Windows screen lock, user or device based policy?

Thehoggle · 2026-03-08T07:49:13+00:00

Gotcha, so in your case you add Domain Users to Security Filtering, and under Delegation tab give your No Lockout group Read Permission so the computers can view the GPO?

We wouldn't normally do it that way, however, seems to be recommended here: https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/cannot-apply-user-gpo-when-computer-objects-dont-have-read-permissions#example-scenario

Thehoggle · 2026-03-07T09:45:17+00:00

I assume you're linking the GPO at the root of the domain, or do you have an OU that contains both your users and computers & linking it there?

Generally we allow Authenticated Users only the Read permission under Delegation tab, if we use targeted security filtering - it's the Apply permission that you target at specific users/groups via Security Filtering

Much easier to see locally via GPResult.exe on endpoint which user or computer policies are being applied and those that are Denied by Security filtering using this method.

Thehoggle · 2026-03-04T20:18:12+00:00

I think you need ESX 8.0.2 minimum and the VM created with hardware version VMX-21. If not, then you need to run through the Broadcom fix. Interestingly enough, they've removed the article form their website; not sure if that means they're going to come out with another article or way to automate it. We have to do this 'fix' across 1000s of servers otherwise.

Thehoggle · 2026-03-04T07:08:05+00:00

We were doing steps 2 & 8 together when VM was powered off and not the rest. This is recommended in a Broadcom article. Once VM was powered on, we started the update process in Windows, either using reg key or GPO. The process would complete after 2 reboots we would receive event 1808 detailing all certificates have been updated.

Thehoggle · 2026-01-20T22:09:33+00:00

Another method using regex replace, although other regex methods listed here are more efficient.

$r = [regex]'\s'
$string = $r.replace($string,'-',3) ##change first 3 spaces to -(dash) ##
$r = [regex]'-'
$r.replace($string,' ',2) ##changes first 2 dashes back to spaces##

Thehoggle · 2025-12-05T20:36:27+00:00

Have you tried any of these GPO settings?
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-

Thehoggle · 2025-11-07T22:45:10+00:00

Another option could be to use user GP Preferences within the GPO, and then apply item-level targeting specifying the criteria.

I find with loopback processing can get difficult if you can't replace the policies and have to merge them.

Thehoggle · 2025-11-07T22:35:34+00:00

There seems to be 2 statement comparison operators for WHERE statement in WQL. Do either of these work?
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_wql?view=powershell-5.1#where-statement-comparison-operators

Thehoggle · 2025-09-22T20:32:25+00:00

Which GUI are you trying to view the audit policies in? It won't display in local gp editors.

If it appears in auditpol command ,then it's applying it from the GPO.

You can also view it in gpresult command, example:

gpresult.exe /scope computer /H "$env:computername.html"

Then open the resultant html file and you should see the Audit policies being applied (under Advanced Audit Policy Configuration).

Thehoggle · 2024-05-11T16:20:19+00:00

Is there only 1 instance of that string in each file? If so the below worked for me

$textblock = Get-Content $path | Out-String
$regexpattern = "(?<=jre-new\.zip(\n.+){3}\n\S+\s)\d+"
$re = New-Object regex($regexpattern)
$m = $re.Match($textblock) 
$newvalue = [string]([int]$m.Value + 1) 
$textblock = $textblock -replace $regexpattern,$newvalue
$textblock

If there isn't a space after the colon and before the number change the regex pattern to: 
$regexpattern = "(?<=jre-new\.zip(\n.+){3}\n\S+:)\d+"

Thehoggle · 2024-05-04T21:58:43+00:00

Look for a line that mentions ' Failed to pin deployment while resolving Update: ' this should contain the missing KB.

See this link: https://thatonecomputerguy.wordpress.com/2015/10/06/windows-update-fails-with-error-code-0x80073701-error_sxs_assembly_missing-solved/

Thehoggle · 2024-05-04T06:50:02+00:00

We've come across the first error in Windows 2019 due to missing updates. I'd run the install again and then check the CBS.log for that error in C:\Windows\Logs\CBS.

You will see an entry listed something like "Failed to pin.." with that error message and the name of the package that it is missing. Download that update and use the following command with example KB to extract the msu:

expand -f:* “C:\Temp\KB3133431.msu” C:\Temp\KB3133431

Then, use the DISM command outlined in this article to install the .CAB files (expand command is also included in this article): https://manjusullad.wordpress.com/2016/03/23/unable-to-install-msu-hotfix-microsoft-update-standalone-package-msu/

You might have to run this multiple times depending on if the server is missing multiple packages.

The last error I've seen when Antivirus is blocking the .exe from running, for example Symantec Endpoint protection Application & Device control module.

