Some PowerShell Snippets for Network Scanning

I recently had to improvise some network scanning using PowerShell. The security guys got somewhat excited, so I decided to upload these snippets.
I think all of them require PowerShell v2+

Checking ping for one IP address

Test-Connection $target -count 1 -quiet

Checking if a TCP port is listening

function …
more ...

List all Group Policy Extensions Registered

I use this script to see all GP extensions that my computer can process:

ls 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions' | select `
    @{name='Guid';expression={[guid]$_.pschildname}}
    @{name='Name';expression={$_.GetValue('')}}
    @{name='DllName';expression={$_.GetValue('DllName')}}
    @{name='ProcessWhenNoChanges';expression={!$_.GetValue('NoGPOListChanges')}}
    @{name='IsUserPolicy';expression …
more ...

setspn Duplicates and Case Sensitivity

Today I found out that the command I use to find duplicate SPNs, setspn -x

is case sensitive, meaning that the following SPNs don't count as duplicates:

HOST/bla
HOST/BLA

This makes sense when using UNIX systems for TGS creation.
However, Active Directory Domain Controllers, being Windows systems, are …

more ...

Backing up BitLocker to ActiveDirectory - My Additions

The Story

If you thought about deploying BitLocker in your enterprise, you probably came across the recovery issue - if you lose the encrypting smart card, corrupt the key file, forget the password or the TPM breaks down - how can you access the data?
For small organizations, manual recovery can be …

more ...



Finding Superseding WSUS updates in PowerShell

Whenever I see a superseded update, I usually want to know which update supersedes it.
Finding it from the console is easy enough:

But of course, working through the UI is no fun.
After you got an update object through PowerShell, like this:

$wsus = Get-WsusServer WSUS2 -PortNumber 8530
$update = $wsus …
more ...

Adding .net 3.5 to a Windows Server 2012 template

I was approached by some colleagues building a new VM template for Windows Server 2012 who wanted some help with .NET framework 3.5.

The .NET oddity

As anyone who messed a bit with Windows Server 2012 knows, the .NET framework 3.5 is one of two features (along with …

more ...

Filtering Windows Event Log using XPath

When I want to search for events in Windows Event Log, I can usually make do with searching / filtering through the Event Viewer. For instance, to see all 4624 events (successful logon), I can fill the UI filter dialog like this:

  • Event Logs: Security
  • Event IDs: 4624

But sometimes I …

more ...

Preventing Users from Adding Computers to a Domain

Some time ago, we've come to the conclusion that the computer accounts in the domain are disorganized. After doing the tedious job of sorting existing accounts, we saw that new computer accounts are still being added to the "Computers" container, and we had no idea which computer was behind them …

more ...