Enabling Agent Proxy in SCOM 2016

System Center Operations Manager (SCOM) chiefly relies on Agents in order to collect the data required to generate its reports.  After all, SCOM’s primary functions are monitoring and reporting, right?  Well, in order to do this for hundreds to hundreds of thousands of computers, there is a feature called Agent Proxying that helps it out.  Unfortunately, it is disabled by default.  So, once you have installed SCOM 2016, it is going to start spewing out errors… even before you install your first Management Pack.

AgentProxy

So, this is a pretty easy fix.  You COULD do it via the GUI, through the Operations Console… under AdministrationDevice ManagementAgent Managed, right-click on the computer in question, and under Properties, click on the Security tab, and click the checkbox (the only one): Allow this agent to act as a proxy and discover managed objects on other computers.  

Of course, my preferred method would be via PowerShell.

  1. Connect to the Operations Manager Shell.
  2. Enter the following cmdlet: get-SCOMagent | where {$_.ProxyingEnabled -match “False”} | Enable-SCOMAgentProxy

That’s it… as simple as that.  AgentProxy Enabled

You should only have to do this the once, unless you decide later on to add Management Servers.

Good luck!

Advertisements

Expensive Pieces of Plastic

Once again, I find myself sitting at the Microsoft Store in Yorkdale Mall, Toronto.  Frankly, if it were not for the snow and traffic, I likely would have dealt with this online, once I got around to it… but Highway 401 through Toronto has a tendency of being congested, so here I sit.

Over the last few years I have bought a lot of different products at the Microsoft Store, and even more products that are branded Microsoft, but which were purchase elsewhere.  Some of them have been great, others have been duds.  Most have been pretty good, and especially the ones branded Microsoft Surface are usually really good.

The problem is not when they are working… the question is, what happens when they break?  This does not usually mean physical damage, like the woman who until a few moments ago was sitting next to me and trying to argue that her Xbox headset, which obviously had physical damage (the left ear was completely disconnected, save for the wires).  I mean they just stop working the way they were meant to… connectivity issues and the like.

Recently I had a Surface Arc Mouse that stopped working.  I called the online support, as prescribed by the website, and they told me that I could either send it back to them, then wait for them to receive it, and ship me the new mouse… or I could save the time and go to the nearest Microsoft Store.  Problem: The nearest Microsoft Store to where I live (in Ottawa) is in Toronto, some 450km away.  I opted for the shipping option.

Later (Read: Now), as I actually was visiting in Toronto, I had another issue… this time with my Surface Pro Type Cover.  It just stopped working.  What do you do when an expensive piece of plastic stops working?  You go back to the point of purchase, and hope that the company has a good exchange policy.

Windows-Store-to-Microsoft-Store-740x405In my experience, Microsoft Store does a pretty good job of taking care of you.  They stand behind their products, and when something goes wrong, as long as you are within a reasonably warranty period, they will replace it.  So when someone asks me ‘Why would I spend $100 on a stupid piece of plastic, when I can just as easily buy a mouse for less than half that?’ The answer is twofold: 1) I appreciate having quality devices that will always work when I want them to, the way I want them to.  2) Yes, when the cheaper device breaks, I can buy a new one, and still be ahead of the game.  But when my higher quality mouse breaks (as mine have, on occasion), I know that the company stands behind them, and will replace it for me at no cost, and with minimal hassle.

Also… yes, I still enjoy coming to the Microsoft Store in Yorkdale.  No, none of the staff who worked there when I emceed the grand opening event so many years ago still work here… although I am still friends with some of them.  I like seeing what is new in the Microsoft hardware ecosystem, I like seeing the shiny, happy faces that work here.  I like speaking with them, and frankly, now that they don’t know who I am, they treat me just as well as they used to… they just don’t add the ‘By the way Mitch, while you are here…’ questions that used to always take up extra time Smile

The thing I don’t love? You walk in, you still have to make an appointment to speak to someone.  The good news?  It is usually pretty quick.  Today, for example, I came in, made my appointment for 20 minutes later, and by the time the third sentence of this article was written, Kevin was helping me.  Not for nothing, but the last time I went to the Apple Store, I had to wait well over an hour.  Great for Apple’s market share, lousy for me having to wait patiently.

