has been downloaded, right-click the downloaded file and run as administrator.

Accept the license and click Install to install the package.

Click close when the install completes.

Install Unified Communications Managed API 4.0

The next pre-requisite package we are going to install on the server is Micrsft Unified Communications managed API 4.0 runtime setup. Download the package from the below link.

https://www.microsoft.com/en-us/download/details.aspx?id=34992

Once the package is downloaded, run it as an administrator to begin the installation. Click Next to continue.

Click Install to install the package and click Finish when the install is over.

Exchange Server 2019 Installation and Configuration

Install Windows Feature

The next pre-requisite is Windows Server features installation. Open a Powershell window as administrator and run the following commands once the installation of features is completed do a restart of the Windows Operating System.

Install-WindowsFeature Server-Media-Foundation, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS 

Install and Configure Exchange Server

Exchange Server 2019 Installation and Configuration

Open the Exchange server installation media and double click the setup.exe to start the installation. Select Connect to the Internet and check for update and click Next.

On the next screen, the installation wizard will try to download the updates If there is any from the Microsoft update server. Click Next to continue.

Go through the introduction and click next to continue the wizard.

Accept the license agreement and click next to continue.

Select Use Recommended Settings and click Next.

Select the server role, this demonstration for Exchange server Mailbox role, select Mailbox role, and the management tools checkbox will be automatically selected. Also, check Automatically install roles and features and click Next.

Select the Drive where the exchange server to be installed. In most cases, it would be on the Drive other than System Drive. I have left the installation path as-is for this demonstration. But you can choose a drive and path as you want.

Specify an Organization name. In this case, I leave it to default. Click Next.

If you are planning to use some third party Malware Protection, you can select to disable Malware Protection. If you want to use the Exchange server inbuilt one, select Disable malware protection to No and click Next.

The install wizard will start Readiness Check, wait for that to complete and check if you have received an error message.

If there is any error, act on that error and rectify that and then restart the Exchange Server Installation. If you have followed these installation steps, most probably, you won’t have any error. Click Install to start the installation.

Exchange Server 2019 Installation and Configuration

The Setup will start, and you can monitor the progress along the way, it would take some time to complete. Be patient and wait for the setup to complete.

The Setup is in progress and may take some more time to complete.

Exchange Server Setup is complete, select launch Exchange Administration Center, and click Finish.

Exchange Admin Center or Exchange Control panel is the web console where is Exchange Server is configured or managed. This console can be accessed initially with the web URL https://localhost/ecp

The login screen is shown in the image below, where the administrator can log in to get the full admin access console with username as domain\username and password.

OverviewPermalink

SSL(Secure Sockets Layer)은 클라이언트와 서버간의 통신을 제3자가 보증해주는 전자화된 문서입니다.

클라이언트가 서버에 접속한 직후, 서버는 클라이언트에게 해당 인증서 정보를 전달하고, 클라이언트는 받은 인증서 정보가 신뢰할 수 있는지 검증한 이후에 안전한 연결을 할 수 있게 됩니다.

현재 인터넷 연결은 HTTPS로 연결하는 것을 권장하고있습니다. HTTPS는 SSL위에서 돌아가는 프로토콜 중 하나이기때문에 HTTPS로 데이터 전송을 하려면 SSL이 제공하는 데이터 보안이 반드시 필요합니다.

이번 문서에서는 공인된 ssl을 무료로 발급받을 수 있는 방법에 대해서 기술하겠습니다.

ZeroSSLPermalink

90일간의 SSL인증서를 3개까지 무료로 발급해주는 사이트입니다.

보통 1년 2년 단위로 발급받는 유료 인증서에 비해 90일이라는 짧은 기간이긴 하지만 무료로 사용할 수 있다는게 큰 장점인것 같습니다.

ZeroSSL 무료 인증서 :

• 90일
• 3개까지 생성가능
• wildcard인증서 안됨

SSL발급받기Permalink

회원가입 후, Dashboard에서 New Certificate 버튼을 클릭합니다.

그 다음, ssl발급을 원하는 도메인을 기입합니다. 이때 와일드카드는 선택하지 않도록 합니다. (와일드 카드는 유료플랜)

다음 90일 certificate를 선택해줍니다.

넥스트를 한 후 이제 도메인이 유효한 도메인인지 검증을 해야합니다.

방법은 위와 같이 3가지 방법이 있습니다.

1. Email Verification
   • DNS에 작성된 메일서버(관리자용)로 메일발송 및 검증
2. DNS(CNAME)
   • DNS에 zerossl에서 주는 CNAME레코드를 추가하는걸로 검증
3. HTTP File Upload
   • zerossl에서 원하는 파일경로에 파일을 업로드시키고 다운로드 가능하게 설정하는걸로 검증

이중에서 저는 2번방법을 써서 검증해보겠습니다.

가지고 있는 DNS의 레코드에 zerossl에서 주는 CNAME레코드를 추가해줍니다.
주의해야할 점은, Name부분의 도메인은 떼고 넣어주셔야 합니다.

ex)
_038AB2F4959BEF94DBE168E1C9A95716.registry.gru.hololy-dev.com 이렇게 있으면 뒤에 hololy-dev.com은 떼고
_038AB2F4959BEF94DBE168E1C9A95716.registry.gru 만 적으면 됨.

레코드를 추가해주고 외부에서 nslookup같은 도구로 제대로 추가되었는지 확인해주겠습니다.
nslookup은 기본적으로 A레코드를 찾기 때문에 set type=CNAME을 해줘 CNAME레코드를 찾게 설정해주어야 합니다.

target url이 정상적으로 출력되었다면 Validation을 해주고 인증서를 받으시면 됩니다.

마지막으로 ssl 설치를 체크하는 부분이 있는데, 이부분은 그냥 넘어가셔도 됩니다.

[Windows] Event Log를 필터링하기(XML을 통한 Custom View생성)

1. 보안 이벤트에서 이벤트 ID 5061과 로그인 사용자가 gmkim 혹은 mani4u 값으로 조회, 24시간 이내 값만

<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">
*[System[(EventID=5061) and TimeCreated[timediff(@SystemTime) &lt;= 86400000]]]
and
*[EventData[Data[@Name='SubjectUserName'] and (Data='gmkim'  or Data='test9')]] 
</Select>
  </Query>
</QueryList>

2. 모든 스키마에서 검색 데이터 값이 있으면 모두 쿼리

<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">
*[EventData[Data and (Data="gmkim" or Data="mani4u")]]
</Select>
  </Query>
</QueryList>

Advanced XML filtering in the Windows Event Viewer | Microsoft Learn

WMI Reset 배치 파일

스크립트를 bat 파일로 만들어서 실행시키면 초기화된다. 

조건에 따른 쿼리문 종류는 다음과 같습니다.
Collection으로 지정은 PC 혹은 사용자를 대상으로 다양한 조건으로 생성이 가능합니다.
그 중에서 PC이름, IP주소, 사용자ID, OU(Organization Unit) 단위로 생성하는 쿼리는 알아보겠습니다.


PC이름

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where name in ("PC이름")

IP주소

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where IPSubnets in ("10.177.210.0")

사용자ID

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where lastlogonusername in ("userid")

OU(Organization Unit)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemOUName = "OU Path"

상기 Query 외에 전체 Collection 중에서 SC agent가 미설치된 PC만을 선별할 수 있다.

 미설치된 PC 수집

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Client is null