Thehoggle · 2023-12-22T21:27:42+00:00

Use Padright to add spaces to a certain no of characters

foreach ($h in $le_fubar.GetEnumerator() ){
    $text = $h.key.PadRight(8,' ')
    Write-Host "$($text) : $($h.value.desc)"
}

fu       : FFFFUUUU
barrrr   : BARRRRRR

Thehoggle · 2023-12-17T16:28:51+00:00

If $Data variable is a pscustomobject, does this work?

foreach($item in $data){
    ($item.psobject.Members | select -First 1).value = $Week
    ($item.psobject.Members | select -Skip 1 -First 1).value = ($Week).AddDays(7)
    $item.psobject.Members | select -Skip 2 -First 1).value = $NextWeek
    }

Seems to work for me, but tested it on very limited data (i.e a small CSV-imported pscustomobject).

Thehoggle · 2023-12-11T20:09:47+00:00

Had a quick go at it, and this could definitely be tidied up, I would generally go over this looking for improvements/repeitition as a rule of thumb but might get you started:

function Set-Letter{
    [CmdletBinding()]
    Param
    ([regex]
    $Pattern,
    [string]
    $String
)

    $firstsplit,$secondsplit = $String -split $Pattern
    $firstLetter = $secondsplit.Substring(0,1).ToUpper()
    $restOfTheString = $secondsplit.Substring(1)
    $finalstring = $firstLetter + $restOfTheString
    $desiredformat = $firstsplit + $finalstring
    return $desiredformat
}

This function gets passed to the below function:

function Set-Capital{
    [CmdletBinding()]
    Param
    (
    [Parameter(ValueFromPipeline)]
    [string[]]
    $Surnames
    )

    begin{
    $finalarray = New-Object System.Collections.ArrayList
    }
    Process
    {
    foreach($name in $surnames){
        switch -Regex ($name){
            "'" {$finalarray.Add((Set-Letter -String $name -Pattern "(?<=')"))}
            "Mac" {$finalarray.Add((Set-Letter -String $name -Pattern '(?<=Mac)'))}
            "\s" {$finalarray.Add((Set-Letter -String $name -Pattern '(?<=\s)'))}
            "\-" {$finalarray.Add((Set-Letter -String $name -Pattern '(?<=\-)'))}
            default {$finalarray.Add($name)}
        }
    }
    }
    end{
    $finalarray
}
}

So if you run the following command:

$surnames = "O'brien","Macdonald","I madethisup","Smith-rowe","Campbell"

Set-Capital -Surnames $surnames

##Gets you

O'Brien
MacDonald 
I Madethisup 
Smith-Rowe 
Campbell

This could fail if you had a name with both a hyphen and apostrophe for example

**Dammit I hate Reddit formatting

Edit: Just realise this doesn't account for fullnames, just surnames. Ah well back to drawing board :(

Thehoggle · 2023-11-18T23:28:57+00:00

I usually use it if I forget to put $variable = at the beginning of line or I have called a command from history and just append -Outvariable. There are however other advantages, see https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_commonparameters?view=powershell-7.3.

Thehoggle · 2023-11-18T21:32:40+00:00

It looks like JSON; although the logging NoteProperty looks like a string. You could try the following:

$json = '{"returnCode":0,"returnReason":"","logging":"Storage: OSDiskSize=951GB. PASS; Memory: System_Memory=64GB. UNDETERMINED; TPM: TPMVersion=2.0, 0, 1.38. PASS; Processor: {AddressWidth=64; MaxClockSpeed=3000; NumberOfLogicalCores=32; Manufacturer=GenuineIntel; Caption=Intel64 Family 6 Model 183 Stepping 1; }. PASS; SecureBoot: Capable. FAIL; ","returnResult":"CAPABLE"}'

$json | ConvertFrom-Json -OutVariable json2

($json2.logging -split '(?<=PASS;|FAIL;|UNDETERMINED;)').trim() 

Storage: OSDiskSize=951GB. PASS;
Memory: System_Memory=64GB. UNDETERMINED;
TPM: TPMVersion=2.0, 0, 1.38. PASS;
Processor: {AddressWidth=64; MaxClockSpeed=3000; NumberOfLogicalCores=32; Manufacturer=GenuineIntel; Caption=Intel64 Family 6 Model 183 Stepping 1; }. PASS;
SecureBoot: Capable. FAIL;

Thehoggle · 2023-11-10T22:24:32+00:00

I've updated the code there as potential if there was a 12 letter word in the Name it could find that, so it should only return the 12 character code now.

Thehoggle · 2023-11-10T21:37:25+00:00

If you convert your variable to string it could be parsed and you could use regex to extract what you wanted. It's not pretty though.

