Remotely changing DNS server list through registry

Recently I was called to help some some friends who had an unusual problem:
They demoted an old DC because they needed to raise the domain functional level, and after doing so many of their servers stopped working - they wouldn't allow remote logins, the Exchange services wouldn't start, while showing …

more ...

Filtering Windows Event Log using XPath

When I want to search for events in Windows Event Log, I can usually make do with searching / filtering through the Event Viewer. For instance, to see all 4624 events (successful logon), I can fill the UI filter dialog like this:

  • Event Logs: Security
  • Event IDs: 4624

But sometimes I …

more ...

Preventing Users from Adding Computers to a Domain

Some time ago, we've come to the conclusion that the computer accounts in the domain are disorganized. After doing the tedious job of sorting existing accounts, we saw that new computer accounts are still being added to the "Computers" container, and we had no idea which computer was behind them …

more ...

Investigating Repeatedly Locked Out Users

I often get asked by some other IT guy "why does user XXXXX keep on getting locked out?"

Let me clue you in on something - users (almost) always get locked out for the same reason: They try the wrong password too many times.The reasons for THAT, however, are quite …

more ...


Solving Event Log Subscription Error "0x138C"

Today I saw some collector-initiated event log subscriptions that displayed a weird error, something like

Windows Event Forward plugin can't read any event from the query since the query returns no active channel. Please check channels in the query and make sure they exist and you have access to …
more ...

Group Policy Security Filtering and Loopback

I recently discovered that when applying a GP object using loopback and user security filtering (allowing only specific users to apply the GP), the computer still needs read access to the GP.

Otherwise, the GP will show up as not applied due to it being "inaccessible":

My guess is that …

more ...

Opening Group Policy Management Editor from the Command Line

Yesterday I wanted to open the Group Policy editor (or "Group Policy Management Editor") for a specific GP object through PowerShell, but there is no "Edit-GPO" cmdlet. I quickly checked from the task manager how the GPMC opens the editor, and made my own:

function Edit-GPO([guid]$guid){
$domain = Get-ADDomain …
more ...

Removing all Metro Apps from Windows 8

I wanted to open some photos today (to add to my blog) on my Windows 8 workstation, and it kept opening the full-screen metro app instead of the normal picture viewer. It really annoyed me, and I looked for a quick and dirty way to remove ALL metro apps. This …

more ...

Wget in PowerShell v3

I've been envying my *nix brethren for having Wget for a long time. To get the contents of a web page or download a file using http I had to use workarounds that took more than one command - either creating a new System.Net.WebRequest or using a BITS module …

more ...