Category Archives: Windows Server 2008

Delete folder/files | CL


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Methods to delete files via command line: Normally I take ownership of the folder/files (takeown):

takeown /f c:\folder\location /r /d y
  • /r Performs a recursive operation on all files/folders.
  • /d Suppresses the confirmation prompt.
  • y Yes Take ownership of the directory.

Change Permission (icacls):

icacls c:\folder\location /grant administrators:F /t
  • /t Performs a recursive operation on all files/folders.

Delete Process (del): 

del c:\folder\location\*.* /s /q
  • /q Quiet mode, do not ask if ok to delete on global wildcard
  • /s Delete specified files from all sub-directories (DELTREE).
  • /f Force deleting of read-only files.

Delete Process (RD):

RD /S /Q c:\folder\location\
  •  /q Quiet mode, do not ask if OK to delete on global wildcard
  • /s Delete specified files from all sub-directories.

Saving Windows Disk Space | Removing “Installer\$PatchCache$”


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Running out of the diskspace on C:\ I found the C:\WINDOWS\Installer\$PatchCache$ to be massive! I used JamSoftware “treesize” to view what was taking up the space.

From research this folder can be safely deleted, however you MUST NOT delete the top level “Installer” folder “C:\WINDOWS\Installer” (only the sub-folders inside it)

A quick method for deleting this directory is:

Stop “Windows Installer Service”

net stop msiserver

Run the “Remove Directory” command (/q Quiet: /q | Removes all directories and files: /s)

rmdir /q /s %WINDIR%\Installer\$PatchCache$

Start “Windows Installer Service”

net start msiserver

Reference: http://goo.gl/SW5M9

List “Dynamic Distribution Group” members | EMC PowerShell


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

If you need to get a list of AD users in “Dynamic Distribution Groups” then you can use this PowerShell script… here. Only problem is that the script does not export details of Dynamic Distribution Group.

You can list DDG users by running this script using the Exchange Management Shell (EMC)

$Group = Get-DynamicDistributionGroup -Identity "Staff-UK"
Get-Recipient -Filter $Group.RecipientFilter -OrganizationalUnit “domain.com/UK_Users_OU/Branch_Users” | Out-File c:\Staff-UK.txt

“Migrating GPOs Across Domains with GPMC”

I’ve recently updated my Windows Server 2008R2 system to Windows Server 2012. Windows Server 2012 was a fresh install using a different domain name on a new system. My intention was to manually migrated all data from the existing 2008R2 server into the new domain, this included Hyper-V VMs, DHCP and GPOs. There is the option of using ADMT however I required a clean install.

These are the steps I took in order to migrate GPOs from the source server to the destination server with a different domain name.

(Although this was completed from a 2008R2 to 2012 server, the first set of screen shots where created on the new 2012 server for this guide)


Source WS2008R2: Backup the existing GPOs from the GPMC, you need to ensure that the “Group Policy Objects” container is selected for the “Backup Up All” option to be available.

Continue reading

Windows Update | Restart Prompt


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

“RESTART YOUR COMPUTER TO FINISH INSTALLING IMPORTANT UPDATES”

My life would be so much simpler if this prompt didn’t keep showing.

Yes we know Windows has updated…
Yes we know if needs a reboot…
No we can’t do it in the middle of the day… So don’t ask me again in 4hours time or infact ever (until I have rebooted), especially when it’s on a TS / RDS with multiple domain users connecting.

Although I do enjoy (sarcasm) having another email whinging about why the server is prompting for a reboot, when in fact, the update has already been applied. (Yes I do understand this is there for a reason, but sometimes it just isn’t practical to restart servers every-time, every-day of the week, this is what a reboot schedule is for!)
OK. RANT OVER…
I’m not sure why you can’t fully disable this, Microsoft’s way of ensuring you do actually reboot, however there are a few workarounds I’ve listed to help rid of that pesky message.

Temporary Method using CMD:

sc stop wuauserv

GPO Method (gpedit.msc):

Local Computer Policy / Computer Configuration / Administrative Templates / Windows Components / Windows Update / and disable Re-prompt for restart with scheduled installations.

Regedit:

This will allow you to set the 1440min “Re-prompt for restart with scheduled installations” to more that 1440min.
http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx

RDS “Remote App” icons not displaying


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Now and again we get an issue with the Terminal Services (TS) / Remote Desktop Services (RDS) “Remote App” icons not displaying in the RD Web Access interface. The main issue I have to remind users of is that remote apps only display when running Internet Explorer, other browsers don’t want to play nice, however sometimes this isn’t the case and the RDS server needs a reboot to makes this issue disappear. I recently had the problem but the reboot didn’t help.

To fix within Windows (without a reboot) I ran the following:

winmgmt /salvagerepository

Re-registering VSS | FIXVSS08.BAT

I had a number of errors within VSS on Windows Server 2008 R2, these were stopping my backup jobs from running and causing different issues to occur, to resolve these I used the following script to reinitiate VSS settings. This was taken from the following article: Symantec

Note: This will disabled services if running on a live server, so best to complete out-of-hours.

