Nice post I stumbled upon regarding DNS scavenging and how it actually works.
“Best Practice Analyzer” shows this should be enabled (But I’ve not seen any posts as to why this isn’t enabled by default)
Yes the year is 2016! and Yes we are still converting Server 2003 onto VMware! (I know Server 2003 is dead and 13 years behind the times, but there are still some instances in our organisation that still require it for old bespoke software that can’t be easily moved to Server 2013/2016)
When converting a physical “Server 2003” machine to a virtual machine using VMware Converter this error displays:
“Warning: Unable to locate the required Sysprep files. Upload them under ‘C:\ProgramData\VMware vCentre Converter Standalone\sysprep\svr2003’ on the Converter server machine. See ‘Help’ for more details”
Restore all Windows 10 default apps
Get-AppxPackage -allusers | foreach {Add-AppxPackage -register "$($_.InstallLocation)\appxmanifest.xml" -DisableDevelopmentMode}
Remove all Windows 10 default apps (from ALL user accounts)
Get-AppxPackage -AllUsers | Remove-AppxPackage
There’s two types of background images.
This script will add the required flags and permissions to the registry and create the “dummy” jpg files which are used to display the “Logon” background. This is the screen which displays the user logon details (At “Logon”).
echo OFF set bgfolder=%windir%\system32\oobe\Info\backgrounds\ REM Creates the backgrounds folder md %bgfolder% REM Creates the dummy background files FOR %%f IN (backgroundDefault.jpg background1280x960.jpg background1024x768.jpg background1600x1200.jpg background1440x900.jpg background1920x1200.jpg background1280x768.jpg background1360x768.jpg background1024x1280.jpg background960x1280.jpg background900x1440.jpg background768x1280.jpg background768x1360.jpg) DO echo 2> %bgfolder%%%f 1> NUL REM Gives all authenticated users the right to write these files FOR %%f IN (backgroundDefault.jpg background1280x960.jpg background1024x768.jpg background1600x1200.jpg background1440x900.jpg background1920x1200.jpg background1280x768.jpg background1360x768.jpg background1024x1280.jpg background960x1280.jpg background900x1440.jpg background768x1280.jpg background768x1360.jpg) DO icacls %bgfolder%%%f /grant *S-1-5-11:(R,W,M) REM Forces the use of the custom background permanently reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background /v OEMBackground /t REG_DWORD /d 1 /f reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\System /v UseOEMBackground /t REG_DWORD /d 1 /f
All you then need to do is add the background image you want to this folder directory: %windir%\system32\oobe\Info\backgrounds\
Check time service is running (Local & Remote):
sc query w32time
sc \\HOSTNAME query w32time
Displays all local time information (Local & Remote):
w32tm /query /configuration
w32tm /query /configuration /computer:HOSTNAME
Display Windows Time service status (Local & Remote):
w32tm /query /status
w32tm /query /status /computer:HOSTNAME
Display Windows Time service source (Will return one line: local CMOS vs Server) (Local & Remote):
w32tm /query /source
w32tm /query /source /computer:HOSTNAME
Display a list of peers and their status:
w32tm /query /peers
Displays current time (local source)
Time /T
Resync local computer time against time server: (run on all servers, except time server)
w32tm /resync /rediscover
Force local computer time to update against domain server (Local & Remote):
w32tm /config /syncfromflags:domhier /update w32tm /resync /rediscover w32tm /resync
w32tm /config /syncfromflags:domhier /update /computer:HOSTNAME w32tm /resync /rediscover w32tm /resync
Start time server via CLI (Local & Remote)
net start w32time
SC \\HOSTNAME net start w32time
Restore Windows Time Service (if it has been broken)
net stop W32Time w32tm /unregister w32tm /register net start W32Time sc query W32Time
Set Time Update NTP source
@echo off net stop w32time w32tm /config /syncfromflags:manual /manualpeerlist: 0.uk.pool.ntp.org w32tm /config /reliable:yes net start w32time w32tm /query /peers PAUSE
Event Viewer Error Message:
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 12
Description: Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
To resolve the eventID 12:
w32tm /registerReference:
Add/Remove a DNS record without the GUI
