Advanced Windows PowerShell Scripting Video Training

Advanced Windows PowerShell Scripting Video Training
Advanced Windows PowerShell Scripting Video Training

Monday, May 31, 2010

Can you set "High Priority" updates to auto install and, but choose to install on the rest?

Although it is recommended that you test each update from Microsoft before applying it in your organizations, for many it is more cost effective to just automatically approve the updates and send them out into the wild. The procedure below will allow you to choose which category of updates you want to allow to install immediately.

To automatically approve updates

· In the WSUS administration console, click Options, and then click Automatic Approvals.

· In Update Rules, click New Rule.

· In the Add Rule dialog box, under Step 1: Select properties, select whether to use update classifications or products (or both) as criteria.

· In Step 2: Edit the properties, click the underlined properties to select the values for which you want automatic approvals.

· In Step 3: Specify a name, give a name to the rule.

· Click OK.


Wednesday, May 26, 2010

Can you use %username% with mapping a drive location with GPO preferences?

First off, I need to point something out. If all of you remember, I was not able to get my Vista to accept my GPO preferences. That is because I needed to install a new set of client-side extensions (CSEs). Once I tried out this problem on my Windows 7 VMs, no problem. You can get the Vista and XP CSEs here:

Windows Vista (x86):

Windows Vista (x64):

Windows XP (x86):

Windows XP (x64):

You will also need to install XMLLite on your XP SP2 or later machines.

OK, now on to the question. The answer is yes you can. I did find a condition did exist though. The folder with the users name must already exist in share on the network drive you are mapping to. Having to make all those extra folders manually totally goes against my business 2.0 attitude. You could write a script, but that would take effort. In the User preferences of that same GPO, is the Folder option. Using this option I created a new folder at location \\ServerName\ShareName\%UserName%. This time the mapped drive worked.

Monday, May 24, 2010

When entering fine grain password policy, what do the negative numbers in the lab mean?

Different data types have different formats. In our lab involving Fine Grain Passwords, some of the data entry in the lab called for you to enter data with negative numbers. It looks like that was in the a time field. I’ve always entered that data in the form of DAY:HOURS:MINUTES:SECONDS. Hey, it looks like it will take both. Next time around, try to enter it in that for. Data can be interpreted using a number of algorithms. I was not able to locate the one in question, but this is the documentation from Microsoft on one of the fields for the acceptable data ranges:

00:00:00:00 through msDS-MaximumPasswordAgevalue


Wednesday, May 19, 2010

How does GlobaNames Zone interrupt and service Wins resolution requests?

The GlobalNames zone is a mitigation strategy for helping you migrate off of WINS servers. One of the main reasons for this is because WINS does not support IPv6. It also provides another avenue for you to further harden your networks. The way that the DNS server in server 2008 services WINS queries is as follows

· The client's primary DNS suffix is appended to the single-label name, and the query is submitted to the DNS server.

· If that FQDN does not resolve, the client requests resolution using its DNS suffix search lists (such as those specified by Group Policy), if any.

· If none of those names resolve, the client requests resolution using the single-label name.

If the single-label name appears in the GlobalNames zone, the DNS server hosting the zone resolves the name. Otherwise, the query fails over to WINS.


Monday, May 17, 2010

Can you throttle your WDS deployment bandwidth?

During our class discussion on Windows Deployment Services, we talked about the network bandwidth considerations. It is recommended that you utilize a gigabit back bone for deployment activities, but a 100 MB backbone will work during low network activity. It is possible to throttle the bandwidth used by WDS be using the following procedure.

To throttle your multicast bandwidth usage:

  • From the WDS MMC, open the Server Properties page.
  • Go to the Network Settings Tab.
  • Select the Custom network profile.
  • Click start and type Regedit32 and press enter.
  • In the registry, browse to HKLM\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDSMC\Profiles\Custom
  • Set the TpMaxBandwidth setting to something less than 100. It's the percentage of available bandwidth that the server uses.


Wednesday, May 12, 2010

Force file format in Office via GPO.

When in the process of upgrading from Office 2003 to Office 2007, the file types for Word, Excel, and PowerPoint change. This will result in your Office 2003 users not being able to open the documents from the 2007 version. There are two mitigations for this issue.

