Without enabling ICMP ping requests will not get a reply from the server.
Enable ICMP using “netsh firewall” (Old Method):
netsh firewall set icmpsetting 8
Enable ICMP using “netsh advfirewall” (New Method):
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
Enable WMI using “netsh advfirewall” (New Method):
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
Sometime it takes time to go and speak to a user, then stop what they are doing so you can make a change or tweak on their PC/Laptop so I like to do this in the background remotely without their knowledge (Hey! I’m an Admin that’s what I do)
PSEXEC has become a good friend for doing this!
I usually dump the “psexec” exe in the c:\Windows\System32 folder so I don’t have to change CMD paths. (Remember you need to run CMD as the user with access to the remote system for this to work)
Remove Share Remotely:
psexec \\PCNAME net share <SHARENAME> /delete |
Map Drive Remotely:
psexec \\PCNAME net use S: \\SERVER\SHARE |
Formatting a USB Flash Drive using the “diskpart” utility:
Diskpart also resolves issues with formatting within Windows GUI:
Error: “Format Cannot Run because the volume is in use by another process” & “Will not format – unknown capacity”
CMD
diskpart list volume select volume X clean create partition primary format fs=ntfs quick label=DATA assign letter X
Although SNMP traps can be configured within Windows VMs installed on the VMWare host it can also be configured to report directly from ESXi. This configuration helps monitoring software such as Solarwinds or Spiceworks.
Configure ESXi SNMP via CLI (with Prompts):
Download/Install: VMware vSphere CLI 5.1
@echo off echo Enter the FQDN of the host: set /p hostname= echo Enter the root password: set /p password= set user=root "C:\Program Files (x86)\VMware\VMware vSphere CLI\bin\vicfg-snmp.pl" --server %hostname% --username %user% --password %password% -c ESX -t 200.200.200.200@161/ESX --enable "C:\Program Files (x86)\VMware\VMware vSphere CLI\bin\vicfg-snmp.pl" --server %hostname% --username %user% --password %password% -show >> c:\ESXi_SNMP.log pause |
Excellent post on the deployment of Lync 2013 via Script: Unifiedme.co.uk
I customized the Lync installation using the Office /admin application (see above) and then pushed this out to users via script/GPO. This is a very basic script to check whether Lync is already installed, if not then will run the setup.exe using the custom installer in the “updates” folder.
REM Automated Installer for Lync 2013 REM Note the setup.exe uses a custom .MSP to install lync with settings, registry keys and product activation. @echo off if exist "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" goto quit if exist "C:\Program Files\Microsoft Office\Office15\lync.exe" goto quit if exist "C:\Program Files (x86)\Microsoft Lync\communicator.exe" goto quit :install \\server\Software\SW_DVD5_Lync_2013_32-BIT_X64_English_MLF_X18-54527\setup.exe :quit exit |
I’d be interested to know if there is a much better way to do this as it really is very basic and doesn’t include error handling.
“Show uptime of multiple computers” – Looking after multiple servers, I wanted to check which have rebooted and require rebooting due to windows updates. In order to interrogate multiple servers I can use the Sysinternals “PSTools”
Multiple Servers: (Output to txt)
psinfo uptime \\* c:\ShowSystemUptimesReport.txt |
Uptime = Shows only uptime
\* = checked every pc on the local network
> c:\inventory.txt = Outputs file to this location
Example:
psinfo uptime \\Server-DC1,Server-DC2 > c:\ShowSystemUptimesReport.txt |
Single server: (without tools)
systeminfo | find "System Boot Time:" |
This needs a registry update, customize the string value with your OST path.
This is for Office 2013, but can be used with Office 2007/2003 by changing the “15.0” version option.
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\outlook] "ForceOSTPath"=string:D:\My Documents\Outlook |
Once the registry update has been completed, create a new profile (which defaults to this location) and move the old .ost to this directory (same file-name and overwrite the existing .ost)
List of common LDAP AD fields which can be used with the “DSQuery” or other tools which lookup AD objects.
csvde -m -f c:\DSQueryUsers.csv -d "OU=Users,OU=UK,DC=domain,DC=localm" -r "(&(objectClass=*)(mail=*))" -l displayName,userPrincipalName |
In order to simplify the process of creating LDAP queries you can use the SysInternals “Active Directory Explorer” tool to help with this process.
See Below for table:
There are a couple of tools for creating objects in AD:
I’ve been looking for a simple method to add trusted sites into Internet Explorer 10 since they removed the “Internet Explorer Maintenance” (“The Internet Explorer Maintenance (IEM) snap-in is replaced by the Internet Explorer 10 preference extension”) options from the Server 2012 GPO.
Unfortunately a number of the methods for “adding trusted sites” prevent the local user from being able to customise the list with any additional sites. The method below is the quickest I have found to add a site to the “trusted sites” whilst also allowing users customisation. The following will add “work.edwardsd.co.uk” to the trust sites list:
*.BAT File Method:
REM See http://technet.microsoft.com/en-us/library/cc732643.aspx for Reg Commands/Switches REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\edwardsd.co.uk\work" /v "http" /t REG_DWORD /d 00000002 /Y |
*.REG Method:
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\edwardsd.co.uk\work] "https"=dword:00000002 |
Note: The dword number represents the following values:
"https"=dword:00000001 "https"=dword:00000002 "https"=dword:00000003 "https"=dword:00000004 |
GPO Method:
The alternative option would be to use a GPO, usually my preference however I found this a little bit more complex so opted for the *.BAT option. This is a top site for GPO guides: GPO to configure IE zones sites (remember if you use this method the users can’t make changes themselves, but great for a controlled environment.
If “Cached Exchange Mode” in Outlook is grayed it can be switched on/off via regedit.
To Enable OST files and switch cached exchange mode on:
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\outlook\ost] "NoOST"=dword:00000000 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\outlook\cached mode] "Enable"=dword:00000001 |
To Disable OST files and switch cached exchange mode off:
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\outlook\ost] "NoOST"=dword:00000002 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\outlook\cached mode] "Enable"=dword:00000000 |
You can also enabled/disable cached exchange mode for shared mail folders (note this is only slightly different and contained under “Policies”):
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\OST] "NoOST"=dword:00000002 [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Cached Mode] "CacheOthersMail"=dword:00000000 |
Reference: KB982697
View Office License/Product Key installed:
cscript "C:\Program Files\Microsoft Office\Office14\OSPP.VBS" /dstatus |
Office 2010 (32-bit) on a 64-bit version of Windows
cscript "C:\Program Files (x86)\Microsoft Office\Office14\OSPP.VBS" /dstatus |
Office 2010 (64-bit) on a 64-bit version of Windows
cscript "C:\Program Files\Microsoft Office\Office14\OSPP.VBS" /dstatus |
Office 2013 (32-bit) on a 32-bit version of Windows
cscript "C:\Program Files\Microsoft Office\Office15\OSPP.VBS" /dstatus |
Office 2013 (32-bit) on a 64-bit version of Windows
cscript "C:\Program Files (x86)\Microsoft Office\Office15\OSPP.VBS" /dstatus |
Office 2010 (64-bit) on a 64-bit version of Windows
cscript "C:\Program Files\Microsoft Office\Office15\OSPP.VBS" /dstatus |
Install Office Key via *.BAT file:
cd c:\Program Files (x86)\Microsoft Office\Office14 cscript ospp.vbs /inpkey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX cscript ospp.vbs /act |
Change Office License/Product Key installed:
Quickest method I use for Office 2010 to prompt for a new license/product key (and remove the existing one entered):
Regedit -> right click “Registration” and delete the entire key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Registration |
When you load Office, it should now prompt you to enter the license/product key.
Basic PAC file configuration. The browser can be configured to point to this file (proxy.pac) in order to direct the browser traffic to the correct Gateway Proxy server. The path can be configured to use a public URL such as http://proxy.domain.com/_proxy/proxy.pac.
Internet Explorer -> Tools -> Internet Options -> Connections -> LAN Settings -> Automatic Configuration -> Use Automatic configuration script
Methods to delete files via command line: Normally I take ownership of the folder/files (takeown):
takeown /f c:\folder\location /r /d y
Change Permission (icacls):
icacls c:\folder\location /grant administrators:F /t
Delete Process (del):
del c:\folder\location\*.* /s /q
Delete Process (RD):
RD /S /Q c:\folder\location\
Example using RD to remove a troublesome files that just wouldn’t delete:
Running out of the diskspace on C:\ I found the C:\WINDOWS\Installer\$PatchCache$ to be massive! I used JamSoftware “treesize” to view what was taking up the space.
