(re)Setting rights on user home folders [batch script]

Posted on 2018 April 26 @ 03:04:51 by admin

After some troubles with copied user home folders during a migration, the rights were set incorrectly.

As this was about more than just a handful of users, re-setting the rights manually wasn’t a good idea.

After digging around on the net, I adjusted a script so that this could be done automagically.

@echo off
setlocal
set fold="*"
set fold=%fold:"=%
for /F "tokens=*" %%i in ('dir "%1" /b /ad') do call :UPERM "%%i"
endlocal
goto end:
:UPERM
 set user=%1
 set user=%user:"=%
 echo %user%
 icacls %user% /grant "%user%":(OI)(CI)(M,RX,R,W,D)
:end

The approach on this is that the user home folder is the same as the username.
The list of directories is taken from the working directory. The subfolders that are put into a variable are the user home folders.
The script then walks through them all and sets (OI)(CI)(M,RX,R,W,D) rights using icacls, so that the users are able to get to their files again.

Look up the icacls help on setting the rights, if you want to adjust the script.

Have fun, hope this helps you.

found on https://arstechnica.com/civis/viewtopic.php?f=17&t=823972

Posted in .bat, Active Directory, batch, command line, File sharing | Comments Off on (re)Setting rights on user home folders [batch script]

Adobe Reader DC, Remove side tools panel by default

Posted on 2017 November 03 @ 10:11:35 by admin

After digging around, there seems to be a solution to remove that side panel that takes up screen space, every time you  start Adobe Reader DC.

[you have to have admin rights to do this]
Go to the install directory using explorer.

C:\Program Files (x86)\Adobe\Acrobat Reader\DC\Reader\AcroApp\ENU

( If you have another language, go to another directory there, in my case “NLD”)

Create a new subfolder to move files to and move 3 files from the “ENU” folder into the newly created folder:

AppCenter_R.aapp
Home.aapp
Viewer.aapp

Open a PDF file and now there should be no tools panel.

Works with Windows10

Hope this helps you.

 

Found at https://forums.adobe.com/thread/1817184

Posted in News | Tagged , , | Comments Off on Adobe Reader DC, Remove side tools panel by default

Configure SSL on an HP Aruba 2530-48G-PoEP Switch (J9772A)

Posted on 2017 November 02 @ 11:11:26 by admin

Log in admin using ssh (with your favourite ssh client) or (serial) console cable.

config
crypto pki identity-profile Profile subject

Now enter some certificate parameters
You can enter all you like, e.g.

Enter Common Name(CN) : Switch
Enter Org Unit(OU) : ICT
Enter Org Name(O) : Customer
Enter Locality(L) : Amsterdam
Enter State(ST) : State
Enter Country(C) : NL

then, type

crypto pki enroll-self-signed certificate-name certificate
web-management ssl
save

Now ssl is enabled and you can reach your switch using https.

If you didn’t configure an ip-address yet, you see the current ip address using

show ip
Posted in aruba, cli, hp, switch | Comments Off on Configure SSL on an HP Aruba 2530-48G-PoEP Switch (J9772A)

Exchange 2016 Have a receive connector relay outside the domain.

Posted on 2017 October 25 @ 11:10:58 by admin

There’s a powershell cmd for that:

New-ReceiveConnector -Name "Anonymous Relay" -Usage Custom -AuthMechanism ExternalAuthoritative -PermissionGroups ExchangeServers -Bindings x.x.x.x:25 -RemoteIpRanges x.x.x.x

(or create a receive connector with the right settings) And then

Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
Posted in Exchange 2016, powershell | Comments Off on Exchange 2016 Have a receive connector relay outside the domain.

Exchange 2016 Restart Transport Service powershell

Posted on 2017 October 25 @ 11:10:24 by admin

Ran into this earlier today, had to restart the Exchange 2016 transport service using powershell only! It turned out to be easy.

Restart-Service MSExchangeTransport

To list all Exchange services:

Get-Service *Exchange*
Posted in Exchange 2016, powershell | Comments Off on Exchange 2016 Restart Transport Service powershell

User folder displayed as “Documents”: Remove desktop.ini

Posted on 2017 October 12 @ 03:10:15 by admin

A users’ folder is displayed as “Documents” and you don’t want that.

To e.g. remove desktop.ini files (which are hidden: use -force):

Get-ChildItem "\\SERVER\d$\Users\Userdata\" -recurse -filter desktop.ini -force | foreach ($_) {remove-item $_.fullname -force}

This deletes all the desktop.ini files and will help you see the normal folder structure.
It may be nasty for the users.. or not. Up to you.

Found at http://www.kevin-burke.co.uk/windows-server-technologies/home-folder-shows-documents-folder/

 

Hope this helps you!

Posted in File sharing, powershell | Comments Off on User folder displayed as “Documents”: Remove desktop.ini

Sonicwall OID’s

Posted on 2017 September 13 @ 11:09:10 by admin

For internal purposes I had to monitor some snmp facts of a sonicwall.

Here’s the OID list

Sonicwall CPU usage as percent
.1.3.6.1.4.1.8741.1.3.1.3.0
 
Sonicwall Memory usage as percent
.1.3.6.1.4.1.8741.1.3.1.4.0
 
Sonicwall Maximum Connections
.1.3.6.1.4.1.8741.1.3.1.1.0

Sonicwall Current Connections
.1.3.6.1.4.1.8741.1.3.1.2.0
 
Sonicwall Firmware version: 
.1.3.6.1.4.1.8741.2.1.1.3.0

Sonicwall Serial:
.1.3.6.1.4.1.8741.2.1.1.2.0

Sonicwall ROM:
.1.3.6.1.4.1.8741.2.1.1.4.0

Sonicwall System Description:
.1.3.6.1.2.1.1.1.0

Luck may vary (there are many different type of (Dell) Sonicwall appliances)

Hope this helps you.

Posted in OID, snmp | Comments Off on Sonicwall OID’s

Get all different types of mailboxes in Exchange 2010 and 2016

Posted on 2017 August 31 @ 11:08:19 by admin

I had to get the amount of the different types of mailboxes that are available in Exchange.
Exchange 2010 and 2016 in this case.

As I had to execute this as a script I ran into the problem that you have a ‘bare’ powershell and thus first need to connect to Exchange.

For Exchange 2010, note the name of the snapin.

Exchange 2010 – Get Number of all Mailboxes (including +1 for a system mailbox)

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
(get-mailbox -resultsize unlimited).count

Exchange 2010 – Get Number of Equipment Mailboxes

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
Get-mailbox -recipienttypedetails EquipmentMailbox -resultsize unlimited | Measure-Object | Select-Object -expand Count

Exchange 2010 – Get Number of Room Mailboxes

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
Get-mailbox -recipienttypedetails RoomMailbox -resultsize unlimited | Measure-Object | Select-Object -expand Count

Exchange 2010 – Get Number of Shared Mailboxes

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
Get-mailbox -recipienttypedetails SharedMailbox -resultsize unlimited | Measure-Object | Select-Object -expand Count

Exchange 2010 – Get Number of User Mailboxes

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
Get-mailbox -recipienttypedetails UserMailbox -resultsize unlimited | Measure-Object | Select-Object -expand Count

 

For Exchange 2016, note the name of the snapin. The actual powershell commands to receive the info are the same as with Exchange 2010.

Exchange 2016 – Get Number of all Mailboxes (including +1 for a system mailbox)

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Snapin
(get-mailbox -resultsize unlimited).count

Exchange 2016 – Get Number of Equipment Mailboxes

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Snapin
Get-mailbox -recipienttypedetails EquipmentMailbox -resultsize unlimited | Measure-Object | Select-Object -expand Count

Exchange 2016 – Get Number of Room Mailboxes

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Snapin
Get-mailbox -recipienttypedetails RoomMailbox -resultsize unlimited | Measure-Object | Select-Object -expand Count

Exchange 2016 – Get Number of Shared Mailboxes

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Snapin
Get-mailbox -recipienttypedetails SharedMailbox -resultsize unlimited | Measure-Object | Select-Object -expand Count

Exchange 2016 – Get Number of User Mailboxes

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Snapin
Get-mailbox -recipienttypedetails UserMailbox -resultsize unlimited | Measure-Object | Select-Object -expand Count

Hope this helps you!
Cheers!

Posted in Exchange 2010, Exchange 2016, powershell | Comments Off on Get all different types of mailboxes in Exchange 2010 and 2016

Get a list of all computers in Active Directory with date lastlogon and OS

Posted on 2017 August 31 @ 10:08:26 by admin

I needed to list all computers in use at customers, with os, and for the less diligently maintained AD’s also if they were still in use. You can obtain this by reading the value of lastlogondate of a machine account.

Get-ADcomputer -Filter * -Properties * | Sort LastLogonDate | FT Name, LastLogonDate, OperatingSystem
Posted in Active Directory, powershell | Comments Off on Get a list of all computers in Active Directory with date lastlogon and OS

Active Directory Powershell get [the count of] all enabled users in a certain OU [but not in sub OU’s]

Posted on 2017 August 30 @ 02:08:03 by admin

For our internal use, I devised a powershell command that lists all enabled users in a certain OU, but filtering out those in sub OU’s.

Unfortunately this is not a dynamic process, since it is based on the current implementation of OU’s, meaning the humans laid their hands on it. So depending on your setup you may need to exclude some sub OU’s that you don’t want to count.

First I want to list all users, then only in a certain OU to find that I want only enabled users, oh and leave out those in sub-OU’s. Oh and only the count please. Okay.

e.g:

(Get-ADUser -LDAPFilter "(&(sAMAccountName=*)(!userAccountControl:1.2.840.113556.1.4.803:=2))" -SearchBase 'OU=Users,OU=Customer,DC=WindowsDomain,DC=DomainExtension' | Where-Object { $_.DistinguishedName -notmatch 'Service Accounts|OtherAccounts'}).Count

(I think .Count doesn’t count to 1 (coz then it’s not an array), be aware of that)

Hope this helps you.
Cheers!

