Category Archives: Training

Remote manage a non-domain server in servermanager


By default you cannot remote manage a non-domain server in servermanager, to which you are not authenticated. This happens for example when your computer is a member of a domain and the server you wish to manage is not a member of that same domain. That server is in a workgroup or a member of an other domain with no trust relationship.

To manage that computer you can add it to the trusted hosts list with a powershell command.

The concatenate switch is used to add the server to the list of trusted hosts. If you do not add this switch the current list will be overwritten.

Create a share on a fileserver


In this post I’ll explain how to create a share on a fileserver, set permissions and other options for the share.

Prepare the server

To create a share on a fileserver, first make sure the the File Server role is installed on the server. This feature is installed by default.

Get the current shares

Create a new share

Fist make sure you have a folder on the server. Next create the share.

to remotely create the share add the -cimsession option to the command.

Change permissions on a share

You want to keep the share permissions as simple as possible. To grant more detailed permissions you can use NTFS permissions on the folder or files. Bare in mind that Deny rights overrule the Allow rights.

To view the current permissions on a share:

To add permissions to a share

To remove permissions from a share


Configure Access-based Enumeration

You can hide folders from users that have no access to them. This is called Access-based enumeration. To enable this on a share disables users to view the folders where they do not have at least read access:





Enumerate Group Membership


With powershell you can get an insight about the nested group in the AD and enumerate group membership.

Which users are members of the Domain Admins group?

In which groups is an user a member?

Is a user a nested member of the Domains Admins group?


Reset or change the active directory services restore password


To reset or change the active directory services restore password you must use the ntdsutil command. This command lets you access and change settings in the ADS.


Make a server a Domain Controller


New domain and forest.

To make a windows server a DC (domain controller) you must first install the feature. I first use the get-WindowsFeature to see if the correct feature is targeted.

After the feature is installed, load the correct module and install the servers as a Domain controller for a new domain and forrest.

Existing domain and forest.

I you have already a domain and forest up and running you must add a server to this domain.


Demote a server.

To remove the domain controller function from a server use.

Use the get-help with this cmdlet to see the options you can use.

Access offline files (.wim, .vhd or .vhdx) using DISM


On the installation DVD of a Windows installation you find a file called install.wim. This file contains the complete installation of a new windows installation.

If you want to alter this installation you must use the DISM command. Deployment Image Servicing and Management (DISM.exe) is a command-line tool that can be used to service a Windows image or to prepare a Windows Preinstallation Environment (Windows PE) image. DISM can be used to service a Windows image (.wim) or a virtual hard disk (.vhd or .vhdx).

The steps for altering a file, in this case the install.wim file, follow these steps.

Read more »

Blog for MVA: Using PowerShell for Active Directory


Get to the Microsoft Virtual Academy and follow the course: “Using PowerShell for Active Directory” with Jason Helmick and Ashley McGlone (GoateePFE)

The blog of this session and the session itself are online available.

Great blog with lots of code on Powershell and active directory.

Some topics that are being addressed are:

  • Users and Groups
  • Quering
  • Forensics
  • Recovery

Use a Powershell Scriptblock


You can use a powershell scriptblok to execute a command on multiple computers.

If you use the invoke-command code you have to re-open the connection every time you execute a command to the remote computer. There are more ways to perform this task. This is just one of them.

This script uses credentials and some servers and pretents to stop a service. You can replace this however with every other command you choose naturally.


MVA: Using PowerShell for Active Directory


Using PowerShell for Active Directory

IT Pros, want to automate redundant tasks and do it right the first time? Learn how to turn your real-time management and automation scripts into useful reusable tools and cmdlets. Use PowerShell to better create, query, update, delete, and manage your Active Directory. You might be surprised at how straightforward it is. You can even use it for forensic data investigation, learn what was changed and when, and manage your environment in scale.

Watch renowned experts Ashley McGlone and Jason Helmick for informative deep drills and coding one-liners, plus a fast and fun round of “Challenge the Master.” Learn how PowerShell works and how to make it work for you!

MVA: Getting Started with PowerShell Desired State Configuration (DSC)


25 februari 2015 18:00 – 02:00 (Dutch time) Getting Started with PowerShell Desired State Configuration (DSC)
Are you keeping up with PowerShell Desired State Configuration (DSC)? It’s one of the fastest-moving technologies today. But more than that, it literally transforms how IT Implementers deploy and manage on-premises resources and those extended to the cloud for both Windows and Linux environments. Get a solid foundation with this course, and build on it with “Advanced PowerShell Desired State Configuration (DSC) and Custom Resources,” on February 26.

Read more »