Its not new or exciting but it made me smile and thanks to this guy I will never forget how to do this off the top of my head, check it out:
Directory differential backup using xcopy
Most Popular Posts
Tuesday, 29 November 2011
Friday, 25 November 2011
SCCM Collection based on executable name
Just a quick one to remind myself how to create a collection of computers that have a specific executable. Create a new collection and insert the following query:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SoftwareFile on SMS_G_System_SoftwareFile.ResourceId = SMS_R_System.ResourceId where SMS_G_System_SoftwareFile.FileName = "vpngui.exe"
change the executable name to one of your choice, all done! :)
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SoftwareFile on SMS_G_System_SoftwareFile.ResourceId = SMS_R_System.ResourceId where SMS_G_System_SoftwareFile.FileName = "vpngui.exe"
change the executable name to one of your choice, all done! :)
Friday, 18 November 2011
Canonical Names Of Control Panel Applets
Allowing access to control panel items via group policy in windows 7 is slightly different to XP and below, now instead of providing the name of the cpl file e.g main.cpl for the mouse you have to provide the canonical name of the applet e.g Microsoft.Mouse so here is a list of all of the Canonical names for future reference:
Canonical Names List
Canonical Names List
Friday, 16 September 2011
Case of the unexplained
I was doing a routine software install on a few machines the other day and the last one I came to was giving me this type of error:
I fired up process explorer and checked the stack for the process but couldn't see anything amiss. I tried rebooting, disabling the anti virus but nothing and then I remembered "When in doubt run process monitor".. . so I did and here is what I saw:
I saw loads of files in a folder in a random users profile being hit by this executable for some strange reason :-\
So... I browsed to the folder myself and found that there were LOADS of files and I mean LOADS and the last one this executable hit was no where near the end of the file structure.
So it seemed that the deep and complex file structure was stopping the installation. I tried to rename the folder but it wouldn't let me, cut and paste to another drive it wouldn't let me so I moved it temporarily inside the windows folder as I thought surely this installer wouldn't try to enumerate the contents of the entire drive.
I then re-ran the installer with this folder now located in C:\windows and lo-and-behold it worked!
Thankgod Mark Russinovich for procmon!
I fired up process explorer and checked the stack for the process but couldn't see anything amiss. I tried rebooting, disabling the anti virus but nothing and then I remembered "When in doubt run process monitor".. . so I did and here is what I saw:
I saw loads of files in a folder in a random users profile being hit by this executable for some strange reason :-\
So... I browsed to the folder myself and found that there were LOADS of files and I mean LOADS and the last one this executable hit was no where near the end of the file structure.
So it seemed that the deep and complex file structure was stopping the installation. I tried to rename the folder but it wouldn't let me, cut and paste to another drive it wouldn't let me so I moved it temporarily inside the windows folder as I thought surely this installer wouldn't try to enumerate the contents of the entire drive.
I then re-ran the installer with this folder now located in C:\windows and lo-and-behold it worked!
Thank
Saturday, 20 August 2011
Cisco E4200 Router & 1080p Video streaming
Just a quick post to say that the Cisco E4200 CAN stream 1080p video with no problems using the 5GHZ Band.
I couldnt find this info out anywhere on the net and had to take the plunge and just buy this router and thank god it works beautifully :)
Currently I am streaming a 10GB+ 1080p MKV video across my network via this router straight to my Samsung Galaxy S2 and outputting to my HDTV.
So just to summarise incase anyone is wondering:
Samsung Galaxy S2 + Cisco E4200 = WIN! :)
I couldnt find this info out anywhere on the net and had to take the plunge and just buy this router and thank god it works beautifully :)
Currently I am streaming a 10GB+ 1080p MKV video across my network via this router straight to my Samsung Galaxy S2 and outputting to my HDTV.
So just to summarise incase anyone is wondering:
Samsung Galaxy S2 + Cisco E4200 = WIN! :)
Friday, 12 August 2011
Pre installing drivers during imaging
Recently I was faced with a challenge of how to pre install drivers for our universal USB docking stations so that a freshly imaged machine can just be handed out to a user without having to go through a manual install of the drivers beforehand.
The way I accomplished this was to use a utility found in the WDK (Microsoft Windows Driver Kit) called DpInst.exe
Here is the documentation for it:
WDK Documentation
At a high level all you basically have to do is get the drivers together in a folder with the correct version of DpInst (x86 / x64), build an XML file (called DPInst.xml) and then run it with a few switches to have it install the drivers for you. Then when a standard domain user comes along and plugs in the hardware it will automatically install it without asking for admin rights!
