NeighborGeek

I've just finished configuring Bitlocker on a new server running Server Core 2012R2 with a TPM key protector.  I had to piece together bits from a few sources online to accomplish this, so I will bring together in this one post all of the steps I ended up using. Here's a high level overview of the steps required: Check TPM status Enable & activate TPM if needed Take ownership of TPM Create Bitlocker recovery password Backup recovery password to Active Directory Enable Bitlocker using the TPM as the key protector In order to do this, the server must have a TPM module installed.  Believe it or not, this is still not standard hardware for many servers.  For HP servers, a TPM add-on is available for about $50 as p/n 488069-B21.  If you do have to install a TPM, go into the BIOS and enable the TPM under the security settings, to save yourself some steps later. Now comes the tricky part.  Powershell version 4 added some handy new cmdlets for ma...

For many years, dating back at least to Windows XP, Windows Update has kept a text format log in the Windows directory, which could provide useful information when troubleshooting update issues.  Beginning in Windows 10, this log file (C:\Windows\WindowsUpdate.log) Is no longer used.  If you look for it in the Windows directory, you'll see that the file is still there, but is only 275 bytes, compared to the 1-2MB log files of the past.  The contents of this file now explain that it isn't used anymore, and list a powershell command to get a readable windows update log: As you can see, there is a simple solution in the form of a new powershell cmdlet.  Simply run "get-windowsupdatelog" in powershell, and wait.  You'll see various input and output files scroll by in the powershell window as it parses the new "ETW" (Event Tracing for Windows" formatted logs, located in "c:\windows\logs\windowsupdate\".  When the cmdlet finishes, it wil...