This is a fork of Michal Gajda's PSWindowsUpdate PowerShell module. The original module can be found on the PowerShell Gallery.windows github powershell
The Windows Update Agent (WUA) API is a set of COM interfaces that enable system administrators and programmers to access Windows Update and Windows Server Update Services (WSUS). Scripts and programs can be written to examine which updates are currently available for a computer, and then you can install or uninstall updates.windows scripting
This guide outlines basic steps used to troubleshoot Group Policy application errors using the Group Policy Service Debug logs (gpsvc.log).
Enable by setting
30002 (hex), and ensure
%windir%\debug\usermode exists. The
gpsvc.log log will be created in this directory when updating group policy (eg
LAPS is easy to deploy and works great. The challenge comes in knowing if it’s actually working. How do you know if your machines have ever set the password? Or maybe they set it once and haven’t updated it since even though it’s past the designated expiration date? It’s definitely worth monitoring to ensure that your machines are operating as expected. Jiri Formacek (the creator of LAPS), threw together a small PowerShell script to provide that capability.windows active directory security
Local Administrator Password Solution (LAPS) has been around for a while and last year it became an official supported tool by Microsoft. Since there are so many articles about it, I would like to share my tweaks. I decided to create my own LDF file to extend the schema with this two attributes because I feel that a few things are missing.active directory security windows
This local “user” account is not an administrative account or domain account. This account is automatically created for you on each of the nodes when you create a cluster or on a new node being added to the existing Cluster. This account is completely self-managed by the Cluster Service and handles automatically rotating the password for the account and synchronising all the nodes for you. The CLIUSR password is rotated at the same frequency as the CNO, as defined by your domain policy.windows sql server
Global auditing lets you create System Access Control Lists (SACL) for the entire computer, based on file and registry. This means that instead of manually altering and maintaining SACLs on 10TB of shared files, you can instead define them implicitly and not actually modify the files at all. You can then troubleshoot an unexplained file deletion, see who keeps changing permissions on a folder, or satisfy an auditor.active directory security windows group policy
You should not trust any of the Group Policy reporting tools when it comes to audit settings. There’s only one safe bet and it’s this command:
auditpol.exe /get /category:*
Permissions can be applied to the current folder, sub folders or files within folders and sub folder, or any combination of these. For every access rule there are two flags (
PropagationFlags) which together supports all possibilities.
Start the capture with
netsh trace start capture=yes tracefile=foo.etl Stop the capture with
netsh trace stop. Two files are created:
foo.etl. These files can be opened with Microsoft Message Analyzer. Once the file has been loaded into Message Analyzer you can export it to pcap to view in Wireshark.
Message Analyzer enables you to capture, display, and analyze protocol messaging traffic; and to trace and assess system events and other messages from Windows components.windows tools
Most of the events in the Group Policy operational log appear in pairs. For each start event, there is an end event. End events can be successful, warning, or error events. Usually these events share the last two digits in their event ids. For example, a 4017 event appears in the event log, which represents a Group Policy component beginning a specific action. If the action completes successfully, then the Group Policy service records a 5017 event. If the action completes with errors or fails then the Group Policy service records a 6017 or 7017 event, respectively. Policy processing events use the same numbering scheme for warning and error events messages in the 8000–8007 range for Group Policy success events. You can use these numbering patterns to quickly identify warning and failure events in the Group Policy operational log.active directory windows group policy
Here is a quick run-down of how Create, Replace, Update and Delete behave in Group Policy Preferences.active directory windows group policy
List of links to core documentation for all major AD components.active directory windows
Because Active Directory is a multi-master database, changes can be processed at any given domain controller (DC), regardless of whether the DC is connected or disconnected from the network. A limited number of operations are not permitted to occur at different places at the same time and must be the responsibility of only one domain controller in a domain or forest. All domain controllers are capable of performing these single master operations. The domain controller that actually performs a single-master operation is the domain controller that currently holds the operation’s token, also known as the “role holder”.The operation's token, and thus the role, can be transferred easily to another domain controller without a reboot. Because the role is not bound to a single DC, it is referred to as a Flexible Single Master Operation (FSMO) role.active directory windows
The tombstone lifetime in an Active Directory forest determines how long a deleted object (called a “tombstone”) is retained in Active Directory Domain Services. The tombstone lifetime is determined by the value of the
tombstoneLifetime attribute on the Directory Service object in the configuration directory partition. You can use this procedure to determine the tombstone lifetime for the forest.
Typically when a USN goes backwards, it is due to a supported restore from backup. When this process occurs, the invocation ID changes. Since all replica partners track replication based on DC GUID, Invocation ID, and USNs, a supported restore method keeps the previous invocation ID as “retired” and effectively ignores it. The new database Invocation ID & associated USN are used to get AD changes from the DC… except when the USN rolls back with NO change in Invocation ID. This means that when a DC is in a state of USN Rollback, AD updates can be performed on that DC with none of the changes replicated to its replication partners.active directory windows
A roadmap of ports and protocols and services that are required by Microsoft client and server operating systems, server-based applications and their subcomponents to function in a segmented network.network security windows
Processes event trace logs or real-time data from instrumented event trace providers and allows you to generate trace analysis reports and CSV (comma-delimited) files for the events generated.windows
Enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs.windows