Download

Click here to Download the software

Install

Install 32bit or 64bit depending on server , install ALL the Management Tools

Open Powershell as Administrator and with Domain Admin Writes and run

Import-module AdmPwd.PS  

Then

Update-AdmPwdADSchema 

Make sure the above says Sucess

In the same Powershell Window you need to declare the OU’s where the computers will live

Set-AdmPwdComputerSelfPermission -OrgUnit <name of the OU to delegate permissions>

Now you want to see who have access to look at the password in the OU

Find-AdmPwdExtendedrights -identity “OU NAME”

Add or remove permissions via : 

Set-AdmPwdReadPasswordPermission -OrgUnit <name of the OU to delegate permissions> -AllowedPrincipals <users or groups>

Group Policy

On the PC you installed the LAPS tool to ,  copy the following files : 

C:\Windows\PolicyDefinitions\AdmPwd.admx to ( ON a domain controller ) C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\

C:\Windows\PolicyDefinitions\en-US\AdmPwd.adml to ( ON a domain controller ) C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\en-US\AdmPwd.adml 

Now create a Group Policy and Apply to the computers you would like to have self managed local Administrator Password

 

Administering

How to find password using Gui

On the PC installed with LAPS , run  : C:\Program Files\LAPS\AdmPwd.UI.exe and enter the computer name to find the password

Use Powershell : 

Get-AdmPwdPassword -Computername "%COMPUTERNAME%"

To reset password Immediately :

 Reset-AdmPwdPassword -ComputerName <computername>

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

 

Check the user is connecting to Exchange via MAPI , I had a few setups where users were set to Active Sync instead

In this case, the solution was to run both commands on the exchange server:

Set-AutodiscoverVirtualDirectory “SERVER\Autodiscover (Default Web Site)” -WSSecurityAuthentication $True

Set-WebServicesVirtualDirectory -identity “EWS (default web site)” -WSSecurityAuthentication $true

This two command solved my problem

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Outlook 365 2016 Trusted Platform Module error code 80090016Recently a user had their Motherboard swapped out on their laptop. 2 Days Later they could not sign into Outlook.

The error was TPM

This is due to the Laptop falling out of Trust with Azure AD due to TPM chip change

  1. Reset Local Admin Password
  2. Go to Settings . Accounts work or School and Disconnect
  3. Restart PC’
  4. Sign Back into Go to Settings . Accounts work or School

If Intune sign back into Azure AD

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
 ” Antimalware Service Executable ” was using 250MB ran and 20% CPU even though we had deployed the Reg Key to disable realtime scanning e.g. below
 

 
Looks like the App has a party anyway with these scheduled Tasks

 
 
 
How to Disable Windows Defender properly
 
You can’t disable these Services , you have to do via Registry
 

 
Boot machine into Safe Mode
 
Change Reg Key Below
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Start = Dword 4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc\Start = Dword 4
 
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Active Directory Domain Services could not transfer the remaining data in directory partition DC=DomainDnsZones,DC=[domain],DC=local to
Active Directory Domain Controller \\red.[domain].local.

“The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.”

This is becuase a legacy server is still the “fSMORoleOwner” for DomainDnsZones and ForestDnsZones

Download fixfsmo.vbs from below

 

https://support.microsoft.com/en-au/help/949257/error-message-when-you-run-the-adprep-rodcprep-command-in-windows-serv

Run this script on the server which has all the FSMO roles

cscript fixfsmo.vbs DC=DomainDnsZones,DC=[domain],DC=local

cscript fixfsmo.vbs DC=ForestDnsZones,DC=[domain],DC=local

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently a newly installed Vocus link was running 100mb Down but only 30mb up , multiple back an forths with support showed the link back to vocus was fine , however the speed was still bad.

Finally they told me the answer , the package ordered was not full 100mb up!

Best Effort Internet Access
VBU is delivered to site using Telstra Wholesale Ethernet Access (Fibre) Standard CoS (Class of Service) access tails. Note Standard CoS is 100% EIR (Excess Information Rate) which means, under congestion in the Telstra network, this traffic may be discarded. If the customer requires an Internet Service with continual sustained throughput or other medium to high performance requirements, please use Vocus IP Transit or Enterprise Internet rather than VBU.

 

Fix

Recommended VCT or VIE onnet service
or alternatively Telstra tail can be made premium.

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)


$mon = [System.DayOfWeek]::Monday
$tues = [System.DayOfWeek]::Tuesday
$wed = [System.DayOfWeek]::Wednesday
$thur = [System.DayOfWeek]::Thursday
$fri = [System.DayOfWeek]::Friday


cd “C:\Program Files\Microsoft Azure Recovery Services Agent\bin\Modules\MSOnlineBackup”

Import-Module .\MSOnlineBackup.psd1

#This limits to 10mb during work and 30mb during Non Work hours Mon-Friday

Set-OBMachineSetting -WorkDay $mon, $tue, $wed, $thur, $fri -StartWorkHour “9:00:00” -EndWorkHour “18:00:00” -WorkHourBandwidth (10012*1024) -NonWorkHourBandwidth (30048*1024)

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently we changed the IP and Subnet of an exchange 2016 server. Trying to Open ECP Showed the Error :

Topology Provider coundn’t find the Microsoft Exchange Active Directory Topology service on end point

This is due to the Server Microsoft Exchange Active Directory Topology not starting

The service was not starting because of the new Subnet was not listed in Active Directory Sites and Services which meant Exchange was not sited aware

Add the domain and restart the server 

 

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently we started getting errors for our Vcenter address which was a subdomain of our main domain which had a proper certificate for the website. Chrome picked this up and then uses HSTS to make sure all subdomains have a valid cert ( Without an easy option to Bypass ) 

However to bypass just type either word below when presented with the error

thisisunsafe” or “badidea

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had a customer use crazydomains for their Emails. Incoming email stopped with the error below

550 Please turn on SMTP Authentication in your mail client. mail-wm1-f50.google.com [209.85.128.50]:38049 is not permitted to relay through this server without authentication.

I check the MX / NS servers to make sure they were pointing a valid records.

Called support and they asked me to remove off Automatically Detect and change to Local Mail Exchanger , it took 15 minutes to apply and starting working again. Guessing their internal DNS had an issue

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)