NIC error modern UI – Windows cannot access specified device, path, or file. You may not have the appropriate permissions to access the item. Solution: In an elevated command prompt, run gpedit.msc Go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options Open “User Account Control: Admin Approval Mode…
In my lab, I often have the need to quickly set up various servers from scratch. One type of server is an Active Directory Domain Controller. So I slapped together a simple script to completely automate (light touch) the process of setting up a complete AD DC in a new forest. I also did the…
Albert Einstein is claimed to once have said that he keeps nothing in his mind that can be easily retrieved from paper – or looked up. As far as I’m concerned, you should not memorize most things but instead memorize where and how to quickly find the required information and how to use it. Also,…
|
1 2 3 4 5 6 7 8 9 10 11 12 |
# Get Network card driver version remotely and only for a specific vendor $cred = Get-Credential domain\user Invoke-Command -Credential $cred -ScriptBlock {Get-WmiObject Win32_PnPSignedDriver -Filter "DeviceClass = 'NET'" | Where-Object devicename -Match qlogic | ft DeviceName,DriverVersion} -ComputerName computernamehere #sample output: #DeviceName DriverVersion #---------- ------------- #QLogic FastLinQ QL45412H 40GbE Adapter (VBD Client) 8.37.6.0 #QLogic FastLinQ QL45412H 40GbE Adapter (VBD Client) 8.37.6.0 #QLogic FastLinQ QL45412H 40GbE Adapter (VBD Client) 8.37.6.0 #QLogic FastLinQ QL45412H 40GbE Adapter (VBD Client) 8.37.6.0 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
<# .SYNOPSIS Create a folder, share it and set permissions for several users or groups .DESCRIPTION Create a folder, share it and set permissions for several users or groups .NOTES File Name : Create-Share.ps1 Author : Jan Ryen (jan@janryen.com) Copyright 2019 - Jan Ryen #> # Which directory do you want the shared folder to be created in $pathname = "D:\Shares" # What is the name of the folder to be created and shared $foldername = "TestFolder" # Set path to be used in Set-Acl $fullpath = "$pathname\$foldername" # Create folder New-Item $fullpath –type directory #Create share and share permissions New-SmbShare -Name "$foldername" -Path $fullpath -CachingMode None -FullAccess "Everyone" #remove NTFS ACL inheretance and leave inherited permissions in place #icacls.exe $fullpath /inheritance:d $acl = Get-Acl $fullpath $acl.SetAccessRuleProtection($true,$true) $acl | Set-Acl $fullpath #Purge unwanted User Permissions # usually a good idea to get rid of CREATOR OWNER and BUILTIN\Users $acl = Get-Acl $fullpath $usersid = New-Object System.Security.Principal.Ntaccount ("CREATOR OWNER") $acl.PurgeAccessRules($usersid) $acl | Set-Acl $fullpath $acl = Get-Acl $fullpath $usersid = New-Object System.Security.Principal.Ntaccount ("BUILTIN\Users") $acl.PurgeAccessRules($usersid) $acl | Set-Acl $fullpath #Define inheretance $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None $acType = [System.Security.AccessControl.AccessControlType]::Allow #foreach $fullControllUsers = "TEST\user1", "TEST\group1" $modifyUsers = "TEST\group2", "TEST\group3", "TEST\group4" foreach ($item in $fullControllUsers) { # add FullControl users $acl = Get-Acl $fullpath $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($item,"FullControl", $InheritanceFlag, $PropagationFlag, $acType) $acl.SetAccessRule($AccessRule) $acl | Set-Acl $fullpath } foreach ($item in $modifyUsers) { # add Modify users $acl = Get-Acl $fullpath $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($item, "Modify", $InheritanceFlag, $PropagationFlag, $acType) $acl.SetAccessRule($AccessRule) $acl | Set-Acl $fullpath } #check what we have now Get-Acl $fullpath | Format-Table -Wrap |
Some times the WSUS server on SCCM can stop. If the WSUSPool in IIS Application pools is stopped, WSUS will not function and SCCM will not update any clients. In anticipation of further troubleshooting, here is a workaround script to check the Application Pool and start it if it is not running. This script can…
|
1 2 |
# Ambient temperature for Dell servers with Server Administrator installed $a = get-wmiobject cim_temperaturesensor -namespace root\cimv2\dell; $a.Name + ': ' + ("{0:##}" -f $a.CurrentReading).Substring(0, 2) + ',' + ("{0:##}" -f $a.CurrentReading).Substring(2,1) |
|
1 2 3 4 5 6 7 8 9 10 11 |
<# Fun tip about powershell. You can pipe to the clipboard: #> Get-Help Get-Command | clip #or Get-Help about_Functions_Advanced_Parameters | clip # |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# Get last logged on user on local computer $UserProperty = @{n="User";e={(New-Object System.Security.Principal.SecurityIdentifier $_.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])}} $TypeProperty = @{n="Action";e={if($_.EventID -eq 7001) {"Logon"} else {"Logoff"}}} $TimeProperty = @{n="Time";e={$_.TimeGenerated}} Get-EventLog System -Source Microsoft-Windows-Winlogon | select $UserProperty,$TypeProperty,$TimeProperty | select -First 1 # Get last 100 logged on user entries on local computer $UserProperty = @{n="User";e={(New-Object System.Security.Principal.SecurityIdentifier $_.