Manage Active Directory Users And Computers Using Windows 10 Creators Edition In PowerShell Direct Without CredSSP Or “Second-Hop” Issues

#Manage Active Directory Users And Computers Using Windows 10 Creators Edition Using PowerShell Direct Without CredSSP Or “Second-Hop” Issues

#If you connect to a virtual machine using PowerShell Remote then you need to enable CredSSP to avoid Second-Hop or “Multi-Hop” Issues when managing Active Directory objects. CredSSP is always needed when connecting to a physical machine since PowerShell Direct only works when connecting to a virtual machine directly from the host computer.

#PowerShell Direct doesn’t have the “Second-Hop” issue when managing Windows Server 2016 from a Windows 10 Creators Edition virtual machine running Hyper-V. I have enabled the Hyper-V role on Windows 10 Professional and my physical machine is not joined to a domain. The Windows 10 virtual machine will need to be joined to the Active  Directory domain you intend to manage without making further “workgroup” related configuration changes.

Enter-PSSession -VMName Win10 -Credential DOMAIN\administrator #Connect to a Windows 10 Creators Edition virtual machine using PowerShell Direct
New-ADOrganizationalUnit -Server KERMIT -Name Test -Description 'Administrator Rights' -DisplayName Test -PassThru -Verbose #Create a new OU called Test
Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'|Set-ADOrganizationalUnit –ProtectedFromAccidentalDeletion $false #Unprotect OU=Test for intentional deletion
Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'|Remove-ADOrganizationalUnit -Verbose #Delete OU=Test

#The Longer Story…

#Create a new Organizational Unit in PowerShell Remote using just the computer name

#Without CredSSP enabled this command fails in PowerShell Remote

Enter-PSSession -ComputerName KERMIT -Credential DOMAIN\administrator #Connect to a Windows 10 Creators Edition virtual machine using PowerShell Remote
New-ADOrganizationalUnit -Server KERMIT -Name Test -Description 'Administrator Rights' -DisplayName Test -PassThru -Verbose #Create a new OU called Test

#Create a new Organizational Unit in PowerShell Direct using just the computer name

#Just using OU=Test as an example to show how this command doesn’t fail in PowerShell Direct like it did in the previous example.

Enter-PSSession -VMName Win10 -Credential DOMAIN\administrator #Connect to a Windows 10 Creators Edition virtual machine using PowerShell Direct
New-ADOrganizationalUnit -Server KERMIT -Name Test -Description 'Administrator Rights' -DisplayName Test -PassThru -Verbose #Create a new OU called Test

#Set –ProtectedFromAccidentalDeletion to $false on OU=Test so it can be deleted

#This needs to be done to allow the OU to be deleted.

Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'|Set-ADOrganizationalUnit –ProtectedFromAccidentalDeletion $false #Unprotect OU=Test for intentional deletion

#Delete OU=Test from -Server KERMIT.

#KERMIT is the NetBIOS computer name of my domain controller and not the domain NetBIOS name. They are different things.

Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'|Remove-ADOrganizationalUnit -Verbose #Delete OU=Test

 

Join Windows 10 Professional To An Active Directory Domain Using PowerShell Direct

#Join Windows 10 Professional To An Active Directory Domain Using PowerShell Direct

#These are the commands to rename a Windows 10 client computer to GONZO and add that computer to a domain called domain.muppetlabs.com .

Rename-Computer -NewName GONZO -Verbose -PassThru #Rename computer before joining domain. Requires restart
Restart-Computer
Add-Computer -DomainName domain.muppetlabs.com -Credential domain\administrator -Passthru -Verbose #Join Active Directory Domain and add to Computer container. Requires restart
Restart-Computer

#The Longer Story…

#Your computer may not need to be renamed so skip that if needed. Also the Add-Computer command sends your newly added computers to the Computers container by default unless you specify an -OUPath when running Add-Computer.

#Rename computer before joining your domain if your computer name doesn’t comply with server standards. Restart required.

Rename-Computer -NewName GONZO -Verbose -PassThru #Rename computer before joining domain. Requires restart
Restart-Computer

#Join a domain called domain.muppetlabs.com. Restart required.

#You need to change the -DomainName from domain.muppetlabs.com to what you call your domain. Use -Restart at the end of the Add-Computer command to automatically restart.