Domain Controller Health Service Lockdown Issue with SCOM 2016

I came to this realization last year, but I don’t think I wrote about it.

When monitoring domain controllers, specifically domain controllers running on Windows Server 2016, and specifically with System Center Operations Manager 2016 (and later, I assume) have a bit of an issue when you deploy the SCOM Agent to the server.  It deploys, it installs… but when you look at the list, your domain controllers do not have that friendly GREEN check mark… you get the same icon, but it is grey.

SCOM Greyed

Reason? The Health Service is denying the NT AUTHORITY\SYSTEM.

HSLockdown

This is an easy fix.  If you are running Server with Desktop Experience (what we until recently called the GUI), then make sure you open the Command Prompt with elevated privileges.  Navigate to c:\Program Files\Microsoft Monitoring Agent\Agent, and then type the following:

  1. HSLockdown.exe /A “NT AUTHORITY\SYSTEM”
  2. net stop healthservice
  3. net start healthservice

Once you do that, it should only take a minute for SCOM to reflect the change.  If you are too impatient to wait, you can click REFRESH.

I hope this helps!

Active Directory Recycle Bin

A few years ago, Microsoft introduced the Active Directory Recycle Bin to Windows Server.  Wonderful!  It is not enabled out of the box, but it is reasonably simple to enable… except, it is not.

Firstly, you can do it in the GUI… Open the Active Directory Administrative Center, navigate to local (local), and then in the Actions Pane click Enable Recycle Bin…  You will get a warning about how serious this is – that is, it is irreversible.  Thanks, let’s go ahead.  We’re done.

The other way to do it, and obviously my preferred method, is with PowerShell.  Use the following cmdlet:

Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=local,DC=domain,DC=name’ –Scope ForestOrConfigurationSet –Target ‘local.domain.name’

Once again, you will get a warning that “Enabling ‘Recycle Bin Feature” is an irreversible action! You will not be able to disable ‘Recycle Bin Feature’ on ‘CN=Partitions,CN=Configuration,DC=local,DC=domain,DC=name’ if you proceed.”

(Yes, the warning is in orange… not my choice)

You press YES, you go ahead, and it’s done…

…or IS IT?

“A referral was returned from the server”

This error can come equally and identically from the GUI as from PowerShell… It simply means, THIS DID NOT WORK.

I have read all sorts of articles and forums on this, people telling people that they had the syntax wrong.  “Change single quotes to double quotes, or remove the quotes, that’s what will work.”  Some of these may be accurate.  In my experience, it is not a syntax error.

There are five (5) Flexible Single Master Operations (FSMO) roles on our domain.  Two of these, namely the Schema Master and the Domain Naming Master have to be on the same domain controller in order for this to work.  Otherwise… no.

I should also take a moment to mention that anytime you are doing anything with the Schema Master role, you have to be a member of the Schema Administrators security group.  I hear from people all the time ‘…but I am a member of the Enterprise Admins group!’ Nothing doing… except that, if you are a member of the EA group, you can add yourself pretty easily to the SA group.

So… transfer the Schema master role and you will be fine.  Good luck!

Oh yeah… here’s how.

  1. Use ntdsutil.exe.  I will not bore you with the details… somewhere under roll – connections – servers – bla bla bla.
  2. Use PowerShell.  Here’s your cmdlet:

Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole SchemaMaster

Let me know if you run into any further issues, but this should solve it for you!

An Apple a Day…

broken appleLongtime readers of this blog will know that three years ago I made the jump from Windows Phone to the iPhone.  I have few regrets about the move… the selection of apps on the iPhone (as well as the quality of them) is infinitely better than what I had on the Windows Phone.  I can also FaceTime with my son while he studies overseas (and yes, I know that between Skype and Viber and WhatsApp and the myriad other options that compete with FaceTime, but this is easier).

My first iPhone was the iPhone 5 that I was given when I first visited Rakuten in Japan.  When I came back to Canada I sold my Windows Phone and bought my second iPhone 5 off eBay (used)… mostly because I expected to be going back to Japan shortly thereafter, and the Windows Phones were not supported on the Japanese carriers.

A year later I went into the Apple Store in Bellevue, Washington.  I outlined that visit in an article called Thank You For the Lousy Customer Service!… I can assure you that the article speaks very HIGHLY of the Apple Store.   Despite my having bought it used in a different country, they replaced the device for me.

