Select-Object and other ways to skin a...

One Problem, Many Solutions

In PowerShell and pretty much any aspect of configuration management, there can be many ways to solve a problem. This really will come down to style at the end of the day. There is a camp where being super explicit in your script/language/examples etc. is desirable. There is another camp that takes the twitter approach and it is a bit of a challenge to see how much functionality can be crammed into the least number of characters as possible. And of course, there are the majority of folks who land smack in the middle.

Which one are you? For many people out there PowerShell is still relatively new and in my opinion being as explicit as possible is a huge benefit to the learning process. Typing everything out can be a pain but with the ISE especially there is amazing auto-complete and IntelliSense which makes this process very easy. Also, in the long run what you write today may not be looked at for a while or some colleague in the future may need to look at what you wrote. Being explicit in your scripts will benefit both of these scenarios. 

On the other hand learning the short-cuts can be super valuable and will help you become a true master of the language. If you use a lot of short cuts make sure to comment your scripts to show what it is you are doing. I know how much IT folks, especially scripters love to comment!

So, these three lines deliver the same information...

1. PS C:\ > Get-ADUser -Identity Kevin | Select-Object -ExpandProperty PropertyNames
2. PS C:\ > Get-ADUser Kevin | % PropertyNames 
3. PS C:\ > (Get-ADUser Kevin).PropertyNames

And there are more ways to get the same results... Check out this quick walk through...

Kevin

Hyper-V lab corrupt after Windows 10 upgrade?

OK, So I have no idea, yet, if this has anything to do with my upgrade to Windows 10 but the timing is suspicious.

I have a simple lab setup in Hyper-V running on my Windows 8.1 Lenovo w550s. Well it was running 8.1 until yesterday.

My lab consists of three VMs, one DC, one member Server and one client. I have three Virtual switches created, one internal and two external. The external switches are simply there so that I can quickly shift from traffic going through my wired network to traffic going through my wifi. There are surely lots of ways to do this but at the end of the day this is the most logical to me.

 


So, the member server is dual-homed and has one NIC on the Internal Network and one NIC on the external. The DC and the Client only have a single NIC each on the Internal Network. The member server runs RRAS and handles all traffic going in and out of the environment. It acts as a router for the Internal network.

"OK, blah, blah, blah. What is the point Kevin?"

I'm getting there... seriously. So, I was happily running this lab with all the great SDM solutions installed. Life was grand! Then I upgraded to Windows 10.

Now I'm a huge fan of Windows 10. I've been using it for months and I was seriously clicking the little logo in the tray of my new work laptop since July 29th to get the upgrade... it wasn't coming. Finally yesterday it is there! Yeah. Now, I'm not quite as excited as I am for the new Star Wars movie but my geek flag was flying.

The upgrade was smooth, really smooth, and quick. It was really nice. One minor issue, my dual monitor stopped working. I have a DisplayLink Thinkpad mini-doc thingy, it needed a new driver. That was it. I had heard some horror stories but my experience was great.

Then I launched my VMs and some super simple config was changed. I can't say it was the upgrade but I can't think of what could have done it. It didn't take long to diagnose but it could have. It wasn't super logical what happened, but it has to do with the above configuration. I just had to go into Hyper-V, check the Switch. My External Switch was changed to Internal. It just needed to be changed back.

I was showing how to do this in PowerShell and realized another issue. It appears the hyper-v help content, even after running update-help, isn't updating. Once I figure that out, I'll get a video posted of how to address this issue with hyper-v. But to get you started...

PS C:> Get-VMSwitch
PS C:> Set-VMSwitch

A bit more than that but you get the picture. 

Best,
Kevin

Windows 10 Administrative Templates

Have you been upgraded to Windows 10 yet? Are you a fan? I am. I've been working with and running Windows 10 on most of my home clients for months now. My work computer just upgraded today with little fan fare. One minor issue where Lenovo had a new Win10 Driver for a mini-port/DisplayLink device. Once I updated that driver all seems lovely!

As you may have seen from Group Policy MVPs and other enthusiasts and writers out there, the Windows 10 Settings spread sheet has arrived. I can't tell you how many times I have anxiously awaited the new spreadsheet. I've read through and studied far too many of these that I like to admit. 

If you haven't used the spreadsheet before don't be over whelmed. It is actually quite whelming, it is not over-whelming, nor is it under-whelming... it is just whelming. I literally yawned as I typed that sentence.

