Dwarfsoft [GPA]

One of my main issues with attempting to identify storage on Windows Systems is that the Bus/LUN Id can be stored in multiple places, and trying to track that back to a Volume is pretty hard. So after doing some fairly deep investigation into DeviceIOControl calls to query Page 80 (Device information such as Vendor and type) and Page 83 (which returns the WWID object) I have managed to wrangle the C# into a Type usable from a PowerShell Script.

What is a WWID?

(continue reading…)

I finally got around to fixing one of my biggest bugbears in PowerShell ISE 2.0, and when I did so I found on our new management server that it was broken for PowerShell ISE 4.0. I’m talking about Command Transcription. One of the most useful things I use in my day to day work is Start-Transcript for the standard PowerShell Shell. I have it automatically start in my PowerShell Profile so I can always go back and find how I achieved a particular goal.

I don’t use PowerShell ISE often, but when I do it’s usually because I am researching how to get something to work, or doing a colorized copy of the code for documentation purposes. For a long time I was happy enough with the suggested “Start-iseTranscript” provided by the Scripting Guy Blog.

(continue reading…)

So we had some Blade Chassis and implemented some Firmware upgrades. Surely this should not impact the blades themselves, or the OS on which they run? You’ve got to be kidding right. As soon as the Blade Chassis firmware has been upgraded we lost all four Broadcom NICs, and we had four new Broadcom NICs added in their place. This means that any IP Configuration has been lost and so has, in our case, Team configuration. Due to the four original NICs being removed, their Connection Names have also become unusable, because there are hidden devices that are still using those names.

Firstly, how do we remove devices via PowerShell. The Answer can be found on any Windows 7 workstation in the C:\Windows\Diagnostics\System\Device\CL_Utility.ps1. There is a function there called RemoveDevice.

(continue reading…)

I will start out by simply stating how much I HATE SEP11, and how it handles client scan logs. For some reason there is NO way of getting a client scan log out of the Central Management Console. The whole point of Central Management is being able to … manage CENTRALLY.

Anyway, enough rant. I wrote a batch file to pull the latest (or specified) log file from a list of servers (in a file called Servers.txt). More Source: (continue reading…)

I had started another post on Group Policy editing, and how the Policy files are structured, and how to use and improve on the existing Group Policy Editor tool. The post has been found to be far too epic, so I have decided to cover a smaller subset of recent finds.

As everybody is probably already aware, we use Novell ConsoleOne and Zenworks where I work. ConsoleOne has some interesting features that require that whenever a Group Policy is being edited it takes over as the policy on the machine that is editing it. Rather than have a useful tool like Microsofts Group Policy Management Console, Novell likes to replace the local Group Policy and then just run gpedit.msc. Which is where my first gripe about gpedit.msc comes in:

GPEdit.msc requires line by line entry of things like, for example, port exceptions and program exceptions for the Windows Firewall. This is usually not an issue except that, as I have discussed in previous posts, we have been moving towards a Windows Domain environment. Firewall Exception rules are configured within two places in Group Policy: Domain Profile and Standard Profile. I have found that there is a need to move our current Standard Profile settings across to the Domain Profile settings. After a bit of registry searching I found a neat trick for doing exactly that.

(continue reading…)

Recently I have been working on some rather complicated projects preparing our SOE to move from Novell eDirectory to an Active Directory environment. One of the packages I built was required to run periodically and so I set up a Scheduled Task to accomplish this. Rather than introduce a security risk by creating a new Administrator Account I just created the scheduled task to run as the local SYSTEM account. It turns out that the SYSTEM account does not have as much access as I required, especially when managing user registry hives.

After quite some time looking in to how to achieve my goal I came up with a rather simple, yet ultimately hacky, solution. Give the SYSTEM Account Administrative Privileges.

(continue reading…)

I have recently been having a look into determining the Last Login Time of a user for a BGInfo implementation. Firstly I had a look at the getCurrentUserLastLoginTime script suggested for use with BGInfo. The limitation of this script, however, is that it will reset the login time to the last time the Windows login box was Authenticated against, which also includes the time that the workstation was unlocked.

In order to maintain current BGInfo information the implementation is running periodically, so this is unnacceptable. Therefore I had to work to resolve the issue manually. As I have had a fair bit of experience with Windows Profiles recently (see the last blog post) I was familiar with the ProfileLoadTimeHigh and ProfileLoadTimeLow registry keys in the ProfileList. So I set out to determine how to actually use these to determine the login time. I first wrote some code to get the User SID based on the users “%userdomain%” and “%username%”:

(continue reading…)

As promised, here are the scripts required for the Pre-staging of Domain User Profiles on the local machine. The first thing we need to do is Enumerate all the Local User Accounts.

Function StageAllUsers(DomainFQDN, strDomain)
   ' Enumerate all users that are Local and not built in accounts.
   strComputer = "."
   Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
   'Enumerate users where the User Domain is the Local Machine
   Set colItems = objWMIService.ExecQuery _
                  ("Select * from Win32_UserAccount " & _
                   "Where Domain = '" & GetComputerName & "' " & _
                   "And Disabled = FALSE And Name <> 'Administrator'")
   ' Stage each user
   For Each objItem In colItems
      ' Ensure the account actually has a profile (otherwise we can ignore it)
      If GetLocalUserProfile(objItem.Name) <> "" Then
         ret = StageUser(objItem.Name, DomainFQDN, strDomain)
      End If
   Next
End Function

The functions called here are GetComputerName, which returns the name of the local machine, and the other important ones are GetLocalUserProfile and Stage User. The first we can check is GetLocalUserProfile. (continue reading…)

Well, I have been very slack in that I haven’t updated with my Group Policy investigations or the eDirectory VBScript classes I was working on, but what I have been involved in recently is working on Migrating Workstations from Novell eDirectory to Active Directory.

In this process I have come across an array of options in migrating accounts from a Local User account to Domain User account and transferring the profiles across to keep the user “look and feel” that they are accustomed to.

One problem: In this scenario it makes for a very manual rollback strategy, no matter how much scripting and automation is involved in the migration process. This boils down to Novells implementation of “Dynamic Local User” which effectively creates a Local User Account that is not really bound to a User Account in eDirectory for Authentication or mapping purposes (which you can see if you look at the account SIDs).

(continue reading…)

I have updated my GTD-PHP Email Import Addon so that it now integrates with the current Subversion revision of the code. There is one bug left in it, in that it will not check that there is a mail server set before it tries to connect. I find that this error occurs the first time the session is established with the server, and from then on it works fine. By performing an error check against $server = “” I should be able to remove that bug as well.

The updated EmailImport Addon is now available for download from the GTD-PHP Trac wiki.

(continue reading…)