Add-Computer -DomainName domain.muppetlabs.com -Credential domain\administrator -Passthru -Verbose #Join Active Directory Domain and add to Computer container. Requires restart
Restart-Computer


#A Bit More

#Specify a preconfigured Organizational Unit path when joining domain

#My domain is simple and this is not needed for me at this time. I don’t have multiple Organizational Units yet and I don’t need any Group Policies affecting this PC since I’m working with my Windows 10 Creators Edition management PC. I’m able to specify the -OUPath shown below, once I complete the step below to create an OU called Producers. This command adds the computer to OU=Producers.

#You are not able to specify another container besides the default Computers container, but there is a way to change the default container if you don’t specify an OU. I definitely don’t want my computers added to the default OU which is OU=Domain Controllers, so I don’t use this command switch unless I have created a new OU first. It has been suggested to create the OU and computer object prior to joining the domain, but I don’t need to do that at this point.

#The command below is used to specify an Organizational Unit when joining a domain, if needed.

Add-Computer -DomainName 'domain.muppetlabs.com' -OUPath 'OU=Producers,DC=domain,DC=muppetlabs,DC=com' -Credential 'DOMAIN\administrator' -Passthru -Verbose
Restart-Computer

#Create a new Organizational Unit on the server (Needs to be run on Windows Server 2016 with the Active Directory role installed and configured)

#If you preconfigure an alternative Organizational Unit on Windows Server 2016 then you can add your computers directly to that OU by specifying a -OUPath when running Add-Computer.

New-ADOrganizationalUnit -Name Producers -Description 'Administrator Rights' -DisplayName Producers -PassThru -Verbose

Enable or Disable Game Mode In Windows 10 Creators Edition Or Better Using PowerShell Commands

#Enable Game Mode In Windows 10 Creators Edition or Better Using PowerShell Commands

#Enable Game Mode in Windows 10 Creators Edition or better only. This does not work in previous versions of Windows 10.  Windows Key + G will toggle Game Mode once the changes have been made.

#Just the command

If (Test-Path HKCU:\Software\Microsoft\GameBar) {Get-Item HKCU:\Software\Microsoft\GameBar|Set-ItemProperty -Name AllowAutoGameMode -Value 1 -Verbose -Force}

#The Longer Story…

#The above command enables Game Mode. The command below disables Game Mode. Again this feature is only available in Windows 10 Creators Edition or better. These commands work in both PowerShell and PowerShell Direct.

#Check Game Bar Registry Key And Existing Configuration (1=Enabled, 0=Disabled)

#If the GameBar registry key has no properties then Game Mode is disabled.  If allow AllowAutoGameMode is set to 1 then Game Mode is enabled. If it is set to 0 then AllowAutoGameMode is disabled.

Get-Item -Path HKCU:\Software\Microsoft\GameBar -Verbose|ft -a

#▲Game Mode Disabled (Installation Default)

#▲Game Mode Enabled

#Enable Game Mode In Windows 10 For The First Time

#The -Force switch is used to a skip using New-Item or New-ItemProperty commands but specifying -Force will delete the key and recreate the key and you will lose all sub-keys.

If (Test-Path HKCU:\Software\Microsoft\GameBar) {Get-Item HKCU:\Software\Microsoft\GameBar|Set-ItemProperty -Name AllowAutoGameMode -Value 1 -Verbose -Force} #Enable Game Mode

#Disable Game Mode In Windows 10 Once Enabled Or To Manually Set Game Mode To Disabled

#If you just remove the registry key then Game Mode will stay enabled. Changing AllowAutoGameMode to 0 will disable Game Mode once it has been enabled.

If (Test-Path HKCU:\Software\Microsoft\GameBar) {Get-Item -Path HKCU:\Software\Microsoft\GameBar|Set-ItemProperty -Name AllowAutoGameMode -Value 0 -Verbose -Force}

#Check If AllowAutoGameMode Registry Property Is Enabled (1=Enabled, 0=Disabled)

#Is similar to the other command to check Game Mode status with more information about the registry key. This command will error if AllowAutoGameMode is not there but means that Game Mode is disabled by default.

