Saturday, November 10, 2018

How to Configure a Default Login Screen for Windows 10 with Group Policy

1. Create a folder called "Logo" under NETLOGON

2. Add the image to the folder

3. Use %logonserver% to identify multiple domain controllers since if you identify one specific DC and it goes down or there is any other problem with a particular DC, user's won't get the login screen image (the policy won't run on login).

Example: \\%logonserver%\netlogon\Logo\w10-lock-screen.jpg

4. The GPO Setting is under Personalization under Computer Configuration


Share:

Thursday, November 8, 2018

Migration from Exchange 2013 to Office365 Authentication Error

1. Verify that the Administrative user has the permission for "Application Impersonation" in the Exchange Admin Center.

2. Change all users in your local Active Directory over to the UPN for the verified (publicly resolvable Active Directory Domain). Powershell command:

$LocalUsers = Get-ADUser -Filter {UserPrincipalName -like '*domain.local'} -Properties userPrincipalName -ResultSetSize $null

$LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace("domain.local","public.com"); $_ | Set-ADUser -UserPrincipalName $newUpn}

3. Sync your Azure Active Directory Tool (Force the Update)

Start-ADSyncSyncCycle
Start-ADSyncSyncCycle -PolicyType initial

4. Verify that your login with "public.com" is working on https://portal.office.com

Username: stewie.griffin@public.com
Password: test0!

You call that a password?

This is a password son!!: %&^*(LUIKG/73&^%HVJB)&*(YIU)(&*^UTY8567irtufgykA&*(^RTUFGYOHPI()$%^^#$%TE
Share:

How to Fix Microsoft Exchange 2013 to Office 365 Error ews/mrsproxy.svc' failed.The HTTP request was forbidden with client authentication scheme ‎’Negotiate‎’

1. The first part of the denial is that the Exchange 2013 server has to be set to "0" instead of "1" in their attributes.

2. Login to your DC and then search for ADSI Edit (Windows 2012/2016/2019 Server):

Change the "adminCount" setting to "1" and then reboot the server (NOTE: I saw that even on reboot, this flag remained. So I doubt it has anything to do with the http authentication.) This is when I then ran the following commands on the Exchange 2013 Server itself in EMS. This is the Microsoft article: https://support.microsoft.com/en-us/help/2975731/access-is-denied-error-when-you-try-to-move-mailboxes-to-exchange-onli but it had no impact at all on the error even after rebooting. It just came back.


3. Login to the CAS or Exchange Server and Open the Exchange Management Shell

4. Run the following command in the EMS:
[PS] c:\Windows\system32\Get-WebServicesVirtualDirectory | select *auth*

5. Look at the output for BasicAuthentication. You will see it set to false:



6. Run the command: Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory –BasicAuthentication $TRUE

NOTE: if it times out in CAS you can also run it on the Exchange Server or do it in the Exchange Admin Center under Servers >> Virtual Directories >> OWA (etc)

7. After this fix. Run the Microsoft Office 365 Hybrid Connection Wizard (You will need your O365 Administrator account and an AD account that is an Exchange organization administrator so that you can complete the wizard.


8. You will need to install the application on the CAS server itself (NOTE: Do not install it on Exchange or your local machine. It will just fail).

9. Run the Data Migration from the Exchange Admin Center after you verify that you have successfully configured the Hybrid tool (also make sure you have already assigned licenses to users and you have the Azure AD Connect tool already configured on your local domain controller.

(NOTE: You have to have a subscription active in Microsoft Azure or if you purchase from Rackspace then your account will have a Tenant account and you will be able to configure the tool).

10. ADFS Configuration using AD Directory Sync:
https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Configuring-AD-FS-for-user-sign-in-with-Azure-AD-Connect
https://www.youtube.com/watch?v=C4wbyAo2-sA


Lifesaver Credit (Thanks Guys!!!): 
http://bit.ly/2zCiuP0 (Jaap Wesselius)
http://bit.ly/2RLGvuv (Dan Djurasovic)
https://deansuzuki.net/2015/05/20/exchange-online-fixing-an-perplexing-exchange-migration-issue-part-1/

Helpful (Not Used, but relevant and may help others):
http://www.azure365pro.com/the-http-request-was-forbidden-with-client-authentication-scheme-negotiate/
http://blog.djurasovic.com/migrating-to-office-365-exchange-online-tips-and-tricks-from-the-field/
https://www.techieshelp.com/exchange-2013-change-owa-log-on-options/
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-user-signin
Share:

Thursday, November 1, 2018

Transfer FSMO Roles

1. Login with a forest level administrator account

2. Open CMD prompt as an Administrator

3. Run the following commands:

ntdsutil - > roles -- > connections --> connect to server dc-servername -- > quit

Schema Master
transfer schema master
<Enter Key>

RID Master
transfer rid master
<Enter Key>

Domain Naming Master
transfer naming master
<Enter Key>

PDC Emulator
transfer pdc
<Enter Key>

Infrastructure Master
transfer infrastructure master
<Enter Key>

Type q / q and that's it! Shut the box down or do whatever you were going to do!