Add
dnscmd [ServerName] /recordadd [ZoneName] [NodeName] RRType> <RRData]
dnscmd UK-WDC01 /RecordAdd edwardsd.local UK-ESX01 A 192.168.1.5
Delete
dnscmd <ServerName> /recorddelete <ZoneName> <NodeName> <RRType> <RRData>[/f]
dnscmd UK-WDC01 /recorddelete edwardsd.local UK-ESX01 A 192.168.1.5
Reference: DNSCMD Examples
A few random PowerShell commands in Windows to help complete tasks:
Create New AD User:
New-ADUser -SamAccountName U1 -Name "User 1" -AccountPassword (ConvertToSecureString -AsPlainText "p@ssw0rd" -Force) -Enabled $true -Path 'OU=Test,DC=FABRIKAM,DC=COM'
Displays if “Desktop Experience” is installed:
Get-WindowsFeature *Desktop*
Installs “Desktop Experience” Feature:
Add-WindowsFeature Desktop-Experience
Remove Windows Patches
wusa /uninstall /kb:2952664
Clear all log entries
Although previous logs in event viewer can be helpful for diagnostics, I find old errors sometime cloud the current issues. In order to quickly clear all evertvwr logs entries you can use the following powershell command
wevtutil el | Foreach-Object {Write-Host "Clearing $_"; wevtutil cl "$_"}
Bypass code Execution
Usually if you get this error “PowerShell says “execution of scripts is disabled on this system.” the quick option is to bypass the execution policy:
Set-ExecutionPolicy Unrestricted
My configuration of the HP Microserver G1810T uses all 4 x HDD disk bays (2 x RAID1) with 1 x HDD (2.5″) attached to the secondary SATA connector on the motherboard.
This 5th disk for the OS was configured under the controller options to use RAID0.
When installing Windows Server 2012 R2 for the first time you will need to specify the B120i controller drivers for Windows to be able to see the disk.
The driver can be downloaded from the HP Microserver webpage and is listed under the “Driver – Storage” section.
The ILO made it easy for me to install Windows remotely from my desktop and attaching virtual media (ISO) and folders. Continue reading
Without enabling ICMP ping requests will not get a reply from the server.
Enable ICMP using “netsh firewall” (Old Method):
netsh firewall set icmpsetting 8
Enable ICMP using “netsh advfirewall” (New Method):
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
Enable WMI using “netsh advfirewall” (New Method):
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
Mapped network drive to DFS share is not allowing access.
“This operation is supported only when you are connected to the server”
If you try to remap the drive with different credentials the following error appears:
The network folder specified is currently mapped using a different username and password.
To connect using a different user name and password, first disconnect any existing mappings to this network share.
Looking in the EventVWR the following is logged:
EventID1004: Path \\Server\DFS transitioned to slow link with latency = 115 and bandwidth = 13265936
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache] "SilentForcedAutoReconnect"=dword:00000001 |
Fix:
In the end the really simple workaround was to “Disable Offline File Sync” and reboot the system. All working again!
“Control Panel -> Sync Centre -> Manage offline files -> Disable Offline Files”
Reference:
http://blogs.technet.com/b/askds/archive/2011/12/14/slow-link-with-windows-7-and-dfs-namespaces.aspx
https://www.conetrix.com/Blog/post/Fixing-Problem-With-Windows-7-Shared-Files-and-Mapped-Drives-Unavailable-Over-VPN.aspx
Windows Backup can be configured to use multiple external hard drives as the target. This way you can setup a hard drive rotation system i.e. Mon: USB_HDD1, Tue: USB_HDD2, Wed: USB_HDD1
Ideally both HDDS (or more) need to be connected at the same time when you configure the backup from the GUI. If you do not have both HDDS connected this can be accomplished using the WBADMIN command line tool.
Locate the HDD identifier using “get disk” and add it to the job using “-addtarget”.
wbadmin get disks |
WBADMIN ENABLE BACKUP -addtarget:{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} |
Reference:
Sometime it takes time to go and speak to a user, then stop what they are doing so you can make a change or tweak on their PC/Laptop so I like to do this in the background remotely without their knowledge (Hey! I’m an Admin that’s what I do)
PSEXEC has become a good friend for doing this!
I usually dump the “psexec” exe in the c:\Windows\System32 folder so I don’t have to change CMD paths. (Remember you need to run CMD as the user with access to the remote system for this to work)
Remove Share Remotely:
psexec \\PCNAME net share <SHARENAME> /delete |
Map Drive Remotely:
psexec \\PCNAME net use S: \\SERVER\SHARE |
This script will automatically run the “WSUS Server Cleanup Wizard”
This can be added to a scheduled task.
Problem when trying to use RSAT to remotely administer a different domain.
“Security database on the server does not have a computer account for this workstation trust relationship”
There are numerous blog/forum posts regarding the cause of this error, however most are related to workstations on the local domain not being able to authenticate to the local DC. (The quick fix being to remove the network cable, login with the cached credentials and remove/readd the PC to the domain.
On this occasion I was trying to use RSAT to manage DHCP on an alternative domain. The connectivity is in place with a Non-Transitive Trust between Domain A and Domain B but I was trying to administer Domain C!
The really simple fix was to use the command line “runas /netonly” which allows MMC to run as an alternative user (in the destination domain) seamlessly “/netonly” allows you to run applications as a local user but authenticating over the network as another user.
runas /netonly /user:domain\username "mmc dhcpmgmt.msc /server=DC" |
Note: On Windows Server 2008 holding the “shift” key and right clicking on MMC will not display the “runas” function as in Windows Server 2008 R2 or Windows 7. A quick workaround is to use the “ShellRunAs” Sysinternals tools. Simply drag and drop the exe/msc onto the tool and it will prompt to run with alternative credentials.
References: http://ss64.com/nt/runas.html
SUBINACL (SubInACL.exe)
SubInACL is an alternative command line tool to iCACLS that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain.
iCACLS
iCACLS example of modifying file permissions:
@echo off REM ** /T = Performs the operation on all specified files in the current directory and its subdirectories. REM ** /F = Full Access REM ** /M = Modify Access if exist "C:\Program Files (x86)" goto 64 icacls "%ProgramFiles%\Folder" /inheritance:e /grant "MyDomain\Domain Users":M /T goto next :64 icacls "%ProgramFiles(x86)%\Folder" /inheritance:e /grant "MyDomain\Domain Users":M /T next pause |
Obtain task Process ID then use “taskkill”:
sc queryex servicename |
Replace ‘servicename’ with the services registry name i.e. “spooler”.
taskkill /f /pid [PID] |
Excellent post on the deployment of Lync 2013 via Script: Unifiedme.co.uk
I customized the Lync installation using the Office /admin application (see above) and then pushed this out to users via script/GPO. This is a very basic script to check whether Lync is already installed, if not then will run the setup.exe using the custom installer in the “updates” folder.
REM Automated Installer for Lync 2013 REM Note the setup.exe uses a custom .MSP to install lync with settings, registry keys and product activation. @echo off if exist "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" goto quit if exist "C:\Program Files\Microsoft Office\Office15\lync.exe" goto quit if exist "C:\Program Files (x86)\Microsoft Lync\communicator.exe" goto quit :install \\server\Software\SW_DVD5_Lync_2013_32-BIT_X64_English_MLF_X18-54527\setup.exe :quit exit |
I’d be interested to know if there is a much better way to do this as it really is very basic and doesn’t include error handling.
C:\Windows\WINSXS seems to take up a large quantity of space.
To reduce this I used the DISM tool (run as administrator on the server).
DISM.exe /online /Cleanup-Image /spsuperseded
Before:
After:
This needs a registry update, customize the string value with your OST path.
This is for Office 2013, but can be used with Office 2007/2003 by changing the “15.0” version option.
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\outlook] "ForceOSTPath"=string:D:\My Documents\Outlook |
Once the registry update has been completed, create a new profile (which defaults to this location) and move the old .ost to this directory (same file-name and overwrite the existing .ost)
List of common LDAP AD fields which can be used with the “DSQuery” or other tools which lookup AD objects.
csvde -m -f c:\DSQueryUsers.csv -d "OU=Users,OU=UK,DC=domain,DC=localm" -r "(&(objectClass=*)(mail=*))" -l displayName,userPrincipalName |
In order to simplify the process of creating LDAP queries you can use the SysInternals “Active Directory Explorer” tool to help with this process.
See Below for table: