AskPFEPlat Happy New Year Invitation!

HAPPY NEW YEAR everyone, and welcome to 2018! This is Brandon Wilson (Platforms and Active Directory PFE), and with the introduction of the New Year, I wanted to take some time to thank all our outstanding readers we’ve had over the years. And, now that the celebrations are (mostly) over, I wanted to pick all… Read more

Using WMI to Verify Group Policy

Scenario: My name is Benjamin Morgan and I’m a Platforms PFE. Recently I was working with a customer on a Windows 10 upgrade project and they posed an interesting requirement. They needed to be able to verify that their required group policies were being applied and they needed to be able to run a report… Read more

Demystifying Schannel

Hello all! Nathan Penn here to help with some of those pesky security questions that have lingered for years. Recently I have been fielding several questions on “How do I make sure that I am only using the TLS 1.2 protocol?”, “Can you disable 3DES and the legacy ciphers?”, and the “I just got back… Read more

Using Group Policy Preferences to Manage the Local Administrator Group

Hello Everyone! Graeme Bray back with you today to talk about how you can reduce the audit and risk surface within your environment. If you can’t tell, Microsoft has taken a strong stance towards security. In a previous life, I was responsible for providing results for audit requests from multiple sources. One risk (and management… Read more

Implementing Multiple AGPM Servers

Hi Everyone, Paulo here, a Microsoft Premier Field Engineer (PFE), recently I have had several customers querying about how to deploy multiple AGPM Servers per Forest/Domain. As you know AGPM was designed to centralize change control over Group Policies so not exactly developed for this intended purpose. The configuration of Group Policy in a single… Read more

Replication Hurricanes: Why Restricted Groups are a No-Go for Domain Based Groups

Hi everyone! My name is Tim Medina, Premier Field Engineer, and today we are going to take a brief look at GPOs with a focus on restricted groups. More importantly, we will discuss how, if used in an unsupported manner, you can cause your very own replication hurricane. But, before we get into that let’s… Read more

Hey Dude, Where’s My Winlogon.log?

Hi this is Michael from the PMC PFE Team, I recently helped a customer during the implementation of their Windows Server 2016 systems. When checking the Event viewer, we spotted a well-known Event ID: Log Name:      Application Source:        SceCli Date:          08.03.2017 17:49:21 Event ID:      1202 Task Category: None Level:         Warning Keywords:      Classic User:          N/A Computer:     … Read more

Using PowerShell Runspaces to Generate GPO Reports

Stephen Mathews here to talk to you about generating Group Policy Object reports quickly and efficiently. I had a customer ask me if there was an easy way to find all the RunOnce GUIDs in their GPOs. The customer was concerned that they would generate duplicate GUIDs in their deployment of Group Policy Preferences. Yes,… Read more

Who broke my user GPOs?

Hi folks. From Orlando, Florida, Sean Greenbaum here with some news about a recent set of security patches released on June 14, 2016. If you’re reading this, chances are you are having group policy issues, or you heard this patch will cause you to have issues and you want to get ahead of it. So,… Read more

Does your win 8.1 /2012 R2/win10 logon hang after a password change?

********** UPDATE ********** This is now fixed in the following updates: For Windows 8.1, 2012 R2, 2012 install:  KB3132080 Logon freezes after you reset your password in Windows 8.1, or Stop error 0x1000007e in Windows Server 2012 R2:  http://support.microsoft.com/kb/3132080/EN-US For Windows 10 TH2 build 1511 install:  KB3135173 Cumulative update for Windows 10 Version 1511: February… Read more