Security on Anything About IT

Exploring IdentityAccountInfo - Building a KQL Query to Assess Identity Password Security Posture

Sat, 06 Dec 2025 12:27:02 +0000

Recently Microsoft Defender XDR introduced a new table called IdentityAccountInfo, and this one immediately caught my attention. It brings several interesting attributes into Advanced Hunting, including LastPasswordChangeTime and even the sensitivity classification of an identity.

Naturally, my first thought was: this is perfect material for some hunting logic, so let’s build a KQL query out of it.

Why am I excited about this? Because it finally allows us to query identity hygiene data straight from Defender. No external inventory dumps, no AD scripting, just KQL.

Defender for Identity - Automatic Windows Event Auditing Configuration

Sat, 22 Nov 2025 14:29:46 +0000

One of the most common issues we encounter during Defender for Identity assessments is misconfiguration. Many organizations assume that installing the sensor is the final step, but proper post-installation configuration is just as important.

In particular, enabling the required Windows event auditing policies is essential for full detection capabilities. Without these settings, functionality is degraded and health notifications start to appear.

Defender for Identity relies on specific Windows audit categories and subcategories to capture critical events.

Collect Microsoft Entra Connect Sync Audit Events

Sat, 06 Sep 2025 15:32:18 +0000

Microsoft Entra Connect Sync now includes an admin audit logging capability that is enabled by default. This gives organizations visibility into configuration changes performed by Global Administrators, Hybrid Administrators, and local server administrators.

In this post, we walk through how to forward those Microsoft Entra Connect Sync audit events into Microsoft Sentinel for centralized monitoring and investigation.

Check the Microsoft Entra Connect Sync Version

In the Entra portal, go to Entra Connect > Connect Sync > Microsoft Entra Connect Health > Sync Services > your service > Microsoft Entra Connect Servers > your server > Properties > Synchronization.

Shedding Light on Dormant Sensitive Accounts

Tue, 08 Jul 2025 15:34:54 +0000

Dormant sensitive accounts are a high-risk identity exposure. In Microsoft Defender XDR, the recommendation Remove dormant accounts from sensitive groups helps surface these accounts, including whether they are inactive, disabled, or have expired credentials.

You can export the detected entities, but the export often contains limited context. In many cases, you only get entity names or SID values, which makes remediation harder when you need ownership and organizational details.

A practical approach is to use the SID values to enrich the result set with identity attributes from IdentityInfo. You can quickly build a SID variable list using KustoVars, then query Defender XDR for additional context.

Microsoft Defender for Endpoint - Security Settings Management Internals 0x1

Sun, 28 Apr 2024 12:25:01 +0000

In this post, we take a closer look at how Microsoft Defender for Endpoint Security Settings Management works behind the scenes, especially for Windows Server scenarios.

Entra ID Device Registration

Because Intune policy assignment is group-based, devices need an object in Entra ID. If a server already has an existing registration (for example Hybrid Join), that object is reused. If not, a synthetic device identity is created in Entra ID so the device can retrieve policy.

Assessment and Control of Browser Extensions

Sun, 19 Jun 2022 21:38:01 +0000

In this blog post we take a look at browser extensions and how Microsoft Defender for Endpoint, Microsoft Defender Threat and Vulnerability Management and system configuration policies can help us to gain control over the use of browser extensions.

What is a Browser Extension?
Where are Extensions installed
Browser Extension Permissions
Using advanced hunting to identify browser extension downloads
Browser Extension inventory in Microsoft Defender Threat and vulnerability Management
Controlling the use of Browser Extensions

What is a browser extension?

A browser extension is a small software module for customizing a web browser. An extension improves a user’s browsing experience. It usually provides a niche function that is important to a target audience.

How To Detect the Log4Shell Vulnerability (CVE-2021-44228) with Microsoft Endpoint Configuration Manager

Tue, 14 Dec 2021 21:25:13 +0000

Hello there,

These days everyone is trying to identify devices that are vulnerable to the Log4Shell Vulnerability (CVE-2021-44228). If your only systems management tool is Microsoft Endpoint Configuration Manager this blog is for you.

You can of course create device collections based on installed programs, however log4j-core.jar files can be found in several locations in and outside the Program files folder. So in order to identify these files, we have to search for them on the entire disk. Here’s the script I prepared for that.

Defender for Endpoint - unified solution for Windows Server 2012 R2 and 2016 (Part1)

Sun, 24 Oct 2021 16:20:59 +0000

Hello everyone,

Just in case you missed this, earlier in October, Microsoft announced the public preview for the Microsoft Defender for endpoint, unified solution for Windows Server 2012 R2 and 2016 that enables additional protection features and brings a high level of parity with Microsoft Defender for endpoint on Windows Server 2019. The unified solution also provides a much simpler onboarding experience.

Before taking a closer look at the new unified solution, let’s briefly look at how things worked until now. Onboarding Windows 10 and Windows Server 2019 is simple, all you need to do is run an onboarding script that basically enables the Microsoft Defender for Endpoint component that is already built-in the operating system, i.e. there’s no need to deploy and install any additional software. Things are different with Windows Server 2012-R2 and Windows Server 2016 though.

Detect Audit Policy Modifications with Microsoft 365 Defender

Sun, 26 Sep 2021 20:15:06 +0000

Hello there,

In today’s blog post I want to share with you an advanced hunting query to detect audit policy modifications using Microsoft Defender 365 advanced hunting. Following the MITRE ATT&CK framework this would be T1484.001 Domain Policy Modification: Group Policy Modification.

Microsoft Defender for Endpoint can help us detect audit policy modifications by running the following query:

Detailed information about the audit policy changes is displayed in the AdditionalFields data. Now all we need to do is to translate these values into human readable data.

Use advanced hunting to Identify Defender clients with outdated definitions

Wed, 25 Aug 2021 15:21:28 +0000

In an ideal world all of our devices are fully patched and the Microsoft Defender antivirus agent has the latest definition updates installed. Unfortunately reality is often different. When using Microsoft Endpoint Manager we can find devices with outdated definition updates through the Microsoft Endpoint Manager portal as shown in the example below.

Now in my opinion it must be the IT infrastructure operations team’s responsibility to ensure that devices get their patches installed and Defender gets its platform and definition updates. But sometimes the reason for devices not getting updates is because the platform used to manage the deployment of these updates might have an issue, be on the backend or client side.

Use Microsoft Endpoint Configuration Manager to Configure the Windows Print Spooler Service

Sat, 10 Jul 2021 15:07:17 +0000

Hello there,

In my earlier post Use Microsoft Endpoint Configuration Manager to stop the Windows Print Spooler Service – Anything about IT (verboon.info) I explained how to stop the Print Spooler service using Microsoft Endpoint Configuration Manager leveraging CMPivot to identify servers where the Print Spooler is running and the Run Script function to stop and disable the service. This method was intended as a first response action, however as new servers get deployed, we want to make sure the print spooler remains disabled, so we need a more permanent solution.

How to remediate Defender for Endpoint onboarding with ConfigMgr

Thu, 25 Feb 2021 18:57:49 +0000

During the past 5 years I have onboarded a couple of thousand devices into Microsoft Defender for Endpoint and can say that, provided that you done your homework with regards to network connectivity, onboarding devices into Defender for Endpoint usually just works. But as always in IT, there are exceptions.

Should you ever run into an issue with onboarding devices, I recommend checking the guidance provided here: Troubleshoot Microsoft Defender for Endpoint onboarding issues. Now if you have just a couple of devices to manage you will most likely spot any missing device within the Defender for Endpoint management portal, but what if you have several hundred or even thousands of devices? How would you find out that that particular device Computer0073 in Building D1 on the 6th floor is not correctly onboarded?

Preparing my Application Guard for Office test lab

Sat, 21 Nov 2020 17:24:13 +0000

Hello everyone, today I wanted to see application guard for office in action. If you are not familiar with application guard for office, I suggest you read the following articles / documentation.

And now let me walk you through the steps to get application guard for office working in your test lab.

