Re: [NTSysADM] Random reboots Win7 and 10

2018-01-31 Thread elsalvoz 
What are the events prior to the reboot event?
Wild guess, WSUS or schedule tasks.

On Jan 31, 2018 10:03 AM, "Sean Chapman"  wrote:

> Hey all,
>
> Been going crazy today trying to find out why a lot of our PCs are
> rebooting on people with a 2 minute warning.  It seems like it should be
> easy to track down but I cant find anything solid on whats causing it.
> This has happened for some users 2 days in a row now.  Event viewer shows
> the following:
>
> The process wininit.exe (*PC_NAME*) has initiated the restart of computer
> *PC-NAME* on behalf of user *DOMAIN ADMIN ACCOUNT* for the following
> reason: Other (Planned)
> Reason Code: 0x8000
> Shutdown Type: restart
> Comment: On behalf of user *DOMAIN ADMIN ACCOUNT*, a shutdown/reboot
> request was made for the following reason: Other (Planned)
>
>
> The users are prompted with the following message
>
>
>
>
>
>
>
>
>
>
>
>
> 
>
> The information contained in this communication and all accompanying
> documents from Coilcraft may be confidential and/or legally privileged, and
> is intended only for the use of the recipient(s) named above. If you are
> not the intended recipient you are hereby notified that any review,
> disclosure, copying, distribution or the taking of any action in reliance
> on the contents of this transmitted information is strictly prohibited. If
> you have received this communication in error, please return it to the
> sender immediately and destroy the original message or accompanying
> materials and any copy thereof. If you have any questions concerning this
> message, please contact the sender.
>

Re: [NTSysADM] OT: web filter for kids

2017-12-23 Thread elsalvoz 
I've used Microsoft family safe for a while combined with opendns. I've
been pretty happy with it and has worked for me since kids were 5 and 7, 12
and 14 now. What I really like about it, is how settings can be managed
from one central location like GPs.

On Dec 23, 2017 8:50 PM, "J- P"  wrote:

>
> Let me preface this with a Merry Christmas and Happy Chanukah to all-
>
>
> Getting my niece and nephew their first windows laptops (10 and 8 yr old)
> * i know way too old , but my brother and sister in law are slacking
> HAHAHA-  and Ipads and kindles will NOT get them ready for the future-
>
>
> On that note , what is a good home web filter out there- I used
> Cybersitter in the late 90's (still around today)   just wondering what
> most of you do for your kids and family?
>
>
> TIA
>
>
> and Happy New Year
>
> Jean-Paul Natola
>
>

RE: [NTSysADM] RE: Any good SCOM lists?

2017-08-22 Thread elsalvoz 
Read Kevin Holman blog posts. Helped me greatly when I got started and
continue to do so.

Understand classes hierarchies and objects of clases which are in SCOM

Cesar A.

On Aug 22, 2017 2:32 PM, "Heaton, Joseph@Wildlife" <
joseph.hea...@wildlife.ca.gov> wrote:

> No, no specific questions.  Getting ready to dip my toe, so to speak, so
> was looking for a list, and maybe an archive, but I don’t think the
> MyItforums list has an archive.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *elsalvoz
> *Sent:* Friday, August 18, 2017 5:57 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] RE: Any good SCOM lists?
>
>
>
> Technet is kinda active. Myitforum one is one of the most quiet on but if
> you ask questions there are several good people including Kevin Holman. Do
> you have a question on SCOM?
>
> Cesar A.
>
>
>
> On Aug 18, 2017 4:43 PM, "Michael B. Smith" <mich...@smithcons.com> wrote:
>
> The one I use is ms...@lists.myitforum.com
>
>
>
> It’s low volume, but high quality.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Heaton, Joseph@Wildlife
> *Sent:* Friday, August 18, 2017 7:00 PM
> *To:* 'NT System Admin Issues Discussion list'
> *Subject:* [NTSysADM] Any good SCOM lists?
>
>
>
> I signed up for the MyITForum SCOM list, but haven’t seen a single message
> in the few days since.  Does anyone know of any active lists?
>
>
>
> I know I can go to Technet Forums, etc. but wanted a mailing list, like
> this, or the SCCM/Exchange lists.
>
>
>
> Thanks,
>
>
>
> Joe Heaton
>
> Information Technology Operations Branch
>
> Data and Technology Division
>
> CA Department of Fish and Wildlife
>
> 1700 9th Street, 3rd Floor
>
> Sacramento, CA  95811
>
> Desk:  916-323-1284 <(916)%20323-1284>
>
>
>
>

Re: [NTSysADM] RE: Any good SCOM lists?

2017-08-18 Thread elsalvoz 
Technet is kinda active. Myitforum one is one of the most quiet on but if
you ask questions there are several good people including Kevin Holman. Do
you have a question on SCOM?

Cesar A.

On Aug 18, 2017 4:43 PM, "Michael B. Smith"  wrote:

> The one I use is ms...@lists.myitforum.com
>
>
>
> It’s low volume, but high quality.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Heaton, Joseph@Wildlife
> *Sent:* Friday, August 18, 2017 7:00 PM
> *To:* 'NT System Admin Issues Discussion list'
> *Subject:* [NTSysADM] Any good SCOM lists?
>
>
>
> I signed up for the MyITForum SCOM list, but haven’t seen a single message
> in the few days since.  Does anyone know of any active lists?
>
>
>
> I know I can go to Technet Forums, etc. but wanted a mailing list, like
> this, or the SCCM/Exchange lists.
>
>
>
> Thanks,
>
>
>
> Joe Heaton
>
> Information Technology Operations Branch
>
> Data and Technology Division
>
> CA Department of Fish and Wildlife
>
> 1700 9th Street, 3rd Floor
>
> Sacramento, CA  95811
>
> Desk:  916-323-1284 <(916)%20323-1284>
>
>
>

Re: [NTSysADM] RPC not available on remote machine while doing DFSR config

2017-07-24 Thread elsalvoz 
Can you open PSSISSION on either server? You run the commands manually for
testing purposes

Cesar A.

On Jul 24, 2017 12:22 PM, "Kurt Buff"  wrote:

> So, fixing the MTU mismatch seems not to have worked. I left the physical
> interface MTUs on both sides at 1500, and set up the MTUs for the tunnel
> interfaces at 1385, and verified that ping -f -l succeeds at 1357 and fails
> at 1358 from both sides.
>
> I even took a single set of entries from my CSV file and unrolled the
> loop, manually replacing the variables with values, including FQDNs for the
> machine names.
>
> Same failure:
>
> # Add-DfsrMember -GroupName US2AU-Engineering -ComputerName
> usfs01p.example.com, aufs01p.example.com
>
> Add-DfsrMember : Could not add the computer to the replication group.
> Computer: aufs01p.example.com Replication group: "US2AU-Engineering" The
> remote procedure call failed
> At line:1 char:1
> + Add-DfsrMember -GroupName US2AU-Engineering -ComputerName usfs01p.exampl
> ...
> + ~
> + CategoryInfo  : NotSpecified: (aufs01p.example.com:String)
> [Add-DfsrMember], DfsrException
> + FullyQualifiedErrorId : Add-DfsrMember.NonTerminatingOMException,
> Microsoft.DistributedFileSystemReplication.Commands.AddDfsrMemberCommand
>
> Additionally, I tried running the script on the DC in the AU office, and
> get the reciprocal failure (RPC failure, can't resolve the name of the US
> file server).
>
> Kurt
>
> On Mon, Jul 24, 2017 at 7:54 AM, Michael B. Smith 
> wrote:
>
>> Yep, those MTUs.  Because inconsistent RPC fragmentation can cause
>> transactions to fail.
>>
>>
>>
>> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com] *On Behalf Of *Kurt Buff
>> *Sent:* Monday, July 24, 2017 10:44 AM
>>
>> *To:* ntsysadm
>> *Subject:* Re: [NTSysADM] RPC not available on remote machine while
>> doing DFSR config
>>
>>
>>
>> MTUs? As in TCP/IP Maximum Transmission Units?
>>
>> I will check that and post back, but why would a mismatch in MTU show up
>> as this?
>>
>> Kurt
>>
>>
>>
>> On Mon, Jul 24, 2017 at 5:31 AM, Michael B. Smith 
>> wrote:
>>
>> I’m certain you can google as well as I can – but after looking at 8-10
>> results… are you sure you have matching MTUs?
>>
>>
>>
>> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com] *On Behalf Of *Kurt Buff
>> *Sent:* Monday, July 24, 2017 1:10 AM
>> *To:* ntsysadm
>> *Subject:* Re: [NTSysADM] RPC not available on remote machine while
>> doing DFSR config
>>
>>
>>
>> Ignore my earlier message from this evening. I've overcome some blindness
>> on my part, and have a bit more information, though I fear it's not enough.
>> I used this page for what looks to be a better way to handle the errors:
>> https://stackoverflow.com/questions/38419325/catching-full-
>> exception-message
>>
>> The red highlighted error is new - but I don't know why that's there.
>> It's very strange, as both are 2012R2 servers, in the same domain, and I'm
>> running this on my Win10 workstation with my DA credentials.
>>
>>
>>
>> --Begin revised script--
>> $NewDFSR = import-csv -Delimiter "`t" c:\Batchfiles\data\NewDFSR.csv
>> New-DfsReplicationGroup -GroupName US2AU-Engineering
>> $GroupName = Get-DfsReplicationGroup US2AU-Engineering
>> Foreach ($Line in $NewDFSR)
>>{
>> $GroupName = $Line.GroupName
>> $SourceComputer = $Line.SourceComputer
>> $FolderName = $Line.FolderName
>> $SourceContentPath = $Line.SourceContentPath
>> $SourceStagingPathQuotaInMB = $Line.SourceStagingPathQuotaInMB
>> $SourcePrimaryMember = [System.Convert]::ToBoolean($L
>> ine.SourcePrimaryMember)
>> $DestinationComputer = $Line.DestinationComputer
>> $DestinationContentPath = $Line.DestinationContentPath
>> $DestinationReadOnly = [System.Convert]::ToBoolean($L
>> ine.DestinationReadOnly)
>> New-DfsReplicatedFolder -GroupName $GroupName -FolderName $FolderName
>> Try
>>{
>>Add-DfsrMember -GroupName $GroupName -ComputerName
>> $SourceComputer, $DestinationComputer
>>}
>> Catch
>>
>>
>>
>>
>>
>>
>> * {$e = $_.Exception$msg = $e.Messagewhile
>> ($e.InnerException) {   $e = $e.InnerException   $msg +=
>> "`n" + $e.Message}*
>>$msg}
>> Add-DfsrConnection -GroupName $GroupName -SourceComputerName
>> $SourceComputer -DestinationComputerName $DestinationComputer -ErrorAction
>> Stop
>> Set-DfsrMembership -GroupName $GroupName -FolderName $FolderName
>> -ComputerName $SourceComputer -ContentPath $SourceContentPath
>> -PrimaryMember $SourcePrimaryMember -StagingPathQuotaInMB
>> $SourceStagingPathQuotaInMB -Force
>> Set-DfsrMembership -GroupName $GroupName -FolderName $FolderName
>> -ComputerName $DestinationComputer -ContentPath $DestinationContentPath
>> -ReadOnly $DestinationReadOnly

