“Migrating GPOs Across Domains with GPMC”

2 Replies

I’ve recently updated my Windows Server 2008R2 system to Windows Server 2012. Windows Server 2012 was a fresh install using a different domain name on a new system. My intention was to manually migrated all data from the existing 2008R2 server into the new domain, this included Hyper-V VMs, DHCP and GPOs. There is the option of using ADMT however I required a clean install.

These are the steps I took in order to migrate GPOs from the source server to the destination server with a different domain name.

(Although this was completed from a 2008R2 to 2012 server, the first set of screen shots where created on the new 2012 server for this guide)

Source WS2008R2: Backup the existing GPOs from the GPMC, you need to ensure that the “Group Policy Objects” container is selected for the “Backup Up All” option to be available.

gpo01_backup_gpos

Continue reading →

Enable/Disable UAC | VBS

This will display a popup showing whether UAC is “Evalated” or “Not Evalated” using VBS

Dim oShell, oExec, szStdOut
 
szStdOut = ""
Set oShell = CreateObject("WScript.Shell")
Set oExec = oShell.Exec("whoami /groups")
 
Do While (oExec.Status = cnWshRunning)
WScript.Sleep 100
if not oExec.StdOut.AtEndOfStream then
szStdOut = szStdOut &amp; oExec.StdOut.ReadAll
end if
Loop
select case oExec.ExitCode
case 0
if not oExec.StdOut.AtEndOfStream then
szStdOut = szStdOut &amp; oExec.StdOut.ReadAll
end if
if instr(szStdOut,"S-1-16-12288") Then
wscript.echo "Elevated"
else
if instr(szStdOut,"S-1-16-8192")  Then
wscript.echo "Not Elevated"
else
wscript.echo "Unknown!"
end if
end if
case else
if not oExec.StdErr.AtEndOfStream then
wscript.echo oExec.StdErr.ReadAll
end if
end select

Thanks to: http://blogs.technet.com/b/jhoward/archive/2008/11/19/how-to-detect-uac-elevation-from-vbscript.aspx

Yamaha RX-V671 | “PCM” Output

I own a Yamaha RX-V671 Amp which my media PC is connected to via HDMI. One of the issues I get is that when playing audio via the HDMI output, the Yamaha amp display shows “PCM” when I need this to display “Dolby Digital” or “DTS”.

In layman’s terms Pulse Code Modulation (PCM) is a digital scheme for transmitting analog data. Basically this means that the media PC converts the audio into digital and sends this to the amp to output. My objective is for the media PC to output the audio in the original format and let the Amp do the processing (whereby this should display “Dolby Digital” or “DTS” etc.

One of the main methods for playing Videos on the Media PC is by using Kazaa Codec Pack and Media Player included with the install. A quick way to install this is by using www.ninite.com and selecting “Kazaa Codec” pack.

When playing video/audio through Media Player classic, the default installation will output audio via PCM, to correct this, you need to modify the “output” settings on the “FFDShow Audio Decoder Configuration” and enable the “Pass-through” options. The FFDShow icon will display in the taskbar when you play content using it.

FFDShow_Audio_Decoded_Configuration

Windows Update | Restart Prompt

“RESTART YOUR COMPUTER TO FINISH INSTALLING IMPORTANT UPDATES”

windows_update_restart_reminder

My life would be so much simpler if this prompt didn’t keep showing.

Yes we know Windows has updated…
Yes we know if needs a reboot…
No we can’t do it in the middle of the day… So don’t ask me again in 4hours time or infact ever (until I have rebooted), especially when it’s on a TS / RDS with multiple domain users connecting.

Although I do enjoy (sarcasm) having another email whinging about why the server is prompting for a reboot, when in fact, the update has already been applied. (Yes I do understand this is there for a reason, but sometimes it just isn’t practical to restart servers every-time, every-day of the week, this is what a reboot schedule is for!)
OK. RANT OVER…
I’m not sure why you can’t fully disable this, Microsoft’s way of ensuring you do actually reboot, however there are a few workarounds I’ve listed to help rid of that pesky message.

Temporary Method using CMD:

sc stop wuauserv

GPO Method (gpedit.msc):

Local Computer Policy / Computer Configuration / Administrative Templates / Windows Components / Windows Update / and disable Re-prompt for restart with scheduled installations.

Regedit:

This will allow you to set the 1440min “Re-prompt for restart with scheduled installations” to more that 1440min.
http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx

RDS “Remote App” icons not displaying

Now and again we get an issue with the Terminal Services (TS) / Remote Desktop Services (RDS) “Remote App” icons not displaying in the RD Web Access interface. The main issue I have to remind users of is that remote apps only display when running Internet Explorer, other browsers don’t want to play nice, however sometimes this isn’t the case and the RDS server needs a reboot to makes this issue disappear. I recently had the problem but the reboot didn’t help.

To fix within Windows (without a reboot) I ran the following:

winmgmt /salvagerepository

rds_remoteapps_no_icons

Re-registering VSS | FIXVSS08.BAT

I had a number of errors within VSS on Windows Server 2008 R2, these were stopping my backup jobs from running and causing different issues to occur, to resolve these I used the following script to reinitiate VSS settings. This was taken from the following article: Symantec

Note: This will disabled services if running on a live server, so best to complete out-of-hours.

Continue reading →

Script using x86/x64 detection | BAT

@ECHO OFF
REM ###################### START SCRIPT ######################
if exist "C:\Program Files (x86)" goto end
REM x86 >> c:\somelog86file.txt
robocopy "C:\Program Files (x86)\Test" D:\Test >> c:\somelogfile.txt
exit
:end
REM x64 >> c:\somelog64file.txt
robocopy "C:\Program Files\Test" D:\Test >> c:\somelogfile.txt
exit

Cisco ASA 5505 | Basic CL

Factory Reset | ASA5505

Attach Console Cable
Load Putty, connect on “Console”
Type ‘ena’ to go to enable mode. Enter the password, or just press enter if there is no password set.
Type ‘config t’
Type ‘config factory-default’
Hit spacebar when the ‘more’ thing happens. You want to get back to the prompt that looks like: ‘ciscoasa(config)#’
Type ‘reload save-config noconfirm’
Make sure that the outside line is plugged into port zero, and your pc is plugged into any of the ports 1-7.
The Cisco ASA has been reset to factory settings. DHCP is enabled on the cisco device, and it’s internal IP address is now 192.168.1.1!
If you had an enable password set, you may need to enter that in the password box when you try to connect using the ASDM. Otherwise the default username and password is to leave both blank.
Default Password: cisco

Output Config inc. ikev1 pre-shared-key | ASA5505

more system:run

Export Config:

copy runnin-config tftp
config000001
&lt;your TFTP IP&gt;

List Domain Users using Script | PowerShell

1 Reply

This is custom made code to output all users listed in Active Directory.
This code was rewritten using Powershell in order to make the output more clear and “visually pleasing”

Powershell Option (output to looks like this):

DomUinfoExample

To use:

Paste into notepad.
Save as “DomainMembers.ps1”
Run with Powershell (no progress will be displayed)
Data result will be output to “DomainMembers.txt” located in the C:\DomainMembers.txt This can be specified under the varible ‘$path = “C:\DomainMember.txt”‘

Note:Sometimes the script will not run correctly and the following will be displayed:
“File cannot be loaded because the execution of scripts is disabled on this system”
This security can be removed using the following command.

Set-ExecutionPolicy Unrestricted -Force

Continue reading →

Event ID1202 | Security policies were propagated with warning. 0x534

I don’t want to get into the habit of logging every single error and snag I find in the event viewer, but part of my work is closely tided to Group Policy and deployment, therefore thought this would be useful in the further.

I was getting this error listed in the event viewer:

Error: Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.
Category: None
Type: Warning
Event ID: 1202

EventID_1202

Continue reading →

Windows & Office Key Activation / Removal

Windows Keys (slmgr):

Change Windows Product Key & Activate:

cmd

slmgr -ipk your-mak-key-here

slmgr -ato

Office Keys (ospp.vbs):

In order to deactivate an Office license you can use the “ospp.vbs” script located in the Office 2010 Installation directory.

