-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Blog post - Permanent WMI Event Handling #51
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See my comments and suggestions. Call me in Teams if you have questions.
## WMI | ||
Windows Management Instrumentation (WMI) is an important component of the Windows operating system. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
## WMI | |
Windows Management Instrumentation (WMI) is an important component of the Windows operating system. | |
## WMI | |
Windows Management Instrumentation (WMI) is an important component of the Windows operating system. |
And for some more details on using WMI and Powershell, look at using PowerShell 7 and WMI, look at [my recently published PowerShell 7 book](https://www.wiley.com/en-gb/PowerShell+7+for+IT+Professionals-p-9781119644705). | ||
In chapter 9, I devote a chapter to WMI and using the CIM cmdlets. | ||
To see just the scripts for that chapter, see my [GitHub repository](https://github.com/doctordns/Wiley20/tree/master/09%20-%20WMI). | ||
The scripts show you the basics of WMI and PowerShell 7. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One of the tenets of this blog is that we don't allow marketing. I am OK with linking to your book, in the right context. See my suggestion at the bottom of the article. I think it reads better there and comes off like a pitch for your book.
And for some more details on using WMI and Powershell, look at using PowerShell 7 and WMI, look at [my recently published PowerShell 7 book](https://www.wiley.com/en-gb/PowerShell+7+for+IT+Professionals-p-9781119644705). | |
In chapter 9, I devote a chapter to WMI and using the CIM cmdlets. | |
To see just the scripts for that chapter, see my [GitHub repository](https://github.com/doctordns/Wiley20/tree/master/09%20-%20WMI). | |
The scripts show you the basics of WMI and PowerShell 7. |
|
||
In writing this article, I assume you have an understanding of WMI. | ||
In specific, I assume you understand WMI namespaces, classes, properties, and methods. | ||
If not, you might like to look at the [WMI Documentation](https://docs.microsoft.com/windows/win32/wmisdk/wmi-start-page) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If not, you might like to look at the [WMI Documentation](https://docs.microsoft.com/windows/win32/wmisdk/wmi-start-page) | |
If not, you might like to look at the [WMI Documentation](https://docs.microsoft.com/windows/win32/wmisdk/wmi-start-page). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will add the full stop.
This script displays a list of the current members of the Enterprise Admins group to a log file and reports whether the membership now contains unauthorised users. | ||
If the script finds that an unauthorised user is now a group member, it writes details to a text file for you to review later. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This script displays a list of the current members of the Enterprise Admins group to a log file and reports whether the membership now contains unauthorised users. | |
If the script finds that an unauthorised user is now a group member, it writes details to a text file for you to review later. | |
This script displays a list of the current members of the **Enterprise Admins** group to a log file and reports whether the membership now contains unauthorized users. | |
If the script finds that an unauthorized user is now a group member, it writes details to a text file for you to review later. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will revise for American English
In this post, you want to detect whether an unauthorised user is a member of the Enterprise Admins group. | ||
You must first create a file of authorised users. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this post, you want to detect whether an unauthorised user is a member of the Enterprise Admins group. | |
You must first create a file of authorised users. | |
In this post, you want to detect whether an unauthorized user is a member of the **Enterprise Admins** group. | |
You must first create a file of authorized users. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will update for US english
|
||
# 11. Tidying up |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# 11. Tidying up | |
# 11. Tidying up |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed blank line.
Remove-ADGroupMember @RGMHT | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove-ADGroupMember @RGMHT | |
Remove-ADGroupMember @RGMHT |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed blank line
Then it looks to see if the Enterprise Admins group contains unauthorised users - and if so, the script reports that fact to the log file. | ||
This script is fairly simple, and you can embellish. as needed. | ||
You could, for example, remove all unauthorised users. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Then it looks to see if the Enterprise Admins group contains unauthorised users - and if so, the script reports that fact to the log file. | |
This script is fairly simple, and you can embellish. as needed. | |
You could, for example, remove all unauthorised users. | |
Then it looks to see if the Enterprise Admins group contains unauthorized users - and if so, the script reports that fact to the log file. | |
This script is fairly simple, and you can embellish. as needed. | |
You could, for example, remove all unauthorized users. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed to US ENglish
|
||
WMI eventing is very powerful and straightforward to implement. | ||
There are thousands of WMI events you could subscribe to and which may help troubleshooting activities. | ||
In this case, you are examining unauthorised changers to an AD group. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this case, you are examining unauthorised changers to an AD group. | |
In this case, you are examining unauthorized changers to an AD group. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
This post is being moved into a new folder since it'll be posted in MAY! |
PR Summary
PR Checklist