Re: [NTSysADM] RPC not available on remote machine while doing DFSR config

2017-07-21 Thread elsalvoz 
Try enter-pssession cmdlet to test.

When I experience remote RPC issues is normally is due to firewall ports or
WMI issues or DCOM permissions

Cesar A.

On Jul 21, 2017 9:13 PM, "Kurt Buff"  wrote:

There you go, trying to educate me again.

I don't know.

I will have to figure that out, because I've not heard that term before.

I'll get back to you.

Kurt

On Fri, Jul 21, 2017 at 8:27 PM, Michael B. Smith 
wrote:
> What is the InnerException of the error?
>
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
myitforum.com] On Behalf Of Kurt Buff
> Sent: Friday, July 21, 2017 11:11 PM
> To: ntsysadm
> Subject: [NTSysADM] RPC not available on remote machine while doing DFSR
config
>
> All,
>
> I'm re-doing the DFSR config for the file servers in our US and AU
offices. The US has a bunch of directories that will be replicated to AU
(but not back). No big deal, but the PowerShell script I'm writing is
killing me. I don't know if I'm running into a time out problem, or what it
might be.
>
> I'm running the script from Redmond on my laptop.
>
> Here's the script, which should Just Work(tm):
> --
>$NewDFSR = import-csv -Delimiter "`t" c:\Batchfiles\data\NewDFSR.csv
>
>New-DfsReplicationGroup -GroupName US2AU-Engineering
>$GroupName = Get-DfsReplicationGroup US2AU-Engineering
>
>Foreach ($Line in $NewDFSR)
>{
> $GroupName = $Line.GroupName
> $SourceComputer = $Line.SourceComputer
> $FolderName = $Line.FolderName
> $SourceContentPath = $Line.SourceContentPath
> $SourceStagingPathQuotaInMB = $Line.SourceStagingPathQuotaInMB
> $SourcePrimaryMember =
> [System.Convert]::ToBoolean($Line.SourcePrimaryMember)
> $DestinationComputer = $Line.DestinationComputer
> $DestinationContentPath = $Line.DestinationContentPath
> $DestinationReadOnly =
> [System.Convert]::ToBoolean($Line.$Line.DestinationReadOnly)
>
> New-DfsReplicatedFolder -GroupName $GroupName -FolderName $FolderName
> Add-DfsrMember -GroupName $GroupName -ComputerName $SourceComputer,
$DestinationComputer
> Add-DfsrConnection -GroupName $GroupName -SourceComputerName
$SourceComputer -DestinationComputerName $DestinationComputer
> Set-DfsrMembership -GroupName $GroupName -FolderName $FolderName
-ComputerName $SourceComputer -ContentPath $SourceContentPath
-PrimaryMember $SourcePrimaryMember -StagingPathQuotaInMB
$SourceStagingPathQuotaInMB -Force
> Set-DfsrMembership -GroupName $GroupName -FolderName $FolderName
-ComputerName $DestinationComputer -ContentPath $DestinationContentPath
-ReadOnly $DestinationReadOnly -Force
> }
> --
>
> But it fails the Add-DfsrMember command, when trying to add the AU file
server:
> --
>Add-DfsrMember : Could not add the computer to the replication group.
Computer: ZAUFS01P Replication group: "US2AU-Engineering" The remote
procedure call failed
>At C:\BatchFiles\New-DfsrConfiguration.ps1:19 char:2
>+ Add-DfsrMember -GroupName $GroupName -ComputerName
$SourceCompute ...
>+ ~
>+ CategoryInfo  : NotSpecified: (ZAUFS01P:String)
> [Add-DfsrMember], DfsrException
>+ FullyQualifiedErrorId :
> Add-DfsrMember.NonTerminatingOMException,Microsoft.
DistributedFileSystemReplication.Commands.AddDfsrMemberCommand
> --
>
> However, if I RDP to that file server, I see this, which to me indicates
that it *is* listening:
> --
>C:\Windows\system32>winrm enumerate winrm/config/listener
>Listener [Source="GPO"]
>Address = *
>Transport = HTTP
>Port = 5985
>Hostname
>Enabled = true
>URLPrefix = wsman
>CertificateThumbprint
>ListeningOn = 10.212.1.30, 127.0.0.1, ::1,
fe80::a9e7:6f85:8115:b4ed%16
> --
>
> Heck, I even stood up wireshark on my laptop, from which I'm running this
script, and see traffic to that server, though I can't quite figure out the
conversation - but I have a 48kb capture file detailing the transaction for
the attempted configuration of a single directory, if anyone wants that.
>
> Kurt
>
>

Re: [NTSysADM] Boxed in on a Win10 VM

2017-07-20 Thread elsalvoz 
My bad, I misread that you couldn't get a prompt to input username. Win
also disabled administrator account IIRC.

Been using this for ever. https://pogostick.net/~pnh/ntpasswd/

Cesar A.

On Jul 20, 2017 6:30 PM, "J- P"  wrote:

