Kyle Metzer

Windows 11 Readiness to Custom Field

Downloads a powershell script to check OS, CPU, RAM, HDD, TPM, and SECUREBOOT compatibility requirements for Windows 11 installation. Writes result to procedure log, can report using $Win11check$, $Win11yes$, $Win11no$. Also write results to custom field "CF – Win11 Ready".

Read More

Local Users and Admins

Downloads powershell script that lists all local accounts in the Administrators and Users groups. Can report using $LocalUsers$, $LocalAdmins$, $LocalUsersAdmins$.

Read More

Windows 11 block upgrade (unblock)

Script sets registry keys to unlock Windows 10 machine to allow upgrade to Windows 11.

Read More

Windows 11 block upgrade (lock to Win10 current build)

Script sets registry keys to lock Windows 10 machine to it’s current build version.

Read More

Windows 11 block upgrade (lock to Win10 21H1)

Script sets registry keys to lock Windows 10 machine to a target build of 21H1.

Read More

IE enable new ActiveX control installs

Uses registry keys to re-allow installation of new ActiveX controls. Reboot may be required for changes to take effect.

Read More

IE disable new ActiveX control installs

Uses registry keys to prevents installation of new ActiveX controls as a security measure. Then restarts the computer after 5 minutes. Addresses the vulnerability listed here.

Read More

Hosts File Changed Audit

Compares hosts file to last time script was run, or empty/clean hosts file on first run. Can report using $HostsFile$. Will email if change is detected, can set email address by editing first line of this script (default is the registered admin’s email who scheduled).

Read More

AD Admins Changed Audit

Must be run on a domain controller. Compares Domain Admins to the last time script was run and reports result to the procedure log. Sends alert if admin is added or admin account is enabled. Can report using $ADAdmins$

Read More

Local Admins Changed Audit

Compares Administrator accounts to the last time script was run and reports result to the procedure log. Sends alert if admin is added or admin account is enabled. Can report using $LocalAdmins$

Read More