Category Archives: Microsoft

VMWare | “Unable to locate the required Sysprep files”

Yes the year is 2016! and Yes we are still converting Server 2003 onto VMware! (I know Server 2003 is dead and 13 years behind the times, but there are still some instances in our organisation that still require it for old bespoke software that can’t be easily moved to Server 2013/2016)

When converting a physical “Server 2003” machine to a virtual machine using VMware Converter this error displays:

“Warning: Unable to locate the required Sysprep files. Upload them under ‘C:\ProgramData\VMware vCentre Converter Standalone\sysprep\svr2003’ on the Converter server machine. See ‘Help’ for more details”

Continue reading

Change Windows 7 “Logon” Background

There’s two types of background images.

  1. Windows Desktop Backgrounds
  2. Windows Logon Backgrounds

This script will add the required flags and permissions to the registry and create the “dummy” jpg files which are used to display the “Logon” background. This is the screen which displays the user logon details (At “Logon”).

echo OFF
set bgfolder=%windir%\system32\oobe\Info\backgrounds\

REM Creates the backgrounds folder
md %bgfolder%

REM Creates the dummy background files
FOR %%f IN (backgroundDefault.jpg background1280x960.jpg background1024x768.jpg background1600x1200.jpg background1440x900.jpg background1920x1200.jpg background1280x768.jpg background1360x768.jpg background1024x1280.jpg background960x1280.jpg background900x1440.jpg background768x1280.jpg background768x1360.jpg) DO echo 2> %bgfolder%%%f 1> NUL

REM Gives all authenticated users the right to write these files
FOR %%f IN (backgroundDefault.jpg background1280x960.jpg background1024x768.jpg background1600x1200.jpg background1440x900.jpg background1920x1200.jpg background1280x768.jpg background1360x768.jpg background1024x1280.jpg background960x1280.jpg background900x1440.jpg background768x1280.jpg background768x1360.jpg) DO icacls %bgfolder%%%f /grant *S-1-5-11:(R,W,M)

REM Forces the use of the custom background permanently
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background /v OEMBackground /t REG_DWORD /d 1 /f
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\System /v UseOEMBackground /t REG_DWORD /d 1 /f

All you then need to do is add the background image you want to this folder directory: %windir%\system32\oobe\Info\backgrounds\

Windows Time Commands | Cheatsheet

Check time service is running (Local & Remote):

sc query w32time
sc \\HOSTNAME query w32time

Displays all local time information (Local & Remote):

w32tm /query /configuration
w32tm /query /configuration /computer:HOSTNAME

Display Windows Time service status (Local & Remote):

w32tm /query /status
w32tm /query /status /computer:HOSTNAME

Display Windows Time service source (Will return one line: local CMOS vs Server) (Local & Remote):

w32tm /query /source
w32tm /query /source /computer:HOSTNAME

Display a list of peers and their status:

w32tm /query /peers

Displays current time (local source)

Time /T

Resync local computer time against time server: (run on all servers, except time server)

w32tm /resync /rediscover 

Force local computer time to update against domain server (Local & Remote):

w32tm /config /syncfromflags:domhier /update
w32tm /resync /rediscover w32tm /resync
w32tm /config /syncfromflags:domhier /update /computer:HOSTNAME
w32tm /resync /rediscover w32tm /resync

Start time server via CLI (Local & Remote)

net start w32time
SC \\HOSTNAME net start w32time

Restore Windows Time Service (if it has been broken)

net stop W32Time
w32tm /unregister
w32tm /register
net start W32Time
sc query W32Time

Set Time Update NTP source

@echo off
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist: 0.uk.pool.ntp.org
w32tm /config /reliable:yes
net start w32time
w32tm /query /peers
PAUSE

Event Viewer Error Message:

Event Type: Error 

Event Source: W32Time 

Event Category: None 
Event ID: 12

Description: Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

To resolve the eventID 12:

  • w32tm /register

Reference: 

DNS | Modify DNS entry CMD

Add/Remove a DNS record without the GUI

Add

dnscmd [ServerName] /recordadd [ZoneName] [NodeName] RRType> <RRData]
dnscmd UK-WDC01 /RecordAdd edwardsd.local UK-ESX01 A 192.168.1.5

Delete

dnscmd <ServerName> /recorddelete <ZoneName> <NodeName> <RRType> <RRData>[/f]
dnscmd UK-WDC01 /recorddelete edwardsd.local UK-ESX01 A 192.168.1.5

