• I remember Norton Commander--wasn't my cup of tea. We used this little known program call 'The File Commander' that never made it past v1.0. It was a superior program for file transfers though, very much like Midnight Commander is versus raw command line.

  • We have 2022 January, and it still works from Powershell 2.0 on Windows Vista / Server 2008 (without R2) up to Windows 11 newest insider build. Just tested...

  • Always On availability groups is the full, formal name for this availability feature. The abbreviation is AG, not AOAG or AAG.

  • Hy Brandon
    Thanks for the tips, but why using a reg file, then a PS cmdlet, then GUI.
    You could do all tasks with PS.
    For the last One (perhaps the more complex) :

    Import-Module WebAdministration
    -Filter "system.webServer/httpProtocol/customHeaders"
    -PSPath IIS:Sites$siteName -Name . -AtElement @{name=$headerName}
    -Value @{name=$headerName;value=$headerValue}

    $HeaderValue is a var populated with the value you've described.

  • Hi,
    i made some progress, the script can be used from Computer Client like Win10, and he dont need to import Active Directory modules,
    also dont need to enter config.ini DC information, it will be get automatically

  • In my case it was all new VMs created on a single host so none of the typical cert/encryption issues apply.
    I solved my problem by enabling secure boot on the host. I wish Microsoft came up with a clearer error message for such a trivial config issue.

  • Sorry my bad, 551 was good, it's the 567 that need to be change.

    551 : $domaininfo.RIDMaster --> $domaininfo.DomainMode
    567 : $domaininfo.DomainMode --> $domaininfo.RIDMaster

  • Tpm work perfectly on Windows VM but can cause some problems on Linux.

    I get the same error when i move an existing vm to a new host or between cluster nodes. You have to use the same certificate key on all hosts. I Found different posts around about this problem.

    If you are using bitlocker in the vm + tpm, you could decrypt the disks on the vm runnimg, disable vTPM on the old host, move it to the new host and then enable vTPM and bitlocker

    Another Solution could be create a new vm and link the exisisting vhd file

  • Hi Krishnamoorthi,
    as I explained above, there is the possibility of packaging the AD module, to launch the script from a client, it will be more secure than doing it on the DC itself, adjust it too to remove the static variables will be interesting, as well as a GUI, if you agree you can tell me how to contact you to optimize it

  • I know this is an old post, but does free Hyper-V server 2019 support TPM?
    I can enable it on a newly created machine without any errors but I am unable to start any VMs with TPM enabled.

    Error is "The key protector could not be unwrapped"
    HostGuardingService-Client log shows the following error:
    "System.IO.FileNotFoundException: Could not find file 'C:Windowssystem32configVSMIDK"

    Just wondering if anyone knows if this is also a limitation of the free Hyper-V server or if I messed up my configuration somehow.

  • IMHO having been aboard the Securden wagon since about 02/2021. I would liken this to a real power-tool in the IT workshop. This has surprised me in many ways and the first one was that it "passed" rigorous requirements of our Enterprise Security team. One of the automation tasks it does for us is password rotation, this is saving us literally hundreds of labor hours per year. We use the RDP feature and provide our Securden portal as a "Launch pad" to let our internal customers RDP direct from the portal to a "Clean-room" or "Jump-server" where some production servers are. We do not pass around passwords any longer - Securden does this for us. Impressively locked down.
    I wish them all the best!

  • First of all, thank for the script.
    Unlikely I'm just getting one User out of the script with the following error in PowerShell:
    Get-ADUser : Not a valid Win32-FileTime.
    Parametername: fileTime

  • Thank you very much Krishnamoorthi. That was it. I am so sorry about such a stupid mistake. 🙂
    Thank you, I appreciate your help.


  • Ah, of course, forgot I'd need to expand the list of properties. Used that and have now resolved them all and documented them just incase.

    Thanks again.

  • Thank you for this, it's really helpful and puts my mind at ease to see a lot of green. I do have a query with regards to the 'Users with Password Not Required' line though. My report found;

    10,000 odd Total Users
    3000 enabled
    7000 disabled
    1100 inactive (how many days does it use for inactivity out of interest?)
    6000 users with password not required

    It's that last line that concerns me but looking into the script it's looking at all users where 'passwordnotrequired -eq $true'. I've ran that myself with get-aduser -filter * | where {$_.PasswordNotRequired -eq $true} and I get 0 results (which I'd expect). Any thoughts on why it's pulling 6000 as part of the wider script?

  • Hello Krishnamoorthi,
    I took your config.ini files and put it to the same location:
    PS C:ADcheck> dir

    Directory: C:ADcheck

    Mode LastWriteTime Length Name
    ---- ------------- ------ ----
    -a---- 1/8/2022 11:31 AM 33181 AD_SecurityCheck.ps1
    -a---- 1/11/2022 7:54 AM 241 Config.ini.txt
    -a---- 1/11/2022 7:54 AM 866 Log11_01_2022-07_54_25.log
    -a---- 1/11/2022 7:54 AM 15543 Reports11_01_2022-07_54_25.htm

    PS C:ADcheck>
    PS C:ADcheck> .AD_SecurityCheck.ps1
    Cannot find path 'C:ADcheckConfig.ini' because it does not exist.
    At C:ADcheckAD_SecurityCheck.ps1:43 char:25
    + switch -regex -file $FilePath
    + ~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (C:ADcheckConfig.ini:String) [], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound

    You cannot call a method on a null-valued expression.
    At C:ADcheckAD_SecurityCheck.ps1:82 char:1

    I have even tried to copy config.ini to C: root, but no success. And thats why I am wondering, why that issue is.
    Thank you


  • Hello Michael,
    -the script uses hard variables which limits it to DCs in English
    -the try catch method is not efficient to return error
    -an AD module can be injected in order to be able to launch the script without prerequisite and from client
    -I even thought to make a simple GUI interface which displays the result and allows advance configuration .ini
    but like I said? is there more interest than pingCastel

  • Hello guys,what a nice script, I just noticed a little error in the variable of RID master.
    Can you please edit the line 551 with $domaininfo.RIDMaster instead of $domaininfo.DomainMode ?


  • Too young, we've to wait the SP1 or something like that.

  • Hello,
    I am no as good as I expected in PowerShell, I was try to run script but cannot go trough this:
    Cannot find path 'C:ADcheckConfig.ini' because it does not exist.

    Even that file is on expected path, no success. And I think this is, what stopped me from running it.
    I will appreciate any advices.
    Thank you

  • Load More
© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account