That phone lasted me a few months and they was sold to a friend, and I bought the iPhone 6 Plus.  A few days later I exchanged that one (which was just WAY too big) with the iPhone 6.  That phone seemed to be the right size for me.

It was not quite a year later that another friend bought my iPhone 6 from me, and I ended up with my iPhone 6S… no longer the latest and greatest, but certainly close enough to count.

All of that to say that I have gone through six iPhones since October, 2013… an average of about one phone every six months (although that is not really how it worked).  I have stuck with it despite during that time people saying that Android is better now… I just prefer the Apple.

What I do NOT prefer, unfortunately, is having to go to the Apple Store when things go wrong.  It is, for me, one of the least pleasant experiences that I do NOT look forward to.  Why? I may like the device, but I still despise the Cult of Apple.

Recently I got to Montreal only to find out that the charging cable for my iPhone fried into the phone itself.  I had to go to the Apple Store at Dix-30, a mall on the south shore of Montreal.  Even though the problem was likely due to a faulty phone, and even though I had paid for the Complete Care Warranty, I still had to pay for a replacement, since the damage was considered physical.  I did not have to pay full price (I think it was $130), but even so, I am disappointed that my CCW did not cover it.

At least, as I sat there waiting for the privilege of having a ‘Genius’ help me, I was able to sit and use my Samsung phone to do whatever I could not do on my iPhone.

Windows.old is getting old…

Earlier today I was looking for a script to remove the c:\Windows.old directory from my computer following installation of a new version of Windows.  Unfortunately, in these times of “Windows 10 is the last desktop OS we will ever deliver, but we are updating it to a new version every six months,” this is needed now more than ever.

The script that I dug up I did not write.  I think I borrowed it from TechNet a few years ago.  However, it works well, so feel free to use it! -M

$path = $env:HOMEDRIVE+”\windows.old”
If(Test-Path -Path $path)
{
#create registry value
$regpath = “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Previous Installations”
New-ItemProperty -Path $regpath -Name “StateFlags1221” -PropertyType DWORD -Value 2 -Force | Out-Null
#start clean application
cleanmgr /SAGERUN:1221
}
Else
{
Write-Warning “There is no ‘Windows.old’ folder in system driver”
cmd /c pause
}

Change the Page in Command Line

Have you ever wondered what happens when you format a server (or any Windows system) with a small bootable drive, and a large secondary drive?  Why would you?  It shouldn’t matter, right?

Recently a client of mine discovered different, when he formatted a server and then discovered that the Paging File was placed on the D drive, because it had more room.  If you try to use diskpart to clean a drive that holds the Paging File, it will fail.  Oops.

So, in Server with a GUI (or Desktop Experience, or whatever you want to call it) it is easy to open the Virtual Memory tab under Advanced System Properties and change the size, change where it sits, and so on.

image

Great… but what if we want to modify these settings in Server Core?  Or frankly, what if you have hundreds (or thousands) of systems that you want to configure?  The answer is, as usual, Command Line (PowerShell can do it too I am sure… I haven’t looked).

WMIC.exe is a command line tool that was developed to allow administrators to manage the Windows Management Instrumentation (WMI) from the command line (CLI).  It does myriad things, but for our purposes, we are going to use it to modify the Page File.

Step 1: See what you got!

From a command prompt, run the following command:

wmic.exe pagefile list /format:list

This will let you know where your page file is, and its usage.  The screenshot below shows that my Microsoft Surface Pro 4 has a page file of 2432 MB.  For a 16 GB laptop, that might be a little insufficient.

image

Step 1: Modify what you got!

Okay, it is fine for me that it is on the C drive, but I wish it was larger… and I no longer want it to be Automatically Managed. So:

wmic computersystem where name=”%computername%” set AutomaticManagedPagefile=False

The first step was to remove the automatic management.  That’s done.

Next, I want to  set my page file to have a 4 GB minimum and an 8 GB maximum.  Let’s do that:

wmic pagefileset where name=”C:\\pagefile.sys” set InitialSize=4096,MaximumSize=8192

Great, that is done.  Note, if my client wanted to change the location of the paging file, he would have changed it there.  If I had wanted to place it on the D drive, I would have done the following:

wmic pagefileset where name=”D:\\pagefile.sys” set InitialSize=4096,MaximumSize=8192

So there it is…  I ran these commands on my Surface Pro 4, and I should now have my 4-8 GB page file, right?

image

Wrong.  Anyone care to guess what is missing?  When do page files change?  Yes, a reboot is required.

