Scripting

When you’re investigating a potentially compromised Windows endpoint, the last thing you need is another tool that dumps endless raw output into a console window and calls it “forensics.” You need the suspicious service that shouldn’t be there. The scheduled task that doesn’t belong. The odd TCP listener waiting for connections. The registry persistence key […]

SYSVOL replication failures are one of the domain controller problems that keep IT teams up at night. When SYSVOL stops replicating correctly, Group Policy Objects (GPOs) stop updating, logon scripts fall out of sync, and domain controllers begin serving inconsistent policy data. It’s important to separate this from Active Directory replication issues: If passwords aren’t

A user reports their workstation keeps going to sleep “on its own.” Or someone claims they never left their desk, yet the session clearly disconnected. Answering these questions means digging through the Windows event log and correlating events across Security and System logs into one timeline. This script pulls seven distinct event IDs from two

Windows Update breaks. Everyone knows this. Stuck update loops, error codes that don’t make sense, a client machine that hasn’t successfully installed patches in months. Microsoft’s official KB article for fixing Windows Update is a wall of 30+ manual steps. You have to stop services, rename folders, reset security descriptors, register DLLs, and restart everything

External sharing is a compliance nightmare. Your 365 tenant has dozens of SharePoint sites, each with document libraries, and files are shared via links or direct invitations. The SharePoint admin center shows you a high-level sharing policy per site, but it won’t tell you which specific files are shared externally or with whom. I wrote

Microsoft’s System Center Configuration Manager (SCCM) seems to usually work pretty well for 95-97% of the computers at the environments I’ve worked in. Unfortunately for the remaining few percentage points of computers that SCCM is *not* working pretty well for when SCCM does break it does so spectacularly with style and pizzazz.

This guide will show you how to use PowerShell to remove all traces from the computer so you can perform a clean reinstall!

Microsoft recently added a feature called MDM coexistence into SCCM. Basically this makes SCCM shut off most of it’s functionality when a third party MDM is detected on the machine. You will see errors such as “You don’t have permission to install this software” when coexistence mode is enabled.

This post will outline a way I found to turn SCCM back on (with a caveat).