Set objParent = GetObject("ldap://OU=Level/ 02,OU=Security - Administrator Accounts,DC=XenWorld")
objparent.Filter = Array("user")
for each objUser in objParent
Wscript.Echo "Modifying|" & objUser.Get("CN")
'SESSIONS ATTRIBUTES
objUser.MaxDisconnectionTime = 2880 'In Minutes
objUser.MaxIdleTime = 2880 'In Minutes
objUser.MaxConnectionTime= 0 'active connections okay
objUser.BrokenconnectionAction = 0 '0=Disconnect, 1=End
objUser.SetInfo
next
Details on more properties:
http://www.virtualizationadmin.com/articles-tutorials/terminal-services/scripting/scripting-server-based-computing-terminal-services-attributes-active-directory-user-objects.html
Thursday, December 22, 2011
Tuesday, December 20, 2011
Extract Details about your Site Links
Import-Module ActiveDirectory
$ConfigPath = (Get-ADRootDSE).configurationNamingContext
Get-ADObject -Filter 'ObjectClass -eq "siteLink"' -SearchBase $ConfigPath -Properties * | Format-Table Name, replInterval, cost, siteList -AutoSize
From:
http://blogs.technet.com/b/ashleymcglone/archive/2010/10/06/powershell-to-automatically-create-all-ad-hub-to-spoke-site-links.aspx
Bonus Link
http://blogs.technet.com/b/ashleymcglone/archive/2011/06/29/report-and-edit-ad-site-links-from-powershell-turbo-your-ad-replication.aspx
$ConfigPath = (Get-ADRootDSE).configurationNamingContext
Get-ADObject -Filter 'ObjectClass -eq "siteLink"' -SearchBase $ConfigPath -Properties * | Format-Table Name, replInterval, cost, siteList -AutoSize
From:
http://blogs.technet.com/b/ashleymcglone/archive/2010/10/06/powershell-to-automatically-create-all-ad-hub-to-spoke-site-links.aspx
Bonus Link
http://blogs.technet.com/b/ashleymcglone/archive/2011/06/29/report-and-edit-ad-site-links-from-powershell-turbo-your-ad-replication.aspx
Cool Script to dump Sites and Services
[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Sites | select name, @{n='subnets';e={$_.subnets | select -expand name}}, @{n='servers';e={$_.Servers | select -expand name}}, @{n='sitelink';e={$_.sitelinks | select -expand name}} | export-csv c:\temp\sites.csv
from
http://www.powershellcommunity.org/Forums/tabid/54/aft/6321/Default.aspx
from
http://www.powershellcommunity.org/Forums/tabid/54/aft/6321/Default.aspx
Monday, October 31, 2011
XenApp 4.5 Summary Database Query stuff
Thanks to XENWIZ for the most of the code, SQL Query which I then export to CSV.