The first one is to deploy the Office 2007 Compatibility Pack to your Office 2003 users. This will allow your Office 2003 users to load and save documents in the new 2007 format. You can get a copy of the Office 2007 Compatibility pack from here:

The second option is to force your Office 2007 users to save all files in the Office 2003 format. You can do this during deployment using the Office Customization Toolkit, or by using Group Policy. By using Group Policy, you can more easily reverse this option once all clients have been upgraded to Office 2007.
The first step is to download the Office 2007 Administrative Templates for Group Policy Manager. You can download them here:

Once you add the administrative templates into your GPO, follow these instructions:
  • In the left pane of the Group Policy Management Console, double-click User Configuration and double-click Administrative Templates (Classic Administrative Templates (ADM) in Windows Vista).
  • To change default file save options in Office Excel 2007:
  • Double-click Microsoft Office Excel 2007, double-click Excel Options, and click Save.
  • In the right pane, right-click Save Excel files as, and selects Properties.
  • In Save files in this format, select Enabled.
  • In the drop-down box, select a default file save format.
  • Click Apply to save the settings.
  • To change default file save options in Office PowerPoint 2007:
  • Double-click Microsoft Office PowerPoint 2007, double-click PowerPoint Options, and click Save.
  • In the right pane, right-click Save files in this format, and select Properties.
  • In Save files in this format, select Enabled.
  • In the drop-down box, select a default file save format.
  • Click Apply to save the settings.
  • To change default file save options in Office Word 2007:
  • Double-click Microsoft Office Word 2007, double-click Word Options, and click Save.
  • In the right pane, right-click Save files in this format, and select Properties.
  • In Save files in this format, select Enabled.
  • In the drop-down box, select a default file save format.
  • Click Apply to save the settings.

Monday, May 10, 2010

Are there separate x86 and x64 versions of USMT?

USMT 4.0 will run on both x86 and x64 platforms. When used on a Windows PE boot, you must have the correct platform of Windows PE for the architecture of the client you are booting.


Wednesday, May 5, 2010

What the MigDocs.xml file look for in USMT?

The Mig Docs.xml file looks for documents stored on the root drive of the source computer. This is handy when you have users that store files outside of their My Documents folder. Microsoft does warn against using both the MigUser.xml and the MigDocs.xml files together.


Tuesday, May 4, 2010

Unable to get Exchange 2010 Console to log into its On-Premises Server

This issue is geared more towards MCTs getting ready to instruct 10135. In very rare cases, it may apply to production environments as well.

The situation is the first boot of the virtual machine 10135A-VAN-EX1.

When you open the Exchange Management Console and click Microsoft Exchange On-Premises (, you receive the following message:

exception calling "GetComputerSite" with "0" argument(s): "The computer is not in a site." It was running the command ‘Discover-ExchangeServer –UseWIA $true –SuppressError $true’.

When opening the Exchange Management Shell, you are not able to connect with the error:

[] Connecting to remote server failed with the following error message : WinRM cannot process the requet. The following error occured while using Kerberos authentication: There are currently no logon server availible to service the logon request.

A quick check of the DC showed that it did not have a static IP address. After examining the DNS logs, I manually set the VAN-DC1 IP address to and DNS Server to

You may want to do a reboot to make sure all the proper Exchange Services have started.

Monday, May 3, 2010

How to change a MAK activation to a KMS activation in Windows 7

To change from a MAK to a KMS:
• Run this script: slmgr.vbs /ipk
• The KmsSetupKey is the value from the list below.
• The run the script cscript slmgr.vbs /ato

Operating System EditionProduct Key
Windows 7 ProfessionalFJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Windows 7 Professional NMRPKT-YTG23-K7D7T-X2JMM-QY7MG
Windows 7 Enterprise33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows 7 Enterprise NYDRBP-3D83W-TY26F-D46B2-XCKRJ
Windows 7 Enterprise EC29WB-22CC8-VJ326-GHFJW-H9DH4
Windows Server 2008 R2 HPC EditionFKJQ8-TMCVP-FRMR7-4WR42-3JCD7
Windows Server 2008 R2 Datacenter74YFP-3QFB3-KQT8W-PMXWJ-7M648
Windows Server 2008 R2 Enterprise489J6-VHDMP-X63PK-3K798-CPX3Y
Windows Server 2008 R2 for Itanium-Based SystemsGT63C-RJFQ3-4GMB6-BRFB9-CB83V
Windows Server 2008 R2 StandardYC6KT-GKW9T-YTKYR-T4X34-R7VHC
Windows Web Server 2008 R26TPJF-RBVHG-WBW2R-86QPH-6RTM4