Deploy Windows 10 20H1 or 20H2
When running your test client in Hyper-V you have to enable nested virtualization so that we can later enable Application Guard
Next, we turn on the Microsoft Defender Application Guard. Now if your system does not meet the minimum requirements the option is greyed out as shown in the screenshot below. But luckily there is a workaround described here. Once you have added these registry keys, you will be able to enable Application Guard
Now we have to enable Microsoft Defender Application Guard in managed mode, so that it can be used for Microsoft Edge and Office. Open the Group Policy editor and navigate to: Computer Configuration \ Administrative templates \ Windows Components \ Microsoft Defender Application Guard and open the setting: Turn on Microsoft Defender Application Guard in Managed Mode and set the value to 3 If you want to enable Application Guard for Edge and Office or 2 for Office only.
Now that we have Defender Application Guard ready, let us move on to Office. The official documentation mentions Office Beta Channel Build version 2008 16.0.13212 or later, however as per this announcement it should work with the Insider current channel as well. Configure the following group policy settings for Office 365 Apps for Enterprise to enable insider releases:User Configuration \ Administrative Templates \ Microsoft Office 2016 \ miscellaneous \ Show the option for Office Insider

Monitoring Service principal sign-ins with AzureAD and Azure Sentinel

Sat, 10 Oct 2020 14:14:12 +0000

Here is a conversation between Jeffrey (Developer) and Marc (IT Admin) working for ECorp Ltd.

Looks familiar? Take a look in your Azure Active directory, how many applications do you have there? In an ideal world you maintain an inventory of all these applications somewhere in your asset management database so that you know who is the owner of the Application and what it is used for and what API permissions are granted. As for the client secret, this should be stored in a Vault.

MTP Advanced Hunting – Public free E-Mail services

Tue, 22 Sep 2020 22:06:48 +0000

Today I received an e-mail from a customer explaining to me that at times they have false positives with e-mail Impersonation. Depending on your configuration the e-mail will end up being moved to the user’s junk folder or into quarantine. When releasing such a message and have safety tips turned on, you might see the following message at the top of the message.

Reading Tip: Protect yourself from phishing schemes and other forms of online fraud

Hunting for Local Group Membership changes

Sun, 06 Sep 2020 08:22:11 +0000

Hello there,

A couple of days ago, someone in a forum asked whether it would be possible to detect changes to the local administrator’s group using Microsoft Defender Advanced Threat protection. Before I continue why would you want to monitor such changes? Well here is what comes to my mind:

An attacker tries to maintain persistence, creates an account, and adds it to the local administrator’s group. T1136.001 - Create Account: Local Account
A user obtained a LAPS password and misuses the temporary permission to add their own account to the local administrative group
Local IT support works on fixing an issue, adds the user to the local administrator’s group, but forgets to remove the account after the issue is being resolved
In the days of COVID19, IT sometimes is in a rush and does anything to enable their users to work, a user is quickly added to the local administrators or remote desktop users group to enable them to use Remote Desktop Services (RDP)

Now the good news is, yes changes to local groups can be detected. As you can see from the screenshot below Microsoft Defender ATP exposes UserAccountAddedToLocalGroup ActionType in the DeviceEvents table.

Defender ATP Advanced hunting with TI from URLhaus

Sun, 21 Jun 2020 14:57:47 +0000

Hello everyone, in today’s article we are going to take look at how we can use Threat Intelligence (TI) data from URLhaus with Microsoft Defender ATP advanced hunting.

URLhaus

URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution. https://urlhaus.abuse.ch/ The project provides several ways to find and retrieve information about malware URLs.

You can browse the URL database interactively through https://urlhaus.abuse.ch/browse/

Managing Time Zone and Date formats in Microsoft Defender Security Center

Tue, 09 Jun 2020 15:49:25 +0000

When you receive security alerts or are investigating security related events , the aspect of time is important element. By default, date and time is displayed in Coordinated Universal Time (UTC) within the Microsoft Defender security center portal.

In todays’ blog post, I want to provide you with some insights and tips how to manage Timezone and the date time format within the Microsoft Defender security center.

Time zones

You can use the Time zone menu to change the time to your local time.

Advance your Microsoft Defender ATP hunting skills using the Atomic execution framework

Fri, 05 Jun 2020 12:38:56 +0000

Hello everyone, during the past months I took a closer look at MITRE ATT&CK to advance my hunting skills using Microsoft Defender Advanced Threat Protection. For those not familiar with MITRE ATT&CK, in short, it is a knowledge base knowledge base of adversary tactics and techniques based on real-world observations.

To familiarize myself with MITRE ATT&CK, I first started reading through all the tactics and techniques, to be honest while reading, I often couldn’t resists to get my hands on the keyboard and try things out, but I kept discipline and completed studying all the content first.

Meet the new Microsoft Defender ATP evaluation lab

Sun, 24 May 2020 14:23:52 +0000

This week Hadar Feldmann, senior program manager and security researcher at Microsoft announced the public preview of the new Microsoft Defender ATP evaluation lab that now includes two attack simulation solutions from AttackIQ and SafeBreach. The term ’evaluation’ might indicate that the lab is only intended for new customers hat are in the process of evaluating Microsoft Defender ATP, but that’s not the case, personally I think that it is also a perfect playground for existing customers to advance their investigation and hunting skills using Microsoft Defender ATP.

Windows 10 2004 - What is new in the Windows Security App

Thu, 21 May 2020 13:10:05 +0000

When all goes well, Microsoft will soon release the next version of Windows 10 aka as Windows 10 2004. I am an active Windows Insider user and noticed a few little changes within the Windows 10 Security App that I think are worth sharing.

I used the following Windows 10 builds to identify changes, new features:

Windows 10, 1909, Version 10.0.18363.836
Windows 10, 2004, Version 10.0.19628.1

Windows Security App Icon

First thing you will notice is that there is a new tray icon. Windows 10 – 1909 Windows 10 - 2004

How to create your Defender ATP Admin Audit Log Dashboard

Sat, 11 Apr 2020 20:11:07 +0000

Hello everyone,

In today’s blogpost I will walk you through the process of creating an admin audit log dashboard for Defender Advanced Threat Protection. During my past customer engagements, I was often asked if there is a way to show device actions taken by Defender ATP admins. The answer is yes, this is possible. First the information is available through the Defender ATP API, second the information is also stored within the Windows event log of the device itself.

How to generate a monthly Defender ATP Threat and Vulnerability Report

Sun, 10 Nov 2019 23:00:53 +0000

Update 11 January 2020 - Microsoft has updated the Advanced Hunting Schema, so ComputerName is now DeviceName in the queries.

Just recently Microsoft announced that the Defender ATP advanced hunting schema was extended with the following tables:

DeviceTvmSoftwareInventoryVulnerabilities
DeviceTvmSoftwareVulnerabilitiesKB
DeviceTvmSecureConfigurationAssessment
DeviceTvmSecureConfigurationAssessmentKB

This allows us to run advanced hunting queries to find and extract Defender ATP TVM data.

https://gist.github.com/alexverboon/d22727c0c8f0d8ca32953b5e2c79ba7f

Now the people in your organization who are responsible for threat and vulnerability management might not necessarily have the knowledge of using the advanced hunting query language or are provided access to the Defender ATP console. So why not just send them a monthly report? Following is how to create a monthly Defender ATP TVM report using advanced hunting and Microsoft Flow.

Importing GPO Security Baselines with PowerShell

Mon, 07 Oct 2019 19:00:42 +0000

Okay there’s this rule , if you do something manually for the third time, it’s about time to think of automating it. Here’s a script that I created to create Group Policy Objects and import the security baseline settings. The script will work with any security baseline that is provided with Group Policy backups e.g. Microsoft Security baseline, CIS, NSA.

Let me show you this with an example:

First download the latest Microsoft Security baseline which is included in the Microsoft Security Compliance Toolkit. https://www.microsoft.com/en-us/download/details.aspx?id=55319 there download Windows 10 Version 1903 and Windows Server Version 1903 Security Baseline - Sept2019Update.zip and Office365-ProPlus-Sept2019-FINAL.zip (or just the latest versions available).

How to accelerate your Microsoft Defender ATP Evaluation

Tue, 06 Aug 2019 20:09:12 +0000

As with almost any solution, one of the time consuming activities is to get the prerequisites in place until you get things up and running, this is no different with Microsoft Defender Advanced Threat Protection. Although the solution itself is entirely hosted in the cloud, there are a few prerequisites on the client side that must be put in place before you can get your hands on MDATP. Getting these prerequisites in place is no rocket science but depending on the organization, even getting a few Windows 10 test clients prepared and a few service URLs approved to go through the firewall/proxy can trigger a lot of internal processes that must be reviewed, approved and executed. Going through such processes makes perfect sense when conducting a proof of concept / pilot or production deployment within an organizations production environment, but what if you have little time and just want to get an idea of how Microsoft Defender ATP works and want to see it in action?

The case of Running the Device and Credential Guard Hardware Readiness Tool and unknown architecture

Fri, 31 May 2019 15:47:53 +0000

To close this week, let me share my findings with you about running the Windows Device and Credential Guard Hardware Readiness Tool and the unknown architecture error.

