CyberDrain - The MSP Community and OSS provider

CIPP ❤️ #IntuneForMSPs

Tue, 17 Mar 2026 17:00:00 +0100

We’re Joining #IntuneForMSPs 🎉

Being invited by Microsoft to join a global initiative is a big moment for us, and we want to be clear about why it matters. #IntuneForMSPs is Microsoft’s program to help MSPs deliver Microsoft 365, Intune, and Copilot services at scale, and CIPP is now part of it, bringing the largest MSP community in the channel directly to Microsoft.

The return of CyberDrain CTF

Mon, 09 Jan 2023 00:00:00 -0500

CyberDrain CTF returns! (and so do I!)

It’s been since september that I actually picked up a digital pen equivalent and wrote anything down. This was due to me being busy with life but also my side projects like CIPP. I’m trying to get back into the game of scripting and blogging about these scripts. There’s still so much to automate and so little time, right? ;)

Monitoring with PowerShell: Monitoring Acronis Backups

Mon, 05 Sep 2022 00:00:00 -0400

Intro

This is a monitoring script requested via Reddit, One of the reddit r/msp users wondered how they can monitor Acronis a little bit easier. I jumped on this because it happened pretty much at the same time that I was asked to speak at the Acronis CyberSummit so it kinda made sense to script this so I have something to demonstrate at my session there.

Monitoring with PowerShell: Monitoring VSS Snapshots

Tue, 30 Aug 2022 00:00:00 -0400

Intro

Wow! It’s been a while since I’ve blogged. I’ve just been so swamped with CIPP that I’ve just let the blogging go entirely. It’s a shame because I think out of all my hobbies it’s one I enjoy the most. It’s always nice helping others achieve their scripting target. I even got a couple of LinkedIn questions asking if I was done with blogging but I’m not. Writing always gives me some more piece of mind so I’ll try to catch up again. I know I’ve said that before but this time I’ll follow through. I’m sitting down right now and scheduling the release of 5 blogs in one go. No more whining and no more waiting.

Automating with PowerShell: Getting device warranty information

Thu, 21 Jul 2022 00:00:00 -0400

Warranty reporting

This morning I woke up with a mission; I wanted to fix HP warranty reporting for my PSWarranty PowerShell Module. If you’re not familiar yet I’ve blogged about the module and warranty reporting before here. Most of the module has been left the same so you can reference that blog for more information.

Automating with PowerShell: Setting Sharepoint Sharing Settings

Mon, 04 Jul 2022 00:00:00 -0400

CIPP Components

About 8 months ago I’ve started a larger open source project called CIPP. CIPP is a M365 Management tool aimed at Managed Services Providers based on Azure Static Web Apps and a PowerShell backend. This blog shares some of the PowerShell code that’s used for the backend. CIPP is always looking for contributors on both the frontend and backend side so jump in if you’d like. You can find the Github project here.

Automating with PowerShell: Enable M365 activity based time-out & Office Code Execution fix

Mon, 30 May 2022 00:00:00 -0400

CIPP Components

Automating with PowerShell: Monitoring Office Releases

Mon, 16 May 2022 13:49:15 +0200

New Website and upcoming blogs

So I haven’t blogged for the last month, and I’m not gonna tell you that was because I was moving my website to Azure Static Web Apps, because it was not. I just couldn’t find the time or inspiration to write anything down that would be useful to anyone. It happens sometimes and a bit of writers(or bloggers, or PowerShellers) block happens to anyone. Blogging and sharing knowledge is one of the most satisfying things I do so naturally I got a little bit annoyed at myself.

Automating with PowerShell: Setting M365 Contact emails

Tue, 19 Apr 2022 13:27:17 +0200

I’ve been getting a bunch of questions lately about some of the standards in CIPP, so I figured this week I’ll blog about how some of them work in the background. CIPP tries to utilize Graph as much as possible to make changes to tenants and set them to a specific state.

Automating with PowerShell: Shipping your logs

Mon, 28 Mar 2022 11:13:03 +0200

Wow! It’s been quite a while since I’ve blogged. I’ve been working on CIPP, and the CyberDrainCTF recently ended so all my time just disappeared trying to balance those two. Not that that’s over for a bit I have some time to teach about PowerShell again.

CyberDrain CTF Returns!

Mon, 14 Feb 2022 12:15:30 +0100

Hey everyone!

I know I haven’t blogged in a while, but that’s because on the background I am super busy developing CIPP(https://cipp.app) and having a new session of the CyberDrainCTF!

Automating with PowerShell: Getting new Secure App Model tokens

Thu, 20 Jan 2022 10:53:36 +0100

Since I’ve released CIPP I’ve been getting a load of questions about the Secure Application Model, one of the most common occurrences happens to be that users somehow don’t get their tokens setup completely, and need to retrieve these again.

Monitoring with PowerShell: Monitoring battery health

Tue, 18 Jan 2022 15:18:18 +0100

This one was requested by several users for a while, I added this to some script libraries but never actually released it on the blog so I figured it’s a good way to get back into blogging.

Ending the year with PowerShell: a 2021 retrospective

Thu, 30 Dec 2021 15:32:20 +0100

As most of you have noticed I haven’t blogged for a bit, and that’s because I’ve been trying to enjoy some vacation time. I just can’t let this slip as it’s just one more day until the new year.

Monitoring with PowerShell: Detecting Log4J files

Mon, 13 Dec 2021 12:20:58 +0100

Hey all, so this is a pretty quick one, to add onto the already many scripts released for this. In this script we’re trying to get all the files that could suffer from the Log4J issue in CVE-2021-44228. I’m saying could, because the script detects a class that is also used in other products, Hence it might end up with some minor false positives.

Automating with PowerShell: Deploying External e-mail markers

Mon, 29 Nov 2021 13:13:28 +0100

A while back I’ve blogged about deploying e-mail spoofing warnings. These warns inject a little bit of HTML into e-mails to let people know a e-mail is external or not trusted. For a while now Microsoft has a native option for this. You do need a somewhat recent version of Outlook but the native version works a little better than just injecting HTML.

Monitoring with PowerShell: Monitoring WLAN reports

Mon, 22 Nov 2021 11:44:16 +0100

This is a bit of a short one, but I’m trying to get back to two blogs a week slowly, today we’re talking about a pretty cool feature that Microsoft has made for Windows, but doesn’t get the attention it deserves. When you’re troubleshooting WLAN issues there’s a lot of locations to investigate – If users are reporting dropped networks you’ll have to check the event logs, if users are reporting authentication issues you’ll have to check the network settings.

Automating with PowerShell: Disabling application consent on all tenants

Wed, 03 Nov 2021 17:24:38 +0100

Before we get into this, I recently setup a new CyberDrain Discord server for questions about CIPP, and the CTFs I give. Join our discord here

Automating with PowerShell: setting OneDrive ownership

Mon, 25 Oct 2021 13:23:13 +0200

So I’ve been hard at work on CIPP the last couple of weeks and because of that haven’t had time to blog really. The great thing is that all of the stuff I normally blog about is pretty easy to integrate into CIPP. One of them being the subject today; sometimes you have leavers in a company you manage and you’d like to transfer the OneDrive ownership to another user, so they can check if there are no important files in there before the user is permanently deleted.

Automating with PowerShell: A much better partner portal

Thu, 14 Oct 2021 16:04:19 +0200

This is my super secret project that I have been working on for some weeks. A lot of my time outside of work was sunk into this effort. Somewhere last year I made a post about a better partner portal. This was super well received and I got a lot of amazing feedback on it.

Automating with PowerShell: Disabling anonymous reports for Office365

Wed, 06 Oct 2021 13:15:26 +0200

It’s been a while since I’ve blogged! I’ve been super busy with a secret project I am hoping to release soon. This blog is dedicated to a friend of mine.

Automating with PowerShell: Deploying default Intune configurations

Mon, 20 Sep 2021 10:25:59 +0200

So I’ve been kind of Intune focused lately, mostly because I’m just really enjoying the technology. I also see that a lot of MSPs are still struggling with deploying a default autopilot configuration and are kind of avoiding it with the worries that you make a total mess of things. 🙂

Automating with PowerShell: uploading your RMM application to all Intune tenants

Fri, 10 Sep 2021 12:39:10 +0200

This script is based on some earlier work I’ve done for uploading general applications to Intune tenants, but I’ve transformed this into a module to allow a easy synchronization between your RMM system and M365. There’s some prework that’ll need to be performed for each supported RMM system. Check out the Gi thub page for the latest and greatest information as the blog can be outdated.

Monitoring with PowerShell: Monitoring interactive system execution

Sun, 29 Aug 2021 11:00:14 +0200

So this is a bit of a weird one, and more of an experimental idea than something I actually use in production. A friend of mine is using my PSexec monitoring script. He just has a couple of issue with that; he’s running an application that actively uses psexec to create some elevation. That’s quite annoying because he lost the ability to monitor weird behavior for that client.

Monitoring with PowerShell: Monitoring system temperatures

Sun, 29 Aug 2021 10:56:09 +0200

This blog was requested by one of the partners I work with. At times, you want to monitor the device temperatures and fan settings; you don’t want a machine to be constantly making noise because it’s having a hard time cooling down. While I’m not really one of the engineers that firmly believes in a high impact of temperature on normal workstations I can understand the annoyance the extra noise brings.

Documenting with PowerShell: Documenting mailbox sizes and settings

Sun, 29 Aug 2021 10:54:30 +0200

At my MSP, we like being aware of obscene growth of mailboxes and weird mailbox settings so we can warn our users or help them find a better workflow, This is why we document their mailbox size, and the settings of the mailbox to our documentation system. Our account managers and vCIOs can easily log into the documentation system at a QBR and explain to our clients where they could make some improvements.

Monitoring with PowerShell: Monitoring M365 privileged account changes.

Sun, 29 Aug 2021 10:51:47 +0200

We always like being aware whenever a user is granted an admin role in M365, and with more roles being added by Microsoft we think it’s pretty key to keep doing this, not just for the Global Administrators. For administrators that manage a single tenant this is quite easy; setup an e-mail alert whenever a elevation event occurs.

Automating with PowerShell: Setting up application consent

Sun, 29 Aug 2021 10:47:09 +0200

Application consent for M365 is a pretty cool feature – users can’t add their own applications but they are able to request an administrator to approve applications they need. That means the risk of OAuth applications gaining access to mailboxes is a lot lower.

Automating with PowerShell: Enabling MFA with Web-Sign in for Windows Devices

Mon, 16 Aug 2021 13:22:26 +0200

Microsoft has introduced web sign-in some months ago as an alternative way to log into Windows. Web Sign-in allows you to sign in using your M365 credentials and multifactor authentication token, or using a Azure AD Temporary Access Pass. Web-Sign in is pretty cool as users get presented with a modern authentication pop-up dialog when signing in, the same one they are used to seeing when logging into the Office suite applications.

Monitoring with PowerShell: Monitoring M365 Service Communications

Wed, 04 Aug 2021 11:30:05 +0200

Microsoft has decided to move the old service communication API to Graph endpoints, which is pretty handy for us as Microsoft partners because it makes it a little bit easier to retrieve these issues programmatically, and be aware of them before the client gives us a call at times.

Automating with PowerShell: Deploying AAD branding to all clients

Mon, 26 Jul 2021 10:08:03 +0200

I haven’t really been blogging the last week, that’s mostly because I’ve been focused on the CyberDrainCTF, which is going amazing. I am so happy with another successful event. Today, to catch up I figured I’d cover a request I saw in MSPGeek. One of the users there wanted to centrally change the branding of a tenant, specifically to change the texts show at logon.

Automating with PowerShell: Faster Exchange PowerShell commands

Tue, 06 Jul 2021 12:52:05 +0200

We’ve had the ExchangeOnlineManagement PowerShell module for some time now. This module is the faster and better method of managing Exchange Online via PowerShell – It just has some downsides right now for most Microsoft Partners.

Monitoring with PowerShell: Monitoring Azure App Proxies

Thu, 01 Jul 2021 09:43:07 +0200

Sometime back I made a youtube video about how to use Azure App Proxy. This was received really good in a lot of the communities I frequent but a worry popped up by someone recently; how am I sure that the Azure Application Proxy is always completely functional at my clients? You can monitor the service of course, but that does not mean that the entire connection to Azure is functional.

Monitoring with PowerShell: Checking if your device is compatible with Windows 11

Fri, 25 Jun 2021 20:58:30 +0200

Lots of cool announcements this week. Of course CyberDrain CTF is open for registration, but Microsoft also officially announced Windows 11. They’ve immediately released a tool which fell flat with a lot of engineers because intune managed devices cannot be checked for compatibility.

