Visit AudioBookBay for audio books.
Thursday, March 19, 2026
Monday, March 2, 2026
Basic Principles of Frequency Modulation (1944)
War Department video on why the military needs FM instead of AM.
Windows Activation Script. Activate Windows! Or Office! (I think)
irm https://get.activated.win | iex
Surprisingly, not some kind of hack. Microsoft even links to it on their own DevOps
Ref: https://dev.azure.com/massgrave/_git/Microsoft-Activation-Scripts
Tuesday, February 10, 2026
AdminDroid LDAP Explorer
Use Admindroid LDAP Explorer to explore Active Directory (AD). Free.
https://admindroid.com/admindroid-ldap-explorer
Thursday, December 18, 2025
DNS Lockdown on Unifi UDM Pro and AD
DNS Lockdown on Unifi UDM Pro and AD
Block DNS over HTTPS and force use of UDM-defined DNS server exclusively
Updated 19-Dec-2025. Version: Unifi OS 4.4.6, Network 10.0.162
Part 1. Unifi Configuration
Step 1: Cybersecure settings
Cybersecure > Protection
Encrypted DNS: Predefined
Select Cloudflare-family and NextDNS
Cybersecure > Traffic Logging
Flow Logging: All
Check Gateway DNS
Check Unifi Services
Cybersecure > Content Filter
Select Default Content Filter
To the Blocklist, add these domains:
edge.microsoft.com
dns.google
chrome.cloudflare-dns.com
doh.opendns.com
cloudflare-dns.com
mozilla.cloudflare-dns.com
dns.quad9.net
Step 2: Create List of domains to block
Settings > Overview > Network Lists
Name: DoH Bypass IPs
Add these addresses:
1.1.1.1
1.0.0.1
1.1.1.2
1.0.0.2
1.1.1.3
1.0.0.3
8.8.8.8
8.8.4.4
208.67.222.222
208.67.220.220
9.9.9.9
149.112.112.112
Step 3: Firewall Rules
Settings > Policy Table
1. Block QUIC
Source: Internal/Any
Action: Block
Destination: External/Any/Port=HTTPS (443)
IP Version=Both, Protocol=UDP
2. Block Port 853 (DNS over TLS)
Source: Internal/Any
Action: Block
Dest: Any
Port: Specific: DNS-TLS (853)
IP: Both
Protocol: All
3. Block IPv6 Out
Source: Internal/Any
Action: Block
Dest: External/Any
Port: Any
IP Version: IPv6
4. Block Canary Domain
Source: Internal/Any
Action: Block
Dest: Domain
Domain name: use-application-dns.net
Port: Any
5. Block DoH Providers
Source: Internal/Any
Action: Block
Dest: External / IP / List (select list of IPs you created above)
Port: Any
6. Allow ICMP Ping (so can still ping 8.8.8.8 for testing)
Source: Internal/Any
Action: Allow
Dest: Any
IP Version: IPv4
Protocol: Custom / ICMP / Any
Part 2. Group Policy / AD Configuration. Disable DoH in Edge.
Step 1: Login to your DC and quit GPMC
Step 2: Get Edge Admin templates for AD and install on your DC
Go to the Edge for Business Page.
Scroll down to the "Windows 64-bit" download button.
Under that, click on the "Download Windows 64-bit policy"
It is a .cab file. Open it. Inside is a .zip file. Open that.
Put the .admx files in C:\Windows\PolicyDefinitions. If you have more than one DC, Google where to put the files so all of your DCs can find them.
Put the .adml files in C:\Windows\PolicyDefinitions\en-US
Step 3: Start GPMC
Create a new policy, named "Block DNS over HTTPS"Go to Computer config > Policies > Administrative Templates > Microsoft Edge
Control the Mode of DNS-over-HTTPS: Enabled / "Disable DNS-over-HTTPS"
Part 3: Test
Go to https://test.nextdns.io (should not show anything about DoH)
Go to https://1.1.1.1/help (should fail completely)
Thursday, November 27, 2025
MSP Open Service Initiative, OpenUEM, and MeshCentral
The Open Service Initiative is all about providing TRULY free, open-source, tools and complete platforms to MSPs. AGPLv3, MIT, and Apache 2 licensed tooling.
OpenUEM is an Open-Source Unified Endpoint Manager that is multi-tenant, self-hosted and lets you manage your IT assets thanks to its agents
The open source, multi-platform, self-hosted, feature packed web site for remote device management.
Penpot open source website prototyping
Penpot is the open source alternative to Figma. (Figma is a cloud-based design and prototyping tool for websites)
Subscribe to:
Comments (Atom)