Point to Summary Database
Modify date
Grab important stuff like appname, server, clientname, username, start time
SELECT LU_APPNAME.APPNAME,LU_SERVERNAME.SERVERNAME, SDB_SESSION.SESSIONSTART, SDB_SESSION.SESSIONEND, LU_CLIENT.CLIENTNAME, LU_USER.USERNAME
FROM
LU_APPNAME, SDB_SESSION, LU_USER, LU_SERVERNAME, LU_SERVER, LU_CLIENT
WHERE
LU_APPNAME.PK_APPNAMEID = SDB_SESSION.FK_APPNAMEID
AND LU_USER.PK_USERID = SDB_SESSION.FK_USERID
AND SDB_SESSION.FK_SERVERID = LU_SERVER.PK_SERVERID
AND LU_SERVERNAME.PK_SERVERNAMEID = LU_SERVER.FK_SERVERNAMEID
AND SDB_SESSION.FK_CLIENTID = LU_CLIENT.PK_CLIENTID
AND LU_CLIENT.CLIENTNAME != 'Console'
AND SDB_SESSION.SESSIONSTART Between '2011-10-27 14:00:00.000' and '2011-10-28 14:00:00.000'
ORDER BY SDB_SESSION.SESSIONSTART
Point to Summary Database
Modify date
Grab important stuff like appname, server, clientname, username, start time
SELECT LU_APPNAME.APPNAME,LU_SERVERNAME.SERVERNAME, SDB_SESSION.SESSIONSTART, SDB_SESSION.SESSIONEND, LU_CLIENT.CLIENTNAME, LU_USER.USERNAME
FROM
LU_APPNAME, SDB_SESSION, LU_USER, LU_SERVERNAME, LU_SERVER, LU_CLIENT
WHERE
LU_APPNAME.PK_APPNAMEID = SDB_SESSION.FK_APPNAMEID
AND LU_USER.PK_USERID = SDB_SESSION.FK_USERID
AND SDB_SESSION.FK_SERVERID = LU_SERVER.PK_SERVERID
AND LU_SERVERNAME.PK_SERVERNAMEID = LU_SERVER.FK_SERVERNAMEID
AND SDB_SESSION.FK_CLIENTID = LU_CLIENT.PK_CLIENTID
AND LU_CLIENT.CLIENTNAME != 'Console'
AND SDB_SESSION.SESSIONSTART Between '2011-10-27 14:00:00.000' and '2011-10-28 14:00:00.000'
ORDER BY SDB_SESSION.SESSIONSTART
The 'console' connection was causing my stats be a bit loopy.
also get a few blank appnames which I should exclude.
Thursday, October 20, 2011
RDP Black Logons
we had a Win2k3 server crashed due to not enough hard disk space.
[HKEY_USERS\.DEFAULT\Control Panel\Colors]
All values for the keys were 0 0 0 (black).
set back to defaults, and we were back working
thanks to esoltan + google for the fix
[HKEY_USERS\.DEFAULT\Control Panel\Colors]
All values for the keys were 0 0 0 (black).
set back to defaults, and we were back working
thanks to esoltan + google for the fix
Friday, September 30, 2011
Windows 7 64bit Network Freezing
So, had a issue where my laptop which is running windows 7 64bit and the network was freezing copying large files.
On the laptop
- ipv4/ipv6
- virutalbox
- citrix access gateway plugin
The symptoms were large copies were freezing with 0kb/s
removed virutalbox and able to copy files again.
If i get time to investigate then look into if issue between CAG plugin and Virutalbox.
Update:
so the problem came back for some reason, also seems my virtualbox didn't uninstall correctly.
so the problem came back for some reason, also seems my virtualbox didn't uninstall correctly.
1. only did part..
a. Running as Administrator in Command Prompt, type:
"netsh int tcp set heuristics disabled"
b. Next, follow the instructions that Amrita wrote above.
First
enter: "netsh int tcp set global autotuninglevel=disabled" and
reboot.
2. mucked around with the settings in intel network card
properties (latest driver)
Friday, July 8, 2011
wmic “Invalid XSL format (or) file name.”
So on my windows 7 box trying to:
wmic product get /format:csv
produces a output:
Invalid XSL format (or) file name.
Located teh csv.xsl file in C:\windows\system32\wbem\en-US
Guessed that it was unable to locate the xsl format file...
so copied it to the local path and it worked !
Confirmed this with Process monitor :-(
It seems to be looking for the correct locale so I added a C:\windows\system32\wbem\en-US to C:\windows\system32\wbem\en-AU
since we all don't live in the US of A... :-|
Alternative options are:
I just copied to C:\windows\system32\wbem\en-US\*.xls to C:\windows\system32
Sunday, July 3, 2011
android dhcp loop
Sometime your android's wireless can get stuck in a dhcp address loop
>$ su
# cd /data/misc/dhcp
# rm dhcpd-wlan0.lease
Thursday, June 30, 2011
Splunk AD Filtering
...\splunk\etc\system\local
## props.conf
[WMI:WinEventLog:Security]
TRANSFORMS-evtlog = wmi-null,wmi-filter,wmi-filter28user,wmi-filter28SecGrp,wmi-filter28DlGrp
## transforms.conf
[wmi-null]
REGEX = .
