Skip to main content

Posts

Showing posts from September, 2009

Delegwiz.inf templates from Microsoft

The Delegwiz.inf file is a text document the add additional tasks that can be delegated in the Delegation Control Wizard in Windows Server 2008. Microsoft publishes additional templates that you can add to this file to expand the capability of the Delegation of Control Wizard. Below is a link to the updated Delegwiz template file from Microsoft. http://technet.microsoft.com/en-us/library/cc772784(WS.10).aspx Simple replace the text in the Delegwiz.inf file with the template information in the article from the link above.

Calculating Your System Uptime in PowerShell

Today’s PowerShell lesson is on how to determine your system uptime. I know, not very sexy. It will introduce us to some date/time math though. Before we begin, I just want to clearify the text formatting that I'm using: This means it is something that I typed. This is the resulting output. When We get to the actual scripts, I'll color code the comments out so you can focus on the code. The first thing that I want to do is discover how to get the current date and time from my client in PowerShell. Get-Date Friday, September 04, 2009 3:05:43 PM Easy enough. You can see that Windows will format the output as DayOfWeek, Month Day, Year Hour:Minute:Second Am/PM. OK, so we know what time it is now. But when did your computer turn on last? We are going to pull this information from the WMI class of Win32_Operating System . Let’s take a look at the properties of this class. Gwmi Win32_OperatingSystem | gm In the above command, GWIM is an alias for G

What is a SAMID?

The SAMID is an attribute is the Security Account Manager name for user accounts and security descriptors. The Security Account Manager stores user passwords. If a user account and password are entered that match a pair in the database, the user is logged into the system. Reference: http://technet.microsoft.com/en-us/library/cc756748(WS.10).aspx

Is there a tool for determining a users effective permissions through a network a share?

Determining a users effective permission is a very challenging task. Below are some conditions that could effect the effective permissions a user experiences: Anonymous Logon Batch, Creator Group Dialup Enterprise Domain Controllers Interactive Network Proxy Restricted Remote Service System Terminal Server User Other Organization This Organization Further still is accessing the data through a share. This is the problem. After some searching, I have not been able to find a tool that determines the users effective permission when taking network share access into account. The formula that is generally used for a manual determination is: · Determine the effective NTFS permission level. · Determine the effective Share permission level. · The most restrictive between the two is the effective permission. A useful tool would have to ask under what conditions is the user connecting? From the list above, there are many potential answers.

What loop to use in PowerShell?

PowerShell allows you to control the flow of your scripts through several different looping options. Below are some examples of what types of loops to use. For loop: Controls execution of code while a condition is true. Usually used to perform a action a certain number of times. Example: For ($i = 1; $i –le 10; $i++) {Write-Host “Loop index is at $i”} While Runs while a condition is true. Example $Val=0 while($Val -ne 3) { $val++ Write-Host $val } Do While Evaluates a condition before running code. If the condition is false, the code will not run. Example $Index = 10 Do {$index-- Write-Host "$Index" } while ($Index -gt 0) Do Until Evaluates the condition after the code has run once. Loops through the code until a condition becomes true. Ensures that the code will be run at least once before the loop terminates. Example $Str = "M

What is the syntax for adding users to a group with DSMOD?

Utilizing DSMOD to add users to a group requires that you be careful when typing the distinguished name of both the user and the group. Below is an example of a group named ITDept . This group is in the OU of Departments in the domain Wilderness.com . You want to add two users with the CN of Mike and Jill . Here is the syntax: DSMOD Group “cn=ITDept,ou=Departments,dc=wilderness,dc=com” –addmbr “cn=Mike, ou=Departments,dc=wilderness,dc=com” “cn=Jill, ou=Departments,dc=wilderness,dc=com” The list of distinguished names that you are adding is space delimited. Reference: http://technet.microsoft.com/en-us/library/cc737130(WS.10).aspx

Change Server Core Name

Objective: Change the name of a Server Core Machine: Task 1: Get the name of the machine: • At the command prompt, type hostname • Record the name of the computer: ________________________ Task 2: Change the name of the computer • Type netdom RenameComputer Old-Name /NewName:New-Name • Press Enter. • Restart the computer by typing Shutdown /r /t 0 o The Shutdown command allows you to shutdown a computer. The following switches are used: - /r - Shutdown and restart the computer - /t xxx - Sets a wait period in seconds before shutting down the computer. Task 3: Verify the name change • Log into the server • Type hostname and verify the computer has changed its name.

How can I parse a string of text in PowerShell?

