DHCP Admin Group in Server 2012

DHCP Admin Group in Server 2012

The DHCP admin group is a Windows security group used to provide DHCP admin access to users who need to perform DHCP admin function in their work role(s). The sister group, DHCP Users provides read only membership to see DHCP information.

In Server 2012, Microsoft disabled the DHCP users group and hid it from view. This can be a bit frustrating if you need to use this group! The reason I believe was that Microsoft considered this to be a more secure arrangement.

Re establishing the DHCP Admin and DHCP user groups is rather simple. On the Server, open an administrative command prompt and enter: netsh dhcp add securitygroups then press enter. This will add both groups to your group management console (you may need to refresh to see them)

This article can also be found on our sister site Dizzyit.com at: http://dizzyit.com/2015/03/26/dhcp-admin-group-in-server-2012/

Adding DHCP Admin and User Groups

Use Powershell to Uninstall or Install Windows Roles and Features

Use Powershell to Uninstall or Install Windows Roles and Features 

You can use Powershell or uninstall or install Windows Roles and Features instead of using the GUI. This is especially useful in two scenarios : Server Core installations and also for scripting (new server installs, remote installs etc).

Firstly, you will need to identify the name of the Windows Feature that you wish to add / remove. Open an Administrative powershell prompt and type:  get-windowsfeature

Get-Windowsfeature

Once you have identified the roles and feature that you wish to remove (in this case we are going to remove the gui shell) tye the command uninstall-windowsfeature . If you want to force a reboot at the end of the process then use the -reboot switch.

Uninstall-windowsfeature

If you wanted to re install this feature, or install any other feature then again open an administrative powershell prompt and type install-windowsfeature

Install-WindowsFeature

Again, if you wanted to force the reboot (especially useful when scripting this then add the -reboot switch.

This article can also be found on our sister site DizzyIT.com at : http://dizzyit.com/2014/04/07/use-powershell-uninstall-install-windows-roles-and-features/

How To Fix Windows Update Issues in Windows 8, 7, Vista, Server

How To Fix Windows Update Issues

Windows update can cause several issues, often leaving you with a cryptic error message such as 0x8024402c, 80070643, 8024800A or many others. Alternatively, you may also get an error like "Windows update cannot check for updates because the service is not running" . This article will go through how to troubleshoot Windows Update issues as a whole.Instructions for various specific issues such as those shown above can also be found on this site (just use the search feature to locate them).

Before making any changes to your system, please create a restore point or make a backup of any important work such as photos or documents. If you are unsure on how to create a restore point, please consult this Microsoft article: http://windows.microsoft.com/en-au/windows7/create-a-restore-point

Windows Update Fix It Tool

This tool is a great starting point for troubleshooting Windows Update and is highly successful in resolving a variety of issues. The Tool can be downloaded here: http://support.microsoft.com/mats/windows_update/ . At the time of writing there was no Windows 8 64 Bit version of this tool, hopefully Microsoft will make a version available in the near future.

Also available is The System Update Readiness tool, located here: http://windows.microsoft.com/en-au/windows7/what-is-the-system-update-readiness-tool . This tool will troubleshoot your system and solve any problems. The program is not very verbose, in that it doesn't really tell you what its doing, however it is effective in rectifying common Windows Update Issues.

Windows Update Log

For Those who wish to do further troubleshooting or if the above tools do not solve your issue, the Windows Update Log is a great place to start looking for clues as to what is going on. to access the log open a Run Command and type (or just copy from this blog) %Windir%\windowsupdate.log and press Enter. I have included a snippet from a log below:.

In this case, the log is displaying that error 0x800f0902 has occurred where Windows was unable to download updates. This is a fantastic starting point for further troubleshooting of issues that are occurring.

Windows Services

There are three main services involved with Windows Update, the Windows Update Service, Background Intelligent Transfer Service (BITS ) and the Workstation Service. If any of these are not started and running, Windows will be unable to apply updates.

To access the Windows Services open a Run Windows (Windows Key + R) and enter services.msc . This will open a Microsoft Management Console (MMC) showing Running Services.

