PowerShell: Update-Help via Scheduled Task in Group Policy Preferences

Introduction

If you’re like me, you probably like to ensure that all your computers have PowerShell updatable help updated on a regular basis. You can achieve this using a variety of methods, but since Group Policy Preferences are available out of the box using Windows 7 and later, I figured it would be the perfect tool to keep PowerShell help up-to-date! The following guide will show you how to implement a Windows Scheduled Task to update PowerShell version 3.0 help on a regular basis.

The following operating systems include Group Policy Preferences Client Side Extensions (GPP-CSE) out of the box:

  • Windows 7
  • Windows 8
  • Windows Server 2008 R2
  • Windows Server 2012

You can also deploy the Windows Management Framework Core 3.0, and Group Policy Preferences Client Side Extensions to Windows Server 2008 non-R2 systems, however the equivalent client operating system, Windows Vista, does not support WMF 3.0.

Read morePowerShell: Update-Help via Scheduled Task in Group Policy Preferences

PowerShell: Creating Active Directory Managed Service Accounts

Hey folks,

I’ve recently been trying to learn more about Active Directory Managed Service Accounts (MSAs), which are basically self-managing service accounts. You don’t have to manage the Service Principal Name (SPN) or password for MSAs, which makes them very good choices for running applications. You can read more about MSAs on Microsoft Technet at this URL.

Similar to MSAs are local “virtual accounts.” These do not have password to manage, and they can automatically manage their SPNs. These are not within the scope of discussion, however there are some links in the References section, which might help you to get more information about them.

Creating a Group Managed Service Account with PowerShell

I’ve been trying to create a MSA using PowerShell using the command below, but I kept getting an error. There is a Technet discussion forum post that addresses this same issue. In my scenario, I was running the command on a Windows Server 2012 domain controller.

Read morePowerShell: Creating Active Directory Managed Service Accounts

PowerShell: Retrieve List of SCCM Site Codes

If you’re using System Center Configuration Manager (SCCM / ConfigMgr) 2007, you may want to discover how many SCCM sites you have from Active Directory. Of course, this assumes that you have Active Directory publishing enabled on your primary sites. When enabled, SCCM automatically places site information underneath the CN=System Management,CN=System,DN=mydomain,DC=com container.

Read morePowerShell: Retrieve List of SCCM Site Codes

Restricting Settings by Active Directory Site with Only One GPO

Introduction

Have you ever wanted to configure a setting using a single Active Directory (AD) Group Policy Object (GPO), but have a different value for each logical AD “site” in your IT environment? Well, even if you haven’t, there are other folks out there that do. Here is a paraphrased version of an inquiry that I received recently:

“I am working on a Windows 7 deployment, and I would like to have custom wallpapers depending on the physical location. This I am able to do but there are 20+ Active Directory sites and can do it with a GPO assigned to each site. However, it would be easier to manage just a single GPO. Is this possible?”

In short, this person wants 20+ different wallpapers, but doesn’t want to have to create 20+ unique GPOs in order to configure the wallpaper. The most common suggestion in this case, at least historically, would probably be to write a custom user-based logon script (as opposed to a computer startup script) that checks the current AD site, and sets the wallpaper based on that. Granted, that would be a pretty solid solution, however with Group Policy Preferences (GPP), we have another option that requires no knowledge of scripting!

Let’s explore how to use Group Policy Preferences to consolidate multiple desktop wallpaper configurations (per AD site) into a single GPO!

Read moreRestricting Settings by Active Directory Site with Only One GPO

PowerShell: Creating the System Management Container

If you’ve ever worked with Systems Management Server (SMS) 2003 or System Center Configuration Manager (ConfigMgr / SCCM) 2007, you probably are familiar with the step of creating the “System Management” container underneath the “CN=System,DC=mydomain,DC=com” container in Active Directory. Normally you have to go into ADSIEdit.msc in order to do this, since you can’t create … Read morePowerShell: Creating the System Management Container

PowerShell: Removing a list of computers from Active Directory

@Kid_Zer0 on Twitter recently asked the following question: “Need to delete a list of computers from AD – anyone know how to do this in #PowerShell or #VBScript (List is from a file)” I’ve previously written several versions of an Active Directory cleanup script, but if you’re not seeking something that complicated, you can simply … Read morePowerShell: Removing a list of computers from Active Directory