New Blog post - Permanent WMI Event Handling

[doctordns]

PR Summary

PR Checklist

• Do you want this post to be published on a specific date?: Y/N [Specify date]:
• I have read the contributors guide and followed the style and process guidelines
• PR has a meaningful title
• Includes content related an open issue
  • see Closing issues using keywords.
• This PR is ready to merge and is not Work in Progress

[sdwheeler]

See my comments and suggestions. Call me in Teams if you have questions.

[sdwheeler]

Suggested change

	## WMI
	Windows Management Instrumentation (WMI) is an important component of the Windows operating system.
	## WMI
	Windows Management Instrumentation (WMI) is an important component of the Windows operating system.

[sdwheeler]

One of the tenets of this blog is that we don't allow marketing. I am OK with linking to your book, in the right context. See my suggestion at the bottom of the article. I think it reads better there and comes off like a pitch for your book.

Suggested change

	And for some more details on using WMI and Powershell, look at using PowerShell 7 and WMI, look at [my recently published PowerShell 7 book](https://www.wiley.com/en-gb/PowerShell+7+for+IT+Professionals-p-9781119644705).
	In chapter 9, I devote a chapter to WMI and using the CIM cmdlets.
	To see just the scripts for that chapter, see my [GitHub repository](https://github.com/doctordns/Wiley20/tree/master/09%20-%20WMI).
	The scripts show you the basics of WMI and PowerShell 7.

[sdwheeler]

Suggested change

	If not, you might like to look at the [WMI Documentation](https://docs.microsoft.com/windows/win32/wmisdk/wmi-start-page)
	If not, you might like to look at the [WMI Documentation](https://docs.microsoft.com/windows/win32/wmisdk/wmi-start-page).

[doctordns]

will add the full stop.

[sdwheeler]

Suggested change

	This script displays a list of the current members of the Enterprise Admins group to a log file and reports whether the membership now contains unauthorised users.
	If the script finds that an unauthorised user is now a group member, it writes details to a text file for you to review later.
	This script displays a list of the current members of the **Enterprise Admins** group to a log file and reports whether the membership now contains unauthorized users.
	If the script finds that an unauthorized user is now a group member, it writes details to a text file for you to review later.

[doctordns]

will revise for American English

[sdwheeler]

Suggested change

	In this post, you want to detect whether an unauthorised user is a member of the Enterprise Admins group.
	You must first create a file of authorised users.
	In this post, you want to detect whether an unauthorized user is a member of the **Enterprise Admins** group.
	You must first create a file of authorized users.

[doctordns]

will update for US english

[sdwheeler]

Suggested change

	# 11. Tidying up
	# 11. Tidying up

[doctordns]

removed blank line.

[sdwheeler]

Suggested change

	Remove-ADGroupMember @RGMHT
	Remove-ADGroupMember @RGMHT

[doctordns]

removed blank line

[sdwheeler]

Suggested change

	Then it looks to see if the Enterprise Admins group contains unauthorised users - and if so, the script reports that fact to the log file.
	This script is fairly simple, and you can embellish. as needed.
	You could, for example, remove all unauthorised users.
	Then it looks to see if the Enterprise Admins group contains unauthorized users - and if so, the script reports that fact to the log file.
	This script is fairly simple, and you can embellish. as needed.
	You could, for example, remove all unauthorized users.

[doctordns]

changed to US ENglish

[sdwheeler]

Suggested change

	In this case, you are examining unauthorised changers to an AD group.
	In this case, you are examining unauthorized changers to an AD group.

[doctordns]

fixed

[doctordns]

This post is being moved into a new folder since it'll be posted in MAY!