Cluster and Stale Computer Accounts Nov. 12, 2018, 8:38 a.m.

A Failover Cluster does not update the lastLogonTimeStamp the same way as a real computer. A cluster updates the lastLogonTimeStamp when it brings a clustered network name resource online. Once online, it caches the authentication token. Therefore, a clustered network named resource working in production for months will never update the lastLogonTimeStamp. This appears as a stale computer account to the AD administrator.

Global Object Access Auditing is Magic Nov. 1, 2018, 3:55 p.m.

Global auditing lets you create System Access Control Lists (SACL) for the entire computer, based on file and registry. This means that instead of manually altering and maintaining SACLs on 10TB of shared files, you can instead define them implicitly and not actually modify the files at all. You can then troubleshoot an unexplained file deletion, see who keeps changing permissions on a folder, or satisfy an auditor.

Getting the Effective Audit Policy in Windows Nov. 1, 2018, 3:50 p.m.

You should not trust any of the Group Policy reporting tools when it comes to audit settings. There’s only one safe bet and it’s this command: auditpol.exe /get /category:*

Relation of InheritanceFlags and PropagationFlags to the ApplyTo values in the PermissionEntry Oct. 26, 2018, 3:17 p.m.

Permissions can be applied to the current folder, sub folders or files within folders and sub folder, or any combination of these. For every access rule there are two flags (InheritanceFlags and PropagationFlags) which together supports all possibilities.

How to perform a packet capture in Windows using netsh Oct. 25, 2018, 3:53 p.m.

Start the capture with netsh trace start capture=yes tracefile=foo.etl Stop the capture with netsh trace stop. Two files are created: foo.cab and foo.etl. These files can be opened with Microsoft Message Analyzer. Once the file has been loaded into Message Analyzer you can export it to pcap to view in Wireshark.

Microsoft Message Analyzer Oct. 25, 2018, 3:49 p.m.

Message Analyzer enables you to capture, display, and analyze protocol messaging traffic; and to trace and assess system events and other messages from Windows components.

Working with upcoming posts in Jekyll Oct. 14, 2018, 7:54 p.m.

With published settings (published: false), with future dated posts (jekyll serve --future), with drafts folder (jekyll serve --drafts).

Ansible Debug Print All Variables Oct. 5, 2018, 10:31 a.m.

Display all variables/facts known for a host

- name: Display all variables/facts known for a host
  debug:
    var: hostvars[inventory_hostname]

Troubleshooting Group Policy Using Event Logs Sept. 28, 2018, 8:53 a.m.

Most of the events in the Group Policy operational log appear in pairs. For each start event, there is an end event. End events can be successful, warning, or error events. Usually these events share the last two digits in their event ids. For example, a 4017 event appears in the event log, which represents a Group Policy component beginning a specific action. If the action completes successfully, then the Group Policy service records a 5017 event. If the action completes with errors or fails then the Group Policy service records a 6017 or 7017 event, respectively. Policy processing events use the same numbering scheme for warning and error events messages in the 8000–8007 range for Group Policy success events. You can use these numbering patterns to quickly identify warning and failure events in the Group Policy operational log.

CRUD: When to use Create, Replace, Update or Delete in Group Policy Preferences? Sept. 17, 2018, 5:12 p.m.

Here is a quick run-down of how Create, Replace, Update and Delete behave in Group Policy Preferences.

List Group Policy Client Side Extensions Sept. 4, 2018, 3:50 p.m.

The order of Client Side Extensions are the order you see in the registry, and that is the order you see in my list as well. But, yes normally there is a but as well Smile the first CSE to be applied is {35378EAC-683F-11D2-A89A-00C04FBBCFA2}, this is the one for Registry/Administrative Templates this also includes if you write an ADMX template on your own, this will be applied first.

function Get-GPClientSideExtensions {
    Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions" | foreach {
        $guid = ($_.Name).Split("\") | Select -Last 1
        $props = Get-ItemProperty $_.PSPath

        # Guessing CSE name in order (default), ProcessGroupPolicy, ProcessGroupPolicyEx
        if ($props.'(default)') {
            $description = $props.'(default)'
        } elseif ($props.ProcessGroupPolicy) {
            $description = $props.ProcessGroupPolicy
        } elseif ($props.ProcessGroupPolicyEx) {
            $description = $props.ProcessGroupPolicyEx
        } elseif ($gpeGuid = "{35378EAC-683F-11D2-A89A-00C04FBBCFA2}") {
            $description = "Administrative Templates"
        } else {
            $description = "Error guessing CSE name"
        }

        [PSCustomObject] @{
            GUID = $guid
            Description = $description
        }
    }
}

Borg, Omega, and Kubernetes July 31, 2018, 8:53 a.m.

Though widespread interest in software containers is a relatively recent phenomenon, at Google we have been managing Linux containers at scale for more than ten years and built three different containermanagement systems in that time. Each system was heavily influenced by its predecessors, even though they were developed for different reasons. This article describes the lessons we’ve learned from developing and operating them.

Monitoring temperature and humidity with a Raspberry Pi 3, DHT22 sensor, InfluxDB and Grafana July 25, 2018, 10:34 p.m.

Connect to SQL Server When System Administrators Are Locked Out July 19, 2018, 2:15 p.m.

Start the instance of SQL Server in single-user mode by using either the -m or -f options. Any member of the computer's local Administrators group can then connect to the instance of SQL Server as a member of the sysadmin fixed server role.

A Tutorial Introduction to Kubernetes July 6, 2018, 8:57 a.m.

Kubernetes is the hottest kid on the block among container orchestration tools right now. In this tutorial, I want to document my journey of learning Kubernetes, clear up some points that tripped me as a beginner, and try to explain the most important concepts behind how it works.

TinyJPG – Compress JPEG images intelligently July 4, 2018, 12:28 p.m.

TinyJPG reduces the file size of JPEG images. Every uploaded image is analyzed to apply the best possible JPEG encoding. Based on the content of your image an optimal strategy is chosen.

Should I leave now? We look at Auckland Traffic Data June 28, 2018, 9:04 a.m.

There is a linear relationship between the time you want to leave and how busy the traffic will be at the time. If you normally leave your house at 7am and you are planning to leave at 7.30am, this will add another 10 minutes to your total travel time. So, every half an hour is equivalent to 10 minutes additional travel time when getting into the city in the morning hours, and leaving the city in the afternoon.

Post-Graduate AD Studies | Ask the Directory Services Team May 31, 2018, 5:31 p.m.

List of links to core documentation for all major AD components.

Report and Edit AD Site Links From PowerShell May 24, 2018, 10:30 a.m.

Optimising AD inter-site transport settings.

A list of dumb (and not so dumb) things to check May 6, 2018, 8:09 p.m.

When you are debugging a problem for hours and hours, you suddenly realise, "I bet it's something really dumb!" It often is. Therefore, we present: a list of dumb (and not so dumb) things to check