For each of the above services check the following:

1. Scroll down till you find the service (in this case Background Intelligent Update Service). as seen in the picture, the status should be Running and the Startup Type should be :
• Automatic (Delayed Start) for the BITS service
• Automatic for the Workstation Service
• Manual (Trigger Start) for the Windows Update Service - (note that on some Windows 7 Systems it may also be set to Automatic Start)
2. If the services are shut down, or not set to the appropriate start up type:
• Double Click on the Service. This will open the Properties Window for the service
• Change the Startup Type to the correct mode and /or click start to start the service
  
3. If the service will not start, then a good thing to do is run the above Fix It Tool or System Update Readiness Tool and see the results. failing that, consult the Windows Update log as also shown above.

Deleting Windows Update File Locations

If you have an update that will not successfully install (e.g. it repeatedly tries to install but fails when shutting down) or further investigation has suggested, it may be necessary to manually delete the files and folders containing Windows Update data and database. Please ensure that you have backed up any data or created a restore point before deleting any files

Note that before doing this you may need to stop with Windows Update Service. - see above for instructions on how to locate the service. once found double click the service to expose the properties window and choose stop. After you can either reboot to start the service or double click and choose start

The Windows Update download location can be found at C:\Windows\SoftwareDistribution\Download . This is the repository where windows stores downloaded updates.

Its normally OK to delete these files as they are just the installers, not the actual applied updates. To delete these , click on the window, and press Control and A . This will highlight all the items in the screen. Right Click and choose Delete. answer YES to any verifcation prompts.

The Windows Update Download location is found at C:\Windows\SoftwareDistribution\datastore . 

This is the actual location of the Windows Update Database. if this database is corrupted then it may be easiest to delete it. Windows should create a new database automatically. To delete the database, open the location above click on the window, and press Control and A . This will highlight all the items in the screen. Right Click and choose Delete. answer YES to any verification prompts.

Uninstall Windows Updates

Occasionally you will installa n update that may not play nice with your system due to incompatibility with other installed programs, a failed install or occasionally an update that is not functioning as Microsoft intended. to remove these updates:

1. Open Control Panel
• In Windows 7 / Vista / 2008 go to Start -> Control Panel
• In Windows 8, or Server 2012 go to the Start Screen  and type Control Panel. this will bing up the control Panel Icon. Choose this Icon
  
2. Select to view by Small Icons (Optional) then choose Programs and Features
   
3. in the left hand corner, select View Installed Updates
   
   
   
   

From this location you can uninstall any updates that you are having problems with. The trick here is to know which update you are looking for that is causing you a problem. This may be identified by either the Windows Update Log (see above), Windows Event Viewer, personal observation or other knowledge base searches.

This article has discussed various ways of troubleshooting Windows Update problems and how to resolve them.

Windows Update Error 0x8024402C in Windows 7, 8, 2012, 2008 R2, Vista

Windows Update Error 0x8024402C in Windows 7, 8, 2012, 2008 R2, Vista

Windows Update Error 0x8024402C occurs when running windows update and you try to connect to the Windows or Microsoft Update Website.

Please see this post for an overview of how to troubleshoot Windows Updates: How to Troubleshoot Windows Update Issues

if you view the logs located at: %windir%\windowsupdate.log you may also see this error present like this:

FATAL: SelfUpdate check failed, err = 0x8024402C

2013-05-11 11:41:27:095 1208 2344 Agent  * WARNING: Skipping scan, self-update check returned 0x8024402C

2013-05-11 11:41:27:095 1208 2344 Agent  * WARNING: Exit code = 0x8024402C

This issue is commonly caused by Firewall Settings not being correctly set within Internet Explorer. There are 3 ways in which you can attempt to correct this error:

Method 1:

Download and run the Microsoft Windows Update Readiness Tool located at: http://support.microsoft.com/kb/947821 . If this fails to solve the issue then please try one of the other methods.

Method 2:

This Method is for if you ar ein a corporation or campus that uses a Proxy Server.

