This will stop Windows from resetting your default file associations, and this will force your choice of application to stick. It works well for my org.

#Creates a "drive" to access the HKCR (HKEY_CLASSES_ROOT)
New-PSDrive -Name HKCR -PSProvider Registry -Root 
HKEY_CLASSES_ROOT

If ('HKCR:\.pdf')
{
    #This is the .pdf file association string
    $PDF = 'HKCR:\.pdf'
    New-ItemProperty $PDF -Name NoOpenWith
    New-ItemProperty $PDF -Name NoStaticDefaultVerb
}

If ('HKCR:\.pdf\OpenWithProgids')
{
    #This is the .pdf file association string
    $Progids = 'HKCR:\.pdf\OpenWithProgids'
    New-ItemProperty $Progids -Name NoOpenWith
    New-ItemProperty $Progids -Name NoStaticDefaultVerb
}

• No Comments

$Days = $%id%Days%id%

$Days = (get-date).adddays(-($Days))

$SnapshotList = $null

$SnapshotList = Get-VM | Get-VMSnapshot | where-object { $_.CreationTime -lt $Days }

	if ($SnapshotList -eq $null)
	{
		$OverdueSnapshot = "NO Overdue Snapshot"
	}
	else
	{
		foreach ($EachSS in $SnapshotList)
		{
			$OverdueSnapshot += "$EachSS.VMName : $EachSS.Name : $EachSS.CreationTime : "
		}
	}

$%id%OverdueSnapshot%id% = $OverdueSnapshot

• No Comments

Download

Click here to Download the software

Install

Install 32bit or 64bit depending on server , install ALL the Management Tools

Open Powershell as Administrator and with Domain Admin Writes and run

Import-module AdmPwd.PS  

Then

Update-AdmPwdADSchema 

Make sure the above says Sucess

In the same Powershell Window you need to declare the OU’s where the computers will live

Set-AdmPwdComputerSelfPermission -OrgUnit <name of the OU to delegate permissions>

Now you want to see who have access to look at the password in the OU

Find-AdmPwdExtendedrights -identity “OU NAME”

Add or remove permissions via : 

Set-AdmPwdReadPasswordPermission -OrgUnit <name of the OU to delegate permissions> -AllowedPrincipals <users or groups>

Group Policy

On the PC you installed the LAPS tool to ,  copy the following files : 

C:\Windows\PolicyDefinitions\AdmPwd.admx to ( ON a domain controller ) C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\

C:\Windows\PolicyDefinitions\en-US\AdmPwd.adml to ( ON a domain controller ) C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\en-US\AdmPwd.adml 

Now create a Group Policy and Apply to the computers you would like to have self managed local Administrator Password

Administering

How to find password using Gui

On the PC installed with LAPS , run  : C:\Program Files\LAPS\AdmPwd.UI.exe and enter the computer name to find the password

Use Powershell : 

Get-AdmPwdPassword -Computername "%COMPUTERNAME%"

To reset password Immediately :

 Reset-AdmPwdPassword -ComputerName <computername>

• No Comments

The autodiscover process checks a few records , one of these is the root domain A record, and once you have an SSL certificate on your Web Server under cPanel, it intercepts the Autodiscover request cPanel believes it is hosting the email, and directs that to itself to its email servertrying to be helpful ( Instead of your Exchange server or 365 ) .

The email users are not setup on your cpanek, so no matter what you try, you will not be able to setup the user’s Outlook profile. This is the error I was getting in Outlook 2016. The error will be different for other versions of Outlook or if you are setting up the profile from Control Panel, but essentially it will not let you complete the profile setup.

The fix is quite simple, you just need to change the setting in cPanel or WHM (also owned by cPanel) from the default setting of “Local Mail Exchanger” to “Remote Mail Exchanger” and that’s it.

• No Comments

Check the user is connecting to Exchange via MAPI , I had a few setups where users were set to Active Sync instead

In this case, the solution was to run both commands on the exchange server:

Set-AutodiscoverVirtualDirectory “SERVER\Autodiscover (Default Web Site)” -WSSecurityAuthentication $True

Set-WebServicesVirtualDirectory -identity “EWS (default web site)” -WSSecurityAuthentication $true

This two command solved my problem

• No Comments

Recently on a terminal server environment, we have a few users getting black screen on logins. The terminal server used User Profile Disks so I thought it could be corruption.

Checking the Terminal Server Event log had a lot of NTFS 50,51,140 and 137 Errors.

When the profile would eventually load Outlook would come up with “ost is not valid”

Logging into the File sharing that shared the UPD’s and it showed that the UPD disk hosting the files was full up and someone had not added it to monitoring! 

• No Comments

Recently a user had their Motherboard swapped out on their laptop. 2 Days Later they could not sign into Outlook.

