Navigate / search

PowerShell Tool – Backup Group Policy Objects (GPO) linked to Oranizational Units (OU)

PowerShell GPO Backup Tool

When editing Group Policy Objects you should always be aware of taking backups before changing anything. But from time to time you need to backup not just one GPO. This could be easyly managed by MS standard tools. Sometimes you need to backup all GPOs that are linked to a Organizational Unit. There is no GUI tool from Microsoft supporting this case, therefore I’ve built a small PowerShell script that will support you.

The script is easy to handle. Just start it and select the OU your policies are linked to. The script will start backup of your linked GPOs (recursively).

I’ve used the “Active Directory OU picker” from “MicaH’s IT blog” for easy OU selection.



This is the first release. Be carefull when using it in productive environments.

Always test before using in production!

Read more

Windows 10 – SCCM Language Pack Integration

I’ve tried so many different ways to deploy Windows 10 clients in different languages and there was only one way working for me, I like to share with you. Our aim was to deploy Windows 10 clients in 28 different languages, so our itention was to deploy these clients in English and to deploy the language packs afterwards. We didn’t want a client with 27 language packs installed that must be maintained with every Windows 10 Feature Update. But we got a lot of Problems with the Windows 10 UI that sometimes didn’t changed the language as exspected or the time and date formats were set comletelly wrong. The only way I figured out was to deploy language packs by the following order.

  1. Install the language pack during the OS installation using the dism command dism.exe /norestart /online /add-package /packagepath:.\
  2. Restart the computer
  3. Run a script executing the following command C:\Windows\System32\control.exe intl.cpl /f:”configuartion.xml”
  4. Restart the computer

Step 3 is neccessary to set the installed language pack as activated and to install the corresponding “Input Preferences”.

Create Package – “MS W10 1703 LanguagePack de-DE”

Lets start with building a deployment package including the german languagepack *.cab file, a PowerShell script for setup and *.xml file that is needed for configuration.

SCCM 1707 – Create Package
SCCM 1707 – Create Package
SCCM 1707 – Create Package
Read more

PowerShell – How to build a GUI with Visual Studio

Sometimes PowerShell scripts are a way to comlicated to present your hardly gathered data to end users that are not familiar with the command line. Therefore I recommend to present data by Windows WPF forms that could be achived without being a coding expert.

With the help of Visual Studio everyone is able to build WPF forms even without coding expertise. In this tutorial I will show you how to generate a User Information script displaying Hostname, Username and Domainname. This is a basic tutorial showing how to build a graphical user interface within minutes. The script can be extended easily, for example you can display “Model Type” of your Hardware, “Network Drives” connected, “Outlook Profile” size, installed software and a lot more!

Visual Studio can be downloaded for free at Microsoft –


home Start a Project

Start Visual Studio (Express / Community / Professional) and open a “New Project …

Visual Studio – New Project

Select “WPF Appplication” and confirm with “OK“.

Visual Studio – WPF Application

Read more

Java Runtime Environment (JRE) – How to Import Certificates

A lot of company applications are actually using the Java Runtime Environment (JRE) and a lot of them are integrated in the Internet Explorer using local adresses. When you open these kind of applications you will receive an error message that the application can not be trusted eventhough you provided your own root certificates by group policies. One big problem of the JRE is that it completelly ignores the Windows certificate stores. Instead of using the windows certificate store it uses its own implementation.

Java certificates are stored in a file called cacerts located at C:\Program Files (x86)\Java\jre1.x.x_xxx\lib\security\ You can open javacpl.exe to get a graphical overview about the content:

Java Control Panel – javacpl.exe
Java Control Panel – Manage Certificates

Read more

Windows 10 – Remove Windows Store Applications (appx)

Even if you start installing a Windows 10 Enterprise (SAC) operating system there is still a bunch of applications installed you really don’t need in an enterprise environment. There are two ways of getting rid of these. First thing you can do is to disable the “Microsoft Consumer Experiences” (Application Set) that are automatically installed during the system deployment. That is the easiest way to get rid of apps like “Candy Crush” or “Xing”.

To get rid of the rest of applications like “Weather” & “Xbox” there is only one way to do that. You need to build a PowerShell script that is executed during your OS deployment. Eventhough the removing commands for appx packages are supported by Microsoft some applications are still not removed from the user interface completelly. I recommend to run the script during the OS deployment to avoid these kind of problems. If you start removing appx packages after the first user login sometimes the app will be removed completelly but the icon will stay in the start menu as long as you delete the user profile.

1. Hide Applications by Group Policy Settings

  1. Open/Create a new group policy object in the “Group Policy Management Editor”
  2. Navigate to Computer Configuration > Administrative Templates > Windows Components > Cloud Content
  3. Click on “Turn off Microsoft consumer experience
  4. Switch the status of the policy to enabled.

Computer Configuration > Administrative Templates > Windows Components > Cloud Content

Read more

PowerShell – General Logging Script

Working in enterprise environments always requires a confidential log for scripting actions implemented in productive stages and even for testing it could be a great advantage. PowerShell offers a great possibility to log every action executed by a script. The CMDlets Start-Transcript  & Stop-Transcript will help you to achieve a successful logging script.

This will be just an example how you can easyly create a logging script. There are thousands of different ways to solve this. The Microsoft documentation can be found in the following link

The following script will write a general log file to C:\temp\logging.log containing all relevant basis information about the script execution.

Start-Transcript -path "C:\temp\logging.log" -Force

your CODE here


Result Read more