We all have that set of users that either mainly use a mobile device for email access or possibly a client running a non Microsoft Windows OS as their main workstation.

Those users don’t get that friendly reminder to change their password that comes with logging onto a Windows OS near to their domain password expiration date, and this usually ends up with passwords expiring and phone calls to the IT Helpdesk to change them.

Wouldn’t it be much simpler if that group of users were emailed near to the time of password expiration, allowing the user to logon to OWA and change their password in their own time, negating the need for calls to the IT Helpdesk. In an attempt to reduce some of those calls to our own IT Helpdesk I wrote a PowerShell script to email members of a security group every day when their domain password was due to expire in 10 days or less.

Thanks to @AdamFowler_IT for a good bit of the code. See his post here.


#################################################
# Please Configure the following variables….
# expireindays1 + 2 = At what count of days left on a password do you want a notification?
$smtpServer=”mail.org.ie”
$expireindays1 = 10
$expireindays2 = 1
$from = “ITHelpdesk@org.ie”
#################################################
cls
#Get Users From AD who are enabled
Import-Module ActiveDirectory

$GroupMembers = Get-ADGroupMember -Server domain.org.ie “Mobile Users” | where {$_.objectclass-eq “user”} | Select SamAccountName | Out-File c:\temp\users.txt
$a, ${c:\temp\users.txt} = Get-Content c:\temp\users.txt
$a, ${c:\temp\users.txt} = Get-Content c:\temp\users.txt
$a, ${c:\temp\users.txt} = Get-Content c:\temp\users.txt

$GroupMembers = Get-Content C:\temp\users.txt
$GroupMembers | ForEach {$_.TrimEnd()} | Set-Content C:\temp\users.txt

(gc C:\temp\users.txt) | ? {$_.trim() -ne "" } | set-content C:\temp\users.txt

$GroupMembers = Get-Content C:\temp\users.txt

foreach ($user in $GroupMembers)
{
$CheckForNullPasswordSetDate = (get-aduser -Server domain.org.ie $user -properties passwordlastset | foreach { $_.PasswordLastSet })
if ($CheckForNullPasswordSetDate -ne $null)
{
$Name = Get-ADUser -Server domain.org.ie $user -Properties *
$emailaddress = $name.emailaddress
$givenname = $name.GivenName
$passwordSetDate = (get-aduser -Server domain.org.ie $user -properties passwordlastset | foreach { $_.PasswordLastSet })
$PasswordPol = (Get-AduserResultantPasswordPolicy -Server domain.org.ie $name)

# Check for Fine Grained Password
if (($PasswordPol) -ne $null)
{
$maxPasswordAge = ($PasswordPol).MaxPasswordAge
}

else
{
$maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
}

$expireson = $passwordsetdate + $maxPasswordAge
$today = (get-date)
$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days

if ($daystoexpire -le 0)
{
$subject=”IT Helpdesk Notification - Your domain password has expired”
}
else
{
$subject=”IT Helpdesk Notification - Your domain password will expire in $daystoExpire days”
}

if ($daystoexpire -le 0)
{
$subject=”IT Helpdesk Notification - Your domain password has expired”
}
else
{
$subject=”IT Helpdesk Notification - Your domain password will expire in $daystoExpire days”
}

if ($daystoexpire -le 0)
{
$body =”
Dear $givenname,

Your domain account password has expired.
To change your password please contact the
IT Helpdesk.

Regards,

IT Helpdesk


}
else
{
$body =”
Dear $givenname,

Your domain account password will expire in $daystoexpire day(s).
To change your password please logon to OWA and choose OPTIONS and CHANGE PASSWORD.

Regards,

IT Helpdesk


}

if ($daystoexpire -le 10)
{
Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -cc "ithelpdesk@org.ie" -subject $subject -body $body -bodyasHTML -priority High
}
}
else
{
Write-Warning "Last Password Set is null for $user"
}
}

Advertisements

Recently I had write a script that would be outputting a log file. As this script was going to be run on a schedule and the logs dumped to a directory I needed to make sure that each log would have a unique name.

To achieve this I created a $timestamp variable that I’d append to the end of the filename.

$timestamp = Get-Date -Format o | foreach {$_ -replace “:”, “.”}
$LogName = “AdminLog_$timestamp.log”

The end result is a filename called AdminLog_2014-08-13T22.45.28.9777185+01.00.log

Hope this might be of use to someone.

S

Quick update: Julian Siara (https://twitter.com/yula_ro) suggested the use of the -Format u instead of -Format -o so the filename is more readable. Must say I agree.