From research this folder can be safely deleted, however you MUST NOT delete the top level “Installer” folder “C:\WINDOWS\Installer” (only the sub-folders inside it)
A quick method for deleting this directory is:
Stop “Windows Installer Service”
net stop msiserver |
Run the “Remove Directory” command (/q Quiet: /q | Removes all directories and files: /s)
rmdir /q /s %WINDIR%\Installer\$PatchCache$ |
Start “Windows Installer Service”
net start msiserver |
Reference: http://goo.gl/SW5M9
I often use Robocopy when migrating/copying data from file servers.
When running the copy process to transfer data from Windows Server 2003 to Windows Server 2008 I usually run robocopy from the destination server (usually the newer server) in order that it will use version XP027 (5.1.10) There are a number of flaws in XP026 and also requires a seperate download Windows 2003 Resource Kit to obtain it.
This is the main syntax I use to perform a full copy.
robocopy D:\Source E:\Destination /MIR /R:1 /W:1 /COPYALL |
Example, when copying from another server (using UNC):
robocopy \\myserver\e$\data E:\data /MIR /R:1 /W:1 /COPYALL |
Although “/MIR” is mirroring the data, this will not actually copy the ACL permissions, therefore you will need to ensure that /COPYALL is included. I’ve copied a whole load of data before without including this only to find I have had to recopy to correct the ACL.
/COPYALL : Copy ALL file info (equivalent to /COPY:DATSOU) including timescamps, permissions, ACL, other attributes.
/MIR : MIRror a directory tree – equivalent to /PURGE plus all subfolders (/E)
/R:n : Number of Retries on failed copies – default is 1 million.
/W:n : Wait time between retries – default is 30 seconds.
Sometimes the copy may set the top level folder to “hidden” This can be un-hidden using the “attrib” command:
attrib -h -s E:\data |
-s : Removes the system file attribute.
-h : Removes the hidden file attribute.
This will display a popup showing whether UAC is “Evalated” or “Not Evalated” using VBS
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | Dim oShell, oExec, szStdOut szStdOut = "" Set oShell = CreateObject("WScript.Shell") Set oExec = oShell.Exec("whoami /groups") Do While (oExec.Status = cnWshRunning) WScript.Sleep 100 if not oExec.StdOut.AtEndOfStream then szStdOut = szStdOut & oExec.StdOut.ReadAll end if Loop select case oExec.ExitCode case 0 if not oExec.StdOut.AtEndOfStream then szStdOut = szStdOut & oExec.StdOut.ReadAll end if if instr(szStdOut,"S-1-16-12288") Then wscript.echo "Elevated" else if instr(szStdOut,"S-1-16-8192") Then wscript.echo "Not Elevated" else wscript.echo "Unknown!" end if end if case else if not oExec.StdErr.AtEndOfStream then wscript.echo oExec.StdErr.ReadAll end if end select |
Thanks to: http://blogs.technet.com/b/jhoward/archive/2008/11/19/how-to-detect-uac-elevation-from-vbscript.aspx
I had a number of errors within VSS on Windows Server 2008 R2, these were stopping my backup jobs from running and causing different issues to occur, to resolve these I used the following script to reinitiate VSS settings. This was taken from the following article: Symantec
Note: This will disabled services if running on a live server, so best to complete out-of-hours.
@ECHO OFF REM ###################### START SCRIPT ###################### if exist "C:\Program Files (x86)" goto end REM x86 >> c:\somelog86file.txt robocopy "C:\Program Files (x86)\Test" D:\Test >> c:\somelogfile.txt exit :end REM x64 >> c:\somelog64file.txt robocopy "C:\Program Files\Test" D:\Test >> c:\somelogfile.txt exit
This is custom made code to output all users listed in Active Directory.
This code was rewritten using Powershell in order to make the output more clear and “visually pleasing”
Powershell Option (output to looks like this):
To use:
Note:Sometimes the script will not run correctly and the following will be displayed:
“File cannot be loaded because the execution of scripts is disabled on this system”
This security can be removed using the following command.
Set-ExecutionPolicy Unrestricted -Force |