Intune Compliance Policies: Enforcing Standards Post-Deployment
The 9 AM Call That Started the Audit It is 9 AM on a Monday and the client’s CISO is on the bridge. Their Defender dashboard shows 1,847 enrolled Windows…
PowerShell OutBuffer: How Pipeline Buffering Actually Works
The Script That Hammered a SQL Box at 3AM We had a client whose nightly reconciliation script was melting a SQL server every night around 3AM. The script pulled roughly…
Veeam Failover Plans: Orchestrating DR Across Multiple VMs
The 4 AM Failover That Booted Everything in the Wrong Order A manufacturing client called us at 4 AM because their primary site had lost power and the on-call tech…
NGINX Serving WordPress: Recommended Config for Performance
Where The Idea Came From While working on a migration for a client running three high-traffic WordPress sites last month, I got an idea for writing up the NGINX WordPress…
Tracing Windows Boot and Service Init with Sysinternals
After the third “slow login” ticket in a week from one of our managed customers, I went back to Sysinternals boot logging because nothing else was going to give me…
Multipartite Virus: Hunting Multi-Vector Malware in Production
A manufacturing client called us on a Tuesday morning with a problem that didn’t add up. Their endpoint agent had flagged and quarantined a suspicious executable on three workstations. Good.…
PowerShell Select-Object: Master Object Properties Fast
From 300 Lines of Output to Three Columns in One Pipe One of our managed services clients had a junior admin exporting process lists to Excel, then deleting columns by…
PowerShell Module Manifest: Versioning and Dependencies Post-Mortem
The Ticket That Started at 03:17 The pager went off at 03:17. A managed client’s nightly reporting job had failed across 40 endpoints. The error was short: The specified module…
PolicyStore in NetIPsec Cmdlets: Local vs Domain Policies
When One Firewall Rule Breaks Forty Machines A financial services client called us on a Friday afternoon because half their branch office servers had stopped accepting inbound connections after a…
MITRE ATT&CK Mapping in Sentinel Detection Rules
Two Alerts, Forty-Five Noise Events, and a Missed Lateral Move It is 2 AM and your SIEM fires 47 alerts in three minutes. Forty-five are false positives. The other two…