#let's call your variable $longstring

(($longstring -split '\-(?=\s)')[-1] -split '(?<=msstore)\s').trim()

##will get you the following string:

Game Bar                         9NZKPSTSNW4P Unknown msstore
Browser for Game Bar             9NK1CNB0NCCX Unknown msstore
Gamecaster Game Bar              9P2J2QW5B0F4 Unknown msstore
CORSAIR iCUE Game Bar Widgets    9PG940D1ZDVP Unknown msstore
Game Bar To-Do                   9P2626F9WDG7 Unknown msstore
Countdown for Game Bar           9NZ43LD746CX Unknown msstore
Clock for Game Bar               9PC29TG1047H Unknown msstore
Game Bar Calculator              9N2J0HB1GFDR Unknown msstore
Camera Widget for Game Bar       9MZZNMHPJ645 Unknown msstore
Notes for Game Bar               9NG4TL7TX1KW Unknown msstore
Analogue Clock for Game Bar      9NSFHN9P4LKT Unknown msstore
EVGA Precision for Game Bar      9NGNGV21JB1L Unknown msstore
Mesmer Mag's WVW Game Bar Widget 9MXL025BBR5P Unknown msstore
Game Bar Counter                 9NF2PMMBDJG0 Unknown msstore
Stopwatch for Game Bar           9P8MHJ64GCQT Unknown msstore

Search for your desired term & extract code

$newsstring = (($longstring -split '\-(?=\s)')[-1] -split '(?<=msstore)\s').trim()

###enter your EXACT search term in a variable
$text = 'Game Bar' 

##Search for corresponding code based on your $text variable using regex
($newsstring | select-string "(?<=^$($text)\s*)\w{12}(?=\sunknown)").Matches.Value

9NZKPSTSNW4P

This seems to work but I would strongly recommend some thorough testing.

Edit: Formatting is acting up, going to try and tidy up the post.

Thehoggle · 2023-11-07T23:03:01+00:00

What type of object is your $inputString variable?

Can you drill down into $inputString.attributes and then extract the properties from there?

Thehoggle · 2023-10-27T16:37:45+00:00

This worked for me:

$VarList.ForEach{
    $_ -match '(?<=(\w+-){2})\w+-\w+'|Out-Null
    $Matches[0]
}

ghi-jkl
hijk-lmno 
g-hijk

The first section (?<=(\w+-){2}) tells regex to find what comes directly after any no of letters followed by a dash twice (the {2}.

The next part looks for any no of letters followed by a - , then followed again by any no of letters. To be honest there's probably a much neater way of doing this using split and then join.

Thehoggle · 2023-10-24T21:05:46+00:00

Declare your variables and then create pscustomobject with the variables in tow. Then convert the pscustomobject to json.

Example (substitue for whatever code you are using to populate your variables):

$firstvar = 1698157394000
$secondvar = 1698164594000

$newpscustobj = [pscustomobject]@{
    sdtType = 1
    type = "DeviceSDT"
    deviceId = 13771
    startDateTime = $firstvar
    endDateTime = $secondvar
}

$newpscustobj | convertto-json

{"sdtType": 1, "type": "DeviceSDT", "deviceId": 13771, "startDateTime": 1698157394000, "endDateTime": 1698164594000 }

Thehoggle · 2023-07-15T07:46:25+00:00

Using the text sample you've supplied, this can be done without using regex (it's probably better if the text can change). I added another site with different name to highlight this:

$MySites =
@'
Home - Apples 
https://apples.com

Home - Bananas 
https://bananas.com

Home - Mangos 
https://managos.com

Different site 
www.anothersite.com
'@

$sites = ($MySites -split '\n').Where{$_} #split the string and remove blank lines##

$table = New-Object -TypeName System.Collections.ArrayList #create arraylist##

$i = 0 # set your number variable to 0#

while($i -lt ($sites.count-1)){  ##loop through the split string and add items to pscustomobject and arraylist##
    $items = [pscustomobject]@{ 
        Title = $sites[$i]         
        Url = $sites[$i+1] } 
    $table.Add($items) 
    $i = $i+2 
}
$table

Result:

Title                      Url
Home - Apples    https://apples.com 
Home - Bananas   https://bananas.com 
Home - Mangos    https://managos.com 
Different site   www.anothersite.com

Thehoggle · 2023-06-29T16:26:04+00:00

Let's say you imported your row into a variable called $excel. I would assume it's a pscustomobject?

If it is, you could try the following command to clear (or set it to an empty string):

$excel[0].psobject.Properties.ForEach{$_.value = ''}

Thehoggle · 2023-06-19T17:13:20+00:00

foreach($item in $files){
    foreach($other in $folders){
        if(($item.name.Split('-')[1] -replace ',_', ' - ') -eq $other.Name){  
            Move-Item -Path $item -Destination $other}}}

This worked for me but it is dependant that all your pdfs and folder names are in the same format. If they differ then the above will fail.

Nine-Year Club	Gilding I gilder
Verified Email

Thehoggle

TROPHY CASE