New Blog post - Permanent WMI Event Handling#51
Closed
doctordns wants to merge 5 commits intoPowerShell:mainfrom
doctordns:WMIEvent1
Closed
New Blog post - Permanent WMI Event Handling#51doctordns wants to merge 5 commits intoPowerShell:mainfrom doctordns:WMIEvent1
doctordns wants to merge 5 commits intoPowerShell:mainfrom
doctordns:WMIEvent1
Conversation
sdwheeler
requested changes
May 6, 2021
Contributor
sdwheeler
left a comment
sdwheeler
left a comment
There was a problem hiding this comment.
See my comments and suggestions. Call me in Teams if you have questions.
Comment on lines
+13
to
+14
| ## WMI | ||
| Windows Management Instrumentation (WMI) is an important component of the Windows operating system. |
Contributor
There was a problem hiding this comment.
Suggested change
| ## WMI | |
| Windows Management Instrumentation (WMI) is an important component of the Windows operating system. | |
| ## WMI | |
| Windows Management Instrumentation (WMI) is an important component of the Windows operating system. |
Comment on lines
+28
to
+31
| And for some more details on using WMI and Powershell, look at using PowerShell 7 and WMI, look at [my recently published PowerShell 7 book](https://www.wiley.com/en-gb/PowerShell+7+for+IT+Professionals-p-9781119644705). | ||
| In chapter 9, I devote a chapter to WMI and using the CIM cmdlets. | ||
| To see just the scripts for that chapter, see my [GitHub repository](https://github.com/doctordns/Wiley20/tree/master/09%20-%20WMI). | ||
| The scripts show you the basics of WMI and PowerShell 7. |
Contributor
There was a problem hiding this comment.
One of the tenets of this blog is that we don't allow marketing. I am OK with linking to your book, in the right context. See my suggestion at the bottom of the article. I think it reads better there and comes off like a pitch for your book.
Suggested change
| And for some more details on using WMI and Powershell, look at using PowerShell 7 and WMI, look at [my recently published PowerShell 7 book](https://www.wiley.com/en-gb/PowerShell+7+for+IT+Professionals-p-9781119644705). | |
| In chapter 9, I devote a chapter to WMI and using the CIM cmdlets. | |
| To see just the scripts for that chapter, see my [GitHub repository](https://github.com/doctordns/Wiley20/tree/master/09%20-%20WMI). | |
| The scripts show you the basics of WMI and PowerShell 7. |
|
|
||
| In writing this article, I assume you have an understanding of WMI. | ||
| In specific, I assume you understand WMI namespaces, classes, properties, and methods. | ||
| If not, you might like to look at the [WMI Documentation](https://docs.microsoft.com/windows/win32/wmisdk/wmi-start-page) |
Contributor
There was a problem hiding this comment.
Suggested change
| If not, you might like to look at the [WMI Documentation](https://docs.microsoft.com/windows/win32/wmisdk/wmi-start-page) | |
| If not, you might like to look at the [WMI Documentation](https://docs.microsoft.com/windows/win32/wmisdk/wmi-start-page). |
Contributor
Author
There was a problem hiding this comment.
will add the full stop.
Comment on lines
+89
to
+90
| This script displays a list of the current members of the Enterprise Admins group to a log file and reports whether the membership now contains unauthorised users. | ||
| If the script finds that an unauthorised user is now a group member, it writes details to a text file for you to review later. |
Contributor
There was a problem hiding this comment.
Suggested change
| This script displays a list of the current members of the Enterprise Admins group to a log file and reports whether the membership now contains unauthorised users. | |
| If the script finds that an unauthorised user is now a group member, it writes details to a text file for you to review later. | |
| This script displays a list of the current members of the **Enterprise Admins** group to a log file and reports whether the membership now contains unauthorized users. | |
| If the script finds that an unauthorized user is now a group member, it writes details to a text file for you to review later. |
Contributor
Author
There was a problem hiding this comment.
will revise for American English
Comment on lines
+99
to
+100
| In this post, you want to detect whether an unauthorised user is a member of the Enterprise Admins group. | ||
| You must first create a file of authorised users. |
Contributor
There was a problem hiding this comment.
Suggested change
| In this post, you want to detect whether an unauthorised user is a member of the Enterprise Admins group. | |
| You must first create a file of authorised users. | |
| In this post, you want to detect whether an unauthorized user is a member of the **Enterprise Admins** group. | |
| You must first create a file of authorized users. |
Contributor
Author
There was a problem hiding this comment.
will update for US english
Comment on lines
+342
to
+343
|
|
||
| # 11. Tidying up |
Contributor
There was a problem hiding this comment.
Suggested change
| # 11. Tidying up | |
| # 11. Tidying up |
Contributor
Author
There was a problem hiding this comment.
removed blank line.
Comment on lines
+350
to
+351
| Remove-ADGroupMember @RGMHT | ||
|
|
Contributor
There was a problem hiding this comment.
Suggested change
| Remove-ADGroupMember @RGMHT | |
| Remove-ADGroupMember @RGMHT |
Contributor
Author
There was a problem hiding this comment.
removed blank line
Comment on lines
+237
to
+239
| Then it looks to see if the Enterprise Admins group contains unauthorised users - and if so, the script reports that fact to the log file. | ||
| This script is fairly simple, and you can embellish. as needed. | ||
| You could, for example, remove all unauthorised users. |
Contributor
There was a problem hiding this comment.
Suggested change
| Then it looks to see if the Enterprise Admins group contains unauthorised users - and if so, the script reports that fact to the log file. | |
| This script is fairly simple, and you can embellish. as needed. | |
| You could, for example, remove all unauthorised users. | |
| Then it looks to see if the Enterprise Admins group contains unauthorized users - and if so, the script reports that fact to the log file. | |
| This script is fairly simple, and you can embellish. as needed. | |
| You could, for example, remove all unauthorized users. |
Contributor
Author
There was a problem hiding this comment.
changed to US ENglish
|
|
||
| WMI eventing is very powerful and straightforward to implement. | ||
| There are thousands of WMI events you could subscribe to and which may help troubleshooting activities. | ||
| In this case, you are examining unauthorised changers to an AD group. |
Contributor
There was a problem hiding this comment.
Suggested change
| In this case, you are examining unauthorised changers to an AD group. | |
| In this case, you are examining unauthorized changers to an AD group. |
Contributor
Author
|
This post is being moved into a new folder since it'll be posted in MAY! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Summary
PR Checklist