How to use WMI to query to distinguish legacy and UEFI mode Windows?
↧
How to use WMI to query to distinguish legacy and UEFI mode Windows?
↧
Strip permissions from folders and subfolders multi domain network
I have a domain in a multi domain network Forrest
Example: Domain1, Domain2
On my file server i have many folders and sub folders with permission sets on each folder having access from both domains so users from domain1 and users from domain2
We are going to demote domain1 in the forest and have moved users from domain1 to domain2 and what we would like to do in a fast way is to remove all permissions which are associated to domain1 and keep the current domain2 permissions the way they are.
As currently a user or a group there are two entries one from each domain
I have been playing around with subinacl and cannot get it to do what I want with migrate etc
Is there a easy way to do this or with another tool?
↧
↧
task scheduler returns (0x1) code when 'Run whehter user is logged on or not' options selected
I have setup a task using Task Scheduler that I would like to use to launch a batch file at a certain time each day. The batch file works correctly when launched manually and the task also works correctly when the option 'Run only when user is logged on'. However, as soon as I mark 'Run whether user is logged on or not' using the Administrator login, the task returns a Last Run Result of (0x1). This happens when trying to launch the file on demand or when it is scheduled at it's daily time to run.
From some research I have done, I don't believe I should see the actions of the batch file and the program that it launches when this option is marked, but I know it is not running correctly in the background due to the fact the log files are not generated from the task it is to complete. I have marked 'Run with highest privileges' and also entered information in the Start in field under Edit Action with no quotes. The history logs show that the task successfully finished, despite the lack of the Last Run Result code and no log files being generated. I have also verified the user being added to the Log on as a batch job option and that there are full permissions to the files (all on the local machine).
Does anyone have any insight to what I could be missing? If helpful, i could post the history logs as well.
Thanks!
↧
How to disable the "Updates are available" pop-up?
I have a Windows Server 2012 R2 server that due to special requirements on timing, has windows updates initiated by script. Therefore, by group policy, it is set to "download but do not install" and windows updates by automatic maintenance is disabled. So basically, updates are not applied until the script kicks off the process.
When updates are released by our WSUS server, the server downloads them as it is supposed to at the next refresh cycle. This is necessary so that the updates are ready-to-go when the script kicks off updates instead of having to wait another 5-10 minutes
to download before installation begins.
When updates are downloaded, but before they are installed, whenever I log into the server I see a pop-up "Updates are available." It interrupts my workflow and gives me a chance to accidentally click "install" which would be bad. Even more annoyingly, when you click "close" to dismiss the dialog it pops back up 5 minutes later.
How do I disable this dialog?
↧
Remote WMI for non-Admin
I'm running a PowerShell script that uses WMI to remotely check the status of SQL services on many servers, some in other domains. The job runs using a proxy account in a domain that is trusted by the other domains. The only way the script works currently is if the proxy account is a member of the local administrators group on each server checked. I'm stumped at how to get it to work otherwise.
I tried doing the normal stuff plus more. I put the account in many other local groups (e.g., distributed com users, performance log users, performance monitor users, power users, remote management users, users, WinRMRemoteWMIUsers_). I gave the account access to the DCOM directly via COM security (local access, remote access; local launch, remote launch, local activation, remote activation). I also gave the account full access to the WMI namespace (the Root namespace and all subnamespaces). I must be missing something important. I've been experimenting on a Windows 2012 R2 system.
Thanks.
Randy in Marin
↧
↧
From Where to download Win 2008 R2 SP1 ISO image with latest update!
Dears,
Where to download Win 2008 R2 SP1 ISO image with latest update!
I need iso image of win 2008 R2 Datacenter with SP1 and with latest updates!!
Thanks
Regards
↧
W32TM Best Practice setup. Hyper-V, Virtual DCs, etc
So every once in a while we have some things that stop working because they rely on having semi-accurate time (within 2-3 seconds) on the servers. I need to find out if we're not doing something in the best way so we can change things to get everything as accurate as we can.
- We have 2 DCs in the domain. Both are virtual.
- We have 3 HPV Hosts in the domain.
- We have bunches of VMs running on those hosts.
Our current setup is to have:
- DC01 looks out to NTP.org
- DC02 looks to DC01
- HPV hosts look to DC02
- VMs look to the HPV Hosts
I didn't set this up originally so I don't know why the HPV Hosts look to DC02 instead of DC01 or maybe they look to either but I see DC02 listed when I run a w32tm /query /status command
Anyhow, is this the best way to be handling this? If DC01 goes offline for some reason, does that pose a problem since everything looks to it for the time?
