All organizations should be using service accounts for Specific Tasks and Services, however, some legacy systems might not be. This script will search all servers listed in servers.txt and come back with any results with the username you search

#run this script as administrator
#create a servers.txt for all the servers you want to query
$Servers = Get-Content servers.txt
#add * infront and behind username for wildcard
$user = "*administrator*"

$findings = foreach ($computername in $Servers){

    $schtask = schtasks.exe /query /s $computername /V /FO CSV | ConvertFrom-Csv | Where { $_."Run As User" -like $user} | Select TaskName
    if ($schtask) {Write-Host "`nTask" + $computername + $schtask }
   
    $displayname = Get-WmiObject -class win32_service -computername $computername |where-object startname -like $user | Select displayname
    if ($displayname){Write-Host "`nService" + $computername + $displayname }
   
}

• No Comments

I was recently trying to Upgrade the AADconnect server to stop the high 100% CPU issues

After running the MSI . then running AzureADConnect.exe , the upgrade came up with the error

Unable to upgrade the LocalDB Sql Express database Running

I went to the event log and found the error :

Error installing msi package ‘SqlLocalDB.msi’. Full log is available at ‘C:\ProgramData\AADConnect\SqlLocalDB_Upgrade-20180813-094321.log’.

I checked through the Log and there seemed to be lots of 1603 errors

The installer then came up with the error SQL Server 2012 Express LocalDB

Could not open key: UNKNOWN\Components\. Verify that you have sufficient access to that key, or contact your support personnel.

I ran through the workaround 1 from this guide

https://blogs.msdn.microsoft.com/sqlserverfaq/2010/03/30/sql-server-2008-setup-fails-to-install-with-error-1402/

And then the SqlLocalDB.msi finished successfully , I was then able to run through the AzureADConnect.exe upgrade

• No Comments

Sometimes people need to document of capture a facebook profile page in a point in time. Due to the way facebook only loads the current data , a file and print does not work 

The only easy way we have found to do this is the use this Chrome Add In 

If you press the Capture Icon once installed , then scroll down to the very bottom of the page ( you have to do this because the Page only loads whats on the screen ) , it saves the whole page as a single image

You can then print this Image to PDF which should divide it up into pages

• No Comments

You need to be listing on port 80 then redirect to https:// 443 , then after you can redirect non to www ( or the other way around ) for SEO

Default nginx.conf location is in /etc/nginx/

server {
#Listen on http first and redirect to https://
listen 80 default_server;
listen [::]:80 default_server;
server_name www.domain.com domain.com;
return 301 https://domain.com$request_uri;
}

server {
#Listen on HTTPS:// then redirect non www to www
listen 443 ssl;
server_name www.domain.com;
ssl_certificate /etc/pki/nginx/star2018.pem;
ssl_certificate_key /etc/pki/nginx/wildcard.key;
root /usr/share/nginx/html;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
# Set client body size to 10M.
client_max_body_size 10M;
if ($host = 'domain.com') {return 301 https://www.domain.com$request_uri;}
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;

location / {
        index index.php;
        try_files $uri /index.php$is_args$args;

}

error_page 404 /404.html;
    location = /40x.html {
}

error_page 500 502 503 504 /50x.html;
    location = /50x.html {
}
location ~ \.php$ {

        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;

         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;


 }

After saving this you need to restart nginx

sudo service nginx restart

Then use : https://hstspreload.org to test

• No Comments

When trying to Setup Citrix SAML , on redirect , the Netscaler showed

Matching policy not found while trying to process Assertion; Please contact your administrator

Navigate to your Virtual Server

Add a new Authentication

Choose SAML and Primary

• No Comments

Recently on booting a Xseries IBM x3650 server the following error was diplayed on the bios and the server would not start

Fatal Error : Controller monitor Failed. Controller now started

This is an error on the onBoard raid controller. Reseating the memory and unplugging and plugging in the battery did not help.

In the end we had to swap the whole mainboard out. The metadata for the Raid drives is stored on disk so no data was lost 

• No Comments

If you windows domain does not have a (.local) on the end you will need to use this registry key to join it to the domain

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

1. Locate AllowSingleLabelDnsDomain. If the key AllowSingleLabelDnsDomain does not exist:

1. Edit, New, DWORD.
2. Write AllowSingleLabelDnsDomain as key name, and ENTER.
3. Double click AllowSingleLabelDnsDomain.
4. Set the Value to 1.
5. Exit regedit
6. Try to join the domain

• No Comments

After upgrading to the lastest wordpress version I was greeted with a chance to install Gutenberg Plugin

My first instinct of using this was it felt a lot like Squarespace! As a WordPress developer I have been moving some customers across to Squarespace because of the ease of design and use, not to mention its fully hosted , and updated and even come with a free domain name.

The whole editor is so much easier to write with and less technical, you can do so much now like insert tables without a plugin , Titling is now much easier to define. It feels like a huge step in the right direction

• No Comments

So you have a user who you have enabled Legal Hold on , who had gone and deleted all his emails then deleted them out of recovery bin ( e.g. Shift Delete ) 

The workflow for Exchange ( 365 ) email deletions : 

–Item gets deleted and goes to deleted Items
-Items gets deleted from deleted items goes to deleted items recovery which has a default age of 14 days ( can be increased to max of 30 days )
-Items go to legal hold ( Folder called Deletions or Purges under Recoverable Items forever ( Only if it is enabled on the user account ) 

Instead of performing a eDiscovery on the whole mailbox , downloading the PST then restoring the folder you can actually use MFCMAPI 

On a PC with Outlook installed , grant the logged in user full permission to the mailbox you want restoring ( or login as the user ) and make sure the mailbox you are trying to access is in Outlook

Install MFCMAPI and open the tool.

Go to Tools and select Options.

• Enable the MDB_ONLINE and MAPI_NO_CACHE option. OK.

• Go to Session and select Logon. 

• Once click on Logon, it will pop-up with your configured outlook profile and choose the profile, else you can open required profile. 

• Double Click on the profile, Expand the folder Root Container.

• Map into Recoverable Items under the Root Container folder and expand.

• Here, Look into Deletion and Purges only. Right click on Deletions and select open Content table.

• If you find any deleted items, proceed step 11 to step 13. Else follow the same procedure with Purges folder.

• Found all deleted mailbox items in Purges. Total 2119 deleted mailboxes, its appear in the bottom.

• Review and select required deleted items to restore and copy the messages.

• Go to Top of Information Store available in the Root Container folder. Expand the TIS folder and choose your desired path to restore deleted items.

• If required, create sub folder in your mailbox and past the same items into sub folder. I created a sub folder (deleted) under the Sent Items.

• Once you paste, make sure your Outlook profile is active, Wait some time to get reflected in both Outlook and OWA.

Reflected in Outlook and Outlook web access.

• No Comments

Recently I need to remove an Empty Virtual Disk from a Hyper V machine

On Server 2012 Machines you can run 

get-disk | fl objectID

And use the Last X.X.X numbers (e.g. 5&2D5F53A1&0&0.0.0 ) 

First number means IDE controller number, the second one means the location

However in Server 2008 r2 : get-disk : The term ‘get-disk’ is not recognized as the name of a cmdlet

So in Server 2008 r2 you will need to navigate to the hardware ID’s of the device per below which will give you the location of your Device ( ATA Device is IDE and SCSI Device is SCSI )

• No Comments