> PS P:\software\PHA Scripts> Get-WULastResults
> WARNING: To perform some operations you must run an elevated Windows
> PowerShell console.
> Get-WULastResults : Object reference not set to an instance of an object.
/snip
> So this cmdlet should return exactly what I am looking for, but for
PS P:\software\PHA Scripts> Get-Help Get-WULastResults
NAME
Get-WULastResults
SYNOPSIS
Get Windows Update results.
SYNTAX
Get-WULastResults [-ComputerName ] [-Debuger
] [-PSWUSettings ] [-SendReport
]
[]
DESCRIPTION
Use Get-WULastResults cmdlet to get Windows
Well, that's very close, yes. I can do a "Get-WUHistory -MaxDate xxx", and
it shows me all the updates since the specified date. But I don't need the
detail, only the last installed date. So I'd have to parse that output.
I will keep poking ... That value shows up when you look at Windows Updates
And you are running from an elevated PoSH session?
Webster
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Michael Leone
Sent: Wednesday, January 17, 2018 10:27 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Using PS to query date of
I know we have LAPS for local admins.
What is everyone doing for domain admin account passwords management and
compliance?
We are being asked to change passwords every 90 days and most of the domain
admins are service accounts?
So...what does everyone else do to automate/management this?
David
This is easy. Your remove domain admin from your service accounts. That is
unacceptable, insane...really bad. Take your pick. If they need more than
local admin on the box they are running then you dig in and give them the perms
they need.
Any vendor that says we need domain admin for a
I used to have a security doc from MS (or maybe an MVP) that stated no more
than 5 DA accounts and until needed, the SA and EA groups should be empty. Now
I can't find the doc or the link to the original blog post.
Thanks
Carl Webster
Citrix Technology Professional Fellow | iGel Tech
On Wed, Jan 17, 2018 at 12:27 PM, Melvin Backus
wrote:
> Isn’t Get-WULastInstallationDate giving you what you’re looking for?
>
It would be indeed! Presuming that it worked for me ... (and yes, that's an
elevated session ...)
PS SQLSERVER:\> Get-WULastInstallationDate
I would suggest you should only have 4 (maximum) domain admin accounts.
If Ford can get by with 4, so can you.
And the actual Administrator account should have a disgustingly long password
that is written down and put in a safe.
I doubt highly that your service accounts need to be domain
Granular password policy just for them. Make sure the expiration overlaps, so
you always have one DA that isn't about to expire. One expires beginning of the
quarter, one 3 weeks later and another 3 weeks after that for example.
From: listsad...@lists.myitforum.com
What OS version?
A Windows Update module is available on Windows versions 1709 and later. This
includes Windows 10 Fall Creators Update, Windows Server 1709 and Windows
Insider previews (Server and Client) post the 1709 release.
The module supplies the following cmdlets
Get-WUAVersion
On Wed, Jan 17, 2018 at 11:33 AM, Webster wrote:
> And you are running from an elevated PoSH session?
>
Yes, I did a run as administrator, and got the same result.
>
>
>
>
> Webster
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
>
EA and SA should be empty, until needed. A DA can add themselves to those
groups.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of David McSpadden
Sent: Wednesday, January 17, 2018 9:30 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: domain
If the DA is in the root forest.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Heaton, Joseph@Wildlife
Sent: Wednesday, January 17, 2018 2:32 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: domain admin account passwords management
EA and
Am 16.01.2018 um 22:46 schrieb Michael Leone:
For the purposes of this report, I don't need any more detail than "When
were updates last applied?".
Please note that a recent applied date does not imply that the machine
is fully patched. If the QualityCompat registry key is not there, it
will
Our domain has been promoted from NT4 to 2003, 2008 R2 and 2012R2, and we
now have a DC at 2016.
Someone, before I got here, disabled the Administrator account and renamed
it, which is kind of silly, but I've never felt the need to rename it back
to Administrator.
There are 4 DA accounts, one
Agreed on all accounts.
With that said how do we still manage the EA, DA, and SA accounts with the 90
day rotation?
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Michael B. Smith
Sent: Wednesday, January 17, 2018 12:15 PM
To:
I have a blog post upcoming on those. Those are all wrappers around native
binaries in windows 10 (and the native binaries are available since win10 was
released).
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of David L Herrick
Sent: Wednesday, January
On Wed, Jan 17, 2018 at 12:59 PM, David L Herrick
wrote:
> What OS version?
>
Win 7, running WMF 5.0.
> A Windows Update module is available on Windows versions 1709 and later.
> This includes Windows 10 Fall Creators Update, Windows Server 1709 and
> Windows
19 matches
Mail list logo