https://evotec.xyz/categories/windows/index.atom.xml2023-05-28T14:40:25.0000000ZEvotec Main Websitehttps://evotec.xyz/blog/strengthening-password-security-in-active-directory-a-powershell-powered-approach2023-05-28T14:40:25.0000000Z

PasswordSolution uses the DSInternals PowerShell module to gather Active Directory hashes and then combines that data into a prettified report. If you have ever used DSInternals, you know that while very powerful, it comes with raw data that is hard to process and requires some skills to get it into a state that can be shown to management or security.

https://evotec.xyz/blog/reporting-group-membership-for-critical-active-directory-groups2022-08-07T11:57:28.0000000Z

I work a lot with Active Directory-related tasks. One of the tasks is to know the group membership of critical Active Directory Groups such as Domain Admins, Enterprise Admins, Schema Admins, Event Log Readers, and a few others that are a bit less known. As I did it, I got bored of typing the group names repeatedly and decided that enough was enough and there must be an easier way for me to do that.

https://evotec.xyz/blog/officeimo-free-cross-platform-microsoft-word-net-library2022-06-12T16:14:01.0000000Z

I’ve created a cross-platform (Windows, Linux, macOS) Word library based on Open XML SDK that heavily simplifies creating and modifying Word documents. Open XML SDK, while excellent, requires you to do a lot of work to make even simple documents. For example, if you want to use Table styles, you need first to define those styles, put them in a specific place, and assign them to a table. The same goes for lists, images, hyperlinks, bookmarks, and many other Microsoft Word types. Creating sections, managing headers, and footers – all that is possible using Open XML SDK, but it’s far from easy. At least for a noob like me. You have to know the order to put them into the document; you must know the places and track IDs to all the elements. And trust me – it’s not fun.

https://evotec.xyz/blog/reading-iis-logs-with-powershell2022-06-04T19:47:08.0000000Z

Today I was reading Twitter, as I am pretty addicted to technology news when Adam Bacon mentioned that he’s surprised that no one has rebuilt IIS Parser as pure PowerShell. While this is not entirely true, and some modules can do some parsing, I decided to try my luck. While doing it from scratch in PowerShell is possible, I opted to use an external C# library that does all the heavy lifting and is optimized for speed.

https://evotec.xyz/blog/difference-between-gettempfilename-and-getrandomfilename-that-got-my-ass-kicked2022-01-24T18:51:13.0000000Z

Today’s story is about me making assumptions on how things work based on the method’s name. As the blog post says, I want to focus on two similar methods – GetTempFileName() and GetRandomFileName(), when using PowerShell. Still, since those methods are .NET based, it applies to a whole range of other languages – C#, F#, VisualBasic, and all others that I’ve never used.

https://evotec.xyz/blog/active-directory-domain-services-could-not-replicate-the-directory-partition-the-replication-operation-encountered-a-database-error2021-11-28T14:38:20.0000000Z

If you ever encounter an error while trying to create a new domain within a forest saying, “The replication operation encountered a database error,” it makes you sweat a bit. Your brain tells you it will be a nightmare to fix, do I have proper backups to make it happen, and the question “why now” shows up.

https://evotec.xyz/blog/encrypting-and-decrypting-pgp-using-powershell2021-09-12T15:14:12.0000000Z

Some time ago, I decided that having an easy-to-use PGP PowerShell module is a way to kill my boredom. Four months have passed, and I decided to share it with the world, as it may be helpful to some of you. Today I would like to introduce you to PSPGP – PowerShell module that provides PGP functionality in PowerShell.

https://evotec.xyz/blog/easy-way-to-connect-to-ftps-and-sftp-using-powershell2021-08-29T13:47:48.0000000Z

FTPS and SFTP are two ways to send and receive files from remote sources. While the name suggests both do the same thing, those are different protocols, in the end, having the same goal. A few weeks back, I had to make sure I can reliably download files from FTPS server using PowerShell, and since I couldn’t find anything straightforward to use, I decided to write my own. Transfertto is a new PowerShell module that supports both FTPS and SFTP protocols. Its goal is to be the only module that you need to transfer files to and from FTP/SFTP servers.

https://evotec.xyz/blog/remove-item-access-to-the-cloud-file-is-denied-while-deleting-files-from-onedrive2020-12-06T18:07:39.0000000Z

