Extract ConfigMgr Script Status Results with PowerShell

During a recent customer engagement I had to collect the size of user profiles across a large number of devices. I was first thinking of using a script that would collect the information we need, store it into a custom WMI table and then collect the data using ConfigMgr hardware inventory, but since we only needed a one time snapshot of this information I decided against that idea. The next option would be to go Read More …

ConfigMgr CMPivot , the PowerShell Script, the Events…

While working with CMPivot this week, I wanted to find out how locally on the client the data is collected, I already knew that when you execute a CMPivot query from the ConfigMgr console, it will run the query on the target device and returns the result back to ConfigMgr. While investigating I also came across this blog post CM Pivot Internals that describes how things work, nevertheless I wanted to dig a bit deeper. Read More …

The case of Running the Device and Credential Guard Hardware Readiness Tool and unknown architecture

To close this week, let me share my findings with you about running the Windows Device and Credential Guard Hardware Readiness Tool and the unknown architecture error. Believe it or not, there are still people, probably more than I assume, that run Windows in their native language instead of English. I can understand when end users do so, but honestly when administrating an infrastructure? Anyway, I recently worked for a client where the UI is Read More …

Exploring Microsoft Cloud App Security with PowerShell – Part1

Last Friday I was given the opportunity to present at the Configuration Manager Community Event (CMCE1905) in Bern, Switzerland. Although Microsoft Cloud App Security is not really related to ConfigMgr, many of the attendees are dealing with managing classic and modern workplaces and security is almost on everyone’s list of interest. During my session “Unleash the power of Microsoft Cloud App Security” I also demonstrated how one can explore information within Microsoft Cloud App Security Read More …

Retrieving Windows Defender Exploit Guard Windows Event logs with PowerShell

Most of the features included in Windows Defender Exploit Guard can be enabled in audit or block mode. The impact can then be analyzed either by looking at the corresponding Windows Event log entries or through advanced hunting queries in Windows Defender ATP. Today, I’ll share a script I recently wrote to quickly pull Windows Defender Exploit Guard related events from the Windows Event log. Anytime soon I will share some Kusto queries for the Read More …

Check Windows Defender ATP Client Status with PowerShell

Here’s a little utility to check the status of Windows Defender ATP on a local or remote client. I basically took some code from the WDATP connectivity verification tool, removed the network connectivity testing part (I might add that later as well) and transformed the code so it can be used to check whether the client is properly onboarded and if all required services are running.

How to enable DKIM in Office 365

Just in case you are not familiar with what DKIM is all about but still interested, I suggest you first read Use DKIM to validate outbound email sent from your custom domain in Office 365 If you’re looking for detailed instructions how to enable DKIM in Office 365 continue reading. Prerequisites Windows PowerShell PowerShell Script Validate-DkimConfig.ps1 download from here Access to Exchange Online through PowerShell Access to DNS Connect to Exchange Online First we connect Read More …

How to manage LAPS DebugLogging with PowerShell

If you need to troubleshoot the Local Administrator Password Solution LAPS you can configure how much information is written into the Windows Event log. Logging options are set through the following REG_DWORD values described below under: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{D76B9641-3288-4f75-942D-087DE603E3EA}\ExtensionDebugLevel Value Meaning 0 Silent mode; log errors only When no error occurs, no information is logged about CSE activity This is a default value 1 Log Errors and warnings 2 Verbose mode, log everything Becasue navigating manually Read More …

It’s never too late to start learning PowerShell

It’s 2018 now and you might think who doesn’t know PowerShell yet. Although I’ve seen the number of people using PowerShell increasing over the past years, there’s still plenty of people out there that have the learning curve for PowerShell ahead of them. A few years ago, when the use of PowerShell got traction amongst many IT professionals the web was full of learning resources by means of blog posts, podcasts and online trainings. It Read More …

OMS Security and Audit Baseline Assessment

The Microsoft Operations and Management Suite, Security and Audit Solution includes a Baseline Assessment component. The Baseline configuration definition includes a set of Registry, audit policy and security policy settings rules that are recommended to configure to achieve a secure operating environment. Within the Console we get an overview of “Rules” that have failed, because the servers don’t have the recommended configuration applied. While looking at this, I wondered where I can find the complete Read More …