We use cookies on this page to better serve you. You can find more information about cookies here.

Latest posts

Enable Windows 10 Extended Security Updates
by

On October 14, 2025, Windows 10 reached end of life and no longer receives updates. To keep getting updates, you must upgrade to Windows 11 or enroll in the Windows 10 ESU (Extended Security Updates) program.

In this post, I will show you step by step how to enable the commercial Windows 10 Extended Security Updates and how to mange ESU in non-persistent VDI setups.

Perquisites

  • Windows 10 ESU MAK.

Once you have purchased Windows 10 ESU, you will receive a MAK (Multiple Activation Key).

  • Windows 10 version 22H2.
    • Windows 10 LTSB or LTSC are not eligible for ESU.
  • The following updates must be installed.
    • 2025-10 Cumulative Update for Windows 10 Version 22H2 (KB5066791) or newer.
      • 2025-11 Security Update for Windows 10 Version 22H2 (KB5072653) installed after KB5066791.

The Process

  • Open Command Prompt or PowerShell as admin.

We will use slmgr.vbs which you can use directly or call it from csript. I will call it from csript to keep everything in the command line window. To use csript with slmgr.vbs we just need to prefix the slmgr.vbs command with cscript C:\Windows\System32\.

If you want to read more about slmgr.vbs, my blog post slmgr.vbs goes into detail.

  • First, we need to install the Windows 10 ESU MAK product key. We will do this with the following command slmgr.vbs /ipk YOUR_ESU_PRODUCT_KEY replace YOUR_ESU_PRODUCT_KEY with your Windows 10 ESU MAK product key.

Next, we need to activate the specific ESU component by using its Activation ID.

Read more
IT
ActivationExtended Security UpdatesHow ToLicenseMicrosoftProduct KeyslmgrUpdateVDIWindowsWindows 10Windows Updates

slmgr.vbs
by

slmgr.vbs is the Windows Software Licensing Management Tool, a Microsoft Visual Basic script that comes with Windows and is a core part of the Windows activation system. The full path is C:\Windows\System32\slmgr.vbs.

You can use slmgr.vbs to troubleshoot, activate, change, and uninstall your Windows activation.

In this post, I will show you how to use slmgr.vbs.

Product Key

Windows commonly uses product keys to activate. A Windows product key consists of 5 blocks of 5 alphanumeric characters, totaling 25 characters.

Typically, the following characters are never in a product key: A, E, I, L, O, S, U, Z, 0, 1.

Most product keys are unique, but that isn’t always the case.

  • GVLK (Generic Volume License Key) keys are all the same because Windows won’t fully activate unless it can reach out to a KMS (Key Management Service) host.
  • MAK (Multiple Activation Key) are semi unique product keys. When an organization is issued a MAK, the same product key can be used a limited number of times before it stops working.
  • Generic Retail Keys (sometimes called RTM Keys) are the same product key and are typically used to upgrade from one Windows edition to the next. After the upgrade, a valid product key is needed.
  • AVMA (Automatic Virtual Machine Activation) product keys are all the same because they only activate when running as a guest on a Hyper-V host running an activated version of Windows Server Datacenter.

Application ID

An Application ID is a unique ID for each core component that can be activated with slmgr.vbs.

For example, the Application ID 55c92734-d682-4d71-983e-d6ec3f16059f is for Windows, and 0ff1ce15-a989-479d-af46-f275c6370663 is for Office.

Activation ID

An Activation ID is a unique ID for each component that can be activated. There are a lot of them.

Confirmation ID

A Confirmation ID is typically only provided by Microsoft when activating offline.

Output

By default, slmgr.vbs will output to a new window.

However, if you call slmgr.vbs with cscript instead, you can output everything to the command line.

For example

cscript c:\Windows\System32\slmgr.vbs /ato

Options

ipk

Install Product Key.

  • If you use /ipk with a product key, it installs or replaces the current product key.
Read more
IT
ActivationHow ToLicenseMicrosoftProduct KeyslmgrWindowsWindows 10Windows 11Windows Server

CyberChef
by

CyberChef is a web application with an abundance of tools, including decoding and encoding to and from various formats such as Base64, ROT13, XOR, and Hex. It is often referred to as the Cyber Swiss Army Knife, and I can see why. There are over 400 tools.

