Azure AD – Access to BitLocker Recovery Keys

Wonder how to give access to see bitlocker recovery keys in Azure AD? – Look no further!

I’m have been searching for a while after how to grant access to the Azure AD (AAD) BitLocker recovery keys by the “least privilege principle” (PoLP).

You need to have global administrator in order to follow this tutorial, if you are ready, let’s go!

Read More

Ethical Hacking – What is malware?

We always hear that someone was infected with a virus/trojan etc. But was is the difference between all of them?

In this post I will go a little deeper of the differences between the types of infections possible on a device.

This post is part of a series called “Ethical Hacking”.

Read More

Ethical Hacking – Metasploit

During the CEH v10 certification you will get to know a lot of tools that helps you with the 5 phases of a hack.

One of the most valuable tools out there is Metasploit.

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.

I will go through some of ways you can use Metasploit to your advantage.

This post is part of a series called “Ethical Hacking”.

Read More

Ethical Hacking – Nmap/Scruby/Hping3

In this article, I will go in depth with 3 scanners you can use. The scanners are Nmap, Scruby and Hping3. You can use these scanners to see what ports are open/closed, which OS, banner grabbing and a lot more.

This post is part of a series called “Ethical Hacking”.

Read More

Ethical Hacking – Network Communication

Before you can engage in any ethical hacking, you need to understand the basics of network communication between devices. This post gives you an quick overview how devices talk to each other.

This post is part of a series called “Ethical Hacking”.

Read More

Ethical Hacking – Tools for the 5 Phases of Hacking

After finishing two MCSA (Office 365 & Windows Server 2012 R2) certifications, I’m currently studying to take the CEH v10 certification, which is a valuable tool for any IT-professional.

This post is part of a series called “Ethical Hacking”.

While I’m studying for this certification, I’m going to update this post with variety of useful tools and websites. Only use these tools in your own environment for education purposes only.

Read More

SolarWinds Orion – Certificate Expiration Template

I’m back again with one more PowerShell script, this time getting certificate expiration warnings from Windows machines.

You can use the PowerShell script below to create a template and get warnings, critical, down etc. if a certificate is close to expiration or already is expired.

Read More

WSUS – High CPU due to “supersedence” updates.

Lately I have been seeing high CPU (90-100%) usage on servers where the Windows Server Updates Services (WSUS) is installed.

This is mainly caused by updates that is superseded, and is filling the database causing the CPU to spike.

Read More

WSUS – Windows 10 Clients – Error 0x8024500c


Just finished troubleshooting an error with Windows 10 clients (build 1607 and above) contacting WSUS server getting 0x8024500c like below while searching updates.

The client had an on-premise WSUS server which they wanted to push out Windows Updates, instead of using the internet (


They had configured the following group policy to enable:

  • Computer Configuration\Administrative Templates\Windows Components\Windows Update
    • Do not connect to any Windows Update Internet location

This caused the Windows Update on the clients to break, instead they should disabled the above and configured the following instead:

  • Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings
    • Turn off access to all Windows Update features

The above will allow users to download apps on the Windows Store, but still only allowing the users to use the on-premise WSUS server.

Unfortunately Microsoft introduced a new feature called “Dual Scan” (read more about it here) which allows the Windows clients to access both WSUS and the internet, which would potentially bypass the local WSUS.

To disable the dual scan, the client needs to have the following registry keys deleted.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Update
    • BranchReadinessLevel
    • DeferFeatureUpdatesPeriodInDays
    • DeferQualityUpdatesPeriodInDays
    • DeferUpdatePeriod
    • DeferUpgradePeriod
    • ExcludeWUDriversInQualityUpdate
    • PauseDeferrals
    • PauseFeatureUpdates
    • PauseQualityUpdates
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings
    • BranchReadinessLevel
    • DeferFeatureUpdatesPeriodInDays
    • DeferQualityUpdatesPeriodInDays
    • ExcludeWUDriversInQualityUpdate
    • DeferUpgrade

If though you set the matching group policies to “Not Configured” or “Disable”, it will not delete the keys but only set them to zero (DWORD) in the registry.

For those clients that are running build 1607, you need to install kb4025334 which will add a local policy “Do not allow update deferral policies to cause scan against Windows Update” under “Computer Configuration\Administrative Templates\Windows Components\Windows Update“.

You can set this group policy on those 1607 clients by adding the following registry through group policy.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
    • Key: DisableDualScan
    • Value: 0x1
    • Type: DWORD

The WSUS server was also tuned a little, because all resources was used. This caused the clients to take a long time to talk and eventually timeout.

  • All superseded updates was declined in the WSUS management console.
  • The WSUS IIS application pool (“WsusPool“) was also tunned with the following settings (remember IISRESET afterwards):
    • .NET Framework Version: v4.0
      • Already on Windows Server 2012 above, but this server was Windows Server 2008 R2
    • Queue Length: 2000
    • Private Memory Limit: 7843200

You can test the Windows Update by executing the following command in a elevated command prompt.

  • usoclient.exe StartScan


Registry Keys

If you want to see what registry keys you have on your client, you can run the following in a command prompt with elevated rights.

  • reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /s
  • reg query HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Update
  • reg query HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings

Windows Update Log

Check the Windows Update log by running the following command in PowerShell.

  • Get-WindowsUpdateLog


Check the Component-Based Servicing log here.

  • C:\Windows\Logs\CBS

That is my 2 cents, hope you can use it!





PowerShell – Create a TFS team project with PowerShell using REST API

I’m back again with a new PowerShell script to create a TFS project without Power Tools (which isn’t supported on TFS 15+).