We help IT Professionals succeed at work.

IT Administration





IT Administration is the processes and best practices for programming and development, and incorporates methodologies for managing activities and projects. Common methodologies include waterfall, prototyping, iterative and incremental development, spiral development, rapid application development, extreme programming and various types of agile methodology. The life-cycle "model" is a more general term for a category of methodologies, and a software development "process" a more specific term to refer to a specific process chosen by a specific organization.

If you have any responsibilities for managing the ICT budget for your organisations, can you share any examples of lessons learned on areas you may have identified or any honest 'mistakes made' where your company was perhaps wasting money.

We have a risk/audit team who do a lot of good focus on cyber security, data protection etc, but some other issues have come to light in recent years where money was being wasted due to poor asset management/monitoring processes (i.e. smartphones that were not even being used by the person given them), which got me thinking what other common mistakes could be being made which may be worth delving further into as part of their cycle of reviews.

Not overly sure what category to add this to so gone with a broad area as I know a lot of participants in these areas often seem to have senior titles in their profiles so may be involved in this type of area or report directly to others who do.
Hi I have a client that wasn't to have reporting on what users are doing work wise.  Like 2 hours in Outlook, 20 minutes on Face Book and if the computer was idol for two hours.

Not sure if that is possible.  As you can guess, this is for users working from home due to the Corona virus.

Thanks all.

Oh, all the remote computers are Windows 10 Home and they are not VPNing or RDPing.  Just email and local Autocad stuff.
Hi, we want to lock down some Android tablets so they only view a few whitelisted websites, is there a easy solution for this?
Dear Experts,

I would like to find out what would be the best suited network certification to obtain for myself.
I have a mish-mash background, after getting M.S. in computer science with software engineering emphasis, I was working as a software/field engineer, then software project manager.
After taking time off to raise children, I started my own business as an IT consultant, where I did everything from hardware/software installation, infrastructure management, training, and troubleshooting for small businesses.  All of my knowledge came from basically learning as I needed from vendors and other sources.
A few more jobs later, I am now bouncing back and forth between Sr. System/Network Admin roles at my current employer.
My problem is, besides my degree, I do not have any certification, but I can administer Cisco/Fortinet Firewalls, switches, Windows servers, Exchange servers, and am versed in PowerShell scripts as well as Java, VBA.  I feel very non-standardized, and would like to have some type of certification.  Since I really don't need to learn more about Windows servers or Azure AD, I was leaning towards some type of network certification.  Cisco, CompTIA Network+, etc.  I do have basic theoretic knowledge on networking from my graduate courses, however I have a feeling some of those are outdated at this point.
Please advise.

I have been asked to evaluate/review approximately 150 servers on our network, ranging from Server 2008 to Server 2019 list in  a spreadsheet with very limited information.   Just primary roles. (e.g. DC, DNS, RODC, SCCM Distribution Point, File and Print server, etc.)   It also lists Hyper-V, Hyper-V on workstation, etc.  

I don't have the owner information so I can't reach out to each and ask "what is this and what's it for?  The objective is to go through this giant list and label each with a "priority #" to either decommission it, upgrade the existing OS, determining the utilization of each server, apps installed, roles installed, etc.   I then need to be able to share my findings with the rest of my team so we can then determine the effort necessary to migrate, upgrade or decommission the server(s) as we look forward to our newest 2016 functional level infrastructure.  Fro example, there are 14 RODCs at branch sites, but Sites and Services is not configured properly, so that could be a priority #1 (through 5) for us.   How do you experts approach these types of tasks and projects?   What do you break things down to and label it as to what should happen to each server and where it should reside, e..g Azure.

Thanks for any information you can provide.
Dear Experts

while implementing CRM/ERP what exactly meant by  software requirement specification( SRS), what is next step is it functional requirement design and then technical specification, can you please help to understand each of these and which comes first, thanks in advance.
I have a powershell script designed to create a local admin account. I have been trying to edit the PS script so that i dont have the password in plain text. I have created a password.txt file and a password.key file on a shared network drive open to everyone. Here is my script, i am doing something wrong. Can someone help me fix it.

Start-Transcript -Path "C:\temp\addlocaladmin.log" -NoClobber
Set-Executionpolicy -Scope CurrentUser -ExecutionPolicy UnRestricted

<#This works great but password is clear text
$Password = ""
$secureStringPassword = ($Password | ConvertTo-SecureString -AsPlainText -Force)#>

$password = Get-Content \\FILE1\$3ncrypted\password.txt | ConvertTo-SecureString -Key (Get-Content \\FILE1\$3ncrypted\password.key)
$credential = New-Object System.Management.Automation.PsCredential("TP-Admin",$password)
New-LocalUser "TP-Admin" -Password $password -FullName "TP-Admin" -Description "Local Admin Account for Intune Managed Devices"
Add-LocalGroupMember -Group "Administrators" -Member "TP-Admin"

Open in new window

Can someone tell me what i am doing wrong and how to fix the code?

I am getting this error message. I verified i have access to the UNC path.

Does someone have a policy statement or can direct me to one for Wifi.  My company has internal wi fit, staff that travels so airports, starbucks, bars (!).  What should be telling them.  So far, we have said avoid any wifi with no password protection is a no. I rush off the plane and check my email and before you know it, I have been on the airport wi fi (no password) for an hour.  Executives pay for access on the plane, is that safe?

I have a column that has listed all OUs of my company. I want to delete everything to the left of OU=Disabled. What excel function/code can i insert to make this happen? Ultimately i want it to look like the bottom 3.

Steve test2,OU=Disabled,OU=Users,OU=Contoso_Users_and_Groups,DC=Contoso,DC=net
Barreca - Consultant\,Sal,OU=Disabled,OU=Users,OU=Contoso_Users_and_Groups,DC=Contoso,DC=net

Open in new window

I am looking to create a script that will take all users from the disabled OU  and remove all AD group memberships minus domain users so that it doesnt throw an error.
Would this work?

$OUpath = "OU=Disabled,OU=Users,OU=Park_Users_and_Groups,DC=park,DC=net"
$disbaledUsers = Get-ADUser -Filter * -SearchBase $OUpath

foreach ($disableduser in $disabledusers)

Remove-ADGroupMember -Identity *


Open in new window

Trying to put together a script that i can run as a daily scheduled task to automate moving Disabled Objects in our OU to the disabled OU.  I put this together but its not working. Can you please help rewrite the script so that it makes sense.

$DisabledUsers = Get-ADUser -Filter * -Property Enabled | Where-Object {$_.Enabled -like “false”}

$DisabledUsers |
Select-Object SamAccountName |
Get-ADUser |
Move-ADObject -TargetPath $TargetOU

Open in new window

I have created a Powershell Script that will search for all Account Managers in our company and then adds then to particular Security Group.

Get-ADUser -Filter {description -eq 'ACCTMGR - Account Manager' -and Enabled -eq $True} | export-csv c:\active_account_managers.csv
Import-CSV c:\active_account_managers.csv -Header SamAccountName | ForEach-Object {Add-AdGroupMember -Identity "Powerbi_All_AM" -members $_.SamAccountName}

Open in new window

How can i then add a line of code to this script that will go out and search ALL account managers who are no longer Active and remove them from the group "Powerbi_All_AM"?

Maybe doing something like this...

#This will both add users who are newly onboarded account managers and remove any that have been offboarded i think
Get-ADUser -Filter {description -eq 'ACCTMGR - Account Manager' -and Enabled -eq $True} | export-csv c:\active_AMs.csv
Import-CSV c:\active_AMs.csv -Header SamAccountName | ForEach-Object {Add-AdGroupMember -Identity "Powerbi_All_DM" -members $_.SamAccountName}

Get-ADUser -Filter {description -eq 'ACCTMGR - Account Manager' -and Enabled -eq $False} | export-csv c:\offboarded_account_managers.csv
Import-CSV C:\offboarded_account_managers.csv -Header SamAccountName | ForEach-Object {Remove-AdGroupMember -Identity "Powerbi_All_AM" -members $_.SamAccountName}

Open in new window

Would that work? And is spaces between both lines of code ok or do they all need to be under each other?
I am trying to put together a PS script that will search my entire user database and find all users who's description match this exactly "ACCTMGR - Account Manager" but filter out all Users who's Enabled Property is True. In other words only search users who are active and not disabled.

I have tried the following script but something is wrong with it. Can anyone help me fix it please.
Get-ADUser -Filter {description -like 'ACCTMGR - Account Manager'} | Where-Object {$_.Enabled -eq True}

Open in new window

Then ultimately i want to take all of these users "Account Managers" and add them a Distribution List
I have a SQL 2014 server that I am trying to configure to send mail via O365.  We just recently moved from an on-prem Exchange 2010 server to O365, and was able to easily send email from SQL2014.  However, now I am unable to send any mail via O365 even though I have all the correct O365 user profile settings.  O365 support indicated the issue pertains to a SQL permissions issue of which I have not been able to locate.

I setup the SQL Mail Profile as follows:

SQL 2014 DB Mail Profile Config  

When I try and send a test email I see the following failure message in DB mail log file:

 SQL 2014 DB Log Failure Message
Hi Experts,

My PC (Win7. Pro) is running very slow at start, it could take up to 15 minutes to have it up and running after I shutdown.
I have checked memory and CPU usage while its restarting and don't see that high numbers, not sure what is causing such,,,
See attached.

For IT audit purposes, what are some of the questions that an auditor should ask
during the audit interview especially for Cyber, IT Infra, End-user computing  audit?

What are some of the open-ended question like "Can you describe your
network architecture", "what's your patch procedure/policy like", "what are
your perimeter & endpoint defenses" ...  <pls add on>.

Presume auditors should start with such open questions first before going
into more targetted questions?

What are some of the more targetted questions?  
Eg: "how long is your backup retention for DB,  logs, ...", "share some of
      the recent patch logs", ...<pls add on> ...
Referring to attached response from MS which says we need to buy Azure licences for
each user that uses inTune.  However, as we're on O365 E3 subscription, isn't inTune
a free bundle (which an MS reseller earlier advised is bundled free) as shown below:


We have presented to the board that we're remediating an audit finding
for remote wiping of mobile phones using iTunes but at this late stage, the
reseller quoted the attached from MS.

On the other hand, link below indicates inTune is being deprecated or I
read it wrongly?
I have a CSV File or Text File for 100s of Users in my environment. I would like to develop a script that would take each UPN on that column and give me back the data in the Attribute "Description" of that object which is where we put the users Title. Can anyone help?

$Users = Get-Content C:\users_upn.txt >>>>Give me back the data in the attribute field " Description" for each user. Write that data to a text or csv file.

I have a list of users but want to add their Titles to that spreadsheet and that data is stored in the "Description" attribute field.

Powershell Script Request. - Bulk Enable Archival (Office 365)

Im trying to setup a script that will do a fore each loop that will take CSV file that has a heading of UserPrincipalName of a list of 100s of F1 Licensed Users. i am trying to enable archival for all those users listed. I tried to get this started. I know that the command to enable archival is the following:

 Enable-Mailbox -Identity $usernames -Archive

So i started by trying to put the scrip together myself but i am kindve stuck. Not sure how to pass the object.

$usernames = Import- csv .... $_.UserPrincipalName

 foreach ($username in $usernames) {
   Enable-Mailbox -Identity $usernames -Archive

Now I'm not 100% sure here that  -identity even takes the UPN, will have to research that. can anyone help?

Let me start by saying we are a hybrid environment and i have been tasked with opening new sites for my company in SharePoint. I am fairly new to sharepoint. I have had no issues following the company SOP for creating new sites on our sharepoint environment for 8 months now without having any issues. All the sudden in the last few sites ive created i have had errors popping up that i have no idea how to fix. I believe we are on Sharepoint Online 2016 but not certain. Please see attached errors. I have tried to recreate several times. I believe this site/page was created before but then closed. I think i have to completely delete the old site but i dont even know how to do that. I went to the provisioning page and thought i deleted the old site then tried to recreate it but still errors out. Can i have help please. I tried using powershell but i think i need the right module loaded to access sharepoint online but was unsuccessful to loading the modules to run (Remove-SPSite -Identity) but get The term 'Remove-SPSite' is not recognized as the name of a cmdlet. Any help would be greatly appreciated.

Is there a way to change this local admin script so that the password is not in clear text but rather a hash or more secure? So for Example if my default local admin password is Welcome1$ and i want to keep it that way but yet not show this in clear text how can i alter this script to change that? I am planning on pushing this script via Intune to all my newly enrolled machines.

$Username = "Admin"
$Password = 'Welcome1'

$group = "Administrators"

$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }

if ($existing -eq $null) {

    Write-Host "Creating new local user $Username."
    & NET USER $Username $Password /add /y /expires:never
    Write-Host "Adding local user $Username to $group."
    & NET LOCALGROUP $group $Username /add

else {
    Write-Host "Setting password for existing local user $Username."

Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Domain='$env:ComputerName'AND Name='$usr'" SET PasswordExpires=FALSE

Open in new window

Dear Experts
We are evaluating CCTV surveillance system appox 25 to 30 cameras which should store 03 months of recording hence NVR hard disk capacity we have sized 6 TB.  We have connected this location over MPLS link to the Head office hence we are thinking to look for solution but not sure at camera side or NVR side the recording to happen parallel to NVR and also to NAS device and this NAS device will replicate to another identical NAS device over MPLS link at head office
1.Please help is there any specific type of cameras OR NVR we should consider so that at the same time two places the recording is done one at NVR disks this is going to rotate once in month hence at any given time only last 30 days recording is available.
2.Also simultaneous recording in additional to NVR to store to NAS box for example synology NAS box ( one at site and another one in head office every day replication scheduled to head office)
I have a VPN file that was created by our former IT group and I have no idea how. Its a windows based VPN. We recently implemented Intune in our environment and I am trying to set it up so that it installs the EXE as part of the base software configuration. Problem is i dont know the silent switch. I have tried the a few like .exe /Silent. I have attached the results of TP-VPN.exe /?. Is there a way i can find the silent switch of the VPN or create a powershell script that will just run the VPN even if its not silent. I just need it to install. If i just run the executable the first thing that pops up is a message stating " Do you wish to install Contonso VPN? Wondering how i can bypass that message. If i extract the contents of the exe. I see an executable named cmstp.exe. There also config files that might be able to examine.



I know spicework HelpDesk is free (local version not-cloud), but there is a paid option.  What do I get if I pay for Spiceworks? (more features, like reportings, etc.?)
Recently I posted a question on how to edit the following set of Attributes in AD for bulk users. I was given the following PS Script.

Import-Csv -Path C:\Temp\Attributes.csv | ForEach-Object {
	$user = Get-ADUser -Filter "mail -eq '$($_.mail)'"
	Set-Aduser -Identity $user -Replace @{ 
    extensionAttribute1 = $_.extensionAttribute1
    extensionAttribute2 = $_.extensionAttribute2

Open in new window

It was working but i was trying to tweak it to be able to edit ExtensionAttributes 1-10. And now its no longer working. Its giving me an error.

Get-ADUser : The search filter cannot be recognized
At C:\Users\1083786\OneDrive - Contoso\IT - Powershell\Attribute 
Changer for Group of Users by Email.ps1:2 char:10
+     $user = Get-ADUser -Filter "mail -eq '$($_.mail)'"
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-ADUser], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:8254,Microsoft.ActiveDirec 
Set-Aduser : replace
At C:\Users\1083786\OneDrive - Contoso Ltd\IT - Powershell\Attribute 
Changer for Group of Users by Email.ps1:3 char:2
+     Set-Aduser -Identity $user -Replace @{
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (CN=Perez\, Isai...ownepark,DC 
   =net:ADUser) [Set-ADUser], ADInvalidOperationException
    + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirector 

Open in new window

Does anyone know what I am doing wrong? What we are trying to do is import a CSV file that has the following headers:

Mail > ExtensionAttributes1-9

Can someone help me fix this script so that i am able to bulk edit these specific AD Attributes for a Bulk Amount of Users please.

IT Administration





IT Administration is the processes and best practices for programming and development, and incorporates methodologies for managing activities and projects. Common methodologies include waterfall, prototyping, iterative and incremental development, spiral development, rapid application development, extreme programming and various types of agile methodology. The life-cycle "model" is a more general term for a category of methodologies, and a software development "process" a more specific term to refer to a specific process chosen by a specific organization.