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])}} $TypeProperty = @{n="Action";e={if($_.EventID -eq 7001) {"Logon"} else {"Logoff"}}} $TimeProperty = @{n="Time";e={$_.TimeGenerated}} Get-EventLog System -Source Microsoft-Windows-Winlogon | select $UserProperty,$TypeProperty,$TimeProperty | select -First 100 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# On a DC, in Powershell: #See all smtp addresses for specific AD User Get-ADObject -Properties proxyAddresses -Filter {samaccountname -eq "ADUserSamAccountName"} | select -ExpandProperty proxyaddresses #See all smtp addresses by searching for parts of an smtp address Get-ADObject -Properties mail, proxyAddresses -Filter {mail -like "*portionOfMailAddress*"} | select -ExpandProperty proxyaddresses # If you have RSAT ( which you should ) on your own PC: #get the credetial of an administrative user $cred = Get-Credential DOMAIN\User # Import the Active Directory Module Import-Module ActiveDirectory #See all smtp addresses for specific AD User Get-ADObject -Credential $cred -Properties proxyAddresses -Filter {samaccountname -eq "ADUserSamAccountName"} | select -ExpandProperty proxyaddresses #See all smtp addresses by searching for parts of an smtp address Get-ADObject -Credential $cred -Properties mail, proxyAddresses -Filter {mail -like "*portionOfMailAddress*"} | select -ExpandProperty proxyaddresses |
::server core always start with powershell ::in cmd type:
|
1 |
powershell |
#After entering powershell, type (or if lazy = ‘copy’ + ‘paste’)
|
1 |
Set-ItemProperty -Path ‘HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon’ -Name Shell -Value PowerShell.exe |
Now you will automatically have powershell open as the shell at logon.
For those of you who are looking for System Center Virtual Machine Manager build numbers, there is a great wiki article on technet about this. https://social.technet.microsoft.com/wiki/contents/articles/15361.system-center-virtual-machine-manager-list-of-build-numbers.aspx
I don’t know about you, but i find myself sometimes wanting to run linux GUI desktop as a VM in Hyper-V. By default, the screen resolution is horrifying. So, I always change it so i can get at least a 1920×1080 resolution. To do that I enter the VM from the Hyper-V console, open up…
In my lab I have several types of storage for my guests, like 7K over SMB3, SSD over SMB3 or local storage. I thought it would be nice to see which storage my guests were on right there in the VMM console, so i created custom property and made myself a simple little powershell function…
I had a strange issue today. In my lab, I have a hyper-v 2012 R2 cluster with VMM 2012 R2 that i use as a dev/test environment. Among other things, i let this rig take in all patches and what not before doing anything with production systems. I recently updated the VMM 2012 R2 server…
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# #Enable remote desktop (Get-WmiObject -Class "Win32_TerminalServiceSetting" -Namespace root\cimv2\terminalservices).SetAllowTsConnections(1) (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(1) #Enable PSRemoting Enable-PSRemoting -Force Winrm quickconfig #Set firewall rules Set-NetFirewallRule -DisplayName "Remote Desktop*" -enabled true # |
It’s not about what degree you have. It’s not about where, or if, you went to college. It’s not about how many years of formal schooling you have. It’s not about what certifications you have. All that matters is this: What knowledge you have acquired and continue to acquire for as long as you live.…
Recently i needed a quick way to automate patching and rebooting of servers in our data-center. We felt that just using standard WSUS with GPOs was to fuzzy and not specific enough regarding reporting after patching had completed. I could have set up our event log collection servers to alert any errors post-reboot, or i…
I was cleaning up some checkpoints in my home data-center lab today, and started tinkering with a script to automate the task. I put together a couple of short “script-lets” i can put in my task scheduler.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
###################### #Using AD ###################### #Note: The user running the script must have at least read permissions in the AD where the #Hyper-V cluster "lives" and be a member of the "Hyper-V Administrators" group on each cluster node. #Import Modules ipmo ActiveDirectory ipmo Hyper-V #Get servers $hyperv = Get-ADObject -SearchBase "DC=domain,DC=com" -Filter 'ObjectClass -eq "serviceConnectionPoint" -and Name -eq "Microsoft Hyper-V"' $servers = $hyperv | ForEach-Object { $_.DistinguishedName.Split(",")[1].replace("CN=","") } #Remove old snapshots Get-VM -ComputerName $servers | Get-VMSnapshot | Where-Object {$_.CreationTime -lt (Get-Date).AddDays(-2) } | Remove-VMSnapshot |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
###################### #Using cluster ###################### #Note: Can be run from a computer/by a user in any domain or forrest that has two way trust #with the domain of the cluster. The user running the script must have at least read #permissions on the cluster and be a member of the "Hyper-V Administrators" group on each #cluster node. #Import Modules ipmo Hyper-V #Get servers $nodes = Get-ClusterNode -Cluster hpvclu.domain.com | Select -Expand Name #Remove old snapshots Get-VM -ComputerName $nodes | Get-VMSnapshot | Where-Object {$_.CreationTime -lt (Get-Date).AddDays(-2) } | Remove-VMSnapshot |
Up until a few years ago, the cloud was, to quote Wikipedia, “a visible mass of liquid droplets or frozen crystals made of water or various chemicals suspended in the atmosphere above the surface of a planetary body.” But lately, like so many other words or phrases, the cloud has a completely different meaning to…