Locale IDs Assigned by Microsoft
Track Local Network Shares on SCCM 2007
Hi,
If you need to find all the local shares that users create on their computer this post might be good for you,
The first thing you need to do is to edit the sms_def.mof file for the client to start reporting of his local shares\
- Open the file …\Microsoft Configuration Manager\Inboxes\clifiles.src\hinv\sms_def.mof with your notepad
- search for SMS_Group_Name (“Shares”),
- You can change all the FALSE parameters to TRUE, or just the SMS_Report, Name and Path
- Now you need to wait, it can take some time that the client will start reporting about his shares
The second thing to do is to build a small report, you can use a basic report that show all the shares
SELECT TOP (100) PERCENT dbo.v_GS_SHARE.ResourceID, dbo.v_R_System.Name0 AS Hostname, dbo.v_GS_SHARE.Name0 AS ShareName,
dbo.v_GS_SHARE.Path0 AS Path
FROM dbo.v_GS_SHARE INNER JOIN
dbo.v_R_System ON dbo.v_GS_SHARE.ResourceID = dbo.v_R_System.ResourceID
Or you can use some filter to disable administrative shares
SELECT TOP (100) PERCENT dbo.v_GS_SHARE.ResourceID, dbo.v_R_System.Name0 AS Hostname, dbo.v_GS_SHARE.Name0 AS ShareName,
dbo.v_GS_SHARE.Path0 AS Path
FROM dbo.v_GS_SHARE INNER JOIN
dbo.v_R_System ON dbo.v_GS_SHARE.ResourceID = dbo.v_R_System.ResourceID
WHERE (dbo.v_GS_SHARE.Name0 NOT LIKE ‘_$’) AND (dbo.v_GS_SHARE.Name0 <> ‘admin$’) AND (dbo.v_GS_SHARE.Name0 <> ‘ipc$’)
I’m done here , on my next post I’ll show how to generate report of permission of those shares.
PowerShell: Get Active Directory groups membership for a user
Hi,
When you have to document every change Because you’re committed to SOX regulation, you need to extract the data fast
This PowerShell script receive an AD username and export .csv with all Active Directory groups (for Fast Copy&Past).
import-module ActiveDirectory
$name = Read-Host ‘What is the username?’
$csvvv = “.csv”
Get-ADPrincipalGroupMembership $name | select name | Export-CSV ($name+$csvvv)
Save it as .ps1 and run it from the powershell command line,
Sending a reminder to users with password is about to expire (PowerShell Script)
One of the most annoying thing in user support is that they never notice the “consider changing your password” balloon, and sometimes they are locked out after their password expired,
To overcome this difficulty with users, I programmed This in PowerShell:
- First, I pull out the users that their password ending soon –
import-module ActiveDirectory
$date1 = ((Get-Date).AddDays(-56)).ToString()
$date2 = ((Get-Date).AddDays(-61)).ToString()//the default domain password expiration is 60 days
get-ADUser -server “YOURDC” -SearchBase “OU=Divisions,DC=DOMAIN,DC=COM” -Filter {(enabled -eq “TRUE”) -and (PasswordLastSet -lt $date1) -and (PasswordLastSet -gt $date2) -and (PasswordNeverExpires -eq “false”) -and (EmailAddress -notlike ‘\S’)} -Properties * | select EmailAddress, DisplayName, PasswordLastSet | Export-CSV c:\List1.csv
//Please notice that i export only 3 field for each user (EmailAddress, DisplayName, PasswordLastSet)
- Now we delete the first row, and load the file into $list
get-content c:\list1.csv | select -skip 1| set-content c:\list2.csv
$list = import-csv “c:\list2.csv”
- Now for the loop, it will go to each row and take the user information and send him an email to consider changing his password
ForEach ($row in $list) {
$Subject = “Dear “+$row.DisplayName+”, Your Domain Password Set On “+$row.PasswordLastSet+” And About To Expire”
$Body = “To change youre password press Control+Alt+Delete and choose Change Password `nThis is an automatic message, Please DO NOT reply ……”send-mailmessage -to $row.EmailAddress -from “<me@domain.com>” -subject $subject -body $body -smtpServer “smtp.domain.com”
}
You can consolidate all the script parts to one file .ps1 type
This is it, I hope you liked it….
Yair
The Complete Guide To Deploy 3rd Party Update Via WSUS Infrastructure
One of the annoying things with non-Microsoft vendors is their large amount of update (for example Adobe Flash) and the lack of ability to manage it in your company’s computers
In this post I’m assuming that you already have WSUS infrastructure in your organization, and if not you should have it before trying to do the following steps. (I hope that someday I have the time to publish my WSUS best practice from my experience).
Don’t you want to see this thing on your computers?
Well, let’s start
- Local Update Publisher
Local Update Publisher (LUP), is a software that allow system administrators to publish their own update or 3rd party update using WSUS Local Publishing.
You can download it here and install it on your WSUS server, there is an installation manual in this link.
- Certification
The most difficult issue in this the ExportImport of the WSUS Certification, the LUP WIKI don’t showing the way to do it right
The WSUS Server need to issue itself a certification, and this certification need to installed in all WSUS clients.
What you really need to remember is that the Exported Certification needs to be 2046 Bit, and you need to deploy it with group policy to computers in to places:
- Trusted Root Certification Authorities.
- Trusted Publishers.
- WSUS policy
One more Change that you need to do is on the WSUS GPO (or computer registry if you don’t manage it with policy)
In the GPO (computer configuration > policies > administrative templates > windows components > Windows Update) you should enable: “Allow signed updates from an internet Microsoft update service location”
The registry value that Present this policy is AcceptTrustedPublisherCerts in : HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate
Need to look like that: “AcceptTrustedPublisherCerts”=dword:00000001
- XML Import
The next step is to go 3rd-party vendors site and search for distribution terms of their products (like: SCUP, SCCM, SMS, etc.)
For example:
FLASH: http://www.adobe.com/licensing/distribution/strategies/sms.html
Acrobat Reader: http://www.adobe.com/devnet-docs/acrobatetk/tools/AdminGuide/sccm.html
Now what you have to do is to import the catalogue file into the LUP, select the versions you want to import and the LUP will download it from the site
Now approve the update to the group you want (like you do in WSUS)
You can also create an update by your own, I Didn’t try it yet…
All WSUS Codes
Hi, I found a nice page with all the WSUS error codes http://inetexplorer.mvps.org/archive/windows_update_codes.htm
I would like to thank to the original publisher of this page
OUTLOOK 2010 ERROR : cannot send this item
OUTLOOK 2010 ERROR : cannot send this item
if u encountered this error msg you probably got nuts.
This one of the most frustrating issue I’ve ever encountered.
so u should be very happy to get here.
when it happen?
I’m usually getting this error msg when I’m saving to drafts an email with an attachment (like PDF), and then trying to send it.
or if I’m writing an email 15 minutes , outlook is saving the email automatically.
why it caused?
my problem was the signature, I know it’s sound wired, but there is a bug in outlook and JPG signature.
what to do?
first of all try to delete the image from your signature.
then u can add it again but not at the same format.
hope it help you,
Mor Edelstein
HowTo Create SCCM collection based on failed advertisement
Hello
I came across with advertisment that failed 50% because of some setting wrong,
Before installation of the software requested was necessary to install a specific patch failed computers,
I found the following query that finds the computers that have failed in the original Advertisment
SELECT sys.ResourceID,sys.ResourceType,sys.Name,sys.SMSUniqueIdentifier,sys.ResourceDomainORWorkgroup,sys.Client FROM sms_r_system as sys inner join SMS_ClientAdvertisementStatus as offer on sys.ResourceID=offer.ResourceID WHERE AdvertisementID = ‘XXX#####’ and LastStateName = “Failed”
You know the rest here,
Yair
how to resolve EV outlook add-in Error MSG: This version of the enterprise vault Outlook add-in is not compatible with the installed version of microsoft outlook
If u encounter with this error msg : ”
this version of the Enterprise Vault Outlook add-in is not compatible with the installed version of microsoft outlook.
contact your help Desk for details of how to resolve this issue.”
Do this folowing steps:
1)close outlook
2)open “regedit” (start->run->”regedit”->ok)
3) HKEY_CLASSES_ROOT\Outlook.Application
u should have 2 keys under:
HKEY_CLASSES_ROOT\Outlook.Application\CLSID
and
HKEY_CLASSES_ROOT\Outlook.Application\CurVer
if one of the keys not exist.
go to another computer that have no problem with EV outlook add in . and “Export” the missing key.
now, open it in your computer.
Can’t Enable Mailbox for EV When it’s full
Something else I noticed about the Enterprise vault.
When the e-mail box is full, you can not Enable it
Have to make room or to increase the e-mail box to do this
Please note that
Yair