Archive

Archive for the ‘Microsoft’ Category

Upgrade na Windows 10

July 31st, 2015 No comments

Prisiel ten cas ked je Windows 10 vonku a vela ludi sa chysta na migraciu. Danu aktualizaciu z Windows 8.1 na Windows 10 som absolvoval aj ja. Ak sa vam nechce cakat na to, aby vas vas operacny system vyzval k danej aktualizacii, tak si mozete danu aktualizaciu vynutit. Vynutit sa da stiahnutim cca 20 MB suboru z tejto stranky.

Spusti sa vam sprievodca, ktory vam ponukne stiahnut data pre vytvorenie DVD/USB media alebo spustenie aktualizacie. Ja som sa rozhodol spustit aktualizaciu. Stahovalo to cely windows na C: disk:

Windows 10 downloading

A nasledne sa spustila aktualizacia. Lenze mna zarazilo nasledovne okno:

Windows 10 selection

Mozno cislo jedna bola vysedena a nebolo mozne ju vybrat. Microsoft, bohuzial, dovoli pouzit prvu moznost len pre Windowsy, ktore su v jazykoch: Anglicky, Brazilsky, Portugalsky a jednoducha Cinstina. Je to smutne ale je to tak. Skusal som zeditovat aj instalacku a jej nastavenia ale nic nepomohlo. Taktiez som skusal zmenit nastavenia Windowsu na inu ako Slovensku lokaciu a taktiez nepomohlo. Vyzera, ze pri stahovani aktualizacie si dana aplikacia stiahla slovensku verziu aktualizacie a aj instalacky:

Windows 10 Slovak

Takze neostavalo nic ine ako ist na tuto stranku a stiahnut anglicku verziu instalacky. Ked sa po stiahnuti dana instalacka pustila, tak vsetko slo ako po masle:

Windows 10 Eng

Vsetky nastavenia mi ostali. Par aplikacii bolo potrebne preinstalovat (VPN klienti) ale inak vsetko funguje ako ma a uz fungujem na Windows 10:

Windows 10 ver

Nemam odskusane ci pri instalacii anglickej verzie Windows 10 sa zanecha slovenske prostredie alebo treba este doinstalovat slovencinu.

Dufam, ze dany navod pomoze niekomu dalsiemu 🙂

Set account to expire on midnight

April 20th, 2015 No comments

Customer requested to force active directory accounts to expire on midnight or in the night and not during the day. So I’ve created following script to do so:

$UserList = Get-ADUser -Filter * -SearchBase "OU=USERS,DC=domain,DC=local" -Properties "DisplayName", "PasswordLastSet"
$Today = (Get-Date)
$MaxPasswdAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge

ForEach ($User in $UserList)
   {
   $ExpireDate = ($User.PasswordLastSet) + $MaxPasswdAge
   $DaysToExpire = (New-TimeSpan -Start $Today -End $ExpireDate).Days
   If ($DaysToExpire -eq 1)
      {
      Set-ADUser -Identity $User -ChangePasswordAtLogon $true
      }
   }

#EOF

This script runs everyday at 23:55.

I found couple examples how to change pwdLastSet attribute on AD user’s object, but I don’t like that. I think this is cleared way to do so.

Have a nice day,

Exchange 2010 move request failure

April 15th, 2015 No comments

I migrated from Exchange 2003 to Exchange 2010 and since then I was receiving following event:

 rep02

Event says:”The Microsoft Exchange Mailbox Replication service was unable to process a request due to an unexpected error”. Which means server cannot finish some request. In order to solve a problem I was looking for some replication settings. I found none. Then I looked into domain using ADSIEdit. I looked into:

CN=MailboxExportRequests, CN=MailboxReplication, CN=TeamSK, CN=Microsoft Exchange, CN=Services, CN=Configuration, DC=domain, DC=local

and I found there some old orphan move requests:

List of orphaned requests

When I used Get-MoveRequest cmdlet there was none move request displayed. So I’ve deleted those old move requests using ADSIEdit and there was no more bothering event on Exchange server.

Have a nice day,

 

Quickie: Use pfx certificate in linux

January 27th, 2015 1 comment

When you export certificate in Windows with private key, you export it to .pfx file with password. When you want to use this certificate in linux you need to convert pfx file into .crt and .key files. You can use following commands to convert it:

[root@nagios]# openssl pkcs12 -in nagios.pfx -clcerts -nokeys -out nagios.crt
Enter Import Password:
MAC verified OK
[root@nagios]# openssl pkcs12 -in nagios.pfx -nocerts -nodes -out nagios.key
Enter Import Password:
MAC verified OK

Now you have two files .crt and .key which can be used in linux.

