Synchronize DSRM Password with a Domain Account


If you ever need to start a Domain Controller in Directory Service Restore Mode, you know the pain to find the appropriate password. When the DC is up and running, you can reset this password pretty easily with ntdsutil.exe. Managing it by hand is error prone and so not offer any benefits, so let’s make a GPO ! Continue reading

Override Bitlocker to Go Group Policy PowerShell

Override Bitlocker to Go Group Policy


In some organization, group policies admins enforce Bitlocker to go (Deny write access to removable drives not protected by BitLocker), that can be pretty annoying if you have an USB stick for your car, an ebook reader, or any type of device that does not support Bitlocker. Continue reading

Weak password encryption in Group Policy Preference


Since Windows Server 2008, we are able to set local administrator password thanks to Group Policy Preference but, this “encryption” key is available on MSDN, so, anyone can read the clear text password with a few lines of PowerShell. Continue reading