Monthly Archives: July 2013

Windows 8.1 Enterprise Preview is available for download

Yesterday Microsoft released the Windows 8.1 Enterprise Preview. While the consumer edition has been available as a Preview Edition the Enterprise version has just been released.

According to Microsoft the differences between the editions are as follows:

Windows 8.1 is the basic edition for home users. It includes the core feature set that home users require but does not include key business features, such as support for the ability to join domains, process Group Policy, and so on. Windows 8.1 Pro is for small- and medium-sized businesses. It provides enhanced features that help to easily connect to company networks, access files on the go, encrypt data, and more. Last, Windows 8.1 Enterprise edition is available through Windows Software Assurance. It includes all the capabilities of Windows 8.1 Pro, plus premium features such as Windows To Go, DirectAccess, BranchCache, AppLocker, Virtual Desktop Infrastructure (VDI), and Windows 8 app deployment.

Notable features of the Enterprise version of Windows 8.1 include:

  • DirectAccess – Seamless access to company resources without the need for VPNs
  • Windows To Go – Create your own portable Windows 8.1 installation on a USB Stick
  • Start Screen Control – Gives administrators control on what is shown on the start screen

It is however important to know the Preview Edition does not have a supported upgrade path to the final edition. So this should be taken into consideration when upgrading your current workstation to Windows 8.1. If that is not a problem for you then you can use Windows 8.1 Enterprise Preview until January 2014.

What’s New in Windows 8.1
http://technet.microsoft.com/en-us/windows/dn140266
Download Windows 8.1 Enterprise Preview
http://technet.microsoft.com/en-US/evalcenter/dn237246.aspx
Windows 8.1 Preview: Frequently Asked Questions
http://technet.microsoft.com/en-us/windows/jj721676.aspx

PowerCLI Sessions at VMworld 2013 San Francisco announced

The following PowerCLI sessions have been announced for VMworld San Francisco next month:

VAPP5473 – Automated Management of Tier-1 Applications on VMware
https://vmworld2013.activeevents.com/connect/sessionDetail.ww?SESSION_ID=5473
VSVC4944 – PowerCLI Best Practices – A Deep Dive
https://vmworld2013.activeevents.com/connect/sessionDetail.ww?SESSION_ID=4944
VSVC5931 – PowerCLI What’s New? Administrating with the CLI Was Never Easier
https://vmworld2013.activeevents.com/connect/sessionDetail.ww?SESSION_ID=5931

Head over to the VMWare blogs to read an summary blog post on the PowerCLI related sessions at VMworld:

http://blogs.vmware.com/vipowershell/2013/07/powercli-session-at-vmworld-2013-san-francisco.html

Active Directory Friday: Find user accounts that have not changed password in 90 days

Today I am starting a new section my blog. Each friday I will post an example of a task I have performed in Active Directory using PowerShell. For this I will usually not use any of the Active Directory Cmdlets, so there is no dependancy on any modules to be present on a system in order to execute these queries. If you have any suggestions for a task or query that could be discussed, please drop me a line in the comments and I will consider it for next week. Today I will start with a query that gathers the samaccountname, pwdlastset and if an account is currently enabled or disabled. Note that the commands in this article only query Active Directory so no changes to objects will be made. First we will create a variable, $PwdDate, that contains the filetime of a date ninety days ago:

1
$PwdDate = (Get-Date).AddDays(-90).ToFileTime()

Then an DirectoryServices.DirectorySearcher object will be created with the LDAP Query to locate only user accounts that have their passwords last set on a date 90 or more days ago:

1
2
3
4
$Searcher = New-Object DirectoryServices.DirectorySearcher -Property @{
    Filter = "(&(objectclass=user)(objectcategory=person)(pwdlastset<=$PwdDate))"
    PageSize = 500
}

ForEach user account found we output its samaccountname, pwdlastset and enabled or disabled state of the account:

1
2
3
4
5
6
7
$Searcher.FindAll() | ForEach-Object {
    New-Object -TypeName PSCustomObject -Property @{
        samaccountname = $_.Properties.samaccountname -join ''
        pwdlastset = [datetime]::FromFileTime([int64]($_.Properties.pwdlastset -join ''))
        enabled = -not [boolean]([int64]($_.properties.useraccountcontrol -join '') -band 2)
    }
}

Note that the -join ” operator this is used to unwrap the properties, which are by default provided as System.DirectoryServices.ResultPropertyValueCollection objects. Alternatively the array indexing notation [0] could be used, this has the downside that when a property is empty it will cause the script to display errors. The full code used in this example is available here in the TechNet Script Repository: http://gallery.technet.microsoft.com/scriptcenter/Query-for-AD-Users-that-b87acf2f