Believe it or not, there are still people, probably more than I assume, that run Windows in their native language instead of English. I can understand when end users do so, but honestly when administrating an infrastructure? Anyway, I recently worked for a client where the UI is set to German language, well after 10 minutes I felt so lost that I had to install the English language pack to become productive. While supporting the client to get ready for the Deployment of Windows Defender Credential Guard, following best practices I executed the Device Guard and Credential Guard Hardware Readiness Tool on one of their devices and got the following error:

Managing Role Based Access (RBAC) for Microsoft Defender Advanced Threat Protection

Fri, 24 May 2019 13:00:49 +0000

I spend quite some time during the week travelling to and from customers, to make the best use of travel time, I usually read blogs and tweets or take online trainings to keep myself up to date about whatever interests me. Yesterday I noticed a tweet from someone regarding MDATP Portal access “Security Administrator can’t be assigned to staff in my org. It’s too powerful.” Maybe not everyone is aware of the RBAC capabilities in MDATP so I through it might be worth a blog post. Here we go.

How to Configure Splunk to pull Windows Defender ATP alerts

Thu, 28 Mar 2019 15:17:22 +0000

Windows Defender ATP provides SIEM integration, allowing you to pull alerts from Windows Defender ATP Security Center into Splunk. The SIEM integration uses the Windows Defender ATP Alerts Rest API. Since I have an actual customer demand for such an integration, I thought it’s about time to get a feel for how this works.

Prerequisites

An active Windows Defender ATP subscription with portal admin access
Windows Defender ATP SIEM integration enabled within the portal.

How to enable DKIM in Office 365

Thu, 17 Jan 2019 18:17:14 +0000

Just in case you are not familiar with what DKIM is all about but still interested, I suggest you first read Use DKIM to validate outbound email sent from your custom domain in Office 365 If you’re looking for detailed instructions how to enable DKIM in Office 365 continue reading.

Prerequisites

Windows PowerShell
PowerShell Script Validate-DkimConfig.ps1 download from here
Access to Exchange Online through PowerShell
Access to DNS

Update 23.3.2020 The above link to the script is no longer working, so you can get the script from here: https://gist.github.com/alexverboon/cbe8c6964b5af01bfb3f43dd605acee4

How to monitor your Azure AD emergency account with Cloud App Security

Wed, 09 Jan 2019 21:11:35 +0000

As a best practice you should have at least one or two emergency accounts in your Azure Active Directory. You would use these accounts in the event where due to a configuration mistake you inadvertently locked yourself out of the Azure Active Directory or when for some reason you can’t use MFA that should be enabled on all administrative accounts.

For more guidance about creating emergency accounts I suggest you read Manage emergency access accounts in Azure AD.

Anything About IT turns 10 today

Thu, 10 May 2018 14:50:47 +0000

On the 10th of May 2008, I wrote my first blog post here “Growing WIM files”. I recently read through the archive and thought of all those moments where sometimes I spend just a few minutes, hours and sometimes even days preparing for a new blog post.

By writing this blog I learned a lot about various tools, products and scripting and hope that now and then, one or the other blog post has helped someone else to solve a problem or expand their knowledge. Looking back at the very first blog layout it feels like wen watching movies from the 80’s, how on earth could I have chosen such a blog layout?

Collecting NetTcpConnection and Process information with PowerShell

Thu, 08 Feb 2018 14:28:19 +0000

if you need information on active TCP connections, you probably start with the netstat command When using the -b or -o parameter netstat will also list the executable involved in creating the process respectively the owing Process ID.

The output then looks as following.

In PowerShell we can use Get-NetTCPConnection to retrieve TCP connection information.

When suspecting that something malicious is running on a device, I look at the TCP connections and want to know more about the executable that owns the process. I am also interested in who’s owning the domain and where it’s geographically located. And so another cmdlet was born. Get-NetConnectionDetails

Automating CIS-CAT Pro with PowerShell

Tue, 06 Feb 2018 20:34:49 +0000

CIS-CAT stands for Center for internet Security Configuration Assessment Tool. The CIS-CAT tool is used to perform configuration and vulnerability assessments. The Pro version is only available to CIS members, however if you want to try out the software, you can download the CIS-CAT Lite version from here: https://www.cisecurity.org/introducing-cis-cat-lite/ Note that the Lite version does not include the command line interface, so you won’t be able to use the automation described in this blog post. But you’re still welcome to continue reading this blog post. An overview of the CIS-CAT Pro can be found here: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/

Exploring Microsoft Security Update information with PowerShell

Fri, 29 Dec 2017 13:36:30 +0000

Nowadays regular deployment of security updates is a must, whether at home or within the enterprise. If you are responsible to keep systems up to date you deploy the latest updates as soon as possible. But it is equally important to understand the vulnerabilities being addressed by these updates.

The Microsoft Security Update Guide allows you to find detailed information about security updates. Go to https://portal.msrc.microsoft.com/en-us/ and select “Go to the security update Guide”

How to check if Control Flow Guard is enabled

Sat, 29 Jul 2017 10:53:56 +0000

How to check if Control Flow Guard is enabledControl Flow Guard helps mitigate exploits that are based on flow between code locations in memory. Control Flow Guard (CFG) is a mitigation that requires no configuration within the operating system, but instead is built into software when it’s compiled. So how to check if an Application is Control Flow Guard is enabled? For my own testing purposes I created two executables one called ConsoleApplication1.exe that has CFG enabled and ConsoleApplication1_NO_CFG.exe. One way to find out whether a running application has CFG enabled is to use the sysinternals process explorer utility. If you have Visual Studio installed, the you can use dumpbin.exe with the /HEADERS flag, then look for the DLL characteristics section. Another nice utility I found is PELook from bytepointer.com Now while the above described methods are fine to look at an individual application, what if we wanted to scan an entire system with software installed? Use PowerShell!Luckily, I didn’t have to do all the work from scratch. I found the Get-PESecurity module from Eric Gruber on GitHub here. The Get-PESecurity module checks if a Windows binary has been compiled with ASLR, DEP, SafeSEH, StrongNaming and Authenticode. But it didn’t show the Control Flow Guard information. After I familiarized myself a little bit with the PE format specification on MSDN I learned that the information whether an image supports Control Flow Guard is stored in the DLLCharacteristics constant “GUARD_CF” with a value of 0x4000. So I extended the Get-PESecurity module here and there to add support for CFG. You can find my forked version of the Get-PESecurity PowerShell module which includes support for CFG here: https://github.com/alexverboon/PESecurityIf your company has in-house software developers encourage them to compile their applications with Control Flow Guard enabled. Additional resources I found while exploring CFGhttps://msdn.microsoft.com/en-us/library/windows/desktop/mt637065(v=vs.85).aspx http://sjc1-te-ftp.trendmicro.com/assets/wp/exploring-control-flow-guard-in-windows10.pdf https://docs.microsoft.com/en-us/windows/threat-protection/overview-of-threat-mitigations-in-windows-10 https://lucasg.github.io/2017/02/05/Control-Flow-Guard https://github.com/NetSPI/PESecurity https://blog.trailofbits.com/2016/12/27/lets-talk-about-cfi-microsoft-edition https://blogs.technet.microsoft.com/askpfeplat/2017/04/24/windows-10-memory-protection-features

Untitled Draft 6973

Tue, 28 Feb 2017 21:00:53 +0000

Untitled Post 6973

Tue, 28 Feb 2017 21:00:53 +0000

Microsoft Operations Management Suite - Notes

Sun, 18 Dec 2016 18:54:58 +0000

Below are a number of resources

TechNet Inside the Microsoft Operations Management Suite [e-book]

PowerShell Script - Get-IscMSSecBulletinInfo

Wed, 06 Apr 2016 22:03:52 +0000

Hey there, the Internet Storm Center recently extended their Rest API with some features for Microsoft Patch Data. So where there is a REST API, there’s an opportunity for a PowerShell Script. The Get-IscMSSecBulletinInfo can be found here: https://github.com/alexverboon/posh/blob/master/Security/Get-IscMSSecBulletinInfo.ps1

Cheers

/Alex

test

Sun, 10 Aug 2014 15:47:14 +0000

	get-process

How to add your preferred Topics to your TechNet Forums profile

Mon, 23 Sep 2013 22:27:15 +0000

Not too long ago Microsoft introduced a new look and feel of the TechNet forums. I am not going to comment here whether this was a good move, but do know that lots of folks have challenges in getting to their preferred forums. While attending the System Center Universe conference last week, someone again mentioned having trouble finding their content in the new TechNet forums. Reason enough to provide a brief explanation how things work.

Bill Gates announcing the Surface in 1991

Mon, 13 May 2013 20:28:48 +0000

Being interested in computer history, now and then I look at old recordings and found Bill Gates announcing the Touch Sensitive Surface 21 years before Steve Ballmer made the announcement in 2012.