Automating with PowerShell: Deploying Microsoft Teams Templates

Tue, 22 Jun 2021 15:08:01 +0200

One of the biggest challenges we’ve faced when moving over our client base towards a cloud-only infrastructure has been the development of Teams. Teams is amazing tool on it’s own but there is a risk regarding governance and training, but also explosive growth of teams and the way these are implemented. Especially because Teams makes self-services super easy.

Monitoring with PowerShell: Predict when disk is full

Tue, 15 Jun 2021 13:04:05 +0200

I’ve always liked predictive monitoring as it allows you to be as proactive as you can be – making small analysis on stuff like disk space can make a huge difference in how you respond to incidents but I rarely see this integrated into RMM systems – Often there are some reports on which you could extrapolate this data manually but that means you’ll only do it on demand and it will require your time.

CyberDrain CTF: Registration Available Now

Sun, 13 Jun 2021 11:41:37 +0200

So this is a little bit different from my regular technical blogs, because I have a cool announcement: The second CyberDrain CTF is now open for registration. The CyberDrain CTF is a free capture the flag style event for MSPs, System Administrators and IT-Pros.

Tech in 5 minutes: Sending MFA requests to users.

Wed, 02 Jun 2021 11:40:48 +0200

Tech in 5 minutes is a new video series to help managed services providers, or technology specialists get small digestible bites about new technologies, complex scripts, and solutions you could be implementing in your MSP today. I’m fairly anti-tool culture where MSPs get a different tool for each minor inconvenience and focus just on that tool, so I’ll be focussed on modern technologies in the Microsoft stack, but also will cover other external tools if they make a big enough difference.

Automating with PowerShell: Quickly offboarding a M365 user

Wed, 02 Jun 2021 11:37:40 +0200

This is a bit of a sidetrack from my usual stuff – I normally focus on the larger and more procedural issues because I always believe that everyone does offboarding/onboarding in a different way, some people create shared mailboxes, others leave the license intact, or something else entirely. But one of my readers asked “Is there any way to create some more automation around that? I hate clicking around in the portal”. I understand where he’s coming from of course.

Automating with PowerShell: Sending MFA push messages to users

Fri, 28 May 2021 12:37:50 +0200

I’ve been trying to explore how Microsoft generates MFA pushes for some time now. I wanted to offer the same functionality for tools I am building. One of them being a AAD RADIUS replacement tool that’s almost done for public use, the other is a method of verifying the identity of a specific user. Unfortunately Microsoft doesn’t really publish any documentation about how they generate these tokens and send them to users.

Tech in 5 minutes: Azure Dynamic DNS

Tue, 25 May 2021 11:42:21 +0200

Monitoring with PowerShell: Monitoring oAuth application changes

Tue, 25 May 2021 11:36:50 +0200

Attackers these days are using more and more sneaky techniques to stay inside of your M365 tenant after a breach, oAuth phishing is picking up on popularity real fast and we’re seeing that with these attackers they’re no longer just targeting users, but also focus on administrators.

Automating with PowerShell: Unifi PowerShell module and creating network maps

Tue, 18 May 2021 11:49:52 +0200

So this blog is a two for one as I’m on vacation right now and enjoying some time off. First I’d like to tell you about a new module I’ve created and am starting to work on some more. Last week I’ve had a small thread on twitter with a friend that said something like “I’d love a tool that creates a draw.io network map for me” and I figured that would be a pretty cool tool too.

Tech in 5 minutes: M365 Universal Print

Wed, 12 May 2021 13:46:46 +0200

Documenting with PowerShell: Documenting Remote Access

Wed, 12 May 2021 13:21:13 +0200

A friend of mine recently requested if it would be possible to document some of the types of remote access tools that are installed on a computer, and list the possible access URLs; that way he could easily document which access methods are open and audit them once in a while to see if he should not be closing things down.

Monitoring with PowerShell: Monitoring Azure File Shares

Fri, 07 May 2021 09:23:59 +0200

So a while back someone asked me if it’s possible to monitor Azure File Shares. the reason for this question was due to a crashing WVD farm because the Azure File Share reached its quota real quick. After some consideration and tests I’ve first tried to use the connection string to extract this data but figured that was a fairly futile attempt.

Tech in 5 minutes: Azure Automation

Wed, 05 May 2021 10:33:52 +0200

Automating with PowerShell: Deploying Temporary Access passwords

Mon, 03 May 2021 10:42:07 +0200

So last time I spoke about Passwordless but skimped over the new feature TAP. TAP stands for Temporary Access Password and TAP is actually pretty cool, especially for MSPs deploying loads of devices. The TAP is a generated password that has a maximum amount of uses.

Tech in 5 minutes: RDS and WVD Autodiscovery

Fri, 30 Apr 2021 10:44:47 +0200

Automating with PowerShell: Deploying Send as Alias for M365

Thu, 29 Apr 2021 23:30:46 +0200

So Microsoft has finally caught up and now allows users to send emails from their aliases, a feature we’ve all been waiting for. To be able to send as an alias you’ll need to do two things. The first is to run the script that enabled the “Send From Alias” option. The second is to add the alias manually to the From Field. You do this by going to Outlook/OWA and selecting the from field. Click on “Other e-mail address” and manually enter the alias.

Monitoring with PowerShell: Monitoring M365 SPF,DKIM, and DMARC

Mon, 26 Apr 2021 13:48:20 +0200

In one of the groups that I frequent there recently was a small discussion about mail deliverability, some of the MSPs in that group started using external products to check if their DNS records are configured correctly for optimal delivery in regards to spam checking, filterings, etc. I figured I could show them how to do the same in PowerShell, which would ease the burden and they could remove yet another product from their stack. 🙂

Tech in 5 minutes: Azure Functions

Fri, 23 Apr 2021 12:37:44 +0200

Automating with PowerShell: Deploying WiFi Profiles

Tue, 20 Apr 2021 09:54:03 +0200

I’m working with one of my collaborators to create scripts for their RMM system and they got a request from one of their clients “Can we add WiFi profiles using PowerShell?” and of course I pointed them to my blog. Only to find to my shame that I never blogged about it.

Tech in 5 minutes: M365 Passwordless Authentication

Sat, 17 Apr 2021 13:59:26 +0200

Automating with PowerShell: Deploying passwordless Authentication

Fri, 16 Apr 2021 12:38:30 +0200

So passwordless authentication is something pretty awesome – It removes the need for users to know their own password because you can replace the password with a multifactor authentication prompt. Microsoft has taken Passwordless out of preview after about 2 years. Microsoft’s implementation of passwordless prompts the user to click the right number on their screen. This also prevents users from just hitting on “OK” for random push prompts, so again a little bit of extra safety.

Tech in 5 minutes: M365 MAM

Wed, 14 Apr 2021 14:54:17 +0200

Automating with PowerShell: Deploying Unifi DHCP Options

Mon, 12 Apr 2021 13:26:36 +0200

Hey all! a bit shorter one today as I am swamped at the office.

Tech in 5 minutes: MSIX Packages

Sat, 10 Apr 2021 15:34:22 +0200

Monitoring with PowerShell: Monitoring MFA Usage

Fri, 09 Apr 2021 11:43:27 +0200

So I’ve blogged about this before too, but times change and monitoring MFA usage is becoming a little more difficult . Microsoft allows per-user MFA, Security Defaults, and Conditional Access all to be used concurrently. I’ve created this monitoring script that returns which users seem to fall out of any Multi-factor authentication scope, and also reports what type of authentication is currently active on the tenant. Using the normal PowerShell methods you can only find if a user has per-user MFA enabled, if a user uses Conditional Access or Security Defaults it shows the per-user MFA state as disabled, which is a little annoying.

Tech in 5 minutes: M365/O365 Automation

Fri, 09 Apr 2021 10:36:18 +0200

Monitoring with PowerShell: External port scanning part 2

Mon, 05 Apr 2021 17:30:30 +0200

So recurring readers will be reading this title and go “Wait a minute, he already blogged about this” and you’d be right. With the recent Github Sponsorship taking off, I’ve decided to release some more public tools so life can be made easier for other MSPs. In the previous blog I’ve told you to create and upload a port scan file yourself to a web host, some people found it challenging because a lot of hosts block unknown outbound ports.

Tech in 5 minutes: Azure AD Application Proxy

Mon, 05 Apr 2021 17:29:56 +0200

This is a new video series I’m starting to help managed services providers, or technology specialists get small digestible bites about new technologies, complex scripts, and solutions you could be implementing in your MSP today. I’m fairly anti-tool culture where MSPs get a different tool for each minor inconvenience and focus just on that tool, so I’ll be focussed on modern technologies in the Microsoft stack, but also will cover other external tools if they make a big difference.

Monitoring with PowerShell: Conditional Disk Space monitoring

Mon, 29 Mar 2021 13:40:37 +0200

A couple of weeks ago I was talking to someone in one of the many MSP discords, and he was struggling with disk space monitoring. His RMM system is designed in such a way that whenever he added a disk space monitor to a machine it adds an entirely new component to the monitoring list. He also could not filter out if the disk is present or not. So if the machine does not have a D:\ Drive that component would fail.

Monitoring with PowerShell: Greynoise community IP reputation

Fri, 26 Mar 2021 19:39:54 +0100

Today Greynoise released a community edition of their API, I saw this flying by on Twitter and immediately decided to blog about it. I love it when vendors make major data points available for everyone, especially when the data could be super useful in security investigations.

Automating with PowerShell: Warranty lookups

Thu, 25 Mar 2021 09:45:21 +0100

A while back I’ve made a PowerShell module called PsWarranty that allows you to look up the warranty for all major vendors. I’ve integrated this module with many different RMM systems, documentation platforms, and PSAs. Lately, I’ve been getting some more questions about this module in regards to automatically updating the warranty information. Most people like reporting from their own tooling and rather just update the systems.

Automating with PowerShell: Deploying spoofing warnings

Fri, 19 Mar 2021 13:03:22 +0100

In one of the communities I’m active in someone recently asked if Microsoft has a default method of protecting against stuff like BEC fraud via email spoofing, we’ve all seen stuff like nearly matching domain names, display names that are copied, or just the plain “I am the CEO, plz transfer 1 million dollars now”.

Automating with PowerShell: Connecting to Microsoft Teams with the Secure Application Model

Wed, 10 Mar 2021 16:05:13 +0100

Since the creation of the Secure Application Model more and more modules are supporting it, which is great to see, although at times the documentation is slightly lacking. One of those applications is the MicrosoftTeams module. It’s great to be able to connect to specific teams from your own partner tenant to perform automated tasks or alert on changes that aren’t supposed to happen.

Automating with PowerShell: Secure App Model Refresh tokens

Tue, 09 Mar 2021 16:33:46 +0100

So this is a quick one because I’ve had a talk today and noticed I never gave a fully automated way to get refresh tokens, endlessly. 🙂

Documenting with PowerShell: Documenting admin actions

Mon, 08 Mar 2021 08:40:01 +0100

So with all this exchange news going around, I figured there’s enough people writing about that so I won’t bother; there’s lots a smart scripts flying about that can be used to find the webshells, etc. Instead I’m focussing on M365 admin actions.

Monitoring with PowerShell: Monitoring Windows Server Backup

Fri, 05 Mar 2021 11:39:04 +0100

This past week I’ve been suffering from a terrible cold, so I haven’t been blogging very actively because my brain is running at 5% of it’s normal capacity. This blog has been requested a couple of times by readers. I whipped this up real quick…:)

Monitoring with PowerShell: Monitoring Bitdefender status

Thu, 25 Feb 2021 11:15:57 +0100

We’re considering moving RMM systems, and that means reevaluating parts of our stack. One of the pain points in our current stack is the monitoring of anti-virus, we often felt like there is not enough transparency and data returned via our RMM system. Either the system does not return the current state of alerts or forces us to use separate portals.

Monitoring with PowerShell: Monitoring listening applications

Tue, 23 Feb 2021 09:24:26 +0100

In one of the online communities I follow someone encountered an issue with application listeners and ports being in use. The use case is that users have a Autocad type application installed that launches a server on a specific port; the users also run a remote control application that at times steals the port.

Documenting with PowerShell: Remote Access Methods

Mon, 22 Feb 2021 12:32:51 +0100

At our MSP we have a plethora of methods to connect to a specific device, for a server we might have iDrac configured, for a VM we’ll have our RMM and remote control tooling, and it gets annoying from time to time to make sure all of these are documented. We do feel documenting these remote access methods are key – If an engineer that knows nothing about the environment needs to connect for the first time we want the info to be present.

The start of CyberDrain CTF is today!

