Quantcast
Channel: Ben's Experiments
Viewing all 54 articles
Browse latest View live

Backup and restore the Local GPO

$
0
0
In this post, I would like to introduce the method to backup and restore the Local GPO.
LOCALGPO, A handy tool to apply security setting to non-domain joined computers or Local GPO in your organization.
  1. You may download Security Compliance Manager (SCM) from Microsoft.
  2. Extract "Security_Compliance_Manager_Setup.exe" to a new folder A via 7zip or WinRAR.
  3. Extract the "data.cab" to a new folder B.
  4. In the new folder B, add the .msi extension to file named "LocalGPO"
  5. Install the new MSI Installer "LocalGPO.msi"
  6. Launch command-line here.cmd from C:\Program Files\LocalGPO on 32-bit systems or C:\Program Files (x86)\LocalGPO on 64-bit systems
image
Export Policy
cscript LocalGPO.wsf /Path:C:\GPObackups /Export
- Exports a GPO Backup based on the Local Policy configuration to a folder in the specified path.
clip_image002
-New GPO GUID folder was created
clip_image003
Import Policy
cscript LocalGPO.wsf /Path:C:\GPObackups\{GPO Backup GUID}
- Applies the contents of the GPO Backup stored in the specified path to the Local Policy of a Windows computer.
clip_image004
Create GPOPack to deploy via Microsoft Deployment Toolkit (MDT) or Microsoft System Center Configuration Manager (SCCM)
cscript LocalGPO.wsf /Path:C:\GPObackups /Export /GPOPack
- Creates a GPOPack and stores it in the specified path. GPOPacks can be copied to other computers, and applied by double-clicking GPOPack.wsf.
clip_image005
Copy the folder and double click GPOPack.wsf from other machine to apply the same policy.clip_image006
You may notice that you get a pop-up message when you run this command.
clip_image007
This can be suppressed by adding the “/silent” switch
Script to deploy via MDT and SCCM
GPOPack.wsf /silent
clip_image008
Restore Policy to default
cscript LocalGPO.wsf /Restore
- Restores the entire Local Policy to its default configuration.
clip_image009
It’s FREE!
You can get your hand on the LocalGPO tool right now as part of the Microsoft Security Compliance Manager

Update 18/10/2012
Download LocalGPO.msi


Error installing SCCM 2012 SP1 Client – MicrosoftPolicyPlatformSetup.msi

SCCM: Reports under “Software - Companies and Products” &“Software - Files” categories are blank

$
0
0

Do you notice that reports mention in title are show blank in SCCM 2012 ? Here I would like to share with you the finding.

image

image

In SCCM 2012, Report under ‘Software – Companies and Products’ & ‘Software – Files’ categories are to collect inventory by file types/extension from client machine. There is no file types configured by default. In order to retrieve the inventory for the reports above, please follow the steps below :

1. Open the Configuration Manager Console, Select Administration, Client Settings.

image

2. Select on Software Inventory and click on Set Types button.

image

3. Click on the star button highlight in RED.

image

4. Enter file type : *.exe

image

5. Now take a coffee break and waiting for inventory collection.

Here are the sample reports after inventory completed.

image

image

image

Share it out !

Samsung: Security Update Required

$
0
0

image
Recently my samsung S3 keep prompt this error message “Update security settings to use” and after click on OK still failed to retrieve email. It was struggled me about 2 weeks and I really need to fix this. Luckily my boss didn’t notice yet why I’m slow in reply email lately. After tried few methods and seem not working.
  1. Manually set the server setting on the mobile device to m.outlook.com
  2. Add PIN to lock screen
  3. Delete account and reboot
  4. …etc
Finally this work for me.
Go into Settings, Security,  Device Administrators and remove the existing one for Email. Re-configure the exchange mailbox and it work !

SCSM 2012 R2 UR7 - Gotcha!

$
0
0

Recently we have implemented Microsoft System Center 2012 R2 Service Manager Update Rollup 7 in a project. Everything are working good until we are preparing for go live. Once we are started to configuring Analyst User Role-based, we found that any changes to the existing configured user roles in SCSM won't reflect in Console of analyst's machine.

OMG ! This seem to be a shoes stopper for us to go for Production. In the meantime, another testing environment was built to re-produced the issue.

First: We have try to running console with the /clearcache parameter from analyst's machine but no luck :'(

"D:\Program Files\Microsoft System Center 2012 R2\Service Manager\Microsoft.EnterpriseManagement.ServiceManager.UI.Console.exe" /cache

Reference: How and When to Clear the Cache

Second: We try to clean the registry from analyst's machine but no luck :(

HKEY_CURRENT_USER\Software\Microsoft\System Center\2010\Service Manager\Console

clip_image001Caution
Incorrectly editing the registry can severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
Reference: System Center 2012 - Service Manager Registry Keys

Third: We try again to clear Health service from Management Server but no luck :'(

  1. Stops the System Center Management service.
  2. Deletes the health service store files.
  3. Resets the state of the agent, including all rules, monitors, outgoing data, and cached management packs.
  4. Starts the System Center Management service.

Reference: How and When to Clear the Cache

Fourth: We delete user profiles from windows, Hooray ! It's working :)

BUT WAIT ! Customer will not allow us to delete windows user's profile which they might lost existing configuration and files.

There should have cache in windows user's profiles for SCSM Console and luckily found a folder for SCSM under %LOCALAPPDATA% as below.

clip_image002

Delete the file in the folder and it's working great! Finally SCSM Console are reflect the changes of user role. Try this in few machines and confirm the workaround.

Workaround:  Delete *.bin and *.hash files from folder “C:\Users\<user name>\AppData\Local\Microsoft\System Center Service Manager 2010”

YES, it's a bug in UR7 and we have reported this to Microsoft Support. After a day we got confirmation from MS for this bug. 

For those of you who were waiting for feedback to Update Rollup 7; please take note of this bug.

Will update when MS release the hotfix.

Hope this is help :)

Excel : Replace comma to line break

$
0
0
For some reason, I need to rearrange my excel data in cell from comma to link break as below:
  1. Selected the range of cells I needed to replace.
  2. Go to Home > Find & Select > Replace or Ctrl + H
  3. Find what: ,
  4. Replace with: CTRL + SHIFT + J
  5. Click Replace All
  6. Hooray here i got my result as below.
This helps me on lots !

Excel : Convert ISO 8601 formatted timestamp into datetime

$
0
0
I was getting data from Web page API into Excel. The datetime retrieve was in format ISO 8601 with
Complete date plus hours, minutes and seconds with optional "Z":

         YYYY-MM-DDThh:mm:ssTZD (eg 2020-03-16T10:06:05Z)

Where:

YYYY = four-digit year
MM   = two-digit month (01=January, etc.)
DD   = two-digit day of month (01 through 31)
hh   = two digits of hour (00 through 23) (am/pm NOT allowed)
mm   = two digits of minute (00 through 59)
ss   = two digits of second (00 through 59)
Z    = special UTC designator ("Z") (optional)

Tried to format the datetime type but that might required split column and time zone convert.

Finally after did some testing and below is the outcome of excel formula that worked for me.


Excel Format to convert ISO DateTime to Local GMT +8

=DATEVALUE(MID(C2,1,10))+TIMEVALUE(MID(C2,12,8))+(8/24)


SCCM : Event ID 1130 Startup Script failed

$
0
0
Today troubleshooting SCCM GPO client push issue. Manually execute the batch script from local machine working fine, but it not working from GPO. 

First, check RSoP to ensure the GPO is deployed to the machine. ✅


Second, check Event Log and found error below: 

Event Log ID       : 1130
Source                  : GroupPolicy
Error                     : Startup script failed
Error Description : Access is denied



The root cause for this is access denied from the client machine to the Installer shared folder. 
After granted permission Authenticated Users - Read & execute to the folder, it work again ! ✅



Connect-AzureAD : The term 'Connect-AzureAD' is not recognized

$
0
0

Working on Windows 10 2004 to execute powershell script and found that AzureAD module is not installed yet. 