Get-ItemProperty -Path HKCU:\Software\Microsoft\GameBar\ -Name AllowAutoGameMode -Verbose|fl


#Keyboard Shortcuts for Game Barhttps://support.microsoft.com/en-us/instantanswers/a4cced71-b833-4e48-8523-8be8b7d29448/keyboard-shortcuts-for-game-bar

#Additional Microsoft Game Infohttps://www.microsoft.com/en-us/windows/windows-10-games

Enable Hyper-V Role In Windows Professional, Enterprise And Education Vs. Android Emulators

#Enable The Hyper-V Role in Windows 10 Professional, Enterprise Or Education Using PowerShell

#If this is the first time, and if if this will be the only time enabling the Hyper-V role in Windows 10, then this PowerShell command is all you need. If you need to switch the Hyper-V services on and off without removing the role then download Hyper-V Switch.

#Enable Hyper-V Role Using PowerShell

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

#Disable Hyper-V Role Using PowerShell

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V

#The Long Story…

#Continue reading if you are having issues or are using a conflicting emulator and getting the dreaded Blue Screen of Death.

Having Issues Enabling Hyper-V Role In Windows 10 Professional, Enterprise Or Education?

Check Requirements

  • Windows 10 Enterprise, Professional, or Education
  • 64-bit Processor with Second Level Address Translation (SLAT)
  • CPU support for VM Monitor Mode Extension (VT-c on Intel CPU’s)
  • Minimum of 4 GB memory

NOTE: The Hyper-V role cannot be installed on Windows 10 Home.

OK so beyond those requirements lies a different issue many are facing with the advent of Android based virtual machines and emulators.

BlueStacks Android Emulator and Andy Android Emulator both crash on load every time the Hyper-V role is active.  It looks like both used to work together before the Anniversary Edition update broke the support of Hyper-V and other emulators running at the same time. Here is the bulletin from BlueStacks regarding this issue.

I  want my computer to run everything and work right all the time, so I tried to install x86Android Android Emulator in Hyper-V as an alternative. Once I finally was able to get an older version to work; I found the touchscreen support / controls were unsuitable for my needs. The controls were pure garbage. I may revisit that scenario and try for a more complete configuration but BlueStacks Android Emulator is just so much more user friendly on every level. For now, I switch back and forth between a Hyper-V and a BlueStacks setup.

Here is what I found to switch Hyper-V on and off.  Previously, I was removing the Hyper-V role and adding it again when needed, but a caveat of doing that is the Hyper-V Virtual Switch Manager settings are lost in the process. The settings need to be recreated and reattached to each virtual machine, every time the role is reinstalled. You end up with a lot of orphaned network adapters.


!!!Hyper-V Switch To The Rescue!!!

Calm down. This utility doesn’t allow Hyper-V to run simultaneously with VMWare or BlueStacks, but this great tool I found at least saves a reboot (it takes two reboots if you add and remove the Hyper-V role). Also, I don’t have to reconfigure Virtual Switch Manager every time I do it. This program automates a bcdedit process to disable Hyper-V without removing the Hyper-V role as part of the process.

Use Hyper-V Switch to toggle Hyper-V support on and off when using other emulators like VirtualBox or Andy Android Emulator to keep it fast and simple. I saved it to my Desktop and edited the executable file to Run as Administrator just to be sure it has the rights needed. You can also single right-click on the executable file or shortcut and then single left-click on Run as Administrator every time.

https://github.com/ygoe/HyperVSwitch – Download from GitHub

http://unclassified.software/apps/hypervswitch – Hyper-V Switch Website


#Enable The Hyper-V Role Using PowerShell manually or for the first time

#For the first and if the only time enabling the Hyper-V role then the command  below is all you need.

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

#Enable Hyper-V and all features.

#Type y and press Enter


#Disable The Hyper-V Role Using PowerShell

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V

#Disable Hyper-V and all features

#Type y and press Enter


Manually Enable Hyper-V From The GUI

Windows Key-R to bring up the Run box.

Type optionalfeatures.exe and single left-click OK to execute (just means to run) optionalfeatures.exe. This method actually allows for more control of the Hyper-V installation since you can deselect unneeded features. For example, some people may not have any need for the Hyper-V Module for Windows PowerShell module if they don’t use PowerShell  or PowerShell Direct to administer any virtual machines.

Single left-click to select the Hyper-V option. Single left-click the Plus sign to expand if you need to select or deselect any of the default features. I use all the Hyper-V features so PowerShell for this installation works just fine for me. The end goal is to avoid moving my mouse as much as possible.