Filter by installdate

I was once asked if you could apply a GPO to computers before a certain date. My first answer was the simple solution, create a group add all computers that exist at that time into the group and then filter on that group.

If possible always do it the simple way, but they asked what would happen if a computer was reinstalled. Since the computer account will be reused it will still be in the group, this was a problem. So at this time we have to decide where to complicate things.

Do we want to complicate the tasksequence and let it remove the computer from the group or do we want to use a WMI filter on the GPO.

WMI filter has limitation they require a working WMI on the client, they also require that the client is running Windows XP or Windows 2003 Server (who has that running anyway right?). Using WMI we can create a simple WMI filter that will allow us to only target computers that are installed or reinstalled after a certain date.

wmifilter - only olders installs

It is a simple as that.

Recover deleted files/folders on a Workstation

So you have managed to delete some files/folders. Or perhaps even the wrong profile by scripting.

  • First rule of recovery: Don’t write the hard drive from where you want to recover data. If possible shut of the computer until you have a plan.
  • Second rule of recovery: Don’t forget to take backups.
  • Third rule or recovery: Backups are only as good as the last restore test.

There are a couple of ways to recover data that has been deleted but not yet overwritten, but this blog post is about one method. This method requires the System Restore to be enabled. A little list of options:

  • Restore using your backup. There is no replacement for a good backup.
  • Restore using this method (Shadow Copy).
  • Restore using data recovery software.
  • Restore using restore company, for example IBAS.

So how do we restore delete files from a workstation using the Windows Shadow Copy Service? [Read more…]

Getting the computername in Powershell

Update 2015-07-03:

So I got two comments from Paul Wiegmans. These were mainly that the functions delivered different hostname vs netbios version. And that I had missed a good function. And I’m so used to that since windows limits the Netbios computername to 16 characters, where the last one is a reserved character so I forgot to test for longer versions.

Updated blogpost with all the glory:

Last weekend my company and a couple of customers had an event in the Swedish village of Åre. To cut to the chase we had both speakers from Knowledge factory, TrueSec and Microsoft at the event. And during Bruce Payette‘s presentation I noticed that he used hostname instead of $env:computername as I and other use. So I talked a little with him about it, and decided to write a blog entry about it. So we discussed a couple of options mostly using $env, the .NET method and hostname.exe. I also decided to test the speed of a couple of ways. Lets start with the speeds and go from there.

[Read more…]

Useful WMI(C) commands

Sometimes you need to run WMI queries on older Windows machines or in Preinstallation Environment (WinPE) environments. So with powershell its really easy, Get-WMIObject -Class win32_WhatYouWant. So now you are stuck without Powershell, lets use the old WMIC command instead. WMIC has been available from Windows 2003. [Read more…]

Special NTP GPO for the PDC

Each and every domain should be timesynced to the realworld, outside stockholm where I live. Sorry old joke from the old Swedish Comedy series.

Well all domains should have a reliable time provider, I suggest using an internet source or a GPS source. Also All domains should have a easy to understand time sync tree. I want the PDC to own the time for the domain. But since that role might move, smarts is required. I create a WMI filter and a GPO that I link into the Domain Controllers OU. Please dont move the domain controllers from there..

[Read more…]