Mon, 15 Feb 2021 09:17:19 +0100

Today is the start of the CyberDrain CTF! At 13:00 CET I’ll be launching the capture the flag challenges. Most of you have messaged me wondering what to expect and had several questions about how I’m going to be judging and assisting everyone, today I’ll be able to clear some of this stuff up;

Monitoring with PowerShell: Monitoring Storage Spaces and Windows RAID

Fri, 12 Feb 2021 10:17:52 +0100

So this blog was requested a lot lately – I’m not a big fan of using Windows RAID anywhere but Storage Spaces is becoming more relevant each day, with S2D and larger deployments. Storage Spaces is Microsoft’s successor to the classical Windows Software RAID options.

Monitoring with PowerShell: Monitoring BSODs without event viewer

Thu, 04 Feb 2021 10:39:19 +0100

I’ve written about monitoring BSODs some years ago. Back then I simply used a event log lookup as an example how to monitor BSODs. I never really liked that method because it did not give me all the verbosity I would’ve liked. Moments after I published that blog I’ve actually made a better monitoring set that I did not share; so I figured others might benefit from it now.

Monitoring with PowerShell: Monitoring Powershell Protect

Wed, 27 Jan 2021 19:55:04 +0100

So let’s start with the great news first; PowerShell protect is now open-source and free to use! PowerShell Protect is a AMSI Provider for PowerShell, now technically this sounds rather complex but it pretty much means that PowerShell Protect is able to secure the PowerShell host in the same way your antivirus does.

Monitoring with PowerShell: Monitoring WVD availability

Thu, 21 Jan 2021 16:42:09 +0100

We’re in the middle of WVD deployment at my MSP. This client is located all over the world and needed an easy way to manage virtual desktops over many regions. This deployment actually got me thinking about how monitoring the WVD environment should be done.

Automating with PowerShell: Automatically following all Sharepoint Sites or Teams for all users

Wed, 13 Jan 2021 10:53:59 +0100

So a while back we had a client that uses a lot of sharepoint sites. The client only used Sharepoint online, and found it hard to find all the sites in one place. We pointed them to https://YOURDOMAIN.sharepoint.com/_layouts/15/sharepoint.aspx which gives a nice overview of sites and teams.

Monitoring with PowerShell: Monitoring potential phishing campaigns

Fri, 08 Jan 2021 13:21:46 +0100

So Microsoft offers a lot of cool tools for Microsoft 365 users, even if you aren’t using the complete suite. One of these is potential phishing detection, by default Microsoft does an analysis of each received e-mail to check if they are potential phishing attempts. You can check these via the interface by going to protection.office.com, Threat Management and clicking on the dashboard.

Automating with PowerShell: Deploying StorageSense

Mon, 04 Jan 2021 11:39:59 +0100

This is a follow up blog on last weeks blog of monitoring Storage Sense settings; to read about that check out the previous blog here. Monitoring Storage sense can ease your maintenance workload, but you do need a way to deploy StorageSense too.

Monitoring with PowerShell:

Sun, 03 Jan 2021 23:32:24 +0100

Monitoring with PowerShell: Monitoring Storage Sense settings

Thu, 31 Dec 2020 11:44:22 +0100

So let’s talk about Storage Sense. Storage Sense is a new-ish feature in Windows 10 which should replace the standard disk cleanup utilities. It has a lot more power than just disk cleanup as it can detect how long files have been in use and react based on age.

Ending the year with PowerShell: Retrospective

Tue, 15 Dec 2020 10:08:56 +0100

I always like December because everyone gets all in the mood to do these retrospectives; and 2020 was crazy for everyone! for my personally it had a heavy loss, but also a lot of positivity. I enjoy looking at the raw numbers to see how far I’ve gotten.

Monitoring with PowerShell: Typosquat domain checking

Thu, 10 Dec 2020 09:22:32 +0100

One of my team members was following Blackhat today and showed me a pretty cool tool they demonstrated during the conference. The presenters showed a method of checking if your O365 domain was being Typosquated. The tool can be found here. The presenters made a Python tool, and I figured to create an alternative in PowerShell.

Automating with PowerShell: Adding domains to IT-Glue programmatically.

Mon, 07 Dec 2020 14:15:58 +0100

So ITGlue is a great application and has a lot of API’s available. Unfortunately there is no API to add domains or SSL certificates to IT-Glue. Seeing as I have a couple of sources where domains and SSL certificates come from I’d still like to add them programmatically.

Automating with PowerShell: Joining teams meetings with a code

Sun, 06 Dec 2020 12:13:23 +0100

In one of the MSP communities I’m in recently the following question was asked;

Automating with PowerShell: Backup Teams Chats

Fri, 04 Dec 2020 13:20:51 +0100

I’ve recently had a small discussion with a friend that is using Teams as his primary collaboration platform, just like our MSP does internally. He told me that the only thing that he is really missing is a backup feature of Teams chats. He often deletes entire teams or channels after a project finishes but his backup product only has the ability to backup files and folders inside of the Teams Sharepoint site.

Monitoring with PowerShell: Monitoring NAS devices

Tue, 01 Dec 2020 11:00:30 +0100

This was actually requested a couple of times but I’ve always seem to hold off on it, mostly because we don’t use that many NAS devices anymore. I did decide to make it a bit more universal than just NAS devices really – It’s about monitoring any device that has SSH access and of which you know the commands that you need. I’ve just used NAS’s as an example in this case.

Monitoring with PowerShell: Monitoring print queues

Fri, 27 Nov 2020 10:40:22 +0100

So this one is related to my recent blog about documenting printers; right after the blog I got some comments that I never focused on printer monitoring. I think that’s because printers have a mental block in my mind as I see them as pure evil. 🙂

Monitoring with PowerShell: App hangs

Mon, 23 Nov 2020 11:18:25 +0100

I was talking to a friend the other day and he was using my user experience script in his RMM system for a while. He told me that he loved having the ability to measure the users experience but he had some clients with in-house applications that would write errors to the system log constantly, or he had other clients with crashing services that could not be prevented.

Documenting with PowerShell: Documenting Print Servers

Tue, 17 Nov 2020 15:00:16 +0100

Before I start on this; I agree. Printers are the bane of our existence in IT and I am hoping for a paperless environment each day. Unfortunately we’re not at that future just yet, so we have to document print servers and their settings.

Automating with PowerShell: Checking if you can move to M365 BP from O365 E3

Fri, 13 Nov 2020 14:22:22 +0100

So with M365 BP having nearly all the features that E3 gives you, albeit with some limitations a lot of our clients are moving their E3 licenses over. M365BP has the added benefit of Intune/Autopilot, P1 licenses, etc. So all pretty awesome stuff.

Monitoring with PowerShell: Monitoring Domain Admins logon

Tue, 10 Nov 2020 10:17:12 +0100

So this is one I’ve been researching for a new tool I’m creating. AzPAM, AzPAM will be a Privledged Access Management tool that will be living in your Azure environment, mostly designed for MSPs. If you want to see how AzPam looks or contribute, check out the Github page about it here. I should be pretty close to releasing an alpha version soon! 🙂

Monitoring with PowerShell: Monitoring Outlook offline mode and OST Sizes, and active PSTS.

Thu, 05 Nov 2020 13:19:36 +0100

As some of you have noticed I haven’t really been blogging for the past 2 weeks. My father recently died and I had to take some me-time. I’m going to be getting back to blogging regularly again starting now 🙂

Automating with PowerShell: Changing Modern and Basic authentication settings

Fri, 23 Oct 2020 11:09:20 +0200

A friend of mine recently asked the question on how he could edit the Modern Authentication settings in Office365. He found that when he went to the new Settings Pane for Modern Authentication he could change settings specifically to block older clients.

Monitoring with PowerShell: Monitoring driver issues & Monitoring ZeroLogon

Mon, 19 Oct 2020 10:37:12 +0200

So today I’m tackling two monitoring blogs again. We’re going to have a small script that checks if all devices currently have drivers installed, and if they are not in a alerting state. This is mostly useful for when a docking station or network card, or other USB device is having issues and reporting that in the Device manager. It allows you to proactively get help the user get the most out of their system.

Automating with PowerShell: Creating your own password push

Fri, 16 Oct 2020 10:58:11 +0200

I was recently talking with some friends in MSPGeek about Password pushing options, and that it’s kind of strange of relying on a third party closed service to generate and send passwords to clients. You’re not 100% in control and often it misses some form of functionality like a password generator or somesuch.

Automating with PowerShell: Enabling Secure Defaults (And SD explained)

Mon, 12 Oct 2020 10:41:32 +0200

In one of the groups I am in there was some confusion about how Secure Defaults work and how to deploy the Secure Defaults centrally, so I figured I would try to help with this.

Documenting with PowerShell: Autotask Stack Documentation

Wed, 07 Oct 2020 20:56:45 +0200

This blog is based on Gavin Stones amazing work on gavsto.com. Gavin is a good friend of mine and he helps out our community a lot. As before I worked with his glance cards within IT-Glue that make documentation prettier.

Automating with PowerShell: Deploying Azure Functions

Mon, 05 Oct 2020 09:51:40 +0200

First I have to make a little comment about the previous weekend; namely I’ve been awarded the Microsoft MVP status last Thursday. It’s still a surreal and bizarre experience really. I’d like to thank all my readers and my friends for supporting me. It’s great to get the acknowledgement that I’m doing the right thing for our community. So again, thanks. 🙂

Monitoring with PowerShell: Monitoring Dynamic VHDX files.

Thu, 01 Oct 2020 11:46:20 +0200

Using Dynamic VHDX files isn’t a real big problem in most cases – Especially when you pay a lot of attention to how your storage layer is designed and how you’ll give VM access to that data, but at times with many administrators it can become confusing to monitor if the dynamic disk total does not exceed the physical disk total.

Monitoring with PowerShell: Monitoring O365 unused products

Mon, 28 Sep 2020 10:48:46 +0200

As an MSP we manage a lot of clients, and I’m pretty sure we’ve all been in situations where a client had some leavers in the company and not notify us as the administrators, or that the client had some very inactive users that don’t really need to be licensed or could be converted to a shared mailbox for example.

Documenting with PowerShell: O365 Groups (And Warranty updates)

Thu, 24 Sep 2020 13:12:56 +0200

This one was request by a pal of mine that I know via a MSP discord; He wanted a way to document the users in O365 groups and see what type of group it was in one go. To do this, we’re leveraging the Graph API. As in most of my blogs I have a IT-Glue version and a version in HTML for these that use different documentation systems.

Documenting with PowerShell: Documenting mobile devices

Mon, 21 Sep 2020 11:29:28 +0200

This was a request by a friend in one of the peer groups I operate in. He wanted a method to document which mobile devices exist in a O365 tenant and put them into IT-Glue as configurations. I figured I’d help him real quick and blog about it.

Documenting with PowerShell: Hyper-v and physical server settings

Wed, 16 Sep 2020 15:10:47 +0200

So a while back I helped people documenting their physical servers, the biggest complaint about that blog was that “at a glance” you couldn’t really see what the server did, if it was a cluster member or not, and how the physical layout of the server was.

Monitoring with PowerShell: Monitoring network traffic

Mon, 14 Sep 2020 08:20:20 +0200

My holidays are over, and it’s back to blogging! I hope you all enjoyed the previous webinar I did in my holidays. For me it was a lot of fun and I’m doing a more advanced one soon, when I find some time. for now I’m going to be quite busy with other speaking engagements such as a couple of Solarwinds Events, and Huntress Hack_It!

Powershell for beginners webinar Part 2

Wed, 09 Sep 2020 22:24:31 +0200

Lots of people joined the webinar, It was super cool and hopefully I taught you all something.

Monitoring with PowerShell: Monitoring legacy authentication logons

Thu, 27 Aug 2020 11:39:26 +0200

This is going to be the last blog for a couple of weeks, as I’m going to be enjoying some vacation time. I’ll be seeing you all soon! 🙂

Monitoring with PowerShell: user experience issues & Unifi EOL Monitoring

Mon, 24 Aug 2020 10:56:33 +0200

This time I’m tackling two blogs in one go again as both are fairly small and straightforward.

Monitoring with PowerShell: Monitoring O365 alerts

Fri, 21 Aug 2020 10:56:16 +0200

So today we’re tackling two blogs in one again, we’re going to be focussing on two different types of alerting policies.

Monitoring with PowerShell: Monitoring DNS forwarders

Mon, 17 Aug 2020 09:01:49 +0200

One of my friends recently told me that DNS forwarders might be a nice subject to talk about,He had an issue with his forwarders not responding and solved that with PowerShell.

Automating with PowerShell: Increasing the O365 Secure Score

Wed, 12 Aug 2020 23:02:47 +0200

At the start of this week I’ve blogged about reading the secure score and documenting it. This is of course just one part of the new beta Secure Score module. The next one is actually the more fun part; applying the correct security settings to a tenant.