I like OneDrive. It allows me to keep my data secure and always synchronized. If things go wrong, I can always get it back. I use it for almost everything. Even for my PowerShell projects, which are committed to GitHub, so in theory, I shouldn’t need that. But every once in a while, I make some stupid mistake and delete a file that has yet not been committed to GitHub, and that’s where the OneDrive comes in handy. Quick restore, and we’re back. Unfortunately, sometimes things aren’t as I would expect them to work. For example, let’s have a look at this nice list of markdown files that are documentation for my module called GPOZaurr.

https://evotec.xyz/blog/restoring-recovering-powershell-scripts-from-event-logs2020-08-28T15:39:28.0000000Z

A few days ago, I was asked to take a look at PowerShell Malware. While I don’t know much about malware, my curiosity didn’t let me skip on this occasion, and I was handed over WindowsPowerShell.evtx file. Ok, that’s not what I expected! I wanted PowerShell .ps1 files that I can read and assess? Well, you play with the cards you were dealt with. What I was handed over was PowerShell Event Log. PowerShell writes whatever you execute, and it thinks it is risky, to Windows PowerShell Operation Event Log.

https://evotec.xyz/blog/the-security-account-manager-sam-has-determined-that-sid-is-already-in-use-in-the-forest2020-03-12T19:02:42.0000000Z

The security account manager (SAM) has determined that the security identifier (SID) for this computer is already in use in the Forest you want to join. This can happen when restoring an Active Directory Domain Controller with an improper backup. Reinstall the operating system on the local AD DC to obtain a new SID.

https://evotec.xyz/blog/create-a-local-user-or-administrator-account-in-windows-using-powershell2019-10-30T13:44:27.0000000Z

Recently I got a simple task to implement LAPS for the newly created local user instead of using the built-in local administrator account. It seemed easy at first. Go to Group Policies, create a new user, add it to an administrators group, and then follow standard steps to implement LAPS. That is until you find out it’s actually not possible anymore due to password encryption key being available in the wild, which made Microsoft block that Group Policy Preference. While that road is blocked, I still need to get my user-created somehow. Let’s do it with PowerShell. It’s quite simple – use New-LocalUser a few parameters, some random password that I don’t need to save as LAPS will overwrite it. Except it’s not available on PowerShell 2.0, which is the default for Windows 7 that I have to support. Things get even more complicated if you consider that Administrators group is called differently in different countries. While I stopped supporting anything below PowerShell 5.1, I can’t say if it’s the project requirement.

https://evotec.xyz/blog/what-do-we-say-to-health-checking-active-directory2019-09-08T15:48:39.0000000Z

Setting up a new Active Directory is an easy task. You download and install Windows Server, install required roles and in 4 hours or less have a basic Active Directory setup. In an ideal world that would be all and your only task would be to manage users, computers, and groups occasionally creating some Group Policies. Unfortunately, things with Active Directory aren’t as easy as I’ve pictured it. Active Directory is a whole ecosystem and works well ranging from small companies with ten users to 500k users or more (haven’t seen one myself – but so they say!). When you scale Active Directory adding more servers, more domains things tend to get complicated, and while things on top may look like they work correctly, in practice, they may not. That’s why, as an Administrator, you need to manage Active Directory in terms of its Health and Security. Seems easy right? Not quite. While you may think you have done everything, checked everything, there’s always something missing. Unless you have instructions for everything and can guarantee that things stay the same way as you left them forever, it’s a bit more complicated. That’s why Microsoft delivers you tools to the troubleshoot your Active Directory, such as dcdiag, repadmin and some others. They also sell monitoring solutions such as Microsoft SCOM which can help and detect when some things happen in your AD while you were gone. Surely there are some 3rd party companies give you some tools that can help with a lot of that as well. Finally, there is lo of folks within the community creating PowerShell scripts or functions that help with some Health Checks of your Active Directory.

https://evotec.xyz/blog/what-do-we-say-to-writing-active-directory-documentation2019-05-12T12:46:24.0000000Z

It’s no secret that nobody likes creating documentation. I don’t like it, and you don’t like it, even documentation lovers don’t like it. But while you can live without documentation, you really shouldn’t. And I am not talking here only about documentation that is only useful in the onboarding process of new employees or documentation concerning introducing someone to some concepts to get them easily start. I’m talking about documentation for your live environment where you know what you have, how you have set it up, but is still the same after one week, one month, or one year? Usually, not so much. And one of the worst mistakes admin can do is assume that his environment doesn’t change, things are as they were when they were set up.

