PSWindowsUpdate June 7, 2019, 9:24 a.m.

This is a fork of Michal Gajda's PSWindowsUpdate PowerShell module. The original module can be found on the PowerShell Gallery.

windows github powershell

Windows Update Agent API June 7, 2019, 9:23 a.m.

The Windows Update Agent (WUA) API is a set of COM interfaces that enable system administrators and programmers to access Windows Update and Windows Server Update Services (WSUS). Scripts and programs can be written to examine which updates are currently available for a computer, and then you can install or uninstall updates.

windows scripting

A Treatise on Group Policy Troubleshooting–now with GPSVC Log Analysis! April 10, 2019, 3:09 p.m.

This guide outlines basic steps used to troubleshoot Group Policy application errors using the Group Policy Service Debug logs (gpsvc.log).

Enable by setting HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics\GPSvcDebugLevel REG_DWORD to 30002 (hex), and ensure %windir%\debug\usermode exists. The gpsvc.log log will be created in this directory when updating group policy (eg gpupdate /force).

windows troubleshooting group policy

How Healthy is your LAPS Environment? April 6, 2019, 3:41 p.m.

LAPS is easy to deploy and works great. The challenge comes in knowing if it’s actually working. How do you know if your machines have ever set the password? Or maybe they set it once and haven’t updated it since even though it’s past the designated expiration date? It’s definitely worth monitoring to ensure that your machines are operating as expected. Jiri Formacek (the creator of LAPS), threw together a small PowerShell script to provide that capability.

windows active directory security

Implementing LAPS – My way | Secure Identity April 3, 2019, 3:37 p.m.

Local Administrator Password Solution (LAPS) has been around for a while and last year it became an official supported tool by Microsoft. Since there are so many articles about it, I would like to share my tweaks. I decided to create my own LDF file to extend the schema with this two attributes because I feel that a few things are missing.

active directory security windows

So what exactly is the CLIUSR account? Nov. 14, 2018, 12:03 p.m.

This local “user” account is not an administrative account or domain account. This account is automatically created for you on each of the nodes when you create a cluster or on a new node being added to the existing Cluster. This account is completely self-managed by the Cluster Service and handles automatically rotating the password for the account and synchronising all the nodes for you. The CLIUSR password is rotated at the same frequency as the CNO, as defined by your domain policy.

windows sql server

Global Object Access Auditing is Magic Nov. 1, 2018, 3:55 p.m.

Global auditing lets you create System Access Control Lists (SACL) for the entire computer, based on file and registry. This means that instead of manually altering and maintaining SACLs on 10TB of shared files, you can instead define them implicitly and not actually modify the files at all. You can then troubleshoot an unexplained file deletion, see who keeps changing permissions on a folder, or satisfy an auditor.

active directory security windows group policy

Getting the Effective Audit Policy in Windows Nov. 1, 2018, 3:50 p.m.

You should not trust any of the Group Policy reporting tools when it comes to audit settings. There’s only one safe bet and it’s this command: auditpol.exe /get /category:*

active directory security windows group policy

Relation of InheritanceFlags and PropagationFlags to the ApplyTo values in the PermissionEntry Oct. 26, 2018, 3:17 p.m.

Permissions can be applied to the current folder, sub folders or files within folders and sub folder, or any combination of these. For every access rule there are two flags (InheritanceFlags and PropagationFlags) which together supports all possibilities.

security windows

How to perform a packet capture in Windows using netsh Oct. 25, 2018, 3:53 p.m.

Start the capture with netsh trace start capture=yes tracefile=foo.etl Stop the capture with netsh trace stop. Two files are created: and foo.etl. These files can be opened with Microsoft Message Analyzer. Once the file has been loaded into Message Analyzer you can export it to pcap to view in Wireshark.

tutorial windows networking

Microsoft Message Analyzer Oct. 25, 2018, 3:49 p.m.

Message Analyzer enables you to capture, display, and analyze protocol messaging traffic; and to trace and assess system events and other messages from Windows components.

windows tools

Troubleshooting Group Policy Using Event Logs Sept. 28, 2018, 8:53 a.m.

Most of the events in the Group Policy operational log appear in pairs. For each start event, there is an end event. End events can be successful, warning, or error events. Usually these events share the last two digits in their event ids. For example, a 4017 event appears in the event log, which represents a Group Policy component beginning a specific action. If the action completes successfully, then the Group Policy service records a 5017 event. If the action completes with errors or fails then the Group Policy service records a 6017 or 7017 event, respectively. Policy processing events use the same numbering scheme for warning and error events messages in the 8000–8007 range for Group Policy success events. You can use these numbering patterns to quickly identify warning and failure events in the Group Policy operational log.

active directory windows group policy

CRUD: When to use Create, Replace, Update or Delete in Group Policy Preferences? Sept. 17, 2018, 5:12 p.m.

Here is a quick run-down of how Create, Replace, Update and Delete behave in Group Policy Preferences.

active directory windows group policy

Post-Graduate AD Studies | Ask the Directory Services Team May 31, 2018, 5:31 p.m.

List of links to core documentation for all major AD components.

active directory windows

Active Directory FSMO Roles Explained April 4, 2018, 10:51 a.m.

Because Active Directory is a multi-master database, changes can be processed at any given domain controller (DC), regardless of whether the DC is connected or disconnected from the network. A limited number of operations are not permitted to occur at different places at the same time and must be the responsibility of only one domain controller in a domain or forest. All domain controllers are capable of performing these single master operations. The domain controller that actually performs a single-master operation is the domain controller that currently holds the operation’s token, also known as the “role holder”.The operation's token, and thus the role, can be transferred easily to another domain controller without a reboot. Because the role is not bound to a single DC, it is referred to as a Flexible Single Master Operation (FSMO) role.

active directory windows

Determine the tombstone lifetime for the forest April 4, 2018, 10:40 a.m.

The tombstone lifetime in an Active Directory forest determines how long a deleted object (called a “tombstone”) is retained in Active Directory Domain Services. The tombstone lifetime is determined by the value of the tombstoneLifetime attribute on the Directory Service object in the configuration directory partition. You can use this procedure to determine the tombstone lifetime for the forest.

active directory windows

Active Directory Replication Overview & USN Rollback: What It Is & How It Happens April 4, 2018, 10:37 a.m.

Typically when a USN goes backwards, it is due to a supported restore from backup. When this process occurs, the invocation ID changes. Since all replica partners track replication based on DC GUID, Invocation ID, and USNs, a supported restore method keeps the previous invocation ID as “retired” and effectively ignores it. The new database Invocation ID & associated USN are used to get AD changes from the DC… except when the USN rolls back with NO change in Invocation ID. This means that when a DC is in a state of USN Rollback, AD updates can be performed on that DC with none of the changes replicated to its replication partners.

active directory windows

Service overview and network port requirements for Windows March 28, 2018, 2:08 p.m.

A roadmap of ports and protocols and services that are required by Microsoft client and server operating systems, server-based applications and their subcomponents to function in a segmented network.

network security windows

Tracerpt | Microsoft Docs March 2, 2018, 5:11 p.m.

Processes event trace logs or real-time data from instrumented event trace providers and allows you to generate trace analysis reports and CSV (comma-delimited) files for the events generated.


wevtutil | Microsoft Docs March 2, 2018, 5:11 p.m.

Enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs.