Category Archives: Windows

WSUS Server unable to obtain updates

If a WSUS server fails to obtain updates with the following error: “wsus the request failed with http status 404 not found” this might be because it still uses an old/outdated URL (https://fe2.update.microsoft.com/v6) to obtain the updates from.

This can be checked and changed with the following PS1 Snippet:

$server = Get-WsusServer
$config = $server.GetConfiguration()
# Check current settings before you change them 
$config.MUUrl
$config.RedirectorChangeNumber
# Update the settings if MUUrl is https://fe2.update.microsoft.com/v6
$config.MUUrl = "https://sws.update.microsoft.com"
$config.RedirectorChangeNumber = 4002
$config.Save()
iisreset
Restart-Service *Wsus* -v

PowerShell AD Snippet

Simple snippet to get a list when the passwort of a service user was set the last time.

Get-ADUser -Filter 'Name -like "svc*"' -Properties * | select Name,@{name ="pwdLastSet"; expression={[datetime]::FromFileTime($_.pwdLastSet)}}

Requires the Active Directory Powershell module to run.

Command must also be run in an elevated powershell session (Run as Administrator)

Otherwise the pwdLastSet attribute will not be obtained!

Sid To Username

Param
(
    [parameter(
        Mandatory=$true,
        HelpMessage="User SID"
        )
    ]
    [String]
    [alias("sid")]
    $user_sid
)
$objSID = New-Object System.Security.Principal.SecurityIdentifier $user_sid 
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) 
$objUser.Value

Windows – Automatically power on printer on new Print job

My printer at home is powered of most of the time to save power as I’ll only print a couple of pages once every while.

As i was teached that technicians shall be lazy I use a Sonoff POW R2 to work around getting up and switching on the printer when I want to use it. The Sonoff was flashed with Tasmota to as I don’t want some chinese company to have some backdoor within my IOT-home net.

However, I still had to open up the sonnoff webpage every time and hit the power-on-button for my printer to come up and that’s still some work to do which could be avoided in honor of laziness.

So, the ingridents to a lazy but power saving printer are:

  • The Tasmota WEB API
  • Windows Event Log
  • Windows Task Sheduler

We can configure a Task that’s running in case a specific event log entry is appended to the event log and call the printer’s API to switch on the power every time somebody adds a new print job to the OS printer queue.

Event log config (eventvwr.msc)

The entry we want is: “Microsoft-Windows-PrintService/Operational” (Applications and Service Logs -> Microsoft -> Windows -> PrintService : Operational)
That log needs to be enabled first:

Once that’s done there will be new entries every time a new printjob is added:

The interesting part is the Event with the ID 800 -> that’s the one we are looking for as it logs that there is a new spooling job.

Create a Batch-Script to call the Tasmota API

That’s pretty easy. I suggest to simply create a batch script witht he following content:

@echo on
C:\Windows\System32\curl.exe "http://<IPADDRESS>/cm?cmnd=Power%%20On"

As curl already comes with newer installations we can simply use it for our call. A powershell could also be used, but by creting a batch script we do not have to deal with the PS-execution policy settings and getting them correct to work.

Create a Task (taskschd.msc)

A new task needs to be created. The Trigger is a specific event-log enty:

With the correct event configured:

As an action we just want to start a program which is the batchscript witht he content from above.

Once that’s done, the script will be run by the task scheduler every time someone hits the “print” button. Running the script will power up the printer automatically and Windows will print the page as soon as the printer is reachable. – so nomore getting up to power the printer manually ūüôā

Start PS-Admin session from an unprivileged user

 runas  /user:administrator 'powershell -command Start-Process powershell -verb runas' 

Windwos telephone activiation – shortcut

When using the telephone activiation select the option that MS sends you a link to an activation page. http://md.vivr.io/XxX0c0C Use the link and the following commands on the computer to extracte the activaition ID from the system, paste it on the webinterface and copy the confirmation ID back to the system. To paste the activiation ID on the Microsoft Website use the cscript command to print the ID to the command prompt, copy it to Keepass in the autotype field and use the autotype option to paste the blocks. To strip the response NPP + the follwoing regex can be used: [A-Z]|\t|\n -> Strips all upper case characters, tabstops and CRs

 

Tools Needed:

  • KeePass (or any other autotype tool)
  • Notepad++
    NPP-Regex for search and replace: [A-Z]|\t|\n

 

Commands:

#Install Productkey
slmgr /ipk <ProductKey>

#Display activation ID
cscript C:\Windows\System32\slmgr.vbs /dti

From <https://social.technet.microsoft.com/Forums/windows/de-DE/3ead2d77-00fc-4c06-b4c0-82eae0ebc2bc/save-slmgr-dli-output-to-text-file?forum=w7itproinstall>

#install confirmation ID from Microsoft
slmgr /atp <Confirmation ID>

#Check Status
slmgr /dlv

OR
slmgr /dli

From <http://www.thewindowsclub.com/view-licensing-status-activation-id-windows-slmg

Powershell/PowerCLI very slow execution Time

Sometimes a PowerCLI-script can take quite some time till everything is executed. For example the PowerShell scripts used by Zabbix to gather the vCenter alarms into Zabbix (BlogPost) need some tuning to run fine.

So why are scripts running slow in some cases?
It seems to occur primary on systems which do not have a connection to the internet. As a matter of fact – most of the systems I’m setting up “lose” internet connection sooner, or later. :/

What exactly causes the problem?
While investigating that problem i found an interesting feature which seems to cause the problem – certificate checks!
There is an IE-setting which is named “Check for publisher’s certificate revocation ” and can be found at: Intenet Options -> Advanced -> Section: Security ->Disable:¬†Check for publisher’s certificate revocation.

Disabling the certificate checks improves the execution time by about 60%.

certificate-check enabled:

Days              : 0
Hours             : 0
Minutes           : 0
Seconds           : 41
Milliseconds      : 536
Ticks             : 415369143
TotalDays         : 0.000480751322916667
TotalHours        : 0.01153803175
TotalMinutes      : 0.692281905
TotalSeconds      : 41.5369143
TotalMilliseconds : 41536.9143

 

certificate-check disabled:

Days : 0
Hours : 0
Minutes : 0
Seconds : 16
Milliseconds : 262
Ticks : 162628208
TotalDays : 0.000188227092592593
TotalHours : 0.00451745022222222
TotalMinutes : 0.271047013333333
TotalSeconds : 16.2628208
TotalMilliseconds : 16262.8208

 

If the script is run from a normal user account everything should be fine and we have an improved execution time, BUT …

… if the script is run from an Service (and as a matter of fact I’m using the Zabbix agent service to run the script) we got a problem.
With default settings the Zabbix Agent is installed to run as nt authority\system, so if the IE-setting is changed for the current user, its working for this user, but not for the system user. ūüôĀ
So a quick and dirty workaround could be to disable the setting for the system user.
ATTENTION: Running the Zabbix Agent as a system user is OK for a DEV-environment, but should not be used in an production environment. For production a dedicated service user should be used.

I disabled it by becoming a system user with

[pastacode lang=”bash” message=”” highlight=”” provider=”manual”]

PSEXEC -i -s -d CMD

[/pastacode]

and launching the IE from the command prompt. Afterwards I was able to disable the setting via the above method.

Otherwise the Key could also be found in the registry at:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
0x00023e00 / 146944 Check OFF
0x00023c00 / 146432 Check ON

A simple PS-Script to disable the setting would be:

[pastacode lang=”bash” message=”PowerShell to disable Publisher certificate checks” highlight=”” provider=”manual”]

Write-Host "Disable Check for publisher’s certificate Revocation"
set-ItemProperty -path "REGISTRY::\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\" -name State -value 146944

[/pastacode]