https://evotec.xyz/blog/the-only-powershell-command-you-will-ever-need-to-find-out-who-did-what-in-active-directory2019-04-28T15:52:32.0000000Z

While the title of this blog may be a bit exaggeration, the command I’m trying to show here does it’s best to deliver on the promise. What you’re about to witness here is something I’ve worked on for a while now, and it meets my basic needs. If you don’t have SIEM product or products that monitor who does what in Active Directory this command makes it very easy, even for people who don’t have much experience in reading Event Logs. If you’d like to learn about working with Windows Event Logs here’s a great article I wrote recently – PowerShell – Everything you wanted to know about Event Logs and then some.

https://evotec.xyz/blog/meet-emailimo-new-way-to-send-pretty-emails-with-powershell2019-04-12T08:13:43.0000000Z

When reading this blog post, you may be thinking that there’s nothing new one can add to emailing with PowerShell as there were tons of articles in recent years covering this subject pretty good. It’s all known, and people have used it since the early days of PowerShell. You can even send an email with just one line using Send-MailMessage. Now, this post is not about that. This post is about sending HTML based emails. You see when you want to send an email that is just text based that’s pretty trivial. Things get complicated when you want your emails to have some colors, some tables, some links or some lists. This is where you have to involve HTML and CSS. Since I’ve been working with PowerShell for a while now, I’ve seen my share of scripts/modules or blog posts that cover this but one thing that usually hit me – it was sometimes tough to understand what is happening, what the author is doing, and what happens if I change this or that. While I’ve seen people dismissing programmers doing HTML / CSS or JavaScript for not being real programmers, I disagree entirely. You have to know what you’re doing if you want your stuff to look good. I’ve spent days or even weeks playing with HTML/CSS/JS, and I must admit half of what I do I don’t even understand until I see the output. So before you go and tell people that HTML/CSS is easy, think again.

https://evotec.xyz/blog/out-htmlview-html-alternative-to-out-gridview2019-04-06T18:47:55.0000000Z

One of the most comfortable output’s in PowerShell to work and analyze data is Out-GridView. It’s handy as you can search, sort and have things done quicker than trying to do things in the console. However it’s currently not available in PowerShell Core (PowerShell 6+), and when it is available in PowerShell 7, it will NOT be cross-platform. Since I had released Dashimo a few days ago, I thought it was trivial to make a simple command out of it that could solve this problem.

https://evotec.xyz/blog/pswinreporting-1-8-split-of-branches-legacy-vs-new-hope2019-03-10T20:39:43.0000000Z

A new branch of PSWinReporting is slowly coming, and I thought it would be the best time to have a final article about it with all configuration options available for those that will want to stay using PSWinReporting from Legacy branch. The idea is that you may have it working in your systems and it’s good enough for you. You may not want to change it, and with New Hope, the changes are so big it’s a rewrite.

https://evotec.xyz/blog/powershell-everything-you-wanted-to-know-about-event-logs2019-02-20T13:22:19.0000000Z

If you feel this title is very familiar to you it’s because I actually have stolen the title from Kevin Marquette. I’m in awe of his posts that take you thru topic from beginning till the end. No splitting, no hiding anything, everything on a plate, in a single post. That’s why I’ve decided to write a post that will take you on a trip on how to work with Event Logs, something that is an internal part of Windows Administration. If you’ve never worked with Events and you’re in IT you most likely should make an effort to find out what it is and how you can eat it.

https://evotec.xyz/blog/how-to-find-different-server-types-in-active-directory-with-powershell2019-02-06T18:25:30.0000000Z

Working as a freelancer is a great thing if you can handle it. Each day, each week something new happens and a new problem shows up on my doorstep. It also means it’s almost never boring at your job and you get to play with new stuff. But there’s one drawback to this. You’re often thrown at the problem, told to fix it but often that’s about as much information as you get. It wasn’t very different today. I was told to switch Office 365 from ADFS to Password Synchronization. While reasons for this are not really important, the important question here is what is the name of AD Connect server that’s responsible for this configuration?

https://evotec.xyz/blog/active-directory-how-to-track-down-why-and-where-the-user-account-was-locked-out2019-01-24T15:25:31.0000000Z

I’ve been working with Windows Events for a while now. One of the things I did to help me diagnose problems and reporting on Windows Events was to write PSEventViewer to help to parse the logs and write PSWinReporting to help monitor (with use of PSEventViewer) Domain Controllers for events that happen across the domain. It’s handy and I, get those excellent daily reports of what happened while I was gone.