Code changed to:
$timestamp = Get-Date -Format u | foreach {$_ -replace “:”, “.”}
$timestamp = $timestamp | foreach {$_ -replace ” “, “_”}
$LogName = “AdminLog_$timestamp.log”

This will now give the filename of AdminLog_2014-08-14_10.50.28Z.log

When building images before I used to do fairly thick ones, now I make them as thin as reasonably possible. My current Windows 8.1 Update image contains the following;

Windows 8.1 fully patched at time of build
Office 2013 fully patched at time of build
Read & Write 10 (This didn’t play at all well with being deployed as it required each install to be activated post deployment. I baked it into the image and activated before capture and it’s working fine)
MS Visual C++ packages

The other applications we require are layered on at the time of deployment. This means we don’t have to change our image if we’re looking to deploy a new version of a certain application.

Applications we layer on top of the image;

Adobe Reader XI
EndNote X7
Google Chrome
SPSS 20
Java
Minitab
Mathamatica
F-Secure Antivirus for Workstation

For the most part these applications go on fine. Unfortunately with Minitab 16.2.4 there is a known issue with the licencing side of things where a message is displayed on first run. Now Minitab are aware of this and are working with MS to sort it out, and that’s fair enough.

Capture

I don’t have time right now for MS to address this so decided to take a look at what was going on myself… I’m noisy like that!

Like a large number of IT Pros, I do a lot of my snooping around with the Sysinternal tools. So I kicked off Process Monitor – Procmon.exe to see what was happening when I checked the “Don’t show this message again” box and clicked on CLOSE.

Working back from when I made the change and launched the application successfully a couple of things were immediately  obvious.

Right before the application was launched I could see that a registry key was created and settings a value.

Capture

A quick right click and Jump To brought up regedit in the desired location.

Capture

OK, this is good stuff. Quickly exported this key for reference later. Deleted the key and launched Minitab again to see if I was prompted… No joy. The key above was created automatically and the application launched without me being prompted. So, something else must have been created in the registry along with this key.

Also found that pcaui.exe was creating a registry key in much the same place as the one above.

Capture

Capture

Exported this, deleted the keys and launched Minitab again. WOOHOO! I was being prompted again. Cancelled this so no changes were made, imported the above keys and launched Minitab without being prompted… BINGO!

These keys will be added to the user using Group Policy Preferences so problem solved.

Hope this helps someone.

S

I’ve come across a Windows error a few times now when doing OS upgrades from WindowsXP to Windows7 with Configuration Manager.

The error reads “The Computer Restarted unexpectedly or encountered an encountered an unexpected error”. When you reboot the same messages comes up and you’re stuck in this error message loop.

image

To get our of the loop, boot up with everyone’s favourite recovery took kit, for me it’s got to be DaRT (thanks goodness for Software Assurance!).

Start Regedit and change the following registry key

HKEYLOCAL_MACHINE\SYSTEM\SETUP\STATUS\ChildCompletion

Now change the value of SETUP.EXE from 1 to 3 and reboot. You’ll get prompted to set the computer name and add a user and the Configuration Manager upgrade will proceed. At the end you will need to join the machine to the domain, but for me this is a fairly small concession as the solution before was to start the client OSD from scratch.

What I’d like to do next is have DaRT available as a PXE offering and use remote desktop to connect and there would be no need to have someone from our Helpdesk to call out to complete the call.

Hope that helps

S

Haruki Murakami wrote a book about Ultra Running a number of years ago (his book of short stories is also quiet good). In it he described the feeling of being like a running robot, whose only purpose it to put one food in front of the other. Todays run reminded me very much of that feeling.

Today started very much like it does like every other Sunday in our household… early. With two young girls that goes with the territory. Unlike every Sunday, I had forgotten to take my running gear out of the washing machine last night so it was fairly wet. I decided to share this information on the old twitter machine and one of the lads from my cycle club suggested I cycle instead. I declined saying that I had Mallow 10 (mile) coming up at the end of March and that the prospect of running 7:30min/mile may need to be revised to 7:45min/mile.

Unbeknownst to me, this triggered something in my unconscious. While empting the dishwasher before heading our for my run I found myself grabbing two gels and taking one. This struck me as odd because I never take I never take a gel before going for a run. So I headed out the door and started running… That was grand but my pace was faster than my usual Sunday, I was going at around 7:50min/mile.

Mile 1 passed in 07:57min/mile and my thoughts process was very much “Sorry but are you planning on keeping this up for the next 9 miles. Another 9 miles, what happened to doing 12 miles today?”

Mile 2 passed in 07:57min/mile. I began to think about the fact that with most of my runs, the first mile usually dictated the remainder of the run. This did not bode well for me. Two weeks ago I did 10 miles at 08:28min/mile and I felt like utter shite after it.