> typo  *sethc
>
>
>
> Jean-Paul Natola
>
>
>
> --
> *From:* listsad...@lists.myitforum.com 
> on behalf of J- P 
> *Sent:* Thursday, July 20, 2017 8:18 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] Boxed in on a Win10 VM
>
>
> how about the old setch hack? I just used it 2 days ago on a w7 machine,
> not sure if  it flies w 10
>
>
>
> Jean-Paul Natola
>
>
>
> --
> *From:* listsad...@lists.myitforum.com 
> on behalf of Kurt Buff 
> *Sent:* Tuesday, July 18, 2017 11:52 PM
> *To:* ntsysadm
> *Subject:* Re: [NTSysADM] Boxed in on a Win10 VM
>
> Dang. Completely forgot about that. I'll have to see if I can gin that up.
>
> Kurt
>
> On Tue, Jul 18, 2017 at 6:21 PM, Robert Cato 
> wrote:
> > The local accout(s) is disabled. NT password reset CD-ROM to reset
> password
> > and enable the local accout. It's a Win10 "feature"
> >
> >
> > On Tue, Jul 18, 2017 at 8:24 PM Kurt Buff  wrote:
> >>
> >> If nobody else comes up with a solution, that's the way I'll go.
> >>
> >> It's been a while since I've used it, but IIRC, it also enables the
> >> account if it's disabled/locked out.
> >>
> >> Kurt
> >>
> >> On Tue, Jul 18, 2017 at 4:55 PM, Michael B. Smith <
> mich...@smithcons.com>
> >> wrote:
> >> > I would try the pnordahl solution.
> >> >
> >> > -Original Message-
> >> > From: listsad...@lists.myitforum.com
> >> > [mailto:listsad...@lists.myitforum.com
> ] On Behalf Of Kurt Buff
> >> > Sent: Tuesday, July 18, 2017 7:46 PM
> >> > To: ntsysadm
> >> > Subject: [NTSysADM] Boxed in on a Win10 VM
> >> >
> >> > All,
> >> >
> >> > A colleague stood up a Win10 VM that was a clone of an original
> >> > domain-joined machine, running on a ESXi/vSphere 6.0 host.
> >> >
> >> > I noticed this, and decided to help out - the VM clone was not fully
> >> > functional - it's trust relationship with the domain was broken.
> >> >
> >> > I was able to log in using cached credentials with administrative
> >> > privileges, so I set the local administrator password to something we
> know
> >> > (we use LAPS here, so there's no telling what the most recent
> administrator
> >> > password was).
> >> >
> >> > I then changed the machine name and joined the VM to a workgroup at
> the
> >> > same time - something I've done probably hundreds of times over the
> years
> >> > with never a failure before now.
> >> >
> >> > After reboot, the login screen shows only the username of the last
> >> > successful login (a domain account, not a local account, even though
> it's
> >> > not a member of the domain!).
> >> >
> >> > I cannot get it to switch to another account to log in, and since the
> >> > only account available on the login screen is the domain account, and
> it's
> >> > not joined to the domain, I can't use that account's password to log
> in.
> >> >
> >> > There are no backups, no restore points and no snapshots for this VM.
> >> >
> >> > I was able to boot into safe mode in the console, and start a command
> >> > prompt - when it asked for the local Administrator account, that
> worked, so
> >> > I know the password is good.
> >> >
> >> > I've tried to RDP into the machine, and am refused, no matter which
> >> > credentials I try.
> >> >
> >> > I even tried disconnecting the NIC for the VM to see if that would
> shake
> >> > loose some cached credentials, but no go, and it stubbornly refuses
> to show
> >> > me any other accounts to choose for login.
> >> >
> >> > I suppose I could do a reset, but I believe there's 3rd party software
> >> > that was installed in the interim, so I'm a bit hesitant to do that.
> >> >
> >> > Anyone have thoughts on how to proceed?
> >> >
> >> > I'm about ready to boot with a Nordahl iso, and see if that helps, but
> >> > if push comes to shove, I I'll re-clone the original, and try again,
> and let
> >> > the colleague know that he's lost any work done, but for the moment
> this is
> >> > an exercise in overcoming - something.
> >> >
> >> > Kurt
> >> >
> >> >
> >>
> >>
> >
>
>
>

Re: [NTSysADM] Boxed in on a Win10 VM

2017-07-18 Thread elsalvoz 
Alt+ctrl+del 3 times? Used to work with XP.

Can you use computer management remotely to asses groups membership or even
create a new local user? Psexec?

Cesar A.

On Jul 18, 2017 5:13 PM, "Don Ely"  wrote:

> .\administrator doesn't let you login?
>
> On Tue, Jul 18, 2017 at 4:52 PM Kurt Buff  wrote:
>
>> All,
>>
>> A colleague stood up a Win10 VM that was a clone of an original
>> domain-joined machine, running on a ESXi/vSphere 6.0 host.
>>
>> I noticed this, and decided to help out - the VM clone was not fully
>> functional - it's trust relationship with the domain was broken.
>>
>> I was able to log in using cached credentials with administrative
>> privileges, so I set the local administrator password to something we
>> know (we use LAPS here, so there's no telling what the most recent
>> administrator password was).
>>
>> I then changed the machine name and joined the VM to a workgroup at
>> the same time - something I've done probably hundreds of times over
>> the years with never a failure before now.
>>
>> After reboot, the login screen shows only the username of the last
>> successful login (a domain account, not a local account, even though
>> it's not a member of the domain!).
>>
>> I cannot get it to switch to another account to log in, and since the
>> only account available on the login screen is the domain account, and
>> it's not joined to the domain, I can't use that account's password to
>> log in.
>>
>> There are no backups, no restore points and no snapshots for this VM.
>>
>> I was able to boot into safe mode in the console, and start a command
>> prompt - when it asked for the local Administrator account, that
>> worked, so I know the password is good.
>>
>> I've tried to RDP into the machine, and am refused, no matter which
>> credentials I try.
>>
>> I even tried disconnecting the NIC for the VM to see if that would
>> shake loose some cached credentials, but no go, and it stubbornly
>> refuses to show me any other accounts to choose for login.
>>
>> I suppose I could do a reset, but I believe there's 3rd party software
>> that was installed in the interim, so I'm a bit hesitant to do that.
>>
>> Anyone have thoughts on how to proceed?
>>
>> I'm about ready to boot with a Nordahl iso, and see if that helps, but
>> if push comes to shove, I I'll re-clone the original, and try again,
>> and let the colleague know that he's lost any work done, but for the
>> moment this is an exercise in overcoming - something.
>>
>> Kurt
>>
>>
>>

Re: [NTSysADM] Running a command with parameters using PSEXEC

2017-07-18 Thread elsalvoz 
No quotes should work

Cesar A.

On Jul 18, 2017 7:30 AM, "Michael Leone"  wrote:

> On Tue, Jul 18, 2017 at 9:42 AM, Webster  wrote:
>
>> Try "c:\windows\system32\klist -li 0x3e7 purge"
>>
>
>
> Nope .. which is odd, because that's where the file is ...
>
> C:\SysinternalsSuite>psexec -h \\dctrweb026  "c:\windows\system32\klist.exe
> -li 0x3e7 purge"
>
> PsExec v2.11 - Execute processes remotely
> Copyright (C) 2001-2014 Mark Russinovich
> Sysinternals - www.sysinternals.com
>
>
> PsExec could not start c:\windows\system32\klist.exe -li 0x3e7 purge on
> dctrweb026:
> The system cannot find the file specified.
>
>
>>

Re: [NTSysADM] Very strange problem file server - read vs. write

2017-05-26 Thread elsalvoz 
Please, that's a good one.

Cesar A.

On May 26, 2017 4:10 PM, "Kurt Buff" <kurt.b...@gmail.com> wrote:

> I'm on the phone with MSFT now.
>
> I'll update y'all once I know more.
>
> Kurt
>
> On Fri, May 26, 2017 at 3:54 PM, Michael B. Smith <mich...@smithcons.com>
> wrote:
> > Time for netmon/wireshark.
> >
> > -Original Message-
> > From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] On Behalf Of Kurt Buff
> > Sent: Friday, May 26, 2017 6:09 PM
> > To: ntsysadm
> > Subject: Re: [NTSysADM] Very strange problem file server - read vs. write
> >
> > Multiple workstations. I've migrated the file server to different hosts
> (5 in the cluster), and it doesn't seem to make a difference.
> >
> > Kurt
> >
> > On Fri, May 26, 2017 at 2:17 PM, elsalvoz <elsal...@gmail.com> wrote:
> >> One, multiple or all workstations? How about server on different host
> >> or physicals?
> >>
> >> Cesar A.
> >>
> >> On May 26, 2017 2:10 PM, "Michael B. Smith" <mich...@smithcons.com>
> wrote:
> >>>
> >>> Without a trace I can't be sure. But it seems likely.
> >>>
> >>> Have you also verified that the link is negotiating to the highest
> >>> speed available and that it is error free?
> >>>
> >>> -Original Message-
> >>> From: listsad...@lists.myitforum.com
> >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
> >>> Sent: Friday, May 26, 2017 4:04 PM
> >>> To: ntsysadm
> >>> Subject: Re: [NTSysADM] Very strange problem file server - read vs.
> >>> write
> >>>
> >>> No, we have not. It's required for some older machines.
> >>>
> >>> FWIW, the client's I'm testing with are Win10 1607.
> >>>
> >>> I presume that your implication is that turning it off would speed
> >>> things up?
> >>>
> >>> Kurt
> >>>
> >>> On Fri, May 26, 2017 at 12:33 PM, Michael B. Smith
> >>> <mich...@smithcons.com>
> >>> wrote:
> >>> > Have you disabled smb1?
> >>> >
> >>> > -Original Message-
> >>> > From: listsad...@lists.myitforum.com
> >>> > [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
> >>> > Sent: Friday, May 26, 2017 3:20 PM
> >>> > To: ntsysadm
> >>> > Subject: [NTSysADM] Very strange problem file server - read vs.
> >>> > write
> >>> >
> >>> > All,
> >>> >
> >>> > I have a 2012R2 file server running as a VM on vSphere 6.0.
> >>> >
> >>> > Here's what I'm seeing:
> >>> >
> >>> > Copy large file (win7 ISO) from file server to workstation, I get
> >>> > roughly 12-13Mbytes/second, wired or wireless.
> >>> >
> >>> > Copy that file from workstation to server over a wireless
> >>> > connection, same speed - 12-13Mbytes/second
> >>> >
> >>> > Copy that file from workstation to server over wired connection,
> >>> > speed degrades to 1Mbyte/second or less
> >>> >
> >>> > Copy that file to another 2012R2 VM on the same host on the same
> >>> > SAN volume (our print server), and speeds are 12-13Mbytes/second
> >>> > for both wired and wireless.
> >>> >
> >>> > I've made sure that the following are disabled: RSS, atime, 8.3
> >>> > filename generation, TCP Chimney.
> >>> >
> >>> > RAM and CPU utilization on this machine are well within limits.
> >>> >
> >>> > I'm thoroughly stumped.
> >>> >
> >>> > Anyone have pointers for me? I'm about to raise a case with MSFT.
> >>> >
> >>> > Kurt
> >>> >
> >>> >
> >>>
> >>>
> >>
> >
> >
>
>
>

RE: [NTSysADM] Very strange problem file server - read vs. write

2017-05-26 Thread elsalvoz 
One, multiple or all workstations? How about server on different host or
physicals?

Cesar A.

On May 26, 2017 2:10 PM, "Michael B. Smith"  wrote:

> Without a trace I can't be sure. But it seems likely.
>
> Have you also verified that the link is negotiating to the highest speed
> available and that it is error free?
>
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] On Behalf Of Kurt Buff
> Sent: Friday, May 26, 2017 4:04 PM
> To: ntsysadm
> Subject: Re: [NTSysADM] Very strange problem file server - read vs. write
>
> No, we have not. It's required for some older machines.
>
> FWIW, the client's I'm testing with are Win10 1607.
>
> I presume that your implication is that turning it off would speed things
> up?
>
> Kurt
>
> On Fri, May 26, 2017 at 12:33 PM, Michael B. Smith 
> wrote:
> > Have you disabled smb1?
> >
> > -Original Message-
> > From: listsad...@lists.myitforum.com
> > [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
> > Sent: Friday, May 26, 2017 3:20 PM
> > To: ntsysadm
> > Subject: [NTSysADM] Very strange problem file server - read vs. write
> >
> > All,
> >
> > I have a 2012R2 file server running as a VM on vSphere 6.0.
> >
> > Here's what I'm seeing:
> >
> > Copy large file (win7 ISO) from file server to workstation, I get
> roughly 12-13Mbytes/second, wired or wireless.
> >
> > Copy that file from workstation to server over a wireless connection,
> > same speed - 12-13Mbytes/second
> >
> > Copy that file from workstation to server over wired connection, speed
> > degrades to 1Mbyte/second or less
> >
> > Copy that file to another 2012R2 VM on the same host on the same SAN
> volume (our print server), and speeds are 12-13Mbytes/second for both wired
> and wireless.
> >
> > I've made sure that the following are disabled: RSS, atime, 8.3 filename
> generation, TCP Chimney.
> >
> > RAM and CPU utilization on this machine are well within limits.
> >
> > I'm thoroughly stumped.
> >
> > Anyone have pointers for me? I'm about to raise a case with MSFT.
> >
> > Kurt
> >
> >
>
>
>

RE: [NTSysADM] Strange error for Security Event log

2017-05-12 Thread elsalvoz 
Up WMI memory if you haven't done so. We have up the memory on all our DCs
in our environment.

FYI. This is frequently required on WSUS servers serving high numbers of
clients

Cesar A.

On May 12, 2017 9:37 AM, "Heaton, Joseph@Wildlife" <
joseph.hea...@wildlife.ca.gov> wrote:

> We have strict policies in place, and I couldn’t bounce the server until
> Wednesday night.  This resolved the 4201 error.  Now, it refuses to open at
> times, with a 1723 error, RPC server is too busy to complete this operation.
>
>
>
> This DC is only doing DHCP, DNS and Directory services.  No way should it
> be too busy to display the event log.  I have another DC that is giving the
> same error, but it is handling Radius and LDAP, and both of those are very
> active, chatty services here.
>
>
>
> Our thought at the moment is that we have two tools, Netwrix Auditor, and
> Splunk, that pretty much constantly talk with the domain controllers, to
> access, and mine the security logs.  Even though CPU and Memory usage are
> hanging out around 45%, something is going on underneath, that is causing
> these errors.  I’m just not sure how to pinpoint the culprit.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *elsalvoz
> *Sent:* Wednesday, May 10, 2017 10:26 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] Strange error for Security Event log
>
>
>
> I'm sure you have bounced the box. WMI might be corrupted, there some
> commands that can be run to verify repository health.
>
> Cesar A.
>
>
>
> On May 10, 2017 8:43 AM, "Heaton, Joseph@Wildlife" <
> joseph.hea...@wildlife.ca.gov> wrote:
>
> Server 2012R2
>
> Domain Controller
>
> Main DHCP server for the domain
>
>
>
> This is affecting only my Security event log.  The Application and System
> logs are working fine.  When I try to look at the Security log, I get an
> error:
>
>
>
> “Event Viewer cannot open the event log or custom view.  Verify that Event
> Log service is running or query is too long.  The instance name passed was
> not recognized as valid by a WMI data provider (4201)”
>
>
>
> I have been searching the internet, and have found plenty of stuff on this
> error, but nothing has looked right.  Permissions are correct in the
> registry, permissions are correct in the file structure, the event log keys
> are correct value in the registry.  The Windows Event Log service is
> running, which was another symptom people were listing.  There are no
> custom views setup, or filters.
>
>
>
> When I look at the properties of the Security log within Event Viewer, it
> shows the Log size as 0 bytes.  The max log size was up to 12.5GB (I did
> NOT set it to that).  The size of the actual log in the directory is 8GB.
> I have manually reset the max size to 4GB, closed out the Event Viewer,
> reopened it, and the max size had changed to 8GB.
>
>
>
> I have been digging on this for a few days now, and just can’t find a
> solution.  We do have Splunk in place, and what it is seeing as far as
> Security logs, are 521 entries, which say “Unable to log events to security
> log”.  Which makes sense, since the security log is hosed.  Can I simply
> rename the actual log file, or move it out of the location, and the system
> would recreate it?  Any help/tips/advice you guys can offer would be
> greatly appreciated.
>
>
>
> Joe Heaton
>
> Information Technology Operations Branch
>
> Data and Technology Division
>
> CA Department of Fish and Wildlife
>
> 1700 9th Street, 3rd Floor
>
> Sacramento, CA  95811
>
> Desk:  (916) 323-1284
>
>
>
> Every Californian should conserve water.  Find out how at:
>
> [image: SaveOurWater_Logo] <http://saveourwater.com/>
>
> SaveOurWater.com <http://saveourwater.com/> · Drought.CA.gov
> <http://drought.ca.gov/>
>
>
>
>

Re: [NTSysADM] Strange error for Security Event log

2017-05-10 Thread elsalvoz 
I'm sure you have bounced the box. WMI might be corrupted, there some
commands that can be run to verify repository health.

Cesar A.

On May 10, 2017 8:43 AM, "Heaton, Joseph@Wildlife" <
joseph.hea...@wildlife.ca.gov> wrote:

> Server 2012R2
>
> Domain Controller
>
> Main DHCP server for the domain
>
>
>
> This is affecting only my Security event log.  The Application and System
> logs are working fine.  When I try to look at the Security log, I get an
> error:
>
>
>
> “Event Viewer cannot open the event log or custom view.  Verify that Event
> Log service is running or query is too long.  The instance name passed was
> not recognized as valid by a WMI data provider (4201)”
>
>
>
> I have been searching the internet, and have found plenty of stuff on this
> error, but nothing has looked right.  Permissions are correct in the
> registry, permissions are correct in the file structure, the event log keys
> are correct value in the registry.  The Windows Event Log service is
> running, which was another symptom people were listing.  There are no
> custom views setup, or filters.
>
>
>
> When I look at the properties of the Security log within Event Viewer, it
> shows the Log size as 0 bytes.  The max log size was up to 12.5GB (I did
> NOT set it to that).  The size of the actual log in the directory is 8GB.
> I have manually reset the max size to 4GB, closed out the Event Viewer,
> reopened it, and the max size had changed to 8GB.
>
>
>
> I have been digging on this for a few days now, and just can’t find a
> solution.  We do have Splunk in place, and what it is seeing as far as
> Security logs, are 521 entries, which say “Unable to log events to security
> log”.  Which makes sense, since the security log is hosed.  Can I simply
> rename the actual log file, or move it out of the location, and the system
> would recreate it?  Any help/tips/advice you guys can offer would be
> greatly appreciated.
>
>
>
> Joe Heaton
>
> Information Technology Operations Branch
>
> Data and Technology Division
>
> CA Department of Fish and Wildlife
>
> 1700 9th Street, 3rd Floor
>
> Sacramento, CA  95811
>
> Desk:  (916) 323-1284
>
>
>
> Every Californian should conserve water.  Find out how at:
>
> [image: SaveOurWater_Logo] 
>
> SaveOurWater.com  · Drought.CA.gov
> 
>
>
>

[NTSysADM] Discovery of SQL cluster virtual instances and databases

2016-09-23 Thread elsalvoz 
In case someone works with SCOM on this list.

