If you can get to an administrative or system shell:
Reset-ComputerMachinePassword -Server DC.domain.local -Credential (Get-Credential)
If you can get to an administrative or system shell:
Reset-ComputerMachinePassword -Server DC.domain.local -Credential (Get-Credential)
It’s built into the latest builds of Windows 10 and 11 and Server, and can be installed into many. One good way to try it, is to install Microsoft .NET framework (SDK) 6, thus, from administrative Powershell:
winget install --id Microsoft.DotNet.Runtime.6 --silent --accept-source-agreements
I learned just now that if you add other seemingly valuable options to the one above, e.g., --scope machine
, at least while running as SYSTEM, it will fail citing package not found. So you’ll want to test carefully.
Here’s one proven just now for 7zip (there’s a “search” option in winget to get the ID):
winget install --exact --id 7zip.7zip --accept-package-agreements --silent --scope machine
Here’s one for Google Chrome, needs a bit of extra:
winget.exe install --exact --id Google.Chrome --silent --accept-package-agreements --accept-source-agreements --scope machine
If you do want to use it from the SYSTEM account, in scripting, it gets interesting. You’ll want to first run this:
$ResolveWingetPath = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe" if ($ResolveWingetPath){ $WingetPath = $ResolveWingetPath[-1].Path } $ENV:PATH += ";$WingetPath"
and then winget will run as expected.
Adding Winget on Windows 10/2019/2016 builds 1809 or lower is touch and go. This worked on a recent Server 2019/1809, with the addition to the path above:
# Install VCLibs Add-AppxPackage 'https://aka.ms/Microsoft.VCLibs.x64.14.00.Desktop.appx' # Install Microsoft.UI.Xaml.2.7.3 from NuGet Invoke-WebRequest -Uri https://www.nuget.org/api/v2/package/Microsoft.UI.Xaml/2.7.3 -OutFile .\microsoft.ui.xaml.2.7.3.zip Expand-Archive .\microsoft.ui.xaml.2.7.3.zip Add-AppxPackage .\microsoft.ui.xaml.2.7.3\tools\AppX\x64\Release\Microsoft.UI.Xaml.2.7.appx # Install the latest release of Microsoft.DesktopInstaller from GitHub Invoke-WebRequest -Uri https://github.com/microsoft/winget-cli/releases/latest/download/Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle -OutFile .\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle Add-AppxPackage .\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle # Fix permissions TAKEOWN /F "C:\Program Files\WindowsApps" /R /A /D Y ICACLS "C:\Program Files\WindowsApps" /grant Administrators:F /T
Try this:
@("MsOnline","ExchangeOnlineManagement","AzureAD","AzureRM","Az","Microsoft.Graph","MicrosoftTeams","Microsoft.Online.SharePoint.PowerShell","Microsoft.PowerApps.Administration.PowerShell","Microsoft.PowerApps.PowerShell","WhiteboardAdmin","O365CentralizedAddInDeployment","PnP.PowerShell","MicrosoftPowerBIMgmt")|%{if(!(get-module -listavailable -name $_)){install-module -name $_ -skippublishercheck -allowclobber -force}elseif((get-module -listavailable -name $_).version -lt (find-module $_).version){update-module -name $_ -force;Get-InstalledModule -name $_ -allversions| where {$_.version -lt (get-installedmodule -name $_.name).version} | Uninstall-Module -force}}
From www.tbone.se/2023/02/27/update-your-windows-11-with-some-powerful-one-liners/”
To get the link speed of all NICs in Powershell:
Get-NetAdapter | select interfaceDescription, name, status, linkSpeed.
It also removes old versions.