All you then have to do is build a package and include it in your SCCM task sequence to fully automate this tedious process :)
Thanks
The way I accomplished this was to use a utility found in the WDK (Microsoft Windows Driver Kit) called DpInst.exe
Here is the documentation for it:
WDK Documentation
At a high level all you basically have to do is get the drivers together in a folder with the correct version of DpInst (x86 / x64), build an XML file (called DPInst.xml) and then run it with a few switches to have it install the drivers for you. Then when a standard domain user comes along and plugs in the hardware it will automatically install it without asking for admin rights!
All you then have to do is build a package and include it in your SCCM task sequence to fully automate this tedious process :)
Thanks
Monday, 8 August 2011
How To Import duplicate drivers under different packages In SCCM 2007
I am currently working on building seperate Win 7 driver packages for all of our hardware and one of my colleagues came across an issue where he couldnt import a driver for a Toshiba Tecra A11 because it existed in another package.
I did some reading about how SCCM handles drivers and differentiates between them and wondered if adding an extra file into the folder would be enough to convince SCCM that it was different.
So, I added a file without an extension called "Toshiba Tecra A11 Windows 7 x64 N6200 Driver" and ran the import again and it worked!
Its not ideal and please tell me if there is a better way to do this , but it works beautifully :)
EDIT: I have just been informed by the fantastic Steve Beaumont that there IS a better way to do this, there is a hotfix available from Microsoft that allows you to import duplicate drivers:
Get the hotfix here
I did some reading about how SCCM handles drivers and differentiates between them and wondered if adding an extra file into the folder would be enough to convince SCCM that it was different.
So, I added a file without an extension called "Toshiba Tecra A11 Windows 7 x64 N6200 Driver" and ran the import again and it worked!
Its not ideal and please tell me if there is a better way to do this , but it works beautifully :)
EDIT: I have just been informed by the fantastic Steve Beaumont that there IS a better way to do this, there is a hotfix available from Microsoft that allows you to import duplicate drivers:
Get the hotfix here
Monday, 18 July 2011
SCCM Attempting to load a 64bit application, however this CPU is not compatible with 64Bit mode
I got this error when PXE booting a machine and solved it by re-advertising a task sequence that uses the x86 boot image to our unknown computers collection.
The last one I advertised to this collection was a few weeks ago and as far as I remember was an x64 windows 7 TS.
This is strange behaviour but I guess it stems from the fact I have both x86 and x64 boot media advertised to the same collection, I really should look at creating 2 seperate collections for this......
Cheers
The last one I advertised to this collection was a few weeks ago and as far as I remember was an x64 windows 7 TS.
This is strange behaviour but I guess it stems from the fact I have both x86 and x64 boot media advertised to the same collection, I really should look at creating 2 seperate collections for this......
Cheers
Task Sequence has failed with the error code (0x80070070).
If you get this error during a task sequence simply hit F8 to bring up a command window (if you have command support enabled on your boot media) and use diskpart to clean the disk. The following commands should do it:
Diskpart
List disk
Sel disk X
clean
exit
Cheers
Diskpart
List disk
Sel disk X
clean
exit
Cheers
Wednesday, 22 June 2011
SCCM Computer GUID to Hostname report
Here is an SCCM report that can conver machine GUIDs to their hostname:
select * from v_R_System where v_R_System.SMS_Unique_Identifier0='GUID:45299371-2B3C-470B-8D5C-7C42BA1CD864'
Replace the GUID with your own and it should return your computer details.
EDIT: I just discovered something REALLY interesting! you can just enter into the all systems collection
GUID:45299371-2B3C-470B-8D5C-7C42BA1CD864
And it will return the computer in question, how cool is that? :)
select * from v_R_System where v_R_System.SMS_Unique_Identifier0='GUID:45299371-2B3C-470B-8D5C-7C42BA1CD864'
Replace the GUID with your own and it should return your computer details.
EDIT: I just discovered something REALLY interesting! you can just enter into the all systems collection
GUID:45299371-2B3C-470B-8D5C-7C42BA1CD864
And it will return the computer in question, how cool is that? :)
Tuesday, 21 June 2011
SCCM Windows updates stuck in downloading state
This one is for my reference more than anything but im sure it will be of use to someone else. Here is how to fix the issue mentioned above (assuming boundaries etc are all ok)
1) Under the deployment package find the KB that is failing and delete it
2) Delete the KB from deployment management
3) Delete the KB from the update list
4) Update distribution points
5) Monitor the status messages until you see the MileStone "SMS distribution manager sucessfully Processed package"
6) Find the update in the update repository and drag to the update list (dont tick box to download)
7) Copy the update to deployment management and download the update again and add it to the correct deployment package.
