How to Configure and Use a PowerShell Profile

When you open a PowerShell window to perform some work all the aliases, functions and variables you create are only available in your current session.  If you exit the session all these changes are lost.  To retain these changes from session to session you can create a Windows PowerShell profile and customize it.  The profile…

2

How to Start and Save Virtual Machines with PowerShell

I have a Hyper-V lab I run on my laptop (Windows 8.1, dual quad processor, 32G RAM, 2 HDs) that has 7-9 virtual machines (VMs) running.  When I’m done working on my lab I typically SAVE all the running VMs instead of shutting them down.  The next time I need to run the lab I…

0

PowerShell Script to Query UserAccountControl Flags

One of the services I provide as a Premier Field Engineer is performing health and security assessments in a customer’s environment and providing them a detailed report.  Recently I was performing an Offline Assessment for Active Directory Security for a customer and several accounts were flagged that had some non-standard userAccountControl flags set. The user…

1

List of Rollup Updates for Windows 8/8.1 & Windows Server 2012 / 2012 R2

I put this list together for a couple of customers who were asking for the latest Service Pack for these operating systems.  It turns out we don’t have “Service Packs” available but we do have “Update Rollups” available.  As you can see from our official terminology below they are very similar in there purpose. Service…

3

The Best MMC Keyboard shortcut ever!

I was reading an internal email thread today and one of my peers mentioned he used to use a keyboard shortcut that would expand an entire tree in a management console but could not remember what the key combination was.  When I read this I too remembered there used to be a “magic” key but…

3

How to Modify Security Inheritance on Active Directory Objects using PowerShell

A couple of weeks ago I was working with a customer analyzing a number of user accounts affected by AdminSDHolder protection.  User accounts that are members of privileged groups such as Domain Admins end up being modified so they are protected by AdminSDHolder.  There is a property named AdminCount that usually has no value that…

19

How to update the list of Name Servers on a DNS Zone with a Script

I was working with a customer this week doing some Active Directory cleanup tasks.  We were decommissioning the last of their Windows Server 2003 domain controllers so we could upgrade the domain and forest functional level to Windows Server 2008 R2 to take advantage of some new features. After removing the last Windows Server 2003…

7

How to find user accounts with Kerberos preauthentication disabled.

One of my duties as a Premier Field Engineer is to perform Active Directory Risk Assessments (aka ADRAP).  During these risk assessments we review the configuration of key components of Active Directory to determine if there are any settings that vary from our recommended practices. During almost every ADRAP I perform we get a message…

1

Understanding and Managing the Certificate Stores Used for Smart Card Logon

Recently I was onsite helping a customer clean up some certificates related to smart card logon.  One of the things I find challenging about PKI and specifically about smart card  logon is remembering how and where to publish certificates.  It seems like every time I work on an issue related to smart card logon and…

10

How to Determine Which DNS Server(s) Have Scavenging Enabled Using PowerShell

One of my duties as a Microsoft Premier Field Engineer (PFE) is to make sure the products a customer is currently using are configured properly and the customer is getting all the functionality the product provides.  Whenever I’m working with customers on any DNS issue I always check to see if they are using DNS…

9