Bill Gates mentions “Surface” near 2.22 mins.

How to create a custom antimalware policy in SCCM 2012 for your App-V sequencing clients

Fri, 22 Feb 2013 16:33:44 +0000

Today I wanted to start sequencing an application for App-V within my lab environment where I have deployed SCCM 2012 SP1 including Endpoint Protection. As I went through the Sequencing Wizard I got the well-known warning that I have Antivirus software running.

Not an issue, just turn it off right?. Well since I have configured a custom Antimalware policy that is applied to all my clients to not allow configure the real-time protection settings, this setting can’t be changed. .

No MBSA for Windows 8 planned

Thu, 08 Nov 2012 18:55:21 +0000

Many companies and individuals use the Microsoft Baseline Security Analyzer (MBSA) to assess the security state of their Windows Clients. But according to a statement from Microsoft in their August 2012 Security Bulletin, there are currently no plans to release an updated version for Windows 8.

Q: Will the current version of MBSA support Windows 8?

A: No, the current version of MBSA will not support Windows 8 and Microsoft currently has no plans to release an updated version of the tool.

Microsoft UE-V and PolicyPak - Better Together

Tue, 24 Apr 2012 21:19:42 +0000

In this video Group Policy MVP Jeremy Moskowitz demonstrates why customers planning using Microsoft User Environment Virtualization (UE’V) might also want to consider using PolicyPak.

More details about PolicyPak and the video transcript can be found here

How to access Microsoft Management Summit 2012 content

Mon, 23 Apr 2012 08:52:08 +0000

If you haven’t been able to attend MMS2012, here’s how to access the recorded content.

Step 1 Go to Digital MMS

Step 2 Create an account:

Step 3 Login and enjoy the sessions.

Adobe introduces new Update Mechanism for Adobe Flash Player

Mon, 02 Apr 2012 22:54:32 +0000

A few days ago Adobe released a security update for Adobe Flash player and with that update Adobe also introduced a new mechanism for Flash Player updates. When deploying Adobe Flash player within a controlled corporate environment you most likely want to prevent the player from automatically updating itself or show notifications about a new version being available.

When installing Adobe Flash Player 11.2 you will find the following:

A new Scheduled Task called Adobe Flash Player Updater

Microsoft Fixit Center Pro (Beta)

Tue, 06 Mar 2012 00:00:20 +0000

If you haven’t heard of this yet, I recommend taking a look at recently launched Microsoft Fixit Center Pro (Beta). This is an online service developed by the Microsoft Customer Service and Support organization that can help you with troubleshooting problems.

To learn more about Microsoft Fixit Center Pro, I recommend reading the following:

Microsoft Fix it Center Pro Now Available!
Microsoft Fix it Center Pro automated diagnostic portal

How To test if your Antivirus program is working

Fri, 20 Jan 2012 14:29:38 +0000

I was doing some Antivirus stuff this afternoon now let me share with you how to test if your Antivirus program is working, e.g. alerts you in the event of a virus. Of course you can go to certain places on the internet where it won’t take long until you get a real virus, but that’s probably not what you want to do, so here’s a brief description how to use the “Test-Virus”.

Protect our rights to free speech, privacy, and prosperity

Tue, 17 Jan 2012 20:54:39 +0000

How the Windows Defender Offline Beta Tool works

Mon, 02 Jan 2012 00:21:02 +0000

In addition to the Microsoft Security Essentials software and the Microsoft Safety Scanner Microsoft just recently released another FREE antimalware removal product called the Windows Defender Offline Beta. While Security Essentials and Safety Scanner run within Windows, the purpose of the Windows Defender Offline Tool is to run offline from bootable USB or CD/DVD media.

In fact the tool isn’t really something new, those familiar with the Microsoft Desktop Optimization Pack Suite (MDOP) which includes the Diagnostics and Recovery Toolset (DaRT) have probably seen or used the Standalone System Sweeper tool before. Now when looking at the log files produced by the Windows Defender Offline tool, you’ll notice Microsoft Standalone System Sweeper tool entries rather than Windows Defender Offline.

Running an Application as Administrator or in Compatibility Mode

Wed, 30 Mar 2011 22:55:43 +0000

Today someone in a forum asked how to programmatically configure an application so that it runs in compatibility mode. Configuring this manually is easy, just open the file’s properties, select the Compatibility tab and apply the required settings. On Windows 7 this then looks as shown in the picture below.

Now whatever we configure here, it all gets written to the following location in the Windows Registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

GPO Settings for Microsoft Security Essentials

Tue, 15 Mar 2011 18:52:34 +0000

With the release of the latest version of Microsoft Security Essentials 2.0 in December 2010, Microsoft also changed the licensing terms.

***Small Business. *If you operate a small business, then you may install and use the software on up to ten (10) devices in your business.

Now although 10 PCs isn’t a lot, some Administrators might be interested in configuring their Microsoft Security Essential clients with a GPO. Fabien Duchene has created an Administrative template for MSE. Read more here

Podcast: The Proper Fit for Desktop Virtualization

Sun, 20 Feb 2011 13:46:20 +0000

Last week I had a week off and went snowboarding with my family. Meanwhile my kids go too fast that I could follow them and my wife is a bit more fanatic in skiing than I am with snowboarding, so this leaves me with some time where I can listen to all those podcasts one downloads but never finds the time to listen to. Since I am rather a newbie within the Citrix space, it happened that I ended up listening to a podcast that is already 2 years old. This podcast however did in so many ways confirm my personal thoughts about Desktop Virtualization that I think it’s worth mentioning it again for those that haven’t listened to it yet.

A Security Baseline Resource for Windows 7–Internet Explorer and Windows 7 Firewall

Mon, 31 Jan 2011 20:51:35 +0000

If you are looking for some ideas how to secure your Windows 7 clients, have a look at the USGCB (The United States Government Configuration Baseline). The USGCB has been developed by the Department of Defense (DoD) and the National Institute of Standards and Technology. The documentation looks impressive and even if you aren’t going to apply all of these 1-1, it might give you some ideas on how to make your clients more secure.

Automated Microsoft Security Essentials Installation

Thu, 06 Jan 2011 22:30:08 +0000

For all those that frequently setup test machines and get tired of manually installing the Microsoft Security Essentials 2.0, here’s a straight forward batch file (even a regular user could use) that does the following:

Downloads the Microsoft Security Essential 2.0 (x86) installation source file
Installs Microsoft Security Essentials 2.0
Downloads and updates the virus definition signature file

[sourcecode language=“plain”] @ECHO OFF Echo Downloading Microsoft Security Essentials 2.0 (x86) start /wait bitsadmin /TRANSFER MSE20 http://download.microsoft.com/download/A/3/8/A38FFBF2-1122-48B4-AF60-E44F6DC28BD8/en-us/x86/mseinstall.exe %TEMP%\mseinstall.exe

ReadTip: How to use Group Policy Preferences to Secure Local Administrator Groups

Sat, 18 Dec 2010 14:27:41 +0000

As we come to the year’s end I was doing some housekeeping in my home lab. Too many unused VMs, ad-hoc created Accounts etc. In the end I thought why not apply the same methods we apply within our enterprise environments and so I did. I was actually just about to blog how I solved the local Administrators group management through group policy preferences, but before I started writing that down I thought let’s see if this has been blogged already on one of the well known Group Policy blogs, and so it was. Alan Burchill wrote a very good article about How to use Group Policy Preferences to Secure Local Administrator Groups. Now even if you already know about Group Policy Preferences and local Administrator group management, I recommend that you read the “How to add individuals to a single computer?” section, very smart approach I hadn’t considered yet.

There was a time…. (another one)

Fri, 06 Aug 2010 18:12:47 +0000

……. I’m in history mode again, here’s another nice Tech Commercial.

There was a time……

Fri, 06 Aug 2010 17:42:47 +0000

……..where you couldn’t just download forgotten or lost installation media from the internet or your company portal.

Bring Your Own Computer – Part 1

Thu, 29 Jul 2010 20:04:02 +0000

The first time I became familiar with the term Bring Your Own was when I traveled through Australia with my wife and oldest son back in the year 2000. It basically means that you are allowed to bring your own bottle of wine to a restaurant and just pay a corkage fee.

Nowadays we hear a lot about companies that consider implementing a BYOC policy meaning that they allow their employees to bring their own computer to work. The idea behind this concept is that companies intend to save money by allowing their users to use their own personal computer instead of having to provide them with a company owned device. In simple words, companies give their employees some money and tell them: *Go buy yourself a PC with a 3 year warranty contract, if you have a problem later, fix it yourself. *

Least Privilege Security for Windows 7, Vista and XP

Tue, 27 Jul 2010 18:48:26 +0000

Yesterday I received a pre-release copy of Russel Smith’s book called Least Privilege Security for Windows 7, Vista and XP. The book is entirely dedicated to the subject of running Least Privilege Security (or standard user accounts) on Windows operating systems in the enterprise.