Continue reading

List Domain Users using Script | PowerShell


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

This is custom made code to output all users listed in Active Directory.
This code was rewritten using Powershell in order to make the output more clear and “visually pleasing”

Powershell Option (output to looks like this):

To use:

  1. Paste into notepad.
  2. Save as “DomainMembers.ps1”
  3. Run with Powershell (no progress will be displayed)
  4. Data result will be output to “DomainMembers.txt” located in the C:\DomainMembers.txt This can be specified under the varible ‘$path = “C:\DomainMember.txt”‘

Note:Sometimes the script will not run correctly and the following will be displayed:
“File cannot be loaded because the execution of scripts is disabled on this system”
This security can be removed using the following command.

Set-ExecutionPolicy Unrestricted -Force

Continue reading

Event ID1202 | Security policies were propagated with warning. 0x534

I don’t want to get into the habit of logging every single error and snag I find in the event viewer, but part of my work is closely tided to Group Policy and deployment, therefore thought this would be useful in the further.

I was getting this error listed in the event viewer:

Error: Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.
Category: None
Type: Warning
Event ID: 1202

Continue reading

Windows Update | Error: 80072F78

Since when did Windows update become such a pain to update?

Just for a little background I’ve had this error on a number of occasions. WSUS is installed and configured within the environment, Windows updates are filtered and applied from WSUS (v3.2) running on Server 2003. The clients are configured using an update GPO. Windows firewall on the domain is turned off.

Servers are allowed outbound with no Firewall restrictions on the Cisco ASA

Clients aren’t allowed outbound with Firewall restrictions on the Cisco ASA. (They have internet access via a Proxy Server and I.E. settings are configured via GPO and a PAC file)

Error: 80072F78

After installing a new Windows Server 2008 R2 server I was greeted with this error after adding the server to the domain and performing manual windows updates. The error was displayed after clicking the “Check online for updates from Windows Update” – Although I want to apply the updates from WSUS I wanted to ensure that it was obtaining the latest updates as some may not have been approved.

I checked out some forums and found that this is a known issue with the “authroot.stl” cert installed. I downloaded a newer version and installed:

  1. Download: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  2. Extract
  3. Install (using the default settings, next, next, finish)

This didn’t work straight away until I reset all settings in I.E. 9.0 | after which the error disappeared and I could view the update options (or in my case no updates)

Although this resolved my issue it may not for all! I did find a number of different error codes and suggested fixes on my internet travels, most of these relating to proxy or connection restrictions. Microsoft have documented some debugging steps here: http://support.microsoft.com/kb/836941

Download the “Client Diagnostics Tool”

http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx

netsh winhttp reset proxy

  1. wuauclt.exe /detectnow

Update: OK I thought the above would work… apparently not!

OK the secret is in this file:

C:\windows\windowsupdate.log

Delete the entire registry key HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate

Which will revert the WUAgent to the original installed behavior of Automatic Updates and then set the desired behavior usign the Control Panel | Windows Update dialog.

Reference: 

https://www.trustwave.com/support/kb/KnowledgebaseArticle10726.aspx

Exchange 2010 | OWA Blank page (“HTTP 500” error)


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Scenario: OWA web address shows login prompt and the user is able to logon, but a blank page or “HTTP 500” error displays once logged in. The page may also be blank depending on browser settings and if “show friendly URLs” is selected.

Even after a “IISReset /NoForce” or Server reboot, the problem is not fixed.

Cause: Looks like this problem is related to the “Microsoft Exchange Forms-Based Authentifcation Service” not being started or failed to start. This service can just be started from “services.msc”

net start MSExchangeFBA

Note: a number of posts state this problem is related to not having the”RPC over HTTP Proxy” role installed. However in my case the server had been working successfully.

If you have a new migration or build of Exchange 2010 then you may need to ensure that all required features are installed on the exchange server:

Open "Powershell" run as administrator<br />
Import-Module ServerManager<br />
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart<br />

 

DHCP Netsh | Incorrect IP listed


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

I recently setup a new server on a 192.168.x.x LAN IP range. The server was prepped ready to be taken to another site on the 10.0.x.x range. By pre-creating the DHCP component in the 192. zone it caused the DCHP IP to be listed incorrectly when running the netsh command below. This IP was listed even through all other aspects of DHCP and DNS were configured correctly.

Netsh dhcp show server &gt;&gt; c:\info_dhcp.txt

In order to correct this I used the NETSH tool.

Net stop dhcpserver
Netsh DHCP delete server DHCPserver.local 192.168.x.x
Net start dhcpserver
Netsh DHCP add server DHCPserver.local 10.0.x.x

Reference:

Show Host Name via VBS (ShowHost.vbs)


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Simple script to show host name of the local machine in a popup window add code to “ShowHost.vbs”

Dim Shell
Dim CompName
Set Shell = WScript.CreateObject("WScript.Shell")
CompName = Shell.ExpandEnvironmentStrings("%COMPUTERNAME%")
Msgbox "Your Computer name is " &amp; CompName

“You have been logged on with a temporary profile”

I see this error quite a few times when users logon to the Windows Server 2008 R2 RDS/TS server. The fix is pretty simple.

