Create a report on local DNS lookups using PowerShell

When troubleshooting a system, you sometimes need to know what DNS lookups are being done. This will give you a good insight into traffic from the systems to the local network or internet. You can do this with DNS auditing on your Windows server or in your local Pihole server, but that's not always available 😉 This blog post will show you an easy way to create a report without extra tools.

Create a TCP/UDP port listener using PowerShell

One of our customers is securing his network, and firewall changes were made that needed to be tested. In this case, the new servers were not yet deployed in that specific network. But... We did want to test the connections before deploying the servers 🙂 In this blog post, I will show you how to create listening ports on a machine to test the connection from another network using netcat on Linux or portqry on Windows.

PowerShell and logging

Sometimes it's the last place that admins look... Logs 🙂 Something goes wrong, and you don't know why. Logs tell a lot! (When I deploy some Endpoint Manager packages and suddenly they don't work, I put in some logging and discover why things don't work) This blog post shows you a few ways to enable logging and how to read back all PowerShell actions on a device.

Report on Active Directory OU permissions using PowerShell

For one of our customers, we are working on restricting permissions of admin accounts by implementing Role Based Access and delegating permissions to Organizational Units (OUs). But one of the first questions was… What are the current permissions, and what should we remove and where? In this blog post, I will show you a way to report on the current permissions so that you can remove them where they shouldn't be granted 🙂

Retrieve Security events from Active Directory using PowerShell

In a previous blog post (here), I wrote about how to get a list of changes in Active Directory administrative groups. I got a question about that on Facebook... The question was: Nice to get a list of changed groups and what the change was, but what account made that change? This blog post shows you a way to get all the security events from the Domain Controller security logs 🙂

Using the PowerShell SecretManagement module

Sometimes you need to enter credentials in a script to connect to something, you can prompt the user to enter credentials but that doesn't work for Scheduled Tasks of course 🙂 Using a clear-text password in a script is never a good idea and that's where the SecretsManagement module comes into play, this blog post will show you how you can use it in your scripts.