DEST_KEY = queue
FORMAT = nullQueue
[wmi-filter]
REGEX=(?msi)^(CategoryString=Account Management)
DEST_KEY = queue
FORMAT = indexQueue
[wmi-filter28user]
REGEX=(?msi)^(CategoryString=User Account Management)
DEST_KEY = queue
FORMAT = indexQueue
[wmi-filter28SecGrp]
REGEX=(?msi)^(CategoryString=Security Group Management)
DEST_KEY = queue
FORMAT = indexQueue
[wmi-filter28DlGrp]
REGEX=(?msi)^(CategoryString=Distribution Group Management)
DEST_KEY = queue
FORMAT = indexQueue
Wednesday, June 29, 2011
Java Red Cross for Users
Users were experiencing a Red Cross for the applet, yet my administrative account was able to load the applet.
Looks like java or the installation process for java is not writing all the registry keys to HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFECA-00xx…..
In IE, Java has a catch all applet version – which will always work (aka the latest version)
clsid:8AD9C840-044E-11D1-B3E9-00805F499D93
But most java dude’s call specific versions of java (for example)
clsid:CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA
The server(s) for some reason didn't have all the keys in classes root, where compared to my windows 7 desktop does.
I believe the install for some reason is writing the keys to HKCU instead of HKLM \classes...etc.
So fix is to add all the version to HKEY_LOCAL_MACHINE\SOFTWARE\Classes
http://pastebin.com/YhmwPTq7 contains my fix for 1.6u24 version
btw, Monitoring the registry when tick/untick the “use next generation java” in the java control panel, it just write all the entries to HKCU.
Saturday, June 25, 2011
Thursday, June 2, 2011
RDP on Citrix
We have a solution to a couple of issue that has been affecting us when using RDP (MSTSC) via AGEE/Citrx to windows 7 or windows 2008 server.
Issue: Lag Mouse when connecting to Windows 7/2008
Once connected to your RDP desktop:
1. Launch control panel
2. Open ‘Mouse’ control Panel item
3. Select Pointers
4. Change to a theme that doesn’t use AERO
a. For example… (none)
------Regfile----
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Control Panel\Cursors]
"Arrow"=hex(2):00,00
"Help"=hex(2):00,00
"Hand"=hex(2):00,00
"AppStarting"=hex(2):00,00
"Wait"=hex(2):00,00
"NWPen"=hex(2):00,00
"No"=hex(2):00,00
"SizeNS"=hex(2):00,00
"SizeWE"=hex(2):00,00
"SizeNWSE"=hex(2):00,00
"SizeNESW"=hex(2):00,00
"SizeAll"=hex(2):00,00
"UpArrow"=hex(2):00,00
@=""
"Scheme Source"=dword:00000000
"Crosshair"=hex(2):00,00
"IBeam"=hex(2):00,00
[HKEY_USERS\.DEFAULT\Control Panel\Cursors]
"Arrow"=hex(2):00,00
"Help"=hex(2):00,00
"Hand"=hex(2):00,00
"AppStarting"=hex(2):00,00
"Wait"=hex(2):00,00
"NWPen"=hex(2):00,00
"No"=hex(2):00,00
"SizeNS"=hex(2):00,00
"SizeWE"=hex(2):00,00
"SizeNWSE"=hex(2):00,00
"SizeNESW"=hex(2):00,00
"SizeAll"=hex(2):00,00
"UpArrow"=hex(2):00,00
@=""
"Scheme Source"=dword:00000000
"Crosshair"=hex(2):00,00
"IBeam"=hex(2):00,00
Issue: The SHIFT key does not work (sporadic capitals and non-capital letters)– Normally impacts passwords
Change the RDP client settings as follows:
1. Click Options in the Remote Desktop Connection User Interface.
2. Select the Local Resources tab.
3. Under Keyboard > Apply Windows key combinations, select ‘On the local computer’.
After doing this, the SHIFT/ALT/CTRL keys work as expected in the RDP session.