That’s all folks,

Categories: Linux, Microsoft, Quickie, Security Tags:

ShowIT 2014: Prezentacie

November 3rd, 2014 No comments
Categories: Microsoft, Windows Tags: ,

Quickie: Real location for virtualized files and registry keys when using UAC

October 22nd, 2014 No comments

This is just a note. When you have UAC (User Access Control) enabled and if application wants to write data into %ProgramFiles% all writes are redirected into %localappdata%\virtualstore\. If application writes into registry HKLM\Software it is redirected to HKCU\Software\Classes\VirtualStore.

That’s all folks,

 

How to track deleted files

October 21st, 2014 1 comment

I am often asked to restore files on fileservers and also look for user who deleted files. By default there is no auditing for files enabled on fileservers. I will write how I do enable it and how it works for me.

First of all you need to enable audit policy Audit object access. This audit policy handles auditing for files, registry keys, shares, … To enable this audit policy you need to set it in GPO Computer Configuration – Policies – Windows Settings – Security Settings – Local Policies – Audit Policy – Audit object access and set it to Success, Failure.

Audit object access

This audit policy enables auditing for lots of objects to audit. I want to audit only File System. To find out what audit policy settings are applied on computer use following commnad auditpol.exe /get /category:*. To enable only wanted auditing I have dumped settings using auditpol.exe command and set same auditing in GPO, but under Object Access I just enabled File System auditing. You can set this settings under Computer Configuration – Policies – Windows Settings – Security Settings – Advanced Audit Configuration.

Advanced Audit Configuration

Now you need to setup Auditing on whole Disks or Folders:

Setup Auditing

When these settings in GPOs are applied there are new events in security event log. We need to look for event number 4659 and make some reporting out of it. I’ve created powershell script which I run every day right after midnight and it creates HTML report and also CSV files which can be used in some powershell manipulation. Here is a powershell script:

#
# Get-DeletedFileLog
#  This function gets events 4659 about delted files and generate HTML reports
#

#
# Declaration
#

[datetime]$Yesterday = ((Get-Date) - (New-TimeSpan -Day 1)).date
[datetime]$Today = (Get-Date).date
[int]$EventID = 4659
[string]$Path = "D:\Logs\Deleted Files"
[int]$Limit = (Get-Date).AddDays(-180)

Try
{
    #
    # Get events from security eventlog
    #
    [array]$EventList = Get-WinEvent -FilterHashtable @{Logname='Security';Id=$EventID;StartTime=$Yesterday} -Oldest -ErrorAction Stop

    #
    # Extend Event by XML data fields
    #
    foreach ($Event in $EventList)
    {
        $EventXML = $Event.ToXML()
        For ($i=0; $i -lt $eventXML.Event.EventData.Data.Count; $i++)
        {
            Add-Member -InputObject $Event -MemberType NoteProperty -Force -Name DateFileDeleted -Value $Event.TimeCreated
            Add-Member -InputObject $Event -MemberType NoteProperty -Force -Name UserName -Value $EventXML.Event.EventData.Data[1].'#text'
            Add-Member -InputObject $Event -MemberType NoteProperty -Force -Name DeletedFile -Value $EventXML.Event.EventData.Data[6].'#text'
        }
    }
    #
    # Generate HTML report
    #
    $EventList | Select DateFileDeleted, UserName, DeletedFile | ConvertTo-Html | Out-File "$($path)\$($Today.Year)$($today.Month)$($Yesterday.Day)_DeletedFiles.html"
    $EventList | Select DateFileDeleted, UserName, DeletedFile | ConvertTo-Csv | Out-File "$($path)\$($Today.Year)$($today.Month)$($Yesterday.Day)_DeletedFiles.csv"
}
Catch
{
    # If there is a problem
    Write-Host "No events $EventID to record."
}

#
# Remove old reports
#

Get-ChildItem -Path $Path -Recurse -Force | Where-Object { !$_.PSIsContainer -and $_.CreationTime -lt $Limit } | Remove-Item -Force

# EOF

This script also cleans up files older than 180 days. In HTML file you can see when, who and what deleted. I didn’t excluded files started with “~”, which are also known as temporary Office files, which are created during opening Office documents. This is because now I know who opened which files and when.

Enjoy,

 

Microsoft Windows 7 Embedded and RDP 8.1

October 16th, 2014 4 comments

At one of our customers we deployed RDS RemoteApp server farm. Customer bought thin clients HP T510. When they connected to RemoteApp using Windows XP and Windows 7 on normal computers there were no problems with RemoteApps. When they connected to RemoteApp using Windows 7 Embedded on thin clients, they had problems with RemoteApp windows. RemoteApp windows were not displayed right. There was one extreme problem: User opened Microsoft Outlook, opened message and pressed Reply. Starte to type, but no characters were displayed. When you clicked on some part of the window all the text appeared. So RDP client sent all key strokes to RDP server, but RDP client didn’t refresh content of the window.