1. Open Internet Explorer and go to Tools -> Internet Options
   
2. Click on the Connections Tab, select LAN Settings and choose OK
   
3. Choose the Advanced Button
4. Clear any entries under the exceptions window and choose OK
   
5. Open a command prompt:
1. In Windows 7, Vista, 2008 either:
1. Go to start  chose run and type in cmd and press OK . Or:
2. Type command prompt into the search bar in the start menu
   
2. In Windows 8 
1. Go to the Start Screen and type command prompt. This will open a search screen where you can then select command prompt from the right hand side
   
6. in the command prompt window, enter the following pressing Enter After each command
1. netsh winhttp reset proxy
2. net stop wuauserv
3. net start wuauserv
   
7. restart the computer and try and install updates again

Method 3:

1. Open Internet Explorer
   
2. Go to Tools -> Internet Options
   
3. Click on Connections -> LAN Settings
   
   
   
   
4. Select Automatically Detect Settings 
   
5. Choose OK
6. close and re open Internet Explorer and try installing updates again.

Delegate Authority in AD to add and remove computers

Delegate Authority in AD to add and remove computers

Delegation of Authority in AD is a good idea to manage the level of access given to technicians. Normally, authenticated users within the AD environment (i.e users) can add up to 10 machines to a domain. after this, the privilege is revoked.

When configuring these settings, it is advisable to set only on the OU's that you wish to delegate the authority on. Many times, its too easy to just want to save time and effort and set this at the top level of the domain, however this will come back to bite you big time if your help desk lackey deletes your domain controllers......

In order to configure the delegate authority to add and remove AD computers do the following:

1. Open up AD users and computers and navigate to the OU that contains the workstations / servers that you wish to delegate. 
2. Right click on the OU and select Delegate Control
3. click Next past the welcome screen
4. select the group  you wish to delegate access too, e.g. a group named helpdesk or level1_techs etc.
5. choose create a custom task to delegate and choose Next
6. select only the following objects in the folder and then select Computer Objects as well as the tick boxes Create selected objects in this folder and Delete Selected objects in this folder. Choose Next
7. In the Permissions window, select:
1. Create all Child Objects
2. Delete all Child Objects
3. Read All Properties
4. Write All Properties
5. Change Password
6. Reset Password
7. Validated Write to DNS Host Name
8. Validated Write to Service Principal
8.  Note that several other sub settings will be enabled after choosing the above settings. Leave these as they are and choose Next
9. Choose Finish to finalize the settings.

And that's it! As always, you should now thoroughly test these settings prior to distributing to them the required users to ensure that they have the required level of permissions (ie not too many and not too few). an easy way to test this would be to get the user to add or re add a workstation to the domain.

of course there are several other things you can do with delegation of authority including assigning permissions for user creation many other settings.

The above article discusses how to delegate authority in a Windows Active Directory domain for adding and removing workstations or computers.

This article can also be located on our sister site DizzyIT.com at http://dizzyit.com/2013/05/23/delegate-authority-ad-add-remove-computers/

Allow Remote Desktop or Remote Assistance Connections through Windows Firewall

Allow Remote Desktop or Remote Assistance Connections through Windows Firewall

To Connect to a remote session, the receiving computer must be able to communicate with your computer. In order to do this, you or the administrator may need to open a port in the firewall to allow this connection to happen. This is a common pain point and something that many administrators forget to do from time to time! When you choose to Enable a remote desktop Connection, the system may do this for you, however this is not always the case. Luckily, its quite simple to allow a remote desktop connection through the Windows Firewall:

1. Open Control Panel and Choose Windows Firewall
2. In the top left hand corner choose Allow a program or Feature through Windows Firewall
3. you are now presented with a list of programs. Scroll down to R where you will see 3 options pertaining to Remote Desktop / Assistance:
1. Remote Desktop - Choose this to allow remote Desktop Services
2. Remote Assistance - Choose this to allow shared screen remote assistance to your machine
3. Remote Desktop - Remote FX - this is a Windows 7 Service Pack 1 / Server 2008 R2 and later feature that provides a rich desktop experience for features like sound and graphics.
4. Choose the options pertaining to you by ticking the box in the connections you will allow this for ( Domain, Home / Work, Public)
5. Choose OK
6. you have now allowed remote desktop and / or remote assistance connections to your computer. to disable this, just un tick the boxes you have ticked in the firewall.

To Connect to a Remote Desktop Computer

To Connect to a Remote Desktop Computer

1. To open a remote desktop connection, either:
1. go to Start then Run and enter mstsc and press OK
2. go to Start, All Programs, Accessories, Remote Desktop Connection
3. In the Computer field, enter the Computer Name or IP Address of the computer you wish to connect to. If you are unsure of what this is, a few simple ways to find out are (these are done on the remote computer)
1. ask your administrator / help desk / remote desktop provider for the address needed
2. Open a Run Command (go to Start and Run or Windows Key + r), enter ipconfig  and look for the IPAddress field. you may need to scroll up to see this. you may also, depending on the configuration have a couple to choose from.
3. open a Run Command (start and Run or Windows Key + r) and when presented with the black DOS screen, enter hostname. This is the name of the computer.
4. You can chose the Options button to set parameters such as connection profile, display properties, whether to run specified programs, connection bandwidth and more, however this is optional
5. choosing Connect will initiate the connection.
6. you may be prompted for the log in credentials of a user on the remote machine that is allowed connection, enter these details here.
7. You should now have established a remote desktop connection to another computer

Enable a Remote Desktop Connection

Enable a Remote Desktop Connection

Remote Desktop allows you to connect to a computer over a network and utilize it as if you were sitting in front of it at the terminal. This is different to Remote Assistance which is a shared interactive experience used primarily for support purposes. In most versions of windows clients, only a single user may connect at a given time to a computer. This is different in Server installations, where a maximum of 2 remote connections are Nativity supported, and Terminal Servers where hundreds to thousands of remote clients can be supported. To enable Remote Desktop in a Windows Client:

1. Open Control Panel, then navigate to System choose Advanced System Settings and choose the Remote tab
2. In the second half of the page, you see Remote Desktop and have 3 options, choose the 1 most relevant to you. Choosing option 2 will be the most "user friendly" solution. If in doubt, consult your organisations security policy.
1. Dont Allow Connections to This Computer - This prevents all users from establishing a remote desktop connection with your computer. This is the most secure setting.
2. Allow connections from computers running any version of remote desktop - This setting is the most generic, and most commonly used. It allows almost all Windows based remote desktop clients to Connect
3. Allow connections only from computers running Remote Desktop with Network Level Authentication - This setting means that only computer that have Network Level Authentication enabled will be able to connect. This setting is most common in well structured corporate environments
3. Choose Select Users. Here you enter the users that you want to have access to your computer. The user currently logged in is normally automatically added, as are Domain Administrators in a network Environment. Choose the user / group that you would like to have access and choose OK  and OK again to exit
4. you have now enabled remote desktop on your computer. please note that you may need to open a firewall rule in order to access the desktop remotely. 

Enable a Remote Assistance Connection

Enable a Remote Assistance Connection

Remote Assistance will allow select individuals (those that you or your organisation allows)  to connect to your computer to collaborate or solve issues that you may be experiencing. This is an interactive experience in contrast to Remote Desktop, which forms a remote terminal style connection with an individual user having sole control of the desktop environment. To Enable Remote Assistance you:

1. Open Control Panel, then navigate to System choose Advanced System Settings and choose the Remote tab
2. At the top of the page, you will see Remote Assistance. Tick the box  Allow Remote Assistance Connections to this computer then click apply. 
3. Choose the Advanced Button.
4. If you want to allow your computer to be able to be controlled remotely then tick the box Allow this computer to be controlled remotely
5. The Invitations box allows you to choose the amount of time a remote assistance request remains valid. For Security reasons, its better to keep this number shorter than longer.
6. Choose OK
7. you have now enabled remote assistance on your desktop. Please note that you may also need to open a port in your firewall to allow these connections through. 

Set up Remote Desktop Connection in Windows

Set up Remote Desktop Connection in Windows

Remote Desktop Connections allow you to connect to a computer from another, and interact with the desktop and installed software as if you were sitting in front of the remote computer. This article will show you a few ways to enable this in both Windows 7 and Windows 8

Enable a Remote Assistance Connection

Remote Assistance will allow select individuals (those that you or your organisation allows)  to connect to your computer to collaborate or solve issues that you may be experiencing. This is an interactive experience in contrast to Remote Desktop, which forms a remote terminal style connection with an individual user having sole control of the desktop environment. To Enable Remote Assistance you:

1. Open Control Panel, then navigate to System choose Advanced System Settings and choose the Remote tab
2. At the top of the page, you will see Remote Assistance. Tick the box  Allow Remote Assistance Connections to this computer then click apply. 
3. Choose the Advanced Button.
4. If you want to allow your computer to be able to be controlled remotely then tick the box Allow this computer to be controlled remotely
5. The Invitations box allows you to choose the amount of time a remote assistance request remains valid. For Security reasons, its better to keep this number shorter than longer.
6. Choose OK
7. you have now enabled remote assistance on your desktop. Please note that you may also need to open a port in your firewall to allow these connections through. For information on how to do so, click here:

