Category Archives: 70-410

Remote manage a non-domain server in servermanager


By default you cannot remote manage a non-domain server in servermanager, to which you are not authenticated. This happens for example when your computer is a member of a domain and the server you wish to manage is not a member of that same domain. That server is in a workgroup or a member of an other domain with no trust relationship.

To manage that computer you can add it to the trusted hosts list with a powershell command.

The concatenate switch is used to add the server to the list of trusted hosts. If you do not add this switch the current list will be overwritten.

Create a share on a fileserver


In this post I’ll explain how to create a share on a fileserver, set permissions and other options for the share.

Prepare the server

To create a share on a fileserver, first make sure the the File Server role is installed on the server. This feature is installed by default.

Get the current shares

Create a new share

Fist make sure you have a folder on the server. Next create the share.

to remotely create the share add the -cimsession option to the command.

Change permissions on a share

You want to keep the share permissions as simple as possible. To grant more detailed permissions you can use NTFS permissions on the folder or files. Bare in mind that Deny rights overrule the Allow rights.

To view the current permissions on a share:

To add permissions to a share

To remove permissions from a share


Configure Access-based Enumeration

You can hide folders from users that have no access to them. This is called Access-based enumeration. To enable this on a share disables users to view the folders where they do not have at least read access:





Enumerate Group Membership


With powershell you can get an insight about the nested group in the AD and enumerate group membership.

Which users are members of the Domain Admins group?

In which groups is an user a member?

Is a user a nested member of the Domains Admins group?


Reset or change the active directory services restore password


To reset or change the active directory services restore password you must use the ntdsutil command. This command lets you access and change settings in the ADS.


Make a server a Domain Controller


New domain and forest.

To make a windows server a DC (domain controller) you must first install the feature. I first use the get-WindowsFeature to see if the correct feature is targeted.

After the feature is installed, load the correct module and install the servers as a Domain controller for a new domain and forrest.

Existing domain and forest.

I you have already a domain and forest up and running you must add a server to this domain.


Demote a server.

To remove the domain controller function from a server use.

Use the get-help with this cmdlet to see the options you can use.

Access offline files (.wim, .vhd or .vhdx) using DISM


On the installation DVD of a Windows installation you find a file called install.wim. This file contains the complete installation of a new windows installation.

If you want to alter this installation you must use the DISM command. Deployment Image Servicing and Management (DISM.exe) is a command-line tool that can be used to service a Windows image or to prepare a Windows Preinstallation Environment (Windows PE) image. DISM can be used to service a Windows image (.wim) or a virtual hard disk (.vhd or .vhdx).

The steps for altering a file, in this case the install.wim file, follow these steps.

Read more »