Workstation force WSUS check

New task – how to force the workstation to check updates on WSUS, open Powershell:

PS C:\Users\nick.korkishko> Enter-PSSession workstation12

[workstation12]: PS C:\Users\TEMP.DERMATOLOGY.014\Documents>  wuauclt /detectnow

Posted in Windows Server | Tagged , | Leave a comment

How to identify list of inactive computers and move them to another OU

New task for IT: identity list of inactive computers and move them to another OU.

As usual, PowerShell will help us.

# Name : ListinActiveComputers.ps1
# Purpose: Get active computer accounts from active directory by
# checking the last logon date. Get the propoerties of computer
# account (name,OS,OSverion,lastlogondate and CanonicalName)
# and save it to inActiveComputers.html file.
#
# Written by Nick Korkishko and Andrew Svintsitsky
# Date written: 05/01/2017
#

Import-Module ActiveDirectory
# Inactive computers Organization unit – where do we need to move inactive computers
$OUname = “OU=InActive computers,DC=nicoljako,DC=local”
# get today’s date
$today = Get-Date

#Get today – 60 days (2 month old)
$cutoffdate = $today.AddDays(-45)

#Get the computer accounts filtered by lastlogondate. Select
#only required properites of the computer account and
$inactivecomputers = Get-ADComputer -Properties * -Filter {LastLogonDate -le $cutoffdate }
#Move Computers to Another OU
$Movedcomputer=@()
foreach ($Computer in $inactivecomputers){
if ($Computer.distinguishedname -notlike “*$OUname*”){
$Computer | Move-ADObject -TargetPath $OUname
$Movedcomputer+=$Computer
}
}
#Export report to HTML
$Movedcomputer | sort -Property LastLogonDate | `
Select Name,OperatingSystem,OperatingSystemVersion,LastLogonDate,CanonicalName | `
ConvertTo-Html -Head “Moved inactive computers to $OUname”| out-file ./inActiveComputers.html

In the end, you will have:

  1. Report about moved inactive computers to proper OU (in this ex. OU=InActive computers,DC=nicoljako,DC=local)
  2. Moved computers to OU=InActive computers,DC=nicoljako,DC=local
Posted in Windows Server | Tagged , , , , | Leave a comment

Kiosk mode on Windows 10 Pro

If you want to allow kiosk mode on Windows 10, you will face next issues:

  1. Microsoft Edge is not working in Kiosk mode. You will be able to log in but EDGE will not allow you to type any webpage

    Set-AssignedAccess -AppName Microsoft.MicrosoftEdge -UserName testuser

  2. IE is not available on Windows 10 due it’s not Store App.

You will ask what should I do. We have the solution:

  1. LogIn to your machine as admin [admin should be able to login to Microsoft Store]
  2. Find next application: Kiosk SP Browser
  3. Install
  4. Create user ID in Windows which will be able to LogIn to machine (this can be standard user) we create: testuser
  5. Login to testuser and install Kiosk SP Browser, you will be able to login to store with your personal Microsoft account.
  6. After the first run under testuser, you need to do next:

a. Click on Gear icon

b. Type home URL

c. Validate Home URL

d. Set all setting which you want (FYI: Timeout is not clearing cache and sessions if you log into Office365 and Timeout elapsed, next time you will be auto log in)

e. Save setting.

7. Logout from testuser.

8. Login to your admin user.

9. Run PowerShell ISE under administrator.

10. Run

Get-AppxPackage | ft name

11. You will get list of apps, last installed will be your Kiosk App:

Name
—-

Microsoft.Windows.Photos
Microsoft.People
microsoft.windowscommunicationsapps
OperaSoftware.GetOpera
Microsoft.WindowsAppStudioInstaller
15582137-b1ec-47b4-a94c-d38846ee916d
48371ShawnParker.KIOSKSPBrowser

12. Next command:

Set-AssignedAccess -AppName 48371ShawnParker.KIOSKSPBrowser -UserName testuser

13. Log in to testuser and test

If you need to reset settings of AssignedAccess or SingleApp mode run next:

Clear-AssignedAccess

Thanks Andryi Svintsitsky for help.

Posted in Uncategorized | Leave a comment

Identify users in Groups by powershell

New task: list of users in Group (in ex. Domain Admins):

#Script is writen by: Mykola Korkishko and Andryi Svintsitsky

$array =@()
 $AllUsers=Get-ADUser -Properties * -Filter *
 foreach($user in $AllUsers){
 #$Groups=$user |select -ExpandProperty Memberof
 if ($user.MemberOf.Contains("CN=Domain Admins,CN=Users,DC=rcadv,DC=com") -and $user.Enabled -eq $true){
 $array+=$user.name
 }

}
 $array | out-file domain_adm_group.txt
Posted in Windows Server | Tagged , , , , | Leave a comment

IE version collection with PowerShell

Task for IT: collect statistic about IE versions in your environment without inventory system.

What you need to enable: Remote registry on computers

Run PowerShell script:

#Script is writen by: Mykola Korkishko and Andryi Svintsitsky

$array =@()
 $keyname = 'SOFTWARE\\Microsoft\\Internet Explorer'
 $today = Get-Date
 $cutoffdate = $today.AddDays(-30)

$computernames = Get-ADComputer -Properties * -Filter {LastLogonDate -gt $cutoffdate}
 foreach ($server in $computernames)
 {
 $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $server.name)
 $key = $reg.OpenSubkey($keyname)
 $value = $key.GetValue('Version')
 $obj = New-Object PSObject

$obj | Add-Member -MemberType NoteProperty -Name "ComputerName" -Value $server.name

$obj | Add-Member -MemberType NoteProperty -Name "IEVersion" -Value $value
 $array += $obj
 }
 $array | select ComputerName,IEVersion | export-csv IE_Version.csv
Posted in Windows Server | Tagged , , | Leave a comment

Terminal server session disabled

Sometimes, when you are trying to do RDP,  you can see the error: terminal server session disabled. You will not be able to do anything remotely with the server, especially from Server Manager – you will see Kerberos authentication error message.

To resolve this you can do next:

  1. Download PSEXEC tools from Microsoft – https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
  2. Extract zip archive to PSEXEC folder
  3. Open CMD
  4. Navigate to PSEXEC folder
  5. Execute next command:

    C:\Users\nick.korkishko\Downloads\PStools>psexec.exe -u administrator -p yourpassword  \\192.168.1.10 change logon /enable

  6. After enter you will see next message:

    PsExec v2.2 – Execute processes remotely
    Copyright (C) 2001-2016 Mark Russinovich
    Sysinternals – http://www.sysinternals.com

    Session logins are currently ENABLED
    change exited on 192.168.1.10 with error code 1.
    C:\Users\nick.korkishko\Downloads\PStools>

Posted in Windows Server | Tagged , , | Leave a comment

Windows 7 stuck on update

If you just install Windows 7 and you can’t update it. You just need to install AntyVirus – Microsoft Essentials will be enough. As soon you will install and update AV everything will be ok.

Posted in Uncategorized | Tagged , , | Leave a comment