Get-InstalledModule |%{if((get-module -listavailable -name $_.name).version -lt (find-module $_.name).version){update-module -name $_.name -force;Get-InstalledModule -name $_.name -allversions| where {$_.version -lt (get-installedmodule -name $_.name).version} | Uninstall-Module -force}}
From www.tbone.se/2023/02/27/update-your-windows-11-with-some-powerful-one-liners/
This method uses Powershell module PsWindowsUpdate.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Set-Executionpolicy RemoteSigned -Scope Process -Force Install-PackageProvider -Name NuGet -Force -ErrorAction 'SilentlyContinue' > $null Set-PSRepository -Name PSGallery -InstallationPolicy Trusted If (Get-InstalledModule -Name PsWindowsUpdate -ErrorAction 'SilentlyContinue') { Update-Module -Name PSWindowsUpdate -Force } Else { Install-Module -Name PSWindowsUpdate -Force } Import-Module PSWindowsUpdate
Get-WindowsUpdate
Install-WindowsUpdate -NotCategory "Drivers","Service Packs","FeaturePacks" -NotTitle "preview" -AcceptAll
And to do it while ignoring reboot:
Install-WindowsUpdate -NotCategory "Drivers","Service Packs","FeaturePacks" -NotTitle "preview" -AcceptAll -IgnoreReboot
The -IgnoreReboot
ignores all relevant reboot automata. -NotTitle "preview"
omits all updates with the word “preview” in their name.
But sometimes, e.g. with a new PC install, we’ll want to install all updates and reboot automatically:
Install-WindowsUpdate -AcceptAll -AutoReboot
Install-WindowsUpdate -NotKBArticleID KB1234567 -AcceptAll
Install-WindowsUpdate -NotKBArticleID KB1234567 -AcceptAll -IgnoreReboot
Install-WindowsUpdate -AcceptAll -NotKBArticleID "KB1234567,KB7654321"
-NotTitle
and -NotUpdateID
.Reset-WUComponents
Get-Command -Module PSWindowsUpdate
Get-Help
works for all of them.
IPCONFIG /ALL
. That will get you a list of active NICs. DNS in use, is set for each NIC if you have more than one.Ethernet adapter Embedded LOM 1 Port 2
.Set-DnsClientServerAddress "Embedded LOM 1 Port 1" -ServerAddresses ("10.11.12.13","10.11.12.14","10.11.12.15")
Set-DnsClientServerAddress "Embedded LOM 1 Port 2" -ServerAddresses ("10.11.12.13","10.11.12.14","10.11.12.15")
Set-DnsClientServerAddress "Ethernet" -ResetServerAddresses
Longstanding, works well unless BITS is corrupt:
Start-BitsTransfer -Source $URL -Destination $Path
On 1809 and up:
curl.exe -O $URL
A pure Powershell method:
(New-Object System.Net.WebClient).DownloadFile($URL,$Path)
This removes all local admins from a machine’s Administrators group, except the built-in Administrator and “Domain Admins” if it’s on a domain.
$LocalDomain = $env:USERDOMAIN $DomainAdmins = "$LocalDomain\Domain Admins" $ComputerName = $env:COMPUTERNAME $OEMAdministrator = "$ComputerName\Administrator" Get-LocalGroupMember Administrators | ForEach-Object { $UserName = $_.Name "Found: $UserName" If (($UserName -ne $DomainAdmins) -and ($UserName -ne $OEMAdministrator)) { "Removing $UserName from local Administrators group." Remove-LocalGroupMember -Group Administrators -Member $UserName } "" }
If you see GPO policies get implemented and re-implemented even though the settings have been removed, or if it just doesn’t happen, try the following in administrative Powershell. These clear the GPO cache on the machine you’re looking at.
Remove-Item "$env:windir\system32\GroupPolicy" -Force -Recurse Remove-Item "HKLM:\Software\Policies\Microsoft" -Force -Recurse Remove-Item "HKCU:\Software\Policies\Microsoft" -Force -Recurse Remove-Item "HKCU:\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects" -Force -Recurse Remove-Item "HKCU:\\Software\Microsoft\Windows\CurrentVersion\Policies" -Force -Recurse