RE: [NTSysADM] Using PS to query date of latest Windows Updates installed

> PS P:\software\PHA Scripts> Get-WULastResults > WARNING: To perform some operations you must run an elevated Windows > PowerShell console. > Get-WULastResults : Object reference not set to an instance of an object. /snip > So this cmdlet should return exactly what I am looking for, but for

Re: [NTSysADM] Using PS to query date of latest Windows Updates installed

PS P:\software\PHA Scripts> Get-Help Get-WULastResults NAME Get-WULastResults SYNOPSIS Get Windows Update results. SYNTAX Get-WULastResults [-ComputerName ] [-Debuger ] [-PSWUSettings ] [-SendReport ] [] DESCRIPTION Use Get-WULastResults cmdlet to get Windows

Re: [NTSysADM] Using PS to query date of latest Windows Updates installed

Well, that's very close, yes. I can do a "Get-WUHistory -MaxDate xxx", and it shows me all the updates since the specified date. But I don't need the detail, only the last installed date. So I'd have to parse that output. I will keep poking ... That value shows up when you look at Windows Updates

RE: [NTSysADM] Using PS to query date of latest Windows Updates installed

And you are running from an elevated PoSH session? Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Wednesday, January 17, 2018 10:27 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Using PS to query date of

[NTSysADM] domain admin account passwords management

I know we have LAPS for local admins. What is everyone doing for domain admin account passwords management and compliance? We are being asked to change passwords every 90 days and most of the domain admins are service accounts? So...what does everyone else do to automate/management this? David

[NTSysADM] RE: domain admin account passwords management

This is easy. Your remove domain admin from your service accounts. That is unacceptable, insane...really bad. Take your pick. If they need more than local admin on the box they are running then you dig in and give them the perms they need. Any vendor that says we need domain admin for a

[NTSysADM] RE: domain admin account passwords management

I used to have a security doc from MS (or maybe an MVP) that stated no more than 5 DA accounts and until needed, the SA and EA groups should be empty. Now I can't find the doc or the link to the original blog post. Thanks Carl Webster Citrix Technology Professional Fellow | iGel Tech

Re: [NTSysADM] Using PS to query date of latest Windows Updates installed

On Wed, Jan 17, 2018 at 12:27 PM, Melvin Backus wrote: > Isn’t Get-WULastInstallationDate giving you what you’re looking for? > It would be indeed! Presuming that it worked for me ... (and yes, that's an elevated session ...) PS SQLSERVER:\> Get-WULastInstallationDate

[NTSysADM] RE: domain admin account passwords management

I would suggest you should only have 4 (maximum) domain admin accounts. If Ford can get by with 4, so can you. And the actual Administrator account should have a disgustingly long password that is written down and put in a safe. I doubt highly that your service accounts need to be domain

[NTSysADM] RE: domain admin account passwords management

Granular password policy just for them. Make sure the expiration overlaps, so you always have one DA that isn't about to expire. One expires beginning of the quarter, one 3 weeks later and another 3 weeks after that for example. From: listsad...@lists.myitforum.com

RE: [NTSysADM] Using PS to query date of latest Windows Updates installed

What OS version? A Windows Update module is available on Windows versions 1709 and later. This includes Windows 10 Fall Creators Update, Windows Server 1709 and Windows Insider previews (Server and Client) post the 1709 release. The module supplies the following cmdlets Get-WUAVersion

Re: [NTSysADM] Using PS to query date of latest Windows Updates installed

On Wed, Jan 17, 2018 at 11:33 AM, Webster wrote: > And you are running from an elevated PoSH session? > Yes, I did a run as administrator, and got the same result. > > > > > Webster > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. >

[NTSysADM] RE: domain admin account passwords management

EA and SA should be empty, until needed. A DA can add themselves to those groups. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden Sent: Wednesday, January 17, 2018 9:30 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: domain

[NTSysADM] RE: domain admin account passwords management

If the DA is in the root forest. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife Sent: Wednesday, January 17, 2018 2:32 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: domain admin account passwords management EA and

Re: [NTSysADM] Using PS to query date of latest Windows Updates installed

Am 16.01.2018 um 22:46 schrieb Michael Leone: For the purposes of this report, I don't need any more detail than "When were updates last applied?". Please note that a recent applied date does not imply that the machine is fully patched. If the QualityCompat registry key is not there, it will

Re: [NTSysADM] domain admin account passwords management

Our domain has been promoted from NT4 to 2003, 2008 R2 and 2012R2, and we now have a DC at 2016. Someone, before I got here, disabled the Administrator account and renamed it, which is kind of silly, but I've never felt the need to rename it back to Administrator. There are 4 DA accounts, one

[NTSysADM] RE: domain admin account passwords management

Agreed on all accounts. With that said how do we still manage the EA, DA, and SA accounts with the 90 day rotation? From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Wednesday, January 17, 2018 12:15 PM To:

RE: [NTSysADM] Using PS to query date of latest Windows Updates installed

I have a blog post upcoming on those. Those are all wrappers around native binaries in windows 10 (and the native binaries are available since win10 was released). From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David L Herrick Sent: Wednesday, January

Re: [NTSysADM] Using PS to query date of latest Windows Updates installed

On Wed, Jan 17, 2018 at 12:59 PM, David L Herrick wrote: > What OS version? > Win 7, running WMF 5.0. > A Windows Update module is available on Windows versions 1709 and later. > This includes Windows 10 Fall Creators Update, Windows Server 1709 and > Windows