Share:

Wednesday, October 31, 2018

Microsoft Exchange Transport Services Won't Start

Open PowerShell with the Exchange PowerShell CMD Tool

Check the Health of Exchange:
Test-ServiceHealth

Check the Exchange Database Status:
Get-MailboxDatabase -Status | Format-List name,server,mounted

Check the Queues:
Get-Queue | Select Identity,Status,MessageCount

Open up Event Viewer and Read the logs and check what's going on. If you cannot start the EdgeSync Service. Re-Add:

New-EdgeSyncServiceConfig - Site YourSitesandServicesLocation

Start --> Run --> services.msc

Re-Start the services. If Microsoft Filtering is hung. Bounce the server. Mail should start flowing again. If not...Microsoft Support is your friend. Don't take all day...troubleshoot what you can and then bow humbly, give up and call support. Your busy right?

Microsoft US Support: 1 (800) 642-7676
Microsoft US Support (URL): https://support.microsoft.com/en-us/assistedsupportproducts

Mount Exchange Database

Mount-Database -identity Domain\Exchange Server Name\ mailbox name

Get-Server *Exchange* | Start-Service
Get-ServerHealth -Identity Domain\Exchange Server Name
Get-ServerComponentState -Identity Domain\Exchange Server Name
Get-DomainController | fl name,adsite
Get-TransportAgent
Get-AcceptedDomain
Get-ExchangeServer | fl name,admindisplayversion,serverrole,site Add=PSSnapin *exch*


Share:

Sunday, October 28, 2018

How to Install VMware ESXi 6.7 on VMware Workstation 15

Static IP configuration were causing me some headaches. The alternative options are DHCP and DHCP with a reservation if you have a DHCP server you manage. Optionally, you can go the static configuration route but it was a headache for me and I'm busy and have other things to do.

Lab Scenario with VMware Workstation 15 (WS15 was on W10)

1. Download the ISO and then double-click until you find the .ova and double-click it or right click and open it in VMware Workstation. The wizard is pretty simple.



2. After you import the VM and configure the VM with the Wizard. VMware Photon 1.0 will launch and run the scripts in the background. Be patient. It runs for like 5-8 minutes. Just leave it alone. It will boot and you will see the screen. NOTE: Make sure you type in :5480 after the IP or the hostname or you will see bupkis.

https://ipaddress or FQDN:5480. I recommend using the FQDN


3. Select the option that works for you and install everything.


Share:

Wednesday, October 24, 2018

How to Create a Bootable .wim File

1. Download Rufus (Windows Based Systems) / Linux WinUSB doesn't work worth a damn on Ubuntu 18.04.1 LTS at the time of this writing so don't waist your time.

https://rufus.ie/en_IE.html (Don't download it anywhere else)

2. Grab your W10 EE/Pro ISO Image if you don't have VLSC:

https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise (You need a license if you need it more than 90 Days, but for testing/evaluation/school purposes, it's fine.)

3. Launch Rufus and configure the ISO



4. After everything is done. Open the USB and delete the "install" .wim file from \sources and replace it with your .wim file and then rename it  to "install"



5. Boot that sucker and verify everything is working. You're done.


Share:

Tuesday, October 9, 2018

How to Create Bootable Windows 10 USB on Ubuntu 18.04.1 LTS

1. Open Disks app on Ubuntu and format the drive NTFS


Do It The Hard OCD Way:

2. Grab the source code from WoeUSB: https://github.com/slacka/WoeUSB

3. Open Terminal and create a location for WoeUSB:

4. sudo mkdir /opt/woeusb

5. cd /opt/woeusb  && git clone https://github.com/slacka/WoeUSB.git



6. In order to run mk-build-debs you need to install devscripts

7. sudo apt-get install devscripts equivs gdebi-core -y (NOTE: Remove when your done for security of your system)

8. Then prep the environment: sudo ./setup-development-environment.bash

9. cd /opt/woeusb/WoeUSB/ and then run sudo mk-build-deps

10. sudo gdebi woeusb-build-deps_*

Do It the Fast...I Don't Have Time, I'm Busy Way:


2. sudo add-apt-repository ppa:nilarimogard/webupd8 && sudo apt-get update -y && sudo apt-get install woeusb -y














Share:

Tuesday, October 2, 2018

How to Fix "The Specified Virtual Disk Needs Repair" on VMware Workstation 15 on Ubuntu 18.04.1 LTS

You try to enlarge the disk and you run into the error about the disk needing repair.

Verified that works on VMware Workstation 15 on Ubuntu 18.04.1

1. Open terminal on the machine you have VMware Workstation installed

2. /usr/bin/vmware-diskmanager -R /path/to/.vmdk file

3. Go to settings of the VM and try your advanced operation to compact the disk or expand it. Bam...done.


Share:

Wednesday, September 26, 2018

How to Remove Windows 10 Bloatware Permanently

First and foremost...I want to thank at least 10 different bloggers for posting general information and one of the most helpful was Daniel's IT Blog. https://bit.ly/2qtT9SH and Andre Picker http://bit.ly/2NiBeaT (This is for removal of the unwanted W10 Apps from .WIM only)

This is for an IT Image for Windows 10. Why on earth Microsoft doesn't have an "IT" script to remove all the junk they know damn well will never go on a business, enterprise or government computer is beyond me. So we IT Managers, Solution Architects, Systems Engineer's are left figuring out ways to remove the crapware so user's don't put in a million tickets asking questions about using the software or locking their machine up doing something crazy no one anticipated.

Here you go:

1. You can use a Powershell script from How-To-Geek: https://bit.ly/2p3ZjKH but for IT purposes. It's only removing the junk from one profile. Not the entire machine. As soon as you log in with another user. BAM...it's back like a software cancer.

2. You have to disable things in the registry for it to be permanent or you can rely on some task to run from SCCM, but they're not always reliable and many times it appears and then the script has to run for it to disappear. Again, this will do nothing but generate support tickets and unnecessary calls about "What is this thing on my machine? Do I have a virus?".

3. #1 Rule of IT and Troubleshooting. Never give up. Somebody has solved the problem or you will get close enough to fix the issue yourself.

4. Completed on Windows 10 Enterprise Version 1803. OS Build 17134.285

5.  Launch services.msc and stop and then disable the services you don't need (this worked for me, but you may do something different):

Touch and Keyboard and Handwriting
Hyper-V (All)
Microsoft iSCSI
Microsoft App-V Client
dmwappushsvc (Data Collection service)
Downloaded Maps Manager (Microsoft Maps)
Phone Service
Remote Registry
Retail Demo Service
Routing and Remote Access (Unless you have a business need)
User Experience Virtualization Service
Windows Backup
Xbox Settings (All) - FYI. You have to disable the Xbox Gaming Monitoring Feature in the Registry. It won't disable from services.msc. Great Tutorial to Disable in the Registry: https://bit.ly/2z2QHZc

6. Disable the crapware/bloatware permanently (Thanks Daniel: https://bit.ly/2qtT9SH):

HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager
Disable by changing to a [0]
"ContentDeliveryAllowed"
"SystemPaneSuggestionsEnabled"
"OemPreInstalledAppsEnabled"
"PreInstalledAppsEnabled"
"SilentInstalledAppsEnabled"
"SubscribedContent-338388Enabled"
"SubscribedContent-338389Enabled"

7. Create a new local account and verify everything is disabled.

Start >> Settings >> Family & other people >> Add someone Else to this PC >> Click on "I don't have this person's sign-in information >> Click Add a user without a Microsoft Account. >> Type in your username, password and temporary recovery. You will be blowing this away. It's just for testing so don't bother getting all fancy.


8. Those of us that have been around for a while know about Computer Management. Just use this one and blow it away when your done. 



9. If you have to find the account you created (like you joined it to the domain BEFORE you removed it and started working on it locally in a VM...cough...cough). You can find the buried System Properties under Control Panel:


10. Go under Settings and delete the other profiles (Domain Accounts you cannot delete from Computer Management. (*While you're at it, Adjust for Best Performance). PRO TIP: Just leave the thing open. You will be blowing away test accounts.

11. OCD Style (Be Careful):

Delete the packages under C:\MSOCache\All Users\ (One Note/Groove). If you have MS Office installed. Do NOT just go in there and wipe out all of the folders. 

12. PRO TIP: Turn the Hidden Files feature back off before you forget and do something terrible.

13. Windows System Apps Location: C:\WindowsSystemApps. This is where the files and executables are stored. 

14. Location of the files in the registry (FYI. Microsoft makes it difficult to edit these entries): 
HKLM:\Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications

15. Disabling the "PackageRoot" and "PackageRepositoryRoot" could cause unintended consequences. Test and configure to your liking.