Documenting with PowerShell: Office 365 Secure Score PowerShell module

Sun, 09 Aug 2020 23:27:45 +0200

A while back I wrote a blog about the Secure Score and how to increase it. After that blog I got a lot more questions about documenting Secure Score with the Secure Application model.

Documenting with PowerShell: Documenting Office 365 guest access

Fri, 07 Aug 2020 09:36:53 +0200

So a little while ago we’ve had a client that works a lot with external contractors. These contracts are invited as guests into their Teams. This client came up to us recently and asked “Hey, I wanna know what my contractors are doing”. Normally speaking we’d just point them at IT-Glue and tell them to look there, but we didn’t really have anything for guest access yet.

Monitoring with PowerShell: Monitoring B-Series VM credits

Mon, 03 Aug 2020 12:13:07 +0200

A lot of MSPs use the B-Series VMs for tasks, and why woulnd’t you? It are cheap VMs that allow you to use azure as a cost effective solution for clients. The B-Series VM are “burstable” VMs, meaning they don’t get the full CPU performance constantly.

Documenting with PowerShell: Documenting Azure VMs (And lighthouse setup)

Wed, 29 Jul 2020 15:08:48 +0200

So this blog is actually two blogs all wrapped into one lovely package; I’m going to be showing you how to setup Azure Lighthouse, giving you the ability to manage your clients from your own partner portal, or via PowerShell.

Monitoring with PowerShell: O365 location alerts

Mon, 27 Jul 2020 10:31:50 +0200

A while back someone asked me to convert a script they had to the Secure Application Model. This specific script checked the Office 365 audit log IPs against a online database of locations. I declined at first and suggested it to look into Microsoft 365, a P1 or P2 subscription which allows you to do this native.

Documenting with PowerShell: Documenting the O365 portal

Thu, 23 Jul 2020 13:31:09 +0200

A couple of years ago Eliot at GCITS wrote a great script to update the Office365 portal’s within IT-Glue. This script synced a lot of user information to IT-Glue and kept everything up to date if ran by a function.

Monitoring with PowerShell: Host isolation

Mon, 20 Jul 2020 21:54:22 +0200

So 2 weeks ago we talked about PowerShell canaries and using them as an early warning system. I got a couple of questions about the follow up, especially the host isolation. There’s a lot of tricks that you can use to isolate a host from others.

Monitoring with PowerShell: Notifying users of Windows Updates

Fri, 17 Jul 2020 22:03:12 +0200

With my recently released RunAsUser module there’s been an influx of questions on what it could be used for. I’ve tried to describe as much as possible on the github page and the previous blog about it. But one I wanted to talk about real quick is the ability to create Toast notifications.

Automating with PowerShell: Impersonating users while running as SYSTEM

Wed, 15 Jul 2020 09:38:49 +0200

I’ve demonstrated in a couple of blogs like the OneDrive Sync Monitoring and the OneDrive File Monitoring that it’s possible to impersonate the current user when a script is actually started by the NT AUTHORITY\SYSTEM account.

Monitoring with PowerShell: Monitoring the Onedrive client limitations

Mon, 13 Jul 2020 09:03:57 +0200

I wrote about monitoring the Onedrive sync status some time ago. That blog gained a lot of popularity. Implementing it allows you to monitor Onedrive, which runs in user mode while using your RMM that often runs under system.

Automating with PowerShell: Teams Automapping

Wed, 08 Jul 2020 20:17:18 +0200

Something like 3 years ago I wrote a blog about using PowerShell to configure Onedrive sites using the odopen protocol. This was pretty much the only method to configure Onedrive to automatically map sites and have a zero-touch configuration.

Monitoring with PowerShell: AD KRBTGT & making your own canaries

Mon, 06 Jul 2020 09:04:41 +0200

I decided this time I’m gonna be combining two small blogs, because they’re both pretty small and easy. Both are somewhat security oriented. The first part of the blog we will tackle monitoring the KRBTGT password. This needs to be reset on a regular schedule to ensure bad actors can’t abuse it.

Documenting with PowerShell: Breaches using the HIBP API

Sun, 28 Jun 2020 17:08:51 +0200

So I was thinking of this idea for a bit. My sales team got approached by a product that gives you information about what breaches you are in. There were a couple of issues we had with this product. The first part is that 90% of its data comes from the public “Have I been Pwned” database, while they claimed it was their own. The second was that the tool did not integrate with our documentation system directly. There were some weird limits like a maximum of one domain per client, so I figured I’d try to build something myself instead.

Monitoring with PowerShell: Monitoring Shodan results (in-depth)

Fri, 26 Jun 2020 10:11:17 +0200

Sometime ago I made a blog about monitoring your environments by using PowerShell and the Shodan API. This blog was well received but I felt like it could use a lot of improvements. The data returned wasn’t all that useful for some, and sometimes you want to exclude specific ports in case of an actual webserver for example.

Documenting with PowerShell: Documenting DHCP server settings

Mon, 22 Jun 2020 10:37:40 +0200

This script was requested by a friend of mine. She had trouble keeping her IP address management under control. A lot of changes on super and subscopes within networks caused her to lose oversight and she was wondering if there wasn’t a clean and automated way of generating documentation for this.

Monitoring with PowerShell: Monitoring Azure AD Devices and users age.

Fri, 19 Jun 2020 08:59:03 +0200

So we’re managing more and more cloud only clients. This is fantastic because you don’t have to worry about all the old worries like keeping a server online and updated. Another cool thing is that it becomes a lot easier to manage devices and endpoints.

Monitoring with PowerShell: Monitoring Active Directory Health

Mon, 15 Jun 2020 09:14:27 +0200

Some time ago I wrote a blog about monitoring Active Directory replication. A couple of days ago a friend in Slack asked me if I have anything for monitoring the entire general health of a domain controller, and not just replication.

Automating with PowerShell: Using the new Autotask REST API

Fri, 12 Jun 2020 13:04:57 +0200

So I’m a bit later than normal with blogging, that’s mostly because I was working on this project a little longer than usual. Autotask recently released update 2020.2 and this update includes a new REST API.

Documenting with PowerShell: Documenting Microsoft Teams

Sun, 07 Jun 2020 18:34:06 +0200

I was thinking of creating an automated teams mapping tool, which runs when a user logs on to a new machine to automatically sync all the Teams sites required and joined. I mostly wanted to do this because the current implementation of the registry/GPO method can take up to 8 hours.

Automating with PowerShell: an Azure DynDNS replacement.

Wed, 03 Jun 2020 21:37:42 +0200

We’ve been using DynDNS Managed DNS for a long time. We use Managed DNS to offer dynamically updating DNS records for clients with either on-site services, or where we believe that dynamic updating of records is needed.

Automating with PowerShell: Storing Office 365 audit logs longer than 90 days

Mon, 01 Jun 2020 11:33:51 +0200

A friend of mine recently bumped into an issue; his client wanted to know when a specific user logged on for the last time. The problem was that he did not have the unified audit log enabled, but even if he did the time-span was too long. We got lucky at using just the mailbox audit log over the past days so he could help his clients. He still worried about the Unified Audit logs and only having 90 days of logging.

Automating with PowerShell: Using the Secure Application model updates.

Thu, 28 May 2020 09:45:29 +0200

I have a feeling I might be giving people a blogging overdose, but I’ve been playing with so much cool stuff the last couple of days. So lets get the ball rolling; I’ve finally found a method to connect to the SCC succesfully using the Secure Application model.

Automating with PowerShell: Creating dynamic distribution groups in all O365 tenants

Wed, 27 May 2020 11:10:49 +0200

Someone on the /r/msp reddit, and a Slack that I frequent asked if it is possible to create an “all users” distribution group with PowerShell, and keep it up to date. I figured to spend some time on it.

Documenting with PowerShell: creating a device audit log

Mon, 25 May 2020 12:38:57 +0200

My engineers sometimes have questions about past events on a specific machine, to which I often point them towards our RMM system. The RMM system contains a bulk of data that can be used to make analysis.

Documenting with PowerShell: Syncing Unifi devices to IT-Glue

Sun, 24 May 2020 19:32:53 +0200

This blog should be used in together with my previous blog about Unifi documentation. This script syncs all devices to IT-Glue and makes sure the configurations are in sync with eachother.

Documenting and monitoring blogs updates

Thu, 21 May 2020 13:45:24 +0200

No new blog today, its officially a bank holiday and I’m enjoying the sun 🙂 I did make sure not to leave my readers empty handed. A bunch of my blogs got a little bit outdated, so I decided to update them.

Documenting with PowerShell: Documenting Unifi infrastructure

Mon, 18 May 2020 08:21:45 +0200

This blog is based on an earlier blog by Eliot Munro; Syncing Unifi Sites with IT-Glue by Eliot Munro. I loved the script, but wanted a little bit of extra information, I also didn’t really like the syncing with a Sharepoint list, so I modified the script to use the site name instead.

Monitoring with PowerShell: Preventing PowerShell based attacks (LoLBas)

Thu, 14 May 2020 11:01:51 +0200

In the last Huntress Tradecraft Tuesdays there was some discussion about using “Living of the land” techniques. Living of the land means using the tools available on the operation system to achieve access. There’s a lot of ways that bad actors are now using these system tools to deploy ransomware for example.

Monitoring with PowerShell: Monitoring the used MFA type for O365/Azure.

Wed, 13 May 2020 12:31:17 +0200

We all know it’s key to have your security hygiene in order, a large part of that is your multi factor authentication deployment. Having all users use MFA these days is a no-brainer, but not all types of MFA are made equal. For example; MFA via text-message is generally considered unsafe.

Monitoring using PowerShell: Getting mailbox rules from the audit log

Mon, 11 May 2020 08:52:41 +0200

Some time ago I spoke about monitoring mailbox rules with PowerShell and how we’ve always used the “Get-inboxrule” cmdlet as delegate administrator to retrieve the rules and alert on them. Its been brought to my attention that recently API-created rules are no longer showing up using get-inboxrule.

Automating with PowerShell: Creating named accounts

Wed, 06 May 2020 22:00:32 +0200

So this blog is attached to the MSP Security Summit presentation I’ve given. These scripts are some examples on how you could deploy named accounts with your RMM system. How to deploy the scripts as securely as possible really depends on your RMM system – Some systems allow you to pass passwords as secure strings, others require plain text but keep everything in memory to prevent the credentials from leaking.

Automating with PowerShell: Automating Warranty information reporting.

Mon, 04 May 2020 10:22:00 +0200

One of the reddits I frequent has been seeing a lot of complaints lately about warranty information being incomplete or there’s complaints about the pricing of warranty information products. Most of these complaints are aimed at a specific product which is showing very shady sales tactics and general bad business practices lately.

Monitoring with PowerShell: Monitoring Windows Performance Index

Thu, 30 Apr 2020 21:27:24 +0200

First things are first: I just got awarded the new and prestigious Azure Hero award. Im an Azure Content Hero, of which only 250 are awarded. I am super thankful and very excited for this as its a great recognition for my work on this blog. I really want to thank the people that nominated me.

Documenting with PowerShell: Using PowerShell to create faster partner portal

Mon, 27 Apr 2020 14:41:38 +0200

I love having the ability to manage all clients from a single portal. My only issue is that the partner portal is quite error prone and sluggish, and it seems to get worse with each added client.

Documenting with PowerShell: Documenting intune applications

Wed, 22 Apr 2020 12:38:34 +0200

So I’ve been writing about intune for a couple of times now, and figured I’d make another documentation blog. We’re going to document the applications. As always I will show you both IT-Glue, and a generic HTML version.

Automating with PowerShell: Automatically uploading applications to intune tenants

Sun, 19 Apr 2020 18:29:56 +0200

So I’ve been doubting if I should make this blog. I found that others had already done this and maybe my method would just be redundant. After some slight convincing I figured my method does have its merits. One of them being that it uses the secure application model, and thus its easy to apply to all partner tenants for a CSP, the other benefit is that this could run headless as a completely automated solution.

Monitoring with PowerShell: Monitoring DFSR status

Fri, 17 Apr 2020 12:09:13 +0200

There were a couple of projects I was working on, one of them being a method to upload intune applications to all tenants in a CSP. Turns out that someone else already made that so I won’t be blogging about it directly. If your interested in that you can check out this link. This did swallow most of my time, so instead I figured I’d publish a smaller blog today.

Monitoring with PowerShell: Monitor SSL certificates

Mon, 13 Apr 2020 20:34:13 +0200

A friend of mine recently asked if I had a solution for monitoring ADFS and exchange certificates. Funnily this was actually a challenge I’ve struggled with in the past. The problem is that each of these systems has their own way of getting the currently installed certificates.

Monitoring with PowerShell: Monitoring Rogue DHCP Servers

Wed, 08 Apr 2020 11:07:04 +0200

So recently we’ve had an issue with a co-managed client where a network projector suddenly started running a DHCP server on the network. Normally speaking this would get picked up by DHCP guarding options we set up on our unifi stack. In this case the DHCP guarding options did not work. So this was the result of the client not wanting to have their network managed by us.

Monitoring with PowerShell: Monitoring DNS record changes

Tue, 07 Apr 2020 09:23:15 +0200

Short one today, as I’m super busy with regular work. 🙂

Automating with PowerShell: Automating intune Autopilot configuration

Fri, 03 Apr 2020 11:05:47 +0200

So yesterday I was watching a webinar about intune and Autopilot. Autopilot is pretty cool for MSPs because it becomes fairly simple to give users a nice OOBE. It also makes setup for devices a lot less of a hassle, the only issue that was spoken about during the webinar is that there is still a lot of manual clicking.

Monitoring with PowerShell: Monitoring client VPN settings

Tue, 31 Mar 2020 09:24:09 +0200

So with all that’s going on a lot of people are having trouble keeping up with setting up VPNs correctly. I’ve also struggled with clients that do not have a cloud only solution but are still on a hybrid method of working.

Monitoring with PowerShell: monitor and enabling WOL for HP, Lenovo, Dell

Thu, 26 Mar 2020 08:30:22 +0100

Some of my friends (Hi Joe! Hi Tyler!) recently requested a script to both monitor and enable WOL for workstations at their clients. WOL stands for Wake-On-Lan and is used to boot machines without user intervention. There are two forms of WOL: OS based, to let a machine start up from standby or hibernation, and BIOS based to boot computers which are completely turned off.

Monitoring with PowerShell: VSS Snapshot size

Tue, 24 Mar 2020 08:52:50 +0100

We’ve been doing some work for another IT company of a friend of mine. I’ve been helping him with automation inside of his RMM system. He is like me and really likes to have VSS as a third or fourth backup solution, just for those small emergencies when a file is deleted.

Monitoring with PowerShell: Monitoring Onedrive and Sharepoint file limits

Fri, 20 Mar 2020 08:34:33 +0100

I love our cloud deployments. I’m amazed at how well people are adapting to working with an online online environment and using the tools cross platform such as the Onedrive and Teams client. As both a tech, and on the management side of the house it’s great to see such flexibility.

Documenting with PowerShell: Documenting Office 365 usage reports

Tue, 17 Mar 2020 09:53:53 +0100

I like knowing what specific parts of Office365 my clients use most, so I can customize their experience to the way they work. This means I can send them manuals for mobile usage when they are only using mobile phones, or I can help them in using Teams, Onedrive, or other stuff like Planner or ToDo to the fullest.

Monitoring with PowerShell: Monitoring Active SMB sessions.

Fri, 13 Mar 2020 09:14:32 +0100

So with the new SMBv3 Remote Code Execution issues codenamed “SMBGhost”. SMBGhost is an issue where an attack could gain remote code execution by exploiting a bug in SMB compression. A temporary fix is disabling SMB compression on the server side using this registry key:

Documenting with PowerShell: Passportal API Examples

Wed, 11 Mar 2020 09:25:41 +0100

UPDATE: The blog below is based on a private alpha/beta, and as such complete documentation is not yet available. Solarwinds is working on making the API available to everyone. 🙂

Monitoring with PowerShell: Monitoring Unifi site configuration

Wed, 04 Mar 2020 10:10:29 +0100

So I’ve done a couple of blogs about Unifi before. You can find those here, here, and here. I really like the entire Ubiquiti Unifi stack thanks to the ease of configuration. This ease of configuration does make it so that everyone can install it, even though mistakes can be made.

Using PowerShell to generate and deploy Group Policies for non-domain environments

Sun, 01 Mar 2020 23:15:24 +0100

So I’ve been having a hard time coming up with a title for this one. As I’ve stated in previous blogs we’re moving more and more clients to cloud only environments using Azure AD, Teams, and Onedrive as their collaboration and file sharing solution. The issue with this was that it became quite difficult to deploy GPOs. This was especially bad when wanting to use ADMX templates. We could use Intune but found that even there we had so many limitation it would not work for us.

Monitoring with PowerShell: Monitoring Dell Driver Updates (DCU 3.1)

Wed, 26 Feb 2020 09:16:24 +0100

Previously I’ve written a blog about Dell Command Update and its ability to monitoring and download updates. This blog was based on Dell Command Update 2. As it is with all applications this started working less on newer machines. To resolve this Dell released a new major update for Dell Command Update which according to Dell, works on 99% of the Dell devices.

Documenting with Powershell: Documenting Hyper-V settings

Mon, 24 Feb 2020 14:58:07 +0100

It’s been a couple of weeks since I’ve touched my Documenting with PowerShell series. I figured to get it started again we get going with Hyper-v. I use Hyper-v for nearly all our virtualized deployments. This script documents the following items:

Monitoring with PowerShell: Monitoring SMART status using SmartCTL.

Thu, 20 Feb 2020 11:04:01 +0100

Some time ago I wrote a blog about monitoring SMART status with CrystalDiskInfo. After bringing this script over to our production RMM environment everything seemed good. But when I looked a little deeper I found that the script failed on NVME drives. NVME drives handle SMART-Status different from ‘regular’ SATA drives.

Monitoring with PowerShell: Monitoring internet speeds

Sun, 16 Feb 2020 19:31:49 +0100

It seems like I’m having a week of requests. This one was requested by my friends at Datto. One of their clients wanted to have the ability to run speed-tests and have their RMM system generate alerts whenever the speed drops. I’ve made the following PowerShell script that uses the CLI utility from speedtest.net. This utility gives us some nice feedback to work with;

Monitoring with PowerShell: WAN IP changes and Active Directory ages

Thu, 13 Feb 2020 17:39:52 +0100

I’ve been super swamped the last couple of days, as we’re working on our ISO27001 audit in our office. This means most of my time is just being swallowed by auditors. I’ve decided to not break my streak in releasing my blogs on time so this time we’re covering some requests from our readers!

Monitoring with PowerShell: Monitoring psexec execution

Mon, 10 Feb 2020 08:34:35 +0100

A bunch of bad actors these days uses the great psexec tool by Sysinternals/Microsoft to try to move through the network latterly. PSExec allows you to remotely execute commands on different computers through a very simple command line interface. PSexec also allows you to execute commands or scripts as the SYSTEM account.

Monitoring with PowerShell: Monitoring O365 / Azure Breakglass account logon.

Tue, 04 Feb 2020 13:54:09 +0100

Microsoft advises to keep a “breakglass” account for environments in case of a major cell malfunction or other emergency situations. Our worry about these accounts has always been how to check if they have not been compromised or even used in anyway.

Documenting with PowerShell: Documenting Azure AD Settings

Sun, 02 Feb 2020 18:29:56 +0100

Almost all of my clients currently are running Office365 and AzureAD in some shape or form. I like having the ability to look at what exactly is going on in their Azure AD environment. Previously we’ve talked about documenting the office365 side. Today we’re going to be using the Azure AD module to create documentation for all of our clients.

Monitoring with PowerShell: Monitoring Onedrive Known Folder Move

Thu, 30 Jan 2020 16:49:59 +0100

So my clients are moving to a cloud only based model more and more each day. In most cases this means storing their data in Team/Onedrive. We use the option for Known Folder move. (KFM). The known folders are the Desktop, Pictures, and Documents folder. to setup KFM we use the guide by Microsoft. Quite simply we execute the following PowerShell commands via our RMM system.

Documenting with PowerShell: Increasing the Office365 Secure Score.

Mon, 27 Jan 2020 08:57:57 +0100

So previously we’ve spoken about documenting the Office 365 Secure Score. For a great resource on this I’d suggest you check out Eliot’s blog on documenting the Secure Score here. Its a fantastic resource.

Documenting with PowerShell: Downloading and storing the Office 365 Audit logs (With search!)

Fri, 24 Jan 2020 10:31:05 +0100

As we’re continuing the documenting with PowerShell series I’d like to take a step away from our regular IT-Glue and Documentation scripts and look at something that is related to documentation but also the monitoring side of the house. We’re going to be checking out the Office 365 Unified Audit log.

Monitoring with PowerShell: Monitoring users that are blocked for login

Mon, 20 Jan 2020 08:27:53 +0100

Hi guys. Today I’ll only have a short blog – I’ve been busy this weekend with non-tech stuff like building a table for dungeons and dragons, which is why I’ve only had time to write a somewhat shorter blog than normally.

Monitoring with PowerShell: Monitoring Office 365 deleted users & License usage

Tue, 14 Jan 2020 10:28:56 +0100

I’ve been getting some requests to talk more about monitoring access and license management for Office 365. Some of you have asked how to be notified when users get deleted, or to get a notification right before a user is deleted permanently. Another question was on how to check if all licenses are assigned and you’re not wasting any resources or money on unused licenses. I’ve decided to blog about both 🙂

Documenting with PowerShell: Handling IT-Glue API security and rate limiting.

Sat, 11 Jan 2020 21:14:51 +0100

I’ve been blogging a whole lot about documentation lately; I truly believe all automated documentation is better than just having people enter data manually. My company uses IT-Glue as a documentation system. IT-Glue is a very cool system but has some huge API limitations. For example; You’re allowed to make 10 requests per second and 10,000 requests per day. These limitations can get pretty bad if you manage a lot of workstations or servers that upload data at the same time.

Monitoring with PowerShell: Monitoring SQL server health

Fri, 10 Jan 2020 08:35:02 +0100

Seems like this is the week of SQL server blogs! This time we’re going to cover monitoring the SQL server health. SQL server health monitoring is important to keep all line of business applications in check and to make sure they perform well. We’ll be focussed on monitoring the server, databases, and jobs.

Documenting with PowerShell: Active Directory domain and settings

Wed, 08 Jan 2020 08:19:53 +0100

Clients that still have a server on-site are become rare these days – Most of our client base is either completely public cloud using AAD or they have hosted servers in our private cloud. For these clients I’ve made the following script to document their Active Directory server settings. I always I want to be in complete control of my clients environment. That means having up to date documentation at the ready.

Documenting with PowerShell: Documenting SQL settings and databases

Mon, 06 Jan 2020 09:00:00 +0100

Most of our clients have some form of line of business application that requires a database engine. in 99% of the cases this ends up being a SQL server. I always enjoy being in complete control of an environment so whenever we deploy SQL servers we automatically run this documentation script. This is especially good if you ever need to recreate databases, or need to check what the state of a SQL server was a couple of weeks ago.

Monitoring and Documenting with PowerShell: End of year review

Wed, 11 Dec 2019 08:13:01 +0100

Hi! So this is the final post of this year. I’m going to be enjoying some well deserved holidays and spend Christmas with my family. The past year has been pretty cool. I’ve been doing so many cool projects.

Monitoring with PowerShell: User Recycle bin Remediation

Sun, 08 Dec 2019 21:58:01 +0100

I deploy a lot of environments where there is some form of folder redirection – be it classical folder redirection using a GPO or UPD on Windows Virtual Desktop, or even Known Folder Redirection using OneDrive. The benefits to using these forms of folder redirection is clear, but comes with another cool feature; The recycle bin is often redirected too. This is great because each user has his own recycler this way and we never have to worry about anyone seeing files or folders from anyone else.

Monitoring with PowerShell: Alerting on large Office 365 mailboxes

Wed, 04 Dec 2019 15:53:44 +0100

This script is one we’ve used in the past as a sales tool – Some companies tend to use their mailbox as a storage location more than just a mailbox. They save large attachments, use it as a personal CRM system or even just really like sending eachother large PDFs 😉

Monitoring with PowerShell: Alerting on Shodan results

Sun, 01 Dec 2019 23:09:41 +0100

This is a bit of a short script again – but that’s just because sometimes life can made be real simple. Shodan is a tool that scans the entire internet and documents which open ports are available, if it is vulnerable for specific CVE’s, and lots of cool other stuff explained here.

Monitoring with PowerShell: Monitoring OneDrive status for current logged on user!

Tue, 26 Nov 2019 22:48:54 +0100

Since the release of Onedrive and Onedrive for business, a lot of system administrators have been trying to figure out how to monitor the onedrive status. Rodney Viana at Microsoft made a pretty awesome module to be able to get the current OneDrive Sync status, you can find that module here.

Documenting with PowerShell: Documenting Office365 mailbox permissions

Sun, 24 Nov 2019 19:12:58 +0100

I like being able to report to our clients exactly what the permissions on mailboxes are. The only issue with reporting via the Office 365 admin portal is that we don’t get a history. I’ve decided to make sure that I can do this by documenting the permissions daily.

