Multithreaded TCP port check

 Whopper - first post for a long time, and a short one 👶

I wrote a multithreaded TCP port check in Powershell. You ask why? Some reasons:

• multithreaded to test a lot of computers and ports in parallel - often required in domain connectivity scenarios
• fast as light - try it out!
• fully pipeline aware
• self contained, no external dependencies
• including RPC dynamic endpoints
• including SSL protocol checks and certificate details
  

Need more? Leave a comment!

It always bogged me to use Test-NetConnection (slow as hell) or even portqry.exe (needs to be scripted and output parsed) to verify a bunch of ports against a bunch of computers. So I came up with my private solution and started from scratch in Powershell. The result is impressing.

I have a builtin default set of several ports required for proper domain functionality. I ran  this check in one of our environments, consisting of 9 domains and 91 domain controllers, resulting in roughly 800 discrete port checks. Execution time? 17 Seconds... Including DNS resolution which consumes the most part of these 17 seconds.

 Check it out here: https://github.com/daabm/PowerShell/tree/master/Scripts

Happy testing!

How to retrieve DN of AD parent object in Powershell

Stumbling over https://www.akaplan.com/blog/2015/09/get-the-parent-ou-for-an-ad-object/ I thought about how to do it correct AND fast:

$U = Get-ADUser $env:username -Properties cn
$uParent =$u.DistinguishedName.Substring( ( $u.cn ).Length + 4 )

This way we can use the fast string method and we will always remove up to the correct position. Regardless of the parent object container type (OU, Container, whatever...)

Mirroring AD OU trees including GPOs - the PoSh way

Hello all.

In your AD, there might be an OU tree for production purposes. There might be a second tree for testing purposes. Now you need a third tree for evaluation purposes. That means copying all OUs from one of the existing trees and re-linking all GPOs linked to the source.

I recently had this requirement for an OU structure 6 levels deep with more than 100 linked GPOs. Hard to believe I would do this manually, so I fired up my ISE and came out with this module:

CopyGPOLink

Since the description in the gallery is somewhat crispy, here's the full help:

Windows 10 Settings App - how to hide pages for user groups

Hi Readers :-)

With Win 10 1703, the settings app can be configured to hide or allow only certain pages. This is configured with http://gpsearch.azurewebsites.net/#13576. But there's a drawback: This is a computer setting, so it will affect ALL users - even local administrators. Hey, MS - what did you think about when implementing this?

How can we configure the settings app differently for different groups of users?

The solution for this - as often - is "Group Policy Preferences" (GPP). With GPP Registry, we can write HKLM in the user part of a policy. Lets try - we create a GPP Registry to write the value we found at gpsearch:

 
And voila - it turns out that this value is not evaluated at boot time or at logon, but each time you open the settings app.

This enables us to configure the settings app based on users, although "officially" it is a computer setting :-)

Be aware that results might be unexpected if you use fast user switching. Consider the following scenario:

Admin logs on, gets unrestricted settings app. Switch user, default user logs on, gets restricted settings app. If you now switch back to Admin, he also will have restricted settings app because switching users does not trigger gpupdate. You can circumvent this if you create a scheduled task that runs "gpupdate /target:user" and triggers on Session reconnect.

Note: The IDs for the pages (about, privacy and so on) are not listed in the policy help. They can be found at https://www.windowscentral.com/how-hide-settings-pages-windows-10-creators-update#mssettings_page_name_list or at https://blogs.technet.microsoft.com/mniehaus/2017/04/13/hiding-pages-in-settings-with-windows-10-1703/

LegalNoticeCaption and LegalNoticeText - the new way...

Howdy!

Have you ever been using the following settings?

 
These are designed to present a message to the user after he presses C-A-D. This message could be some legal stuff, some helpful hints or whatever you need.

But there's a drawback: If these settings are enabled, AutoAdminLogon will not work anymore. This would prevent automated software installations by scripts, running in the context of an admin user that logs on automatically.

How can we solve this?

Updating Gallery Modules - with a module, of course!

...after I dealt with module updates last week, I finally converted the stuff to a module and published it: https://www.powershellgallery.com/packages/UpdateInstalledModule/1.0

Have fun! :-)

Speed-updating powershell modules from the gallery

Hi all.

TL;DR: Update all your PoSH modules from PowershellGallery.com within your ISE profile - and with lightning speed!

I recently received a IseSteroids License due to being an MVP - many thanks to Tobias Weltner for this valuable gift!

I then started to think about "how do I keep IseSteroids" up to date? It receives minor updates quite frequently, so I tried this simple command in my personal ISE profile:

Update-Module -Name IseSteroids

This was a "no brainer" - update-module is a slow running thing. So ok, lets go - google/bing/whatever. I finally came up with a solution that has "history":