Windows

Change the password age in bulk for Active Directory accounts

Ran into an interesting situation where pretty much all domain accounts did not follow the default password policy and had the option of ‘password never expires’ checked. I needed to fix this immediately without impacting the users and expiring any accounts that may affect the business.

I needed to adjust the password age for all domain accounts so that they follow the password aging policy. Typically a password age policy is upto 90 days. Powershell to the rescue:

So now that all the accounts have a password age of 1 day. Time to uncheck that ‘password never expires’ box. Now for some service and system accounts I wanted them to have password never expires. So now I needed to work with a filtered set.

I grabbed the accounts I wanted and was able to save them in a .CSV file.

change.csv contents:

Now to perform the task on each account:

Hope this helps if you run into a similar situation.

Remove licensing from ESXi host

WARNING: This is for education/informational testing/development purposes only, and should not be used on a production server.

WARNING: This trick will only work with an ESX(i) stand alone server.  It will not work if the ESX(i) server is connected to a vCenter Server, as the vCenter Server knows better than to let you do this.  (you can always remove and readd the ESX(i) server to vCenter.)

To reset your ESX 4.x, ESXi 4.x and ESXi 5.x 60 day evaluation license:

  1. Login to the TSM through SSH or Shell
  2. Remove the following two files:
  3. Reboot server

If your ESX server is connected to a vCenter server, please remove the ESX server first.  Once the steps above are completed, you can add it back to the vCenter server.

Command to remove the license and reboot the ESX host:

After reboot, logging on the ESXi server, you should be greeted with this message.

60-day-evaluation

For ESXi 5.1 and ESXi 5.5, you may need to continually remove the license files as the server reboots for this to work.  The following should do this quite nicely:

An alternative would be restarting the services, it should work just as well as rebooting the server:

For vCenter
1) Create a DSN to your local SQL Express instance that holds your vCenter DB.
2) Uninstall virtual center
3) Re-install virtual center and point to your DSN making sure not to overwrite.

With this method, I have been able to refresh my 4.1 and 5.0 hosts.  Have not confirmed if this works for 5.1.

How to remove hidden network adapters

Windows automatically hides devices that are not presently connected to the system, but they still exist in Windows’ configuration. This is especially problematic when changing virtual network adapters and not being able to remove IP configurations from old adapters. To resolve:

  1. Click Start, click Run, type cmd.exe, and then press ENTER.
  2. Type “set devmgr_show_nonpresent_devices=1“, and then press ENTER.
  3. Type Start DEVMGMT.MSC, and then press ENTER.
  4. Click View, and then click Show Hidden Devices.
  5. Expand the Network Adapters tree.
  6. Right-click the dimmed network adapter, and then click Uninstall.

Quick and Simple Way to Export DHCP Scope Settings From One Server to Another

Applies to:

Windows Server 2008 R2, Windows Server 2012R2, Windows Server 2016

From the command prompt on the source DHCP server run the following command:

2.  Copy the “dhcp.dat” file to the new, or destination, DHCP server and run the following command:

While running the export command, the DHCP service will be temporarily stopped and won’t respond to DHCP requests.  Also, the import will fail if there are any existing DHCP scopes that overlap with the original DHCP servers configuration.

Find out mapped network drive logins

If you have shared drives in a multi-domain environment and need to know what each drive was logged on as, this is the command to find out:

or

or

Another way to see this is to look on the machine that is hosting the shares.
Look in Computer Management -> Shared Files -> Open Files.

This will list the user account that is being used.

Remove group membership of disabled accounts

Majority of the system administrators I’ve met forget this very important rule. When an account is not needed remove its membership from the security/ distribution groups, otherwise you get disabled account showing up in groups, and that looks ugly.

You will need Quest ActiveRoles for Powershell installed to get this working.

Depending on the size of your organization you may need to increase the limit of results to 3000 or more. Default is 1000

Next, create a list of accounts that you will be modifying so we know what we will be removing.

Once you have the list saved. Execute the following:

Membership is stripped from groups, where the user account is disabled.

ManageEngine ADSelfService Plus – How to apply a wildcard cert ?

ADSelfService Plus by ManageEngine is a great tool. The instructions provided to configure SSL did not work for me, but I was able to figure it out doing the following:

You need a PFX File: Wild Card Cert for *.yourdomain.com (Yourdomain-WildCard.pfx) – This can be generated/ exported by IIS if you have a wildcard cert.

STEPS to apply and use Wildcard cert:

  1. Enable SSL in ADSelfService Plus.
  • Click “Admin” tab –> Product Settings –> Connection.
  • Enable “Enable SSL Port [https]” check-box -> click “Save” button.
  1. Stop ADSelfService Plus. (Start –> All Programs –> ADSelfService Plus –> Stop ADSelfService Plus) .
  2. Save the “.pfx” file under “C:\ManageEngine\ADSelfService Plus\conf”, take a backup copy of server.xml file and then edit the “server.xml” file.
  3. Go to the bottom of server.xml file and edit connector tag and add the keystoreFile, keystorePass, keystoreType  and save the file.
  1. Start ADSelfService Plus or restart the server.

Hope this helps!

Deleting Thumbs.db & Desktop.ini files and How to prevent them

Removing thumbs.db file from explorer might take time. So you may also try the command interface.

  • Press Windows Key + R for Run window, type cmd for opening command prompt
  • del /s /ah thumbs.db

This command will quickly remove thumbs.db files from your computer.

How to prevent thumbs.db file from getting recreated?

The above method only can help you in removing the created thumbs.db file, but it can’t prevent creation of newer thumbs.db files. If you have plenty of photos in your PC, these files will get regenerated easily and start consuming hard disk space.

To prevent this file from getting generated, try this tweak.

  • Press Windows key + R for opening Run window. Type gpedit.msc and hit Enter
    Note: Group Policy Editor is a feature included with premium versions of Windows mainly the professional and enterprise edition. So if you don’t get any window opened after typing gpedit.msc, the version of windows in your PC may not support that feature.
  • On the left side of Group Policy Editor window, open User Configuration -> Administrative Templates -> Windows Components -> File Explorer (Windows Explorer in 7, File explorer in Windows 8). On the right side double click on “Turn off the caching of thumbnails in hidden thumbs.db files”. Click Enabled. Click OK

thumb.db-gpedit-1

thumb.db-gpedit-2

Once the step is done, no more thumbs.db files will be generated in your computer.

Find files hiding in a lot of sub directories

So I was moving a lot of my music to Amazon Cloud Drive, and ended with a lot of files still showing under a lot of sub directories. Problem was – how do I know which files are in what sub directory with out going into each of them.

Here is the answer:

This captured all the files in the sub directories and saved them to list.txt

Hope this helps.

Find out Windows version from an ISO file

So we download a lot of .ISO file from various sources. I needed to install Windows 10 x64 Pro and was having trouble identifying which was which from the different versions I had been testing. This was important to me because I needed to know if it was Retail, VL, or MSDN. This should work for Vista and up, basically any windows that has WIM files within.

First you will need to mount the ISO file to a computer so you can browse it. Then open up a command prompt as administrator and run the following command.

(I is the drive letter for the mounted ISO file)

Here is an example of the output from the command for a Windows 10 Pro ISO.