Select Page

Azure Automation: Shutting Down Custom Tagged Virtual Machines

Hello everyone! Christopher Scott, Premier Field Engineer. I have recently transitioned into an automation role and like most people my first thought was to setup a scheduled task to shutdown and startup Virtual Machines (VMs) to drive down consumption costs ... continue reading

AskPFEPlat Happy New Year Invitation!

HAPPY NEW YEAR everyone, and welcome to 2018! This is Brandon Wilson (Platforms and Active Directory PFE), and with the introduction of the New Year, I wanted to take some time to thank all our outstanding readers we’ve had over ... continue reading

Simple PowerShell Network Capture Tool

Hello all. Jacob Lavender here again for the Ask PFE Platforms team to share with you a little sample tool that I’ve put together to help with performing network captures. This all started when I was attempting to develop an ... continue reading

Implementing Multiple AGPM Servers

Hi Everyone, Paulo here, a Microsoft Premier Field Engineer (PFE), recently I have had several customers querying about how to deploy multiple AGPM Servers per Forest/Domain. As you know AGPM was designed to centralize change control over Group Policies so ... continue reading

Windows Backups Failing with Associated VSS 8193 Errors

Hi, this is Michael Koeppl again. I’m with the Premier Mission Critical (PMC) Team and assisting customers when they hit OS issues in their critical infrastructure, and today I wanted to talk with you about an interesting Windows Backup issue ... continue reading

Securing RDP with IPSec

Hi Everyone, this is Jerry Devore back with a follow-up topic from my previous post on Privileged Administrative Workstations (PAW) which is a hardened device configuration used to protect privileged credentials. In that post, I mentioned that it is possible ... continue reading

Viewing Memory in PowerShell

Hello there, this is Benjamin Morgan, and I’m a Premier Field Engineer covering Active Directory and Platforms related topics. This is my first blog post I hope you are all as excited about this as I am! Today I wanted ... continue reading

Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation

On May 12, there was a major outbreak of WannaCrypt ransomware. WannaCrypt directly borrowed exploit code from the ETERNALBLUE exploit and the DoublePulsar backdoor module leaked in April by a group calling itself Shadow Brokers. Using ETERNALBLUE, WannaCrypt propagated as ... continue reading

Hey Dude, Where’s My Winlogon.log?

Hi this is Michael from the PMC PFE Team, I recently helped a customer during the implementation of their Windows Server 2016 systems. When checking the Event viewer, we spotted a well-known Event ID: Log Name:      Application Source:        SceCli Date:          ... continue reading
Loading...