This introductory article is about Infrastructure-as-Code (IaC) and a major player of which, Ansible, its concepts — control node, managed host, inventory, playbook and modules — along with a quick example using an Ansible command to remediate configuration drift of managed computers, so that a specified service on them is running in its desired state.


DevOps is not a Goal, but a never-ending process of continual improvement. — Jez Humble

It is the era of DevOps, where development (Dev) and operation (Ops) are converged and streamlined for the benefit of the business. On the infrastructure side, it is also desired that managing hosts (mostly servers and workstations) be done in a modern way to fit in the DevOps mindset where everything is defined as code to allow for agility which enables continual improvement. …

For file server admins, this Windows batch script provisions (copies) new folders with exact permissions and content from a specified existing folder (template) based on the information inputted by a user via its command-line interface. It hopes to reduce the burden of Windows admins by handling over the task of folder provisioning to users.

It uses robocopy /MIR /COPYALL /ZB to solve the problem where folders copied using Windows Explorer (a.k.a. File Explorer) may not retain unique permissions and inherit permissions from parent folder.

[Go to Download]


  • Accept input from user
    - First name and last name (feel free to modify them for other use cases where…

Designed for Active Directory (AD) admins, this PowerShell script ws-dynamic-group automates the addition or removal of group members in a Windows local or AD domain group based on content in a CSV file or an LDAP query, turning a static group into a dynamic one.

Preventive features such as setting a threshold to avoid deletion of a massive number of group members by mistake, logging and mail alerts are also available.

[Go to Download]

List of Features

  • Keeping track of a specified CSV file for adding or removing group members in a local/domain group by comparing the group members of the file with group members on a system. (For scheduling, add it to a task using the built-in Windows Task Scheduler)
    – If group members exist in CSV file but not in system, add the usernames
    – If group members exist in system but not in CSV file, delete the…

Recently, I received an email invitation about writing an article on working from home (WFH) amid coronavirus outbreak. As an IT professional who still does much work in a traditional face-to-face way, that led to my interest in the topic, resulting in a presentation I have done privately and finally this post — this article discusses a way the pandemic has changed our lives and how I personally cope with it career-wise by getting equipped with desired skills on remote-work marketplaces.

Problem — Coping with Remote Work, the New Normal

A wise person once said the only constant is change — have you noticed what has changed during the pandemic? …

CIS, Center for Internet Security, publishes prescriptive system hardening documents which provide guidance for establishing a secure system configuration on platforms such as Windows. Usually, their Windows hardening documents are over a hundred pages long and would take a long time to perform hardening manually by one person. Thankfully, there is an Infrastructure-as-Code configuration management approach, e.g. the one introduced below leveraging Chef and Inspec, to achieve automation of the hardening process and validating the results.

Image for post
Image for post
Figure 1. Content of harden_winrm.rb, with references from CIS sections as an example of Chef recipes. (This one is from MattTunny/windows_hardening GitHub repository)

Instead of demonstrating the power of infrastructure as code fully, this quick post only aims at introducing the concept by leveraging Chef hardening recipes found on the Internet, showing the steps to perform Windows hardening on a single local machine quickly, which may suit one-time use cases. …

This is an article of work ethics written to encourage my dear young colleague and remind myself.

“You can’t connect the dots looking forward; you can only connect them looking backwards. So you have to trust that the dots will somehow connect in your future. You have to trust in something — your gut, destiny, life, karma, whatever. This approach has never let me down, and it has made all the difference in my life.” — Steve Jobs

What good is it to live each day without a sense of purpose? For all ‘uninteresting’ things that we do now, we must give passion, even if we cannot see the benefit of doing so. That is because we don’t know how the dots will connect in the future. However, they will never do, if we don’t even take heart in living, in doing what we are doing now, right at this second. …

At the time of writing, it is near the end of my twenties. It is a good moment for me to reflect on myself and to share my 2 cents being someone who has the experience. Here are my top 3 dos for all young people in their 20s.

1. Keep learning and strengthening ourselves

“At fifteen, I had my mind bent on learning. At thirty, I stood firm…” — The Analects

This is a popular Chinese saying by Confucius. In my opinion, it is a hint to young people aged between 15 and 30 what they should do — learning as much as possible, as well as what they should work towards — being able to carry the world. …

As a young IT professional in a large enterprise, there were rules I had to learn in order not to go out of line — it was 2011, the first time I ever stepped into the commercial world of IT, where I learned the essentials (and politics) from my supervisor and mentor who always told me not to work hard but work smart. This is a list of IT work ethic reminders I crafted for myself thanks to him.

Image for post
Image for post
Photo by jesse orrico on Unsplash
  1. Most of the time, IT support is a ‘standby job’ — it may be peaceful but we must get prepared for the worst to come anytime. …

Supposed there is a portable Windows application without an installer and uninstaller, how to create them back? In today’s post, we will explore one way to build a Setup.exe using AutoHotkey (AHK), with additional compression of 7-Zip applied to the Setup.exe and remaining files of the portable application for maximum compression, and then wrap it with an outer unattended installer, turning a portable application into an installable one while being suitable also for silent deployment.

The application example, i.e. the application for which a setup is created is AeroZoom. …

General storage failover and failback PowerShell template for Failover Cluster (e.g. Hyper-V) with an easy-to-use interactive console menu

Note: This is a template to ease development. The storage-vendor-specific part of the scripts have to be coded by yourself. An alternative way is to engage professionals to develop the script on one of the freelancing platforms.


There sometimes comes a need to simply complex operations, in this case failover and failback operations of SAN storage replication between sites (e.g. production and DR), for reasons such as letting operators or the less technically-confident colleagues to more easily perform the operations in case of disasters or drill tests. …



IT consultant • infrastructure • hybrid cloud ⛅ • DevOps • check out my utils e.g. AeroZoom 🔎

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store