When you display log entries with Get-WinEvent, you may see some empty lines with only three dots. This happens because the first line of the message is empty, and Windows wants to show that there is more data after this empty line. To see the whole message, pipe your events to the Format-List cmdlet.
Sometimes you open an Access Control List and discover an orphan SID. However, before removing the permission you want to know to which account this SID was matching. The SID matched to a local account In this case, you are done. There is no way to find to which account name the SID was matching. … Continue reading How to resolve orphan SID’ account name with Powershell
Foreign Security Principals or FSPs have existed since Windows Server 2000. However, you could work as a system administrator for years without even noticing their presence because the mechanism behind them is almost fully transparent—almost. Contents of this article: FSPs in a nutshell Why an FSP becomes an orphan How to identify and clean up … Continue reading Clean up orphaned Foreign Security Principals
When you try to suspend BitLocker for one or several reboots, you may encounter the following error: This message appears when you combine the RebootCount parameter with the Suspend-BitLockercmdlet. It's because the RebootCount parameter is only available for the Operating System drive. Probably you tried the following command line: In fact, if your drives are … Continue reading [solved] 0x80310028 The drive specified is not the operating system drive
I had recently to reset a bunch of user accounts. Before informing people about the change, and in order to test my script I used the WhatIf parameter. Unfortunately, the Set-ADAccountPassword cmdlet didn't return anything... And after a few minutes, people started to call for help about their password... I didn't know that this is … Continue reading Buggy WhatIf parameter…