Archives for October 2013

Run cmd as the system account.

So I really need to access some things that only the system account has access to in this case the \System Volume Information.

First off lets download PSExec which is a part of PSTools from Microsoft Sysinternals.
Unpack the

So what does the /D /I /S stand for. Well /D tells psexec not to wait until the process is done prior to returning. /I is that the new program is to interact with a session on the computer. /S is for run as system.

In case you are running an really old system you might use the AT command to execute a cmd to interact with the desktop and under the system account.

Remembers that casting variables is sticky

So I got a question about a variable that was acting up in a colleague’s script, so we took a look together and solved it. I really like what he managed to do once we figured it out. Lars made a script that configured some parts of IIS site from a CSV file (blog post in swedish, script in english). At one time we had a variable called $test and that was casted to string. Then later we were trying to use the same variable for a hashtable and it didn’t work.

What happens if you cast a variable and then try to enter some other type into it.

So remember to remove the variable using Remove-Variable when you are done.

Or you could just recast it everytime..

Find who is mailing the entire internet from our Exchange 2007 or later

So my customer got banned from mailing hotmail and a few other microsoft spam protected domains. So what is the jig.

Lets start to examine the error message that we got:

Well this seems a nice error with a nice error code, so lets go to the troubleshooting page. There we find the following:

[Read more…]

Save and Restore NTFS permissions using ICACLS

So you need to make a big NTFS rights change. Well before changing anything do you have a good backup of the old permissions?
Most people will say I got a backup. But restoring the backup will take much longer than restoring just the permissions.

So how do I make a backup of the NTFS permissions?

[Read more…]

Special NTP GPO for the PDC

Each and every domain should be timesynced to the realworld, outside stockholm where I live. Sorry old joke from the old Swedish Comedy series.

Well all domains should have a reliable time provider, I suggest using an internet source or a GPS source. Also All domains should have a easy to understand time sync tree. I want the PDC to own the time for the domain. But since that role might move, smarts is required. I create a WMI filter and a GPO that I link into the Domain Controllers OU. Please dont move the domain controllers from there..

[Read more…]

Moving users automatically after logging into new platform.

So in a thread on Microsoft Social. A user asked for help moving users to a directory after they had logged on to a Windows 7 workstation. This is my suggestion.

So first lets create a list of who has logged on to the new platform. A simple script that saves a file with the name of the logged in user in a folder. We will then execute this using Task Scheduler on logon or logon script of the user. Remember to grant rights for all users to create files in that share.

So now we have a share with files of all users that has logged on. Lets do something with them.

So after running the second script we have moved the users.. Yeay.


Different methods of removing user profiles

Sometimes I see people removing user profiles by just going into explorer. Going to the SystemDrive\Users folder, and using delete. Well this worked perfect on Windows 2003. But with upgrades to the profiling system with Windows 2008 and later this is a really bad idea.

There are 2 basic ways to remove user profiles in Windows today. And one for the special people.

[Read more…]

Get Application + Assigned Groups + Number of members in an XenApp 6.0 Farm

So my customer needed a list of all Applications installed in their XenApp 6.0 farm. With which groups had access and number of members in each group.

So we installed the XenApp 6 Powershell SDK on a server and then I built this small script.

This is the final version of the script:

If you want all the member of membergroups you will have to change the first part to:


Things get better – Remove-Item -reCURSE

Those who dont learn history are bound to repeat it. I know Remove-Item -Recurse was broken.. I know it has been fixed.. I still forget it on old systems sometimes.

If you are running Windows 2008R2 or older system and want to remove directories using powershell well Remove-Item -Recurse might sound smart but wait.. There is a little problem with that cmdlet.

Well Microsoft has fixed that with Windows 2012.  But I still sometimes need to script on older systems, its easy to forget that its broken. If I run the same command on a Windows 2012 or 2012R2 Preview I get the following: [Read more…]

NetBIOS vs FQDN server names

Why should I really think twice before using a single NetBIOS name in a path.. Using NetBIOS names is a relic from old times. Today we have the possibility of using fdqn and I believe doing anything else is a bad idea. So why fqdn when netbios is so much shorter. Well your company buys the competitor and both have a fileserver called \fileservercommon. This requires you to handle it directly if you had used fqdn you would have \fileserver.ourcompany and \fileserver.othercompany. So It gives us the possibility of merging with other companies with less problems.

[Read more…]