Wireshark is a packet capture and analysis tool, however, not as well known is the command line version that is bundled into the install - tshark. One huge advantage of tshark is its ability to write packet data directly to disk, which avoids a common issue with leaving Wireshark…

This recently cropped up when I was running some auditing scripts to ensure Domain/Enterprise/etc Admins were part of the Protected Users group. It was a simple script that pulled members from the privileged groups, and compared them to members of the Protected Users group. Quick…

Quick one today (won’t even need a TL;DR), with Windows 7 no longer supported (ESU program being the exception) we’re all making sure either existing or new clients have no leftover machines on the domain. Here is a quick PowerShell snippet to find any Win 7 machines that have…

TL;DR If you’re monitoring for NtFrs Event Id 13568, you should also monitor for NtFrs Event Id 13561. But why? Most of us that look after AD environments are familiar with NtFrs Event Id 13568 - maybe not the number itself (because what kind of masochist forces themselves to…

Chrome extensions are one of those toys which once you learn to develop it’s hard to stop. I’ve written a bunch of small improvements to various sites I visit on a regular basis, usually simple changes, but one recent endeavour had me scratching my head for a bit. Isolated Worlds…

In the event that you encounter the error in the title while running Veeam Endpoint Backup (Veeam Agent for Microsoft Windows) it most likely means that your backups will cease to work, as mine have. The issue appears to be a flag set in the Veeam database which informs Veeam…

If you’ve ever managed a terminal server or RDS chances are there has been a need to identify the IP address of connected clients. Task manager gives us the client hostname but sometimes DNS can have stale entries or the client can be on the remote side of a VPN. We can use tools…

IP Geolocation is the mapping of an IP address to its geographical location, typically a country, state, or city. We can be confident that an IP block allocated by a regional internet registry (e.g, APNIC) to an Australian ISP will mean that IP range will be assigned to a service…