 

Posted in Active Directory, powershell | Comments Off on Active Directory Powershell get [the count of] all enabled users in a certain OU [but not in sub OU’s]

Exchange 2016 and SMTP speed

Posted on 2017 February 07 @ 11:02:52 by admin

In order to have Exchange SMTP speed up a little you can change some default values.

Some of those values can be found here
https://technet.microsoft.com/en-us/library/bb232205(v=exchg.160).aspx

So if you want to change some of those value, to accept more mail at the same time, and deliver faster (if your machine can handle it, because you believe it is sooooo fast) you could do:

( Warning: you deviate from Microsoft Standards here, plus
Warning: this way you set it for ALL Transport services )

Get-TransportService | Set-TransportService -MaxOutboundConnections 40

Get-TransportService | Set-TransportService -MaxConcurrentMailboxSubmissions 40

Get-TransportService | Set-TransportService -MaxConcurrentMailboxDeliveries 40

I find MaxOutboundConnections and MaxConnectionRatePerMinute to be fairly OK default settings for a small corporation, but you can go faster!

If you want to change those too, do, e.g. twice as much:

Get-TransportService | Set-TransportService -MaxOutboundConnections 2000

Get-TransportService | Set-TransportService -MaxConnectionRatePerMinute 2400

And there’s tarpitting ofcourse, that adds an extra delay. (mind you, tarpitting has its reasons)

If you want to lookup the current values on your server, do

Get-ReceiveConnector | Select Name, Tarpitinterval

If you want to turn that off do:

Get-ReceiveConnector | Set-ReceiveConnector -TarpitInterval 0

Be sure to restart the transport service.

Always do a get command, just in case you have not noticed its values.

Of course you can do calculations on how much bandwidth your server has, can handle, and can spew out, and how many IOPS are needed for average mail transactions to your Exchange database, etc, but this post is not about that. I usually list how to do stuff. Not how to do stuff proper 🙂 Also, never say, tinkerist.com has it so it must be true. I don’t have the time discussing if something is true. What I hope that is that most of the time it works.

Hope this helps you!

P.S. For Exchange 2010 you can do things like the following, but look them up first, so that you know what you did, before you screwed up your exchange machine.

Get-ReceiveConnector | Set-ReceiveConnector -MessageRateLimit 4000
Get-ReceiveConnector | Set-ReceiveConnector -MessageRateSource None
Get-ReceiveConnector | Set-ReceiveConnector -MaxInboundConnectionPercentagePerSource 30
Posted in Exchange 2016, smtp | Comments Off on Exchange 2016 and SMTP speed

Block active ssh login attempts from unknown IP’s on linux using hosts.deny

Posted on 2017 January 19 @ 01:01:15 by admin

Some hosts on the net are severely compromised or shown to be controlled by malicious  users.

imho: Never allow a root login using ssh to any machine you are setting up. Yes ~they~ are always probing. It is a storm.

The following mechanism will have the hosts that try to login as various users and various password combinations to get a time-out on your machine using hosts.deny. You should use it to throw arsholes off balance, using up their automated scanners/probes precious time.

First you need to know what hosts are attempting to use your secure shell service.
You can show that as an authoritative user, such as root, on your device by running the command:

lastb -F -i

This shows you a list of tries, with no dns lookups, just IP’s.

As such, the following command sorts the list, and creates unique entries on IP and places them in a file (~/catlastlog)

lastb -F -i| awk '{ print $3 }' |sort |uniq > ~/catlastlog

Next, the following command formats it to be used in hosts.deny.

sed -i -e 's/^/ALL:/' ~/catlastlog

Hosts.deny is the file in /etc that tells your machine to deny something from the connecting host, in essence, you can have your machine drop any connection to that host immediately.

The last two commands fill your /etc/hosts.deny file so you are one step closer to being safe from hosts that attempt to use your precious secure shell service (or any service that you publish and want to keep safe).

echo "# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system." > /etc/hosts.deny
cat ~/catlastlog >> /etc/hosts.deny

The first command creates a new and clear hosts.deny file.
The second command fills it with the recent hosts that failed login attempts.

The effect is immediate. New connections are dropped instantly.
Be sure not to lock yourself out [remotely], as this mechanism locks out any failed attempts directly, if you did, you can always edit the hosts.deny file from your console.

I now usually do this manually once in a while, as the compromised hosts vary from day to day. This is a crude form of protection, but I can imagine you could run this as a cron job if you are really fed up with wasted connections on your external interface. If you do, make sure all filenames are named with full path names [such as /secure/directory/catlastlog].

In fact, I encourage any admin to block internet crap. One day you’ll regret you didn’t.
That, and, it’s best to deny evil malicious pests everything [period], even milliseconds of probing time.

Can’t be zealous enough about it.

Hopes this helps you!
Cheers!

 

Posted in block, command line, hosts.deny, linux, ssh | Comments Off on Block active ssh login attempts from unknown IP’s on linux using hosts.deny

Shutting down windows domain clients remotely

Posted on 2017 January 01 @ 11:01:25 by admin

I was not in the office, but I did have to shut down all domain computers after a move to have them install windows updates over the long new-year weekend.

So I ended up with a script I picked up on the web, and adjusted it to my needs.

The computers in the network were all named dt[number] (dt for desktop).
When looking at the Active Directory and in the DHCP server I found the desktop number range was from 41 to 99 in my case, so I just made sure a remote shutdown command (run as domain admin) was executed with the correct computer name. I saved this as a .bat file and ran it.

@echo off 
set /a x=41
:while 
if %x% lss 100 (
  echo shutting down dt0%x%
  shutdown /m \\dt0%x% /s /t 30 
  set /a x+=1
  goto :while 
)

Hope this helps you!
Have a great new year,
Cheers!

Posted in shutdown, Windows | Comments Off on Shutting down windows domain clients remotely

Exchange 2016, receive connector, enable relaying, powershell

Posted on 2016 December 28 @ 04:12:54 by admin

In order to have a certain receive connector to be able to relay (other than local delivery: actually route the mail to the outside) perform the following powershell command:

Set-ReceiveConnector "SERVER\Receive Connector" -PermissionGroups AnonymousUsers

Above command enables “Anyonymous user” delivery.

Get-ReceiveConnector "SERVER\Receive Connector" | Add-ADPermission -User 'NT AUTHORITY\Anonymous Logon' -ExtendedRights MS-Exch-SMTP-Accept-Any-Recipient

Above command enables this receive connector to be able to relay to the next configured step in your Exchange server (probably out).

Hope this helps you!

Posted in Connector, E-mail, Exchange 2016 | Comments Off on Exchange 2016, receive connector, enable relaying, powershell

Checking HP disk status on VMware, command line

Posted on 2016 December 28 @ 11:12:39 by admin

Today, I had to check the disk status of an HP array on VMware

Using VMware 6, installed with HP iso, meaning it has HP drivers and tools already installed on VMware, I found it is rather easy to use the cli command.
So I enabled SSH (Host / Configuration / Security Profile / Services / Properties / SSH / Options / Start / Ok) and logged on into VMware with an ssh client (e.g. putty).

A quick search revealed the info about the hp cli (hpssacli):

HPE Smart Array CLI commands on ESXi

https://www.inetmail.ca/Wiki/index.php/HP_Smart_Array_CLI_commands_on_ESXi

I wound up with the disk status with:

/opt/hp/hpssacli/bin/hpssacli ctrl slot=0 pd all show status

Then turned off SSH on the host again.  (Host / Configuration / Security Profile / Services / Properties / SSH / Options / Stop/ Ok)

Thanks Mike and Kalle!

Hope this helps you!

Posted in command line, ESXi, hp | Comments Off on Checking HP disk status on VMware, command line

Powershell, get full names of a group of users in AD and export to text file.

Posted on 2016 December 23 @ 11:12:45 by admin

Just a quick blurb that I encountered this morning.
In powershell, to get a list of the full names of users and export them to a text file:

Get-ADGroupMember -identity GROUP -Recursive | Get-ADUser -Property DisplayName | Select Name > c:\temp\fullnamesofgroup.txt

The point is that Get-ADGroupmember doesn’t “have” the properties of the object you are looking at. You have to look into the user object with Get-ADUser to get the specific property of the user object.
So, with the above command, you send all the user objects in the group with Get-ADGroupMember to Get-ADUser, and then pipe the values of the property “Name” to a text file on disk.

(The command is shorter than the text to explain it 🙂 )

Hope this helps you. Have fun!

Posted in Active Directory, powershell | Comments Off on Powershell, get full names of a group of users in AD and export to text file.

Place chrome link on desktop, and open with chrome browser

Posted on 2016 December 14 @ 08:12:30 by admin

Everyone on windows has a ‘default browser’ set. Windows knows this.

In case you want to run Google Chrome and open an url, (and not your other default browser), well, then just create a good old shortcut (windows .lnk file) with e.g. the name “url-link.lnk”.

With settings like:

Target:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" https://open.this.url.tld

and Start in:

"C:\Program Files (x86)\Google\Chrome\Application"

To publish something like that on a users’ desktop, just put this in a login script:

COPY \\SERVER\NETLOGON\url-link.lnk C:\Users\%USERNAME%\Desktop\url-link.lnk /Y

Now users can double click that and use the Google Chrome browser for the url https://open.this.url.tld (or any other you might like)

Hope this helps you!

Posted in News | Tagged , | Comments Off on Place chrome link on desktop, and open with chrome browser

Change Google Chrome homepage setting, but then scripted

Posted on 2016 December 14 @ 08:12:04 by admin

In order to change the homepage of the Google Chrome browser, installed on a win7 pc, you can change the homepage, e.g. via login script. (see e.g. http://www.chromium.org/user-experience/user-data-directory for chrome info)

Of course you can load adm files in your domain controller, but it can be done scripted.

powershell -command "(Get-Content 'C:\Users\%USERNAME%\AppData\Local\Google\Chrome\User Data\Default\Preferences') | ForEach-Object { $_ -replace 'some.url.tld', 'someother.url.tld' } | Set-Content 'C:\Users\%USERNAME%\AppData\Local\Google\Chrome\User Data\Default\Preferences'"

Hope this helps you.

Edit: For your info, the above command changes all occurances of ‘some.url.tld’, beware that any other setting with this value will also be adjusted. cheers.

Posted in Chrome, Homepage | Comments Off on Change Google Chrome homepage setting, but then scripted

Internet Explorer Trusted Sites and Automatic User Logon Registry (ADFS/SSO)

Posted on 2016 December 07 @ 12:12:01 by admin

You can’t use GPO if you want your users themselves to be able to add sites to Trusted Sites in Internet Explorer. You can use good old registry though.
Since these are user settings, the user can edit their own registry settings, if you use elevated rights, you would change the elevated users’ settings.
So I used HKEY_CURRENT_USER to add some domains (and subdomains) and change a setting in IE using a VBS script.

The customer I used this for wanted SSO using ADFS to a site, so this option had to be enabled: “Internet Explorer Settings / Security / Trusted Sites / Custom Level / User Authentication / Logon / Automatic Logon with current user name and password”

After searching around and 2 hours of time I borrowed some code, and adapted a script into the following (thank you windowsitpro.com and thank you nefaria.com for info):

'This script adds 2 domains with subdomains as trusted sites, and turns on autologon with current username and password
'Basic script was found at 
'https://nefaria.com/2009/10/adding-trusted-sites-for-ie-via-the-registry/
'Setting Autologon with username and password was found at 
'http://windowsitpro.com/networking/jsi-tip-5130-how-can-i-manage-internet-explorer-security-zones-registry
' 
' Thanks windowsitpro.com and nefaria.com
'
'I needed this setting to use with for ADFS SSO, and didn't want managed Trusted Sites (Users can now still add their own trusted sites if they want)
'
' Registry settings for autologon:
'[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
'"1A00"=dword:00000000
'[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
'@=""
'[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain1.com]
'[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain1.com\subdomain]
'"https"=dword:00000002
'[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain2.com]
'[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain2.com\subdomain]
'"https"=dword:00000002

Option Explicit
Dim DomainArray(1), SubDomainArray(1), strComputer, strHTTPS, strAutoLogon
Dim dwordZone, dwordAutoLogon, regPath, objReg, counter, subkeyPath
Dim subkeyValue

Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
Const HKEY_CURRENT_CONFIG = &H80000005

strComputer = "."
strHTTPS = "https"
strAutoLogon = "1A00"
dwordAutoLogon = "0"
dwordZone = "2"

DomainArray(0) = "domain1.com\"
SubDomainArray(0) = "subdomain\"

DomainArray(1) = "domain2.com\"
SubDomainArray(1) = "subdomain\"

Set objReg = GetObject("winmgmts:{impersonationLevel = impersonate}!\\" & strComputer & "\root\default:StdRegProv")

regPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"
objReg.CreateKey HKEY_CURRENT_USER,regPath

regPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\"
objReg.CreateKey HKEY_CURRENT_USER,regPath

'Add domains and subdomains to Trusted Sites
For counter = 0 to 1
        subkeyPath = regPath & DomainArray(counter)
        objReg.CreateKey HKEY_CURRENT_USER,subkeyPath
        subkeyPath = regPath & DomainArray(counter) & SubDomainArray(counter)
        objReg.CreateKey HKEY_CURRENT_USER,subkeyPath
        objReg.SetDWORDValue HKEY_CURRENT_USER,subkeyPath,strHTTPS,dwordZone
Next

'set Autologon with current username and password
regPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\"
objReg.SetDWORDValue HKEY_CURRENT_USER,regPath,strAutoLogon,dwordAutoLogon

Edit: Some explanation of the script:

An array in vbs defined above as DomainArray(1) is an array of 2 items: 0 and 1.
So if you want to adjust the script to your needs, and you need to add more domains and subdomains, for each added site, increase the array definition by one.

E.g. DomainArray(2) holds 3 items 0,1 and 2 etcetera. Set their values accordingly:

DomainArray(2) = "domain3.com\"
SubDomainArray(2) = "subdomain\"

the loop in the code should be adjusted too: For counter = 0 to 1 becomes For counter = 0 to 2 to have it run 3 times. the counter variable is used to address each item that the 2 defined arrays use.

In registry the trusted sites values are stored as: first an entry for the site, branched under that any subdomains that are used, that’s why we have 2 arrays.

You can then execute it for the user as follows:

cscript //B script.vbs

Hope this helps you!

Posted in Configuration, Internet Explorer, Trusted Sites | Comments Off on Internet Explorer Trusted Sites and Automatic User Logon Registry (ADFS/SSO)

HP Device Manager installation

Posted on 2016 October 05 @ 03:10:22 by admin

Here’s a quick blurb from todays’ afternoon, quickly testing HP Device Manager in my lan here. (Edit: the sofware that you can use to manage HP Thin/Zero Clients)

(On Win2008 R2, will try server 2012 soon)

Install .NET 4.5
Install SQL Express 2014
Turn on SQL Server browser service (set to automatic) and start the service (using e.g. start run: services.msc)

For FTP access I installed FileZilla. https://filezilla-project.org/
It expects the name of the share that you use as a directory, so, in filezilla configure a usename and password and set the home directory of that user to the inetpub ftproot after installation of the HP Device Manager.

Download and install HP Device Manager 4.7
http://www8.hp.com/us/en/thin-clients/downloads.html
or
ftp://ftp.hp.com/pub/hpdm/Software/4.7/
You need the .exe, you can upgrade afterwards, by running the latest Service Pack (SP5 — see hp ftp site)
Install on a disk location where you want the application.
After installation, configure MS SQL.
In the server field, with default SQL installation, enter:
SERVERNAME\SQLEXPRESS
With windows username authentication or sql username authentication
The rest should be default.

Note: you may want to place the inetpub (the repository) on a large disk, as you can capture images from that location. Captured images can be large.
Share that location, using advanced sharing.

Since I am in a domain the username domain must be set using “DOMAIN\Username” type.

You may want to reboot this after config in order to see if everything starts correctly.

Now you should be able to start HP Device Manager and discover devices in your lan.

Hope this helps you.

Posted in hp, Thin Client | Comments Off on HP Device Manager installation

Remove .NET Framework because of Mamut software

Posted on 2016 July 29 @ 12:07:10 by admin

On a completely updated Windows7 workstation you may have .Net Framework 4.6.
This sometimes doesn’t work with particular (older) version of Mamut Business Software.
In order to fix this, remove all updates for .NET framework from Windows Updates.

Then go to Control Panel, Programs and features, and remove all mentions of .Net Framework 4.6 (including language packs).

Reboot. Now you can install your Mamut software.

(just not tested if it breaks when you update afterwards, but we will see soon I guess)

Hope this helps you,
cheers.

Posted in .NET, Mamut Business Software | Comments Off on Remove .NET Framework because of Mamut software

VMware 5.5, HP P2000, Datastores, iSCSI, ATS, VAAI and whatnot

Posted on 2016 June 08 @ 03:06:20 by admin

Brilliant, the customer got a freshly installed Gen9 HP host with 112Gb mem.
My collegue installed it with VMware and seems to work fine.

But not for the datastores it is supposed to work with.
I  wanted to add the datastores that are located on a HP P2000 storage unit.
Turns out it needs an extra driver.
Errors appeared with textst like: “ATS-Only VMFS volume ‘DATASTORE-NAME’ not mounted. Host does not support ATS or ATS initialization has failed.”

It sure failed. By missing a plugin that is.

The HP Software is in the form of zip file that needs to be uploaded to your host: https://h20566.www2.hpe.com/hpsc/swd/public/detail?idx=0&swEnvOID=&action=driverDocument&swLang=&itemLocale=&swItemId=MTX_30e09de4fc7e4498bfd9102a99&lang=en-us&cc=us&mode=3

The VMware info can be found here:

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2006858

The file can also be downloaded from this article -> hp_vaaip_p2000_210.

However, some things didn’t quite work out, such as the command “esxupdate –bundle”. Probably due to “old info”.

After some searching, the steps I followed to get it working, were as follows:

Download the HP zip file.
Open up your VMware host, and browse to the local datastore.
Upload your file to the local datastore.
Go to configuration, security profile, click SSH, properties, Start, OK.
You’ve now started the ssh server on your host.
SSH should now be started and you can now use an ssh client such as e.g. Putty to log in as root to the IP of your host.
perform the following commands:

mkdir /root
mv /vmfs/volumes/yourdatastore/hp_vaaip_p2000_210.zip /root/
cd /root/
unzip hp_vaaip_p2000_210.zip

Then, set the host in maintenance mode with:

vim-cmd hostsvc/maintenance_mode_enter

Then install the software with:

esxcli software vib install -d hp_vaaip_p2000_offline-bundle-210.zip

To find out that creates a set of errors (in my case). wtf.

I got:

 [MetadataDownloadError]
 Could not download from depot at zip:/var/log/vmware/hp_vaaip_p2000_offline-bundle-210.zip?index.xml, skipping (('zip:/var/log/vmware/hp_vaaip_p2000_offline-bundle-210.zip?index.xml', '', "Error extracting index.xml from /var/log/vmware/hp_vaaip_p2000_offline-bundle-210.zip: [Errno 2] No such file or directory: '/var/log/vmware/hp_vaaip_p2000_offline-bundle-210.zip'"))
 url = zip:/var/log/vmware/hp_vaaip_p2000_offline-bundle-210.zip?index.xml
 Please refer to the log file for more details.

Fine! /var/log/vmware/hp_vaaip_p2000_offline-bundle-210.zip is missing.
Oh well, then we copy it there?

cp /root/hp_vaaip_p2000_offline-bundle-210.zip /var/log/vmware/

Then just perform the same command again in /root (don’t cd to /var/log/vmware/)

esxcli software vib install -d hp_vaaip_p2000_offline-bundle-210.zip

To get:

Installation Result
 Message: Operation finished successfully.
 Reboot Required: false
 VIBs Installed: Hewlett-Packard_bootbank_vmware-esx-hp_vaaip_p2000_2.1.0-2
 VIBs Removed:
 VIBs Skipped:

Successful! That seemed to work.

Take your host out of Maintenance mode and reboot your VMware host in order to load the new plugin/driver/whatever HP thinks it is, and now your ATS Datastores should be visible.

Hope this helps you,
Have fun!

Posted in ATS, Datastores, iSCSI, P2000, VAAI, VMware | Tagged , , , , , | Comments Off on VMware 5.5, HP P2000, Datastores, iSCSI, ATS, VAAI and whatnot

WDS and a Dell 5570 adding drivers to WIM image.

Posted on 2016 May 31 @ 04:05:23 by admin

Today I am creating an image for a Dell E5570 laptop over at a customer.
The image that I use has all the applications installed and working.
However, the image is meant for other computers that don’t have the same drivers
as is required for this type of machine.

In order to make this work you have to [can try to] do two things:
– Make sure the boot and capture images have the x86 driver to be able to work with the machine on x86 (I have two boot images, one to load an image, one to capture an image to the server).
– Add the x64 drivers to the image that you want to roll out.

[Note that it is best to turn off your antivirus software, or this may take ages.]

Adding x86 network drivers to boot.wim and capture.wim

Download and extract from the www.dell.com, or extract the drivers from the CD that comes with the E5570 laptop on a machine.
In this case these driver files are located on the CD in to following zip file:
(You can look up the location of the exact driver zip file with the tool D:\Win78\RCDMENU.EXE)
D:\ZIPFILES\Network_Driver_KJTXR_WN32_20.2.0.0_A00.EXE
When you have unpacked the driver to your desired location, move it to the WDS server, to a folder of your choosing.

in WDS, right click driver packages, and choose add driver package.
In the window that pops up, select “Select a driver package from a folder”.
Select your folder with the x86 driver and choose next, next, next, next, finish.
In my case this was D:\E5570\LAN\production\Windows7-x86\
Now the drivers are added to the repository for the boot images.

Go to the boot and capture images in WDS, right click them and choose:
“Add driver packages to image..”
Click Next, Click Search and add the drivers to the image. Both of them.

Now you have added the network driver that is necesary for the boot and capture image to be able to use the network on your new machines.

Add the x64 drivers to the image that you roll out.

When you have an image that doesn’t have the drivers, unpack all drivers for this certain machine to a directory of your choosing.
e.g. D:\5570
Make subdirectories for each driver.
e.g.
D:\5570\LAN
D:\5570\Audio
etc.
When you are done unpacking them all, mount the image that you want to roll out:
(I choose to ‘cd’ to the directory, but ofcourse you can specify a path for the image, but I do it like this:)

DISM.exe /Mount-Wim /WimFile:image.wim /index:1 /MountDir:D:\Mount\

Note that the directory “D:\Mount\” should exist.

When it’s mounted, insert the drivers into the image with:

DISM.exe /image:D:\Mount\ /add-driver /driver:D:\E5570 /recurse

This adds all the drivers into the image.

When it is done, you have to commit the changes to the image file with:

DISM.exe /Unmount-Wim /MountDir:D:\Mount\ /commit

Now you can add your image to WDS and try it out.

As it turns out, not all drivers are installed, but at least the network driver is installed, you can then install the rest of the drivers, and capture a new image for this machine.

Hope this helps you,
Have fun!

[Note: don’t forget to turn on antivirus software again]

Posted in Dell 5570, DISM, RIS, WDS, WIM | Tagged , , , | Comments Off on WDS and a Dell 5570 adding drivers to WIM image.

Raspberry Pi3 installation and configure wlan/wifi (raspbian)

Posted on 2016 May 16 @ 02:05:11 by admin

Today I’m setting up the raspi3 that I recently got from the pihut.
https://thepihut.com/
The pi3 has wifi built in (2.4Ghz only).

I use linux now, so in order to set it up with raspbian I performed the following steps.