16. Appx >> Config >> Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy >> SetupPhase [Default is 27] Changed to 0 (launches the new profile quicker)

17. Appx >> Config >> Microsoft.BioEnrollment_cw5n1h2txyewy >> SetupPhase [Default is 81] Changed to 0 (launches the new profile quicker)

18. At this point, the bloatware is still coming up on launch. Now we kill it. (FYI. I didn't mess with Windows Store at all since it can break all manner of things on updates, etc)

19. Before you run any PowerShell Scripts. You have to enable the ability to run Scripts on Windows 10. Right-click on PowerShell and "Run As Administrator"

PS C:\Windows\system32> Get-ExecutionPolicy
PS C:\Windows\system32> Set-ExecutionPolicy unrestricted

Click Y or S (Suspend) and then run your script

cd ~ to return to your profile location and then cd into your location of the PowerShell Script

20. Powershell easy peasy...Save it as "CleanUp.ps1" and cd to the folder from PowerShell and run it.

#Retrieved on 9.26.2018 from https://bit.ly/2p3ZjKH
#
#Be careful removing Windows Store from Windows 10 since it can
#have unintended consequences for Windows Updates
#
Get-AppxPackage *3dbuilder* | Remove-AppxPackage
Get-AppxPackage *windowsalarms* | Remove-AppxPackage
Get-AppxPackage *windowscommunicationsapps* | Remove-AppxPackage
Get-AppxPackage *officehub* | Remove-AppxPackage
Get-AppxPackage *skypeapp* | Remove-AppxPackage
Get-AppxPackage *getstarted* | Remove-AppxPackage
Get-AppxPackage *zunemusic* | Remove-AppxPackage
Get-AppxPackage *windowsmaps* | Remove-AppxPackage
Get-AppxPackage *solitairecollection* | Remove-AppxPackage
Get-AppxPackage *bingfinance* | Remove-AppxPackage
Get-AppxPackage *zunevideo* | Remove-AppxPackage
Get-AppxPackage *bingnews* | Remove-AppxPackage
Get-AppxPackage *onenote* | Remove-AppxPackage
Get-AppxPackage *people* | Remove-AppxPackage
Get-AppxPackage *windowsphone* | Remove-AppxPackage
Get-AppxPackage *photos* | Remove-AppxPackage
Get-AppxPackage *bingsports* | Remove-AppxPackage
#Do Not disable if you have any visually impaired
Get-AppxPackage *soundrecorder* | Remove-AppxPackage
Get-AppxPackage *bingweather* | Remove-AppxPackage
Get-AppxPackage *xboxapp* | Remove-AppxPackage

21. None SCCM Option/Failsafe Option:

Save the file under c:\Users\Default\AppData\Local\Microsoft\CleanUp\CleanUp.bat
The actual powershell file will live under c:\%WinDir%\system32\CleanUp.ps1

Batch File under AppData:
REM Run an unsigned PowerShell script and log the output
Powershell.exe -ExecutionPolicy Unrestricted .\%WINDIR%\system32\Cleanup.ps1 >> "%TEMP%\CleanUpLog.txt" 2>&1

REM If an error occured, return to errorlevel.
EXIT /B %errorlevel%

22. Setup a Task and configure it to run weekly or on login in or script in in SCCM

23. Remember when you are setting up a Task Scheduler item that you have to have a  bypass for the script to run. I don't recommend turning PowerShell scripting off because it can have a nasty impact on your environment is PS execution is off for all of your machines. Definitely, not a good idea.

Under Actions: Start a Program >> Program/Script: >> Type in powershell.exe >> Add Arguments (Optional): -ExecutionPolicy Bypass c:\path to your script

24. Test it under a demo user. (You will see now why I said just keep Computer Management Open.)

25. Before you shutdown the system and convert it to the .wim image. Make sure that you run disk cleanup and that you delete the unnecessary Windows Update files to shrink the image and cleanup the junk:

CMD Prompt:
C:\ net stop wuauserv
C:\ cd %windir%\SoftwareDistribution
C:\del /F /S /Q Download && Start .

Once in Downloads. Wipe it all out.

c:\net start wuauserv

26. Open Powershell as administrator and clear all of the system logs (so you know that everything is fresh):

wevtutil el | Foreach-Object {wevttil cl "$_"}

If you want to use Command Prompt instead:

for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

27. Type in cmd and then shutdown /s /t 00

28. Use this to remove the apps from the .wim http://bit.ly/2NiBeaT (This is for removal of the unwanted W10 Apps from .WIM only) *FYI. Didn't work for me.





Share: