Windows Server File Share Backup Audit with PowerShell and Stale Job Detection
A practical build for a PowerShell script that audits file share backups on a Windows Server and detects stale backup jobs.
Recent Writeups
Review the latest Academy guides, DIY Projects, and Toolchest assets without jumping between section landing pages.
Current Feed
A practical build for a PowerShell script that audits file share backups on a Windows Server and detects stale backup jobs.
Build a Windows patch compliance reporting workflow with PowerShell, scheduled scans, CSV evidence, and rollback notes for the scheduled task and local script files.
Build a Proxmox Backup Server lab with retention policy, backup job evidence, and a monthly restore drill so recovery confidence comes from tested restores.
A practical build for a secure remote administration toolkit using Tailscale for secure networking, along with RDP hardening techniques and access control measures to ensure a safe remote management experience.
A practical build for a lightweight Windows event log collector using PowerShell scripts and scheduled tasks, supporting cleanly incident triage and log management.
Create a self-hosted dashboard that provides live status tiles for your homelab services and quick access to maintenance links.
Turn a Raspberry Pi into a Home Assistant utility node for MQTT and Zigbee2MQTT with an update path you can repeat.
Create a PowerShell toolkit for backup checks, service restarts, and daily status notes in a small lab environment.
Create a reusable PowerShell onboarding script for new Windows workstations: install standard apps, apply baseline settings, and leave behind a process the next tech can run.
Create a PowerShell toolkit for rotating local administrator passwords and checking privileged access drift across Windows machines.
Build a small Proxmox starter cluster with templates, backups, and placement rules you can reuse for later services.
Build a reproducible devcontainer for PowerShell, Terraform, and Azure CLI work so the toolchain is easy to rebuild.
Build a reusable PowerShell software inventory script that exports clean CSV reports from Windows endpoints.
Build a read-only PowerShell permission audit for Windows file shares, export remediation candidates, and preserve evidence for an access review without changing ACLs.
Create a PowerShell health-check pack for Active Directory, DNS, DHCP, and certificate checks in a small Windows network.
Build a home network visibility dashboard with ntopng, syslog, and VLAN summaries for quick traffic checks.
A practical setup for a small office network monitoring stack using LibreNMS for network visibility, syslog for log management, and alert routing for notifications.
Set up a Docker-based Nginx Proxy Manager stack for internal services that need repeatable TLS and routing.
Create a family NAS backup plan with snapshot retention, offsite copy targets, restore notes, and a small proof restore so backup success is based on evidence instead of hope.
A practical setup for a Continuous Integration (CI) pipeline in your homelab that automatically deploys Docker services from GitHub repositories and includes rollback capabilities.
A Raspberry Pi Docker Compose host with health checks, safer update habits, and a small-service layout that is easy to maintain.
A practical setup for a homelab uptime dashboard using Docker and Grafana.
Build a secondary Pi-hole DNS node on a Raspberry Pi, sync core configuration from the primary resolver, and prove client failover before changing router DHCP options.
By completing this guide, you will establish a secure remote access setup using WireGuard and implement split DNS for your self-hosted services.
A homelab monitoring stack that pairs Uptime Kuma status checks with Grafana views, status pages, and escalation rules.
Create a WireGuard jump host for remote access that keeps internal services private and leaves room for MFA-friendly access patterns.
A practical toolkit for a DHCP and DNS audit toolkit using PowerShell. The toolkit will include scripts for checking lease conflicts and exporting the results for further analysis.
Create a TrueNAS replication lab with snapshot schedules and a rollback test so you know the backup path works before you need it.
By following this guide, you will set up a lightweight k3s cluster capable of running self-hosted services with ingress and persistent volumes.
Build a local event pipeline that turns camera and sensor events into Home Assistant automations without depending on a cloud service.
Build a self-hosted Paperless-ngx workflow that turns scanned documents into searchable records and includes a backup check you can repeat.
A smart power monitoring lab that turns Home Assistant energy data into dashboards, thresholds, and household alerts.
A self-hosted Vaultwarden password vault with backups, recovery notes, and practical safeguards for family use.
Build a small identity lab with Authentik and Keycloak so you can test SSO flows, admin access, and recovery steps safely.
By following this guide, you will create a Raspberry Pi-based environmental monitor that tracks rack temperature, power state, and provides service alerts.
A Raspberry Pi travel gateway pattern for secure WireGuard access back to a home lab while away from the trusted network.