Enable a Remote Desktop Connection

Remote Desktop allows you to connect to a computer over a network and utilize it as if you were sitting in front of it at the terminal. This is different to Remote Assistance which is a shared interactive experience used primarily for support purposes. In most versions of windows clients, only a single user may connect at a given time to a computer. This is different in Server installations, where a maximum of 2 remote connections are Nativity supported, and Terminal Servers where hundreds to thousands of remote clients can be supported. To enable Remote Desktop in a Windows Client:

1. Open Control Panel, then navigate to System choose Advanced System Settings and choose the Remote tab
2. In the second half of the page, you see Remote Desktop and have 3 options, choose the 1 most relevant to you. Choosing option 2 will be the most "user friendly" solution. If in doubt, consult your organisations security policy.
1. Dont Allow Connections to This Computer - This prevents all users from establishing a remote desktop connection with your computer. This is the most secure setting.
2. Allow connections from computers running any version of remote desktop - This setting is the most generic, and most commonly used. It allows almost all Windows based remote desktop clients to Connect
3. Allow connections only from computers running Remote Desktop with Network Level Authentication - This setting means that only computer that have Network Level Authentication enabled will be able to connect. This setting is most common in well structured corporate environments
3. Choose Select Users. Here you enter the users that you want to have access to your computer. The user currently logged in is normally automatically added, as are Domain Administrators in a network Environment. Choose the user / group that you would like to have access and choose OK  and OK again to exit
4. you have now enabled remote desktop on your computer. please note that you may need to open a firewall rule in order to access the desktop remotely. for information on how to do so, click here: 

To Connect to a Remote Desktop Computer

1. To open a remote desktop connection, either:
1. go to Start then Run and enter mstsc and press OK
2. go to Start, All Programs, Accessories, Remote Desktop Connection
3. In the Computer field, enter the Computer Name or IP Address of the computer you wish to connect to. If you are unsure of what this is, a few simple ways to find out are (these are done on the remote computer)
1. ask your administrator / help desk / remote desktop provider for the address needed
2. Open a Run Command (go to Start and Run or Windows Key + r), enter ipconfig  and look for the IPAddress field. you may need to scroll up to see this. you may also, depending on the configuration have a couple to choose from.
3. open a Run Command (start and Run or Windows Key + r) and when presented with the black DOS screen, enter hostname. This is the name of the computer.
4. You can chose the Options button to set parameters such as connection profile, display properties, whether to run specified programs, connection bandwidth and more, however this is optional
5. choosing Connect will initiate the connection.
6. you may be prompted for the log in credentials of a user on the remote machine that is allowed connection, enter these details here.
7. You should now have established a remote desktop connection to another computer

Allow Remote Desktop or Remote Assistance Connections through Windows Firewall

To Connect to a remote session, the receiving computer must be able to communicate with your computer. In order to do this, you or the administrator may need to open a port in the firewall to allow this connection to happen. This is a common pain point and something that many administrators forget to do from time to time! When you choose to Enable a remote desktop Connection, the system may do this for you, however this is not always the case. Luckily, its quite simple to allow a remote desktop connection through the Windows Firewall:

1. Open Control Panel and Choose Windows Firewall
2. In the top left hand corner choose Allow a program or Feature through Windows Firewall
3. you are now presented with a list of programs. Scroll down to R where you will see 3 options pertaining to Remote Desktop / Assistance:
1. Remote Desktop - Choose this to allow remote Desktop Services
2. Remote Assistance - Choose this to allow shared screen remote assistance to your machine
3. Remote Desktop - Remote FX - this is a Windows 7 Service Pack 1 / Server 2008 R2 and later feature that provides a rich desktop experience for features like sound and graphics.
4. Choose the options pertaining to you by ticking the box in the connections you will allow this for ( Domain, Home / Work, Public)
5. Choose OK
6. you have now allowed remote desktop and / or remote assistance connections to your computer. to disable this, just un tick the boxes you have ticked in the firewall.