https://evotec.xyz/blog/how-to-change-your-own-expired-password-when-you-cant-login-to-rdp2019-01-23T10:41:40.0000000Z

I must admit that it was a bit embarrassing to see my Administrator password expired when I tried to log in as Domain Admin to Domain Controller. I got this little message saying This user account’s password has expired. The password must change to logon. Please update the password or contact your system administrator or technical support.

https://evotec.xyz/blog/windows-server-2019-desktop-path-for-all-users-cwindowssystem32configsystemprofiledesktop2019-01-22T14:31:49.0000000Z

I’ve got a strange request a few days ago regarding users getting a prompt about their Desktop location pointing to…

https://evotec.xyz/blog/windows-2019-windows-license-expired2019-01-19T19:31:08.0000000Z

Windows Server 2019 is out now for a couple of months now, and some of you may be interested in playing with it. When you first install it, you can test it for 180 days (so-called Grace Period) after which you need to activate it with a proper production license.

https://evotec.xyz/blog/windows-2019-how-to-add-language-pack2019-01-02T13:38:16.0000000Z

Today I’ve been setting up a new server on Windows 2019. By default, I install Windows with English version even if Client works in their language such as German, Polish or Swedish. While some people install Windows in a language they desire to work with, years of experience taught me that installing English and then adding Language Pack is the best way to go. All errors, windows events, and general troubleshooting is much easier if those are in the native English language. Each version of Windows made it easier to install the language pack and have that up and running in no time. In Windows 2019 it’s even more comfortable… or is it?

https://evotec.xyz/blog/azure-agent-where-did-my-space-go2018-11-28T16:19:01.0000000Z

Recently I had a weird case where one of our Azure servers was starting losing space pretty quickly making Pulseway go nuts. As you can assume from the title of this post the cause for this is Azure Agent itself. But before I actually knew that I had to do some digging as it’s not that obvious because Windows Explorer isn’t showing anything worth checking.

https://evotec.xyz/blog/powershell-environment-path-is-missing-or-overwritten2018-11-03T12:07:35.0000000Z

I had a strange issue today when I was doing some development where suddenly my scripts would report inability to…

https://evotec.xyz/blog/psblacklistchecker-notifications-to-microsoft-teams-slack-of-blacklisted-ips2018-11-02T21:46:18.0000000Z

If this is the first time you’re reading about this module, it’s simple PowerShell module that allows you to verify…

https://evotec.xyz/blog/update-module-packagemanagementinstall-package-unable-to-find-repository2018-10-19T17:04:49.0000000Z

I was installing newest version of my PSWinDocumentation module on Windows 2016 when I noticed I can’t really get anything…

https://evotec.xyz/blog/windows-10-no-prompt-to-overwrite-when-pasting-from-zip-file2018-10-10T07:23:12.0000000Z

I just had a weird situation where I was pasting multiple folders and those folders were already in destination. Normally…

https://evotec.xyz/blog/pswindocumentation-audit-active-directory-passwords2018-10-07T17:57:42.0000000Z

If you’re paying attention to what’s happening around the world now you probably know Have I Been Pwned service by now. You probably know that it has huge lists of hashes of passwords that leaked out over the years from different services (LinkedIn, Adobe, and so on). This means those passwords are now in possession of good guys, but also bad guys. With Active Directory being often a central place to store your password that allows you to access your Office 365 account, ADFS, Microsoft Exchange it’s important that your AD passwords is both secure and safe. Bad guys may want to try and access your email accounts or other data that’s available online. And having a list of passwords you or other people may have used before doesn’t help you in protecting your own data.

https://evotec.xyz/blog/windows-10-microsoft-store-edge-windows-updates-microsoft-outlook-not-able-to-connect-with-error-0x80072ee7-0x800700052018-10-04T21:10:17.0000000Z

So I’ve been working on my Windows 10 Insiders for a longer while now. Since like 3-4 months I was…

https://evotec.xyz/blog/pswindocumentation-export-to-word-excel-sql-of-ad-aws-exchange-o365-exchange-o365-azure-ad2018-09-23T20:39:26.0000000Z

Today I’m pushing forward with PSWinDocumentation project. I’ve fixed some bugs but I also added a couple of new features. I did lie a bit in the first sentence because this time it’s not all me. I got help from Mateusz Niemczyk who is a certified AWS engineer working for Euvic with me on some projects. If you’ve not yet guessed where I got him involved from the introduction – yes we’re adding basic AWS data support to PSWinDocumentation. But that’s not all…

https://evotec.xyz/blog/pswinreporting-forwarders-microsoft-teams-slack-microsoft-sql-and-more2018-09-16T17:59:28.0000000Z