Hello All,

I'm scratching my head on how to start writting SCOM MP a new request I
recieved at work.Hopefully someone could point me on the right direction or
give me some ideas how to map it out and discover it. Maybe I'm thinking
this out the wrong way.

There are virtual instances of server names (9) server01.domain.com that
point to SQL instances on enterprise cluster. We connect to these instance
by using SQL studio '*server01\db01*' FQDN can be used as well. These
virtual instances are discovered in windows.computer/sql.computer classes

We also have windows servers (full OS) and SQL servers (3) '
server09.domain.com' for the same purpose for the same purpose and connect
to the DBs by using the same method stated above. These servers are also
discovered in windows.computer/sql.computer classes

What we want to do:
We would like to discover all the sarver as part of the same class (virtual
names and OS servers) and have 2 properties 'IntanceName' and
'DatabaseName' - I'm able to discover the 3 OS instances but not the
virtual names and I'm guessing because a VBScript can't run on a 'virtual
name' instance that really only points to a database instance.
After the discovery, we want to run performance metrix populated by SQL
queries for each instance, the queries will provide number of rows being
used and track, we might be able to do this by running a powershell script
and populate the data for each myapp class discover instance. We then can
alert on the performance collection if the number higher than '300' alert
which I haven't found a way how to do this yet.

Any ideas would be greate or sample that someone might have used in the
past would be great as pointer are welcome.

Thanks,
Cesar A.


Discovery Script:

On Error Resume Next

Set oArgs = Wscript.Arguments
Const wbemFlagReturnImmediately = 
Const wbemFlagForwardOnly = 

SourceID = oArgs(0)
ManagedEntityID = oArgs(1)
sComputerName = oArgs(2) 'computer display name
sInstanceName = oArgs(3) 'netbios name

Set oAPI = CreateObject("MOM.ScriptAPI")
Set oDiscoveryData = oAPI.CreateDiscoveryData(0, SourceID, ManagedEntityID)
Call oAPI.LogScriptEvent("myApp.vbs",101,0,"Patron Discovery script
excuted")
Set oInstance = oDiscoveryData.CreateClassInstance("$MPElement[Name='MP.
MyApp.Class']$")

   oInstance.AddProperty "$MPElement[Name='Windows!Micr
osoft.Windows.Computer']/PrincipalName$", sInstanceName
   oInstance.AddProperty
"$MPElement[Name='System!System.Entity']/DisplayName$",
sInstanceName
   oInstance.AddProperty "$MPElement[Name='MP.MyApp.Class']/InstanceName$",
sInstanceName
   oInstance.AddProperty "$MPElement[Name='MP.MyApp.Class']/DatabaseName$",
sDBname
   oDiscoveryData.AddInstance(oInstance)

oAPI.Return(oDiscoveryData)

Re: [NTSysADM] RE: Stupid brain

2015-03-16 Thread elsalvoz 
What section if any of the bat is getting excited?

Add a echo running section  c:\temp\batlog.txt to the bat (no quotes)
to check if it's actually running.

Other is account being used and password. Can it be run as system?

Cesar A
On Mar 16, 2015 9:46 AM, David McSpadden dav...@imcu.com wrote:

  I really think it does.

 I”ll have someone else check me to be certain.



 *From:* listsad...@lists.myitforum.com [mailto:
 listsad...@lists.myitforum.com] *On Behalf Of *Gordon Pegue
 *Sent:* Monday, March 16, 2015 12:42 PM
 *To:* ntsysadm@lists.myitforum.com
 *Subject:* [NTSysADM] RE: Stupid brain



 Security perms of the task context match up with the security perms of the
 zip op destination?

 I’ve had that bite me ITA



 *From:* listsad...@lists.myitforum.com [
 mailto:listsad...@lists.myitforum.com listsad...@lists.myitforum.com] *On
 Behalf Of *David McSpadden
 *Sent:* Monday, March 16, 2015 10:09 AM
 *To:* ntsysadm@lists.myitforum.com
 *Subject:* [NTSysADM] Stupid brain



 I have a .b a t file that I have been running in Task Scheduler for years
 on a server 2012R2.

 All of a sudden it says that it ran but it really isn’t doing everything
 as advertised.

 Getting a good 0x0 status but the last piece is a zip of the back up file
 and it is not completing.



 Where do I look to trouble shoot this?



 This e-mail and any files transmitted with it are property of Indiana
 Members Credit Union, are confidential, and are intended solely for the use
 of the individual or entity to whom this e-mail is addressed. If you are
 not one of the named recipient(s) or otherwise have reason to believe that
 you have received this message in error, please notify the sender and
 delete this message immediately from your computer. Any other use,
 retention, dissemination, forwarding, printing, or copying of this email is
 strictly prohibited.



 Please consider the environment before printing this email.

 This e-mail and any files transmitted with it are property of Indiana
 Members Credit Union, are confidential, and are intended solely for the use
 of the individual or entity to whom this e-mail is addressed. If you are
 not one of the named recipient(s) or otherwise have reason to believe that
 you have received this message in error, please notify the sender and
 delete this message immediately from your computer. Any other use,
 retention, dissemination, forwarding, printing, or copying of this email is
 strictly prohibited.

 Please consider the environment before printing this email.

RE: [NTSysADM] Troubleshooting HTTPS slow traffic. Dell iDRAC

2015-02-23 Thread elsalvoz 
That's a great suggestions.

This is a new environment I started working at and there is certainly DNS
issues here. I will look into that path as well.

Cesar
On Feb 23, 2015 1:37 PM, Edward Berner bern...@yosemite.edu wrote:

 Maybe something DNS related?  A DNS resolution timeout would be consistent
 with a 10-20 second delay.

 Edward

 --

 From: listsad...@lists.myitforum.com [mailto:
 listsad...@lists.myitforum.com] On Behalf Of elsalvoz
 Sent: Friday, February 20, 2015 1:58 PM
 To: ntsysadm@lists.myitforum.com
 Subject: [NTSysADM] Troubleshooting HTTPS slow traffic. Dell iDRAC

 We just imported Dell MP to monitor iDRAC. We are running into some issues
 when opening iDRAC GUI from our SCOM server, it takes from 10-20 seconds to
 open. We believe is related to firewall or proxy since we have no problem
 opening the same URL/IP from a server on a different network. It opens
 instantly.

 SCOM 2012 R2 ur2
 OS, server 2012 R2.
 TMG proxy.

 Does anyone know of a good tool to test latency on HTTPS traffic? Or best
 method for us to troubleshoot this.

 Thanks in advance.
 Cesar

RE: [NTSysADM] Troubleshooting HTTPS slow traffic. Dell iDRAC

2015-02-23 Thread elsalvoz 
Thinking it over it can't be DNS,  I'm using IP addresses in the URL
address and still slow. Great suggestion though.

Cesar
On Feb 23, 2015 2:44 PM, elsalvoz elsal...@gmail.com wrote:

 That's a great suggestions.

 This is a new environment I started working at and there is certainly DNS
 issues here. I will look into that path as well.

 Cesar
 On Feb 23, 2015 1:37 PM, Edward Berner bern...@yosemite.edu wrote:

 Maybe something DNS related?  A DNS resolution timeout would be
 consistent with a 10-20 second delay.

 Edward

 --

 From: listsad...@lists.myitforum.com [mailto:
 listsad...@lists.myitforum.com] On Behalf Of elsalvoz
 Sent: Friday, February 20, 2015 1:58 PM
 To: ntsysadm@lists.myitforum.com
 Subject: [NTSysADM] Troubleshooting HTTPS slow traffic. Dell iDRAC

 We just imported Dell MP to monitor iDRAC. We are running into some
 issues when opening iDRAC GUI from our SCOM server, it takes from 10-20
 seconds to open. We believe is related to firewall or proxy since we have
 no problem opening the same URL/IP from a server on a different network. It
 opens instantly.

 SCOM 2012 R2 ur2
 OS, server 2012 R2.
 TMG proxy.

 Does anyone know of a good tool to test latency on HTTPS traffic? Or best
 method for us to troubleshoot this.

 Thanks in advance.
 Cesar

[NTSysADM] Troubleshooting HTTPS slow traffic. Dell iDRAC

2015-02-20 Thread elsalvoz 
We just imported Dell MP to monitor iDRAC. We are running into some issues
when opening iDRAC GUI from our SCOM server, it takes from 10-20 seconds to
open. We believe is related to firewall or proxy since we have no problem
opening the same URL/IP from a server on a different network. It opens
instantly.

SCOM 2012 R2 ur2
OS, server 2012 R2.
TMG proxy.

