Sophos destination NAT

Hi mates,
I had, few days ago, a particular request : a customer asked me to NAT RDP connection to a custom/specific/non standard port.
This customer has a very good product named Sophos UTM Firewall (version 9.3XX).
I worked with Sophos when it was Astaro....for several years, and my 20-25 customers were fully satisfied.
Anyway......it's easy as you can imagine but I would like to share the steps....maybe tomorrow you have to replicate this and you are too tired to think....you want only to follow (someday could happen)
In particular the customer's IT Dept. decided to change the default RDP port (and also SSH) from 3389 to 33389.

Powershell manage local users and group, nest domain users with domain group and local computer admins

Hi mates,
few months ago one of my customer told me :
"I need to clean a lot of servers in terms of local administrators group. At the sametime I would like to change the method to manage local administrators.....is it possbile to create one group for each single server so I can manage members from AD ?
And what we can do for the current situation ? Is it possible to clean without creating issue ? "
Effectively there were a lot of external partner's account inside these local groups, additionally there were a lot of internal application guys username
Anyway what I needed to do is well explained inside the script.....so enjoy :