I’ve personally used CyberChef on many occasions, most commonly to decode Base64 or PEM certificates. To this day, I am still discovering new tools within CyberChef. Most recently, I’ve found a tool called Magic that helps you decode items with multiple layers of encoding.

A really cool thing about CyberChef is that it is developed and maintained by the GCHQ (Government Communications Headquarters) in the UK, which is the UK’s cyber, security, and intelligence agency.

In this post, I will show you how to use CyberChef and how to host it yourself with Docker and a Cloudflare tunnel.

Using CyberChef

Accessing CyberChef

If you search for CyberChef, there are a few versions online, but the only official version is hosted on the GCHQ GitHub, which can be accessed at https://gchq.github.io/CyberChef/

CyberChef Layout

Once you have accessed CyberChef, you will see four main panels.

The first panel is the tools, also known as operations. The next panel is the recipe. The next two panels are the input and the output.

Baking

To use CyberChef, you need to bake it. Baking consists of using operations to make a recipe.

To make a recipe, you need to drag an operation onto the recipe panel.

For example, if I wanted to decode the following Base64 string VGhpcyBpcyBCYXNlNjQgaW4gQ3liZXJDaGVm.

I would drag the From Base64 operation over to the recipe panel.

Read more
IT
CloudflareCloudflare TunnelCyberChefDockerHome LabHow ToSelf-hostedWeb App

Install or Upgrade Duo Authentication for Windows Logon
by

In this post, I will show you how to use my Duo Authentication for Windows Logon PowerShell scripts to check whether Duo Win Logon is installed, install Duo Win Logon, or upgrade Duo Win Logon.

Previously, I wrote the blog post Upgrading Duo Authentication for Windows Logon. That blog post covered how to upgrade Duo Win Logon using the MSI. However, later on, Duo changed Duo Win Logon enough that the application now requires Microsoft Visual C++ 2022 Redistributable, which is not bundled with the MSI installer but is bundled with the EXE installer.

Another limitation of the MSI deployment is that you need to create a transform file to silently install Duo Win Logon. With the EXE installer version of Duo Win Logon, you can specify everything with silent install arguments.

The PowerShell Scripts

Duo-Win-Logon-Checker.ps1

The first PowerShell script checks if Duo Win Logon is installed and reports its version. It is a refactored version of the duo-checker function from the Duo Win Logon MSI upgrade script.

The script uses the Prog-Finder function from the Install Matrix project.

It also tells you if the version of Duo Win Logon is old. For the old version detection to work correctly, you will need to edit the NewVersion variable. You can check for Duo Win Logon releases by reviewing the Duo Win Logon release notes.

Duo-Win-Logon-Install.ps1

This script uses various functions from the Install Matrix project to install Duo Win Logon.

For this script to work, you will need to edit the InstallArgs variable.

Read more
ITScripts
CiscoDuoDuo WinlogonInstallInstall MatrixMFAPowerShellUpdateUpgrade

Install Matrix
by

At EUC World Amplify 2025, I gave a presentation titled “Transforming Chaos into Control: Mastering Windows App Deployments with Intune“. The presentation covered the ways I’ve been deploying applications with Intune that aren’t just repackaging the same Win32 application each time there’s an update. Instead, I package a PowerShell script as a Win32 application.

If you are interested in the presentation, I created a landing page on GitHub that includes the PowerPoint file. You can find that on my GitHub here.

Presenting the Install Matrix at EUC World Amplify 2025.

During the presentation, I introduced a GitHub project called the Install Matrix that I created in collaboration with a coworker. The goal of the Install Matrix is to modularize each part of a PowerShell install script into functions that can be reused in new PowerShell scripts to install applications. The Install Matrix helps reduce duplicate work, making it quick and easy to package applications and reducing overhead when updating them.

You can check out the Install Matrix GitHub repo here https://github.com/thedxt/Install-Matrix

In this post, I’ll show you how you can use the Install Matrix in your own PowerShell scripts.

Putting it Together

When creating a PowerShell application install script with the Install Matrix, the first step is to set the script’s defaults. Typically, this will include the temp folder, the silent install arguments, and a download URL.

Usually, I define these as CmdletBinding, allowing for simple parameter changes if needed.

Example

  [CmdletBinding()]
  param (
      [string]$TempDir = "C:\Temp",
      [string]$InstallArgs = '/S',
      [string]$DownloadUrl = "https://download.website.com/program.exe"
  )Code language: PowerShell (powershell)

For the download URL, if the application vendor doesn’t have an always-current URL, I recommend setting up your own URL shortener so you can update the URL for new versions without changing the script or repackaging.

Read more
ITScripts
GitHubHow ToInstall MatrixIntunePowerShellRMMScript

Duo Authentication Proxy Upgrade
by

Duo Authentication Proxy is a very useful way to add MFA to LDAP and RADIUS. It is also a way to sync your users with Duo. You can install Duo Authentication Proxy on Windows or Linux.

While older versions of Duo Auth Proxy typically keep working, a Duo certificate expires in February 2026, and you will need to upgrade to version 6.5.1 or higher to avoid being affected.

In this post, I will show you step by step how to upgrade the Duo Authentication Proxy for Windows.

The Process

  • Review the release notes for each Duo Authentication Proxy version between your current and target versions.

Here are the Duo Authentication Proxy release notes.

  • Check the Duo documentation to confirm if you can upgrade directly to the target version.

Typically, you can skip versions when upgrading, but some versions introduce changes that may affect compatibility or functionality, and not all upgrades are backwards compatible. Here is the Duo documentation about skipping versions of the Duo Auth Proxy.

  • Download the new version of the Duo Authentication Proxy.

An always current URL you can use is https://dl.duosecurity.com/duoauthproxy-latest.exe

  • Connect to your Duo Auth Proxy server.
  • Open Services.
  • Stop the service named Duo Security Authentication Proxy Service.
  • Back up the conf and log folders of the Duo Auth Proxy installation.

Typically, they are located in the C:\Program Files\Duo Security Authentication Proxy folder.

Store the backup securely, as it contains your configuration’s passwords and secrets.

Read more
ITScripts
CiscoDuoDuo Auth ProxyHow ToPowerShellScriptUpdateUpgrade

VMware Home Lab Tokens
by

VMware by Broadcom has now enabled home labs to generate tokens and license VCF 9.

Before the change, when you passed a VCP VCF exam, you were eligible for vSphere 8 and VCF 5.2 license keys, but you couldn’t create any tokens, which prevented you from using VCF 9 beyond the 90-day trial.

In this post, I will show you step-by-step how to generate a Broadcom token you can use in your home lab.

Prerequisites

  • VMUG Advantage subscription.
  • Pass a VCP VCF exam.

If you need help studying for the VCP VCF Admin exam, my blog post Passing VCP-VCF Admin Exam goes into detail on how I passed.

  • Complete the home lab licensing process.

My blog post, VMware Home Lab Licensing, goes into detail.

The Process

  • Using the same account you used to complete the home lab licensing process, log in to the Broadcom Support portal https://support.broadcom.com/
  • You will get a message that additional verification is required. Click Yes.
Read more
IT
BroadcomHome LabHow ToLicenseTokenVCFVMUGVMware

I Went to Workplace Ninjas US 2025
by

I recently had the opportunity to attend the very first Workplace Ninjas US conference, which took place in Dallas, Texas, USA, on December 9th and December 10th 2025.

If you’ve never heard of Workplace Ninjas, it is a community of IT professionals focused on Microsoft technologies used in the workplace. Workplace Ninjas US is the US chapter of Workplace Ninjas.

I was very excited to attend Workplace Ninjas US, as this was their first event, and it was the very first Microsoft focused multi-day conference I’ve attended, and many of the presenters are people I follow on social media.

In this post, I will recap my experience at Workplace Ninjas US 2025.

Day 0

My Workplace Ninjas US adventure started on December 8th with a flight from Calgary, Alberta, Canada, directly to Dallas, Texas, USA. I arrived in Dallas around 10 AM local time. Fortunately, even though I was super early, I was able to check into the hotel. The hotel I was staying at was The Highland Dallas. I ended up with room number 403.

Hotel room 403.

Room number 403 is funny to me, since one of Alberta’s area codes is 403, and it’s the forbidden HTTP status code.

