Loading...

Use BGInfo to identify details about a machine you are on

This is an awesome feature to identify which computer you are using quickly on the desktop. It’s great to deploy as an IT admin because it doesn’t interfere with the user’s wallpaper.

  1. Create a folder on a shared network drive that you will be pulling the script, config, and bginfo files from.
  2. Download and extract the bginfo files. https://docs.microsoft.com/en-us/sysinternals/downloads/bginfo
  3. Create a custom bginfo config that suits your environments needs by opening bginfo64.exe, make the changes you prefer and click File>save as. The file extension should be .bgi.
  4. Create a script file in the same shared network path you created with bginfo.exe in it. (bginfo.bat is a great name for it).

  5. Include the following in the script file (modify file names and paths as needed below):
    reg add HKU\.DEFAULT\Software\Sysinternals\BGInfo /v EulaAccepted /t REG_DWORD /d 1 /f

    \\servername.domain.com\Scripts\Bginfo64.exe \\servername.domain.com\Scripts\mycustomconfig-bg.bgi /TIMER:00 /nolicprompt
  6. Create or select the GPO that is applied to the machines/ users you wish to apply this feature to.
  7. Navigate to User Configuration> Policies> Windows Settings> Scripts> Logon
    1. Put in the location of the script. IE: \\servername.domain.com\Scripts\bginfo.bat
  8. Now when you log in to a User account that has this policy applied, the desktop background should be updated assuming you have selected that option when you set up the configuration.
  9. Use gpupdate /force if it doesn’t apply the first time. Remember, this is NOT dynamic. If you opt to have it show disk space on logon, it won’t be regularly updated until the account is signed off and back on.
  10. You may want to tweak some of these settings a bit. There are some potential side effects when doing it as shown here, but where we use this primarily for our techs and not so much our end users, there hasn’t been a need for it to be customized. An example is listed below which I believe is caused due to me switching screen sizes constantly when accessing this server.

Set time on a VMWare hosted domain controller

When you set up a domain controller in VMWare and join machines to it, you will typically need to set an external NTP server for it to communicate with as it will, over time become 1,2,3,4,5 minutes off. I’ve seen this numerous times. There are a few other methods to resolve this, but this is my preferred. (The immediate install won’t have this problem, it will probably crop up about 5 months down the line).

  1. Make sure you are setting this on the domain controller with the FSMO roles.
    netdom /query fsmo
  2. Stop the time service (you will usually get the best results this way)
    net stop w32time
  3. Set the time sources you will use. This site has an excellent list. https://tf.nist.gov/tf-cgi/servers.cgi
    w32tm /config /syncfromflags:manual /manualpeerlist:time.nist.gov
  4. Set your domain controller as a reliable time source for clients connecting.
    w32tm /config /reliable:yes
  5. Start the time service back up
    net start w32time
  6. Force a time update
    w32tm /query /configuration
  7. Verify your work
    w32tm /query /status

This was used on Windows Server 2019 and should work on 2016 as well. Older versions I haven’t used this exact process on.

Installing VMWare PowerCLI – A life changer

If you don’t already work every day in command line in the Information Technology world, I’d recommend you start…. if only to use this tool. This tool removes some of the time consuming clicks required in the GUI — not to say it is at all hard in the GUI, but when you are dealing with hundreds of machines at a given time, you will learn more about what I mean over time.

Installation

Run the following:

Install-Module -Name vmware.powercli -Scope AllUsers

You may also use CurrentUser for the scope if you’d prefer.

And then of course to use it:

Import-Module vmware.powercli

Research

Now get comfy and start researching. The capabilities with existing knowledge of Powershell scripting…. possibilities are endless.

https://code.vmware.com/docs/5060/cmdlet-reference/doc/Start-VM.html

Office Deployments

At first, I thought deploying Office 2019 the “new way” was daunting and it seemed like it was going to be a pain to deploy. It really isn’t. Even if you haven’t done it before. Here’s the basic process of it. There are tons of things you can do with it but this grazes the top to get you moving along with a quick deployment.

So the following will guide you through installing Office 365 for use on machines with Terminal Services deployed. You can of course remove the property to enable this if you wish.

Step 1 – Download the tool

Obtain the office deployment tool:

http://www.microsoft.com/en-us/download/details.aspx?id=36778

Of course you can Google Office Deployment Tool as well. Microsoft has a thing for moving stuff around more than I’d like them to.

Step 2 – Run and extract the goodies (for the lesser experienced, don’t stop now, the rest is easy!)

Run the tool, extract to a location of your choosing. Once complete, open Powershell and navigate to the folder. IE:

cd C:\Office2019

Step 3 – Configure the config XML file

You’ll notice they’ve included some pre-configured answer/ config files for us to use. Let’s open either the 64 or 32 bit version in a text editor like Notepad. Make sure to add the following “SharedComputerLicensing” property if you are using terminal services (Remote Desktop Deployments).