I rebooted my system, and here’s what I got:

image

Success!  I achieved my goals… and with a bit of research, so will you.

Thanks to Microsoft MVP and fellow MCT Marcelo Sincic for reminding me the proper syntax!

Let’s Go: Creating a Windows to Go Hybrid Device

WindowsToGoRecently I wrote a review of the Apricorn Aegis Secure Key 3z Flash Drive, a spectacular USB key with some great security features, including a unique keypad that requires you to unlock your device before connecting it to your computer.  The same day I received a comment.  Anthony asks:

Would you be able to provide a link with the exact steps to create the Image of WTG on the USB key?

Anthony, it will be my pleasure.

Firstly, I reviewed my archives.  It seems that I have written a couple of articles on the subject.  The first one, when Windows 8 was in beta testing, showed how to do it from the command prompt… before there were GUI tools.  That article is here.

A couple of months later I wrote about doing it in Windows 8 RTM, with the GUI tools.  That article is here.

With that said, both of these articles are now over five years old, and both pertain to Windows 8.  I figure it is time to update them.  So we are going to do a couple of things here:

  1. We are going to create a new Windows to Go key ;
  2. We are going to modify the key so that we have a 15GB data partition.

I will be honest, I was going to go through the process of creating the Windows to Go key using PowerShell, but the preferred method (from Microsoft) is to use the Windows to Go creation tool.  I would rather use that.  If you want to use PowerShell, there are some articles I can point you to… but they are all a lot more complicated than they need to be.

Create Windows To Go

I have mounted the Windows ISO file (Windows 10 Build 1709)  to my E:.  My USB key is clean and virginal and ready to go.

1. Launch the Windows to Go Control Panel from the Start menu (or Cortana… just type in Windows to Go and it will come up).

image

2. Select the drive you want to use (only drives that are compatible will be displayed), and click Next.

In the next screen, you should have the option of Windows 10 Enterprise. 

image

If your screen is blank, perform the following steps:

  1. Ensure your Windows 10 Enterprise image is mounted;
  2. Click on Add search location;
  3. Navigate to the location where your .wim file is located (in my case, it is e:\sources\)
  4. Click Select Folder.

You should now see your image… and others, if the .WIM file contains different images.  Please remember, while you can select any of these, only Windows 10 Enterprise Edition will work for Windows to Go.

image

Click Next.

3. Now you can enable BitLocker and set a password for it.  I am not going to enable BitLocker for now, because I plan to resize my partition later.  If I did not plan on resizing, I would do it here, then click Next.

image

The next screen is the ‘Ready to create your Windows To Go workspace’ screen.  It will reassure you that this is not a two second process, and should take some time.  It also warns you that the process will wipe out any information on the drive.  That is why I generally like to use new keys for Windows To Go… or, you know… back my stuff up first!

image

When the process is complete, you will have the option to have Windows change your boot order, so that your system tries to boot from USB first.  I do not generally choose this option if creating from my desktop, simply because it is not uncommon for me to have three or more USB drives connected to some of my computers… and most of them are not bootable.  However if I am creating a key from my laptop, I do prefer it.

image

Okay, my Windows To Go key has been created, and I am ready to go… but not quite.

Create Data Volume

Okay… according to Windows Explorer, I have a 59.2 GB drive with 44.4 GB free space.

image

As I mentioned, I want to use this device as a hybrid… part Windows To Go, part portable storage.  So I am going to shrink the size of my Windows drive by 15 GB, leaving me a respectable 29.4 GB free on my WTG drive, and a 15 GB data partition.

This is one of the steps that is easier in the GUI.  I played around a little bit in PowerShell, and the following cmdlet worked:

Resize-Partition -DriveLetter “F” -Size 44.28GB

The reason I say it is easier in the GUI is simply because you can reduce by a certain amount (15GB, for example), whereas in PowerShell you have to reduce to a certain amount (44.28GB in this case).  Either way, it works… and I have 15GB of unallocated space.

image

We can simply create the volume in Disk Manager, but I would rather do it in PowerShell.

Get-Disk

This shows us the number of the disk we are using. I determined it was Disk 2.  So:

New-Partition -DiskNumber 2 -UseMaximumSize –AssignDriveLetter

My new partition needs to be formatted, and I trust I don’t need to show you how to do that.

What’s Left?

Now that I have my hybrid key created, I want to remember to enable BitLocker on both partitions.  I want to set a strong password on both drives.  Remember, by definition, this is a portable device, and even though I may be using an Apricorn key with a numeric key code, I remember that Defense-In-Depth is how I sleep sound at night.

Conclusion

So… that’s it!  I know this article is a hybrid of GUI and PowerShell and such, but then… the word hybrid is right there in the title!  I hope it has helped, and that you will be able to go forward and create your own Windows To Go hybrid devices!

Corrections!

Earlier today I published my article called USB & Windows to Go: Key In! on this site.  Because of my eagerness to get the article out (recently I posted that I would be trying to post a lot more frequently), I have been informed that I made a number of minor errors.  Here are the corrections:

  1. The ASK3Z keys are available in sizes from 8GB to 128GB, and not 256GB as I had mentioned.  This has been corrected in the text.
  2. Apricorn offers larger capacity devices in their ASK3 line, including a 240GB and a 480GB model.  These devices run the identical firmware, and have all the same features as the ASK3Z.
  3. If the brute force is tripped, the drive will crypto erase the encryption key, so that the data cannot be accessed.  The drive itself is not actually wiped, but cannot be accessed.
  4. Because the key code is entered before the key is inserted into the computer, there is no possibility for a key-logger to steal the PIN.  (This is not a correction, but another point I should have mentioned because it is cool!)
  5. With regard to the rebooting, I am told that the Lock Override Mode is the best way to use the device as an OS host, so the Secure Key will disregard the Re-enumeration signal from the USB port while the system reboots.

Sorry for the misunderstandings, and thank you Craig for helping me out here!

M

USB and Windows to Go: Key in!

I have written in the past about several different Windows to Go (WTG) key options, and have leaned heavily toward the ones with Military Grade Security (MilSec).  They are all good, they all do just about the same thing.  Of course, there are differences with deployment methodology, as well as the tools that support them, but in the end, you plug a key in, you boot from it, you have Windows.

Recently I was introduced to a key that sets itself apart, and it is obvious from the first glance.  Just open the box of the Aegis Secure Key 3z Flash Drive from Apricorn Inc., and the first thing you will notice is that its top is covered with a numeric keypad, along with three lights.  The polymer-coated wear-resistant onboard keypad allows you to unlock your device with a numeric passcode before using it.  Wow.  This really does change things!

ApricornI had the opportunity to speak with Craig Christensen of Apricorn Inc. recently, and we discussed several of the features, as well as use cases, for the Aegis Secure Key 3z .  Some of the scenarios were obvious, but others really made a lot of sense.

It should be know that this key, available in sizes from 8GB to 128GB, was not designed special for Windows to Go.  In fact, according to Mr. Christensen, the vast majority of their users do not use WTG, and in fact the majority of customers who run a bootable operating system off the key are in fact using Linux.  Indeed, most of their customers are using the keys to store… well, data.

What sort of data?  Well, that would depend on the customer.  But with penetration into governments, military and defense contractors, aviation, banking, and many more, it is clear that the keys are in use by many serious people and companies for whom security breaches could mean more than a simple loss of competitive advantage.  Intellectual Property is certainly important to manufacturers, but when it comes to other sectors, the stakes get much higher indeed.

So let’s enumerate some of the unique benefits that these keys have over their competitors:

  • Separate administrator and user mode passcodes. as well as possible read-only passwords
  • Programmable individual key codes that can be unique to an individual, granting user-level access
  • Data recovery PINs in the event a PIN is forgotten… or in the event a user leaves the company on bad terms
  • Brute-force defense, wiping the device clean after a set number of wrong attempts
  • Unattended auto-lock automatically locks the device if not accessed for a pre-determined length of time
  • Self-destruct PINs allow a user under duress to enter a code that immediately and irretrievably wipes the device clean
  • Meets FIPS 140-2 Level 3 standards for IT and computer security
  • IP57 Certification means the device is tough, resilient, and hard to kill.  With its rugged, extruded aluminum crush-resistant casing, the Aegis Secure Key is tamper evident and well-protected against physical damage.

In short, this is a tough little device.

I decided to have a little bit of fun with the key this weekend.  The first thing I did was to create a WTG key.  Like my other WTG keys, I got the 64GB model, although they are available in much higher capacities.  So once Windows was installed, I was left with about 50GB of free space on the drive.  I have realized over time that unless I plan to use the key as my primary PC (I do not), that is more than plenty,  Yes, I will install Office 365 and Live Writer and SnagIt, as well as a dozen other applications I can’t live without, but I will still never need more than 35GB of that.  Possibilities…

Okay, Let’s shrink my Apricorn’s volume by 15GB.  It is now about a 45GB volume (formatted).  I then created another volume for my Data.  of course, I have both partitions Bitlocker encrypted, because Defense In Depth is important to me.  So now, the partition table on my key looks like this:

image

In short, I have my 350MB System volume, a 44GB Boot volume, and a 15GB data volume.  Why would I want that?  Remember when I said that the majority of customers use the Apricorn keys for data and not for Windows to Go?  Well, doing things this way, I can have the best of both worlds.  I can use the key to boot into my environment, but I can also use the 15GB MDG-Data  volume as a regular, highly encrypted and protected USB drive.

Of course, I had to test that theory.  I made sure I was able to take the key to another pre-booted installation of Windows, key in my code, plug the key in to that computer, enter my Bitlocker password, and use the key.  Yessir, it worked.  Woohoo!

So let’s see… My Apricorn key, which is rugged and not going to break, can boot into a secure Windows 10 environment; it can be used as a secure data thumb drive; it can be used as a combination of both.  Nice!

At USD$159, the 64-GB key is competitively priced.  Unlike many competitive devices, the prices are cited right on the web page, and you can even buy direct without having to set up an account and speaking with a salesperson.  If you are a company looking for volume discounts, you can also buy them from distributors such as Softchoice, TechData, Canada Computers, and many more.  For a clearer picture of where to buy from in your region, visit their Where to Buy page.

I have been working with the Apricorn drive as my primary workspace today, and there are only two very minor drawbacks that I have found:

  1. The drive does get hot.  This is no different from the other WTG keys I have discussed in the past.
  2. If your USB port loses power for a split second on reboot (most of them do), then you have to shut your computer down and unlock the key again.  However, if your USB port is persistently powered, this will not be an issue.

Whether you want it for Windows to Go, for data storage, or for a combination of both, the 256-bit AES XTS hardware-encrypted Aegis Secure Key 3z Flash Drive from Apricorn Inc. is certainly a must-have.  I know that going forward, this is a key that will always be in my pocket!

A quick teaser…

As many of you know, I have always had a soft spot for Windows to Go (WTG), a technology that Microsoft introduced in Windows 8.  I have written reviews and how-to articles on the topic dating back to June, 2012.  While I do currently have a favourite device, I have three (3) of them on a key ring that I use for different reasons.

I am excited.  Yesterday I had a conversation with a representative of a company that makes a secure key that supports (but is not certified for) Windows to Go.  While it may not be certified by Microsoft, it does have some very interesting features that are unique among its competition.  I am looking forward to receiving a unit to evaluate, so I can tell you how it goes.  I will not give you any spoilers, but I also promise that I will not be giving any marketing spiel whatsoever… my review will be technical, and accurate.

Stay tuned!

WTG

A New Year… A new me?

Happy-New-year-2018

You may have noticed that although this article is all about the new year, it is not my first article of 2018.  In fact, the article I published prior to this one was written the week between Christmas and New Years… and I felt that publishing then might have been less than beneficial.

So as I type these words it is Tuesday January 2nd, and I am back in my office in Ottawa, after having enjoyed a wonderful week (10 days really) in and around the GTA (That’s the Greater Toronto Area, for those of you unfamiliar).  I spent time with friends, family, and loved ones.  I did more driving than I would have liked, and did not eat nearly as well as I would have liked.  I relaxed, I ran around.  All in all, it was a typical holiday week.

I have a lot of plans for this year, and I am hoping to be able to achieve a lot of goals.  I am not one for New Years Resolutions… but I am hoping to get a few things going.  One of these is to blog more often than I have been.  I remember the dedication I put into this site when I was at my peak, and the past two years I have, compared to 2012-2014, been positively neglectful.  That stops now.  I cannot promise a blog article every day, but I would like to aim for two articles per week… one technical, one non-technical.  Let’s see how that goes.

Once again, I would like to thank my loyal readers… without you, I am nothing!

DCPromo No More… PowerShell!

I needed to build a new domain controller for a friend’s company recently.  It is something that I have done so many times over the past two decades that some things are just instinctive… like typing dcpromo to create a domain controller.

dcpromo

Right… I had forgotten about that.  dcpromo has been deprecated.

You could go through the process of doing it through the Server Manager, but it really is more work than is needed.  Instead, try the following PowerShell script::

#################
#
# Script to create Active Directory Domain Controller.
# Written by Mitch Garvis for Cistel Technologies Inc.
#
# Enjoy!
#
#################

# Install Active Directory

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

# Create Domain Controller

Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath “C:\Windows\NTDS” `
-DomainName “domain.com” `
-InstallDns:$true `
-LogPath “C:\Windows\NTDS” `
-NoRebootOnCompletion:$false `
-SiteName “Default-First-Site-Name” `
-SysvolPath “C:\Windows\SYSVOL” `
-Force:$true

That should do it… just change where it says ‘domain.com’ to whatever domain you want to use.  Run it.  In a couple of minutes, you will be asked to enter a Safe mode Admin password.  A few minutes after that, you should have a brand new domain controller.

Remember, depending on the size of your Active Directory, it may take several hours to replicate to the new DC… so give it time 🙂

Renaming Files en Mass…

Nikon D5100I take a lot of pictures… not only with my phone, but also with my Nikon DSLR camera.  It is one of my hobbies… I am not very good at it, but I enjoy it nonetheless.

Keeping track of hundreds or thousands of pictures is easy, as long as you copy them into the appropriate directory in your computer.  It is easy to keep track, so I might have the following files in a directory:

Volume in drive E is SWMI Blue-2T
Volume Serial Number is 9ED7-318E

Directory of E:\Holiday Snaps

2017-12-19  03:26 PM    <DIR>          .
2017-12-19  03:26 PM    <DIR>          ..
2017-12-19  03:26 PM                 0 dir.txt
2008-05-25  03:54 PM         3,102,650 DSC_0001.JPG
2008-05-25  03:55 PM         3,107,741 DSC_0002.JPG
2008-05-25  03:54 PM         3,102,650 DSC_0003.JPG
2008-05-25  03:55 PM         3,107,741 DSC_0004.JPG
               5 File(s)     12,420,782 bytes
               2 Dir(s)  280,903,417,856 bytes free

That is great… except for the fact that if I search my hard drive for a file named DSC_0004.JPG, I might have hundreds of them, depending on how my camera is configured. So what I like to do is rename all of my files from a specific event, like so:

E:\Holiday Snaps> ren DSC_0*.* HolSn*.*

E:\Holiday Snaps> dir

Volume in drive E is SWMI Blue-2T
Volume Serial Number is 9ED7-318E

Directory of E:\Holiday Snaps

2017-12-19  03:30 PM    <DIR>          .
2017-12-19  03:30 PM    <DIR>          ..
2017-12-19  03:26 PM               553 dir.txt
2017-12-19  03:30 PM                 0 dir1.txt
2008-05-25  03:54 PM         3,102,650 HolSn001.JPG
2008-05-25  03:55 PM         3,107,741 HolSn002.JPG
2008-05-25  03:54 PM         3,102,650 HolSn003.JPG
2008-05-25  03:55 PM         3,107,741 HolSn004.JPG
               6 File(s)     12,421,335 bytes
               2 Dir(s)  280,903,417,856 bytes free

Great… I now have my files named HolSn (for HOLiday SNaps).  If I only go on holiday once in my life, I am set.

What I want to be able to do is to rename the files with more descriptive names… like Havana July 20170001.JPG, and so forth… and if I only have four or five pictures, that is easy enough.  With hundreds and often thousands of pictures, it can be ridiculously laborious.  So instead, we are going to use some old Command Prompt/Batch Magic.  Watch this:

E:\Holiday Snaps>for /f %a in (*) do ren “%a” “Havana July 2017 %a”

E:\Holiday Snaps> dir

Volume in drive E is SWMI Blue-2T
Volume Serial Number is 9ED7-318E

Directory of E:\Holiday Snaps

2017-12-19  03:42 PM    <DIR>          .
2017-12-19  03:42 PM    <DIR>          ..
2017-12-19  03:42 PM                 0 dir.txt
2008-05-25  03:54 PM         3,102,650 Havana July 2017 DSC_0001.JPG
2008-05-25  03:55 PM         3,107,741 Havana July 2017 DSC_0002.JPG
2008-05-25  03:54 PM         3,102,650 Havana July 2017 DSC_0003.JPG
2008-05-25  03:55 PM         3,107,741 Havana July 2017 DSC_0004.JPG
               5 File(s)     12,420,782 bytes
               2 Dir(s)  280,903,409,664 bytes free

That is more like it.  So when you want to rename your files in a Command Prompt, just follow those easy steps.

POWERSHELL

Yes, I know… Command Prompt is out, PowerShell is in.  Also simple…

Get-ChildItem | Rename-Item -NewName { “Prefix_” + $_.Name }

This will do the same thing, but you have to be running a version of Windows with PowerShell… so, not Windows XP! Smile

PS E:\Holiday Snaps> ls

    Directory: E:\Holiday Snaps

Mode                LastWriteTime         Length Name
—-                ————-         —— —-
-a—-       2008-05-25   4:54 PM        3102650 DSC_0001.JPG
-a—-       2008-05-25   4:55 PM        3107741 DSC_0002.JPG
-a—-       2008-05-25   4:54 PM        3102650 DSC_0003.JPG
-a—-       2008-05-25   4:55 PM        3107741 DSC_0004.JPG

PS E:\Holiday Snaps> Get-ChildItem | Rename-Item -NewName { “Havana July 2017-” + $_.Name }
PS E:\Holiday Snaps> ls

    Directory: E:\Holiday Snaps

Mode                LastWriteTime         Length Name
—-                ————-         —— —-
-a—-       2008-05-25   4:54 PM        3102650 Havana July 2017-DSC_0001.JPG
-a—-       2008-05-25   4:55 PM        3107741 Havana July 2017-DSC_0002.JPG
-a—-       2008-05-25   4:54 PM        3102650 Havana July 2017-DSC_0003.JPG
-a—-       2008-05-25   4:55 PM        3107741 Havana July 2017-DSC_0004.JPG

PS E:\Holiday Snaps>

I hope this helps…. now if you don’t mind, for some reason I am thinking I should book a vacation!

Dynamic Lock: Walk away securely.

Dynamic-LockOne of my pet peeves when walking through organizations that I consult for is seeing unlocked and unattended workstations.  I hate seeing this, knowing that anyone can sit down at their desk and do… whatever.  I know people who would sit down at these unlocked workstations, and send an e-mail to the entire organization (in the name of whoever’s workstation they was at), saying that they were buying beer, dinner, vacations, whatever.  Of course, *I* would never do that… it might be considered unethical.  But someone out there does it, and did it at a few companies I have worked at.  Funny, the behaviour seemed to stop when I left the company.  A weird coincidence, I know.

imageI have been saying for years that it would be a great feature if Microsoft could allow users to have a token – a key card or something – that would automatically lock their computers if the token were removed.  In Windows 10 Edition 1703 they have finally done it.

Dynamic Lock is a feature that is enabled in the Sign-in options, and is one of those great new features that I have not heard too many people talking about.  If you carry your smartphone around with you, and really, who doesn’t these days, then it is easy to implement and use.  Here’s how:

  1. Pair your smartphone to your desktop or laptop.  Oh, did I mention?  This will only work if both devices have Bluetooth enabled.
  2. Open Windows Settings, then select the Accounts option.
  3. On the left side of the window click Sign-in options.
  4. Click the check box under Dynamic lock.

image

That’s it… as simple as that.  Walk away with your phone (out of Bluetooth range), and within a minute your computer will lock down.  For those of us who are used to locking every time we walk away, this may not be an issue.  For the rest of you out there… set this up today!