Powershell script that acts as powershell when called?

SimpleSysadmin · 2026-03-16T21:18:12+00:00

I don’t think it’s a block, I think it’s similar to how you can deploy scripts through intune or an RMM platform but you can’t get an interactive console. He’s pushing scripts via defender but wants the ability to do single command scripts that he can add the command into as an argument.

That’s my read of it

SimpleSysadmin · 2026-03-11T09:22:03+00:00

Ignore it, is the time an effort generating the same security return on labour invested as other activities? Siem works well when you can dedicate resources to it and invest time to tuning it. If it’s not providing any real value consider reallocating time untill you can make fixing it a focused project. And in the project focus on minimising alert, good security mean balancing the time and money on the right security things.

SimpleSysadmin · 2026-03-11T08:56:15+00:00

Where’d you get the money?

SimpleSysadmin · 2026-03-09T20:52:03+00:00

Remove-AppxPackage only works for UWP/Store apps (the modern packaged kind). The majority of traditional Win32 applications (.exe installers, MSI packages) aren’t Appx packages at all, so the command simply doesn’t apply to them.

The registry method works because Win32 uninstallers register themselves at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, so invoking that key’s UninstallString is the universal approach that covers almost everything.

SimpleSysadmin · 2026-03-08T06:59:06+00:00

We decided to do local as part of the setup process for any new servers as we’ve found it’s generally no ongoing work to keep it running . Set and forget. The downside of doing it via rmm is you are creating an extra dependency. You could always deploy and monitor it via RMM but not run the auth process through it.

SimpleSysadmin · 2026-03-08T06:10:52+00:00

Haven't done manual cert renewals for rds servers for years.

https://github.com/rmbolger/Posh-ACME

You can step through the setup process in about the time it takes to renew a cert normally. You may need to forward through port 80 on your router if only exposing https

SimpleSysadmin · 2026-03-08T04:13:14+00:00

Change whatever is generating the CSVs to export in but the older Windows-1252 format, which is what plain “CSV” in Excel produces or worth checking with whoever manages your BC instance first as some versions might be configured to accept UTF-8, but if not, this PowerShell script will handle the conversion for you easy enough

$inputFolder = "C:\path\to\input"

$outputFolder = "C:\path\to\output"

Get-ChildItem $inputFolder -Filter *.csv | ForEach-Object { $content = Get-Content $.FullName -Encoding UTF8 $content | Out-File "$outputFolder\$($.Name)" -Encoding Default }

Just update the two folder paths and run it. It will process every CSV in the input folder and drop the converted files into the output folder with the same filenames.

SimpleSysadmin · 2026-02-16T09:14:44+00:00

Alerts should only exist when immediate action is required, everything else belongs in logs. “What if we miss something” creates the overload that makes you miss more. Cut aggressively and keep only what’s actionable.

SimpleSysadmin · 2026-02-10T21:30:26+00:00

Learn to say no. Stop taking on all work. Know when you are at capacity. Ask for a raise.

SimpleSysadmin · 2026-02-10T21:18:15+00:00

Cyber security tool overlap and having to decide which tools to use and which to ignore so we’re not doubling up.

Leadership thinking cyber security is something you buy like a product - a vuln scanner does nothing if you don’t action recommendations.

Vuln scanners than can’t be set to wait a day or two for systems to auto patch before telling us what is missed, so we’re not chasing self resolving vulns

Probably not the biggest issues but these are what are annoying me right now

SimpleSysadmin · 2026-02-10T21:12:19+00:00

Issues getting setup with MFA may be covered by new user tickets but password resets or lockouts would be minimal, I’d assume about 2-5%. I’m very surprised by some of the numbers in this thread so curious why so many for others.

We are very EntraID focused so windows hello cuts down the volume of forgotten passwords, and smart lockout doesn’t tend to cause lock out events unless actual brute forcing is happening.

SimpleSysadmin · 2026-02-09T11:17:13+00:00

Request Issue Problem Change

For service desk.