Would there be any benefit setting the HPV Hosts to look out to NTP.org since all the VMs look to the hosts anyway?
Just want to figure out how to keep things accurate and consistent in the long run.
Thanks!
↧
the trust relationship between this workstation and the primary domain failed
Hi
I’m dealing with two servers here, one 2008, one 2008 R2 (with SP1), both having been offline for a while. Now if I want to sign in using domain credentials, I get the trust relationship failed message (see title). As the two machines are servers and host services
that are deeply integrated with AD (one OCS2007 R2, one Lync 2010), I cannot simply remove them and re-add them to the domain.
The first thing I did was check system time, which of course was off between the two servers and my domain controllers. So I set that back in order, but I guess what is broken remains broken.
So, I’ve been reading up on the issue and found this page that lists several other solutions: http://implbits.com/active-directory/2012/04/13/dont-rejoin-to-fix.html
All the operations listed below were executed in an administrative context (administrative powershell session to be precise)
Reset-ComputerMachinePassword runs successfully on the 2008 server but after a reboot, I get the same error trying to log in using the domain credentials. On the 2008 R2 server, I get an error running the command
Reset-ComputerMachinePassword : Cannot reset the secure channel password for the computer account in the domain.
Operation failed with the following exception: A local error has occurred.
So I then used the Test-ComputerSecureChannel -Repair command which tells me It repaired the secure channel to my domain and retried, but no such luck.
The second solution, using netdom.exe resetpwd /s:<server> /ud:<user> /pd:*
Only results in the following output
The machine account password for the local machine could not be reset.
Logon Failure: The target account name is incorrect.
The command failed to complete successfully.
I tried this specifying only the machine name of my DC (I have two, tried them both), or the FQDN (either name can be resolved using nslookup from both servers), and I tried the domain controller account using both the short and long domain notation (so domain\Administrator
and domain.com\Administrator), but the error remained the same.
I found another page that mentioned I could reset the computer account from the domain controller itself using the Active Directory Users and Computers mmc add-in, but that didn’t fix the issue either (I rebooted the servers after resetting the account on the
domain controller).
Does anybody else have another idea how to get this working again?
Thanks
Stephan
↧
local user account and administrator account in work group
Hello,
Can some one tell me the difference between users created in lusrmgr.msc (local users & group) and administrator group in a workstation.
I hope both have full access to machine.
Paramesh KA
↧
↧
WMI Error generated during install of SQL 2008 Express on Windows Server 2012
The Following error is generated when I attempt to install SQL Express 2008 on a Windows Server 2012 machine:
"The MOF compiler could not connect with the WMI server. This is either because of a semantic error such as an incompatibility with the existing WMI repository or an actual error such as
the failure of the WMI server to start.
The WMI Diagnostic tool generates 1 error when it is run:
-Root\aspnet, 0x80041E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found.
The prompt:
c:\Windows\System32>winmgmt\verifyrepository
generates the following responst
WWMI repository is consistent
I can attach the log file if needed, but it's long and my connection is sketchy.
What should be my next course of action?
Thanks.
Ed
↧
NTP time sync
hello guys
i am lookign for a workaround for my NTP server .Its currently placed in a double hop DMZ wtih 2 NIC
for example 1.1.1.1 is facing internet with UDP 123 open on firewall .we have specfied external NTP server to which is able to sync the time .
Leap Indicator: 0(no warning)
Stratum: 2 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0312500s
Root Dispersion: 0.0268996s
ReferenceId: 0xC00529D1 (source IP: 192.5.41.209)
Last Successful Sync Time: 2/10/2016 6:54:13 AM
Source: 192.5.41.209,0x1
Poll Interval: 15 (32768s)
now there is a 2nd ip say 2.2.2.2 address which dosent has acess to internet but has acess to internal lan
now whn i try to sync a standalone server from this NTP ( the reachable ip address is 2.2.2.2) it wont sync
PS C:\Windows\system32> w32tm /resync
Sending resync command to local computer
The computer did not resync because no time data was available.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="SvchostEntry_W32Time"
"NtpServer"="2.2.2.2,0x1"
"Type"="NTP"
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,00,00
↧
Performance Monitor - Pin-point Specific app/process
Hi IT folks,
Just want to ask if it's possible to create a performance monitor-data collector set to pin-point specific process(es) or applications that highly consumes the system resources (cpu, ram, disk) and run it on a specific time duration.
Thank you!
akosijesyang - the conqueror
↧
Would a DCPROMO be the best fix for my sticky Kerberos error?
