Browsed by
Year: 2021

From Standard User to Elevated Administrator: Run Elevated PowerShell Commands with PowerShell Studio and Impersonation

From Standard User to Elevated Administrator: Run Elevated PowerShell Commands with PowerShell Studio and Impersonation

I recently had a request to create a small applet/windows form that would allow regular end users to perform an administrative task. For example, restart the Print Spooler service. We did not want to grant the user any elevated rights, only to give them a program that would allow them to perform the single task and nothing more. PowerShell to the rescue –

Beginning with Windows Vista, the administrator security token split with the standard user token. This means that to perform administrative tasks you must elevate (UAC). Each app that requires the administrator access token must prompt for consent. Using PowerShell Studio I can create my Winform and use an administrator manifest to prompt for elevation, and input either a RunAs account or specify an account to Impersonate as.

The Issue

The problem however, is Windows evaluates manifests prior to RunAs or Impersonation. It will load the manifest before … Continue...

Uninstall the built-in Chat from Microsoft Teams in Windows 11 with Intune

Uninstall the built-in Chat from Microsoft Teams in Windows 11 with Intune

Windows 11 comes with Chat from Microsoft Teams which is ‘a signature, lightweight experience brought right to the Taskbar to let Teams personal account users quickly start a video call or chat with friends and family.’The problem with this is that it is only available for Personal accounts and not for Work or School accounts. 

The new Teams experience on Windows 11 and Chat are intended for personal Microsoft accounts and will be available only to individuals using such accounts.

With this installed by default, and Teams for Work/School, you will have two versions of Microsoft Teams installed locally. This can be confusing to end users.

Uninstall Chat for Teams with Intune

Save the following PowerShell script locally, we will need to upload this to Intune

$MSTeams = "MicrosoftTeams"

$WinPackage = Get-AppxPackage | Where-Object {$_.Name -eq $MSTeams}
$ProvisionedPackage = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $WinPackage }
Continue...
Easily Enable End Users to Manage Active Directory Users with PowerShell GUI

Easily Enable End Users to Manage Active Directory Users with PowerShell GUI

Recently I got a request to find a way to let managers or Human Resources the ability to modify basic user attributes in Active Directory. Like anyone else, I presented the idea of using RSAT to let them modify users in ADUC or ADAC. This was not an ideal solution because ADUC can become overwhelming to someone that isn’t technical. They wanted something that was extremely basic, easy to follow and work in without any guidance or instructions, and did not show the user anything else that they could not modify or needed to see.

The decision was made to create a custom program with the pre-requisite of having RSAT installed so we could use the AD modules underneath the hood. We could then control permissions on the Active Directory side.

Improvements from ADUC

Because I built this with a specific audience in mind, I was able to make some … Continue...