Powershell: Update computer group membership
without restart! yay! Run line in powershell
MicrosoftTag ArchiveSubscribe
Powershell: Get free diskspace remote computer
Run this oneliner to get computer free disk space
Microsoft SQL: Get freespace in database file
Microsoft SQL allocate space in database files even if there is no data. To see how much data there is in a database you can query database.
AD DS: Collect User cmd history
After enabling auditing for event 4688, see post about auditing Microsoft AD DS(TBD). You can collect logs to see cmd activity for a user. I have wrote this powershell function little quick to help me out with this. But I do recommend an greylog for this purpose.
AD DS: Collect User Logon History
After enabling auditing for event 4624, see post about auditing Microsoft AD DS(TBD). You can collect logs to see login activity for a user. I have wrote this powershell function little quick to help me out with this. But I do recommend an greylog for this purpose.
Change SSL Certificate on ADFS and WAP
Import SSL Certificate on all servers to CERT:\LocalMachine\My run following powershell command on ADFS server run following powershell command on WAP server Verify function with navigating to /adfs/ls/idpinitiatedsignon.htm
Turn off UAC via registry
To be sure that UAC is disable, make the configuration in registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUA = Dword 0
Monitor CRL refreshness
It is vital that CRL is fresh and available otherwise your PKI is not healthy. Often i hear that Customer create a reminder in ther calender. Even that kind of effort the PKI outage is quite common, and reson is CRL that have exiperd. I stumbled over this tool get-crlfreshness. This powershell cmdlet in short… Continue Reading Monitor CRL refreshness
The trust relationship between this workstation and the primary domain failed
Some times for some reason this issue occure. It can be a pain because when google on it you be adivsed to follow steps that will remove the computer from domain and then rejoin. You do not always want to do that. It is much easier to just reset the password for the computer object.… Continue Reading The trust relationship between this workstation and the primary domain failed
CertificateServicesClient-CertEnroll EventID 35
I did experience some odd thing when I run tests for new template for a customer. The template is straight forward a Workstation Authentication template with machine-template as superseded.
All seems fine, machine template were removed and the new certificate was issued. But after a reboot of the client a new certificate was issued. So the client now got two issued certificate from Workstation Authentication template. After enabling debug on client I found this event:
Source:Â CertificateServicesClient-CertEnroll
EventID: 35
General: Certificate enrollment for Local system detected that the DNS name in the TEMPLATENAME certificate does not match the DNS name of the local computer. A new enrollment for a TEMPLATENAME certificate will be attempted in 24 hours.
The problem was that the client that was given to me had an _ in hostname. That character is not supported in DNS names. More information is described in this article https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and.