On day 0, a hackathon was taking place offsite at Westlake Brewing Company. I made my way to the hackathon to check it out and meet up with a few of my friends. It was really cool to see all the different teams competing in the hackathon.

Workplace Ninjas US 2025 hackathon with friends.

While at the hackathon, I checked in and got my event badge.

Workplace Ninjas US 2025 badge.

Day 1

The first official day of Workplace Ninjas US started with a keynote session where ninjas showed off their ninja skills, which was pretty cool to see. After the ninjas, the keynote kicked off with a presentation by Jason Roszak. Jason spoke about some of the changes coming to Intune and what’s new. One of the biggest announcements recently is that the Intune suite license will be split into the Microsoft E3 and E5 products in 2026. I am very excited about this change, as it will give many customers and me access to new tools.

Read more
Daniel Goes OutsideIT
DallasDaniel Goes OutsideMicrosoftvideovlogWorkplace Ninjasyoutube

Configure locked.properties for Omnissa Horizon
by

In this post, I will show you, step by step, how to configure the locked.properties file for Omnissa Horizon (formerly VMware Horizon) to work with the Omnissa UAG (Unified Access Gateway).

The Omnissa Horizon locked.properties file is a key component of Horizon’s functionality and security.

When the locked.properties file is not configured correctly, Horizon may not start or may be less secure. It can also result in the 421 Unknown error message or the Failed to connect to the Connection Server error message.

An incorrectly configured locked.properties file can cause the Horizon admin page to fail to load and can display the error message Page failed to load. Please refresh the browser to reload the page, and the domain name may not populate.

Prerequisites

  • A UAG configured to use Horizon.

If you need to configure your UAG to work with Horizon, my blog post Configure Omnissa UAG with Omnissa Horizon covers how to do so.

  • Hostnames and FQDNs (or IPs) of your UAG.
  • Hostnames and FQDNs (or IPs) of your Horizon connection server.
  • FQDN that end users connect to.

The Process

  • Connect to your Horizon connection server.
  • Browse to C:\Program Files\Omnissa\Horizon\Server\sslgateway\conf\

On the VMware branded version of Horizon, the path will be C:\Program Files\VMware\VMware View\Server\sslgateway\conf.

  • Open the locked.properties file in Notepad.

If you need to create the locked.properties file, my blog post Omnissa Horizon locked.properties Settings covers how to make the locked.properties file.

  • Configure the balancedHost setting.

The value for the balanced host setting should be the external FQDN URL that users connect to. You should configure this value regardless of whether a load balancer is in use.

In my example, to connect to Horizon, users use the FQDN horizon.thedxt.ca. I will add the line balancedHost=horizon.thedxt.ca to the locked.properties file.

If your users connect to more than one FQDN or load balancer, you can enter multiple balancedHost entries by adding .Number to it.

Example

balancedHost.1=horizon.thedxt.ca
balancedHost.2=horizon-test.thedxt.ca

  • Configure the portalHost setting.

The value for the portal host setting should be the FQDN and hostname of your UAG and Horizon connection server.

Read more
IT
EUCHow ToOmnissaOmnissa HorizonVMware Horizon

Configure Omnissa UAG with Omnissa Horizon
by

In this post, I will show you step by step how to configure the Omnissa UAG (Unified Access Gateway) to work with Omnissa Horizon (formerly VMware Horizon).

Prerequisites

  • Horizon connection server installed.

If you need to learn how, my post Install Horizon Connection Server details all the steps.

  • Horizon connection server with a certificate installed.
  • Horizon connection server certificate thumbprint.

If you need to learn how, my post Install Omnissa Horizon Connection Server Certificate details all the steps.

  • UAG deployed.

If you need to learn how, my post Deploy Omnissa UAG on VMware vCenter details all the steps.

The Process

  • Log in to the UAG.
  • Select Configure Manually.
  • Click the Edge Service Settings toggle to view the settings.
  • Click the gear icon next to Horizon Settings.
  • Click the toggle to Enable Horizon to view the Horizon settings.
Read more
IT
EUCHow ToOmnissaOmnissa HorizonUnified Access GatewayVMware Horizon
theDXT on GitHub
theDXT on X (Twitter)
theDXT on YouTube