This allows for a number of functions, my objective being the deactivation of a activated MAK for Visio & Office 2010.

These are the steps take for this scenario:

CD C:\Program Files\Microsoft Office\Office14

or

CD C:\Program Files (x86)\Microsoft Office\Office14

(32-bit Office 2010 on a 64-bit OS)

Displays a list of Office Product keys installed / Make a note of the Last 5 char of key to be removed:

script ospp.vbs /dstatus

Remove Office Product key activation:

cscript ospp.vbs /unpkey:M9TKQ

Windows Update | Error: 80072F78

Since when did Windows update become such a pain to update?

Just for a little background I’ve had this error on a number of occasions. WSUS is installed and configured within the environment, Windows updates are filtered and applied from WSUS (v3.2) running on Server 2003. The clients are configured using an update GPO. Windows firewall on the domain is turned off.

Servers are allowed outbound with no Firewall restrictions on the Cisco ASA

Clients aren’t allowed outbound with Firewall restrictions on the Cisco ASA. (They have internet access via a Proxy Server and I.E. settings are configured via GPO and a PAC file)

Error: 80072F78

After installing a new Windows Server 2008 R2 server I was greeted with this error after adding the server to the domain and performing manual windows updates. The error was displayed after clicking the “Check online for updates from Windows Update” – Although I want to apply the updates from WSUS I wanted to ensure that it was obtaining the latest updates as some may not have been approved.

Windows7Update_Error80072F78

I checked out some forums and found that this is a known issue with the “authroot.stl” cert installed. I downloaded a newer version and installed:

Download: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Extract
Install (using the default settings, next, next, finish)

This didn’t work straight away until I reset all settings in I.E. 9.0 | after which the error disappeared and I could view the update options (or in my case no updates)

Windows7Update_UpToDate

Although this resolved my issue it may not for all! I did find a number of different error codes and suggested fixes on my internet travels, most of these relating to proxy or connection restrictions. Microsoft have documented some debugging steps here: http://support.microsoft.com/kb/836941

Download the “Client Diagnostics Tool”

http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx

netsh winhttp reset proxy

wuauclt.exe /detectnow

Update: OK I thought the above would work… apparently not!

OK the secret is in this file:

C:\windows\windowsupdate.log

Delete the entire registry key HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate

Which will revert the WUAgent to the original installed behavior of Automatic Updates and then set the desired behavior usign the Control Panel | Windows Update dialog.

Reference:

https://www.trustwave.com/support/kb/KnowledgebaseArticle10726.aspx

Extract/Install MSI from EXE | CL

Extract MSI from EXE via CMD Line:

myfile.exe /extract:D:\MyExtractFileLocation

Install MSI via CMD Line:

msiexec /i /myfile.msi /qn ACCEPTEULA=1

For Quiet Install use: /qn

Exchange 2010 | OWA Blank page (“HTTP 500” error)

Scenario: OWA web address shows login prompt and the user is able to logon, but a blank page or “HTTP 500” error displays once logged in. The page may also be blank depending on browser settings and if “show friendly URLs” is selected.

Even after a “IISReset /NoForce” or Server reboot, the problem is not fixed.

Cause: Looks like this problem is related to the “Microsoft Exchange Forms-Based Authentifcation Service” not being started or failed to start. This service can just be started from “services.msc”



net start MSExchangeFBA
net start MSExchangeFBA

Note: a number of posts state this problem is related to not having the”RPC over HTTP Proxy” role installed. However in my case the server had been working successfully.

If you have a new migration or build of Exchange 2010 then you may need to ensure that all required features are installed on the exchange server:

Open "Powershell" run as administrator<br />
Import-Module ServerManager<br />
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart<br />

Office 365 Adding Distribution Group Owner | Powershell

Some migrations of Microsoft Business Productivity Online Services (BPOS) to Office 365 would result in the owner of “Distribution Groups” being blank with no access to update this even by the 365 administrator:

Here’s the Powershell to resolve this:

"Microsoft Online Services Module for Windows PowerShell"

Set-ExecutionPolicy unrestricted

$cred = Get-Credential

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri <a href="https://ps.outlook.com/powershell">https://ps.outlook.com/powershell</a> -Credential $cred -Authentication Basic -AllowRedirection

$importresults = Import-PSSession $session

Set-DistributionGroup -Identity "DG_Name_or_Alias" -ManagedBy &lt;<a href="mailto:user@domain.com">user@domain.com</a>&gt;-BypassSecurityGroupManagerCheck

Note: you do not need the > and < symbols and the alias does not need to include the domain name. If you do not receive an error in red text then the process is complete. There is no visual confirmation message once complete.