A practical setup for a lightweight internal Git repository and script catalog using Gitea, a self-hosted Git service.
Set up a starter log stack with Loki and Grafana so service logs land in one place and can be checked during incidents.
A Jellyfin media utility server with metadata automation, storage hygiene checks, and a repeatable layout for home media libraries.
A family notification hub that uses Home Assistant calendar triggers, quiet hours, and clear escalation rules for household reminders.
By following this guide, you will set up a Home Assistant lab that includes customizable dashboards, automated backups, and organized entities for each room in your home.
Build a backup verification workflow for Hyper-V or Proxmox so restores are tested before an outage forces the question.
A read-only Active Directory stale computer report for last logon, OU, operating system, enabled state, and cleanup planning.
Collect non-replicated lastLogon values from every writable domain controller, calculate the newest observed logon per account, and export evidence suitable for stale-user or stale-computer cleanup decisions without relying on replicated lastLogonTimestamp alone.
PowerShell scanner that checks fixed local drives on Windows servers for root ACL entries where Authenticated Users have broad access. Produces console and CSV evidence so admins can review exposure before any ACL changes.
Reusable starter for Azure Arc onboarding waves using a host CSV, dry-run expectations, per-host logging, and repeatable result tracking suitable for tickets, change records, and post-wave reporting.
Preflight checklist for onboarding Windows servers to Azure Arc. Confirms supported OS state, outbound connectivity, proxy/TLS behavior, local admin rights, target Azure placement, tagging, pilot scope, and rollback notes before any agent install.
Starter template for an Azure Workbook plus Resource Graph evidence pack that shows patch compliance, pending updates, unsupported coverage, and patch-group drift across Azure and Arc-enabled machines.
Operator-ready planning template for Azure Update Manager patch waves covering scope, maintenance windows, reboot tolerance, exclusions, soak periods, rollback contacts, and stop-go criteria before scheduled patching.
A restore-drill evidence template for proving backups are usable, measuring recovery time, and turning failed assumptions into repair tasks before an outage.
Create the local PowerShell helper file that every Ops Stack reporting-compatible script can share. This guide walks through the folder structure, the helper contract, the commented PowerShell implementation, a sample validation run, and the artifacts the helper creates so a new reader can build it from scratch and prove it works.
A read-only certificate inventory that finds local-machine store certificates nearing expiration and captures certificates presented by known TLS endpoints for review.
Use this supporting Insight to capture cloud evidence before changing DNS, bindings, access policy, probes, or service configuration.
Use this supporting Insight to choose whether an automation failure needs logic repair, context repair, retries, or better observability before you change the workflow.
Use this supporting Insight to decide whether a cloud failure should be validated from DNS, identity, gateway, or storage first.
Use this supporting Insight to decide whether a container failure should be validated from runtime, registry, network, or ingress first.
Use this supporting Insight to decide whether an identity or Windows access failure should be validated from DNS, LDAP, Kerberos, or SMB first.
Use this supporting Insight to choose between SSH, service, package, and network validation branches before changing a Linux host.
Use this supporting Insight to choose between WAN handoff, switching, VPN, and policy validation branches before changing the network edge.
Use this when you need to choose the right file-migration path instead of defaulting blindly to Robocopy, PowerShell, rsync, or storage replication.
Use this supporting Insight to compare Windows repair paths before reaching for SFC, DISM, restore workflows, update rollback, or full rebuilds.
Use this supporting Insight to compare a working container path against the failing one before changing image, network, or ingress configuration.
A read-only DHCP scope report that surfaces high utilization, exhausted ranges, and cleanup candidates.
A read-only disk-pressure report that captures low-space context and returns targeted cleanup candidates from known folders without deleting, compressing, or moving anything.
A read-only DNS and DHCP triage checklist that captures client-side evidence, compares DNS paths, and narrows the failure domain before anyone flushes caches or changes records.
A read-only DNS audit that compares forward and reverse lookup results across host lists and expected DNS servers.
A read-only file share audit that records SMB share permissions, NTFS access, and ownership evidence for review.
A practical guide to free network scanning options for host discovery, port inventory, and safe scan scoping.
Use this supporting Insight to compare a working identity or protocol path against the failing one before you change AD, DNS, trust, or service settings.
A read-only IIS inventory that correlates sites, bindings, ports, host headers, app-pool identities, content paths, and certificate thumbprints for migration or renewal work.