Get the latest raspi (lite) image here: (I install all software by hand)
https://www.raspberrypi.org/downloads/

Unzip the image with:

unzip [filename]

I got an 8Gb SD card laying abouts. To write the unpacked image  [.img] to the SD card, do the following on linux [you may want to carefully watch where the kernel put you card-device with e.g. the command:]

dmesg

write the data:

dd if=2016-03-18-raspbian-jessie-lite.img of=/dev/mmcblk0 bs=1M

after a while it’s done. To perform a sync to flush all buffers, do:

sync
sync

and unplug the card, put it in your raspi, and turn it on.

To configure the pi from scratch, I connect it with an ethernet cable (no display). By default, the raspi image has eth0 on dhcp. I look up the address it got in my router, or use an ip scanner on my local network to see what it has become.

When you’ve located it, ssh to the IP address:

ssh pi@xx.xx.xx.xx

(where xx stands for the IP)
By default, the image has the password “raspberry” for user “pi”

Great to change that immediately.

sudo passwd pi
 [wisely choose a password]
 [enter it correctly again]

I want to change the root password immediately as well:

sudo passwd root
 [wisely choose a password]
 [enter it correctly again]

Now you’re still on eth0, and perhaps you want to use wifi.

Use your favorite editor like vi or nano to edit the following two files to configure it (I usually just do this with su – [password] as root/uid0 or you can do it as user pi with sudo):

(found at http://weworkweplay.com/play/automatically-connect-a-raspberry-pi-to-a-wifi-network/)

vi /etc/network/interfaces

and change the contents to:

auto wlan0

iface lo inet loopback
iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet static
address 192.168.100.200
netmask 255.255.255.0
gateway 192.168.100.254
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

Change the ip adresses and network settings for your network, or leave these entries and specify: iface wlan0 inet dhcp (for dhcp, for just interface wlan0, leave the other entries intact)

and

vi /etc/wpa_supplicant/wpa_supplicant.conf

to change the wifi settings for your network:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
ssid="SSID"
psk="verysecret!"
proto=RSN
key_mgmt=WPA-PSK
pairwise=CCMP
auth_alg=OPEN
}

proto=RSN stands for WPA2

Of course you may want to update your pi:

apt-get update
apt-get upgrade
apt-get dist-upgrade

Reboot, and possibly do this again, maybe an apt-get autoremove is neccesary afterwards.

You’re now set up with your pi, you can use

raspi-config

to enable the camera or enable SPI or I2C, or other settings or functions, etcetera.
Don’t forget to expand the filesystem on the sd card, see raspi-config main menu, there’s an entry for it there.

Hope this helps you!
Have fun!

Posted in raspi | Comments Off on Raspberry Pi3 installation and configure wlan/wifi (raspbian)

VMWare virtualise a Windows 2008R2 server with P2V

Posted on 2016 April 28 @ 03:04:56 by admin

I am being in the process of virtualising a Windows 2008 R2 server with P2V.
That is, from HP hardware to VMWare.
Since this is a hardware HP machine, I have made the following considerations using P2V.

Before virtualising:

– Make sure that the P2V-tool assigns each disk to a vmdk, by default it makes one big disk, something you may not want. (it handy to slice it up, in case you want to change datastore, or perhaps make a change in cluster size later.)
– Set the name of the server right, it reflects this in the datastore directory.
– Set the CPU right, I usually take 2 cpu, 2 cores, but ofcourse that is up to you or your licensing model.
– In P2V, deselect the option to install VMWare tools, do it manually later, or your sever may hang.

Make sure you stop Exchange services (taking the exchange server offline, so it stops mail reception and delivery, –if you have an Exchange server, it was in this case.).
Stop all HP services (set the services to manual, so that they don’t start once virtualised).

After virtualising:

– First start the server in safe mode, to make sure the new “hardware” drivers install correctly.
– Reboot the server, boot normally, install VMware tools.
– Remove any network cards in VMWare and add the VMX3 net network card.
– Set  IP, netmask, gateway, dns entries as before/recommended. A message will show in Windows that there is a card that has these settings, this message will resolve that.

– Deinstall HP software
o (Eventually. you may need to stop HP Services)
o (Eventually, you may need to kill the HP Insight management in task manager)
o (Eventually, you may need to kill other HP processes with task manager)
– Activate Windows, because of hardware changes, key should still be the same.
– Deinstall disconnected drivers in Device Manager:
– In cmd, execute:
set devmgr_show_nonpresent_devices=1
devmgmt.msc
– From the menu, select: Show hidden devices
– You can now remove all drivers that are not in use with [del] [enter]. Do not forget to remove software when the deletion of the driver gives this option.
– Do not deinstall fs_rec, this is supposed to be a MS driver of sorts.
– Finally reboot, done!

Hope this helps you, have fun!

P.S. there are more considerations when pushing an Exchange to VMware, such as disk cluster size, IOps etc, but I won’t cover that in this post. More on that here: http://www.vmware.com/files/pdf/exchange-2010-on-vmware-best-practices-guide.pdf

 

Posted in P2V, VMware, Windows | Comments Off on VMWare virtualise a Windows 2008R2 server with P2V