The book has 420 pages and covers the following topics:

Chapter 1, An Overview of Least Privilege Security in Microsoft Windows
Chapter 2, Political and Cultural Challenges for Least Privilege Security

Head-to-head analysis of Citrix XenDesktop, Microsoft VDI, Quest vWorkspace, and VMware View

Fri, 02 Jul 2010 06:27:49 +0000

Ruben Spruijt has published an updated whitepaper “VDI Smackdown” which provides you with an overview of today’s VDI solutions. More details here

Testing Network Speed – Another one

Thu, 03 Jun 2010 17:34:45 +0000

Back in April i posted an article about Testing Network Speed, here’s another nice utility that allows testing your network speed, and even more. The Utility is called DownTester and is part of the awesome tool collection from NirSoft.

DownTester allows you to test the download speed via HTTP, FTP, Remote File Shares and any local drives such as your local drive, DVD and USB.

The Tool is FREE and does not need to be installed.

Frequently Asked Questions About Volume License Keys

Mon, 17 May 2010 19:29:35 +0000

A good FAQ about Microsoft Volume licensing. Details here

Production of an SSD from start to finish

Thu, 13 May 2010 20:56:02 +0000

I’ve been reading a bit about SSD (Solid State Disks Today) and came across a video about the production of an SSD from start to finish. Interesting!

Video Source: TweakTown

XenClient – Bringing the Hypervisor to the client

Wed, 12 May 2010 23:03:24 +0000

I had the pleasure to look at the XenClient a few months ago when it was still under development, but now anyone can download it from the XenClient Citrix web site. Never heard of XenClient before? Well then watch the video, I’m sure one or the other is going to like this.

BookTip: Group Policy – Fundamentals, Security and the Managed Desktop

Fri, 07 May 2010 16:34:15 +0000

Today I’ve received a signed copy of Jeremy Moskowitz latest Book “Group Policy – Fundamentals, Security and the Managed Desktop”, so instead of using my laptop I guess I’ll be holding a real book in my hands this weekend.

Jeremy also published 3 FREE chapters:

**Bonus Chapter 1 **- Scripting Group Policy Operations with Windows PowerShell (co-written with PowerShell MVP Jeff Hicks.)
**Bonus Chapter 2 **- Advanced Group Policy Management (AGPMv4)
**Bonus Chapter 3 **- Full Lockdown with Windows SteadyState

Palm Memories

Sun, 02 May 2010 19:27:21 +0000

This week HP announced to acquire Palm. Palm?, oh yeah those that created the Palm Pilot. I remember well, it was somewhere around 1996 and 1997 when several of our users users came up with this thing called Palm PDA and wanted to synchronize their calendars with our E-Mail system Lotus Notes. Nowadays we just connect our mobile phone to our PC and things magically start to synchronize, I can tell you this wasn’t the case then.

Where’s the ANY KEY

Thu, 29 Apr 2010 21:30:46 +0000

Go to the Where is the ANY KEY website and read tails on IT fails, Have fun.

Troubleshooting a printer problem:
Me: sorry your printer doesn’t work I need to get a driver from the internet
User: Is it far this internet?
Me: mmm?
User: I can drive you there
Me: ……………yea would be great

Source: tayduck

Testing Network Speed

Fri, 23 Apr 2010 15:34:34 +0000

There many tools out there that can measure the network speed between 2 computers, but either you have to pay for them or you need to go through a lengthy installation or configuration process. I want something that is FREE and easy to use. Here’s what I end up with after 30 minutes of browsing the web and doing some test installs of the various tools I found.

Test TCP Utility

Forefront vs. the competition

Wed, 21 Apr 2010 19:09:57 +0000

With two customers telling me within just one week that they both have plans to replace their existing client security solutions with Microsoft Forefront Client Security I thought it’s about time to get a better understanding of the FCS product. After having visited the Microsoft Forefront Client Security product page I continued searching the web for additional information and stumbled upon the Forefront vs. the competition blog post on Microsoft-NOW.

NetWare Support Lifecycle

Mon, 05 Apr 2010 23:04:21 +0000

Remember this one? If not, it’s the Novell NetWare Console. Although I don’t consider myself as that old yet, i had the pleasure of working with Novell NetWare 3.11 and later editions until 4.1 myself until our customers started moving to Microsoft’s Active Directory as of the the year 2000.

Anyway the reason why I actually started this post, was just to make people aware (in case they weren’t already) of the the fact that Novell’s NetWare is facing it’s end.

Intel KVM Remote Control and VNC Viewer Plus

Sun, 21 Mar 2010 11:52:37 +0000

Back in December 2009 I posted Remote Management of AMT/vPro machine with WinPE and VNC which explained how to use VNC running in WinPE to remotely manage a vPro enabled device. For those that did try this themselves will have noticed that the process isn’t as comfortable as we would like it to be for day to day use.

But with the Introduction of Intel’s AMT version 6.0 which includes KVM Remote Control and VNC Viewer Plus the scenario of managing a remote device in any state without installing any software on them isn’t wishful thinking anymore, it’s there.

Updated MS10-015 Security Update and Kernel Update Compatibility Assessment Tool

Tue, 02 Mar 2010 22:49:20 +0000

During the past weeks we have seen quite some messages about the MS10-015 security update which can cause bluescreens after being installed. According to a recent post on the Microsoft Security Response Center blog there is a revised installation package for MS10-015 that prevents the update from installing if abnormal conditions exist such as an infection of a computer virus as the Alureon rootkit. More details about the updated MS10-015 security update can be found here

Intel AMT 6.0 KVM Remote Control

Sat, 20 Feb 2010 23:54:17 +0000

Back in December 2009 I wrote an article about Remote Management of AMT/vPro machine with WinPE and VNC the reason for using VNC is because until AMT 5.0 only text based console redirection is supported, hence AMT 5.0 does only support text based operating systems, so if we wanted to remotely manage a PC to fix a problem we ended up using DOS or Linux based recovery media or a solution as described in the above mentioned article.

ToolTip: Fiddler HTTP Debugging Proxy

Thu, 11 Feb 2010 19:36:48 +0000

During an Application Compatibility webcast I attended recently the presenter mentioned the Fiddler Tool. There are many network traffic monitoring Tools out there, but if you are just after capturing HTTP traffic, this one should get your attention.

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing data

Architectural blueprint for Desktop Virtualization

Sun, 07 Feb 2010 18:10:17 +0000

In this video Daniel Feller shares some best practices on how to design a Desktop Virtualization solution.

**Additional Resources
**Consulting Whitepapers for XenDesktop 3.0
Ask the Architect: Next-Generation Desktop

AGPM Least Privilege Scenario (External)

Mon, 25 Jan 2010 21:41:01 +0000

Just going through an AGPM Installation (Advanced Group Policy Management) where I had to choose an Account for the AGPM Service which can be the Local System Account or a domain user account. Instead of just clicking next next…. I found some good guidance in the Ask the Directory Services Team blog - AGPM Least Privilege Scenario article. Also read Locking down AGPM fit for least privilege.

Never heard of AGPM before ? Then watch this 4-5 minute Tour on Advanced Group Policy Management. And finally here’s a video provided by Kurt Roggen showing how to install the AGPM Server.

Do I need to re-sequence my applications when I move to a new OS? (External)

Fri, 22 Jan 2010 22:29:56 +0000

The term App-V is often being brought in conjunction with Application Compatibility as some might believe that App-V is the general purpose OS compatibility solution. The App-V team clarifies this here

WSUS Client Diagnostic Tool

Tue, 19 Jan 2010 20:18:05 +0000

Having trouble with a client not getting updates from your Windows Update Services Server ? Then have a look at the WSUS Client Diagnostics Tool. The tool performs various system checks and tests the communication between your client and the WSUS server.

The Tool can be downloaded from the Windows Server Update Services Tools and Utilities site at Microsoft TechNet.

Symantec Endpoint Protection Support Tool

Tue, 12 Jan 2010 11:41:27 +0000

I’m currently busy with integrating the Symantec Endpoint Protection software into a Windows 7 build for one of our customers. I wondered if the Security team had really provided me with the latest and greatest version and ended up searching for that information on the Symantec web site where I came across a post mentioning the Symantec Endpoint Protection Support Tool.

For those that have a SEP 11 version prior RU5 the tool can be downloaded from here and as of RU5 (11.0.5002.333) the tool can also be downloaded from within the Symantec Endpoint Protection client by opening the Client user interface and selecting Help & Support > Download Support Tool.

Managing Microsoft Security Essentials from the Command Line

Thu, 31 Dec 2009 16:44:32 +0000

Microsoft Security Essentials (MSE) is Microsoft’s free Antivirus Software which helps protecting clients against viruses and spyware. For years I had used other free Antivirus programs on my home based clients, but have switched them all to MSE since it’s release in September 2009.

The MSE binaries are located in the following folder:* C:\Program Files\Microsoft Security Essentials*. In that folder we also find the MpCmdRun.exe which provides a command line interface for MSE. The tool provides the following options:

4 Great App-V videos

Wed, 23 Dec 2009 13:31:56 +0000

I’m just about to expand my knowledge a bit around App-V. I haven’t done any hands-on yet, because I usually first focus on gathering all the useful resources available on the net, and then start reading these. By doing so, I found these fantastic videos on The Blogcast Repository.

Deployment Scenarios with App-V 4.5 Planning Considerations before Implementing App-V 4.5 The App-V Client (part 1) The App-V Client Part 2- Deep Dive

By the way, if you are not familiar with The Blogcast Repository but like video based trainings, have a look at the Repository, there is lots of other Microsoft related Technology training material there.

Changing Internet Explorer Security Settings on Windows Server 2008

Sun, 22 Nov 2009 14:55:28 +0000

While I was preparing my home lab for some Group Policy tests i wanted to perform I got an error when generating a report in the Group Policy Management Console which is running on a Windows Server 2008 with Internet Explorer 8.

The error was: “An error occurred in the script in this page”

A search on the web indicated that this had to do with the Internet Explorer Security Settings, but when I opened the Internet Explorer Security settings I noticed that I could not change them since all buttons were grayed out.

Hide the Unused Updates

Sat, 31 Oct 2009 22:34:52 +0000

When opening Windows Update, you might see a number of Important and optional updates that are available to your system. But what to do if you are not interested in installing one of these updates? Over time the list will keep growing as new updates will be released and it becomes quite an annoying job to go over the entire list over and over again.

When you click on the “optional updates are available” link, all updates are listed as shown in the picture below.

Microsoft Baseline Security Analyzer with support for Windows 7 and Server 2008 R2

Tue, 27 Oct 2009 22:12:36 +0000

With the launch of Windows 7 Microsoft also released an updated version of the Microsoft Baseline Security Analyzer also known as MBSA. The version is 2.1.1 which is indicating that this is basically just a minor revision of the previous MBSA 2.1, and that is exactly what it is . MBSA 2.1.1 does not appear to bring any new features other than adding support for Windows 7 and Windows Server 2008 R2.

Quick Access to installed QFEs

Wed, 23 Sep 2009 20:20:03 +0000

Instead of opening several windows, here’s an easy way to get a list of installed QFE’s. simply open a command prompt and type:

**WMIC QFE **

WMIC QFE get caption,hotfixid,installedon

or if you are looking for a specific update, enter the following command:

WMIC QFE | find “958559”

where 958559 relates to the MS KB number. If the QFE is installed, it will be listed.

3 seconds to get system serial number

Fun: Internet Helpdesk Comedy

Wed, 29 Jul 2009 18:29:33 +0000

Watch this video performed by Wes Borg. Enjoy !

Manage your Microsoft Product support Lifecycles

Wed, 29 Jul 2009 07:57:43 +0000

Knowing what products are being used within your IT environment is key. From a technology planning point of view its also important to understand the entire product lifecycle of a given product, especially when the it’s being used by a large amount of users or if its use is business critical.

For Microsoft products, the Microsoft Product Lifecycle Search site can help you creating your technology roadmaps.

Simply choose one of the options and select the timeframe. The example below shows all Microsoft products that will go out of extended support within the next 12 months.

Running Google LiveAndroid in VMWare Workstation

Thu, 16 Jul 2009 21:17:25 +0000

When I checked my Twitter messages today, I came across a message about LiveAndroid. LiveAndroid allows you to run Google’s Android operating system that is used on mobile phones on a x86 platform.

First you need to download the LiveAndroid ISO files. liveandroidv0.2.iso.002 and liveandroidv0.2.iso.001 The ISO file has been splitted due to maximum upload size restrictions. Once you have downloaded both files, run HJ-Split to merge the two files into one ISO file.

Microsoft VDI Suite License review

Wed, 15 Jul 2009 17:09:09 +0000

Brian Madden has done an analysis on the Microsoft VDI Suite License bundles. Read the entire article here

Graphical User Interface Timeline

Sun, 12 Jul 2009 12:45:26 +0000

Watch the GUI Timeline from 1973 until 2007 here

Applocker Documentation

Mon, 06 Jul 2009 20:03:58 +0000

The AppLocker Technical Documentation for Windows 7 and Windows Server 2008 R2 provides technical guidance about understanding how AppLocker works and how to effectively plan and deploy AppLocker policies.

The download contains two documents:

BETA - AppLocker Frequently Asked Questions.pdf BETA - Planning and Deploying Windows AppLocker Policies.pdf

Download here

Optimum PC Refresh Cycles

Fri, 03 Jul 2009 19:20:12 +0000

Whitepaper from Intel about PC Refresh Cycles. “Pilot Study Optimum Refresh Cycle and Method for Desktop Outsourcing”.

Updated Application Virtualization Solutions Overview and Feature Compare Matrix Whitepaper

Tue, 30 Jun 2009 10:29:06 +0000

Ruben Spruijt has released an update of the Application Virtualization Solutions Overview and Feature Compare matrix whitepaper. Read more

Video – What is a Browser

Thu, 18 Jun 2009 18:20:06 +0000

Just came across this video where people are being asked to explain what a Browser is. Its funny most people use it every day, but obviously don’t pay much attention how they get on to the internet. It’s just a matter of clicking that blue E.

MED-V Planning, Deployment and Operations Guide

Thu, 18 Jun 2009 17:39:38 +0000

Microsoft has released the Microsoft Enterprise Desktop Virtualization (MED-V version 1) Planning, Deployment and Operations Guide. The document can be found here

Accidental object deletion prevention in Active Directory

Mon, 08 Jun 2009 12:19:45 +0000

When creating objects in Active Directory you can set a flag that prevents accidental deletion of an object.

While this setting is visible in the UI by default when creating an Organizational Unit, for other objects like Users, Groups and Computers, this flag is not set by default and can only be set if the Advanced Features are enabled within the Active Directory Users and Computers Console.

So assume you would create some important user accounts that are used for critical back-end systems, you should consider enabling the “Protect object for accidental deletion” flag.

Yet another search engine….bing

Sat, 30 May 2009 15:59:49 +0000

As of June 3rd 2009, we’ll have another search engine to find stuff on the internet. Microsoft’s new search engine is called bing. Find out more about bing here.

The early days of personal computing

Sun, 26 Apr 2009 17:18:35 +0000

While usually we focus on what is happening today and what might come tomorrow, it’s quite interesting to look back in a while and learn how we actually got there.

By searching the web for historical tech content, I came across the website of the computer history museum located in Mountain View – California.

I then found this very interesting video “Personal Computing: Historic Beginnings” presented by Alan Kay. The presentation is about 110 minutes long, but definitely worth looking at if you’re interested in the history of personal computing.

Google Data Center Tour

Fri, 24 Apr 2009 10:54:51 +0000

My only comment on this one “It’s huge !”

VMWare vSphere

Tue, 21 Apr 2009 21:53:22 +0000

ESX was yesterday, tomorrow is vSphere. VMWare today announced vSphere. For more information watch the video below or go to: http://www.vmware.com/products/vsphere/index.html

[videofile]http://download3.vmware.com/vsphere/vsphere_feature_304x212_R4.swf[/videofile]

Windows XP mainstream support ends in 2 days

Sun, 12 Apr 2009 19:00:41 +0000

On April 14th mainstream support for Windows XP will end. for the next 5 years the operating system goes into extended support. The table below illustrates the differences between mainstream and extended support.

The Microsoft Windows XP product page explains it as following:

Mainstream Support delivers complimentary and paid support, free security updates, and bug fixes to all Windows customers who purchase a retail copy of Windows XP (i.e., a shrink-wrapped, not pre-installed copy). Mainstream Support for Windows XP will continue through April 2009.

The Internet displayed as a subway map

Sun, 12 Apr 2009 17:59:17 +0000

The Information Architects have published an updated trend map of today’s internet.

 ![](http://informationarchitects.jp/web-trend-map-4-final-beta/) 

 The map can be [explored easily with Zoomorama](http://www.zoomorama.com/2477f0e8b447bb6570493cdac464c41f).

