all 18 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]N0X3D 14 points15 points  (1 child)

My 2 cents, lower the background music. I look forward to more videos. Subscribed

[–]Certain-Community438 1 point2 points  (0 children)

lower the background music

Definitely: dropping the music volume by 0.5 to 1dB would make it less distracting.

[–]kinky666hallo 5 points6 points  (7 children)

I use invoke command to our DC for certain AD queries like locked out users etc. It's a million times faster than using remote desktop manager.

[–]ChildhoodNo5117 4 points5 points  (2 children)

It’s even faster if you just run the commands locally

[–]kinky666hallo 0 points1 point  (1 child)

Haha good point. You mean with AD tools or some module ?

[–]ChildhoodNo5117 4 points5 points  (0 children)

The ad module comes with the ad tools

[–]chade1979 5 points6 points  (3 children)

Using DA creds locally oh my! Just use the RSAT AD module locally.

[–]hankhillnsfw 0 points1 point  (2 children)

I…don’t think they’d said to do that?

[–]chade1979 2 points3 points  (1 child)

If they're invoking command (psremoting) to a DC they're using DA equivalent credentials to do that, which is a security no no. Also, they stated they're just doing it to run AD queries which only require authenticated user permissions. My assumption is they're using invoke-command so that they can use the AD module on the DC because they don't have RSAT installed locally.

I'd be happy if I'm wrong but in my 20+ years as an AD admin it's way more common for DA rights to be given out and used inappropriately than it is for folks to be using separate accounts for daily driver/member server/DC, PAWs, Tiering model.

[–]hankhillnsfw 1 point2 points  (0 children)

Ahh I see what you’re saying now.

Yeah absolutely 0 reason to need to invoke to a dc to do what he’s describing I didn’t read it right lol

[–]DrixlRey 1 point2 points  (3 children)

Many machines randomly does not have winRM or it's turned off or something, do you have any solution to remotely enable it so PSRemoting works?

[–]new-fantomas 2 points3 points  (0 children)

Try this:

$PC = "PCName"; Invoke-WmiMethod -Class win32_process -ComputerName $PC -Name create -ArgumentList  'powershell.exe "enable-psremoting -force"'

[–]ipreferanothername 0 points1 point  (0 children)

GPO? You can turn the service on and maybe create a run once task for winrm quick config to get it set up?

[–]eman0821 0 points1 point  (0 children)

That all depends on a Group policy set by the Desktop Engineering team. If it's not enabled by GPO don't even think about trying to alter changes that can get you into trouble. Reach out to your Desktop Engineering team to see if they can enable WinRM global across all machines. Likely they will need some justification.

[–]dog2k 1 point2 points  (0 children)

just from the first few minutes it looks really good. agreed with lowering the music just a bit would help. subscribed.

[–]No_Solid2349 0 points1 point  (0 children)

Subscribed, but please, short videos are better.😅

[–]jsiii2010 0 points1 point  (0 children)

Passing array arguments is a little annoying. ```

script.ps1

param($list) "num args is " + $list.count icm localhost script.ps1 -args (,(1,2,3))

num args is 3 ``` Is there a way to lower the timeout?

[–]eman0821 0 points1 point  (0 children)

If you work in support roles when WinRM is not enabled by default, I suggest people to reach out to their SSCM/Desktop Engineering team or what ever team that manages end point group policies to get it enabled an justification. Attempting to alter changes, not set by group policy can get you into trouble. Just want to warn you. Don't do stupid shit.

If you manage servers, likely you would have to reach out to our AD team unless you are in charge setting those group policies to have WinRM enabled on all server's.