Use “regedit” and navigate to this entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Find the entry with .bak listed and delete it. When the user logs back in the profile will be recreated.

Source: KB947242

Rename Windows Workstation/PC remotely


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

In order to rename a Windows system remotely you need to use the NETDOM command:

The command has been knocking about for a while now and is standard in Windows 2008. In Windows 2003 you can find it in the Windows Resource Tool Kit

Example:

netdom renamecomputer old_name /newname:new_name /userd:domain_admin_login /passwordd:domain_admin_pwd
netdom renamecompuer domold-W7 /newname:domnew-W7 /userd:administrator /passwordd:Passw0rd

WBAdmin | Daily Backup and Restore via Schedule


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

I’ve been working with the windows backup. One downside of this in Windows 2008 is that you can’t schedule a routine backup job to a network device. A work around is use a scheduled task and the WBAdmin tool.

Scheduled Task: (Create a scheduled task and us the following switches)

wbadmin start backup -backuptarget:\\server\backup$\ -vssFull -allCritical -quiet

This command will backup the entire drive including a system image. I don’t think the “allcritical” will work if you then specify items to exclude.

Show Backups Running:

Wbadmin get status

Full list of switches: cc742083

Continue reading

WinRM for Event Forwarding

Windows Remote Management (WinRM) required by Windows Remote Shell command-line tool, Winrs, event forwarding, and Windows PowerShell 2.0.

WinRM service starts automatically on Windows Server 2008, but must be started manually on Windows Vista.

  • Show WinRM Status: “winrm get winrm/config”
  • Show WinRM Help: “winrm help config”
  • Setup WinRM: “winrm qc” (Quick Config)

Performs the following operations:

  • Starts the WinRM service, and sets the service startup type to auto-start.
  • Configures a listener for the ports that send and receive WS-Management protocol messages using either HTTP or HTTPS on any IP address.
  • Defines ICF exceptions for the WinRM service, and opens the ports for HTTP and HTTPS. (Only for the current user profile)

Reference: http://msdn.microsoft.com/en-us/library/aa384372(v=vs.85).aspx

 

Offline Domain Join (DJoin.exe)


Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

Warning: WP_Syntax::substituteToken(): Argument #1 ($match) must be passed by reference, value given in /homepages/40/d806441738/htdocs/clickandbuilds/edwardsd/work/wp-content/plugins/wp-syntax/wp-syntax.php on line 383

In order to carryout an offline domain join you can use the following steps using an admin account or permissions to perform domain joins etc:

Logon to Domain Controller or Server (2008 / 2008R2)

djoin /provision /domain mydomain.com /Machine WorkstationName /SaveFile C:\Off-CLI.DJoin

/domain – Specifies the name of the domain to join.
/Machine – Specifies the name of the computer that you want to join to the domain.
/SaveFile – Saves provisioning data to a file.

Logon to the client PC/Workstation/Laptop (Windows 7)

djoin /RequestODJ /Loadfile C:\OFF-CLI.Djoin /LOCALOS /WINDOWSPATH %systemroot%

/Loadfile – Specifies the output from a previous provisioning command. (Where the offline file is)
/LOCALOS – Specifies the path to the Windows directory of the offline image.
/WINDOWSPATH – Specifies the path to the Windows directory of the offline image. (who doesn’t put this on c:\??

Don’t try and run this same piece of import code for other machines. The djoin import is unique to the PC name, therefore you will create a conflict. I found this out the hard way by getting “The trust relationship between this workstation and primary domain failed.” Error. If you do get this error message simply run through “My Computer -> Properties -> “Network ID” Wizard” or remove it from the domain and rejoin.

This is a nice little method for easy domain join, although have found that even with the system added to the domain you still can’t login as a user in order to create/setup their profile, so without a fully automated install / setup process it doesn’t save much time.

Microsoft DJoin Syntax: http://goo.gl/J7vsV

Remote Desktop Services (RDS) | Profile Paths

Setup of “Remote Desktop Services Profile” Paths.

This allows the direction/location of user profiles when using “RDS” although this process may seem straight forward, I forgot the config for this (must have been one of those days)

You can also configure this using GPO which will overide this setting. The GPO is located under: “Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles”
If you get the “Your interactive logon privilege has been disabled” in the RDP connection you need to untick the “Deny this user permission to log on to any Terminal Server” Again this can be set using GPO.

Remember the “Local Path” is purely for a local drive i.e. C:\ D:\ and the Profile path can be mapped to a hidden share, this will prevent users getting confused where their files are if they also operate from a home folder which is visible on the network.
Excellent Best Practice on folder redirection in RDS here: http://goo.gl/aF5kB (Probably best just to follow this guide for it all)
Sources: http://technet.microsoft.com/en-us/library/cc742820.aspx

Removing “Help Protect and Improve Microsoft Office” prompt from RDS/TS

  1. Users without administration access are unable to select the desired options on the “Help Protect and Improve Microsoft Office” prompt which is display when first loading Microsoft Office 2010 as they required elevated permissions.

This issue can be resolved via a GPO. Unfortunately Office 2010 GPOs are not integrated into the standard GPOs within Windows Server so require an additional download.

Continue reading