It is however cool and interesting. Knowledge of what settings you can manage for these new clients is super important and this spreadsheet is key to that knowledge.

Some Highlights

If you take a look at and filter on the column called 'New in Windows 10' you will find that there are 201 Administrative Template settings that are labeled as New in Windows 10. 

That is 139 Machine settings and 62 user settings. They are in a lot of ADMX files... 46 files to be close. There is one new setting in the grouppolicy.admx file. One setting to prevent programs from loading untrusted fonts. This setting actually has an interesting 'Audit' mode which allows you to see if blocking untrusted fonts makes bad things happen. Seems interesting, we'll see if it is useful. There are a few AppX related settings, there are many additions to inetres.admx and there are 20 settings in microsoftedge.admx.

Managing Edge will be new and it will interesting to see how people are using the new browser. I'll have to add some Edge customization's to my <gratuitous plug>"Managing Group Policy and Active Directory with PowerShell" session at Spiceworld on September 25th! </gratuitous plug>.

There is a new setting related to Credential Providers. I'm sure my friends at Specops Software will be interested in that one! 

Summary

Just a brief overview, check out the spreadsheet and the actual ADMX files at these links..

• ADMX Files
• Settings Spreadsheet

I'll continue to dive in to see what other interesting stuff is in there. I'll take a look at the security tab and put up an overview soon.

Enjoy!

Kevin

Group Policy Comments

Group Policy comments have great potential. I don't seem them used too frequently. This is unfortunate as they can be a simple way to document your GPOs so that you can quickly determine what the intent of a given bag of configuration settings may be.

The life-cycle of a Group Policy Object is not something that has received a lot of attention over the years. Microsoft's Advanced Group Policy Management is great, but not widely used and doesn't cover some key life-cycle needs. There are some tools out there to help in that area and at SDM Software you can find a couple of very nice solutions to common configuration issues. Take a look at Group Policy Compliance Manager and Group Policy Auditing and Attestation when you get a chance.

But, out of the box, comments are great and it may be helpful to take a few minutes to check them out. I recorded a bit of a stream of conscious discussion, with myself, on Group Policy comments. Take a look. If you have ideas of other topics around configuration, Group Policy, PowerShell and more, let me know. I'm happy to drill into different areas that may be helpful to folks.

Enjoy! 

Kevin

Clean up my Azure space

Starting a new job can be filled with rebuilding labs, cleaning up old configurations, essentially building up tech so that you can start from scratch.

There are so many benefits to being a Microsoft Alumni that I was simply not paying attention to. One of those it 50% off MSDN subscription (new subscription). That is amazing. I began my MSDN Pro subscription last week. With that level there are $150 a month worth of Azure services! This is great for testing.

I had used Azure quite a bit for different things while at Specops and my liveID was associated with the company. I had done a lot of configuration up there before and I wanted to clean up... get rid of VMs, Networks, essentially wipe and re-load... but no... not really.

The Directory Services I created for labs while at Specops (SullyCo and Speocps Product Services) are apparently there to stay. They most likely won't interfere with anything (but they could) but it is annoying to see artifacts in there that you won't ever use...

It also took me a while to actually figure out this was not possible, after trying many things... finally found the threads and discussions online about this.

Simply for regulatory reasons there should be a way to remove the Directory Services when they are deprecated. If anyone is aware of a way to do this, please let me know.

Kevin

Copy-VMFile and more

I'm setting up some labs and wanted to capture a few things. Here is a walk through of how to copy files from you Hyper-V host to Guest VMs. I touch on a few items that are a bit tricky and try to highlight some good techniques in using the amazing PowerShell.

Enjoy the video and let me know if more topics like this would be interesting or helpful.

Kevin

Old Friends, New Beginnings

I am so excited to have the opportunity to join my old friend, cohort in all things Group Policy and general good guy, Darren Mar-Elia. Darren has asked me to join his team to continue to deliver great solutions to the world. We are both passionate about the past, present and future of configuration management and configuration technologies in general.

It is an exciting time. Check us out at http://www.sdmsoftware.com and follow Darren (@grouppolicyguy) and me (@kevsully67) on twitter.

I'll begin to use this space as a general purpose, scratch-pad of sorts. I will also start blogging on the GPOGuy blog and be delivering some webinar content in the areas of configuration, powershell, Group Policy, DSC and more and more.

Find SDM Software on youtube, Facebook and wherever you wander. We'll try to be there.

Kevin