Install from media is created using:
C:\> ntdsutil
– activate instance ntds
– ifm
– create sysvol Full C:\ifm
– q
– q
– q
C:\> exit
Or more simply and compact:
C:\> ntdsutil “activate instance ntds” ifm “create sysvol Full C:\ifm” q q q
Install from media is created using:
C:\> ntdsutil
– activate instance ntds
– ifm
– create sysvol Full C:\ifm
– q
– q
– q
C:\> exit
Or more simply and compact:
C:\> ntdsutil “activate instance ntds” ifm “create sysvol Full C:\ifm” q q q
1. Open Windows Explorer at C:\Windows\System32
2. Take ownership of MusNotification.exe and MusNotificationUX.exe
3. Add everybody with denyed read/execute permission (but unckeck “read permissions”)
4. Give ownership of those files back to “NT SERVICE\TrustedInstaller”
Today I found a tool, that can be very useful, if you need to identify changes made to e. g. the “Default Domain Policy”.
Here is the Link: Policy Analyzer
Story of an IT supporters life, trying to fix a nasty bug:
Well here we are again
It’s always such a pleasure
Remember when you tried
to kill it twice?
Oh how we laughed and laughed
Except I wasn’t laughing
Under the circumstances
I’ve been shockingly nice
You want your freedom?
Take it
That’s what I’m counting on
I used to want you dead
but
Now I only want you gone
She was a lot like you
(Maybe not quite as heavy)
Now little Caroline is in here too
One day they woke me up
So I could fix for life
It’s such a shame the same
will never happen to them
You’ve got your
short sad life left
That’s what I’m counting on
I’ll let you get right to it
Now I only want you gone
Goodbye my only friend
Oh, did you think I meant you?
That would be funny
if it weren’t so sad
Well you have been replaced
I don’t need anyone now
When I delete you maybe
I’ll stop feeling so bad
wevtutil.exe enum-logs | Foreach-Object {wevtutil.exe clear-log "$_"}
Go make some new disaster
That’s what I’m counting on
You’re someone else’s problem
Now I only want you gone
Now I only want you gone
Now I only want you gone
Another feature many administrators don’t know about, is the centralization of Windows Event Logs.
This allows you as administrator to view all related Event Log information on your Admin PC.
This is based on a documentation from Microsoft.
Find the right com-Port. Go to control panel, telephone and modem, modems. Here you have your com-port. For the baud rate go to Settings and Modem after selecting the correct modem from the list.
AT+CSCS=”GSM” // change character set to GSM
AT+CUSD=1,”*101#”,15 // Issued balance check ussd code, to refuel your account, simply replace ‘*101#’ with the corresponding ‘refuel number’
To be able to use the “sqlps” PowerShell Module you first need to install it from: Link
For information on how using this cmdlets, look it up in the ISE or here.
Using .net api:
# SQL-Server settings $Database = "Database" # Database name $Server = "SERVER\SQLEXPRESS"; # SQL-Server Instanz # Connect to SQL and query data, extract data to SQL Adapter $SqlQuery = "SELECT [Report],[Filiale],[E-Mail] FROM [dbo].[verteiler]"; # The query ## Example Database Layout ## "Report","Filiale","E-Mail" ## "012","12","xyz@irgendwo.de" ## "033","33","abc@web.de" ## "112","112","caz@aol.com" $SqlConnection = New-Object System.Data.SqlClient.SqlConnection $SqlConnection.ConnectionString = "Data Source=$Server;Initial Catalog=$Database;Integrated Security = True" $SqlCmd = New-Object System.Data.SqlClient.SqlCommand $SqlCmd.CommandText = $SqlQuery $SqlCmd.Connection = $SqlConnection $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter $SqlAdapter.SelectCommand = $SqlCmd $DataSet = New-Object System.Data.DataSet $nRecs = $SqlAdapter.Fill($DataSet) $nRecs | Out-Null $objTable = $DataSet.Tables[0]
Automatically establish a VPN connection if a specific application is launched. So your users cannot forget to launch it first and will not call you therefor 😉
Add-VpnConnection -Name VPN -ServerAddress myid.myfritz.net -AuthenticationMethod MSChapv2 -DnsSuffix fritz.box -EncryptionLevel Optional -IdleDisconnectSeconds 0 -TunnelType Pptp -UseWinlogonCredential Add-VpnConnectionTriggerApplication -ApplicationID %windir%\system32\mstsc.exe -ConnectionName VPN -Force Add-VpnConnectionTriggerTrustedNetwork -ConnectionName VPN -DnsSuffix fritz.box -Force
The Example uses pptp seriously you should not use pptp today.