Two-phase review checklist for identifying inactive AD user accounts, validating inactivity evidence, applying exclusions, capturing approval, and preparing rollback details before any disable action.
A compact operator note format for capturing symptoms, checks, decisions, and follow-up while the issue is fresh.
A read-only PowerShell inventory starter for collecting installed applications from local or remote Windows endpoints.
Operator checklist for launching an internal IIS-hosted site with evidence capture for IIS role presence, site folder layout, bindings, app pool identity, DNS readiness, browser validation, and rollback notes.
Use this supporting Insight to compare good and broken Linux host behavior before changing services, repositories, or access settings.
A read-only local administrator audit that records privileged group membership across Windows endpoints for review.
Use this supporting Insight to compare a working edge path against the failing one before changing leases, auth, or network policy.
A read-only pending reboot check for Windows servers before patching, application installs, or maintenance-window closure.
Use this parent Insight to troubleshoot admin automation by separating script logic, execution context, dependencies, and validation before rewriting the workflow.
Use this parent Insight to plan cloud app publishing and access troubleshooting around path validation, service boundaries, safe changes, and rollback.
Use this parent Insight to isolate container failures by separating image, runtime, service-networking, and ingress branches before changing the stack.
Use this Insight to plan file-share and data migrations around scope, tool choice, validation, rollback, and evidence before running the copy path.
Use this parent Insight to isolate identity and Windows protocol failures by mapping the failing boundary before changing DNS, AD, SMB, or auth settings.
Use this parent Insight to separate Linux host access, service state, package-source, and network-path failures before making broad system changes.
Use this parent Insight to separate provider handoff, switching, VPN, and edge-policy failures before making broad network changes.
Use this parent Insight to plan Windows recovery around evidence, repair-path choice, validation, and rollback before you change system state.
Concrete PowerShell reporting pattern for turning host-check results into an HTML operations summary with a status rollup, per-host table, failure section, saved local artifacts, and optional email delivery.
Academy-style guide for using the Ops Reporting Foundation helper to turn PowerShell checks into consistent HTML, CSV, JSON, and log artifacts. Start here after creating the helper file, then plug health checks, patch checks, certificate scans, AD hygiene checks, and other collectors into the same reporting pattern.
A concise read-only connectivity triage script that separates DNS, ICMP reachability, and expected TCP-port failures before escalation.
Read-only PowerShell reporting script pattern to identify likely Microsoft NPS or other RADIUS-capable Windows servers using multiple evidence sources: NPS service presence, NPAS role/feature state, IAS/NPS event log activity, UDP 1812/1813 listener evidence, and registry indicators. Designed for migration discovery, audit support, and authentication troubleshooting.
A structured check for RDP failures before changing firewall rules, user rights, or server policy.
A read-only RDP triage script pattern for DNS, TCP 3389, listener state, firewall evidence, sessions, and event logs.
A safer starting point for repeatable Windows file copy jobs with logging and dry-run review.
A safer Robocopy job template with dry-run review, log capture, exit-code interpretation, and migration evidence.
Operator checklist and evidence structure for file migration cutovers using Robocopy. Covers pre-copy checks, dry-run evidence, final sync readiness, exclusion review, validation samples, rollback details, and signoff artifacts suitable for tickets and change records.
A read-only scheduled task inventory that highlights failed runs, missed runs, disabled tasks, and ownership gaps.
A read-only service account discovery pass for Windows services, scheduled tasks, and IIS application pools.
A practical Sysinternals first-response map for process, file handle, startup, network, login, and registry symptoms.
A simple monitoring starter for internal services, homelab systems, and small-office status checks.
Use this when you need a validation model that proves a migrated target is ready before users, apps, or cutover steps depend on it.
Use this supporting Insight to verify Windows and PowerShell execution context before rewriting scripts that may actually be failing for account, shell, path, or environment reasons.
Use this supporting Insight to gather Windows evidence before SFC, DISM, uninstalls, Safe Mode, or other repair commands change the system.
A read-only Windows Firewall audit that records enabled allow rules, ports, profiles, and address scopes.
A read-only Windows Server health snapshot that returns one compact row per host for uptime, disk pressure, memory headroom, stopped automatic services, and recent system errors.
A patch readiness and repair evidence pack for reboot state, servicing health, update logs, and approved repair actions.
A staged Windows Update troubleshooting path that starts read-only and escalates only when needed.
A packet-capture triage guide for DNS, TLS, DHCP, SMB, RDP, retransmissions, and sensitive-data handling.