Posted by Mads Dam on 30. J 2024 in Blog
If the media creation tool is failing for some reason – you can make a bootable USB yourself. This is for my reference. cmd (run as administrator) diskpart list disk (select the disk, that is the usb drive) fx: select disk 2 clean convert mbr create partition primary size=1024 format fs=fat32 quick assign active create partition primary select partition 2 format fs=ntfs quick assign exit copy everything but sources-folder to the fat32-drive copy sources to ntfs-drive...
Read More »
Posted by Mads Dam on 27. J 2024 in Blog
Here are the commands to clenaup a Microsoft Certificate Authority. It doesn’t do it by itself. This is a good thing, if you’re using some Key Archival-tech. But I’ve only ever used it for Always on VPN or Wi-Fi-access, so I don’t care if the expired certificates get cleaned up. Now you’re warned 🙂 This can take a LONG time, if you’ve never done it before – I recommend doing it in batches. First, find out how old your earliest...
Read More »
Posted by Mads Dam on 20. J 2023 in Blog
Annoying features, that I’d like default disabled (but perhaps configurable by user, if they actively seek it) [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\Recommended] “EdgeShoppingAssistantEnabled”=dword:00000000 “FavoritesBarEnabled”=dword:00000000 “PinBrowserEssentialsToolbarButton”=dword:00000000 “QuickSearchShowMiniMenu”=dword:00000000 “TranslateEnabled”=dword:00000000...
Read More »
Posted by Mads Dam on 18. J 2023 in Blog
From October 2023, Microsoft is adding a new “feature” called Azure Arc. If you, like me, don’t need it, you can run this in Powershell: Uninstall-WindowsFeature -Name AzureArcSetup
Read More »
Posted by Mads Dam on 14. J 2023 in Blog
This is just for my personal notes – I’m using this method to make sure that a machine is unable to browse the internet, unless VPN is connected. Ofc you also need to define outbound rules for your vpn-host. And also make a rule, that allow connecting to your DCs from any profile (that way it can detect if it’s on a domain-network instead and change a profile to that). If using Always-On-VPN, then also make a rule to let NlaSvc-service connect to anything ...
Read More »
Posted by Mads Dam on 29. J 2023 in Blog
For automation and security purposes, you can create a file with an encrypted password. The encrypted password is only usable with the same user, that creates the file and it has to be on the same machine. So there’s no use in copying the file around and using another user. You could probably also store this string in registry, if you’d like to. I haven’t tried this, though. Create file with encrypted password: Read-Host "Enter password" -AsSecureString |...
Read More »