Error Message: 

Connect-AzureAD : The term 'Connect-AzureAD' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

Executed command Install-Module AzureAD to install the module from Administrator powershell windows, another error prompt as below:

Error Message:

Install-Module : The 'Install-Module' command was found in the module 'PowerShellGet', but the module could not be loaded. For more information, run 'Import-Module PowerShellGet'. 


Perform check on Powershell Execution Policy and currently on Restricted state. 

Execute Set-ExecutionPolicy Unrestricted to unblock it and it's work !


Finally, I was able to connect AzureAD to continue the work.

How to get SQL Server Product key from ISO

$
0
0
When installing SQL Server 2019 Reporting Service or 2017 and later, you will be ask to enter product key.

According to Microsoft article, product key can be retrieve from SQL Server 2019 installer.



Actually there is another way to get it.

When we run setup.exe from the media, the Product Key is picked from DefaultSetup.ini file located under Root\X86 or Root\x64 folder. This file is also used to make slipstream media (refer KB)



The file would look like below

Comment if you know other way to do this too.

Cireson Portal: Custom Form and Troubleshooting

$
0
0
Cireson Portal did provided a good portal interface for System Center Service Manager (SCSM). Of course customer always requested to add new custom fields into work item form like Incident, Service Request and Change Request.

I've done this couple of times but my brain is getting older and forgetful. Alright let write it down here for future quick reference.

This is the expected result : 



In order to display Type Of Change on Change Request form, new line 22 is added into ChangeRequest.js


The actual line of script here:
{ DataType: "Enum", PropertyDisplayName: "Type of Change", PropertyName: "TypeofChange", EnumId: 'aebf24d4-a7ac-3180-e5b3-cd34c86f03b2', Required: true }

The key here are PropertyName and EnumID. 

By using PowerShell command Get-SCSMEnumeration, EnumID can be search by Name.
Get-SCSMEnumeration -name TypeofChange | select Displayname, name, id



Troubleshooting:
Issue 1: Task Tower 1 field is display value Test in SCSM Console, but portal show blank.


{ DataType: "Enum", PropertyDisplayName: "Tower", PropertyName: "Enum.Change.TaskTower1",EnumId: '90f2bc75-7681-9b57-33ef-d9aa5d2e2db8', Required: true}


Remember! Name that return from Get-SCSMEnumeration is not PropertyName. 

We need to find out the PropertyName from Management Pack.
   

After updated the correct PropertyName
{ DataType: "Enum", PropertyDisplayName: "Tower", PropertyName: "TaskTower1",EnumId: '90f2bc75-7681-9b57-33ef-d9aa5d2e2db8', Required: true}
The correct value is shown on portal now.



Issue 2: After confirmed the PropertyName and EnumID, portal still not display the dropdown list item.


Don't forget to Recycle Application Pool.



If you need more detail on other form field, below are pages you should visit:


Thank you and please comment if you have any question

SCCM : Failed to get DP locations as the expected version from MP Error 0x87d00215

$
0
0

While deploying SCCM agent, this may one of the error that throw from Clients CCMSetup log.

Error Message: 

Failed to get DP locations as the expected version from MP 'http://SCCMPrimarySite'. Error 0x87d00215

MP 'http://SCCMPrimarySite' didn't return DP locations for client package with the expected version. Retrying in 30 minutes.



Resolution : Confirmed the mentioned MP server is added into the Boundary Group belong to the client.




Something simple but better keep a notes here rather than wasting time to troubleshooting same issue again in future.

SCCM : The software could not be found on any servers at this time.

$
0
0

Deploying OSD today and forgot something very important !!! 

Error Message: 

The software could not be found on any servers at this time.


Resolution 

Please ensure the content has been distributed to Distribution Point.


Make sure you won't make the same mistake like me :'(

Reclaim disk space after deleting files from Windows Server Deduplication

$
0
0

Clean up a drive and empty it but still it show space used.

There is a command that need to execute to recover the disk space using PowerShell.

