Monday, November 07, 2016

Updating Gallery Modules - with a module, of course!

...after I dealt with module updates last week, I finally converted the stuff to a module and published it: https://www.powershellgallery.com/packages/UpdateInstalledModule/1.0

Have fun! :-)

Wednesday, November 02, 2016

Speed-updating powershell modules from the gallery

Hi all.

TL;DR: Update all your PoSH modules from PowershellGallery.com within your ISE profile - and with lightning speed!

I recently received a IseSteroids License due to being an MVP - many thanks to Tobias Weltner for this valuable gift!

I then started to think about "how do I keep IseSteroids" up to date? It receives minor updates quite frequently, so I tried this simple command in my personal ISE profile:

Update-Module -Name IseSteroids

This was a "no brainer" - update-module is a slow running thing. So ok, lets go - google/bing/whatever. I finally came up with a solution that has "history":

Thursday, May 12, 2016

Configuring the recycle bin for redirected folders

Hi all.

Recently, we had the need to disable the recycle bin for all redirected folders. This was due to the fact that the recycle bin - by default - takes a percentage of the volume it is located on, and we redirect to really large volumes, which results in undesirable sizes of these bins... Especially because we charge the users the amount of space they use :-)

Lucky me found a AskDS post that explains the basic steps of managing the recycle bin:
https://blogs.technet.microsoft.com/askds/2012/07/16/managing-the-recycle-bin-with-redirected-folders-with-vista-or-windows-7/

What the AskDS post lacks:
a) What are the folder IDs?
b) How do I deploy the required values?

Friday, March 25, 2016

Internet Explorer Site zu Zonenzuweisungen - sind sie gültig und warum nicht?


Hallo miteinander.


Es ist mal wieder Zeit für einen neuen Blogbeitrag... Kürzlich war ich in eine Diskussion verwickelt über die Zonenzuweisungen des Internet Explorer mit Hilfe von Gruppenrichtlinien. Dieser Blogbeitrag handelt davon, welche Einträge für Webseiten hier gültig sind und welche nicht.

Wie ordne ich eine Site einer Zone zu?

Es gibt zwei Wege für Administratoren, einer URL eine Sicherheitszone zuzuweisen:

  1. Native Gruppenrichtlinien - MVP-Kollege Alan Burchill hat ein schönes Tutorial dazu geschrieben: http://www.grouppolicy.biz/2010/03/how-to-use-group-policy-to-configure-internet-explorer-security-zone-sites/
  2. Registrierungswerte (Mit Hilfe von Group Policy Preferences Registrierung) - MVP-Kollege Joseph Moody hat dazu ebenfalls ein Tutorial geschrieben: https://deployhappiness.com/managing-internet-explorer-trusted-sites-with-group-policy/
Der erste Weg hindert Benutzer daran, eigene Zonenzuweisungen für Webseiten vorzunehmen. Wenn das gewünscht ist, dann verwendet diese Methode. Der zweite Weg erlaubt Benutzern das Hinzufügen eigener Zuweisungen.

Wednesday, March 23, 2016

GPSearch needs your support!

Hi there.

If you are searching for a given GP setting, you probably already hit GPSearch on Azure. In my opinion, this is the best and most valuable ressource for anything related to administrative templates.

And right now, GPSearch is asking for feedback on "why do you need/like/favor it". Given what effort MS puts in evolving GP (almost nothing, to be honest), I encourage all of you readers to give them the feedback they're asking for. This should help to keeping GPSearch online...

http://gpsearch.azurewebsites.net/

Thanks in advance :-)

Thursday, March 10, 2016

Internet Explorer site to zone assignments - is it valid and why not?

Hi there.

Time for a new post finally... Recently, I got involved in a discussion about IE zone assignments via Group Policy. This post discusses which entries are valid or not.

How to assign a site to a zone?


There are two possible ways to assign a security zone to a URL:
  1. Native Group Policy - MVP colleague Alan Burchill has a nice tutorial on that: http://www.grouppolicy.biz/2010/03/how-to-use-group-policy-to-configure-internet-explorer-security-zone-sites/
  2. Registry (through Group Policy Preferences Registry) - MVP colleague Joseph Moody has a nice tutorial on that: https://deployhappiness.com/managing-internet-explorer-trusted-sites-with-group-policy/
The first method prevents users from adding sites on their own. If this is desired, use it. The second method allows users to add sites on their own. 

Thursday, April 02, 2015

Environmental surroundings – creating variables to access AD objects



Hi all out there.

If you are working with logon or startup scripts, you usually access computer or user properties through environment variables like %userdomain% or %computername%.

The challenge

Our company often deals with trusts. This means %userdomain% is different from the computer’s domain. Unfortunately there’s no variable %computerdomain% nor %computerdnsdomain%.

In addition, we often access domain, user or computer attributes. Usually, you get the domain from the RootDSE object (https://msdn.microsoft.com/library/aa393248.aspx), but for computers and users, you have to search. And searching results in domain controller load – it would be more convenient if we could bind directly. For that, we need the distinguishedName of our objects.

If we manage to provide distinguished names in environment variables, they can be used easily, and no more searching is required. So we want to provide the following variables:

  • ComputerDomain: The NetBIOS name of the computer’s domain 
  • ComputerDNSDomain: The FQDN of the computer’s domain 
  • ComputerDomainDN: The Distinguished Name of the computer’s domain 
  • ComputerNameDN: The Distinguished Name of the computer account 
  • UserDomainDN: The Distinguished Name of the user’s domain 
  • UserNameDN: The Distinguished Name of the user account 
  • UserSID: The Security Identifier of the user account

The UserSID isn’t really in scope, but hey, we are working on it anyway :-)