Monitoring with PowerShell: Monitoring the creation of new teams.

Thu, 21 Nov 2019 09:20:21 +0100

Since my last blog about the Secure App Model I’ve been playing with using it in different cases such as collecting automatic documentation, but also using it as an early warning tool for events our helpdesk might want to monitor.

Monitoring with PowerShell: Monitoring disk speed

Mon, 18 Nov 2019 08:00:00 +0100

Sometimes we get complaints from clients reporting “my machine is slow” and not really get any leads to work with. The client just experiences slowness. In most cases this is due to disk speeds – the client bought some cheap computer with a 5400RPM spinner in it and is expecting it to perform just as good as any machine we supplied with an SSD.

Connect to Exchange Online automated when MFA is enabled (Using the SecureApp Model)

Thu, 14 Nov 2019 23:34:45 +0100

So in the past months Microsoft has been forcing CSPs and MSPs to use MFA, something I strongly encourage and am glad with. The only issue with this was that Microsoft made this move without accounting for automation and automated jobs that need to run, especially jobs that run unattended and over multiple delegates.

Monitoring with PowerShell: Monitoring Event log size

Wed, 13 Nov 2019 08:09:00 +0100

Lately I’ve been getting some questions about how to handle event logs when you do not have a SIEM or log collector in place. I like thinking about these situations as I know a lot of MSPs struggle with log analysis and collection.

Monitoring with PowerShell: Monitoring Active Directory replication

Mon, 11 Nov 2019 08:01:43 +0100

I’ve often deployed domain controllers in environments that weren’t the most stable due to connectivity issues. To make sure that the domain controllers keep replicating correctly and we detect issues early we use the Active Directory cmdlets in combination with our RMM system. This makes it so we can monitor the current status of the replication and alert if it does not work for a longer period of time.

Converting group policy registry preferences to PowerShell scripts

Wed, 06 Nov 2019 08:18:08 +0100

Most of the clients at my firm are moving to cloud only solutions in which we have less management options available. We can use Intune for Administrative Templates, or as we do use our RMM system as the management platform. To make sure we can use our RMM system we have several scripts that deploy registry keys in the same way as the GPO does. If you want to find what keys a GPO sets you can use this website.

Monitoring with PowerShell: Monitoring RDS UPD size

Mon, 04 Nov 2019 08:00:47 +0100

So our clients have RDS deployment, WVD deployments, and just in general VDI-like environments. To make sure their profile can be loaded on each machine without having to set everything up again we use UPDs.

Functional PowerShell for MSPs webinar

Fri, 01 Nov 2019 20:55:45 +0100

Hi all,

I hope you’ve enjoyed the webinar. The recording can be found here. I have to admit I was a little nervous due to over 600 attendees! The scripts used during the presentation can be found attached here.

Monitoring with PowerShell: Monitoring RRAS status.

Wed, 30 Oct 2019 09:14:09 +0100

So for my clients I’ve always relied completely on the Microsoft stack – I do not like most VPN appliances but still want to offer a stable SSL VPN for all clients. Enter SSTP, I’ve blogged about SSTP before when looking at DirectAccess or even Always-on VPN.

Monitoring with PowerShell: Monitoring Office365 admin password changes

Sun, 27 Oct 2019 16:19:15 +0100

So when I was at Dattocon I was approached by an MSP that was using his RMM system to alert on changes of the local admin password, as he wanted to be updated every time a local admin got a new password. He did this by using an older script of mine below.

Dattocon!

Thu, 17 Oct 2019 20:00:12 +0200

Hi all,

I’ll be presenting at Dattocon next week, so I will not be able to release the new blogs about monitoring with PowerShell. If you’re coming to Dattocon feel free to join my session. you can find information about the session here. The description is a little bit off as I will be talking mostly about PowerShell and automation at MSPs.

Monitoring with PowerShell: Monitoring failed logins for Office365

Wed, 16 Oct 2019 08:10:15 +0200

So this was another request by a reader; he has MFA configured for all his users, but still wants to know when the failed logon count increases. Mostly so he can warn his users that a possible spear-phising attempt might also be imminent. We know that when brute force does not work, focussed bad actors will often try the next avenue of attack.

Monitoring with PowerShell: Monitoring Office365 Azure AD Sync

Mon, 14 Oct 2019 08:00:17 +0200

We deploy Azure AD Sync for all of our clients that have hybrid environments. Sometimes the Office365 Azure AD Sync might break down, due to the Accidental Deletion Threshold or no longer perform passwords syncs due to other problems. The Azure AD sync client does tend to break from time to time.

Documenting with PowerShell: Bulk edit configurations in IT-Glue

Wed, 09 Oct 2019 10:56:24 +0200

I know last week I said I’d take a break from the monitoring blogs, but a MSP recently requested if I knew a way to mass-edit specific configuration items in IT-Glue. In his case, he was going to change the network configuration of devices and wanted a quicker way than to just click on 20 devices. It would be getting annoying fast to do that via the interface.

Monitoring with PowerShell: External port scanning

Mon, 07 Oct 2019 08:11:27 +0200

So I like knowing exactly what ports are open on my clients network, and have the ability to alert on specific ports that are opened. The problem with most port-scan utilities, and the PowerShell Test-netconnection cmdlet is that they always scan the internal network. In the case that you do enter the external IP whitelisting might allow you to connect anyway and give you some false positives.

Monitoring with PowerShell: Monitoring Cipher suites (And get a SSLLabs A rank)

Fri, 04 Oct 2019 11:42:40 +0200

I always like getting the maximum achievable rank on websites such as SSLLabs, or the Microsoft Secure Score, because I know I’ve done all that a manufacturer says I need to do to protect their product. The SSL cipher suites are one of these things.

Documenting with PowerShell Chapter 6: Documenting Active Directory groups

Wed, 02 Oct 2019 08:48:50 +0200

This will be the last post in the documenting with PowerShell series for a short while. I’ve enjoyed the series thoroughly but there are so many choices to blog about and I want to take a short break to be able to prepare the next series with all the requests I’ve been getting.

Monitoring with PowerShell: The Windows Firewall

Mon, 30 Sep 2019 08:01:13 +0200

In a lot of situations where we take over server management from clients we often see bad security practices, where the client does not understand the inherent risk and just wants everything to work. Some administrators that don’t know what they are doing often just disable the entire firewall and hope that their application works at that moment. We even see suppliers of large applications such as Microsoft Dynamics and SQL server applications kill the Windows Firewall because of a lack of knowledge.

Using the Secure Application Model with PartnerCenter 2.0 for Office365.

Fri, 27 Sep 2019 09:23:44 +0200

I was recently informed that my scripts for the secure application model no longer worked. This is due to Microsoft updating the PartnerCenter module with some breaking changes. To make sure you can use the Secure App Model script I’ve made a new version below.

Functional PowerShell for MSPs (Beginner course)

Thu, 26 Sep 2019 10:51:01 +0200

Hi guys,

I’m organising another PowerShell event. Joining the event can be done here. It’ll be a webinar about PowerShell.

Documenting with PowerShell Chapter 5: File share permissions

Wed, 25 Sep 2019 07:55:58 +0200

A lot of our clients struggle with permission management. Some of our clients practically want a daily permissions report to see if anything has changed. To make sure that our client can be sure we manage their permissions correctly we always upload the permission sets to our IT-glue documentation system. This way the client can see whenever permissions have changed and look at how the state of the permissions was last week, last month, or even last year.

Monitoring with PowerShell: Monitoring Office C2R updates

Mon, 23 Sep 2019 08:00:01 +0200

This blog might be a little shorter than normally, I’ve been a bit swamped with work so if you have any questions, let me know!

Monitoring with PowerShell: UPS Status (APC, Generic, and Dell)

Thu, 19 Sep 2019 21:13:16 +0200

So we’re using several types of UPS’s at our clients, and sometimes bump into generic USB UPS systems too. To monitor these we use a couple of methods that all have benefits and downsides. Let’s get started.

Documenting with PowerShell Chapter 4: Network documentation for IT-Glue.

Wed, 18 Sep 2019 07:40:14 +0200

In the last couple of blogs we spoke about how to handle passwords, passwords objects and tagging, and how to start documenting your servers. Today, We’re starting on the network side of documentation. Within IT-Glue it’s important to follow the IT-Glue standards so your documentation works with the relational database it was designed on.

Monitoring with PowerShell: Monitoring Security state

Mon, 16 Sep 2019 08:00:58 +0200

After the last couple of blogs I’ve been asked how I monitor the security state of Windows Servers, so I figured I would create a blog about monitoring some security advisement. Of course there is another disclaimer involved.

Monitoring with PowerShell: Monitoring Dell device updates

Fri, 13 Sep 2019 08:00:35 +0200

I’m a big fan of Dell’s Command Update utility. Dell Command update is a program that makes updating Dell based devices super easy, a single utility that you can install on any workstation to update all devices is great. We always deploy Dell Command update with any machine we hand out to clients.

Documenting with PowerShell Chapter 3: Local Administrator Passwords solution

Wed, 11 Sep 2019 08:22:03 +0200

As a good administrator does we always try to change the local administrator password on computers that we hand-out to clients, and disable it, so we only have to enable it when it’s required. Unfortunately changing it is sometimes forgotten during any process. Microsoft makes this easy when implementing LAPS. LAPS is a solution by Microsoft that helps you in randomizing Local Administrator Passwords, unfortunately LAPS relies on a domain environment. With more and more clients going Cloud-only this is not something we can use.

Monitoring with PowerShell: SMART status via CrystalDiskInfo

Mon, 09 Sep 2019 07:55:11 +0200

In a peer-group that I am a member of recently we’ve had a small discussion about monitoring the SMART status of hard drives. We all agreed that the issue with SMART monitoring is that often it is unreliable when using RMM systems. This is due to RMM systems using only the Windows SMART output which lacks some critical values you should monitor. SMART itself could be a pretty decent early warning system when using all values supplied.

Monitoring with PowerShell: Monitoring log on of specific users.

Fri, 23 Aug 2019 09:18:30 +0200

Hi Guys, This’ll be the last blog before I go on holidays, So enjoy it and see you all in two weeks.

Documenting with PowerShell: Chapter 2 – Documenting Bitlocker keys

Tue, 20 Aug 2019 09:00:42 +0200

Our RMM system currently does not have support to securely store the bitlocker key inside of the RMM system itself. I’ve subscribed to the school of bitlocking everything that passes through my company, So also computers that sometimes never get connected to Azure AD, Active Directory to store the key in. We also get users that lost the USB drive or piece of paper that the key was stored on.

IT-Glue unofficial backup script.

Mon, 19 Aug 2019 13:54:00 +0200

The last couple of weeks I’ve been focused on some API efforts for IT-Glue and was asked by a couple of partners if I couldn’t solve the problem that IT-Glue does not have a backup feature available. This makes it difficult to move away from the product, but also access you data in case of an emergency.

Documenting with PowerShell: Chapter 1 – Server overview page

Mon, 19 Aug 2019 09:03:48 +0200

In the previous blog I’ve showed how to upload data to IT-Glue by creating a new flexible asset with two fields: a name field on which we perform a match if a document exists, and a field where we placed some data. This time, we’re going to upload an entire HTML file we’ll create by gathering data from the server we run the script on. So, let’s get started

Documenting with PowerShell – New series

Thu, 15 Aug 2019 15:58:50 +0200

Hi All!

Starting this week I’ll be blogging about using PowerShell with your RMM/Automation platform and running scripts to collect valuable documentation. I’ll try to keep it as generic as possible and export the documentation to HTML, but I’ll always include a version to upload it to IT-Glue or Confluence. As requested by some I’ll also include the AMP for N-Central so you can get going with it.

Monitoring with PowerShell Chapter 3: Monitoring network state

Tue, 06 Aug 2019 08:10:59 +0200

Our clients often want us to monitor specific network connections, such as VPN tunnels that need to be online, services that always need to be reachable, or even simply to report on internet connection speeds. To do this, we mostly use our network controller software and default RMM sets. In rare cases, that is not enough, so we’ve developed some monitoring sets for our RMM to help us with this.

Monitoring with PowerShell Chapter 3: Monitoring Modern Authentication

Mon, 05 Aug 2019 09:10:11 +0200

Modern Authentication is turned on by default for new tenants, but if you have legacy tenants or take over tenants from others MSP’s than sometimes you might have tenants that do not use Modern Authentication yet.

Connectwise: Quick Time Entry Form

Sat, 03 Aug 2019 00:51:16 +0200

After releasing the Autotask Quick Time Entry Form I’ve gotten so many responses by MSP’s that loved it, and also some requesting a Connectwise version, or wishing for a CW version. Guess what?! I’m making dreams come true today!

