17 September 2025

Make a Palm application copyable

Sometimes Palm applications are copy-protected, preventing them from being beamed to another Palm or being copied from the SD card to RAM. Attempting to copy these applications shows message "Copy-protected apps and databases cannot be copied. These are listed with a lock icon next to them."

To change make the application copyable:

  1. Download PRCedit from here, unzip, run PRCedit.exe.
  2. Open the PRC file.
  3. 0x20 is the offset of the 'flags' header. The 0x40 bit set to flag the executable as non-copyable (non-beamable). So to make it copyable, subtract 0x40 from the value. e.g. if the value is 0049 make it 0009:

  4. Save and then sync the updated application or copy to the SD card. Then beam/copy freely.

Thanks to Theodore Ts'o.

01 June 2025

Get certificate used in web request via PowerShell

Get information about the SSL certificate used when accessing example.com/subfolder:

$TheResponse = Invoke-WebRequest https://www.example.com/subfolder/ -UseBasicParsing -TimeoutSec 3 -ErrorAction Stop;$servicePoint = [System.Net.ServicePointManager]::FindServicePoint('https://example.com');$servicePoint.Certificate | Format-Table -Wrap -Autosize;$servicePoint.Certificate.GetCertHashString()

Then to display the certificate hash:

$servicePoint.Certificate.GetCertHashString()

Display the certificate expiration date:

$servicePoint.Certificate.GetExpirationDateString()

Get upstream DNS provider

To get the IP address of the server that is making the final DNS request:

nslookup whoami.akamai.net

or

dig whoami.akamai.net

Thanks, Barmar.

Get principals in a group Managed Service Account

Get which identities are allowed to retrieve the password for gMSA "MyGMSAAccountName":

Get-ADServiceAccount -identity MyGMSAAccountName -properties principalsallowedtoretrievemanagedpassword

Get Service Principal Names for a computer

Get SPNs for computer account "MYSERVER":

setspn -L MYSERVER

Set machine-level environment variable using PowerShell

To set a permanent machine-level environment variable:

[Environment]::SetEnvironmentVariable("VARIABLE_NAME","variable_value",'Machine')

Create self-signed SSL certificate

Create a certificate for names "MYSERVER1.mycompany.local" and "MYSERVER1" valid for 10 years:

New-SelfSignedCertificate -DnsName MYSERVER1.mycompany.local, MYSERVER1 -CertStoreLocation cert:\LocalMachine\My -NotBefore (Get-Date).AddMonths(-1) -NotAfter (Get-Date).AddYears(10)

Get group membership via Microsoft Graph

Get the ID of "My Group":

Get-MgGroup -Filter "displayName eq 'My Group'" | Select-Object Id

Get the members of that group ID and export to CSV:

$groupId = "b123ec9b-7123-4ab4-beaf-0ebe68f123d9"
$allMembers = Get-MgGroupMember -GroupId $groupId -All
$Output = foreach ($member in $allMembers) {
Get-MgUser -UserId $member.Id | Select-Object Id, DisplayName, UserPrincipalName
}
$Output | Export-CSV "C:\Temp\MyGroupMembers.csv"

31 May 2025

Fix Disqus comments not loading in Firefox

A couple of years ago, Firefox's Enhanced Tracking Protection prevented Disqus comment sections from loading. At the time, this could be resolved by setting preference urlclassifier.trackingSkipURLs to:

disqus.com, referrer.disqus.com, *.disqus.com, c.disquscdn.com

This stopped working in Firefox version 139. Per Bugzilla, this can be resolved again by adjusting the preference value to the updated format:

*://disqus.com/*,*://*.disqus.com/*,*://referrer.disqus.com/*,*://c.disquscdn.com/*

18 August 2024

Fix AD Certificate Authority ignoring SAN attribute

When requesting a new AD CA certifiate via web enrolment, if it's ignoring the SAN attribute in the Attributes field, run this command on the CA:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

Then restart the CA service:

net stop certsvc
net start certsvc

Credit to Terence Luk.