Be sure to modify things like the product id as needed. Here is a link with a list of IDs:

https://support.office.com/en-us/article/product-ids-that-are-supported-by-the-office-deployment-tool-for-click-to-run-77654e77-aaeb-4ed6-84eb-1d8b0e086590

Here’s a list of IDs that could be used in case Microsoft moves their page….. (the first 3 are the Office 365 Editions):

  • O365ProPlusRetail
  • O365BusinessRetail
  • O365SmallBusPremRetail
  • Excel2019Volume
  • HomeBusinessRetail
  • HomeBusiness2019Retail
  • HomeStudentRetail
  • HomeStudent2019Retail
  • O365HomePremRetail
  • ProfessionalRetail
  • Professional2019Retail
  • ProjectPro2019Retail
  • ProjectPro2019Volume
  • ProjectStdXVolume
  • ProjectStd2019Retail
  • ProjectStd2019Volume
  • ProPlus2019Volume
  • Standard2019Volume
  • VisioPro2019Retail
  • VisioPro2019Volume
<Configuration>
<Product ID="O365ProPlusRetail">
<Language ID="en-us" />
</Product>
</Add>
<Display Level="None" AcceptEULA="TRUE" />
<Property Name="SharedComputerLicensing" Value="1" />
 <Updates Enabled="TRUE" Channel="Monthly" />
</Configuration>

Google is your friend when you don’t know one of these properties. 🙂

Step 4 – Run it!!

Run it, deploy it, download it, whatever you want! Both commands are shown below. Download is good for network deployment. Run is great for a local install.

.\setup.exe /configure configFileName.xml OR .\setup.exe /download configFileName.xml

Grow with Google – My take on it

I took some time to do the IT course “Grow with Google – IT Support Specialist Certificate”. It wasn’t as much to learn things as to prove to myself that I knew a thing or two about IT. The course as I expected was easy in many areas, but it did start proving difficult because it covers such a broad range of areas. There were also topics discussed like CIDR format which I was intrigued by only to find I already knew exactly what it was, I just didn’t realize it had a special name. I learned terminology and some of the background inter-workings of things that I didn’t previously know so it was definitely nice to have some supplemental training on topics I’ve already been exposed to.

I’d recommend it for most people, especially those that have some beginning knowledge in IT already. Some of the first courses that took me next to no time to complete like the system administration stuff, I felt would be hard for someone that had never been involved with Linux or Windows. However, I went straight to the labs and skipped over material, so I can’t make an official opinion of it.

CTRL of user accounts in Linux – Quick tips

Disable an account

sudo vipw

Modify the appropriate user you wish to disable from /bin/bash to /bin/disabled

webuser:x:500:500:webuser:/home/webuser:/bin/disabled

***This option will NOT prevent login over SSH***

Modify account password or lockout account

Lockout:

passwd -l <<username>>

The -u argument instead of -l will set the account as unlocked.

Modify Password:

passwd <<username>>

Curious for more details on who has attempted logon?

faillog -a

 

Keep in mind, aside from locking a user out, it is equally important to make sure you properly lock down your firewall to expose ports like 22 only to specific IPs. Don’t leave yourself exposed to the world.

The importance of redundancy

Today I had an experience that is not too far off from experiences I’ve seen and experienced in the past, though, not directly caused by me. As a typical (non-ma’ pa’) business setup, it is perfectly normal to have 2 or more domain controllers with DNS on a Windows based network. You ALWAYS want to point your DNS settings in DHCP to your domain controllers (Note the s in that last word). The experience was of maintenance on a server that caused a partial network ‘outage’ as it wasn’t able to find a second DNS server when maintenance was started on the Domain Controller 2. The problem came when, out of our 4 domain controllers, the one I happened to be doing maintenance on was the only one in use by the network…… (and mind you this is a 2008 domain controller, not our Server 2016 domain controller, yes that is an 8 year old server).

This is why redundancy is SO important. You should ALWAYS specify 2 DNS servers if you are in charge of a network. And you should be very conscious of what servers could be decommissioned in the future as well. You should feel a nasty feeling in your gut until you have a second one in there. You should always have more than 1 uplink to your VMWare hosts preferably on a secondary network card. Hardware failure isn’t super common these days, but it does happen. If your company is larger, you want to be sure you have HA (high availability) running on your core network equipment. You want to pay for a second internet provider.

Whether it is a network, a virtual machine, or something else that is business critical, PLEASE make sure you have redundancy built in to prevent issues like this. And if you are the one performing maintenance, you do always want to go over a mental checklist of what a server is performing for the business. If you are also controlling the network, you should NEVER have holes as giant as specifying only 1 DNS server in your network.

Please note, I was not responsible for the network in this particular scenario.

System image vs post install scripts

When it comes to a system image vs running scripts to set up a new computer and the necessary software, I find there is a healthy balance. On one hand it makes much more sense to create an image so out of the box its ready to go, but on the flip side, you have to update the drivers, the software, etc. In my experience, it makes sense to have a balance of both. Install items that update frequently via script so you aren’t plagued with updating your image 5 times a month or manually updating the software on deployment, or just install it via script. Usually installers these days pull the latest version anyhow and its not like the older days where it would be a static version that you downloaded. Take Ninite for example. I’d prefer running it once to having Chrome, Firefox, and whatever other small apps the company required be out of date 2 weeks after I created the image. Granted, the licensing can be a bit spendy for some companies. Some might argue…. why not just run Ninite again to update them. True… easy enough, but why? I like things “fresh”. “Clean”. Call me the tree hugger version of the IT squad I guess. Regardless, there’s never a one-option solution in IT. And that is one of the things that makes it so great!

Change all users to an alternate domain suffix

In Active Directory users and computers, right click Queries> New. Give it a name, click “define query”. Stay on the “Users” tab. Select “Is not” and type an invalid name like testtesttest. Click ok, ok. It should return a result with all users whose name is <<not>> testtesttest. Select all, right click> Properties. Go to Account tab> check “UPN Suffix” and change it to the appropriate suffix. That’s it! There are PowerShell methods to do this too but when handling hundreds of user accounts, you have to be absolutely careful in PowerShell. There are solutions online that work fine that I am not going to post here. This is purely for the GUI. Good luck!

error: