Browsing "Windows 2012"

Some quick command line tools for AD

1. To quickly list all the groups in your domain, with members, run this command:

dsquery group -limit 0 | dsget group -members –expand

2. To find all users whose accounts are set to have a non-expiring password, run this command:

dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0

3. To list all the FSMO role holders in your forest, run this command:

netdom query fsmo

Read more »

How can I kill RDP sessions from the command line?

If you have hung RDP sessions on a server that you want to kill without rebooting it, run the following:

regsvr32 query.dll [enter] You only have to do this the first time.

query session /server:servername [enter]

reset session # /server:servername [enter]

Why can I not access administrative shares from Windows 7 or Windows 8 ?

Someone asked me about this recently. They had a Windows 8 laptop and a Windows 7 desktop and no matter what they tried, they were unable to access the C$ on either the laptop or the desktop.

They were 100% sure they were using the correct credentials but for whatever  reason, Windows would not accept their login when trying to map a drive (\\desktopname\c$)

The issue is related to UAC and how that restricts remote connections. This has been the case since Vista and the same issue (feature :)  is still in Windows 8.

The issue only applies to local accounts and not domain accounts.

The quick fix is to just disable UAC but if you want to keep that running but still allow admin share access, do the following:

To disable UAC remote restrictions, follow these steps:

  1. Click Start, click Run, type regedit, and then press ENTER.
  2. Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\CurrentVersion\Policies\System
  3. If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:
  4. On the Edit menu, point to New, and then click DWORD Value.
  5. Type LocalAccountTokenFilterPolicy, and then press ENTER.
  6. Right-click LocalAccountTokenFilterPolicy, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Exit Registry Editor.

The LocalAccountTokenFilterPolicy registry entry in the registry can have a value of 0 or of 1. These values change the behavior of the registry entry to the behavior that is described in the following table.

Value Description
0 This value builds a filtered token. This is the default value. The administrator credentials are removed.
1 This value builds an elevated token.

 

How can I clear all the remote desktop session remotely

There are 2 methods to do this:

Method 1:

Open CMD with admin right, then —

A. Type “qwinsta /server:xxx.xxx.xxx.xxx” into the window, replacing “xxx.xxx.xxx.xxx” with the IP address of your server. When you hit “Enter,” a list of active remote-desktop connections will appear. Each session will have an ID number assigned to it.

B. Use the “rwinsta /server:xxx.xxx.xxx.xxx id” command, replacing “xxx.xxx.xxx.xxx” with the IP address of your server and “id” with the ID number of the session you want to end. When you hit “Enter,” Windows will end the selected session.

Method 2:

A. Go to CMD prompt and run ”quser /server:YOUR_SERVER_NAME”, it will list all the remote connection.

B. Still in CMD prompt, run “logoff rdp-tcp#123 /server:YOUR_SERVER_NAME”(where 123 is the sessionname)

Aug 21, 2013 - Windows 2012, Windows 8    No Comments

How to configure Windows Defender to get definition updates in Windows 8 without using Windows Update?

In Windows 8, the automatic definition update work only IF you TURN ON the Windows Update and configure it to install update AUTOMATICALLY!

If you need to turn off the windows automatic update but still want Windows Defender to update its definition, it would be trouble.

According to some references from the internet, you can use the Task Scheduler to help you.
Use administrator right to open a command prompt and run the following:

schtasks /create /tn “My Definition Update” /sc DAILY /MO 1 /st 04:00 /ru SYSTEM /RL HIGHEST /tr “‘C:\Program Files\Windows Defender\MpCmdRun.exe’ -SignatureUpdate -MMPC”

How can I search for all users that have the “Network Policy” set to false using PowerShell ?

If you need to search Active Directory to find users who currently have the “Network Access Permission” set to “Deny Access” on the Dial-in tab of their user account

Dial-in

run this Powershell command:

Get-ADUser -Filter {(mail -like “*”) -and (ObjectClass -eq “user”)} -Properties msNPAllowDialin | Where { $_.msNPAllowDialin -match “False” } | fl Name, msNPAllowDialin

You need to ensure you start Powershell with the AD modules installed.

Feb 4, 2013 - General, Windows 2012    No Comments

How can I clean the WinSXS folder on Windows Server 2012?

WinSXS folder is the component store of Windows vista and later operating systems. Windows OS stores all its core components to WinSXS directory. The WinSXS folder is the only location that the core system components found on the system and all the system files you see in their usual locations, in the windows directory structure, are hard linked back to the WinSXS folder. WinSXS folder is the only location that OS stores its components; everything else are just hard links. To prove the later point you can use the fsutil to check the hardlinks of a system file:

So, WinSXS starts large! But why is growing larger? The answer is updates. Every time a binary updates, a new version of the whole component is released and the old version is retained for reliability reasons in the component store. The updated version of a component is projected to the system (hardlinked) but the old version is retained with no hardlinks. This is the reason an update can be safely uninstalled from the system. If you uninstall an update from the system the next higher version of the component is used and other component changes may also be triggered as a result of dependencies.

Read more »

Related Posts Plugin for WordPress, Blogger...