User Profile

hasanemresatilmis

MCT

Joined 6 years ago

94 Posts16 Likes10 Solutions

View All Badges

User Widgets

Recent Discussions

Re: Bug: Invoke-MgGraphRequest not respecting ErrorAction.
Have you tried the Try-Catch method? For example: try { Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/users/email address removed for privacy reasons" ` -Method GET ` -ErrorAction SilentlyContinue Write-Host "Request continued" } catch { Write-Host "Caught exception: $_" }
Oct 31, 2025 Place Windows PowerShell
28Views
0likes
1Comment
Re: Deploying Multiple NPS Servers
Even though your CA is AD-integrated and auto-enrollment works, DC2 must explicitly trust the issuing CA and have access to the full certificate chain. Here's what to check: DC2 must have the CA certificate in its Trusted Root Certification Authorities store Open certlm.msc on DC2. Navigate to Trusted Root Certification Authorities > Certificates. Ensure your internal CA certificate is present. If missing, export it from DC1 and import it manually. DC2 must have the Intermediate CA (if applicable) If your CA uses an intermediate certificate, make sure DC2 has it in Intermediate Certification Authorities. DC2 must have a valid server certificate for EAP-TLS NPS uses a server certificate to identify itself during the TLS handshake. Confirm that DC2 has a certificate with: Server Authentication EKU Subject Name or SAN matching the server's name Issued by your internal CA You can use auto-enrollment or manually request it via MMC > Certificates (Computer) > Personal > Request New Certificate. Check NPS Policy Conditions Even if you exported the NPS config, double-check: Connection Request Policies and Network Policies on DC2. Ensure the NAS IP Address or NAS Identifier conditions match what the Cisco AP sends. If DC1 had a policy scoped to its own IP or hostname, DC2 might be rejecting requests. Test with NPS Logging Enable logging on DC2: Open NPS console > Accounting > Log File Properties Enable Log authentication requests Check logs under %SystemRoot%\System32\LogFiles This will show whether DC2 is receiving requests and why it's rejecting them.
Oct 31, 2025 Place Windows Server for IT Pro
3Views
0likes
0Comments
Re: Demoting DC Windows Server 2019
If the solution helped, would you mark it as solved?
Oct 31, 2025 Place Windows Server for IT Pro
32Views
0likes
0Comments
Re: Demoting DC Windows Server 2019
Active Directory stores the DNS servers hosting a zone in the msDNS-ServerName attribute of the dnsZone object. If XYDC01 is the last registered server for this zone, you’ll receive a warning during demotion. Even if the zone physically exists on other DCs, you’ll encounter this error if it’s not reflected in the metadata. To check which servers are hosting the zone on XYDC01, run: Get-DnsServerZone -Name "enterpriseregistration.jens.be" | Select-Object -ExpandProperty ZoneType Alternatively, use ADSI Edit and navigate to: CN=MicrosoftDNS,DC=ForestDnsZones,DC=jens,DC=be If the msDNS-ServerName attribute of the enterpriseregistration.jens.be object only lists XYDC01, it means the other DCs are not visible in the metadata. Make the zone visible on other DCs On a DC other than XYDC01, remove and re-add the zone to refresh the metadata: Remove-DnsServerZone -Name "enterpriseregistration.jens.be" Add-DnsServerPrimaryZone -Name "enterpriseregistration.jens.be" -ReplicationScope Forest This does not recreate the zone. It simply updates the metadata, since the zone is Active Directory-integrated.
Oct 30, 2025 Place Windows Server for IT Pro
25Views
0likes
1Comment
Re: Allow “Edit/Save/Rename Without Delete” NTFS Permission
There is no direct NTFS permission available to fully solve this issue. However, to reduce the risk of file deletion while still allowing editing and saving, the following alternative configuration can be applied: Block File Deletion at the Folder Level Grant users Modify permission on the files. Explicitly deny the Delete and Delete Subfolders and Files permissions on the folder. Test application compatibility, especially with programs like Office or AutoCAD that temporarily delete and recreate files during save operations. This configuration allows users to edit files while preventing deletion within the folder. However, some applications may still encounter errors if they rely on temporary file deletion during saving. Related Link: How can I set permission to the user Can edit or rename the file but not allow to delete in Windows file Server 2016? - Microsoft Q&A
Oct 30, 2025 Place Windows Server for IT Pro
8Views
0likes
0Comments
Re: Certificate authentication with SID not working
Yes, this behavior is by design. Windows certificate-based logon requires the Subject Alternative Name (SAN) extension with a valid User Principal Name (UPN) for proper mapping to the AD user account even if the SID extension is present.
Oct 30, 2025 Place Windows Server for IT Pro
147Views
1like
1Comment
Re: Remote Desktop users have access to shutdown/restart, how disable these ?
Hi LeatherHelpDesk, Yes you're right. I couldn't understand mjm1231's question before. But I understand now. mjm1231, If you apply the policy to the OU where the Terminal servers are located and enable the Group Policy Loopback Processing Mode in the same policy, I think your problem will be solved. You can enable Group Policy Loopback Processing Mode in the same policy from the Group Policy setting below. Computer Configuration > Policies > Administrative Templates > System > Group Policy > Configure user Group Policy loopback processing mode Merge: When selected, user policies linked to computer OU will be applied along with the other user policies that linked to the user OU. If any conflicting setting between policies, GPO will process them normally based on the link order. Replace: When selected, user policies linked to computer OU will override the other user policies that linked to the user OU.
