Archives for 2013

Using %USERNAME% in a DFS link path

So I was reading on technet social a question about using environment variables in DFS paths. In this case he wanted to use the %username% variable. I have also thought about how nice that could be, a little magic. And all users could have the same URN for there homedirectory. Just think how nice \\domain.local\dfs\MyHome feels. Well on with the blog, you cant. It doesn’t work. [Read more…]

Clean users email addresses from old domains

So you have lots of domains in your exchange environment that you don’t use anymore. Well you remove them from the accepted domains and what do you know. They still exist on all the users. So how do we clean this up. Well I wrote a small Powershell script that does just that.

Lets start with getting all accepted domains:

And now just list all addresses that are wrong:

And now just rerun the script altered so it removes the addresses instead:

[Read more…]

Moving a fileshare on the same server

So I saw a question on Social Technet and decided to answer it. So how do I move a server share from one drive to another in the same computer.

First we need to have the data on the new location. I prefer to use robocopy with a minimum of /E /COPYALL.

To make sure nobody changes the data during the final copy I suggest stopping the server service. So now the data is migrated, what about the share then. Since we know that to migrate shares between servers by dumping the registry, just changing the path is simple.

[Read more…]

Dumping shares from the registry

Most people know that dump all shares on a server to a .reg file to be able to add them to another server.

Where do Windows store all the shares?

Windows stores the share information in the registry.

Registry LanmanServer Shares

So how can I easily export the shares to a file

Im a powersheller, isnt there a cmdlet?

If you are fortunate enough to run Windows 2012 or later you have Get-SMBShare and Get-SmbShareAccess.

Get the shares back now then

If you have exported the share to a registry file. Well just reimport the regfile. And restart the Server service.

Well if you are running 2012 or later on both the origin and destination server you could build a simple script with New-CIMSession, Get-SMBShare, Get-SMBShareAccess and New-SMBShare.

UAC modified groups

So I was searching for which groups that User Access Control (UAC) removes from the default kerberos ticket. After alot of googling, and even reading the old UAC blog. So I decided to make the list myself. And not finding it I decided to build the list.

But first what is UAC?

UAC helps secure a system by removing some groups from the kerberos ticket used by Explorer.exe. When you run a program as Administrator it will run with the full kerberos ticket.

Which windows groups are removed from the default kerberos ticket? [Read more…]

Add a Private folder to all homedirectories with ACLs

So I found a user on Microsoft Social that needed some help creating a Privet folder in all users home directories and applying special permissions on that folder.

So I reused some old blog entries about Using powershell and SIDs to change ACLs and Remove NTFS rights inheritance using Powershell and wrote together a small script.

This script will take all users with a homedirectory, create a Private folder, and then set the required rights.

Remove NTFS rights inheritance using Powershell

So I needed to remove the inheritance of a folder. Yes its easy to do with icacls, just icacls /inheritance:e|d|r. Where E is enable, D is copy all ACEs and R removes all inherited rights.
But this is about doing it with powershell. [Read more…]

Getting the MD5 or SHA1 of a file?

If you are running the latest version of windows you can use the new Cmdlet Get-FileHash. For all others Microsoft has a tool called Microsoft File Checksum Integrity Verifier or FCIV for short.

The cmdlet supports the following hashes.. SHA1,SHA256,SHA384,SHA512,MACTripleDES,MD5,RIPEMD160
The FCIV supports SHA1 and MD5.

Examples:

[Read more…]

Getting rid of special characters

So you want to create the username based on the name of the person. Well if the person is of nordic decent he/she might have funny characters that might brake your scripts. So how do we guarantee that you only get a-z?

For fun we will be calling our new user Räksmörgås, why is that? Well it is a swedish word containing all of our special characters. And I do like shrimp sandwish.

First we start with the really lazy approach:

Well that doesn’t really make me happy. I can’t visualize the word using what I got so I need to pick it up a notch. [Read more…]

What to remove in DNS to to stop Client Access to Domain Controllers

So you want to get rid of a domain controller, but dont want incidents with systems configured directly to that controller?

First of start with disabling the dynamic registration of the Domain Controller in DNS. The easy way of doing that is by setting the registry value of UseDynamicDns to 0.

So now the Domain Controller wont register it self in the DNS again. So now lets start to remove entries from the DNS. There exist a list in the %WINDIR%\System32\config\netlogon.dns, Below is an example of that list. [Read more…]