It’s been a while since PSWinReporting has been updated, or rather since I’ve written a blog post about it since it’s always…

https://evotec.xyz/blog/pswindocumentation-version-0-1-with-word-excel-export2018-08-23T20:07:04.0000000Z

A few weeks ago I’ve released my first version of PSWinDocumentation. It was simple, one command module where you start it and get some basic AD stuff into Microsoft Word document. Today… I’m releasing a new version that has a bit bigger feature set. Are you ready for it? Let’s go!

https://evotec.xyz/blog/windows-10-youll-need-the-internet-for-this-0xcaa7004-or-0xcaa301942018-08-08T08:16:46.0000000Z

For the last few weeks, months that I was working on Windows 10 Insiders release I was having problems to…

https://evotec.xyz/blog/install-module-the-term-install-module-is-not-recognized-as-the-name-of-cmdlet-function-script-file-or-operable-program2018-07-25T08:15:53.0000000Z

Recently I was asked to implement PSWinReporting onto yet another domain. Happily I’ve started to install my 6 modules to…

https://evotec.xyz/blog/windows-10-high-cpu-usage-with-evntagnt-warning-event-id-3007-in-event-log2018-07-24T12:13:09.0000000Z

Today I’ve noticed my PC behaving oddly. CPU was high with Windows Event Log taking a lot of my CPU…

https://evotec.xyz/blog/pswriteword-add-wordtable-add-wordtext-expanded2018-07-07T20:12:03.0000000Z

In this weekly release (PSWriteWord 0.4.6) there are handful of updates and tweaks to Add-WordTable and Add-WordText. If you’ve not…

https://evotec.xyz/blog/pswriteword-updated-to-0-4-1-breaking-change-included2018-06-28T19:47:51.0000000Z

While the update may seem small – change from 0.4 to 0.4.1 it actually brought a number of fixes and…

https://evotec.xyz/blog/collectguestlogs-exe-high-disk-usage-on-azure-vm2018-06-26T19:47:57.0000000Z

CollectGuestLogs.exe is one of Microsoft Tools that is installed with VM’s stored on Azure. While I’m sure it has many…

https://evotec.xyz/blog/pswinreporting-1-0-is-out2018-06-10T09:26:45.0000000Z

Few months after initial release a new public version of PSWinReporting 1.0 is released. While the name might not be…

https://evotec.xyz/blog/working-with-windows-events-with-powershell2018-05-28T09:28:21.0000000Z

As you may (and should) know Event Log is your first place to look for explanations on why server/client is…

https://evotec.xyz/blog/just-different-approach-to-active-directory-password-notifications2018-05-23T15:12:36.0000000Z

A long time ago I’ve maintained a C# version of Password Expiry reminders. It was working based on HTML templates…

https://evotec.xyz/blog/get-eventslibrary-ps1-monitoring-events-powershell2018-04-19T09:48:35.0000000Z

This event library (Get-EventsLibrary.ps1) is PowerShell script that parses Security (mostly) logs on Domain Controllers. It has few reports capabilities…

https://evotec.xyz/blog/whats-new-event-monitoring-0-82018-04-17T19:23:09.0000000Z

💡 Little introduction Event Monitoring solution written in PowerShell is an event library (Get-EventsLibrary.ps1) script that parses Security (mostly) logs on…

https://evotec.xyz/blog/whats-new-event-monitoring-v0-72018-03-27T19:36:29.0000000Z

I’ve further optimized code and added some more health checks so that the process is a bit smoother. You can…

https://evotec.xyz/blog/get-eventlog-shows-wrong-maximum-size-of-event-logs2018-03-27T06:23:57.0000000Z

While working on EventManager script I’ve noticed that Get-EventLog is not returning proper values for Maximum File Size. When checking Maximum log…

https://evotec.xyz/blog/whats-new-event-monitoring-v0-62018-03-25T17:19:51.0000000Z

After having some feedback and seeing as some features were missing new version of Events Monitoring brings few of noticeable…

https://evotec.xyz/blog/granting-logon-as-a-batch-job-permission-for-task-scheduler-to-work2018-03-23T10:11:14.0000000Z

Running Tasks with Task Scheduler is one of most common scenarios in Administrators life. By default you can run your…