Reference: DNSCMD Examples

Windows Commands | Powershell

A few random PowerShell commands in Windows to help complete tasks:

Create New AD User:

New-ADUser -SamAccountName U1 -Name "User 1" -AccountPassword (ConvertToSecureString -AsPlainText "p@ssw0rd" -Force) -Enabled $true -Path 'OU=Test,DC=FABRIKAM,DC=COM'

Displays if “Desktop Experience” is installed:

Get-WindowsFeature *Desktop*

Installs “Desktop Experience” Feature:

Add-WindowsFeature Desktop-Experience

Remove Windows Patches

wusa /uninstall /kb:2952664

Clear all log entries
Although previous logs in event viewer can be helpful for diagnostics, I find old errors sometime cloud the current issues. In order to quickly clear all evertvwr logs entries you can use the following powershell command

wevtutil el | Foreach-Object {Write-Host "Clearing $_"; wevtutil cl "$_"}

Bypass code Execution

Usually if you get this error “PowerShell says “execution of scripts is disabled on this system.” the quick option is to bypass the execution policy:

Set-ExecutionPolicy Unrestricted

HP Proliant Microserver (Gen8) | Windows Server 2012 R2 Storage Drivers

My configuration of the HP Microserver G1810T uses all 4 x HDD disk bays (2 x RAID1) with 1 x HDD (2.5″) attached to the secondary SATA connector on the motherboard.
This 5th disk for the OS was configured under the controller options to use RAID0.

When installing Windows Server 2012 R2 for the first time you will need to specify the B120i controller drivers for Windows to be able to see the disk.
The driver can be downloaded from the HP Microserver webpage and is listed under the “Driver – Storage” section.

The ILO made it easy for me to install Windows remotely from my desktop and attaching virtual media (ISO) and folders. Continue reading

Enable ICMP (Ping) & WMI | CMD Line

Without enabling ICMP ping requests will not get a reply from the server.

Enable ICMP using “netsh firewall” (Old Method):

netsh firewall set icmpsetting 8

Enable ICMP using “netsh advfirewall” (New Method):

netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow

Enable WMI using “netsh advfirewall” (New Method):

netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes

Unable to Access DFS Share | Windows 7 Mapped Drives


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Mapped network drive to DFS share is not allowing access.

“This operation is supported only when you are connected to the server”

If you try to remap the drive with different credentials the following error appears:

The network folder specified is currently mapped using a different username and password.

To connect using a different user name and password, first disconnect any existing mappings to this network share.

Looking in the EventVWR the following is logged:

EventID1004: Path \\Server\DFS transitioned to slow link with latency = 115 and bandwidth = 13265936

  • Rebooting doesn’t fix the issue
  • Remapping doesn’t fix the issue.
  • Entering the direct server UNC path allows full access (as it should)
  • Applied regedit to force Auto Reconnect to the server but still didn’t fix the issue.
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache]
"SilentForcedAutoReconnect"=dword:00000001

Fix:

In the end the really simple workaround was to “Disable Offline File Sync” and reboot the system. All working again!

“Control Panel -> Sync Centre ->  Manage offline files -> Disable Offline Files”

Reference:

http://blogs.technet.com/b/askds/archive/2011/12/14/slow-link-with-windows-7-and-dfs-namespaces.aspx
https://www.conetrix.com/Blog/post/Fixing-Problem-With-Windows-7-Shared-Files-and-Mapped-Drives-Unavailable-Over-VPN.aspx

Windows Backup | Adding Multiple External HDDs


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Windows Backup can be configured to use multiple external hard drives as the target. This way you can setup a hard drive rotation system i.e. Mon: USB_HDD1, Tue: USB_HDD2, Wed: USB_HDD1

Ideally both HDDS (or more) need to be connected at the same time when you configure the backup from the GUI. If you do not have both HDDS connected this can be accomplished using the WBADMIN command line tool.

