Jason Yoder, MCT

This is one that I picked up off of PowerShell.com.  The problem is that that the answer is a bit long so I’m posting it here.  The IT Pro in question wants to change the Computers Description in Active Directory to match the login name of the currently logged in user.  A few issues come to mind. 1 – Does all of the clients have RSAT installed?  I’m going to assume no.  That means that we cannot use the Active Directory Modules cmdlets. 2 - Does all of the users have the rights to modify the description field of a client in Active Directory.  By default, they do not.  We will set this up at the attribute specific level. 3 – How will this script run?  We will implement it as a login script. Modifying User Rights First off, let’s tackle the user rights issue.  All users in your domain are able to read the contents of Active Directory.  Only a hand full should be allowed to modify it.  We are going to modify AD to allow for our us...

So in my Windows class this week, I was asked if it is possible to disable the initial logon animation on Windows 8. You know, that one where you have to connect to the Windows App Store and then have to move the mouse around. By some strange coincidence, I actually hade the Windows 8.1 GPO Registry spreadsheet up. I did a quick internet search to find the correct registry setting, but did not find it as a GPO setting. Next up GPO preferences. Normally I would throw PowerShell into the mix, but this is one of those cases where I feel that a GPO is the better choice. You see, with PowerShell, I would have to contact the computer when it is convenient for both of us. In other words, when I am running the script and the client is online. With a GPO Preference, I make this change and the domain tells the client what to do when the client comes online. The registry setting is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System The key is a DWORD of EnableFirstLogon...

This will go down as one of my more devious posts. This week my PowerShell class seemed to be having from with my Out-Voice code that I published last year. One of them asked me if PowerShell could say good morning, afternoon, evening to you.  Well, Of course it can.  Since we were about to learn about IF statements, I turned this into an exercise.  To get this to work, you need to accomplish 3 tasks. First, you need to create the script. Second, you need to set up a GPO to launch the script.  Third, set up a GPO to disable the 5 minutes delay in launching user logon scripts in Windows 8.1.  Step 1: Set up the script. You need to make my Out-Voice code available to PowerShell by downloading the code and placing it at the beginning of the logon script.  This will make it available to the local system. In the same script, copy the code below after the Out-Voice code.  Take a moment to look at the help file for Out-Voice.  You can set a female...

This is an interesting question that I picked up from my moderator duties on PowerShell.com.  The question was how do I know what scripts are being run by my GPOs?  The function below will enumerate all of your GPOs and then let you know what scripts are being run.       Function Get-GPOScripts {     $GPOS = Get-GPO -all     ForEach ( $GPO in $GPOs )     {             $Obj = New-Object -TypeName PSOBject         $Obj | Add-Member -MemberType NoteProperty -Name "GPO" -Value $GPO . Displayname           [ xml ] $xml = Get-GPOReport -Name $GPO . DisplayName -ReportType xml           $User = $xml . documentelement . user . extensiondata . extension . script . command         $computer...

For those of you who have taken classes with me that involve Group Policy, you know the warnings that I have given about not using local policy.  Well, here is a link to an article at Microsoft that shows you how to disable them.  I would look at doing this to your deployment image since it is a one-to-one operation. http://technet.microsoft.com/en-us/library/cc730760.aspx

The PowerShell pipeline is one of the key features of PowerShell that allows you to greatly reduce the script code that you need to write to accomplish your goals.  Unfortunately, not all parameters in a cmdlet allow you to feed them data via the PowerShell pipeline. Here is an example. The Active Directory module has a cmdlet called Add-ADGroupMember.  This cmdlets intended purpose is to add an object, such as a user, to a group in active directory.  The Members parameter is used to add an object to the group.  Here is the help file for this parameter: PS C:\> get-help Add-ADGroupMember -Parameter Members -Members <ADPrincipal[]>     Specifies a set of user, group, and computer objects in a comma-separated     list to add to a group. To identify each object, use one of the following     property values. Note: The identifier in parentheses is the LDAP display     name.   ...