You are here:   Research
  |  Login

Welcome to my blog, quickest way to find articles is usually to search for them.

Search in All Title Contents

PSScriptPolicyTest script gets blocked by AppLocker in the event log. Why and what are those files?!

Jun 07 2017
If you are using AppLocker (which you should) and have enabled the function “MSI and Scripts” in AppLocker to whitelist only signed PowerShell scripts you will get some errors in the event log even though your scripts are signed. Checking the event viewer log for AppLocker events you will see that the logged on user tried to run 2 different scripts starting with __PSScriptPolicyTest and the extensions .ps1 and psm1. The full name is something like  __PSScriptPolicyTest_bavjba32.xjg.ps1 where the name is __PSScriptPolicyTest_<8-random-numbers-and-letters>.<3-random-numbers-and-letters>.ps1/psm1

Using File Screen to block Ransomware like WannaCry on server shares - Part 1

May 29 2017
There has been a lot of talk of the WannaCry malware last couple of weeks and I will try to describe how you can add another layer of security between a infected computer and your central file storage. There is already a few write-ups within this area, most of them only use the File Screen service to block users from creating new files with know extensions or renaming existing ones. This is a good start but it does not actually prevent the user (or the malware running in user context) from deleting all the files on your servers.

Setup BITS for ConfigMgr Current Branch

May 28 2017
When using ConfigMgr in distributed environments, there are times when you want to limit how much bandwidth a client is using when downloading content. In all fairness, when having techniques like Peer Cache, and BranchCache at your disposal, you may get away by not limiting the bandwidth, but for most distributed environments you probably want to configure BITS to control how much bandwidth that is used over the WAN links. BITS is after all the component that is used for the actual downloads.

Using the Unified Write Filter (UWF) feature in Windows 10

May 25 2017
In the Windows 10 Enterprise (including LTSB) and Windows 10 Education editions, you can enable the Unified Write Filter (UWF) feature to prevent changes to the hard drive. This is particular useful for kiosk-type scenarios, or classroom environments where you don’t want enthusiastic students to install software etc. on to the machines :)

Error 0x80070070 in ConfigMgr OSD during BIOS to UEFI step

May 23 2017
After I upgraded our SCCM to 1702 and the ADK to 1703 the step for converting a device from BIOS to UEFI in our Windows 7 –> Windows 10 Task sequence started to fail with an 0x80070070 error. This had worked without any problems in SCCM 1611 and the 1607 ADK so what had changed?

Blog Archive