I have 3 servers running 2012 r2. One of which was disconnected from the domain for a month or two. I continues to show a Kerberos error for the FSMO primary server. Also I changed the name of the FSMO last year, so there my be a ghost server lingering around.
Any and all help will be appreciated.
Thanks
Striving for the perfect World...CC
↧
↧
inconsistent task scheduler python returns 0x1 Server 2008 R2
I have seen many threads on task scheduler returning 0x1 working with python script files. My problem is a bit different. I have five python scripts that run great manually. All 5 are set up exactly the same. But, the results are not consistent. 4 return 0x1, the 5th returns 0x0, good.
I have tried the various proposed solutions: run with user logged in/not - run with highest privledges/not - start in folder X. Because one script works (returns 0x0) none of these seems to be the root cause. All 5 are in the same folder with same owner. All 5 scripts invoke the same Esri GIS system, which is local to the same server/drive etc.
Running the scripts from the owner's account manually from Python the 5 scripts work fine.
If task scheduler is defective, has anyone found a UNIX type cron for windows that works? I never had any issues using cron. It just worked and was easy to configure.
After my 5th script I run a transfer.bat file that ftp the python output and it always works in task scheduler, 0x0. Thus the ownership/rights configuration seems to be correct. Again, the task scheduler configuration is exactly the same for all 6 events. So, why is TS inconsistent?
↧
Get-WMIObject - RPC Server Not Available
I run the command below. The WMI-In firewall rule is allowed and enabled. DCOM is enabled in the registry. DCOM, RPC, WMI, and Remote Registry Services are started. No AV installed on this HyperV host. What else do I check for this?
Get-WmiObject -Class Win32_LogicalDisk -ComputerName servername -Property FreeSpace Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) At line:1 char:1+ Get-WmiObject -Class Win32_LogicalDisk -ComputerName servername -Property FreeSpace+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException+ FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
↧
Would a DCPROMO be the best fix for my sticky Kerberos error?
I have 3 servers running 2012 r2. One of which was disconnected from the domain for a month or two. I continues to show a Kerberos error for the FSMO primary server. Also I changed the name of the FSMO last year, so there my be a ghost server lingering around.
Any and all help will be appreciated.
Thanks
Striving for the perfect World...CC
↧
Performance/ resource monitoring a particular process
HI,
I need guidance in setting up a trace of a particular process in the system and its corresponding activities in the system.
For instance, i am looking at certsrv.exe process in the resource monitor and I am after tracking its TCP connections filtered by that process. Now, this can be easily acheived by using resource monitor, but I need this similar report over a period of time.
so that, i can go back to a particular time stamp and check the corresponding connections during that time stamp.
↧
↧
Best way to find out the required ports to be opened in network firewall for each server / application
Hi
We are configuring a new Cisco Firewall in Datacenter between each server / application / VLAN. We have customized applications / scripts and standard applications with each server. We are planning to use Wireshark to find out the listening ports for each of the servers / betweeen teh VLANs. Is there a better way to find the required ports than this?
Thanks in advance
LMS
↧
Task scheduler cannot create the task. The user account is unknown, the password is incorrect, or the user account does not have permission to create this task
The problem:
Task scheduler cannot create the task. The user account is unknown, the password is incorrect, or the user account does not have permission to create this task
I´ve tried to run Task Sch as local admin and domain user with administrative privileges and domain admin
Win2008R2 fully patched + IIS
If i create the "basic task", it concludes, but when i try to change something.. the error
If i try to create a full task.. the error arises
If i try to change the already created shcedule task, the error message is slightly different, "the task schedule cannot apply your changes" (wich makes sense, i´m trying to change an already created task)
Nothing in event viewer
I´ve changed the credentials of the service account 2 times.. no success
The domain user service account used to run the scheduled task belongs to a domain global group, inside a local group in the WIN2008R2 server and the local group have "logon as a batch job" and "logon as a service" privileges
I changed the local privileges to domain service account usernames, insted using groups and tried to create a task with low privileges (without using the "highest privileg" option)
I put the service account user in the local administrators group... nothing...
any suggestions?
↧
Explorer.exe required to run Unversal Apps?
Hi,
On Windows 10 we have explorer.exe replaced with our custom shell.
However, without explorer.exe no Universal app (like Edge) is able to run. The error says "Class not registered".
Is there a way to improve our shell to make Universal apps running or there is an absolute need for explorer.exe to be running?
To be precise, its about starting the app. Once app is started you can kill explorer in Task Manager and app will still be running fine. But starting an app without explorer is not currently possible.
Thank you.
↧
