Demystify PKI – Act II: Certificate Logging

This is a quick blog on how to enable certificate logging, as by default this is not enabled in Windows. For reference, this is a multi-part blog on PKI, here are the other entries: Demystify PKI (aka AD Certificate Services) – Act I: Cryptography First, a common falacy is that all things are located in…


PS without BS: Removing WMI Queries from GPMC

One of the neat features back in (cough) Windows Server 2003 was the addition of WMI filters to Group Policy. I’m not going to waste a lot of time this morning on a history lesson, but WMI filters in GPO have some valuable benefits, but unfortunately nothing in this life is free. The answer a…


PS without BS: Fixing the user primary group

This is a Part 2 from my blog Group membership isn’t consistent in AD Users and Computers. In this blog, I will go though a remediation script on how to set all user accounts to the primary group of “Domain Users”. For more information on the backstory, see the link. Now, to the script. There…


Group membership isn’t consistent in AD Users and Computers

This was the case of another interesting troubleshoot I ran across where users weren’t enumerating properly in a PowerShell script. Problem statement: An admin was working on a project known as the “Active Directory Group Cleanup”, in which they needed to find and remove members from groups. So, he created a PowerShell script using Get-ADGroupMember….


The future of old apps with Windows 10

The past is hard to let go of, let’s be honest. In the IT world, there is a lot of truth to some of the old tools are also some of the best. You SCCM (or dare I still say SMS) guys should know this, for those who still use things like ccmclean instead of…


PS without BS: Creating Random Test Users in Active Directory

This was an interesting ask, and kind of showcases a couple of different techniques. The ask was to create 20 random users in Active Directory for test purposes. So, I grabbed a list of (debateably) a list of the most common male and female first names and the most common surnames. I then randomize these…


Clean up Group Policy Now! – How and Why

ACT I: Introduction In my mind, one of the things that put Windows over the top in the (cough) post Windows NT4 era was the ability to manage it with this new phenomenon called “Group Policy”. If anyone remembers the days of using logon scripts (some still do), AT commands (anyone remember Kixstart?), SMS, and…