More detail: http://support.citrix.com/article/CTX110281
Thursday, April 21, 2011
HP Thin Client 5740e
I have been testing out the HP Thin Client 5740e with Windows Embedded Standard 7, thankfully the HP Device Manager is much easier to use and I don't need altris !
BTW
BTW
- The default Administrator user name and password is Administrator
- check the HP Easy Tool Administrators Guide
While it's nice and beautiful device, getting to grips with WES7 is a issue. There doesn't seem to be any clear step by step guide for a basic installation that was quick and easy for me. Specially when just putting one device in for a trial !
I can't say I have completely worked out the commit or disk write mode.
Modifications to Base TC Image (of course logged in as administrator)
- Put the backup address in the HP device manager agent (so it will report in) or change your DHCP but to do this for me would required a RFC.
- Change the Size of the RAM disk to 96MB (helps when you need to install applications\hp-upd)
- Remove the vmware view client (would just confuse my users)
- Removed the ICA client and updated with the latest web-version (because)
- Installed ultravnc in server mode with password
(works fine under windows 7, HPDM still attempt to vnc to TC, but vnc is not installed on 5704e!) (also helps with the service desk to locate the device's IP address, as the default permissions for user blocks access to NIC status) - Install HP Universal Print Driver PCL 5 - Traditional Mode
- Added a Firewall exception for ICMPv4, ultravnc, etc
(service desk need to beable to ping device for troubleshoot)(still might actually disable the firewall as it could cause issue when plugged into a unknown network) - Change Local Group policy to allow Windows Explorer to see All the Drives
- Backup to USB !
Galaxy i5500/i5503 5 gps setting
The galaxy i5500 is a grat cheap little android phone.
Has the odd issue but pretty good for $170.
Gps seems to be slow sometime in getting a fix.
After going to the gpssetup2 menu *#321478650#
Parameter Settings
Start mode - hot
Position mode - 2
Fix request
Ops mode - standalone
Server optins - local
Seem to work best for me
Saturday, April 16, 2011
awesome Citrix Datastore lockout SQL
Early in the day I must of entered in the wrong password for the SQL the account that is used for the datastore. Which I didn't know at the time, later than night it eventually locked out the account
Notice on the datastore the application eventlogs went nuts, servers being unable to authenticate to the database.
Then jumped on servers after a reboot and the server security log stated the citrix server account was locked out.
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 531
Date: 15/04/2011
Time: 10:22:39 PM
User: NT AUTHORITY\SYSTEM
Computer: xxCPS01
Description:
Logon Failure:
Reason: Account currently disabled
User Name:
Domain:
Logon Type: 3
Logon Process: Authz
Authentication Package: Kerberos
Workstation Name: xxCPS01
jumped on the pdc... nope not locked out.
started checking other server computer accounts
then service accounts and found the datastore account was locked out.
just for fun used dsmaint config to confirm all was working okay.
Got lots of red cross on the Admin console... so it was exciting
Tuesday, April 5, 2011
Log Off Terminal Server Session from a Command Prompt on based username
This script base command to clear user off a server based on username, for this to work we need to determine the session id that is required by the logoff command.
How it works :
Use the 'For' loop to search work thru the list of users on the server
Then once it has found the user then execute a logoff command
Notes:
There are 2 cases as the qwinsta doesn't display the formating the same for
disconnected sessions & active sesssions.
How it works :
Use the 'For' loop to search work thru the list of users on the server
Then once it has found the user then execute a logoff command
Notes:
There are 2 cases as the qwinsta doesn't display the formating the same for
disconnected sessions & active sesssions.
REM @echo off
Set servername=citrix123
Set targetname=testuser1
REM For disconnected users
for /F "tokens=1,2,3" %%i in ('qwinsta %targetname% /Server:%servername%') do if %targetname%==%%j logoff %%k /server:%servername%
REM For active users
for /F "tokens=1,2,3" %%i in ('qwinsta %targetname% /Server:%servername%') do if %targetname%==%%i logoff %%j /server:%servername%
Tuesday, March 22, 2011
Terminal Server Bug - windows 2003 - slow disk
Lol. just fun a sorting out a OS bug with Microsoft Support team.