8) Update the DPs and again wait for the same MileStone to appear
9) run a report and watch the number of sucessful installs begin to rise
1) Under the deployment package find the KB that is failing and delete it
2) Delete the KB from deployment management
3) Delete the KB from the update list
4) Update distribution points
5) Monitor the status messages until you see the MileStone "SMS distribution manager sucessfully Processed package"
6) Find the update in the update repository and drag to the update list (dont tick box to download)
7) Copy the update to deployment management and download the update again and add it to the correct deployment package.
8) Update the DPs and again wait for the same MileStone to appear
9) run a report and watch the number of sucessful installs begin to rise
Sunday, 19 June 2011
I LOVE CAKE!!
Cakephp that is :)
check out http://cakephp.org/
It is basically a MVC oriented framework for buildiing PHP applications, I have been working with it the last few days and have to say it takes so much of the heavy lifting out of building a web based php app.
but what does it do I hear you ask?
well, how does creating your database, a few tables and then running a few commands sound to get yourself a skeleton app built automatically sound? too good to be true?
Thats what I though but get CakePHP and spend the time to learn it because once you do it is going to save you so much time!
Mad props to Larry Masters the creator of CakePHP for this wonderful framework, seriously why are you still reading? go get it!, now! ^_^
Tuesday, 24 May 2011
SCCM Clients failing to install windows updates
Just a quick one..
I recently pushed a software update via SCCM to around 3000 clients and had around 15 come back as failing. I found that they had a value for a proxy set in the registry at this location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
Internally the clients shouldnt go via a proxy to grab these updates so I backed up the key and deleted the value WinHttpSettings
and lo and behold the updates now work!.
So now I need to find out where those clients are getting this value from and I also need to do some more testing and implement this fix
Cheers
I recently pushed a software update via SCCM to around 3000 clients and had around 15 come back as failing. I found that they had a value for a proxy set in the registry at this location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
Internally the clients shouldnt go via a proxy to grab these updates so I backed up the key and deleted the value WinHttpSettings
and lo and behold the updates now work!.
So now I need to find out where those clients are getting this value from and I also need to do some more testing and implement this fix
Cheers
Sunday, 17 April 2011
No mapping between account names and security IDs was done!
Sunday morning and I am busy setting up a SQL 2008 R2 in a VM but get this error message when trying to add in my service accounts, I checked and double checked the accounts, passwords etc with no luck and then wondered was it something to do with the fact that I had cloned these Virtual machines?.....
I then ran psgetsid.exe on my SQL server and DC and found the problem... duplicate machine Sids :'(
Moral of the story is always use sysprep before cloning a VM :)
which is really obvious when you think about it, oh well...
I then ran psgetsid.exe on my SQL server and DC and found the problem... duplicate machine Sids :'(
Moral of the story is always use sysprep before cloning a VM :)
which is really obvious when you think about it, oh well...
Friday, 8 April 2011
Firefox Profiles for home and work
Just a quick one about firefox profiles..... I wanted a way to get to all of my work related bookmarks at work and from home without mixing them with my personal ones. Here's how to do it:
create 2 new shortcuts as follows:
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -P WorkProfile -no-remote
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -P HomeProfile -no-remote
set up the new "Sync" feature in Firefox 4 and your all done! :)
create 2 new shortcuts as follows:
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -P WorkProfile -no-remote
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -P HomeProfile -no-remote
set up the new "Sync" feature in Firefox 4 and your all done! :)
Monday, 4 April 2011
vbma92a1.sys
So I was looking at another infected laptop *sigh*......
This one was redirecting web traffic to all sorts of places and stopping processes such as rootkit revealer, process explorer dead in their tracks. Since I couldnt see nothing obvious in services, the run key or Task manager I suspected a driver based rootkit... and I was right :)
I looked in system32\drivers and noticed a file called vbma92a1.sys that was dated a few days ago so I renamed it to .old and it recreated itself on next reboot, aha!
I then booted into an offline environment and deleted it and created a dummy vbma92a1.sys file in its place, denying everyone and everything access to it.
Upon rebooting all of my tools now worked :)
just gotta give it a quick scan with something other than what is installed and it should be good to go ;)
hope this helps!