An example of the value to use in the Attributes field to have SANs "MYSERVER" and "MYSERVER.mydomain.com" is:

san:dns=MYSERVER&dns=MYSERVER.mydomain.com

Create a Group Managed Service Account

Using PowerShell.

Create a new gMSA account:

New-ADServiceAccount -Name "gMSAuser1" -DNSHostName "gMSAuser1.mybusiness.local" -Enabled $True

Assign it for use by computer 'MYCOMPUTER':

Set-ADServiceAccount -Identity gMSAuser1 -PrincipalsAllowedToRetrieveManagedPassword MYCOMPUTER$

Add a block entry to the Exchange Online Tenant Allow/Block List

Exchange Online PowerShell:

New-TenantAllowBlockListItems -ListType Sender -Block -NoExpiration -Entries badperson@example.com -Notes "My description"

Change the DNS servers on an ESXi host

This can be done without disruption.

  1. SSH into the ESXi host
  2. Get existing DNS servers: esxcli network ip dns server list
  3. Add a new DNS server: esxcli network ip dns server add --server=10.0.0.7
  4. Remove an existing DNSserver: esxcli network ip dns server remove --server=10.0.0.8

Delete large number of files using command line

del /f/s/q "E:\FOLDERTODELETE" > nul & rmdir /s/q "E:\FOLDERTODELETE"

(del should be quicker but might leave things behind. rmdir is slower but should delete things that del can't.

Collect Cisco Secure Client DART logs via command line

"C:\Program Files (x86)\Cisco\Cisco Secure Client\DART\dartcli.exe" -dst "C:\temp\DARTBundle.zip"

Add entries to a user's Outlook Trusted and Blocked senders

To add "contoso.com" and "fabrikam.com" to jsmith@example.com's Outlook Trusted Senders list, and add "jane@adatum.com" to their Blocked Senders list, without affecting existing entries:

Set-MailboxJunkEmailConfiguration -Identity jsmith@example.com -TrustedSendersAndDomains @{Add="contoso.com","fabrikam.com"} -BlockedSendersAndDomains @{Add=jane@adatum.com}

To view the user's list of Trusted Senders:

(Get-MailboxJunkEmailConfiguration jsmith@example.com).TrustedSendersAndDomains

And to view Blocked Senders:

(Get-MailboxJunkEmailConfiguration jsmith@example.com).BlockedSendersAndDomains

Connect to Remote Desktop Services database

To connect to the RDS database:

  1. Open SQL Server Management Studio as administrator.
  2. Connect the WID database: np:\\.\pipe\MICROSOFT##WID\tsql\query
  3. Access the 'RDCms' database.

Remove a list of domains from all users' Outlook Blocked Senders list

From Exchange PowerShell:

# For every user mailbox, remove blocked senders with domains in $approvedDomainList $approvedDomainList = "gooddomainexample1.com","gooddomainexample2.com","gooddomainexample3" $user= Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Select Identity $user | ForEach-Object { if ($blockedDomains = ($_ | Get-MailboxJunkEmailConfiguration).BlockedSendersAndDomains | Where-Object {$_.Split('@')[1] -in $approvedDomainList}) { $_ | Set-MailboxJunkEmailConfiguration –BlockedSendersAndDomains @{remove=$blockedDomains} Write-Host "Removed the following address(es) from {0}'s blocked list:`n`t{1}" -f $_.Name,($blockedDomains -join "`n`t") } }

Check default printer using Registry

Check these Windows Registry keys to check a user's default printer.

Default printer:

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Session redirected printer:

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\SessionDefaultDevices\X\Device

09 May 2023

Download a file using PowerShell

(new-object System.Net.WebClient).DownloadFile('https://dl.dell.com/AwesomeDrivers.EXE','C:\temp\Drivers\AwesomeDrivers.EXE')

And running PowerShell from Command Prompt:

PowerShell -Command "(new-object System.Net.WebClient).DownloadFile('https://dl.dell.com/AwesomeDrivers.EXE','C:\temp\Drivers\AwesomeDrivers.EXE')"