Does anyone know of a good tool to test latency on HTTPS traffic? Or best
method for us to troubleshoot this.

Thanks in advance.

Cesar

Re: [NTSysADM] Troubleshooting HTTPS slow traffic. Dell iDRAC

2015-02-20 Thread elsalvoz 
Thanks,  will that a try tomorrow or Monday. Long week.

Can I setup Wireshark on my workstation and monitor the two endpoints from
there? It's been a while since I used it last but I think I did that once

Cesar
On Feb 20, 2015 2:57 PM, Ed Ziots eziot...@gmail.com wrote:

 Wireshark and then filter.the pcap for ssl/tls. Then u can compare the
 time it takes to set up the ssl session

 Ed
 On Feb 20, 2015 4:59 PM, elsalvoz elsal...@gmail.com wrote:

 We just imported Dell MP to monitor iDRAC. We are running into some
 issues when opening iDRAC GUI from our SCOM server, it takes from 10-20
 seconds to open. We believe is related to firewall or proxy since we have
 no problem opening the same URL/IP from a server on a different network. It
 opens instantly.

 SCOM 2012 R2 ur2
 OS, server 2012 R2.
 TMG proxy.

 Does anyone know of a good tool to test latency on HTTPS traffic? Or best
 method for us to troubleshoot this.

 Thanks in advance.

 Cesar

Re: [NTSysADM] Powershell function names

2015-02-12 Thread elsalvoz 
maybe an alias?

Make it a module and use alias to call it.

Cesar
On Feb 12, 2015 9:41 AM, Rene de Haas rene.deh...@gmail.com wrote:

 What if you define the function to have a dummy parameter and then not use
 it? That way the second word gets ignored.

 On Thu, Feb 12, 2015 at 5:45 PM, Rankin, James R kz2...@googlemail.com
 wrote:

 I'm trying to create a function to replace an old command line utility
 that's been deprecated, and the command line was a two word utility (well,
 the second word util was probably a parameter, but you got used to using it
 as two words, more or less)


 Cheers,


 JR
 -
 Yes, I use a BlackBerry. Get over it.
 --
 *From: * Rene de Haas rene.deh...@gmail.com
 *Sender: * listsad...@lists.myitforum.com
 *Date: *Thu, 12 Feb 2015 17:40:42 +0100
 *To: *ntsysadm@lists.myitforum.com
 *ReplyTo: * ntsysadm@lists.myitforum.com
 *Subject: *Re: [NTSysADM] Powershell function names

 I don't think it is, but can't see it mentioned specifically.
 Why do you want to do that?

 On Thu, Feb 12, 2015 at 4:08 PM, James Rankin kz2...@googlemail.com
 wrote:

 Can you add a function in PowerShell with spaces in the function name?
 Putting quotes around it doesn't helpwas just wondering if this was
 actually possible

 TIA,



 --
 *James Rankin*
 -
 RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization
 Practice Analyst - Desktop Virtualization
 http://appsensebigot.blogspot.co.uk

Re: [NTSysADM] EXE to MSI

2015-01-01 Thread elsalvoz 
http://www.advancedinstaller.com

Easy to use and the basic is free, I've used for pesky EXE as wrapper.

Cesar
On Jan 1, 2015 3:08 PM, Kevin Lundy klu...@gmail.com wrote:

 Kevin - how long have you been on this list?

 (to the rest of the list, sorry for the intrusion.  Kevin P and I used to
 work together years ago and this is the first time I have noticed him on
 the list. )

 On Thursday, January 1, 2015, Kevin Pethick kevin.peth...@gmail.com
 wrote:

 Also worth checking the ,exe isn't just a wrapper, that just extracts an
 msi and installs that,.
 If that's the case you can often extract the msi yourself and deploy that.

 On 1 January 2015 at 22:03, Michael B. Smith mich...@smithcons.com
 wrote:

  +1



 As long as the EXE install is “silent”, it should work fine.



 *From:* listsad...@lists.myitforum.com [mailto:
 listsad...@lists.myitforum.com] *On Behalf Of *kz2...@googlemail.com
 *Sent:* Thursday, January 1, 2015 5:01 PM
 *To:* ntsysadm@lists.myitforum.com
 *Subject:* Re: [NTSysADM] EXE to MSI



 I'd do it with a script, personally, depending on environment size and
 infrastructure tools available.


 GP startup script would be ideal, in the absence of anything that would
 make life easier

  Sent from my BlackBerry® smartphone on O2
  --

 *From: *J- P jnat...@hotmail.com

 *Sender: *listsad...@lists.myitforum.com

 *Date: *Thu, 1 Jan 2015 11:48:10 -0500

 *To: *NTntsysadm@lists.myitforum.com

 *ReplyTo: *ntsysadm@lists.myitforum.com

 *Subject: *[NTSysADM] EXE to MSI



 Hi all and Happy New year.

 It's been a while since I had to push out an EXE app (as most now come
 with MSI), anyhow this vendor is still stuck a few decades behind ;)


 I vaguely recall having an application that converted EXE to MSI, but
 cant remember it for the life of me.
 What do most people do/use to deploy an executable?

 Thanks

Re: [NTSysADM] training offer

2014-12-05 Thread elsalvoz 
There are really good courses in the mix. Has anyone taken their courses
before? How good are they?

Cesar
On Dec 5, 2014 7:38 AM, J- P jnat...@hotmail.com wrote:

 just FYI

 http://ituonline.com/courses/courses/

Re: [NTSysADM] PowerShell

2014-08-26 Thread elsalvoz 
This is part of a function I wrote to switch SCCM advertisement flags; it
calculates current value and also sets the new values using -bxor for hex
values. It may get you started for what you are trying to accomplish.

$Adv.Get()
$old = (Old Setting {0} on Advertisement Name: {1} -f $Adv.AdvertFlags,
$Adv.AdvertisementName)
Write-Host $old -ForegroundColor Cyan
If ($Adv.AdvertFlags -band 0x0001)
{
Write-Host (Check box is set: {0} -f $Adv.AdvertFlags) 
-ForegroundColor Green
$Adv.AdvertFlags = $Adv.AdvertFlags -bxor 0x0001

}
else
{
Write-Host (Check box is NOT set: {0} -f $Adv.AdvertFlags) 
-ForegroundColor Red
$Adv.AdvertFlags = $Adv.AdvertFlags -bxor 0x0001
}
$new = (New Setting {0} on package Name: {1} -f $Adv.AdvertFlags,
$Adv.AdvertisementName)
Write-Host $new -ForegroundColor Blue
$Adv.put() | Out-Null


On Tue, Aug 26, 2014 at 12:17 PM, Nash Pherson na...@nowmicro.com wrote:

  Try the Bitwise Operators section of this article for info on doing
 bitwise comparisons and shifts:

 http://technet.microsoft.com/en-us/library/hh847759.aspx



 Mark Schill has an article on bitwise operations here:

 http://powerschill.com/uncategorized/bitwise-operators/





 I hope that helps,





 Nash



 *From:* listsad...@lists.myitforum.com [mailto:
 listsad...@lists.myitforum.com] *On Behalf Of *James Rankin
 *Sent:* Friday, August 22, 2014 4:54 AM

 *To:* NTSysADM@lists.myitforum.com
 *Subject:* [NTSysADM] PowerShell



 Any idea if you can toggle a particular bit of a byte in a binary Registry
 key using PowerShell? My head is busted trying to work this out


 --

 *James Rankin*
 -
 RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization
 Practice Analyst - Desktop Virtualization
 http://appsensebigot.blogspot.co.uk

[NTSysADM] Windows Server 2008 R2 Role removal log

2014-08-01 Thread elsalvoz 
Hello All,

Is there a way to review who or what caused the removal of a server role?

We encounter a situation where the file server role was removed from 2 of
our Windows 2008 R2 servers. Our SCCM application became unavailable due to
those changes.

Any pointers would be greatly appreciated.

Thanks,
Cesar

Re: [NTSysADM] Imaging pc's and such

2014-07-25 Thread elsalvoz 
Take a look at MDT. You can do technically everything that SCCM does
regarding images and even does some things better or easier to work with.
Learning curve is much less than SCCM.

Imaging over the WAN not recommended with any product but MDT can be setup
with DFS to replicate during off hours since is just a share, or send the
entire share or image as best works for you. You can also OEM setup
contained in one USB drive. Configs are ini file driven.

Search for hydration kit, it's a good start and details most of the
features and concepts.

Cesar
On Jul 25, 2014 9:01 AM, David McSpadden dav...@imcu.com wrote:

  I am just about tired of building an image and using ximage or
 Clonezilla to but workstations one at a time each time a new app is needed
 etc.



 How can I leverage System Configuration manager to push images here on my
 LAN and some form of USB stick send snail mail to my branch locations?



 Any Ideas.

 I am running Windows 7 32bit pro on a Server 2012 Active Directory.