This one was redirecting web traffic to all sorts of places and stopping processes such as rootkit revealer, process explorer dead in their tracks. Since I couldnt see nothing obvious in services, the run key or Task manager I suspected a driver based rootkit... and I was right :)
I looked in system32\drivers and noticed a file called vbma92a1.sys that was dated a few days ago so I renamed it to .old and it recreated itself on next reboot, aha!
I then booted into an offline environment and deleted it and created a dummy vbma92a1.sys file in its place, denying everyone and everything access to it.
Upon rebooting all of my tools now worked :)
just gotta give it a quick scan with something other than what is installed and it should be good to go ;)
hope this helps!
Labels:
Malware,
rookit,
spyware,
vbma92a1.sys,
virus
Sunday, 27 March 2011
Automatically Merge SCCM Conflicting Records
I have just stumbled upon a very promising looking post by Jörgen Nilsson, in it he shows how to have SCCM automatically merge conflicting records using a combination of a vbs script and a status filter rule, check it out!
Auto merging SCCM conflicting records
Auto merging SCCM conflicting records
Tuesday, 1 March 2011
Powershell script to monitor for idle CPU then put computer to sleep
Good evening, I have been working on a little powershell script and thought I would post it as it might come in handy for others.
Basically my laptop stays on 24/7 (its tucked away in a corner and runs DNS, DHCP,Downloads and that kind of thing). What I want to do is if nothing is downloading on it overnight then I want it to sleep. I use JDownloader to auto download files for me overnight which has the auto extract (unrar.exe) feature built in too. Take a look at the script you will see it looks for unrar.exe and if that isnt running checks the cpu usage of jdownloader (javaw.exe) if it is below a certain value 5 times then the powershell script calls a batch file and the laptop sleeps.
When it hits 7am a scheduled task (to ping localhost) wakes it up again, nice huh? :)
Anyway enough babbling heres the script:
####### SCRIPT START #######
[int]$ProcessorInactive = $null
do {if(($ProcessorInactive) -le 5)
{
Write-host "ProcessorInactive is less than 5"
do {if(($ProcessActive = Get-Process unrar -ErrorAction SilentlyContinue) -ne $null)
{
Write-host "unrar is active"
$ProcessAlive = "SomeValue"
Start-Sleep -Seconds 900
}
else
{
Write-host "unrar isnt active"
$Process = Get-Counter -Counter "\Process(javaw)\% Processor Time"
$Sample = $process.Countersamples[0]
$CpuTime = $Sample.CookedValue
$CpuTime = ($CpuTime/2)
do {if(($CpuTime) -gt 3)
{
Write-host "CpuTime is higher than 3"
Start-Sleep -Seconds 10
$Process = Get-Counter -Counter "\Process(javaw)\% Processor Time"
$Sample = $process.Countersamples[0]
$CpuTime = $Sample.CookedValue
$CpuTime = ($CpuTime/2)
}
else
{
Write-host "CpuTime is less than 3 now"
}
}
while ($CpuTime -gt 3)
#clear this variable else we will loop forever
$ProcessAlive = $null
$ProcessorInactive++
Start-Sleep -Seconds 30
}}
while (($ProcessAlive) -ne $null)
}
}
while ($ProcessorInactive -le 5)
echo "********VERY END OF SCRIPT NOW DO WHAT YOU WANT HERE*******"
cmd /c """H:\powershell\Sleep.bat"""
####### SCRIPT END #######
And if anyone wants to know the contents of "sleep.bat" are:
rundll32.exe powrprof.dll,SetSuspendState
Note: Aside from the obvious you may have to change this part:
$CpuTime = ($CpuTime/2)
to the number of cores you have (my laptop has 2) as the cpu usage is a total of all cores
Thanks for reading and hope it helps someone! :)
EDIT: I have since changed the cputime percentage for javaw.exe to 1 to see if this improves the script. I think that with it set to 3 the script is sometimes catching the usage below 3% 5 times and sleeping even though there are downloads left so altering this value should help. The 2 parts you need to change are line 21 & line 36
Basically my laptop stays on 24/7 (its tucked away in a corner and runs DNS, DHCP,Downloads and that kind of thing). What I want to do is if nothing is downloading on it overnight then I want it to sleep. I use JDownloader to auto download files for me overnight which has the auto extract (unrar.exe) feature built in too. Take a look at the script you will see it looks for unrar.exe and if that isnt running checks the cpu usage of jdownloader (javaw.exe) if it is below a certain value 5 times then the powershell script calls a batch file and the laptop sleeps.