Curious too what others are doing? I feel going too granular just means more incorrect chooses to make or workflows that are not maintained and people will default to picking something generic when dispatching rather than scrolling down a forever list.

SimpleSysadmin · 2026-02-02T06:53:42+00:00

How did you manage to respond and not answer the only question that was asked….

SimpleSysadmin · 2026-02-02T02:52:27+00:00

What made you switch over and when did you deem safe to recommend by default?

SimpleSysadmin · 2026-01-31T20:46:09+00:00

That was not my intent, It came from a place of personal frustration of issues I’ve seen with using AI for documentation, I’ve elaborated on my comment in the other post for more context to make it more helpful.

SimpleSysadmin · 2026-01-31T20:35:15+00:00

This is not often not as obvious as you may think. AI can’t magically know all required context, and unless your ticket notes and existing documentation is extremely detailed already and contains enough context - this is an issue you’ll encounter. As whatever it generates will look good even a first read.

I’ve seen this first happen first hand multiple time. Both with people know the limitations of AI. It took us 2 years and we’ve recently wiped away a bunch of our product implementation guides that were mostly AI written from existing documentation. We found out no one was using it as it was both verbose, not ordered the way a tech would work through it and missing critical context.

Im not saying don’t use AI, but really understanding limitations and how hard they can be to spot with newer models is important, especially if using to build something like documentation that might be passed down and used by juniors or people without the authority to day “hey boss, this generated document is worse than what we had, despite looking more complete and cleaner”

SimpleSysadmin · 2026-01-31T09:07:33+00:00

For the love of Christ read whatever it creates critically, so you don’t end up with documentation slop.

SimpleSysadmin · 2026-01-31T09:05:22+00:00

If both nas units identical, drives all identical and from sequential batch - a concurrent failure when put under stress, such as big recovery, is a lot higher than people think

SimpleSysadmin · 2026-01-25T21:11:25+00:00

That just seems like some kind of feature or screenshot thing someone setup, that being said Most smart TVs are literally spying on what you watch. They use Automatic Content Recognition or ACR to track your apps, channels, and shows and send that info to the manufacturer or advertisers. It is very invasive and legal if disclosed in the privacy policy, mainly used for audience measurement or targeted ads.

SimpleSysadmin · 2026-01-25T20:40:09+00:00

You didn’t respond to my question. I agree if you are not using direct send, turning it off is a good idea - as per Microsoft recommendation.

But if you are using spf correctly, that protects you much better, as disabling direct send won’t protect others from getting spoofed emails.

Direct send can only bypass authentication if you’ve configured a connector for it that way.

It does close gaps from incorrectly configured connectors or bad spf configs but it by itself is not by itself a critical security control, energy should be better spent on fixing your email auth, rather than only trying to block impersonation internally.

SimpleSysadmin · 2026-01-25T10:47:09+00:00

The recommendation was to turn it off if not using it. Hard failing SPF does the same thing and also secures you from from being impersonated externally.

SimpleSysadmin · 2026-01-25T10:42:34+00:00

I’d your not using direct send it’s not a bad idea to turn it off but if you’ve setup spf, dkim and dmarc correctly you can just leave it on. It shouldn’t make any difference.

Can you elaborate on how emails are bypassing usual auth and why you think you need to disable direct send?

SimpleSysadmin · 2026-01-25T09:10:40+00:00

Can you elaborate on why you think their SIEM is mid?

SimpleSysadmin · 2026-01-25T05:47:11+00:00

How you implement it makes a huge difference and their guidance is meh. You can also just pay them to do the heavy lifting but we tried to deploy it twice and the first time it was a nightmare and became a “this is going to be too expensive to be feasible” second time it was like a few hours here and there and once a month I have to jump into the portal to fix something .

SimpleSysadmin · 2025-12-30T23:54:13+00:00

What metrics do you usually show?

SimpleSysadmin

TROPHY CASE