PowerShell 7 – Group Policy Settings and Eventlogs

On December 16th Joey announced the availability of the PowerShell 7.0 release candidate. Time to look at the configuration options. Since I’m interested in the aspects of managing these settings within an enterprise environment, I closely followed the discussions on GitHub here https://github.com/PowerShell/PowerShell/pull/10468 and here https://github.com/PowerShell/PowerShell/issues/9309 and the outcome of these discussions is documented here https://github.com/PowerShell/PowerShell-RFC/blob/master/4-Experimental-Accepted/RFC0041-Policy.md Installation Now let’s look what options we have for the configuration of logging PowerShell 7 events. Let’s start with Read More …

How to identify orphan Group Policy content within the Sysvol folder

G’day everyone. Today I was working on a Microsoft Security Configuration baseline implementation and while browsing through the Sysvol folder I got the impression that there are less GPO objects stored within AD compared to the number of GPO content folders located within the Sysvol\Policies folder. As we speak about several hundred folders here, too many to count manually, and so another PowerShell script was born. Now if the terms SYSVOL, policies folder doesn’t mean Read More …

PowerShell Core logging configuration

After having browsed through the PowerShell code a bit, found some references as to how to configure PowerShell Core logging options through GPO or via a configuration file. There are no GPO Templates available for PowerShell Core, but the same settings as are written for Windows PowerShell also apply for Core, they just live within another registry key. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PowerShellCore So when you apply the folllowing registry settings , you can enable ScriptBlock logging and Transcripting Read More …

ToolTip: IEDigest

IEDigest is collecting all relevant Internet Explorer settings and generates a well formated HTML report. In addition to this there is an XML output as well which can be taken for comparing reports coming from different environments. This is helpfull for troubleshooting purposes when having working and non-working machines. IEDigest can also be executd in commandline mode. IEDigest can be downloaded from the Microsoft download center here. Although not fully up to date, documentation can Read More …

The GroupPolicy Xtended PowerShell Module

Good day everyone. Today I would like to share with you the Group Policy Xtended PowerShell module that i’ve written recently. Histrocially I used to have various cmdlets stored in individual files and ran them when needed, I also shared them among my peers and with the public via my blog and the Microsoft Script repository. The challenge with this approach is that it’s hard to ensure eveyone has the latest versions of the cmdlets  Read More …

ToolTip: Policy Analyzer

Aaron Margosis recently released Policy Analyzer, a utility for analyzing and comparing sets of Group Policy Objects (GPOs). Here’s a brief description on how to use the tool to compare two Domain GPOs. I created two GPOs in my test domain, both starting with the name “Foo” and then configured some settings. The Policy Analyzer can import GPO settings based on a GPO backup so as a next step we create a GPO backup. The Read More …

Group Policy Template file for Windows 10 Wi-FI Sense

Wi-FI Sense is a new feature in Windows 10 that automatically connects you to suggested open hotspots or networks shared by your skype or outlook.com contacts or facebook friends. Sounds like a nice feature, but I’m sure Enterprise Security won’t be to keen about it. Microsoft has published a KB – How to configure Wi-Fi Sense on Windows 10 in an enterprise that describes the registry settings to configure for disabling Wi-FI sense. The recently Read More …

Group Policy Settings for Microsoft Edge Browser in Windows 10 Build 10.0.10240

Continuing exploring the Windows 10 preview builds for new Group Policy settings, I come across some new settings for the Microsoft Edge browser.   Location Setting Description Computer Configuration / Administrative Templates / Windows Components / Microsoft Edge Allows you to run scripts like Javascript This setting lets you decide whether to let people run scripts, like JavaScript. This setting is enabled by default. If you enable this setting, scripting is turned on for all Read More …

Citrix Receiver 4.3 now with ADMX support for Receiver group policy, well almost

Last night Citrix released Citrix Receiver 4.3 that includes ADMX templates to manage Citrix Receiver Group Policy settings. Microsoft introduced the ADMX templates when Vista/Server 2008 was introduced in 2006, so it was about time for Citrix to come up with template files in that format instead of the old ADM based files. After installing the Citrix Receiver 4.3 that can be downloaded from here you’ll find the new ADMX/ADML files in the following location: Read More …

Group Policy Settings in Windows 10 Build 10.0.10130

Windows 10 build 10.0.10130 brought a couple more new Group Policy settings, here they are: Location Setting Description Computer Configuration Administrative Templates Windows Components Windows Update Defer Upgrade If you enable this policy setting, in Pro and Enterprise SKUs you can defer upgrades till the next upgrade period (at least a few months).       If you do not have it set you will receive upgrades once they are available that will be installed as part Read More …