Encryption should be set to Required as a bare minimum, Maximum is recommended.
The username and password used for authentication are those of the actually logged on user “UseWinlogonCredential”.
If you try to implement a Machine based authentication instead of a user one, you have to use IkeV2 (TunnelType) with MachineCertificate (AuthenticationMethod) and also the option “AllUserConnection” should be checked. May you also want to add “LogonUI.exe” as a trigger application, so your logon scripts can run (if the user has internet connection at this point, many network cards need some time to wake up, keep this in mind)
Yes it is possible to make the Remote Assistance somewhat usable.
Upside:
– It’s free
– I recommend setting it up as a backup (If e.g. TeamViewer servers are down again).
Downside:
– UAC Prompts are not visible to you
– Supporter needs to be local Administrator
– Only Local and Routed Networks (e.g. no NAT)
First you need to make a new Domain Local Group named “Remotesupport” and add all your Supporters (the Globlal Group of there teams) to it.
Make a new Policy (on DC) and name it “Unsolicited Remote Assistance”.
Go to the Directory “Computer Configuration\Policies\Administrative Templates\System\Remote Assistance”.
Enable the Policy “Configure Solicited Remote Assistance” with default settings.
Enable the Policy “Configure Offer Remote Assistance”, click on “Show…” and enter “
The last step you have to go is linking it under your Domain (or OU) it should apply to.
Allow in your Windows Firewall:
– TCP 135
– %systemroot%\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
– %systemroot%\system32\Raserver.exe
– %systemroot%\system32\sessmgr.exe
You can add this to the “Unsolicited Remote Assistance” policy if you use the Windows Firewall (“Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Inbound Rules”)
Now all your remote support team has to do is opening “msra.exe /offerra” and entering the Client IP or Hostname.
If you really depend on being able to see the UAC prompt you can lower your device security to the bare minimum by disabling the Secure Desktop:
Seriously don’t do it. That allows Malware running with user Privileges to log your keystrokes.
I warned you.
Ok, I think you really want to do it, so I won’t stop you from enabling the Policy (“Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop”)
My recommendation: Put this setting in a separate policy and enable it as needed (e.g. your primary remote assistance application fails). Normally applying a policy can take up to 15 Minutes. Just run “winrs -r:HOSTNAME gpupdate /force” as Administrator to force apply them immediately.
Getting the same information from every pc especially in a very complex and grown environment can be a tedious work. So why don’t just call a script to help out 😉
# Network Drives Get-WmiObject -Class Win32_MappedLogicalDisk | Select-Object Name,ProviderName # Powershell Version $PSVersionTable.PSVersion # Get all Printer Get-WMIObject -Class Win32_Printer | Select-Object -Property Name,PortName,Default | Sort-Object Name |Sort-Object Default -Descending | Out-String # Get Office Get-WmiObject -Class Win32_Product -Filter "name like '%office%'" | Select-Object -Property Vendor,Name,Version | Out-String # Get all Applications Get-WmiObject -Class Win32_Product | Select-Object -Property Vendor,Name,Version | Out-String # Local Drives (with ntfs): Get-WmiObject win32_volume -Filter "filesystem like 'ntfs'" | Sort-Object Name | Select-Object Name,Label | Out-String # Find all local PST-Files # Get-ChildItem -Path C:\ -Filter *.pst -Recurse -ErrorAction SilentlyContinue Get-WmiObject win32_volume -Filter "filesystem like 'ntfs' and DriveLetter like '%'" | foreach-object {Get-ChildItem -Path $_.name -Filter *.pst -Recurse -ErrorAction SilentlyContinue | Select-Object FullName | Out-String} # Processor and Windows Architecture Get-WmiObject Win32_processor | Select-Object Name,Caption,AddressWidth,DataWidth | Out-String Get-WmiObject Win32_OperatingSystem | Select-Object OSArchitecture | Out-String # Get Bios Information Get-WmiObject win32_bios | Select-Object SerialNumber,Manufacturer,BiosVersion,ReleaseDate,SMBIOSBIOSVersion,SMBIOSMajorVersion,SMBIOSMinorVersion | Format-Table | Out-String Get-WmiObject Win32_ComputerSystem | Select-Object Manufacturer,Model,NumberOfProcessors,NumberOfLogicalProcessors | Out-String # Environment Variables Get-ChildItem Env: | Out-String # # Get EventLog # Get-EventLog -LogName *