 My branch locations only have T1’s so I am not sure pushing over the WAN
 to them would be in my best interest.



 I am open to ideas.

 Thanks

 David

 This e-mail and any files transmitted with it are property of Indiana
 Members Credit Union, are confidential, and are intended solely for the use
 of the individual or entity to whom this e-mail is addressed. If you are
 not one of the named recipient(s) or otherwise have reason to believe that
 you have received this message in error, please notify the sender and
 delete this message immediately from your computer. Any other use,
 retention, dissemination, forwarding, printing, or copying of this email is
 strictly prohibited.

 Please consider the environment before printing this email.

RE: [NTSysADM] best/preferred remote re-imaging

2014-07-02 Thread elsalvoz 
To be honest, I haven't had a need to implement it with those requirements
but in a small scale you can use DHCP scopes and options 66/67 to limit
which network would receive PXE info. I'm not a network guy but can also be
limited at the network level of I'm not mistaken.

I'm sure there are other ways to accomplish this as well.

Cesar
On Jul 2, 2014 5:58 AM, Joseph L. Casale jcas...@activenetwerx.com
wrote:

  You can you MDT 2013 to build your images with bundled apps or deploy
 the OS
  and add the apps in one step. You can use WDS to boot the systems. Very
 portable
  solution after the initial setup since is just a shared folder.

 Cesar,
 How does one prevent a wds server across a wan link from not _its_ boot
 and image wim?

RE: [NTSysADM] taskkill logon error

2014-06-05 Thread elsalvoz 
Try mapping a drive first to ensure connection and run the command after.

Cesar
On Jun 5, 2014 8:09 AM, Jimmy Tran ji...@jt-solution.com wrote:

  Yes, local admin account.



 *From:* listsad...@lists.myitforum.com [mailto:
 listsad...@lists.myitforum.com] *On Behalf Of *J- P
 *Sent:* Thursday, June 05, 2014 7:45 AM
 *To:* ntsysadm@lists.myitforum.com
 *Subject:* RE: [NTSysADM] taskkill logon error



 Does the account have full privileges?



   --

 From: ji...@jt-solution.com
 To: ntsysadm@lists.myitforum.com
 Subject: [NTSysADM] taskkill logon error
 Date: Thu, 5 Jun 2014 14:21:39 +

 I’m trying to run taskkill in a batch script to kill a process on from a
 Server 2008 R2 machine to a W7 workgroup machine.  I keep getting an Error:



 Logon failure: unknown user name or bad password.



 I know the username and password is right.  I’ve turned off firewall for
 testing purposed.  I have disabled Simple File Sharing as well.  No luck.
 Anything else to check?  This worked before I had to wipe the OS on the w7
 machine.  I am able to use net use to map shares on the W7 machine with no
 problems.



 The command being used from the server is:



 taskkill /S users-pc /U users-pc\user /P password /im outlook.exe /f /t



 Thanks,



 Jimmy

Re: [NTSysADM] SCCM 2012R2 training deep dive?

2014-05-15 Thread elsalvoz 
This guys probably have the best content around on training, real world
scenarios is from http://www.truesec.com

Other than that. make them join MSSMS and MDT MyITforum mailing list.
There are also very good MMS 2012/13 videos in how things work in Channel9.
I have a lab on my PC that I can trash and recreate anytime I want to.
http://www.deploymentresearch.com/Research/tabid/62/EntryId/149/The-Hydration-Kit-for-System-Center-2012-R2-is-available-for-download.aspx


Any other training options out there that I have experienced are just book
stuff and not real world.


On Thu, May 15, 2014 at 11:47 AM, Steven M. Caesare scaes...@caesare.comwrote:

 Any suggestions as to quality training course for one of my team that I’d
 like to get up to speed on SCCM 2012R2 coming form 2007?



 Ideally I’d like to avoid How to install, run a sample report, etc… and do
 some more deep dive stuff: Troubleshooting package delivery problems,, how
 clients interact, advanced distribution with dependencies, etc…



 Thanks.



 -sc

Re: [NTSysADM] IIS certs expiration and autorenewal from a Windows CA

2014-04-01 Thread elsalvoz 
I wrote this function a while back that may get you started. This is set to
remove the a particular cert but can be easily changed to what you may need.



Function Remove-Certs
{ [CmdletBinding()]
param (
[Parameter(Position=0, Mandatory=$true)]
[ValidateNotNullOrEmpty()][string]$computername,
 [Parameter(Position=1, Mandatory=$true)]
[ValidateNotNullOrEmpty()][string]$SerialNum,
 [ValidateSet(LocalMachine,LocalUser)][Parameter(Position=2,
Mandatory=$true)]
[ValidateNotNullOrEmpty()][string][string]$LocalStore
)
 $computerstore = (\\$computername\Root)
If (Test-Connection -ComputerName $computername)
{
Try{$store = New-Object
system.security.cryptography.X509Certificates.X509Store
$computerstore,$LocalStore #LocalMachine could also be LocalUser
$store.Open('ReadWrite') #To do the removal, this method need read/write.
for info Read can be used.
$certs = $store.Certificates

Write-Host 
Write-Host * Removing Certs with $SerialNum from Host
$computername  -ForegroundColor Cyan
Write-Host 
foreach ($cert in $certs) {
$certDate = $cert.Notbefore.ToShortDateString() #converting Date to sort
date and string to do comparinson
$CertSerial = $cert.SerialNumber

If ($CertSerial -eq $SerialNum)
{
Write-Host Serial Number Matches Matches.. DELETING CERT -BackgroundColor
Red
Write-Host Subject: $cert.Subject  Serial: $cert.SerialNumber  Issue
Date: $cert.Notbefore  Expiration Date: $cert.NotAfter -ForegroundColor
Red
#$store.Remove($cert) #Deleting the cert that matches. Uncomment this line
to do the actual removal
}
Else
{
Write-Host Serial Number Matches OK.. KEEPING CERT -BackgroundColor Green
#Writing out information of other certs. May be useful to see.
Write-Host Subject: $cert.Subject  Serial: $cert.SerialNumber  Issue
Date: $cert.Notbefore  Expiration Date: $cert.NotAfter -ForegroundColor
blue
}
}
$store.Close()
Write-Host 
Write-Host * Removed Certs with $SerialNum from Host
$computername  -ForegroundColor Cyan
  }
Catch
{
 Write-host $_.Exception.Message -NoNewline -BackgroundColor Red
}
} Else {Write-Host $computername - Failed: No Ping return.
-ForegroundColor Red }
}

Get-Content C:\temp\RemoveCerts\1.txt | foreach {Remove-Certs -computername
$_ -SerialNum xxx -LocalStore LocalMachine }



On Tue, Apr 1, 2014 at 10:26 AM, Kurt Buff kurt.b...@gmail.com wrote:

 Guess I'll have to look at some scripting.
 On Mar 31, 2014 6:15 PM, Ken Schaefer k...@kj.net.au wrote:



 -Original Message-
 From: listsad...@lists.myitforum.com [mailto:
 listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
 Sent: Tuesday, 1 April 2014 11:55 AM
 To: ntsysadm@lists.myitforum.com
 Subject: Re: [NTSysADM] IIS certs expiration and autorenewal from a
 Windows CA

  I am of the opinion that there shouldn't be any reason why these web
 sites don't autorenew their certs, once installed.

 Auto-renewal isn't a process that looks at the details in the existing
 cert and says to the CA give me a new cert with the same properties,
 except extend the expiry date

 Auto-renewal is a process that's says based on my user/computer
 properties, give me a cert with said properties

 The issue you have is that certs you've issued for your services are not
 tied to the user or computer properties per se - they have arbitrary Common
 Names (for starters).

 That's not to say you can't setup an automated process that, once a
 pending cert expiry is detected, creates an appropriate CSR and submits it
 to your CA, and your CA can be configured to auto-issue the cert.

  I'm willing to be schooled on that, but after thinking about it for a
 while I can't see any objections -
  except perhaps It can't be done.

 I don't think it can be done with the built-in auto-renewal process in
 Windows, because it doesn't do what you think/want it to do.

  Asset management - that's a spreadsheet on which assets are tracked,
 right? :)

 Not ideal.

 But you could improve on the idea: e.g. create some formulas that
 colour-code or highlight the contracts or assets that are reaching EoL.
 Write a VBScript that queries it every day, and generates an email with
 things that need to be renewed or a helpdesk ticket, or whatever.
 Downside to Excel is it might be hard to model different types of items
 without using different tabs, and you don't get any real referential
 integrity, and version control is a PITA etc.

 Cheers
 Ken



  Cheers
  Ken
 
  -Original Message-
  From: listsad...@lists.myitforum.com
  [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
  Sent: Tuesday, 1 April 2014 10:03 AM
  To: NTSysADM@lists.myitforum.com
  Subject: [NTSysADM] IIS certs expiration and autorenewal from a
  Windows CA
 
  All,
 
  We had a bit of a scramble when an IIS SSL cert generated by our
 internal CA expired, and didn't autorenew.
 
