Microsoft Windows

Disable UAC in Microsoft Windows 2012 R2

posted 20 Jan 2016, 01:20 by Tristan Self

If you like me, don't want to have an admin prompt each time you want to save a file to a server you can disable UAC, by ensuring that all Administrators of the server don't require approval to make minor changes.

So if you say had a file on the C: drive you were trying to update, without the setting below on, you'd be prompted to save a new file, as UAC basically makes all the files read only, unless you have got approval.

To turn this off do the following:

1. Open ‘Local security Policy’ by running ‘Secpol.msc’ in the command line.

2. Go to – Local Policies -> Security Options.

3. On the right side scroll down to ‘User Account Control: run all Administrators in admin approval mode’.

4. Change the setting to ‘Disabled’.

5. Restart the server.


Copy files within a directory structure to another directory, leaving the directories behind

posted 5 Aug 2015, 03:22 by Tristan Self

I had an interesting request, how to move a load of PDF files from one directory structure to another but leaving behind that directory structure so all the files end up in one directory in a huge list. I thought XCopy, but this appeared to be a better way.

forfiles /p c:\source\ /M *.pdf /S /C "cmd /c copy @file c:\destination"


Note: Files with the duplicate names are just overwritten.

Create a SSL CSR from Command Line with Subject Alternate Name

posted 16 Jun 2015, 07:08 by Tristan Self   [ updated 16 Jun 2015, 07:09 ]

To create a CSR and include not only a CN (Common Name) but also a SAN(s) too, you can use the following process.

1. Firstly create a text file called request.inf and fill it with the following:

 ;----------------- request.inf -----------------
[Version]

Signature= $Windows NT$

[NewRequest]

Subject = "CN=host0.oaklands.ac.uk, OU=Department, O=Organisation, L=Town, S=County, C=Country" ; replace attributes in this line using example below
KeySpec = 1
KeyLength = 2048
; Can be 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
FriendlyName = vdm
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = Microsoft RSA SChannel Cryptographic Provider
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication

[Extensions]
2.5.29.17 = "{text}"
_continue_ = "dns=host1.domain.com&"
_continue_ = "dns=host2.domain.com"

;-----------------------------------------------


2. Now run this command to create a CSR:

 > certreq -new request.inf certreq.txt

You can check it has the right info here: https://certlogik.com/decoder/ before sending to your CA.

3. Send this CSR to your CA, when you get the file back run the command below:

 > certreq -accept cert.cer

4. To ensure it has been added correctly, check the Certificate MMC snap-in.

Remove licence from Office 365 user

posted 27 May 2015, 01:08 by Tristan Self

In our case, we were needing to remove some licences from some users, as we had an educational licence, the names of the service plans and licenses were a bit different.

So we had two ways of doing it: 1 was just to remove the service plans we didn't need. And the second was to remove the licence as a whole.

You need to run this from within the Office 365 PowerShell console, here's a PowerShell script to help you connect quickly and easily:

$cred = Get-Credential
Import-Module MSOnline
Connect-MsolService -Credential $cred
$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection
$importresults = Import-PSSession $s

1. Remove just some service plans

So here, I'm going to remove the YAMMER_EDU and MCOSTANDARD (Lync) licences.

$O365Licences = New-MsolLicenseOptions –AccountSkuId domainname:STANDARDWOFFPACK_STUDENT -DisabledPlans MCOSTANDARD,YAMMER_EDU

Set-MsolUserLicense -UserPrincipalName "fred.bloggs@domain.com" -LicenseOptions $O365Licences

2. Remove the licence from the user completely

Set-MsolUserLicense -UserPrincipalName "fred.bloggs@domain.com" -RemoveLicenses domain:STANDARDWOFFPACK_STUDENT;

Now the licence or service plan should be removed, you can check this through the web interface of Office365 admin.

Backup Pcounter balances for export to another system

posted 26 May 2015, 07:24 by Tristan Self

So you are moving from Pcounter to another printing system, but you want to export your users balances to export them to another system.

To do this find the account.exe file within your Pcounter directory and run this command:

ACCOUNT BACKUP <DOMAIN>

Where the <DOMAIN> is your domain name (NetBIOS) name of the domain. This will export all the balances out to a text file, that you can convert into a CSV file for import into another system.

Hyper-V Server 2012 R2 Disable Local Password Complexity

posted 26 Jan 2015, 01:11 by Tristan Self

If you like me like a more simple password for your local administrator password on your servers in a test lab or production :) then you can change it using the local security policy.

Problem is on Hyper-V Server 2012 R2, you don't have the MMC snap-ins to do it, so you need to use the command line as follows:

Disable Local Password Expiry:

> net accounts /maxpwage:unlimited

Disable Password Complexity

First export your security configuration using the following command:
> secedit /export /cfg C:\securityconfig.cfg

Open the exported file with notepad.

Change the line:
PasswordComplexity = 1
to:
PasswordComplexity = 0
and save the file:

> secedit /configure /db C:\Windows\security\new.sdb /cfg C:\securityconfig.cfg /areas SECURITYPOLICY

Now you can set your local administrator password to something simple! ;)

Disable IPv6 Auto-Configuration Address

posted 19 Dec 2014, 03:47 by Tristan Self

IPv6 is autoconfiguring, that's great for worksations and mobile devices, but for servers you want some control. Yes you can hard code a static IPv6 address, but it will also show an autoconfiguration address too. You can disable the RA's from the router, but in some cases you might not want to do this. So to disable IPv6 autoconfiguration on a Windows 2008 R2+ server you can run these commands:

Firstly determine the network interface to disable IPv6 auto-configuration on:
 netsh interface ipv6 show interface

Next you take this number ID and run this command to disable IPv6 autoconfiguration on the interface:
 netsh interface ipv6 set interface XX routerdiscovery=disabled

(Where XX is the ID from the previous command of the NIC you want to set this on.)

Microsoft SharePoint 2013 - Locked File Error "File is locked by another user"

posted 10 Jul 2014, 02:47 by Tristan Self   [ updated 10 Jul 2014, 02:47 ]

PROBLEM:

You can't checkout a file because it says it is "locked by another user" or is "locked by <USERNAME>", but from the SharePoint UI you can't see who has it locked out or you can't see that it has been locked out at all.

SOLUTION:

This is a big problem with SharePoint since 2003, 2007 was the same, so was 2010 and so is 2013, so it appears to be here to stay. Microsoft say you should wait 10 minutes and the lock will be released, however this is not always the case. You could reboot the whole server (yuk) or restart IIS. Alternatively you can do the following:

1. Open the SharePoint 2013 Management Shell from the SharePoint server. You need to have Farm Administrator rights over SharePoint or Admin rights over the site collection in which the locked file is located.
2. Run the Management Shell as Administrator.
3. Then enter the following:

$w=get-spweb http://intranet.domain.com/
$f=$w.getfile("/SITENAME/LIBRARYNAME/myfile.docx")
$f

This will show you a list of properties of the file, within that you'll see that the file has a lock on it because it has a "LockID" and the user who has it locked "LockedByUser."

To unlock the file, but I found these would not work giving some odd error.

$f.releaselock($f.lockid)
$f.releaselock({theGUIDofTheLock})

So to unlock do step for:

4. Run this now:

$url = "http://intranet.domain.com/SITENAME" 
$fileurl = "http://intranet.domain.com/SITENAME/LIBRARY/myfile.docx" 
$web = Get-SPWeb $url 
$item = $web.GetListItem($fileurl) 
$item.File.CheckOutStatus
$item.ReleaseLock

Now check again using the $f and you should see the lock has gone.



Microsoft SharePoint 2013 - Search Results Blank

posted 7 Jun 2014, 07:25 by Tristan Self

Problem:

We had this conundrum, the search results were showing as blank when searching in Microsoft SharePoint 2013 but this was only for files and items, not for people that returned results fine.

After checking the crawler and finding no errors and able to search within the index and finding items I came to the conclusion it was caused by the search center itself not looking where it should do.

Note: there are many causes of this issue, in our case everything to do with the search, permissions and index were fine we just weren't seeing the results!

Solution:

Browse to your Enterprise search site, normally something like http://intranet.domain.com/search
Click on "site settings" on the enterprise search center site.

Site Settings->Search->Result Sources

Ensure that "Local SharePoint Results" is the default. Not anything else.

Then try the search again, clicking everything will now show you files!

The System Administrator Has Set Policies to Prevent This Installation - Windows 2012

posted 2 Jan 2014, 23:45 by Tristan Self

Error:
 
Error: “The System Administrator Has Set Policies to Prevent This Installation”, when trying to install a software." When trying to install an MSI on a server.
 
Solution
 
Browse the registry to HKLM\Software\Policies\Microsoft\Windows\Installer

 Create: DisableMSI       Type: REG_DWORD  value = 0   (0 should allow you to install it was originally 1)
 
Install your MSI.

1-10 of 49