Monitoring with PowerShell Chapter 3: Monitoring SSL certificates on IIS

Thu, 01 Aug 2019 09:04:09 +0200

For some clients that still have on-site servers running IIS we have to monitor the SSL status to make sure that things such as the Remote Desktop Gateway, or SSTP VPN are always available. To make sure that we are able to replace SSL certifcates on time we need to know when specific certificates expire.

Autotask Quick Time Entry

Wed, 31 Jul 2019 09:25:54 +0200

Autotask’s app for iOS and Android isn’t the greatest app ever made, because of this our on-site engineers do not always enter time-entries because it’s too much of a hassle.

Monitoring with PowerShell Chapter 3: Monitoring user creation

Mon, 29 Jul 2019 09:01:38 +0200

We all know that bad actors often create accounts for repeat access when they gain access to your network. To make sure that we are aware of these situations we user PowerShell monitoring.

Monitoring with PowerShell Chapter 3: Monitoring and remediating Windows Feature Update status

Thu, 25 Jul 2019 10:02:37 +0200

With the advent of Windows 10 all MSP’s are faced with a new challenge: How do we manage the different Windows 10 Feature versions and how do we make sure we can automatically upgrade our clients to the latest version of the Windows 10 OS? Microsoft has not made feature updating very straightforward, and sometimes the automatic updates error out.

Monitoring with PowerShell Chapter 3: Hyper-v state

Wed, 24 Jul 2019 12:15:19 +0200

We managed a whole lot of hyper-v servers for our clients, including large clusters but also smaller single server solutions. This makes it difficult to make sure that everyone creates VM’s as they should, and sometimes mistakes are made by engineers or backup software that cause a checkpoint to be left on a production server.

Monitoring with PowerShell Chapter 3: Monitoring MFA-Server and Office365 MFA status

Sun, 21 Jul 2019 23:21:33 +0200

We use both Azure MFA Server to secure our on-site resources, and Office365 MFA for our clients. To make sure we don’t have aggressors changing the MFA settings, or simply administrators forgetting to set-up MFA for clients we make sure that we alert on both.

Monitoring with PowerShell Chapter 3: Monitoring creation of scheduled tasks

Fri, 19 Jul 2019 09:31:39 +0200

Hi All,

After a blog post from Malwarebytes (here) about specific adware and cryptolockers using scheduled tasks to make sure they can remain undetected, or even regain control of the system by running a specific task every once in a while, We’ve decided with to start monitoring the creation of scheduled tasks. Users generally don’t really setup these tasks in normal situations.

Using the Secure App Model to connect to microsoft partner resources

Thu, 11 Jul 2019 19:42:31 +0200

This is a quick and dirty blog, as I am quite busy editing our PowerShell Functions to use the secure app model before the deadline of august first.

Getting all alarms of all Unifi sites with PowerShell

Tue, 23 Apr 2019 09:16:12 +0200

For reporting purposes I sometimes like collecting our all alert logs for my Ubiquity Unifi sites. Of course I want this in a nice readable format so I create a HTML file with all output from the unifi API.

Deploy MFA to all Administrator accounts in all (Partner) tenants

Thu, 18 Apr 2019 11:27:42 +0200

As a MSP we tend to take over a lot of Microsoft tenants which therefore do not have their state of security in order. To make sure that we always use MFA for administration purposes we have an Azure Function running that deploys MFA for our administrator accounts. We do this by using our central phone number. That way MFA is always configured and we notice when an admin is trying to log in. We tend to use our delegated access as the normal administration purpose but some tasks require a local admin account in the customer’s portal.

Connecting to all O365 services at the same time in PowerShell (Including Installation and Teams)

Tue, 16 Apr 2019 09:15:12 +0200

I often use scripts that uses cmdlets from different modules so I can use all sorts of data sets when handling my Office365 administration tasks. The problem is that I often found myself connecting to a specific service such as the Exchange services, only to need the security center moments later – or the MSOL Module right after. When reinstalling my laptop I decided to not bump into this anymore, mostly to just get rid of my annoyance.

Adding Remote App File associations via PowerShell

Mon, 15 Apr 2019 21:10:00 +0200

We have a lot of RemoteApp and RDS deployments out in the field. Sometimes users want to use the RemoteApp to directly open the correctly associated applications, like .docx for Word files. When using Windows 8 or Windows 10 this can be done automatically by entering the RemoteApp Connection Default URL via the group policy found at the following location:

Using PowerShell to check Pwned passwords (Using the HaveIBeenPwned API)

Mon, 15 Apr 2019 07:20:46 +0200

We’ve been encountering a lot of Office365 hacks in the previous months. Most of the time the client does not want MFA enabled and has no clue their password has already been leaked. We figured internally that we’d like a way to check if a single password has been leaked but as we are the purest of nerds we hate browsing to a website. 😉 Enter PowerShell! We’ve created a small script that checks multiple passwords using the HaveIBeenPwned API to check if the password has been seen in a leak before.

Running Office365 Powershell scripts cross tenant

Sat, 13 Apr 2019 10:39:03 +0200

When you manage multiple tenants or have a Microsoft Partner account to manage a lot of tenants it often gets annoying having to redeploy the same scripts to each tenant over and over. You can try using the MSOL commands but most of the times the scripts you are trying to run are Exchange, Skype for business, or Teams scripts, and you’re not able to run these just by using the Azure Active Directory Module for PowerShell.

Automatically mapping SharePoint sites in the OneDrive for Business client

Wed, 23 May 2018 18:37:11 +0200

Microsoft recently announced that the OneDrive for business client will support automatically mapping SharePoint sites – Which is something I’ve been working on to script for some time now. Automapping sites will be a great benefit for migrations where users are saying goodbye to the good old file system, and hello to SharePoint online. Combined with Files on Demands most users won’t even know the difference.

Deploying Auto-VPN or Always-On VPN with SSTP

Wed, 07 Feb 2018 18:26:57 +0100

Hi All,

Sorry for the break in blogs about monitoring – I’ve been quite busy with work, so I haven’t had the time to create a monitoring blog. I have been able to create a blog about deploying Always-on VPN, or as Microsoft used to call it “Auto-VPN”. Always-on VPN is going to be the replacement for DirectAccess. DirectAccess was a technology that created 2 hidden VPN tunnels over SSL and encrypted all the data between your client machine and your local network. The downside was that it required Windows Enterprise.

Monitoring with PowerShell Chapter 2: DHCP Pool status

Fri, 02 Feb 2018 08:43:12 +0100

Hi All,

As I’ve explained in my previous the series is taking a bit of a turn here and we’re going to start some blogs about remediation instead of just monitoring. I’ll link back to a previous blog and will explain how we automatically react to these issues within our RMM, if you do not have an RMM – Don’t worry! We’ll include the monitoring + remediation script so you can combine the scripts any way you’d like.

Monitoring with PowerShell Chapter 2: Hyper-V replication and remediation

Tue, 30 Jan 2018 09:13:59 +0100

Hi All,

Monitoring with PowerShell Chapter 2: Monitoring Windows Activation State

Sun, 28 Jan 2018 10:40:21 +0100

Hi All,
Today we will be focusing on monitoring the status of the Windows and office activation status, we use an imaging application to supply all of our machines with the correct version of Windows, but sometimes its forgotten to actually activate the OS. This script checks the current activation status and alerts on it.

Monitoring with PowerShell Chapter 2: Monitor RDS Security and Licensing status

Sat, 27 Jan 2018 09:24:14 +0100

Hi All,

Today we will be focusing on monitoring the RDS Security layer and licensing status, we often have RDS deployments in which a small oversight happens or the RD-Licensing information is lost. We’ll run a PowerShell script to check if the licensing is set-up correctly, and in what license mode we are running, it will also give us feedback if SSL and NLA are not enabled.

Monitoring with PowerShell Chapter 2: Monitoring Anti-virus installation status

Thu, 25 Jan 2018 10:00:12 +0100

Hi All,
Today we will be focusing on monitoring the anti-virus status of computers or servers that communicate with the Microsoft Security Center, The Security Center WMI Namespace actually has a lot of information about the current state of all security products, as long as they integrate and communicate with WMI.

Monitoring with PowerShell Chapter 2: Monitoring Compellent SANs

Wed, 24 Jan 2018 10:00:28 +0100

Hi All,
Today we will be focusing on monitoring the Compellent SAN status from a single server, Most Compellents are delivered with Dell’s Co-Pilot functionality and do not require you to monitor it yourself, but I also enjoy having an extra set of eyes on my shared storage – Also in some security restricted environments we cannot use the Co-pilot functionality and have to rely on our own monitoring sets.

Blog Series: Monitoring with PowerShell Chapter 2

Wed, 24 Jan 2018 08:58:39 +0100

Hi All,

As the last series of blogs was so well received I’ve decided to continue the trend and make some new blogs about monitoring using PowerShell. I’ll be showing some examples on how monitoring could work in your RMM-suite and will include examples for major RMM suppliers such as Solarwinds.
I hope you’ll enjoy the new series of Monitoring with PowerShell, in the start of Chapter 2 we will be focusing on leveraging PowerShell to monitor external hardware such as Compellent SANs, the status of known exploits such as now famous Meltdown/SPECTRE, and SSL certificates, near the end of this series we will be shifting the focus from monitoring to automated remediation when an issue is found.

Blog Series: Monitoring using PowerShell: Part Eight – Monitoring health with PowerShell

Tue, 14 Nov 2017 19:48:23 +0100

Hi All,

My next couple of blogs will be a series of blogs where I will be explaining on how to use PowerShell for the monitoring of critical infrastructure. I will be releasing a blog every day that will touch on how to monitor specific software components, but also network devices from Ubiquity, third-party API’s and Office365. I will also be showing how you can integrate this monitoring in current RMM packages such as Solarwinds N-Central, Solarwinds RMM MSP and even include the required files to import the monitoring set directly into your system.

Blog Series: Monitoring using PowerShell: Part Seven – Monitoring back-ups with PowerShell

Mon, 13 Nov 2017 09:43:43 +0100

Hi All,

Blog Series: Monitoring using PowerShell: Part Six – Monitoring CSV volumes for space and status

Sat, 11 Nov 2017 10:23:42 +0100

Hi All,

Blog Series: Monitoring using PowerShell: Part five – Monitoring the Windows Search Database, iSCSI Connections, and Bitlocker state.

Fri, 10 Nov 2017 09:33:06 +0100

Hi All,

Blog Series: Monitoring using PowerShell: Part four – Using Powershell to update and maintain unifi devices

Thu, 09 Nov 2017 10:12:07 +0100

Hi All,

Blog Series: Monitoring using PowerShell: Part three – Using Powershell to monitor Unifi Controllers

Wed, 08 Nov 2017 07:17:47 +0100

Hi All,

My next couple of blogs will be a series of blogs where I will be explaining on how to use PowerShell for the monitoring of critical infrastructure. I will be releasing a blog every day that will touch on how to monitor specific software components, but also network devices from Ubiquiti, third-party API’s and Office365. I will also be showing how you can integrate this monitoring in current RMM packages such as Solarwinds N-Central, Solarwinds RMM MSP and even include the required files to import the monitoring set directly into your system.

Blog Series: Monitoring using PowerShell: Part two – Using Powershell to monitor Dell systems

Tue, 07 Nov 2017 07:52:49 +0100

Hi All,

Blog Series: Monitoring using PowerShell: Part one – Using PowerShell to monitor MegaRaid

Mon, 06 Nov 2017 11:29:55 +0100

Preface:

Hi All,

Blog Series: Monitoring using PowerShell

Mon, 06 Nov 2017 10:56:04 +0100

Hi All,

My next couple of blogs will be a series of blogs where I will be explaining on how to use PowerShell for the monitoring of critical infrastructure. I will be releasing a blog every few days that will touch on how to monitor specific software components, but also network devices from Ubiquity, third-party API’s and Office365. I will also be showing how you can integrate this monitoring in current RMM packages such as Solarwinds N-Central, Solarwinds RMM MSP and even include the required files to import the monitoring set directly into your system.

Mini-Blog: How to use Azure Functions to run PowerShell scripts

Mon, 02 Oct 2017 13:13:53 +0200

Lately I’ve had a couple of scripts that needed to run on a daily basis, in the past I used the task scheduler on a server for this but that would mean I had to mess around when passwords that expired, and all the other misery that is related to standard scheduled tasks.

Mini-Blog: Creating HTML files from CSV

Thu, 10 Aug 2017 12:04:48 +0200

We use a documentation system that only allows CSV exports, which gets annoying when tyring to supply clients with some form of data out of it. To resolve I rewrote the script by Brandon Everhardt to take all CSV files from a folder and export them into a single readable HTML file. It’s a very quick and dirty script, using the ConvertTo-HTML function to make a somewhat more readable approach.

