Powershell on Ru Campbell MVP

Reauthorise Windows Server DHCP with One Line of PowerShell

Sat, 26 Jun 2021 19:23:38 +0000

This will be a brief blog, as I am certainly not a DHCP expert or day-to-day administrator. I do, however, run a DHCP server on Windows Server 2019 constantly in my lab environment, but sometimes encounter a problem whereby the server is no longer authorised, and when I use the GUI to do so, I get the error the specified servers are already present in the directory service.

The PowerShell I use to resolve this does the following:

Microsoft Defender Antivirus – Schedule & Install Updates via Network Shares

Sat, 13 Mar 2021 21:28:12 +0000

Although not common, there are scenarios out where you will have LAN-only devices onboarded in Microsoft Defender for Endpoint (MDE), or at least using Microsoft Defender Antivirus (MDAV). With no line of sight to the internet, you can use options such as WSUS, but in this blog, I’ll explore using a network share, as WSUS isn’t always an option.

Create a directory on your file server with subdirectories for the different CPU architectures you’ll be supporting.

2. On the server, we’ll be installing a script provided by Microsoft. In PowerShell with elevated rights:

Use Intune to Manage Microsoft Defender for Endpoint Tags and Device Groups

Thu, 11 Feb 2021 21:24:59 +0000

In Microsoft Defender for Endpoint (MDE), tags can be attached to a device for reporting, filtering, and as a dynamic attribute for membership of a device group. Device groups (previously machine groups), are used to assign devices different rules and administrative ownership. A device can only belong to one group and controls settings such as auto-remediation level and which Role-Based Access Control (RBAC) roles have administrative permissions over it.

While you can assign tags, and therefore determine group membership, manually from the Security Center, this doesn’t exactly scale well.

Store BitLocker Recovery Keys in Azure AD for Devices Already Encrypted

Fri, 15 Jan 2021 18:18:36 +0000

As you move from on-premises or third-party infrastructure to Microsoft 365 and Azure AD, you will want to keep those BitLocker recovery keys safe. You can store those keys either in on-premises Active Directory or in the cloud with Azure AD.

The behavior of the BitLocker / Azure AD relationship is that the recovery keys will only be stored against the device object in Azure AD if the encryption happens when the device is already Azure AD or Hybrid Azure AD Joined. You can then retrieve the recovery keys from the Azure AD portal or Microsoft Endpoint Manager (which really just takes you back to Azure AD’s properties for the device).

PowerShell: Run Cmdlet If Another Was Successful (And Keep Trying Until It Is)

Fri, 23 Oct 2020 17:30:52 +0000

Today I’m sharing a useful bit of PowerShell I gracelessly punt from script to script whenever I need to make sure a prerequisite it met before running something and to keep checking until it’s met, then run what I need: “do X when Y is ready and keep checking Y until it’s ready”.