How to Install Features and Roles using PowerShell in Server 2012 and 2008

How to Install Features and Roles using PowerShell in Server 2012 and 2008

Server 2012 allows you to install features and roles via PowerShell. Before doing this, you may need to load the Server Manager Module with the command Import-Module Servermanager .

Firstly, you need to know the name of the windows feature / role that you wish to install. To find this information you enter the command Get-WindowsFeature . This will list the features available to install.

Server 2012

To install a feature or Role on a local machine, open PowerShell and type: install-windowsfeature {featurename} using the feature name you previously identified.

 Often this will require a restart,so you can add the -restart switch to the end of the command if you wish. It is also possible to install a feature on a remote machine using PowerShell by adding the -computername switch to the above command.

Server 2008

In Server 2008, the command to install is a little different to the above, but the switches are the same. The command used to install is add-WindowsFeature {featurename}  .

This Article can also be viewed on or sister site DizzyIT.com at http://dizzyit.com/2013/04/13/install-features-roles-powershell-server-2012-2008/

Remove Network Printers from Command Line or Script

Remove Network Printers from Command Line or Script

There are several options when it comes to removing printers via command line / script.The first option is to use the "rundll32 printui.dll" method. For this, open a command prompt and type:

rundll32 printui.dll,PrintUIEntry /dn /n \\printsvr\printername

if you want the operation to be silent, then use the /q switch at the end. this is especially useful if you have multiple printers that you want to remove via a batch file and/or if you are unsure if the printers are installed on the end users machines. If the printer is not currently installed and you attempt to remove it without the /q switch then you will receive an error. The figure below shows the command in its entirety:

The next method would be to use a VB script such as this :

to make the script work, just replace the \\PRINTSERVER\PRINTERNAME" field with the details of your network printer and save as a .vbs file. to call the script just open up an administrator command prompt and type in " cscript scriptname.vbs " where scriptname is the name of your script.

To delete more printers just another line to the  " Dim sPrinterName "  lines with the printer number at the end, and then again  add another objNetwork.RemovePrinterConnection sPrinterName2, True, True line that reflects the printer number you just added.

Likewise, to remove only one printer just remove one of the above lines.

Option Explicit

  Dim objNetwork, objPrinters
  Set objNetwork = CreateObject("WScript.Network")
  Set objPrinters = objNetwork.EnumPrinterConnections

  ' ### Delete selected network printer
  Dim sPrinterName1
 Dim sPrinterName2
  sPrinterName1 = "\\PRINTSERVER\PRINTERNAME"
 sPrinterName2 = "\\PRINTSERVER\PRINTERNAME"
  objNetwork.RemovePrinterConnection sPrinterName1, True, True

 objNetwork.RemovePrinterConnection sPrinterName2, True, True

I found with this method however that it will error out if that printer does not exist. im not enough of a VB guru to tell you if its possible to quieten it down to run silently.

When all is said and done, there is a much better way of doing this, and that is with Group Policy Preferences. this gives you centralized control over your printer environments, allowing you to add and remove and update printers for small groups or your entire organisation.

Group Policy Preferences will be covered for printers in an upcoming entry.

This article can also be located on our sister site DizzyIT.com at : http://dizzyit.com/2011/10/29/remove-network-printers-from-command-line-or-script/

This article can also be found on our You Tube Channel:

Un install / Reset TCPIP stack in Windows Server, 8, 7, Vista, XP

Un install / Reset TCPIP stack in Windows Server, 8, 7, Vista, XP

by Graham Regan

In earlier versions of Windows (2000 and before) it was possible to remove and re install TCP/IP in Windows if there was a corruption / issue. this was done from add remove programs.

From Windows XP onwards, TCP/IP became a core component of Windows and cannot be removed. Instead, net shell is used to reset the stack.

The command to do this is (from the command prompt)

netsh int reset

e.g. netsh int reset c:\resetlog.txt

A reboot is then needed to complete the process.

the log file path is for logging the reset process  and can be used to troubleshoot / confirm that the reset has been performed correctly.

This command resets two registry keys, which has the same effect of removing and re installing the TCP/IP stack.

The registry key effected are:

system\currentcontrolset\services\tcpip\parameters and system\currentcontrolset\services\dhcp\parameters .

PowerShell - Set Execution Policy - Files Could not be Loaded because the running of scripts is disabled on this system.

