Locale IDs Assigned by Microsoft

28/10/2013 Leave a comment

http://msdn.microsoft.com/en-us/goglobal/bb964664.aspx

Categories: Microsoft Tags: , ,

Track Local Network Shares on SCCM 2007

24/10/2013 Leave a comment

Hi,

If you need to find all the local shares that users create on their computer this post might be good for you,

The first thing you need to do is to edit the sms_def.mof file for the client to start reporting of his local shares\

  1. Open the file …\Microsoft Configuration Manager\Inboxes\clifiles.src\hinv\sms_def.mof with your notepad
  2. search for   SMS_Group_Name (“Shares”), 
  3. You can change all the FALSE parameters to TRUE, or just the SMS_Report, Name and Path
  4. Now you need to wait, it can take some time that the client will start reporting about his shares

The second thing to do is to build a small report, you can use a basic report that show all the shares

SELECT TOP (100) PERCENT dbo.v_GS_SHARE.ResourceID, dbo.v_R_System.Name0 AS Hostname, dbo.v_GS_SHARE.Name0 AS ShareName,
dbo.v_GS_SHARE.Path0 AS Path
FROM dbo.v_GS_SHARE INNER JOIN
dbo.v_R_System ON dbo.v_GS_SHARE.ResourceID = dbo.v_R_System.ResourceID

Or you can use some filter to disable administrative shares

SELECT TOP (100) PERCENT dbo.v_GS_SHARE.ResourceID, dbo.v_R_System.Name0 AS Hostname, dbo.v_GS_SHARE.Name0 AS ShareName,
dbo.v_GS_SHARE.Path0 AS Path
FROM dbo.v_GS_SHARE INNER JOIN
dbo.v_R_System ON dbo.v_GS_SHARE.ResourceID = dbo.v_R_System.ResourceID
WHERE (dbo.v_GS_SHARE.Name0 NOT LIKE ‘_$’) AND (dbo.v_GS_SHARE.Name0 <> ‘admin$’) AND (dbo.v_GS_SHARE.Name0 <> ‘ipc$’)

I’m done here , on my next post I’ll show how to generate report of permission of those shares.

Categories: Microsoft, SCCM, Script, SOX Tags: , , , , , , , ,

PowerShell: Get Active Directory groups membership for a user

22/10/2013 2 comments

Hi,

When you have to document every change  Because you’re committed to SOX regulation, you need to extract the data fast

This PowerShell script receive an AD username and export .csv with all Active Directory groups (for Fast Copy&Past).

import-module ActiveDirectory
$name = Read-Host ‘What is the username?’
$csvvv = “.csv”
Get-ADPrincipalGroupMembership $name | select name | Export-CSV ($name+$csvvv)

Save it as .ps1 and run it from the powershell command line,

Categories: Microsoft, PowerShell, Script, Uncategorized Tags: , , , , ,

Sending a reminder to users with password is about to expire (PowerShell Script)

11/07/2013 2 comments

One of the most annoying thing in user support is that they never notice the “consider changing your password” balloon, and sometimes they are locked out after their password expired,

To overcome this difficulty with users, I programmed This in PowerShell:

 

  • First, I pull out the users that their password ending soon –

import-module ActiveDirectory

$date1 = ((Get-Date).AddDays(-56)).ToString()
$date2 = ((Get-Date).AddDays(-61)).ToString()

//the default domain password expiration is 60 days

get-ADUser -server “YOURDC” -SearchBase “OU=Divisions,DC=DOMAIN,DC=COM” -Filter {(enabled -eq “TRUE”) -and (PasswordLastSet -lt $date1) -and (PasswordLastSet -gt $date2) -and (PasswordNeverExpires -eq “false”) -and (EmailAddress -notlike ‘\S’)} -Properties * | select EmailAddress, DisplayName, PasswordLastSet | Export-CSV c:\List1.csv

//Please notice that i export only 3 field for each user (EmailAddress, DisplayName, PasswordLastSet)

  • Now we delete the first row, and load the file into $list

get-content c:\list1.csv | select -skip 1| set-content c:\list2.csv

$list = import-csv “c:\list2.csv”

 

  • Now for the loop, it will go to each row and take the user information and send him an email to consider changing his password

ForEach ($row in $list) {
$Subject = “Dear “+$row.DisplayName+”, Your Domain Password Set On “+$row.PasswordLastSet+” And About To Expire”
$Body = “To change youre password press Control+Alt+Delete and choose Change Password `nThis is an automatic message, Please DO NOT reply ……”

send-mailmessage -to $row.EmailAddress -from “<me@domain.com>”  -subject $subject -body $body -smtpServer “smtp.domain.com”
}

You can consolidate all the script parts to one file .ps1 type

This is it, I hope you liked it….

Yair

 

 

Categories: Microsoft, PowerShell, Script, Server, Windows Tags: , , , , , ,

The Complete Guide To Deploy 3rd Party Update Via WSUS Infrastructure

07/04/2013 2 comments

One of the annoying things with non-Microsoft vendors is their large amount of update (for example Adobe Flash) and the lack of ability to manage it in your company’s computers

In this post I’m assuming that you already have WSUS infrastructure in your organization, and if not you should have it before trying to do the following steps. (I hope that someday I have the time to publish my WSUS best practice from my experience).

Don’t you want to see this thing on your computers?

scup3

scup4

Well, let’s start

  1. Local Update Publisher

Local Update Publisher (LUP), is a software that allow system administrators to publish their own update or 3rd party update   using WSUS Local Publishing.

You can download it here and install it on your WSUS server, there is an installation manual in this link.

  1. Certification

The most difficult issue in this the ExportImport of the WSUS Certification, the LUP WIKI don’t showing the way to do it right

The WSUS Server need to issue itself a certification, and this certification need to installed in all WSUS clients.

What you really need to remember is that the Exported Certification needs to be 2046 Bit, and you need to deploy it with group policy to computers in to places:

    • Trusted Root Certification Authorities.
    • Trusted Publishers.

 

  1. WSUS policy

One more Change that you need to do is on the WSUS GPO (or computer registry if you don’t manage it with policy)

In the GPO (computer configuration > policies > administrative templates > windows components > Windows Update) you should enable: “Allow signed updates from an internet Microsoft update service location”

The registry value that Present this policy is AcceptTrustedPublisherCerts in :  HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate

Need to look like that: “AcceptTrustedPublisherCerts”=dword:00000001

  1. XML Import

The next step is to go 3rd-party  vendors site and search for distribution terms of their products (like: SCUP, SCCM, SMS,  etc.)

For example:

FLASH: http://www.adobe.com/licensing/distribution/strategies/sms.html

Acrobat Reader: http://www.adobe.com/devnet-docs/acrobatetk/tools/AdminGuide/sccm.html

Now what you have to do is to import the catalogue file into the LUP, select the versions you want to import and the LUP will download it from the site

123

Now approve the update to the group you want (like you do in WSUS)

You can also create an update by your own, I Didn’t try it yet…

scup5

Categories: Microsoft, Windows, WSUS Tags: , , , , , , , , , , , ,

All WSUS Codes

21/03/2013 Leave a comment

Hi, I found a nice page with all the WSUS error codes http://inetexplorer.mvps.org/archive/windows_update_codes.htm

I would like to thank to the original publisher of this page

Categories: Microsoft, WSUS Tags: , , ,

OUTLOOK 2010 ERROR : cannot send this item

06/03/2013 1 comment

OUTLOOK 2010 ERROR :  cannot send this item

 

if u encountered this error msg you probably got nuts.

This one of the most frustrating issue I’ve ever encountered.

so u should be very happy to get here.

when it happen?

I’m usually getting this error msg  when I’m saving to drafts an email with an attachment (like PDF), and then trying to send it.

or if I’m writing an email 15 minutes , outlook is saving the email automatically.

why it caused?

my problem was the signature, I know it’s sound wired, but there is a bug in outlook and JPG signature.

what to do?

first of all try to delete the image from your signature.

then u can add it again but not at the same format.

 

hope it help you,

Mor Edelstein

 

 

 

 

 

Categories: Uncategorized

HowTo Create SCCM collection based on failed advertisement

05/12/2011 Leave a comment

Hello
I came across with advertisment that failed 50% because of some setting wrong,

Before installation of the software requested was necessary to install a specific patch failed computers,
I found the following query that finds the computers that have failed in the original Advertisment

SELECT sys.ResourceID,sys.ResourceType,sys.Name,sys.SMSUniqueIdentifier,sys.ResourceDomainORWorkgroup,sys.Client FROM sms_r_system as sys inner join SMS_ClientAdvertisementStatus as offer on sys.ResourceID=offer.ResourceID WHERE AdvertisementID = ‘XXX#####’ and LastStateName = “Failed”

You know the rest here,

Yair

Categories: SCCM Tags: , ,

how to resolve EV outlook add-in Error MSG: This version of the enterprise vault Outlook add-in is not compatible with the installed version of microsoft outlook

06/07/2011 19 comments

If u encounter with this error msg : ”

this version of the Enterprise Vault Outlook add-in is not compatible with the installed version of microsoft outlook.

contact your help Desk for details of how to resolve this issue.”

Do this folowing steps:

1)close outlook
2)open “regedit” (start->run->”regedit”->ok)

3) HKEY_CLASSES_ROOT\Outlook.Application

u should have 2 keys under:
HKEY_CLASSES_ROOT\Outlook.Application\CLSID
and
HKEY_CLASSES_ROOT\Outlook.Application\CurVer

if one of the keys not exist.
go to another computer that have no problem with EV outlook add in . and “Export” the missing key.
now, open it in your computer.

Categories: Outlook 2010 Tags: , , , ,

Can’t Enable Mailbox for EV When it’s full

01/07/2011 1 comment

Something else I noticed about the Enterprise vault.
When the e-mail box is full, you can not Enable it

Have to make room or to increase the e-mail box to do this

Please note that
Yair

Categories: Enterprise Vault, Symantec