Mini-blog: Wait for VM to come online, then execute Powershell direct

Tue, 11 Jul 2017 07:32:24 +0200

During my labbing I’ve noticed I often need to wait for the VM to get online before executing some script or commands, to do that I use the following script:

Using App-v to deploy Office 2016 on RDS servers

Mon, 10 Jul 2017 09:21:23 +0200

Hi All!

At my current employeer we have a lot of clients that use RDS servers, in the SMB often you see that applications are installed directly on the RDS server. That means that if you have a Highly Available solution there often is a difference between applications installed.

Free online powershell training

Wed, 05 Jul 2017 20:26:02 +0200

Hi all!

After a couple of weeks of silence I have some great news; I will be giving free online powershell courses for beginners and intermediates. Hopefully I’ll be able to assist some of you in questions you have about your own scripts, or scripts you’ve used from my blog.

Mini Blog: Checking processor performance

Mon, 20 Mar 2017 20:14:22 +0100

I haven’t been blogging alot lately, mostly due to renovating at home and having very large projects in the office. To compensate I’ve decided to write some quick mini blogs to make sure I don’t lose the magic 🙂

Mini-Blog: finding the windows search database location.

Mon, 20 Mar 2017 20:02:36 +0100

Adding branding to the Office 365 portal

Wed, 19 Oct 2016 20:53:01 +0200

Hi all,

Today we’re going to change the branding of the Office365 portal. Something that helps clients identify that they are logging into the correct portal and are entering their usernames correctly. The great thing about this is you can have your own support information directly on the office365 portal.

Using powershell to create a new service

Mon, 17 Oct 2016 09:09:33 +0200

One of our clients has an application which always needs to run in the background, in the past the client resolved this by running the application after logon. Of course this meant after we perform maintenance the application would no longer work unless we’d log the user on. Autologon is not advised due to leaving a user logged in at the console.

Creating a Poor Man’s Express Route

Thu, 18 Aug 2016 10:33:59 +0200

Lately we’ve been running into issues with client’s connecting to Office 365 and having high latency with this connection. this results in issues such as “Outlook is not Responding” & “Getting data from server outlook.Office365.com”. Both of these issues disappear when running in Cached mode due to less data-traffic being required for normal operations such as opening e-mails and retrieving folder lists.

Using PowerShell to monitor Backups

Thu, 11 Aug 2016 21:15:50 +0200

We are using a RMM that has integrated BackupExec monitoring. I’ve found that this integrated monitoring was somewhat lacking. It gave us the current job status and that’s about it, Meaning there was not really a way to resolve issues pre-preemptively.

How to remove "local autodiscover" or SCP when migrating to O365

Thu, 17 Mar 2016 09:35:51 +0100

I work in the SMB, and we migrate most of our clients to Office 365 from local exchange servers. Often we still use a local server for user and computer management and move the users from Small Business Server 2008/2011 to Server 2012R2.

Managing Office 365/Azure tenants using powershell

Fri, 27 Nov 2015 07:13:14 +0100

One of the fantastic benefits of having Microsoft partner portal access is the ability to remote manage your clients/tenants. One of the downsides of this is that the partner portal is sometimes somewhat slow, or has a convoluted approach for remote management. A great way to resolve this is by using PowerShell to manage the tenants instead. This is just a quick post that could help you understand the commands involved;

Using Azure MFA on an onsite RDS 2012R2

Wed, 25 Nov 2015 11:10:24 +0100

Azure MFA is a fantastic product – Its easy to setup and maintain, and not very costly to purchase (for pricing, click here). The great thing about Azure MFA is that it becomes very easy to secure your local directory, but also your remote desktop connections or RDS your 2008/2012 farms. There is just one downside; Out of the box Remote Desktop(terminal services) security does not work on Server 2012R2. I’m not sure why Microsoft decided to not support 2012R2 RDP access. I actually have a ticket outstanding with the Azure MFA team.

Forcing DFS to prefer the local DC, Without creating subnets and sites

Wed, 25 Nov 2015 09:20:31 +0100

I’ve recently did some temporary work on a legacy-environment for a client. This client recently added some 2012 servers as domain controllers and file servers, The only issue was that there was no way that the client could edit Sites and Services to create correct sites and associated subnets, due to a legacy in-house application depending on the default site to contain all domain controllers.

Search Service crashing on RDS / Server 2012R2

Thu, 16 Jul 2015 09:20:03 +0200

I’ve recently been experiencing many issues with the Windows Search service on Server 2012R2 – The search index service would crash and cause entire RDP sessions to hang whenever typing something in the start menu. Of course on RDS servers this was a major issue and my clients got very upset due to not being able to work for multiple hours without calling us for assistance.

Stop AADSync logs from clogging up your servers disk space

Wed, 15 Jul 2015 09:30:00 +0200

I’ve been rolling out a lot of large AADSync deployments recently – I love how AADSync gives a SSO experience to the SMB markets without having to deploy ADFS. But as always these deployments in SMB markets have some downsides; The default configuration for AADSync/Dirsync is that it logs everything using tracing and ForeFront MSSQL Logs.

Creating hosted mailboxes while on premises mailboxes still exist.

Thu, 05 Mar 2015 09:25:34 +0100

One of the major drawbacks when using AADSync or Dirsync is that the remote mailboxes are not created when a local mailbox exists. This could prove difficult when migrating to Office 365 due to the mailboxes not existing simultaneously.

Migrating permissions over domains

Thu, 19 Feb 2015 20:21:45 +0100

As I’ve stated in previous blogs – I work at a Managed Services Provider so this makes me lucky enough to work in environments ranging from very small and simple to large scale operations that require that every step is a planned one. Of course this means that we need a fairly easy policy to manage and migrate permissions over a large range of Microsoft products such as server 2003 to server 2012. So when planning a policy we need to account for all small discrepancies that could occur between clients, domains, etc.

Using BEMCLI to automate restores

Thu, 22 Jan 2015 08:13:59 +0100

We use Symantec Backup Exec for backups are some of our larger clients. Of course we have monitoring set up on these backup sets and jobs. We monitor when they fail, we have a verification phase to check if the content in the backup is correct and matches the data from the snapshot of the server, But of course this is not enough.

Juniper SRX: Using RPM to monitor and change routes

Mon, 12 Jan 2015 08:38:40 +0100

I’ve been using the SRX series of Juniper for about 1 year now. I’ve always used the SSG series with pleasure and never had any doubts or issues with them, I often deploy dual wan solutions which need to be highly available or at least have some form of fail-over because my clients use VOIP or cloud services that rely on a stable internet connection.

Hyper-V: Automating installations using exports.

Wed, 31 Dec 2014 13:40:46 +0100

No SCVMM? No problem!

In my day to day operations I deploy and migrate to/from Active Directory Domain Services, File servers, and RDS servers on a pretty frequent basis – Most of the time on a single server for the SMB market so using SCVMM is not possible.

PowerShell: Using RunOnce to have script survive reboot

Thu, 18 Dec 2014 20:51:20 +0100

RunOnce is a default windows function that could be used to have scripts survive a reboot.

SCCM 2012 R2: Launching applications from HTA

Thu, 18 Dec 2014 13:55:41 +0100

The next part of the SCCM 2012 R2 HTA blogs – Launching applications!

About Us

Mon, 01 Jan 0001 00:00:00 +0000

Our Story

CyberDrain’s journey began in 2005 when founder Kelvin Tegelaar started what would become much more than a hobby project. What started as a simple IT-Pro blog has evolved into a thriving community-driven SaaS company that challenges the very foundations of how the MSP industry operates.

Brand Guidelines

Mon, 01 Jan 0001 00:00:00 +0000

Changelog

Mon, 01 Jan 0001 00:00:00 +0000

v1.0.4 (January 19,2020)

changed

Process transactions.
Send emails about our Site
Send emails and updates about Conclude
Perform any other function that we believe

added

Process transactions.
Send emails about our Site
Send emails and updates about Conclude
Perform any other function that we believe

v1.0.2 (January 10,2020)

removed

Process transactions.
Send emails about our Site
Send emails and updates about Conclude
Perform any other function that we believe

security

Process transactions.
Send emails about our Site
Send emails and updates about Conclude
Perform any other function that we believe

v1.0.0 (January 01,2019)

added

Process transactions.
Send emails about our Site
Send emails and updates about Conclude
Perform any other function that we believe

security

Process transactions.
Send emails about our Site
Send emails and updates about Conclude
Perform any other function that we believe

Check - Browser-Level Phishing Protection

Mon, 01 Jan 0001 00:00:00 +0000

CIPP - CyberDrain Improved Partner Portal

Mon, 01 Jan 0001 00:00:00 +0000

CIPP ❤️ #IntuneForMSPs

Mon, 01 Jan 0001 00:00:00 +0000

We’re Joining #IntuneForMSPs 🎉

Community

Mon, 01 Jan 0001 00:00:00 +0000

Community Manager

Mon, 01 Jan 0001 00:00:00 +0000

About CyberDrain

CyberDrain exists because we got tired of waiting for vendors to understand what MSPs actually need. Our community of 7,000+ Discord members isn’t just users - they’re our product team, our QA team, and our inspiration. We practice radical transparency and community-driven development, where every feature comes from real MSP feedback, not boardroom assumptions.

COW - CyberDrain Only Warranties

Mon, 01 Jan 0001 00:00:00 +0000

DevOps Engineer

Mon, 01 Jan 0001 00:00:00 +0000

About CyberDrain

At CyberDrain, we’re revolutionizing the MSP industry through community-driven development and radical transparency. Our infrastructure supports thousands of MSPs worldwide using CIPP (CyberDrain Improved Partner Portal) and CoW (CyberDrain Operations Workflow). We believe in building reliable, scalable systems that actually work - not just checking boxes for compliance.

FAQ

Mon, 01 Jan 0001 00:00:00 +0000

About CyberDrain

CyberDrain is a leading resource for automation, We specialize in tools for Managed Service Providers (MSPs). Founded by Kelvin Tegelaar, CyberDrain provides practical automation solutions, educational content, and tools to help MSPs streamline their operations and improve efficiency.

Full-Stack Developer

Mon, 01 Jan 0001 00:00:00 +0000

About CyberDrain

At CyberDrain, we’re not just another tech company. We’re a community-driven organization that’s actively working to change how the MSP industry operates. Founded out of frustration with vendors who don’t understand real MSP needs, we’ve built a culture around transparency, community feedback, and genuine innovation.

Full-Stack Engineer

Mon, 01 Jan 0001 00:00:00 +0000

About Copper

At Copper, we want to make your neighborhood a little more familiar. Whether it’s a handyman (or woman!), a housecleaner, moving help or delivery person, we’re imagining a world where everyone will have a go-to team to make everyday life easier.

How It Works

Mon, 01 Jan 0001 00:00:00 +0000

Task Management

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat sed. At vero eos et accusam et justo duo dolores etea

Lead Product Designer

Mon, 01 Jan 0001 00:00:00 +0000

About Copper

Pricing

Mon, 01 Jan 0001 00:00:00 +0000

Choose Pricing

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat sed.

Pricing

Mon, 01 Jan 0001 00:00:00 +0000

Choose Your Tools

Explore CyberDrain’s suite of tools and services designed to make Microsoft 365 management suck less. From free community resources to enterprise-grade solutions, we have everything you need to streamline your MSP operations.

Product Manager

Mon, 01 Jan 0001 00:00:00 +0000

About CyberDrain

At CyberDrain, product management isn’t about guessing what users want - it’s about listening to what they’re actually telling us. Our Discord community of 7,000+ MSP professionals provides direct, unfiltered feedback that shapes every feature we build. We practice “Spite-Driven Development” because we’re tired of vendors who build what they think MSPs need instead of what MSPs actually need.

Services

Mon, 01 Jan 0001 00:00:00 +0000

Team

Mon, 01 Jan 0001 00:00:00 +0000

Our Team Members

Meet the passionate individuals behind CyberDrain’s mission to revolutionize the MSP industry. Our team combines deep technical expertise with real-world MSP experience, ensuring we build tools that actually solve the problems you face every day.

Terms & Conditions

Mon, 01 Jan 0001 00:00:00 +0000

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat sed.

Testimonials

Mon, 01 Jan 0001 00:00:00 +0000

What Our Client says

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat sed.

Validated

Mon, 01 Jan 0001 00:00:00 +0000

Validation completed

Thank you for validating your discord account. You now have access to extra channels - If you’re a sponsor and missing channels, please contact our helpdesk at helpdesk@cyberdrain.com