The error was TPM

This is due to the Laptop falling out of Trust with Azure AD due to TPM chip change

1. Reset Local Admin Password
2. Go to Settings . Accounts work or School and Disconnect
3. Restart PC’
4. Sign Back into Go to Settings . Accounts work or School

If Intune sign back into Azure AD

• No Comments

Had to do this for server over the weekend for a data disk which had reached the 2TB size limit imposed on MBR disks and couldn’t really find a lot of information on how to achieve this without data loss.

Starting from Windows 10 there is a built-in tool called MBR2GPT.exe which does exactly what it says – converts MBR disks to GPT, but for versions of Windows prior to this (i.e. Windows 7/8/8.1 or 2008 R2/2012/2012 R2) Microsoft’s official stance is to backup the data, delete the partitions  on the disk, convert the disk to GPT then restore the data. Not exactly practical.

While there are a number of third party tools that can claim to do this, a lot of them aren’t free. I was able to find a simple and reliable tool called gptgen.exe that could convert the disk to GPT format with the server online and without causing any data loss. The tool can be found here: https://sourceforge.net/projects/gptgen/

To use the tool:

• Identify the disk you need to modify. You can find the disk ID by running diskpart > list disk or just look in Disk Management
• To test gptgen without making any changes to the disk, run the following command in an elevated command prompt window:
  gptgen.exe [file://.//physicaldriveX]\\.\\physicaldriveX – where X = the disk ID for the disk you want to convert
  
• If the test command above runs without any issues, you can run the below command to write the changes to the partition table:

gptgen.exe -w [file://.//physicaldriveX]\\.\\physicaldriveX

NB: make sure you have a valid backup/snapshot prior to running the above command and that you stop all relevant services on the device.

• Give the server a reboot then confirm any services or programs housed on the converted disk start correctly
• Check the “Volumes” tab in the properties of the converted disk in Disk Management and you should see it’s now a GPT disk

Also worth noting that Microsoft officially supports GPT data disks running on machines in legacy BIOS mode, but in an ideal world you’d want to convert the machine to the newer UEFI BIOS mode for the extra features, improved performance, etc. etc. This will  involve converting the OS disk from MBR to GPT and is a bit more of an involved process. Best to speak to your nearest Senior Consultant about this as the steps can vary on a case by case basis.

• No Comments

Recently installing some memory in a HPE ProLiant DL380 Gen9 Server and got an iLO email with the error

“HPE iLO AlertMail-001: (CAUTION) POST Error: 207-Invalid Memory Configuration – Processor 2, DIMM 5 incorrectly installed. Please refer to Memory Population Rules in Documentation. This Memory will not be utilized.”

Logging into the ilo show the new Memory ordered was Rank 2 instead of the current Memory being Rank 1 

When mixing Ranked Memory in a server :

“In cases of a heterogeneous mix, take each DIMM type and create a configuration as if it were a homogeneous configuration.” Depending on the per-channel rules, populate the DIMMs with highest rank count in white memory slots in each channel, then populate the other DIMMs in the black memory slots in each channel as shown in the following illustration

So Fill the Higher Rank stuff ( rank 2 ) in the First of the White Slots   , any remaining space in the White Slots fill with Rank 1

Fill the Black Slots Next in Order

Then the Blue Slots Next in Order

• No Comments

Recently had a user who could not log in to their microsoft Teams , due to the blank login whitescreen loop

1. Try rebooting the PC always as sometimes SAML crashes

I had to clear the Application Data Settings : 

Close Teams.exe and Outlook.exe processes

Delete the Folder :

C:\Users\%username%\AppData\Roaming\Microsoft\Teams

or you can script it granularly : 

Get-ChildItem -Path $env:APPDATA\”Microsoft\teams\application cache\cache” | Remove-Item -Confirm:$false
Get-ChildItem -Path $env:APPDATA\”Microsoft\teams\blob_storage” | Remove-Item -Confirm:$false
Get-ChildItem -Path $env:APPDATA\”Microsoft\teams\databases” | Remove-Item -Confirm:$false
Get-ChildItem -Path $env:APPDATA\”Microsoft\teams\cache” | Remove-Item -Confirm:$false
Get-ChildItem -Path $env:APPDATA\”Microsoft\teams\gpucache” | Remove-Item -Confirm:$false
Get-ChildItem -Path $env:APPDATA\”Microsoft\teams\Indexeddb” | Remove-Item -Confirm:$false
Get-ChildItem -Path $env:APPDATA\”Microsoft\teams\Local Storage” | Remove-Item -Confirm:$false
Get-ChildItem -Path $env:APPDATA\”Microsoft\teams\tmp” | Remove-Item -Confirm:$false

Try reopening Teams , if not delete the below

C:\Users\%username%\AppData\Local\Microsoft\Teams

Reinstall Teams and Sign out  and sign back in at the user

• No Comments