Visualize DSC Reporting with PowerBI

Abstract Reporting is an essential component of DSC and one of the main advantages. Always knowing the status about your nodes and even being able to know which settings are not compliant is a big advantage compared to classical scripting or Group Policies. However, the reporting feature is not so easy to use and there…


Broken DSC Reporting, RequestEntityTooLarge and some LCM internals

Abtract After migrating a complex DSC configuration using partial configurations to composite resources, DSC reporting using SQL Server as described in Using SQL Server 2016 for a DSC Pull Server did not work any longer or was no longer reliable. This article is about troubleshooting this and learning something about Event ID 4260 and how…


PowerShell Tip: Getting enum values as names, int and bit

There are a number of samples how to resolve enums and display all the possible values. However, none of those worked for me with the enum System.Security.AccessControl.FileSystemRights. This enum has duplicate values and as most functions listing enum values are based on Enum.GetValues, you see not just the duplicate values but also duplicate names. So…


Using SQL Server 2016 for a DSC Pull Server

This article describes how to use a SQL Server 2016 as the backend database for a Desired State Pull Server. The default database engine is EDB and lacks a couple of feature required. This article guides you through the setup process.


Privileged Access Management – demystified

  Today’s topic: Privileged Access Management (PAM) Just in Time Administration demystified Coming with Microsoft Server 2016, we offered a new optional feature for Active Directory: the ‘Privileged Access Management Feature’. The new feature is only available with Domain Controllers OS >= Windows Server 2016. Privileged Access Management Feature consists of two parts: Privileged Access…


The ADSI Schema Cache revealed Part II

Today’s topic: The ADSI Schema Cache revealed Part II We have been talking about the ADSI Schema Cache implementation, it’s benefits and several buts in the first part covering this topic <The ADSI Schema Cache revealed>. The conclusion was – utilize the sample code attached to the blog entry and ‘really, finally it’s cool now…


NTFSSecurity Tutorial 2 – Managing NTFS Inheritance and Using Privileges

Summary In my previous post, NTFSSecurity Tutorial 1 – Getting, adding and removing permissions, I talked about NTFS inheritance. Inheritance is a fundamental feature of NTFS to keep permissions consistent and easy to manage. However, there are some scenarios where you want to disable inheritance on folders or find out where it has been disabled….


NTFSSecurity Tutorial 1 – Getting, adding and removing permissions

Summary Managing file and folder permissions in Windows PowerShell is not that easy, and there are numerous articles and blog posts describing how it works by using the .NET classes. This is far from being comfortable, and there is one major and one minor restriction: Path length Generic rights This post introduces the NTFSSecurity module,…


The ADSI Schema Cache revealed

Downloads related to this article:         dSASignatureFlag_Samples.zip Today's topic: The ADSI Schema Cache revealed Like mentioned in the first article of this blog <Active Directory Service Interface (ADSI) and the Read Only Domain Controller (RODC) – Avoiding performance issues> ADSI utilizes a Schema Cache of the LDAP directories it has successfully contacted. In the article mentioned…