War Department video on why the military needs FM instead of AM.
Monday, March 2, 2026
Windows Activation Script. Activate Windows! Or Office! (I think)
irm https://get.activated.win | iex
Surprisingly, not some kind of hack. Microsoft even links to it on their own DevOps
Ref: https://dev.azure.com/massgrave/_git/Microsoft-Activation-Scripts
Tuesday, February 10, 2026
AdminDroid LDAP Explorer
Use Admindroid LDAP Explorer to explore Active Directory (AD). Free.
https://admindroid.com/admindroid-ldap-explorer
Thursday, December 18, 2025
DNS Lockdown on Unifi UDM Pro and AD
DNS Lockdown on Unifi UDM Pro and AD
Block DNS over HTTPS and force use of UDM-defined DNS server exclusively
Updated 19-Dec-2025. Version: Unifi OS 4.4.6, Network 10.0.162
Part 1. Unifi Configuration
Step 1: Cybersecure settings
Cybersecure > Protection
Encrypted DNS: Predefined
Select Cloudflare-family and NextDNS
Cybersecure > Traffic Logging
Flow Logging: All
Check Gateway DNS
Check Unifi Services
Cybersecure > Content Filter
Select Default Content Filter
To the Blocklist, add these domains:
edge.microsoft.com
dns.google
chrome.cloudflare-dns.com
doh.opendns.com
cloudflare-dns.com
mozilla.cloudflare-dns.com
dns.quad9.net
Step 2: Create List of domains to block
Settings > Overview > Network Lists
Name: DoH Bypass IPs
Add these addresses:
1.1.1.1
1.0.0.1
1.1.1.2
1.0.0.2
1.1.1.3
1.0.0.3
8.8.8.8
8.8.4.4
208.67.222.222
208.67.220.220
9.9.9.9
149.112.112.112
Step 3: Firewall Rules
Settings > Policy Table
1. Block QUIC
Source: Internal/Any
Action: Block
Destination: External/Any/Port=HTTPS (443)
IP Version=Both, Protocol=UDP
2. Block Port 853 (DNS over TLS)
Source: Internal/Any
Action: Block
Dest: Any
Port: Specific: DNS-TLS (853)
IP: Both
Protocol: All
3. Block IPv6 Out
Source: Internal/Any
Action: Block
Dest: External/Any
Port: Any
IP Version: IPv6
4. Block Canary Domain
Source: Internal/Any
Action: Block
Dest: Domain
Domain name: use-application-dns.net
Port: Any
5. Block DoH Providers
Source: Internal/Any
Action: Block
Dest: External / IP / List (select list of IPs you created above)
Port: Any
6. Allow ICMP Ping (so can still ping 8.8.8.8 for testing)
Source: Internal/Any
Action: Allow
Dest: Any
IP Version: IPv4
Protocol: Custom / ICMP / Any
Part 2. Group Policy / AD Configuration. Disable DoH in Edge.
Step 1: Login to your DC and quit GPMC
Step 2: Get Edge Admin templates for AD and install on your DC
Go to the Edge for Business Page.
Scroll down to the "Windows 64-bit" download button.
Under that, click on the "Download Windows 64-bit policy"
It is a .cab file. Open it. Inside is a .zip file. Open that.
Put the .admx files in C:\Windows\PolicyDefinitions. If you have more than one DC, Google where to put the files so all of your DCs can find them.
Put the .adml files in C:\Windows\PolicyDefinitions\en-US
Step 3: Start GPMC
Create a new policy, named "Block DNS over HTTPS"Go to Computer config > Policies > Administrative Templates > Microsoft Edge
Control the Mode of DNS-over-HTTPS: Enabled / "Disable DNS-over-HTTPS"
Part 3: Test
Go to https://test.nextdns.io (should not show anything about DoH)
Go to https://1.1.1.1/help (should fail completely)
Thursday, November 27, 2025
MSP Open Service Initiative, OpenUEM, and MeshCentral
The Open Service Initiative is all about providing TRULY free, open-source, tools and complete platforms to MSPs. AGPLv3, MIT, and Apache 2 licensed tooling.
OpenUEM is an Open-Source Unified Endpoint Manager that is multi-tenant, self-hosted and lets you manage your IT assets thanks to its agents
The open source, multi-platform, self-hosted, feature packed web site for remote device management.
Penpot open source website prototyping
Penpot is the open source alternative to Figma. (Figma is a cloud-based design and prototyping tool for websites)
Thursday, October 23, 2025
Video editing Software
IVS Edit has a free and pro version. The Free version is feature-rich and probably enough for most people.
Subscribe to:
Comments (Atom)