All posts by Mike Dixson

Bordering On Obsession Released!

Over the summer I took part in a song writing game/mission with other songwriters on the web and one of the resultant songs that came out of the exercise was Bordering on Obsession, a song about lost loves, aspirations and self examination.
In the wasteland that is the gameified app dating scene obsessing over looks, both your own and other peoples, and casually swiping your way thru an endless sea of fish you’ll never catch is all the more a horrid obsession fueling activity.

You can stream or buy/download Bordering On Obsession now:

SOLVED: Windows does not have enough information to verify the certificate


When moving from one ADFS server to another I imported a full certificate chain and private key into Machine certs on the new Windows 2016.
The certificate displayed fine and chain is complete.

However viewing the certificate properties via ADFS the certificate information gives the error “Windows does not have enough information to verify the certificate”


Move the intermediate certificate to the Intermediate Certificate Authorities > Certificates store

It seems stupidly obvious in retrospect but Windows itself could view the cert fine, and the import was done via Machine Certificates so you’d think it would put things in the right place.

Skype for Business Launch At Start Up Minimized Group Policy GPO

You think that having Skype launch minimized at start up would be an easy and well known Group Policy ADMX file or such… but no no no.
No easy life for you Mr Sysadmin.

Well for you yes, cause I’m writing how I managed to achieve it so you don’t have to bang your head against the desk too much.

Configures Skype’s Own AutoStart

This might be a bit belt and braces and the order 3 item below starts Skype4B on Windows start up already.

  • User Configuration
    • Preferences
      • Windows Settings
        • Registry
          • AutoOpenMainWindowOnStartUp (Order:1)
Key pathSoftware\Microsoft\Office\16.0\Lync
Value nameAutoOpenMainWindowWhenStartup
Value typeREG_DWORD
Value data0x0 (0)

All Common option set to No

Minimize Skype

  • User Configuration
    • Preferences
      • Windows Settings
        • Registry
          • MinimizeWindowToNotificationArea (Order: 2)
Key pathSoftware\Microsoft\Office\16.0\Lync
Value nameMinimizeWindowToNotificationArea
Value typeREG_DWORD
Value data0x1 (1)

Start Skype with Windows

Again this is a bit belt and braces, I’d go with this option over the first as the only method of starting Skype.

Also note that lync.exe is in the path, so the value data could just be lync/lync.exe so that the officeXX in the path doesn’t matter, for a bit of future proofing.

  • User Configuration
    • Preferences
      • Windows Settings
        • Registry
          • Lync (Order: 3)
          • Action: Replace
Key pathSoftware\Microsoft\Windows\CurrentVersion\Run
Value nameLync
Value typeREG_SZ
Value data%ProgramFiles(x86)%\Microsoft Office\root\Office16\lync.exe

This should then be applied to the OU that the users exist in and Domain Computers be given read access.

Dism.exe Cleaning Up Invalid Images

After finishing editing and wim image using dism I was being left with Windows still thinking the image was still mounted somehow and not able to remount the image file.
Thanks to a post here I finally managed to resolve the issue by deleting keys under “HKLM\SOFTWARE\Microsoft\WIMMount\mounted images\”

Next I just need to find how to be able to delete the folders ProgramData\Microsoft\Windows\SystemData underneath the root of a mounted image after it’s been unmounted. Windows is locking them but there are no handles open to them

[Solved] WDS Driver Filters Not Working

Like many people it seems I’ve been scratching my head as to why  WDS’s Driver Package Filters were not matching my hardware when imaging a machine that I’d created a driver package group for.

After looking at Greg Shields technet post I was convinced I just needed to grab the model name straight off of the machine type beforehand via a powershell WMI get and I’d be laughing. Alas this still did not work.

I found the best way was to enable the Debug log on WDS, then pull the info directly from what WDS was seeing and use that to create the filters.
I’ve also written a powershell script to pull the details from the debug log as otherwise it takes a fair bit of time.
I’ve posted this here:

Powershell list all properties of an object

Some powershell get commands only output a handful of the object properties get-CalendarProcessing being one such command, than returns just one property.

To get all properties of an object you can pipe to format-list *
get-CalendarProcessing -identity [email protected] | Format-List *

If you know the specific attribute you are after you can still access this variable using select-object.
get-CalendarProcessing -Identity [email protected] | Select-Object AllowConflicts

Get Boot Time For all computers in an OU – Powershell

I wrote the following script enumerates an OU and then looks up the last boot time for each computer.

Note: I’m starting to put any scripts I write on GitHub, this will make it easier for you copy down and easier for me to keep any scripts up to date.

Easy GPO Audit Using Powershell

After poking around the Group Policy Objects (GPO) of an infrastructure that was new to me I needed a decent way of producing a quick and useful report on the state of the GPOs.

Because the ComputerVersion and UserVersion numbers are listed as two figures, one for AD and one for Sysvol just an export-csv of get-gpo left me with blank ComputerVersion and UserVersion.

I found this post:

By using the following powershell I was able to within minutes provide useful information on the state of the GPOs.

get-gpo -all | select Displayname,ID,Description,GPOStatus,CreationTime,ModificationTime,@{Label="ComputerVersion";Expression={$}},@{Label="UserVersion";Expression={$_.user.dsversion}}| export-csv gpo-audit.csv

A small bit of conditional formatting later and we can see that the Domain GPO has a large amount of user setting edits and should be split into a user only GPO and a computer GPO (I won’t go into where these GPOs should be linked at this stage).
A snipping of an excel spreadsheet with colour coding providing meaning to the figures