Nov 22, 2022 Place Windows Server for IT Pro
97KViews
0likes
1Comment
Re: Creating Powerplans
Hikmzaragozab, I used Split parameter for get GUID only.
Apr 12, 2022 Place Windows PowerShell
6.7KViews
0likes
0Comments
Re: Script for SCCM Help please
You're welcome 🙂
Mar 02, 2022 Place System Center
2.4KViews
0likes
0Comments
Re: Script for SCCM Help please
All machines, whether HP Elitebook or not, are added to the All Desktop collection. Only computers with HP EliteBooks are added to the HP Elitebook collection.
Mar 02, 2022 Place System Center
2.2KViews
1like
2Comments
Re: Script for SCCM Help please
Any machine that is already a SCCM agent will be in the collection of all desktop and server clients. However, if the model is HP EliteBook 830 G8, it will be in both all desktop and server clients and HP ELiteBook 380 G8 collections.
Mar 02, 2022 Place System Center
2.3KViews
1like
4Comments
Re: Script for SCCM Help please
You didn't write the server name in the Properties section.
Mar 02, 2022 Place System Center
2.2KViews
0likes
6Comments
Re: Script for SCCM Help please
Hi ToptechnicalSolutions, I think a single task scheduler would be easier. Simple is beautiful 🙂
Mar 01, 2022 Place System Center
2.1KViews
0likes
8Comments
Re: Script for SCCM Help please
Hi ToptechnicalSolutions, You don't need this configuration for "All Desktop and Server Clients". When you deploy OS via Task Sequence, computers will install SCCM agent automatically. Also computers will add to "All Desktop and Server Clients" collection automatically. So you don't need that task sequence step for this collection. You need this configuration for HP EliteBook 830 G8. You can add Task Sequence step for that collection which name "HP EliteBook 830 G8". Properties tab: cmd /c powershell.exe -Command "&{$Me = $Env:COMPUTERNAME; Invoke-command -Computername YOURSITESERVER -ArgumentList $Me -scriptblock {param($Me)Import-Module ConfigurationManager; cd YOURSITECODE:; $Computer = Get-CMDevice -Name $Me; if ($Computer){Add-CMDeviceCollectionDirectMembershipRule -CollectionName 'HP EliteBook 830 G8' -Resource $Computer}}}" YOURSITESERVER (ConfigMgr Site Server Name, or anywhere with the ConfigMgr Console / Cmdlets installed) YOURSITECODE (Site Code) Change the “Run this step as…” account to an account that has the necessary permissions on the site server Options Tab: Add Condition -> Query WMI WQL Query: SELECT * FROM Win32_ComputerSystem WHERE Model LIKE "%HP EliteBook 830 G8%"
Mar 01, 2022 Place System Center
2.1KViews
0likes
10Comments
Re: Script for SCCM Help please
Hi ToptechnicalSolutions, You can add a Run Commandline step to your task sequence Properties Tab: Paste the code below into the Command line window cmd /c powershell.exe -Command "&{$Me = $Env:COMPUTERNAME; Invoke-command -Computername MYSITESERVER -ArgumentList $Me -scriptblock {param($Me)Import-Module ConfigurationManager; cd ABC:; $Computer = Get-CMDevice -Name $Me; if ($Computer){Add-CMDeviceCollectionDirectMembershipRule -CollectionName 'COLLECTIONNAME' -Resource $Computer}}}" MYSITESERVER (ConfigMgr Site Server Name, or anywhere with the ConfigMgr Console / Cmdlets installed) ABC (Site Code) COLLECTIONNAME (The name of the target collection) Change the “Run this step as…” account to an account that has the necessary permissions on the site server Options Tab: Add Condition -> Query WMI WQL Query: SELECT * FROM Win32_ComputerSystem WHERE Model LIKE "%HP EliteBook%"
Mar 01, 2022 Place System Center
2.1KViews
0likes
12Comments
Re: Power shell script directory path change
Hi Thatcoder, I think the link below will help you. about Profiles - PowerShell | Microsoft Docs
Mar 01, 2022 Place Windows PowerShell
952Views
1like
0Comments
Re: Script for SCCM Help please
Hi ToptechnicalSolutions, This link will help you to add a device to a collection during your OS deployment via Task Sequence. Add a Device to a Collection during a Task Sequence (smsagent.blog) After you add that step your task sequence, You can add a WMI query for define HP EliteBooks on options tab. I think that will solve your problem.
Feb 28, 2022 Place System Center
4.2KViews
0likes
14Comments
Re: Script for SCCM Help please
Hi ToptechnicalSolutions, You can trigger Collect Hardware Inventory manually that like below. Right click the colleciton -> Client Notfiication -> Collect hardware Inventory
Feb 28, 2022 Place System Center
4KViews
0likes
17Comments
Re: Script for SCCM Help please
Hi ToptechnicalSolutions, It doesn't matter 🙂 You can configure Hardware Inventory Schedule on Client Settings. Administration -> Client Settings -> Right click to Default Client Settings -> Select Properties Hardware Inventory -> Schedule...
Feb 28, 2022 Place System Center
4KViews
0likes
19Comments
Re: Script for SCCM Help please
Hi ToptechnicalSolutions, Your query for HP EliteBook 830 G8 NoteBook PC seems correct for HP EliteBook G8 Collection. So you don't need a script for new HP ElifteBook 830 G8 NoteBook PCs. They will move automatically in your HP EliteBook G8 collection when your OS installation completed and installed SCCM Client Agent on PCs. You don't need any action for moving new PCs into the collection. When you remove PCs which manually added to the collection and right click to collection select update membership, the PCs will add to the collection automatically. Also new PCs which is same model will.
Feb 28, 2022 Place System Center
4.1KViews
0likes
22Comments

Recent Blog Articles

No content to show