After some investigation I found out that Windows XP and Windows 7 had RDP client version 6.3.9600 (RDP 8.1 supported), but Windows 7 Embedded had only 6.2.9200 (RDP 8.0 supported). I’ve tried to google for some path or some HP image with RDP 8.1 for Windows 7 Embedded. No success. When you look on Remote Desktop Service Blog website, you can even find informaction that there is no RDP 8.1 for Windows Embedded.

But I found five hotfixes which are required for Windows 7 Emedded to have RDP client version 6.3.9600 (RDP 8.1 supported):

  • KB2574819-v2-x86
  • KB2592687-x86
  • KB2857650-x86
  • KB2830477-x86
  • KB2913751-x86

When you install all those updates you need to reboot machine and you will have nice RDP client version 6.3.9600 (RDP 8.1 supported):

rdp

That’s all for now,

Categories: Microsoft, Windows Tags:

Powershell script: Invoke-CommandOnADComputers

October 13th, 2014 No comments

Sometimes I need to run some command on bunch of computers. So I’ve created little bit more advanced function to be able to run script block on computers list created from domain:

 


<#
.Synopsis
   This function provides you way to run scriptblock on remote machines in the domain.
.DESCRIPTION
   This function is extension to Cmd-Let Invoke-Command. This function lists computer names in domain
   based on ADSearchBase and Filter parameters. In invoke scriptblock on those computers in the list.
.EXAMPLE
   To restart service "Windows Time" on all machines in domain:
   Invoke-CommandOnADComputers -SearchBase "DC=domain,DC=local" -ScriptBlock { Restart-Service W32Time; }
.EXAMPLE
   To restart service "Windows Time" on all machines which containt number 7 in name:
   Invoke-CommandOnADComputers -SearchBase "DC=domain,DC=local" -Filter 'Name -like "*7*"' -ScriptBlock { Restart-Service W32Time; }
#>

Function Invoke-CommandOnADComputers
{
    [CmdletBinding(SupportsShouldProcess=$True,ConfirmImpact='Low')]
    Param
    (
        # This is Active Directory Search Base to limit selection for computer accounts in domain.
        # It can be for example "OU=Computers,OU=Company Name,DC=domain,DC=local"
        [parameter(Mandatory=$true)]
        [string]
        $SearchBase,

        # Active Directory filter to merge your computer selection in to the detail.
        # It can be for example 'Name -like "Desktop*"'
        [string]
        $Filter = "*",

        # This is scriptblock which should be run on every computer.
        # For example { Restart-Service W32Time; }
        [parameter(Mandatory=$true)]
        [scriptblock]
        $ScriptBlock
    )
    Begin
    {
        #
        # Get list of computer accounts
        #
        Write-Verbose "Getting list of computer from $ADSear"
        try
        {
            [array]$ADComputersList = Get-ADComputer -SearchBase $SearchBase -Filter $Filter -ErrorAction Stop
        }
        catch
        {
            Write-Error -Message "Couldn't search in $SearchBase" -ErrorAction Stop
        }
        #
        # Write number of found computers
        #
        Write-Host "Found $($ADComputersList.Count) computers"
        #
        # If in debug, write list of computers
        #
        Write-Verbose "List of machines:"
        If (!$PSDebugContext)
        {
            foreach ($item in $ADComputersList)
            {
                Write-Verbose " $($item.Name)"
            }
        }
        Write-Verbose "Done with domain computer list"
    }
    Process
    {
        #
        # Let's invoke command on remote computer
        #
        foreach ($ADComputer in $ADComputersList)
        {
            Write-Host $ADComputer.Name
                try
                {
                    Write-Verbose "Invoking scriptblock on computer"
                    Invoke-Command -ComputerName $ADComputer.Name -ScriptBlock { $ScriptBlock } -ErrorAction Stop
                    Write-Host " Scriptblock invoked successful."
                }
                catch
                {
                    Write-Host " Scriptblock invoked UNSUCCESSFUL."
                }
        }
    }
}

You can run it using

Invoke-CommandOnADComputers -SearchBase “DC=domain,DC=local” -ScriptBlock { Restart-Service W32Time; }

and it will read all computer accounts from domain and restart Windows Time service.

Enjoy,

Quickie: Hyper-V ready or not

September 30th, 2014 No comments

If you want to know if your computer is ready to host Hyper-V role you can check it quickly using old command systeminfo.exe with new feature. This new feature is in systeminfo.exe which is included in Windows 8 and higher and Windows Server 2012 and higher.

When you run it you can see the last output lines about Hyper-v Requirements:

System info hyper-v

That’s all for today,