Terminal server 2003 when there are lot of users logging on/off and you have group policy preferences enabled can cause large amount of folders\files to be written to the group policy\ history folder in the all users directory. All this added up to some rather slow disks
Winlogon.exe was polling all these files every 40 seconds or so, this cause the idle disk time to drop to 0% and queue length to shoot up. Once of the test were dir /s every few moment it would pause.
Detected with procmon, set on files only and all other filters removed. Then used the file summary to locate what is causing the large amount of queuing.
Solution: weekly deletes of ...users\all users\application data\microsoft\group policy\history\* sub folders
Remount Shell
# open a shell
adb shell
# switch to root
su
# check you're root? it should return uid=0
id
# now you can remount as read/write if you like
mount -o remount,rw -t yaffs2 /dev/block/mtdblock1 /system
adb shell
# switch to root
su
# check you're root? it should return uid=0
id
# now you can remount as read/write if you like
mount -o remount,rw -t yaffs2 /dev/block/mtdblock1 /system
Wednesday, March 2, 2011
Openssl Revoke/Renew and Replace
Revoke old certificate
C:\OpenSSL-Win32\bin>openssl ca -policy policy_anything -cert certs/ca.cer -keyfile keys/ca.key -revoke certs/iis.cer
Using configuration from C:\OpenSSL-Win32\bin\openssl.cfg
Loading 'screen' into random state - done
Enter pass phrase for keys/ca.key:
Revoking Certificate 100001.
Data Base Updated
Create the new cert
C:\OpenSSL-Win32\bin>openssl ca -policy policy_anything -cert certs/ca.cer -in ssl/sslkey.txt -keyfile keys/ca.key -days 30 -out certs/iis2.cer
C:\OpenSSL-Win32\bin>openssl ca -policy policy_anything -cert certs/ca.cer -keyfile keys/ca.key -revoke certs/iis.cer
Using configuration from C:\OpenSSL-Win32\bin\openssl.cfg
Loading 'screen' into random state - done
Enter pass phrase for keys/ca.key:
Revoking Certificate 100001.
Data Base Updated
Create the new cert
C:\OpenSSL-Win32\bin>openssl ca -policy policy_anything -cert certs/ca.cer -in ssl/sslkey.txt -keyfile keys/ca.key -days 30 -out certs/iis2.cer
Openssl on Windows setup
I grabed the openssl tools for windows from http://www.shininglightpro.com/products/Win32OpenSSL.html
did a standard install with the binaries in there own directory
as I was lazy kept everything running of the bin directory
modified teh openssl.cfg filed
dir = /OpenSSL-Win32/bin # Where everything is kept
created the following directories
keys
certs
crl
newcerts
created a file in the bin directory of 'serial'
contents of 100001
Then follow most of the guide from
http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html
Setup a CA
* openssl genrsa -des3 -out keys/ca.key 1024
* openssl req -new -x509 -days 1001 -key keys/ca.key -out certs/ca.cer
Sign me CSR
* openssl ca cert certs/ca.cer -in requests/certreq.txt -keyfile keys/ca.key -days 360 -out certs/iis.cer
did a standard install with the binaries in there own directory
as I was lazy kept everything running of the bin directory
modified teh openssl.cfg filed
dir = /OpenSSL-Win32/bin # Where everything is kept
created the following directories
keys
certs
crl
newcerts
created a file in the bin directory of 'serial'
contents of 100001
Then follow most of the guide from
http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html
Setup a CA
* openssl genrsa -des3 -out keys/ca.key 1024
* openssl req -new -x509 -days 1001 -key keys/ca.key -out certs/ca.cer
Sign me CSR
* openssl ca cert certs/ca.cer -in requests/certreq.txt -keyfile keys/ca.key -days 360 -out certs/iis.cer
Subscribe to:
Posts (Atom)