Enable the class LocalGroupMembers from here > http://praveenkumarsharma1.blogspot.com/2014/10/enable-members-of-all-local-groups-of.html SQL Query to find domain users who are administrators on the workstations/servers SELECT v_R_System.Netbios_Name0, v_R_System.User_Name0, v_R_System.AD_Site_Name0, LocalGroupMembers_DATA.Account00, LocalGroupMembers_DATA.Category00, LocalGroupMembers_DATA.Disabled00, LocalGroupMembers_DATA.Domain00, LocalGroupMembers_DATA.Name00, LocalGroupMembers_DATA.Type00 FROM LocalGroupMembers_DATA INNER JOIN v_R_System ON LocalGroupMembers_DATA.MachineID = v_R_System.ResourceID where Name00 like '%Administrators%' and Type00 like '%Domain%' and Category00 like '%UserAccount%' Output :
I was updating a logon script today and realized that for some reason it wasn’t applying to the machine. I ran rsop and gpresult but neither one showed the policy or the logon script. The gpo was filtered to a specific group of users and the user was clearly a member of the group so I was befuddled what was going on. I finally found a Security update KB 3159398 for Group Policy that came out in June that while fixing a dangerous man-in-the-middle attack breaks filtering if Domain Computer group does not have read permissions to the OU. Follow the below steps to fix and your gpo will be working like normal.
- Open up the gpo in group policy management and click the delegation tab.
- Click Add and type in domain computers.
- Set permissions to read as is the default.
- Enjoy your fixed GPO’s!
Link to Microsoft Security update and known…
View original post 3 more words
I had an issue the other day with an application not installing that I had been installing for a long time through the UDI wizard with the MDT Integration with SCCM 2012. Suddenly it had stopped installing and I got the below error in the SMSTS.log.
Make sure the application is marked for dynamic app install Policy download failed, hr=0x80004005. The operating system reported error 2147500037: Unspecified error
While this error can be caused by symbols such as a comma or ampersand in the application name for me it was because I had changed the application name to a more user-friendly name which in turn broke the UDI as it doesn’t dynamically update application names. I simply went into the UDI and removed and re-added the application and it started working again.
I came across a TechNet blog post on Microsofts site the other day that taught me something new I thought I would pass along in case it would help someone out. If you don’t have software assurance with Microsoft but are a volume license customer you can deploy volume license media providing you have keys and the edition of the OEM OS and the Volume License match. This means you don’t have to be purchasing volume licenses to reimage provided you do have at least a few volume licenses of the software you are trying to deploy. The below blog posts provide more info. Guess you learn something new every day.
I’ve been struggling to get SCCM 1602 and imaging of windows 10 to play nice and the below is one of the latest issues I’ve encountered. If your running Windows 10 build 1511 and try to capture you might encounter error code 0x00004005. One of the possible causes can be all the Appx packages (Candy Crush and Twitter etc.) Microsoft decided to install even in Enterprise edition (that one I don’t understand I could see home even pro but enterprise?). As was pointed out in this technet article running a Get-AppxPackage -AllUsers | Remove-AppxPackage remedies the issue before capture.
In the company I work for we commonly have laptops that are connected to a wired connection and are also connected to WiFi. This isn’t good practice and DNS gets a little weird when it gets registered IP addresses from both the WiFi adapter and a registration from the wired connection. I have been using a VB script from intelliadmin that monitors the wired connection and disables the WiFi adapter when the wired connection is plugged in which works great. You can do as intelliadmin suggests and run it as a group policy computer configuration logon script. The problem that I ran into with that method is that as group policy runs when a computer starts up if it’s not connected to the network the script wouldn’t run. Even worse I ran into issues where the user would have their computer connected to a wired connection and shut it off with the wireless…
View original post 140 more words
Happy Wednesday, (Well as happy as an Wednesday can be I guess…) I was prompted by a user that their machine was behind on updates as were many others as they tried updating from the web and got lots of updates. I did some checking and all the updates looked to be fairly recent within the last month but were listed as Critical level updates. This confused me as I have critical level updates deploying more often than once a month to not get behind on security vulnerabilities as Microsoft patches them. After some research I realized there is a difference between Critical level severity and Critical level update classifications. Microsoft defines Critical Updates as “A widely released fix for a specific problem that addresses a critical, non-security-related bug.” So just because it’s in the critical update classification it may not have an severity level of critical. In fact critical…
View original post 95 more words
A couple of weeks ago I got to thinking, I do these little robocopy transfers all the time why not write a function so I can do a transfer and I don’t have to go looking up all the parameters. So after a few minutes, the below script was born. Simply run the script in Powershell, and it will prompt for the old folder (source) and the new folder (destination). Once the copy is complete it will monitor the source directory and copy any changes until you exit the script which is great when a user is still working in the source directory such as when you need to move a home directory. It also sticks a log file in the directory you ran the script. Just keep in mind that this is setup to be a mirror copy and if you reverse the source and destination you will copy…
View original post 81 more words
I had an issue today with an old KMS server that some machines had been talking to getting shut down and then the machines months later complaining that they couldn’t find the KMS server. I then removed the KMS server’s DNS entries and prevented it from publishing them to dns which had been missed before. That isn’t the purpose of this post though so if you need more info the below two links help out a lot.
Back to the purpose of my post was when I get tickets for activations (as I have over the past few days) I wanted an easy script to run slmgr, remove the product key, input, and activate the new key. We use MAK keys in our environment so just for the few machines that were set up for…
View original post 121 more words
I had a server I had to quickly give a alternate name to so that the existing users could point to the new server but I didn’t want to rename it the same as the old one. Traditionally you would simply add the following registry entry.
DWORD name: DisableStrictNameChecking
DWORD value: 1
Problem is this only works if you have SMB1.0 enabled on both the server and client and you know how unsecure that is (think EternalBlue exploited by Wanna cry).
The proper way is to use netdom to add an alternative name by doing the below.
This will add a new SPN in active directory for the current machine name.
Special thanks to Dimitri’s Wanderings which is in the first link below as that saved me a lot of time.