For you vbscripters out we had a built in function call split that allowed us to split text strings into an array. We have the same functionality as method in PowerShell. First create a variable: $Var1="“10,15,20,9,8,7”" Now let's discover the methods that are available to this variable. Powershell is smart enough to know that this variable is a string. $Var1 | Get-Member Noticed that Split is a method. Let’s go ahead and execute this method. • $Var1.Split(“,”). The “,” tells PowersShell that our delimiter is going to be the comma. You can choose any character to be your delimiter. You can also treat these as cells in an array. • $Var2 = $Var1.Split(“,”) • $Var2[1] After you execute the second command, the contents of cell 1 in the array $Var2 will be displayed. In this case, it should be 15.

Can users place data in their local My Documents folder after redirection?

Once file redirection is configured and working, users will still be able to get to their My Documents folders as if it were still on their local computer. If you click Start and right mouse click My Documents à Properties , you will see that the My Documents is now located on remote storage. If users browse C:\Documents and Settings\ username they will no longer see a My Documents folder. File redirect is a useful way to ensure that your organizations data is always on a redundant, backed up storage device. Also consider implementing file storage quotas to ensure that a few users do not consume all of your storage space. Folder Redirection: http://technet.microsoft.com/en-us/library/cc785925.aspx Storage Quota: http://technet.microsoft.com/en-us/library/cc755917.aspx

Do user computers need the admin pack if they are group managers?

If you would like your users to be able to add and remove users from the groups they manage, then yes. You will need to install the ADMINPAK.MSI from the server c:\Windows\System32. You will also need to enable the management in the group properties themselves. On the Managed By tab, you need to click Change and then select the user. You also need to check Manager can update membership list . It would also be a good practice to create a custom task pad that will allow them to only add and remove user accounts from there group. This ability should only be for users in the OU that contains the group.

Rebooting Clients with PowerShell Part 2 of 2

Last Tuesday, we looked at how to reboot/shutdown/logoff remote clients in powershell. We also looked the GPO settings to allow you to do this to any client. Now, we are going to allow you to do this to multiple clients all at once. First off, the original objective of this post was to recreate a script that I used in VBScript to reboot my servers during the wee morning hours so I would not have to get out of bed. So, before proceeding any further, please create a service account with appropriate rights. In 2008, there is an OU called Managed Service Accounts . Why not place it there. OK, here are our tasks: • Create a text file containing the names of the clients that we want to reboot. • Create a script that reads each file and reboots the correct client. • Create a scheduled task for you to designate when this should happen. Task 1: Create a text file containing the names of the clients that we want to reboot. This is a simple one. Just create a text file and put one client na

Renaming User Accounts in Active Directory with VBScript

This one proved to be a little more difficult then I first thought. We were able to get a few attributes to change, but in further testing; I found that AD was throwing a fit. The problem was resolved using the ADSI Editor Snap-in. What I did was watch each value and whether or not the correct value was reflected in the User accounts properties. The following code relies on a text file containing the old and new user names formatted as such: OldUserName1,NewUserName1 OldUserName2,NewUserName2 OldUserName3,NewUserName3 You can modify the code to import the usernames anyway that works for you. Also, do not forget to change the variables ParentDN and strUPNSuffix to match your environments. ' ================================ ' RenameUSerAccounts.vbs ' Author: Jason A. Yoder, MCT ' Date: May 15, 2009 ' ' Required Files: ' - A Text file named "names.txt". In this script, the file ' location is hard coded. ' The format for the text file is %OldU

How to create a Windows PE disk.

Windows PE is a pre-execution environment for the Windows platform. Anybody who has used the Vista/2008 recovery option has used Windows PE. The instructions below will guide you through creating a windows PE disk. It is command line driven. In class, we talked about using Windows PE and Imagex.exe to reimage your clients. This will allow you to restore a client to the same state that it was in prior to release to the user. When you create you WinPE image, do not forget to add the Imagex.exe command from the Windows Automated Installation Kit (WAIK) . Imagex is what allows you to capture and apply images. The process for rebuilding the client is: 1) Offload the client data using User State Migration Tool (USMT) to an external drive. 2) Boot the client in Windows PE. 3) Format the hard drive. 4) Apply the image (imagex /apply ImageSource ImageNumber Imagedetination ) a. Ex imagex /apply e:\ClientImages\Client013.wim 1 c: 5)

Rebooting Clients with PowerShell Part I of 2

This week’s PowerShell tip is actual inspired by one of the most useful VBScripts that I have ever used in managing a network. Let’s just call it a massive system reboot. Remember way back when…. When you had to physically visit each of your servers for updates. For me, it turned into a two week trip every 3 months. It was way cool at first. Especially for trips to California (I live in Indiana. Anything outside the Midwest is cool.) This started turning into both a time and budget drain. In Windows 2000, we had the ability to remote desktop in. Now, I was working two 12 hour days, 4 weekends a year. The problem was the reboot. I had to reboot the servers. I would mostly just work on other things while the servers were updating and then reboot when necessary. Of course there was the occasional shut down. Then I would have to call someone on site to drive into work on a weekend to press the power button. Once I started using a script to reboot servers for me, my weekend ti