Locate the HDD identifier using “get disk” and add it to the job using “-addtarget”.

wbadmin get disks
WBADMIN ENABLE BACKUP -addtarget:{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}

Reference:

PSEXEC | Remove File Share Remotely


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Sometime it takes time to go and speak to a user, then stop what they are doing so you can make a change or tweak on their PC/Laptop so I like to do this in the background remotely without their knowledge (Hey! I’m an Admin that’s what I do)

PSEXEC has become a good friend for doing this!
I usually dump the “psexec” exe in the c:\Windows\System32 folder so I don’t have to change CMD paths. (Remember you need to run CMD as the user with access to the remote system for this to work)

Remove Share Remotely:

psexec \\PCNAME net share <SHARENAME> /delete

Map Drive Remotely:

psexec \\PCNAME net use S: \\SERVER\SHARE

RSAT Across Domains | Security database on the server does not have a computer account for this workstation trust relationship


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Problem when trying to use RSAT to remotely administer a different domain.

“Security database on the server does not have a computer account for this workstation trust relationship”

There are numerous blog/forum posts regarding the cause of this error, however most are related to workstations on the local domain not being able to authenticate to the local DC. (The quick fix being to remove the network cable, login with the cached credentials and remove/readd the PC to the domain.

On this occasion I was trying to use RSAT to manage DHCP on an alternative domain. The connectivity is in place with a Non-Transitive Trust between Domain A and Domain B but I was trying to administer Domain C!

The really simple fix was to use the command line “runas /netonly” which allows MMC to run as an alternative user (in the destination domain) seamlessly “/netonly” allows you to run applications as a local user but authenticating over the network as another user.

runas /netonly /user:domain\username "mmc dhcpmgmt.msc /server=DC"

Note: On Windows Server 2008 holding the “shift” key and right clicking on MMC will not display the “runas” function as in Windows Server 2008 R2 or Windows 7. A quick workaround is to use the “ShellRunAs” Sysinternals tools. Simply drag and drop the exe/msc onto the tool and it will prompt to run with alternative credentials.

References: http://ss64.com/nt/runas.html

SubACL & iCALCS


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

SUBINACL (SubInACL.exe)

SubInACL is an alternative command line tool to iCACLS that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain.

iCACLS

iCACLS example of modifying file permissions:

@echo off
REM ** /T = Performs the operation on all specified files in the current directory and its subdirectories.
REM ** /F = Full Access
REM ** /M = Modify Access
if exist "C:\Program Files (x86)" goto 64
icacls "%ProgramFiles%\Folder" /inheritance:e /grant "MyDomain\Domain Users":M /T
goto next
:64
icacls "%ProgramFiles(x86)%\Folder" /inheritance:e /grant "MyDomain\Domain Users":M /T
next
pause

Stop Hung Windows Service


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Obtain task Process ID then use “taskkill”:

sc queryex servicename

Replace ‘servicename’ with the services registry name i.e. “spooler”.

taskkill /f /pid [PID]

Lync 2013 Deployment


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Excellent post on the deployment of Lync 2013 via Script: Unifiedme.co.uk

I customized the Lync installation using the Office /admin application (see above) and then pushed this out to users via script/GPO. This is a very basic script to check whether Lync is already installed, if not then will run the setup.exe using the custom installer in the “updates” folder.

REM Automated Installer for Lync 2013
REM Note the setup.exe uses a custom .MSP to install lync with settings, registry keys and product activation.
 
@echo off
if exist "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" goto quit
if exist "C:\Program Files\Microsoft Office\Office15\lync.exe" goto quit
if exist "C:\Program Files (x86)\Microsoft Lync\communicator.exe" goto quit
:install
\\server\Software\SW_DVD5_Lync_2013_32-BIT_X64_English_MLF_X18-54527\setup.exe
:quit
exit

I’d be interested to know if there is a much better way to do this as it really is very basic and doesn’t include error handling.

Office 2013 | Changing *.OST Location | Regedit


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

This needs a registry update, customize the string value with your OST path.

This is for Office 2013, but can be used with Office 2007/2003 by changing the “15.0” version option.

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\outlook]
"ForceOSTPath"=string:D:\My Documents\Outlook

Once the registry update has been completed, create a new profile (which defaults to this location) and move the old .ost to this directory (same file-name and overwrite the existing .ost)

AD LDAP Attributes | Common Entries


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

List of common LDAP AD fields which can be used with the “DSQuery” or other tools which lookup AD objects.

csvde -m -f c:\DSQueryUsers.csv -d "OU=Users,OU=UK,DC=domain,DC=localm" -r "(&(objectClass=*)(mail=*))" -l displayName,userPrincipalName

In order to simplify the process of creating LDAP queries you can use the SysInternals “Active Directory Explorer” tool to help with this process.

See Below for table:

Continue reading