Importing GPO Security Baselines with PowerShell

Okay there’s this rule , if you do something manually for the third time, it’s about time to think of automating it. Here’s a script that I created to create Group Policy Objects and import the security baseline settings. The script will work with any security baseline that is provided with Group Policy backups e.g. Microsoft Security baseline, CIS, NSA. Let me show you this with an example: First download the latest Microsoft Security baseline Read More …

Extract ConfigMgr Script Status Results with PowerShell

During a recent customer engagement I had to collect the size of user profiles across a large number of devices. I was first thinking of using a script that would collect the information we need, store it into a custom WMI table and then collect the data using ConfigMgr hardware inventory, but since we only needed a one time snapshot of this information I decided against that idea. The next option would be to go Read More …

ConfigMgr CMPivot , the PowerShell Script, the Events…

While working with CMPivot this week, I wanted to find out how locally on the client the data is collected, I already knew that when you execute a CMPivot query from the ConfigMgr console, it will run the query on the target device and returns the result back to ConfigMgr. While investigating I also came across this blog post CM Pivot Internals that describes how things work, nevertheless I wanted to dig a bit deeper. Read More …

Microsoft Defender ATP – Live Response

Back in May the Microsoft Defender Advanced Threat Protection team announced the availability of the Live response feature in MDATP. Today I took a closer look at this and thought I’d share my experiences and findings. What’s that live response thing again? “Live response is a capability that gives you instantaneous access to a machine using a remote shell connection. This gives you the power to do in-depth investigative work and take immediate response actions Read More …

The case of Running the Device and Credential Guard Hardware Readiness Tool and unknown architecture

To close this week, let me share my findings with you about running the Windows Device and Credential Guard Hardware Readiness Tool and the unknown architecture error. Believe it or not, there are still people, probably more than I assume, that run Windows in their native language instead of English. I can understand when end users do so, but honestly when administrating an infrastructure? Anyway, I recently worked for a client where the UI is Read More …

Exploring Microsoft Cloud App Security with PowerShell – Part1

Last Friday I was given the opportunity to present at the Configuration Manager Community Event (CMCE1905) in Bern, Switzerland. Although Microsoft Cloud App Security is not really related to ConfigMgr, many of the attendees are dealing with managing classic and modern workplaces and security is almost on everyone’s list of interest. During my session “Unleash the power of Microsoft Cloud App Security” I also demonstrated how one can explore information within Microsoft Cloud App Security Read More …

Check Windows Defender ATP Client Status with PowerShell

Here’s a little utility to check the status of Windows Defender ATP on a local or remote client. I basically took some code from the WDATP connectivity verification tool, removed the network connectivity testing part (I might add that later as well) and transformed the code so it can be used to check whether the client is properly onboarded and if all required services are running.

Retrieving Azure MFA registration status with PowerShell

I’m in the process of supporting one of our clients to enable Azure Multifactor Authentication for all their users because at a later stage we want to introduce Conditional Access. In a larger environment it’s probably a good idea to start informing users about MFA, why and how it works. Then ask users to start registering themselves. In our case we’re using the Converged registration for self-service password reset and Azure Multi-Factor Authentication which is Read More …

How to manage LAPS DebugLogging with PowerShell

If you need to troubleshoot the Local Administrator Password Solution LAPS you can configure how much information is written into the Windows Event log. Logging options are set through the following REG_DWORD values described below under: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{D76B9641-3288-4f75-942D-087DE603E3EA}\ExtensionDebugLevel Value Meaning 0 Silent mode; log errors only When no error occurs, no information is logged about CSE activity This is a default value 1 Log Errors and warnings 2 Verbose mode, log everything Becasue navigating manually Read More …

It’s never too late to start learning PowerShell

It’s 2018 now and you might think who doesn’t know PowerShell yet. Although I’ve seen the number of people using PowerShell increasing over the past years, there’s still plenty of people out there that have the learning curve for PowerShell ahead of them. A few years ago, when the use of PowerShell got traction amongst many IT professionals the web was full of learning resources by means of blog posts, podcasts and online trainings. It Read More …