Start-DedupJob -Type GarbageCollection -Volume R:

You can using the command below to track the progress.

 Get-DedupJob


Once the job completed, you will have all the free disk space back !




Empty Recycle Bin in Hidden Folder

$
0
0

After delete files from computer, you need to Empty Recycle Bin to free up disk space.


Once you have done the step above, the Empty Recycle Bin option will be greyed-out for selection.


If you still found hidden $Recycle.Bin folder in your drive, you can execute the command below as Administrator via Command Prompt.

rd /s R:\$RECYCLE.BIN



This will make sure your data is deleted and free up the available disk space . 


Shared Feature Directory is disabled and NOT EDITABLE

$
0
0

Install SQL from a fresh VM but weird why it not allowed me to change the directory for Shared Feature Directory ?

Erm, after google and found comment about if there are any shared components installed on a server in the default path, then we will not be able to change the default shared future path.

Found the culprit !

After removed SQL related application, Shared Feature Directory is editable now !







Where is find SQL Server Product Key from ISO

$
0
0

 When installing Microsoft SQL Server 2019 Reporting Services, it prompt to enter the product key.


Do you know that actually the product key can be retrieve from ISO ?

Let me guide you where to find it.

Navigate to x64 folder from SQL Server ISO. Open DefaultSetup.ini with Notepad.


Here is your product key !





SCSM: An error occurred while executing a custom action:_CreateSrsFolder_SC

$
0
0

Installing Microsoft System Center Service Manager (SCSM) 2019 Data Warehouse server today. 

 An error occurred while executing a custom action:_CreateSrsFolder_SC


1. Make sure SQL Server Reporting Services is running. (Release Notes)
2. Verify if able to access http://ServerName:80/ReportServer/ReportService2005.asmx
3. If prompt for login for http://ServerName:80/Reports, add server name to Internet Options Local Intranet.





That solved my problem and installation completed without error.



SCSM : Data Warehouse Reporting MP Deployment Failed

$
0
0

Microsoft System Center Service Manager (SCSM) 2019 Data Warehouse Management Packs Deployment status was Failed for all the Report Library.


Below is the Operations Manager event logs for management pack error found on Data Warehouse Management Server.



Error Detail:

Deployment Execution Infrastructure has retried the maximum number of times and is giving up on this execution step.

MP Name: ServiceManager.ConfigurationManagement.Report.Library

Operation: Install

Error Message: Install 'Rpdl' operation failed from within 'install' rpdl store = http://servername/ReportServer/ReportService2005.asmx .... Uploading or saving files with .rpdl extension is not allowed.



Cause:

SSRS 2017 version 14.0.600.1274 and later version include a new advanced settings AllowedResourceExtensionsForUpload. This setting restricts the set of extensions of resource files that can be uploaded to the report server. This issue occurs because Service Manager Reporting uses extensions that aren't included in the default set in AllowResourceExtensionsForUpload.

Resolution:
Add *.* to the list of extensions. 

1. Start SQL Server Management Studio, connect to report server instance.
2. Right click the report server name, select Properties and select Advanced.
3. Locate AllowResourceExtensionsForUpload settings, add "." to the list of extension then click OK.
4. No restart reporting services required.
5. Restart Deployment for the failed 




Hooray ! All Reports Library deployment are completed.



Reference: https://docs.microsoft.com/en-us/troubleshoot/system-center/scom/cannot-deploy-operations-manager-reports


Orchestrator: Runbook Designer throw error "The server threw an exception"

$
0
0

After installed Microsoft System Center Orchestrator 2019 Update Rollup 2, connection error when launch Runbook Designer.



Event ID 10007 found with error Application or service 'Orchestrator Runbook Service' could not be restarted.


I missed the Important section :


Microsoft OLE DB Driver already installed for SQL Server 2019.


One more step that need to be done. Reconfigure the Orchestrator database by using Data Source Configuration.


After completed the step below for Data Source Configuration. Runbook Designer is working good now.





Viewing all 54 articles
Browse latest View live