• This command worked like a charm. For those of you who want to get size of multiple vhdx files, Below command will help.
    Thank you

    Get-VM | Get-SCVirtualHardDisk | select name,location,@{Name=”Size”; Expression={[math]::round($_.Maximumsize/1GB, 2)}}

  • I’m trying to achieve only the installation of excel 2013 by combining this method and deploying via intune. Do you think it’s possible?

  • Hi Jeff.

    Iam trying to set the executionpolicy to “remotesigned” throught the windows default GPO.

    these are the scopes:

    Scope ExecutionPolicy

    MachinePolicy Unrestricted
    UserPolicy RemoteSigned
    Process Undefined
    CurrentUser Undefined
    LocalMachine RemoteSigned

    But i cant find the setting for “machine policy” in the GPO?

  • There’s a mistake in the breakdown – you wrote “return those that start with “APP.””, but actually it’ll return those that contains “splunk”.

  • Hello, what about reading the existing extensions and showing their properties and status – installed or not installed?
    Thanks for the answer.

  • This is the problem with subscriptions, the power is now in Microsoft’s hands. I’m sure they employ many capable hands, which have their customers interest at heart. Unfortunately, I’m also sure they this particular groups is vastly outnumbered inside the Microsoft ranks.

    The rest of them is in this game for the money. Not a bad thing in and off itself, don’t get me wrong. But a subscription model? Currently they are showing their good side, with reasonable prices for reasonable service.

    But that won’t last, and then Microsoft has more control over your data and content than you do yourself. Call me old-fashioned all you want, but moving everything to the cloud is a tactical mistake. Well, a tactical mistake for anyone but Microsoft.

    Besides, “computing” in general only began to take flight after most tech companies let go of their “main-frame mindset” and the vendor lock-in that comes with that. And yet, nowadays so many systems/companies swallowed the tech companies BS reasons hook, line and sinker.

    As if this whole to the cloud movement isn’t anything else than the “main-frame mindset” and customers are back again on the “receiving end” of the vendor lock-in. If you have ever had the unfortunate experience of dealing with Oracle’s sales department, you would already have known what to brace for when you give companies with money-lust so much control over your data. Oracle never lost their “main-frame mindset”.

    And Microsoft has an unfettered lust for money. These days they were smarter by hiring better PR than they did in their early days. But their lust for money has never wavered one inch. Seems like a lot of people/companies need to learn that lesson again…the hard way. Unfortunately.

  • Does anyone have an answer ByDesign1977’s question… If you encrypt all usb drives, is there a way to exclude certain usb drives based on vendor/product ID so that a specif type don’t get encrypted? Thanks in advance.

  • I have just under 50 years in the computer business, many of those decades as sysadmin in Fortune 50 data centers. And all of them in various stages of software and OS development. I very much understand the complexity and potential for error in every OS and application.

    Not everybody is at high risk and needing the latest and greatest fixes for security exploits. My private clients quietly run their businesses without endless browsing of internet sites or social media. One client is forced to remain on WinXP until they retire, due to their application package being forever constricted to XP, and the “upgrade” priced beyond reach at $30,000 USD.

    I personally do not care for the invasive nanny in the newer Windows offerings, so I avoid them. I keep all the latest versions on VMs for learning purposes, but not for my personal use.

    I may be obsolete, but I truly do not care for subscription based products. Some of us are just fine doing our work without needing the latest and greates.

  • It is a doubled edge sword, you can stay on your older software/OS but then you have to accept the security exploits that do not get fixed or get updated because it is no longer supported, or you go down the road of having the latest bits and security updates. Unfortunately those are not FREE and before you yarn about it being their fault (writers of that software/OS) just remember nobody can write the perfect solution out of the box, we are all just human and errors are a indelible human trait. Having written software and managed networks for many-a-years I can attest to that.

  • Does anyone know if the Office 2016 connectivity to Office 365 ending in 2023 is a recent change of Microsoft policy? I was aware of the 2025 EOL but the Office 365 connectivity is a but of shock. Thanks.

  • Thanks for providing the road map.

    I am now fully retired from the corporate environment, and have a very different take on this relentless upgrade-upgrade-upgrade and subscription environment.

    My private clients have zero interest in being used as contributors to a subscription revenue stream. They are not interested in the fragility of interconnection with the cloud, phones, etc.

    I always appreciate your articles, thanks so much.
    Yes, I remain on Win7 Pro and Photoshop CS6EE on my personal workstation.

  • Using your ADSI connection however allows you to bypass WinRM if its not enabled. You need WinRM enbled to use Enter-PSsession.

    Either way, great script and it was what i needed in a pinch.

  • Can we have OS drive (C: drive as non persistent) and second drive (D:) as persistent?
    i am seeing that the OS drive setting is taking effect on second drive as well. Both C and D drive are behaving as non-persistent in this case, even though D drive is set to non-persistent.

  • Were you able to get this to work? I am trying to do the same.

  • Yes, and those corporations are playing with fire, but that doesn’t mean we shouldn’t take caution in advising potential actions. Obviously, no sysadmin should take any action unless it’s cleared with the security team – and if RDP is disabled for security reasons then they shouldn’t be using *any* of the processes listed here to seek to enable it unless they have the blessing of said Security team (*not* just sysadmin role benefits). I’m not objecting to the content of the article technically – it’s perfectly sound, and contains good (and reasonably thorough) information. I guess the core point is that I would expect to see a disclaimer along the lines of, ‘obviously work within the security boundaries of your corporate environment, and don’t action any of these activities unless you have explicit sanctioning to do so.’
    Just as many organisations are probably running laxer-than-suitable desktop security, probably many are also running with junior admins with domain-wide privileges and part of their education (since it’s presumably towards those admins that the piece is targeted) is precisely to appreciate the security context of an organisation and not *just* the technical capabilities.
    Anyway to your basic justification, if [said sysadmin] doesn’t have time to deploy a GPO but they have time to pull up an independent internet article to reference [with untrusted/unknown scripts!] the under-the-table actions then their priorities as an admin are already in the drink.
    And note as I mentioned earlier the issue with PSexec is not its direct usage, per se [although my earlier point about approval & process in that regard still stands] but mostly to do with the availability of the tool on a host for hackers to benefit from. The tool should always come with an explicit warning such as:
    “**Only** use this tool with explicit approval from your organisation’s security team *and* ensure it is removed from every machine after the operation is completed.”

  • Thank you for those details.
    I have a query if anyone can answer.
    Reference host is selected adn exacted host profile from there. Now this profile is attached to another host which is newly installed. When it is checked for compliance, it shows Host Customization Required.
    But when Host Customization is clicked and opened, it shows empty box.
    Can you assist?

  • Well whether they care or not is none of our concern. We still hate them with our guts.

  • Allowed by whom? Microsoft does not decide corporate security, which is just as well obviously. Like I said, is a great tool, but too powerful, and it is utterly irresponsible to advise users about this tool unless you also make clear that users in corporate settings must not operate such tools without the strict blessing of their IT/security teams.
    That goes for any “fix” or action really. You actually need to be putting at the beginning of any article, “don’t do this on your business device unless you have the blessing of the relevant IT body” etc. Because it’s tools like this and other things that people download after reading about it on a helpful website that allow hackers to run amok once they can acquire entry via a compromised device.

    Do not download any tool, Microsoft or otherwise, to your corporate device and attempt to “fix” things on your or other computers without the explicit approval of your IT team. Astounding that this even needs to be said.

  • i’m using windows 11, and still no DoH feature

  • Load More
© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account