  Now that I've fixed it, I'm wondering how to set up autorenewal,
 
  From my reading so far, it looks like I need to

Re: [NTSysADM] PowerShell is my weakness....

2013-12-10 Thread elsalvoz 
Should be as easy as this: insert a foreach to parse each file and you
should be set.

PS C:\temp $source = c:\temp
 PS C:\temp $d = [datetime](Get-ItemProperty -Path $source -Name
 LastWriteTime).lastwritetime
 PS C:\temp $source2 = C:\temp\7-Zip
 PS C:\temp $d2 = [datetime](Get-ItemProperty -Path $source2 -Name
 LastWriteTime).lastwritetime
 PS C:\temp Compare-Object $d $d2
 InputObject SideIndicator
 --- -
 7/31/2013 12:01:57 PM   =
 12/9/2013 4:12:11 PM=



On Tue, Dec 10, 2013 at 6:59 AM, James Rankin kz2...@googlemail.com wrote:

 Aha!

 Thanks for all the input guys. I think I may be able to continue onwards
 nowalthough I will probably hit a snag when I try to compare the two,
 knowing my luck :-)

 Cheers,


 JR


 On 10 December 2013 14:51, Christopher Bodnar christopher_bod...@glic.com
  wrote:

 get-childitem c:\temp\* |select -expandproperty lastAccessTime|get-date
 -Format g
  *Christopher Bodnar*
 Enterprise Architect I, Corporate Office of Technology:Enterprise
 Architecture and Engineering Services  Tel 610-807-6459
 3900 Burgess Place, Bethlehem, PA 18017
 christopher_bod...@glic.com



 * The Guardian Life Insurance Company of America*

 *www.guardianlife.com* http://www.guardianlife.com/






 From:James Rankin kz2...@googlemail.com
 To:NTSysADM@lists.myitforum.com
 Date:12/10/2013 06:29 AM
 Subject:[NTSysADM] PowerShell is my weakness
 Sent by:listsad...@lists.myitforum.com
 --



 I'm trying to compare the date/time stamps of two folders (including all
 the included files and subfolders). So far, this seems to do the trick

 get-childitem c:\users\me\test\* | select -expandproperty lastaccesstime

 but the problem is it pumps out the date in a long format - how can I get
 it to be a short format so I can easily compare the two?

 TIA,




 --
 * James Rankin*
 Technical Consultant (ACA, CCA, MCTS)
 *http://appsensebigot.blogspot.co.uk*http://appsensebigot.blogspot.co.uk/
 - This message, and any
 attachments to it, may contain information that is privileged,
 confidential, and exempt from disclosure under applicable law. If the
 reader of this message is not the intended recipient, you are notified that
 any use, dissemination, distribution, copying, or communication of this
 message is strictly prohibited. If you have received this message in error,
 please notify the sender immediately by return e-mail and delete the
 message and any attachments. Thank you.




 --
 *James Rankin*
 Technical Consultant (ACA, CCA, MCTS)
 http://appsensebigot.blogspot.co.uk


image/jpeg

RE: [NTSysADM] RE: Migrating a Windows 7 wkst to another hard drive

2013-12-06 Thread elsalvoz 
I would use a climbing tool versus a file base tool which imagex and dism
are. There are some free clonning tools you can use, ghost would do the
tick but is pay tool.
 On Dec 6, 2013 11:55 AM, Art DeKneef art.dekn...@cox.net wrote:

 Working on this stuff right now creating a new base image of Windows 8.1
 Pro
 and Office 2013 Home  Business.

 (1) It's been a long time but I seem to remember that the one time the OOBE
 was interrupted, when it started again it started from the beginning. But
 this was with XP. I haven't had that happen with Windows 7 or 8 yet. I
 think
 it might depend on where the OOBE got interrupted whether the new SID is
 created. Completing the OOBE should generate a new SID.

 (2) To keep the same SID I wouldn't run Sysprep. Plus what switches you use
 matter here also. Here I think we have to define what needs to be
 accomplished. Is it a backup image of the PC, a recovery image for the PC
 or
 a base image for a brand new computer.

 (3) Define damaged. ImageX makes a copy of what's on the disc.

 As a side note I wouldn't use ImageX anymore as Microsoft has deprecated it
 in favor of DISM. Get and use the new Windows 8.1 Assessment and Deployment
 Kit for the latest version of Windows PE and DISM.

 Art

 -Original Message-
 From: listsad...@lists.myitforum.com [mailto:
 listsad...@lists.myitforum.com]
 On Behalf Of Ben Scott
 Sent: Friday, December 6, 2013 10:06 AM
 To: ntsysadm@lists.myitforum.com
 Subject: Re: [NTSysADM] RE: Migrating a Windows 7 wkst to another hard
 drive

 On Fri, Dec 6, 2013 at 8:32 AM, Michael B. Smith mich...@smithcons.com
 wrote:
  If you don't go through the full OOBE, then you'll get a new SID and
  the new SID won't be in any of the old ACLs. Instant horkage.

   OK... I understand how the PC getting assigned a new SID (leaving the old
 SID owning everything in the filesystem) would hork effective permissions.

   But, can you please clarify:

   (1) To confirm: If one does *NOT* complete the full Out-Of-Box-Experience
 process, then a new SID will be generated?  But if one *DOES* complete the
 full Out-Of-Box-Experience process, a new SID will *NOT* be generated?
  That
 seems backwards to me.

   (2) Thus, to *keep* the same SID, one should run SYSPREP before creating
 the image, and then allow OOBE to complete upon applying the image?

   (3) As a corollary, if the existing installation is damaged somehow,
 preventing one from running SYSPREP, ImageX cannot be used to accurately
 preserve the system before attempting repairs?

 -- Ben

RE: [NTSysADM] RE: Migrating a Windows 7 wkst to another hard drive

2013-12-06 Thread elsalvoz 
I just started thinking more about the question. If the drive is going to
replace another drive in the same box then, clonning would be the best
option, I've done it múltiple times without issues, even AD account was
fine. No sysprep though. But if there are other drives in the same system,
I think you would encounter acl issues.
Even if you were to switch the cloned drive to another h/w and precure the
old one will work
On Dec 6, 2013 5:16 PM, elsalvoz elsal...@gmail.com wrote:

 I would use a climbing tool versus a file base tool which imagex and dism
 are. There are some free clonning tools you can use, ghost would do the
 tick but is pay tool.
  On Dec 6, 2013 11:55 AM, Art DeKneef art.dekn...@cox.net wrote:

 Working on this stuff right now creating a new base image of Windows 8.1
 Pro
 and Office 2013 Home  Business.

 (1) It's been a long time but I seem to remember that the one time the
 OOBE
 was interrupted, when it started again it started from the beginning. But
 this was with XP. I haven't had that happen with Windows 7 or 8 yet. I
 think
 it might depend on where the OOBE got interrupted whether the new SID is
 created. Completing the OOBE should generate a new SID.

 (2) To keep the same SID I wouldn't run Sysprep. Plus what switches you
 use
 matter here also. Here I think we have to define what needs to be
 accomplished. Is it a backup image of the PC, a recovery image for the PC
 or
 a base image for a brand new computer.

 (3) Define damaged. ImageX makes a copy of what's on the disc.

 As a side note I wouldn't use ImageX anymore as Microsoft has deprecated
 it
 in favor of DISM. Get and use the new Windows 8.1 Assessment and
 Deployment
 Kit for the latest version of Windows PE and DISM.

 Art

 -Original Message-
 From: listsad...@lists.myitforum.com [mailto:
 listsad...@lists.myitforum.com]
 On Behalf Of Ben Scott
 Sent: Friday, December 6, 2013 10:06 AM
 To: ntsysadm@lists.myitforum.com
 Subject: Re: [NTSysADM] RE: Migrating a Windows 7 wkst to another hard
 drive

 On Fri, Dec 6, 2013 at 8:32 AM, Michael B. Smith mich...@smithcons.com
 wrote:
  If you don't go through the full OOBE, then you'll get a new SID and
  the new SID won't be in any of the old ACLs. Instant horkage.

   OK... I understand how the PC getting assigned a new SID (leaving the
 old
 SID owning everything in the filesystem) would hork effective permissions.

   But, can you please clarify:

   (1) To confirm: If one does *NOT* complete the full
 Out-Of-Box-Experience
 process, then a new SID will be generated?  But if one *DOES* complete the
 full Out-Of-Box-Experience process, a new SID will *NOT* be generated?
  That
 seems backwards to me.

   (2) Thus, to *keep* the same SID, one should run SYSPREP before creating
 the image, and then allow OOBE to complete upon applying the image?

   (3) As a corollary, if the existing installation is damaged somehow,
 preventing one from running SYSPREP, ImageX cannot be used to accurately
 preserve the system before attempting repairs?

 -- Ben