Mile 3 passed in 07:49min/mile. Somewhere along the way I thought back to meeting Jo Fearon  for a run and running 7 miles at around 8min/mile. If I can do it for 7, I should be able to do it for 10… right. Also somewhere along the road I stopped thinking about the distance. I just relaxed into the run and focused on the current mile. My gait changed to a more fluid motion and the old familiar feeling of running comfortable came back to me.

Mile 4 passed in 7:58min/mile. Still doing under 8 minute mile and things were moving along nicely.

Mile 5 passed in 08:10min/mile as there was a longish pull midway through. Looking at the watch as it beeped I found myself saying “I need o make up that 10 seconds”. Another part of me did a double take and went “Sorry, what now? Are you planning on doing this run sub 8…? Thanks for telling me!”

Mile 6 passed in 07:55min/mile. OK pulled back 5 seconds from the last mile.

Mile 7 passed in 07:45min/mile. Starting to head back towards home and into the wind. Knew that this part of the run is where it would start to get a little bit uncomfortable but all I had to do is keep the pace up and grind the rest of the run out.

Mile 8 passed in 07:42min/mile. This was mainly due to running behind a guy near the back of Old Quarter. As I drew level with him he noticed me and took of like a hare only to stop up less than half a mile later. I continued on my way turning down towards Inishmore.

Mile 9 passed in 08:08min/mile. Mile 9 included the pull up from Inishmore and also the pull up towards Windom Downs. While the legs didn’t feel so bad, the old lungs where not too happy with me at this stage.

Mile 10 passed in 07:37min/mile. Bit of a downhill section from Windom Downs to Classes Lake helped out big time (you can always rely on gravity!).

And so it ended. I sat at my front door puffing and panting for a few minutes going trough the splits. As an assessment of where I’m at right now, I’m reasonably happy. There are another 6 week to Mallow so plenty of time for improvement. Enough time to knock off another 25 seconds per mile, only time will tell. What I do know is that track work will play a vital part of this improvement if it’s going to happen. Over the last month or so I’ve gotten back doing track session with some people from work every Wednesday lunchtime. We do a sessions ranging from 10 x 400m to 4 x 1000m and it’s made all the difference to me, it’s simple, you run faster at the short stuff and you’ll run fast at the longer stuff.

Nuff said, night night.

S

Got a error when installing the Admin Console part of the KB2910552 Hotfix for Configuration Manager 2012 R2.

The install logs showed the following errors;

“System Center 2012 R2 Configuration Manager Console — Error 1706. An installation package for the product System Center 2012 R2 Configuration Manager Console cannot be found”

“System Center 2012 R2 Configuration Manager Console – Update ‘ConfigMgr2012AdminUI-R2-KB2910552-I386’ could not be installed. Error Code 1603”

Capture

Capture1

As you can see, the installer is unable to find the AdminConsole.msi file. This left me head scathing for a few minutes until I remembered that when installing the console I did so by mounting the Configuration Manager ISO, browsing to the folder and installing.

So just right clicked on the ISO again and mounted it, then installed the hotfix again and all was good.

Our users have admin rights… don’t go there… I know! One of the issues with this is that the user is in the position where they can save their data anywhere (and they do – one person had a over 70 folders off the root of the C drive!). This in turn, makes migrations from Windows XP to a newer OS a challenge. Due to the significant risk of loss of data, I’ve decided to take a WIM backup of the system before the new OS is deployed.

It’s not a decision I came to lightly as there are considerable overheads with doing this, to name a few obvious one;

1. Adds considerable time onto an OS upgrade
2. Some images are over 100GB in size
3. Decent bandwidth needed for moving that much data around

When running initial tests on VMs the WIM was created without any problems. In the real world though a problem manifested that caused ZTIBackup.wsf to fail in the creation of the WIM.

Capture

After much scratching of collective heads (namely Alan Doran https://twitter.com/AlanDoran and Peter Cashen https://twitter.com/petercashen) we sorted the issue. Alan suggested to add the /VERIFY switch to the ImageX command. Knowing that the /VERIFY was going to add a considerable amount of time to the creating of the WIM I decided I’d also change the compression from the default setting of maximum to fast – /COMPRESS FAST.

After taking a whopping 6.5 hours to create the image, it did so successfully. The next test was to remove the /VERIFY switch to see if I could reproduce a successful image creation. Thankfully the image was created successfully, so it looks like moving from the default to /COMPRESS FAST sorted the issue. So now we can now plough on with Windows XP migrations… Happy Days!

ImageX Command-Line Options : http://msdn.microsoft.com/en-us/library/cc749447(v=WS.10).aspx

All the best,
S