PowerShell - Set Execution Policy -  Files Could not be Loaded because the running of scripts is disabled on this system.

when using PowerShell you may get an error stating that " Files Could not be Loaded because the running of scripts is disabled on this system. Please provide a valid certificate with which to sign the files" as shown below:



This at a basic level means that your security settings in PowerShell are preventing you from running the script ( the execution policy.

To fix this, you need to set the execution policy to a more relaxed setting. these are as follows:

• Restricted - No Scripts can be run. Windows PowerShell can only be used in interactive mode.
• All Signed - Only Scripts signed by a trusted publisher can be run
• RemoteSigned - Downloaded scripts must be signed by a trusted publisher before they can be run
• Unrestricted - No Restrictions, any PowerShell script can be run

At the time of writing, PowerShell comes out of the box in restricted mode.

To check which execution policy your system is running type Get-ExecutionPolicy

To change to policy you type Set-Execution Policy . When you run and go to a less secure setting, you will get a large warning asking if you want to do so

e.g. Set-ExecutionPolicy RemoteSigned.

It's not recommended to use unsigned as this would allow anyone who accesses the system to run malicious or damaging code on your system. Most individuals will settle on Remote Signed, however before doing so in an organisation please ensure that this complies with your organisations security settings.

for a video walk through of this, please check this youtube video from our sister site www.dizzyit.com . The article can also be located there.

start and stop services via batch file / command prompt

start and stop services via batch file / command prompt

To start and stop services with a batch file is very easy and is useful for scheduled tasks where you may want to regularly restart a service for various reasons

Firstly, you need to know the name of the service. to locate this you go to computer management -> services and look for the name of the service you need to restart. In this case we will use the Print Spooler service.

your commands to stop the service are net stop "service name" and your command to start it are net start "service name". 

so to restart as a batch file would look like"

@Echo Off

REM this will restart the prince spooler service

net stop "Print Spooler"
net start "print spooler"

exit

as usual you would want to add a remark (REM) to the start of the batch file to describe what you would like to do.

you can combine these commands for restarting complex systems such as IIS. as an exambple, this series of command will restart IIS's web, FTP and SMTP services

@Echo off

REM this restarts IIS's web, SMTP and FTP services

net stop "World Wide Web Publishing Service"
net start "World Wide Web Publishing Service"
net stop "FTP Publishing Service"
net start "FTP Publishing Service"
net stop "Simple Mail Transport Protocol (SMTP)"
net start "Simple Mail Transport Protocol (SMTP)"

so as you can see this is all pretty straight forward stuff. from here you can save the batch file and add it as a scheduled task in windows (more on that later)

SCCM PXE Error after booting – The certificate associated with this media has expired

SCCM PXE Error after booting – The certificate associated with this media has expired

you boot into configuration manager and you get this message which just makes your day:

Error: the certificate associated with this media has expired. New Media with a valid certificate will need to be created.

This is pretty easy to fix assuming you have a self signed certificate. To do so:

1. Log into you SCCM server and go to Site Database → Site Management → Site Settings → Site Systemsand select the SCCM server that maintains your PXE load point

2.In the right hand side  pane, right click on the “ConfigMgr PXE service point” and choose Properties.

3. Select the Database tab and look for the the Create self-signed PXE certificate option in the lower half of the screen.

4. here you can change the date for the self signed PXE certificate to a date in the future then choose OK

5. To verify that all is now OK  go to Site Database → Site Management → Site Settings → Certificates.Double click on the PXE certificate and make sure that there is an entry that is NOT listed as blocked

6. from here you should be able to boot into the boot media without issue. however, if the certificate has expired you will need to re build your boot media.

This article can also be found on our sister site DizzyIT.com : http://dizzyit.com/2011/11/16/sccm-pxe-error-booting-certificate-media-expired/

Initial Configuration Tasks screen missing in Server 2008

Initial Configuration Tasks screen missing in Server 2008

You either love it or hate it, the initial configuration tasks screen that comes up when you first login to a Server 2008 box.

down in the bottom right hand corner is a little check box where you can elect to not show the window at logon. This is great until you realize that perhaps you do indeed want to view this at logon in the future, or perhaps right now.

get the page back go to start -> Run or Start -> search and type in “oobe” without the quotes and the page will re- appear.