Top 10 List of Data Loss Disasters 2008

Mon, 23 Mar 2009 23:13:42 +0000

Last week-end I was sitting in an airplane and read a magazine that was provided for free to travelers at the airport (of course i had chosen an IT related one :-) ). The magazine contained an article talking about the top 10 data loss disasters collected by Ontrack.

The Top 10 list of data loss disasters 2008 can be found here.

20 Years World Wide Web

Sun, 15 Mar 2009 18:42:06 +0000

On March 13. 1989 Tim Berners-Lee provided the foundation of the world wide web. Read more about 20 years of web @ the CERN 20 Years WWW anniversary site or watch the 20 Years WWW video.

Intel Anti-Theft Technology

Fri, 13 Mar 2009 17:17:35 +0000

Another thing I came across this week was the Intel Anti-Theft Technology videos. So if you are interested to see how Intel could help you getting back your notebook watch the videos posted here.

Group Policy: Restrict Hardware like a pro

Thu, 12 Mar 2009 10:00:14 +0000

Here’s another video from GPanswers explaining how to restrict the use of certain devices within your managed environment.

RunAs Radio

Sat, 28 Feb 2009 21:01:25 +0000

Feeding my hunger for information, I came across the “RunAS Radio” site. RunAs Radio is a weekly internet Audio Talk Show for IT Professionals working with Microsoft Products.

Using AppLocker in Windows 7 video

Thu, 26 Feb 2009 22:46:20 +0000

Watch the Using AppLocker in Win7 video on TechNet where Paul Cooke gives an insight on what Applocker is, how it works and how to deploy it.

The History of Microsoft on Channel 9

Sat, 21 Feb 2009 06:33:43 +0000

Interested in how it all started off at Microsoft ? On Channel 9 a new series call “History of Microsoft” has started. A new episode is being released every Thursday. So far the following episodes have been published:

History of Microsoft 1975

History of Microsoft 1976

History of Microsoft 1977

As new episodes come out you find them here.

2008 Virtualization review

Fri, 20 Feb 2009 00:32:03 +0000

Brian and Gabe review the big events, trends, and themes of the desktop and application virtualization space from 2008.

Watch Brian Madden TV Episode 1 - 2008 year in review

Encrypted on Windows 7 and use on Vista as well

Wed, 18 Feb 2009 21:38:15 +0000

With Windows 7 we can not only encrypt our local fixed drives but also USB devices. Considering that probably many of do carry around one or more memory sticks that could contain sensitive data or just data you don’t want anyone else to get access too.

Now of course any new operating system comes with tons of new features, but I would consider this as one of those features that people are also really going to use, as it simple to use.

Virtualization Industry Radar

Mon, 16 Feb 2009 20:03:45 +0000

Just came across this nice “Virtualization Industry Radar” page. The page provides a nice overview of the key players within the virtualization industry.

Google Search issues

Sat, 31 Jan 2009 15:21:31 +0000

Looks like Google has an issue, whatever word you enter in Google search, most results are being flagged with “This site may harm your computer”.

Clicking on the link, brings you another message.

So since a long time, we’re switching back to Altavista who let’s me surf wherever I want to go.

Intel vPro review

Thu, 29 Jan 2009 18:37:07 +0000

Okay, I must admit, I don’t believe in all Gartner is publishing, but while I was looking for some additional information around “DASH” I found the following interesting “Revisiting vPro for Corporate Purchases” article from Gartner, worth a read.

Free Virtualization ebook from Microsoft

Wed, 21 Jan 2009 22:34:08 +0000

Confused about all the different solutions around Virtualization ? then get the “Understanding Microsoft Virtualization Solutions” eBook. The document gives you all the information you need to better understand the various Virtualization offerings Microsoft has available today and will release in the near future.

Comparing VMWare ESX and ESXi

Tue, 20 Jan 2009 21:01:55 +0000

Today I wanted to find out a little bit more about the differences between VMWare ESX and ESXi. Since it doesn’t make sense that i rewrite what others have written already let me share the sources i have found.

ESX and ESXi comparison from VMWare

How does VMware ESXi Server compare to ESX Server? from David Davis on Virtualization.com

The Architecture of VMWare ESXi from VMWare

ESX and ESXi comparison from the Virtual Troll

Wireless Power Technology

Wed, 07 Jan 2009 21:53:39 +0000

Will we get rid of batteries soon ? Read more here: http://www.ecoupled.com/index.html

Application Virtualization Overview

Sat, 13 Dec 2008 20:21:06 +0000

For all those of you who want to get an overview on today’s Application Virtualization solutions and technologies, i recommend reading “Application Virtualization Solutions Overview and Feature Compare Matrix” published by Ruben Spruijt and Jurjen van Leeuwen.

An insight on error 404

Sat, 13 Dec 2008 19:08:09 +0000

Today we were at my oldest son football club year end party where someone told me a story about the meaning of the number 404, when you try to connect to a web site page that does not exist, you usually get an error 404 message. The number 404 is related to a room number at the CERN this person told me.

It just needed a Google search on “History of 404” to find a page that seems to be fully dedicated to Error 404. The “room number” story seems to be just a myth, according to the 404 Research Lab, no such room number exists at the CERN.

It's about time to install MS08-067

Wed, 26 Nov 2008 20:18:54 +0000

If you haven’t done so yet, it’s about time you get the MS08-067 patch installed on your Windows clients. According to a recent post on the Microsoft® Malware Protection Center blog, another wave of attacks has been identified. By the way for those still running Windows NT 4.0, Microsoft indeed seems to have a patch for that retired OS but companies will have to pay to get it.

Cloud Printing

Fri, 21 Nov 2008 11:04:14 +0000

We all have heard about Cloud Computing, now there is Cloud Printing ! Check out HPs CloudPrint. It’s still in BETA but worth to take a look.

GMail in terminal mode

Thu, 20 Nov 2008 23:06:55 +0000

For all those that are missing the days when computer screens appeared in terminal mode, Google’s GMail can now be configured like that. Just select Settings, Themes and select the “Terminal” theme.

SQL Server services user account

Thu, 20 Nov 2008 22:58:40 +0000

When you install SQL Server 2000 / 2005 / 2008 you can configure under what user account the services are running. In the past i’ve often seen people selecting “local system”, I also selected that….not thinking too much about security then and it was the easiest to do with no need to create an additional user account and as long as you don’t need to access any other domain resources that worked fine.

Power Consumption in standby mode

Thu, 20 Nov 2008 22:11:27 +0000

I have come across an article that describes the power consumption of equipment in standby mode, found it quite interesting.

Some applications survive

Mon, 17 Nov 2008 20:35:30 +0000

Throughout my IT career i have seen many application development projects but most applications would not have survived more than 5 years until they got replaced by a new one. So I was quite pleased to find this success story about a software that is still being used by a company i once worked for and I was even one of the initial application architects of that application. Looks like this application made its Return On Investment.

About disk drives

Wed, 05 Nov 2008 23:57:33 +0000

Today we had a brief discussion about the impact of power cycles on the disk drive lifetime. In searching for some background information on this subject, I found the followiing.

http://www.deq.state.or.us/lq/pubs/factsheets/sw/ComputersMonitors.pdf http://labs.google.com/papers/disk_failures.pdf This is not directly related but found it a nice story so i post it as well. http://storagemojo.com/category/disk/

Linkedin Applications

Wed, 05 Nov 2008 00:45:06 +0000

Those using Linkedin, check out Linkedin Applications.

Microsoft AutoColage 2008 and HD View

Mon, 03 Nov 2008 23:10:22 +0000

From time to time I visit the Microsoft Research site. It seems that there is much focus on photography and displaying pictures. AutoCollage 2008 allows you to create a photo collage with little effort.

Another interesting project is HD View which is intended to display very large pictures.

Dutch architecture with free software

Mon, 03 Nov 2008 22:09:44 +0000

Steve (a friend of mine) had send me this interesting article about how one makes money with free software. The story is about the design of a 5 euro piece that has been made with free software.

Read “How to make money with free software”

Management

Mon, 27 Oct 2008 10:12:02 +0000

A man in a hot air balloon realised he was lost. He reduced altitude and spotted a woman below. He descended a bit more and shouted…

‘Excuse me, can you help me? I promised a friend I would meet him an hour ago but I don’t know where I am.’

The woman below replied, ‘You’re in a hot air balloon hovering approximately 30 feet above the ground.. You’re between 40 and 41 degrees north latitude and between 59 and 60 degrees west longitude.’

Microsoft Chemical Team blog

Thu, 16 Oct 2008 06:45:21 +0000

For those who do work within or are working with the chemical industry this site might be of interest. http://blogs.msdn.com/chemicals/default.aspx

Highlighting the impact of information technology on the chemical industry

iTunes Genius rocks

Sat, 27 Sep 2008 21:23:37 +0000

With iTunes 8 Apple has added a new feature called Genius. when playing music the genius sidebar shows you related artists and songs.

So while playing the first song of this playlist…….

it does automatically show me the following related artists and songs.

the idea is not new, but i like to see it being added to iTunes.

Never heard of vPro before ?

Sun, 07 Sep 2008 21:13:01 +0000

Well then it’s time now to get familiar with it. Since about 2 years Intel is shipping vPro technology, but still many people aren’t familiar with this technology or haven’t even heard of it at all, for those I recommend to look at these demonstration movies:

http://www.intel.com/business/business-pc/demo/demo.htm http://www.intel.com/business/enterprise/emea/eng/vpro/demo/

or watch the intel vPro demo from the MMS 2008 keynote

http://www.youtube.com/watch?v=wlj7u3tOQ9s

Google launches Chrome Browser

Tue, 02 Sep 2008 22:58:04 +0000

Today Google launched its own first web browser called Chrome. Less is more, Chrome comes with a very nice lean design.

Chrome has a couple of nice features, one I personally found quite interesting is that the address bar also acts as the search bar. As you type in words in the address bar, you receive instant search results.

I’m quite sure that the chrome browser will get quickly adopted by home users, as we have seen previously happening with the Firefox browser, but I’m curious to see if this browser will become a serious competitor within the enterprise space, where Internet Explorer still plays a dominant role and most likely will continue to do so.

Take a break

Tue, 26 Aug 2008 19:37:52 +0000

Remember Space Invaders. ……if you’re in the office, turn of sound :-)

The flash based game can be found here. And if you have read my post about using BITS for file downloads you can download the swf file for offline use as well.

enjoy

The other search engine

Thu, 21 Aug 2008 21:31:10 +0000

When searching the web probably most of us do use Google, because although some don’t like to hear it, it has simply become the default search engine for most users and there doesn’t seem to be much competition, or would you use MSN search ? :-)

I recently read an article in a newspaper about a new search engine that was being launched called CUIL, I became interested as they claim having the largest index, even larger than Google. Well to be honest i don’t really care if that is true or not, but i must say that they do provide a different web search experience (see picture below)

The HP Garage

Sun, 03 Aug 2008 18:00:37 +0000

It’s here where HP started……

See more pictures of the HP House here: http://www.kennethkuhn.com/hpmuseum/garage/

And the Garage timeline is documented here: http://www.hp.com/hpinfo/abouthp/histnfacts/garage/timeline.html

Understanding machine virtualization

Sat, 02 Aug 2008 15:04:16 +0000

If you have a general interest in virtualization technology, have a look at this video from Channel 9. I’ve liked the video especially because Simon Crosby is not just talking about a product but does bring up a couple of interesting thoughts and concepts on the use of virtualization technology today and tomorrow.

Citrix - Understanding Machine Virtualization

Finally joining the Mesh

Thu, 31 Jul 2008 19:41:27 +0000

Microsoft has opened live mesh to more testers, although only to users located in the U.S.

Well, after changing the regional settings, you get to the next page, where you can sign-up :-)

And after a few seconds…….

When Google was born

Thu, 31 Jul 2008 19:08:45 +0000

Using the the waybackmachine on archive.org allows you to see content of archived pages from the Internet.

So i thought, let’s have a look at the early days of Google.com

Google.com on November 11th 1998

Google.com on December 12th 1998

Then in September 1999 they launched officially. Read the announcement.

Google.com Today (July 31rd 2008).

For those interested the Google Milestones can be read here.

New site dedicated to Microsoft Hyper-V

Mon, 28 Jul 2008 08:26:00 +0000

Steven Bink owner of the famous Bink.nu web site has launched a new site dedicated to Microsoft Hyper-V and related technologies called Hypervoria

Reading - Administering Windows Vista Security

Sun, 06 Jul 2008 11:03:32 +0000

Although you usually don’t read IT related books from page 1 and end it on the last page, I consider having finished reading Mark Minasis’ Administering Windows Vista Security - The Big surprises.

While many IT books can end up being a bit annoying, i found this one very nice to read as it does include the authors own opinion and practical experiences and it does real fluently.

The book gives you a good insight into Vista’s UAC, File and Registry virtualization and other security related topics.

Bill Gates looks back

Sat, 05 Jul 2008 20:55:45 +0000

Some rare photos from the Microsoft archives, commented by Bill Gates himself.

http://money.cnn.com/magazines/fortune/storysupplement/gates_microsoft/index.html

1965, Bill Gates, age 9.

iPhone 3G comming to Switzerland

Wed, 02 Jul 2008 17:04:30 +0000

Today i found a message in my private mailbox about the launch of the iPhone 3G in Switzerland, due on the 10th of July. For more information see: http://iphone3g.swisscom.ch/?lang=en

Altiris anounces CMS 7 Beta II

Sat, 28 Jun 2008 07:58:42 +0000

In the coming days, Altiris 7 Client Management Suite and Server Management Suite Beta II will be available for download from the beta portal. http://betanew.altiris.com/

A blog post about the blog

Fri, 27 Jun 2008 20:13:06 +0000

Since i have moved the blog content from my previous blog site to this site, i’m using Wordpress. I’m not going to loose much words now, but all i can tell you for now, it’s great !!! Thanks to Steve who has been kind enough to setup this up for me.

VMWARE Webcasts

Mon, 02 Jun 2008 20:13:00 +0000

There is a lot going on around Virtualization, so it’s important to keep up to date. Like other vendors, WMAWRE also provides Webcasts and Podcasts.

Recorded sessions can be found here: http://www.vmware.com/a/webcasts/recorded/

Podcasts here: http://www.vmware.com/resources/podcasts/audio.html

and upcomming events are listed here: http://www.vmware.com/a/webcasts/index/

Automate BIOS configuration for HP clients

Fri, 30 May 2008 13:22:00 +0000

Today the following options exist to automate BIOS configuration for HP clients:The Client Management Interface allows you to use WSH to retrieve and set BIOS settings like in the example below which changes the Ownership Tag.

Const wbemFlagReturnImmediately = 16
Const wbemFlagForwardOnly = 32
lFlags = wbemFlagReturnImmediately + wbemFlagForwardOnly
strService = "winmgmts:{impersonationlevel=impersonate}//"
strComputer = "."
strNamespace = "/root/HP/InstrumentedBIOS"
strQuery = "select * from HP_BIOSSettingInterface"
Set objWMIService = GetObject(strService & _
strComputer & strNamespace)
Set colItems = objWMIService.ExecQuery(strQuery,,lFlags)
‘ "Enter Ownership Tag" is the name of the BIOS setting
‘ instance object that we want to update. The correct
‘ names of available settings are found by enumerating
‘ all instances of HP_BIOSSetting.
For each objItem in colItems
objItem.SetBiosSetting oReturn, _
"Enter Ownership Tag", _
"Some environment-specific inventory code", _
"1E302E020304"
Next
Dim strReturn
Select Case oReturn
Case 0 strReturn = "Success"
Case 1 strReturn = "Not Supported"
Case 2 strReturn = "Unspecified Error"
Case 3 strReturn = "Timeout"
Case 4 strReturn = "Failed"
18
Case 5 strReturn = "Invalid Parameter"
Case 6 strReturn = "Access Denied"
Case Else strReturn = "..."
End Select
WScript.Echo "SetBiosSetting()

More information about HP CMI can be found here: http://h20331.www2.hp.com/Hpsub/cache/284014-0-0-225-121.html?jumpid=reg_R1002_USEN

Get meshed

Mon, 19 May 2008 23:12:00 +0000

Already heard of Microsoft’s new service called Live Mesh ? If not, have a look here: http://www.on10.net/blogs/nic/Hands-on-with-Live-Mesh/

You can sign-up for Live Mesh here: https://www.mesh.com/Welcome/Welcome.aspx, but there appears to be a long waiting list, i registered a couple of weeks ago, but still get the following message…..

I am really looking forward for this service, as, if it does what they promise, it will definitely make life a bit easier for those that work on different machines. I’m just curious about what corporate IT security people think of this service. I’m sure not all companies look forward to see their business PCs being “mes(sh)ed up.

Growing WIM files

Sat, 10 May 2008 09:36:00 +0000

You might have experienced that your WIM files seem to grow in size when editing the image. Of course it does, because you add content, but what if you replace files.. well it still grows, exactly by the size of the file(s) you replace. So when replacing larger content within your WIM images they might become bigger as you want.To get the WIM file resized simply perform an export by using imagex.exe.