Archives for April 2016

Nothing lasts forever

For the last 3 years I have been employed by Knowledge Factory Consulting AB based here in Stockholm, Sweden. But nothing lasts forever, last year KF was purchased by Advania AB. Working in a small companies means that you know everyone, but working at a large company gives you an entirely different possibilities. This is change, one of my first consultant companies had an internal motto “the only constant is change”. You cannot expect things not to change.

Two months ago I turned in my letter of resignation to my boss. At the end of business today I will no longer be affiliated with Knowledge Factory or Advania. I will really miss the all the people that made up the company, what is was and what it is. There is no way I can say this without missing everyone. From some of the best technical guys in the business to the management and sales team and Lotta for making sure we got payed. I know I will run into some of you again, I’m not sure where yet though. My best guesses are Microsoft Ignite, at customers or perhaps over an after work beer.

I will continue to deliver what I do best. For inquiries please contact Toriv AB, just call me or mail [email protected]

During the coming weekend I will try to re-brand everything that I have related to the company on my blog, linkedin, twitter etc.

Remember who you are in a powershell window

So sometimes you run the same command so many times that you want it run at every time you start a powershell windows.

There are several profiles that can be loaded depending on how powershell is started. And there are also global policies for all users of a computer.


AllHosts are run for all types of Powershell, both regular console and ISE sessions. CurrentHost runs just for that specific so you can have different settings for ISE and console sessions.

The basic structure for the profiles are:

  • Locations:
    • Current user:  “$([environment]::getfolderpath(“mydocuments”))\WindowsPowerShell”
    • All users: “$($env:systemroot)\System32\WindowsPowerShell\v1.0\”
  • Filenames:
    • All types: profile.ps1
    • Console: PowerShell_profile.ps1
    • ISE:  PowerShellISE_profile.ps1

Since I am usually have more than one powershell at a time running with alternative credentials I had a hard time remember which windows was which. Of course I could have just run “whoami”, but that is also more work than needed. So I decided that placing the Username in the title was the way to go. This is also a good place to place other functions that you have written and you call all the time.

powershell with domain-username  [Read more…]

Using certreq to create selfsigned certificates

So sometimes you need to create self-signed certificates in windows. Sometimes I have done it using Openssl software, Windows 2012 and later does include Powershell support using New-SelfSignedCertificate. But all versions of Windows does include all the binaries required to do it natively. It is a two part thing, first create the INF file and then run certreq using that file.

It will create and sign the certificate. Im not really sure why it is also asking where to store the CSR (Certificate Signing Request) so I just close that dialog.

A super simple self-signed certificate

It does not get any simpler than this. It will not limit the intended purposes of the certificate and not really good key size. Sure we can make it better by adding some intended purposes and cryptology

A better self-signed certificate

But now and then we need that the certificate need answer for multiple names a so called SAN certificate.

A SAN certificate


Technet – Certreq

Filter by installdate

I was once asked if you could apply a GPO to computers before a certain date. My first answer was the simple solution, create a group add all computers that exist at that time into the group and then filter on that group.

If possible always do it the simple way, but they asked what would happen if a computer was reinstalled. Since the computer account will be reused it will still be in the group, this was a problem. So at this time we have to decide where to complicate things.

Do we want to complicate the tasksequence and let it remove the computer from the group or do we want to use a WMI filter on the GPO.

WMI filter has limitation they require a working WMI on the client, they also require that the client is running Windows XP or Windows 2003 Server (who has that running anyway right?). Using WMI we can create a simple WMI filter that will allow us to only target computers that are installed or reinstalled after a certain date.

wmifilter - only olders installs

It is a simple as that.

An SQL deadlock while editing a AAD Connect Syncronization rule

I ran into this issue when I was editing a AAD Connect syncronization rule. If you edit a AAD syncronization rule and set the same precedence as an already existing syncronization rule you will get a SQL deadlock warning.

A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

When I did it I did a copy of the original rule and then disable the original and set the new duplicate to the same precedence as the original, that was a bad idea. So check with another precedence. And let this be a lesson.