DHCP Netsh | Incorrect IP listed

I recently setup a new server on a 192.168.x.x LAN IP range. The server was prepped ready to be taken to another site on the 10.0.x.x range. By pre-creating the DHCP component in the 192. zone it caused the DCHP IP to be listed incorrectly when running the netsh command below. This IP was listed even through all other aspects of DHCP and DNS were configured correctly.

Netsh dhcp show server &gt;&gt; c:\info_dhcp.txt

In order to correct this I used the NETSH tool.

Net stop dhcpserver
Netsh DHCP delete server DHCPserver.local 192.168.x.x
Net start dhcpserver
Netsh DHCP add server DHCPserver.local 10.0.x.x

Reference:

HP Proliant Microserver | AMD RAIDXpert Utility Software Download Link

9 Replies

Microserver_AMD_RaidXpert

Please can someone tell me WHY is it so HARD to find the DOWNLOAD for “AMD RAIDXpert” ? Makes me so frustrated when you know the software you need (it’s free) but there are so many links and hoops to jump through in order to download it!

As of 2021 there seems to no longer be any valid URLS for “AMD RAIDXpert” hosted by AMD or HP (The HP Microserver “SB7xx/SB8xx Chipset” driver redirects you to a dead AMD page)

I kept a copy of this software to save time searching for it. This is the AMD RAIDXpert Utility URL for the AMD SB7xx/SB8xx Chipset:

AMD_Raidxpert_3.3.1540.19.exe
AMD_Raidxpert_3.2.1540.12.exe (Older version if required)

AMD RAIDXpert Utility Info:

AMD RAIDXpert utility gives you complete control of your RAID arrays within a simple web browser based application. This tool allows you to monitor and manage your RAID arrays in the Microsoft Windows environment or via remote login to your system.

Once installed you can access the application via startmenu shortcut

URL: http://localhost:25902/amd/screen.jsp
Default Username: admin
Default Password: admin

AMD_RAID_RAIDXpert_Drive_Information

How to Configure AMD RAIDXpert for E-mail Notifications (AMD Direct URL)

AMD-RAIDXpert2 User Guide, 53987

Locating hardware serial number in Windows:

HP Serial number finder or wmic bios get serialnumber

Windows 7 | Alternative Credential Manager

I wanted a quick method of clearing out all the information in credential manager in Windows 7 | Clear all entries from Windows 7 crediential manager, but unfortuately I couldn’t find one. Maybe someone has a nice little powershell command for this somewhere? Instead…

The easiest option is to use the “Stored User Names and Passwords” dialog and hit “remove” for each entry. Unfortunately you can’t select multiple fields but this it quicker than dealing with the “Windows 7 Credential manager” and less clicking required.

rundll32.exe keymgr.dll, KRShowKeyMgr

Credential_Manager_W7

Show Host Name via VBS (ShowHost.vbs)

Simple script to show host name of the local machine in a popup window add code to “ShowHost.vbs”

Dim Shell
Dim CompName
Set Shell = WScript.CreateObject("WScript.Shell")
CompName = Shell.ExpandEnvironmentStrings("%COMPUTERNAME%")
Msgbox "Your Computer name is " &amp; CompName

VBS_ShowHost

“You have been logged on with a temporary profile”

11 Replies

I see this error quite a few times when users logon to the Windows Server 2008 R2 RDS/TS server. The fix is pretty simple.

RDS_Temporary_Profile

Use “regedit” and navigate to this entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Find the entry with .bak listed and delete it. When the user logs back in the profile will be recreated.

RDS_Registry_Temporary_Profile

Source: KB947242