When it hits 7am a scheduled task (to ping localhost) wakes it up again, nice huh? :)
Anyway enough babbling heres the script:
####### SCRIPT START #######
[int]$ProcessorInactive = $null
do {if(($ProcessorInactive) -le 5)
{
Write-host "ProcessorInactive is less than 5"
do {if(($ProcessActive = Get-Process unrar -ErrorAction SilentlyContinue) -ne $null)
{
Write-host "unrar is active"
$ProcessAlive = "SomeValue"
Start-Sleep -Seconds 900
}
else
{
Write-host "unrar isnt active"
$Process = Get-Counter -Counter "\Process(javaw)\% Processor Time"
$Sample = $process.Countersamples[0]
$CpuTime = $Sample.CookedValue
$CpuTime = ($CpuTime/2)
do {if(($CpuTime) -gt 3)
{
Write-host "CpuTime is higher than 3"
Start-Sleep -Seconds 10
$Process = Get-Counter -Counter "\Process(javaw)\% Processor Time"
$Sample = $process.Countersamples[0]
$CpuTime = $Sample.CookedValue
$CpuTime = ($CpuTime/2)
}
else
{
Write-host "CpuTime is less than 3 now"
}
}
while ($CpuTime -gt 3)
#clear this variable else we will loop forever
$ProcessAlive = $null
$ProcessorInactive++
Start-Sleep -Seconds 30
}}
while (($ProcessAlive) -ne $null)
}
}
while ($ProcessorInactive -le 5)
echo "********VERY END OF SCRIPT NOW DO WHAT YOU WANT HERE*******"
cmd /c """H:\powershell\Sleep.bat"""
####### SCRIPT END #######
And if anyone wants to know the contents of "sleep.bat" are:
rundll32.exe powrprof.dll,SetSuspendState
Note: Aside from the obvious you may have to change this part:
$CpuTime = ($CpuTime/2)
to the number of cores you have (my laptop has 2) as the cpu usage is a total of all cores
Thanks for reading and hope it helps someone! :)
EDIT: I have since changed the cputime percentage for javaw.exe to 1 to see if this improves the script. I think that with it set to 3 the script is sometimes catching the usage below 3% 5 times and sleeping even though there are downloads left so altering this value should help. The 2 parts you need to change are line 21 & line 36
Friday, 11 February 2011
16TB limit on NTFS Volume!
I have been working on upgrading my server (Areca-1230) with 12x2TB drives and hit a volume/partition limit at 16TB.
I stuck the 12x2TB drives in a RAID5 (could have used RAID 6 but its sloooooow!) and discovered I couldnt create a partition in windows server 2008 R2 larger than 16TB without using the format /A command. This basically allows you to specify your own cluster size and as you can see from the following link, certain cluster sizes limit your ability to create certain size volumes (see David Shens reply):
Clicky!--->Cluster Sizes<----Clicky!
The moral of this blog post is, before you create a monster volume double check your cluster size otherwise (as I found out) you wont get very far!
Of course you could just have a few smaller volumes running from one giant raidset but wheres the fun in that?
Thanks for reading :)
I stuck the 12x2TB drives in a RAID5 (could have used RAID 6 but its sloooooow!) and discovered I couldnt create a partition in windows server 2008 R2 larger than 16TB without using the format /A command. This basically allows you to specify your own cluster size and as you can see from the following link, certain cluster sizes limit your ability to create certain size volumes (see David Shens reply):
Clicky!--->Cluster Sizes<----Clicky!
The moral of this blog post is, before you create a monster volume double check your cluster size otherwise (as I found out) you wont get very far!
Of course you could just have a few smaller volumes running from one giant raidset but wheres the fun in that?
Thanks for reading :)
Monday, 3 January 2011
THE way to fix "Attention! Your web page request has been cancelled"
wow this one is persistent! and if you have seen it you know what im talking about. No amount of scanning with mbam, comboxfix any antivirus software can fix this.
However...
boot into recovery console, log on to your windows installation and type "fixmbr" and all of your problems will go away,
Phew! this one *almost* made me reinstall the computer in question but persistance on my part paid off.
Please leave a comment and say thanks if this helped you :)
However...
boot into recovery console, log on to your windows installation and type "fixmbr" and all of your problems will go away,
Phew! this one *almost* made me reinstall the computer in question but persistance on my part paid off.
Please leave a comment and say thanks if this helped you :)
Subscribe to:
Posts (Atom)