Tell me if you’ve heard this one before. You build a bunch of new VMs for your lab environment. You have them all running but every time you switch back to a VM you find that it’s always locked and you have to press Control-Alt-Delete and enter your password. In a production environment, this is a great behavior but in a home lab it is maddening. I finally sat down to try and fix this and it turns out it seems pretty simple. Simply add the following two lines to your deployment script:
What these commands do is change the following two properties (Turn off the display and Put the computer to sleep) for the currently active PowerPlan and sets them to Never.
This HOWTO is fairly specific to me but since I needed to document it anyway I figured I would share it in case in benefited others.
I have scheduled yet another Microsoft Exam for October. One of the techniques I use during studying is to take the base “Skills Measured” list from Microsoft and build a checklist around it so I can keep track of what to review next. To do this I traditionally copy and paste the list from the Microsoft exam site and painstakingly edit it to make it compatible with a commercial task tracking software I purchased called Swift To-Do List. It’s mind-numbing repetitive work and I always tell myself I’m going to try and automate it but never do. Well that ends today.
What am I talking about exactly? Well let’s use an example. I’m scheduled to write the 70-462 – Administering SQL 2012. So I visit the site (https://www.microsoft.com/learning/en-ca/exam-70-462.aspx) and get something that looks like this:
There are a series of one level collapsible trees that contain all types of items on the exam. The catch is rather than provide them in a list, the entries are separated by semi-colons. What would be so much more useful is if I could transform that list into something like this:
Imagine this scenario. You have a SharePoint 2007/2010/2013 server in your environment along with an Exchange 2007/2010/2013 server. You have configured email-enabled lists in your SharePoint environment by leveraging an SMTP server configured on your SharePoint server along with a send connector on your Exchange server. Everything works great and people can email an address and have their content automatically added as a SharePoint list entry.
Then you migrate to Office 365 in a full cutover migration, obsoleting your Exchange on premises server. Your email to list functionality breaks. What now?
I found myself in this exact situation and had to come up with a solution. Here is what I came up with. I won’t be covering every step here and instead will only consider high level requirements. If you need more specific detail, please ask in the comments.
First, if you have performed a cut over migration, you likely don’t need the firewall rule you had for port 25 to your Exchange server anymore. So the first thing to do would be to modify that firewall rule and redirect traffic for it from your Exchange server to your SharePoint server.
From there, you can do the following:
1) Modify your existing Exchange contact that is used for email to list functionality. Change the email address from [name]@sharepoint.domain.com to [name]@domain.com where domain.com matches your primary production domain.
Next, if you are using some type of Directory Synchronization tool, perform a sync to Office 365.
Imagine for a moment you have just deployed Office 365 in your environment using a cutover migration. Everything is working well and you’ve now decided to grant access for your users to use Skype for Business. (I so hate that name).
You find that some users are not appearing in the Skype For Business Users control panel. You scratch your head and Google until you come across this excellent article:
It basically tells you that at some point in the past, someone deployed either Office Communications Server or Lync server in your environment and the users that aren’t showing up have their msRTCSIP Active Directory attributes populated which is confusing Skype for Business. The article goes on to show you how to clear the attributes.
Now imagine you test this process and it works and solves your problem. But then you slink into your chair when you realize you may potentially have hundreds of users to update and each user has as many as 14 attributes each that need to be modified.
That’s the situation I found myself in. If you’ve seen any other posts on this site, you already know how I solved this – PowerShell!
I figured I’d share my solution in the event anyone else is in this situation. This is very rough code designed to solve the immediate problem and as a result I’d suggest that you have some comfort with PowerShell before attempting to use this code.
Windows 10 is nearly upon and one of the features I am looking forward to is PowerShell 5. More specifically I am looking forward to the new PowerShellGet module. This is effectively apt-get or yum for Windows and the implications for systems administrators are significant. I just finished a quick test drive of the functionality in the Windows 10 Technical preview and wanted to share my findings.
Let’s start by finding the module. We assume it has the word ‘get’ in it so we can do:
Get-Module *Get* –ListAvailable
We find a module called ‘PowerShellGet’. Let’s see what commands it offers using Get-Command
If you use Pleasant Password Server, you may have a need to request passwords from a command line or automated process. If you do, the script below should be very helpful.
It took me most of the evening to figure out how to request passwords using PowerShell and the RESTful API built into Pleasant Password Server (aka Keepass Server).
The vendor’s documentation is unfortunately very lacking. Seriously, would it kill you to include some examples? At any rate, the script below uses the Invoke-WebRequest cmdlet to access the RestfulAPI.
The key thing to note here is that the only way it seems to retrieve passwords is via their GUID. Importantly, this is not the UUID that is displayed in the desktop client.
The only way I’ve found to identify the GUID is to access the desired password using the webclient and then press F12 in your browser to activate the debugging tools.
From there if you select the “Network” tab, you should see the GUID appended to the end of the URL for your password server site.
I needed to run a PowerShell script on a few dozen machines scattered across just as many disconnected networks. I wanted to ensure that if anyone in the future attempted to make changes to the script that it would no longer execute. This means learning how to implement PowerShell certificates. After much Googling I found that there was no good end-to-end guide on implementing certificates. After much trial and error, I have figured out how to implement PowerShell certificates in such a way that you do NOT need to purchase a commercial certificate while still being able to run the script on remote systems. I figured I would share the process in the hopes that I can save the next person the frustration I had.
Disclaimer: These steps are presentedwithout any warranty, express or implied. As far as I have been able to determine, this process should drastically improve the security of your scripts without otherwise introducing any new security issues. However as I am still learning about certificates, I may have missed something. If you do find such a security concern, please let me know as I’d love to know what I missed!
Note: The commands below use the “pki” module for PowerShell 4 and therefore requires Windows 8.1 / Windows 2012
If a modern OS is not available, these same steps can be completed through a combination of legacy tools (makecert.exe and certmgr.msc)
Specific steps on completing this with a legacy OS are not covered in this document
How the Certificate Creation Script Works
Creates a custom self-signed certificate on the local machine where the script authoring takes place
The entire key (public+private) is exported for archival and safekeeping
The public key of this certificate is then exported and immediately reimported into both the Root and Trusted Publisher certificate stores on the authoring computer/user
This makes this certificate implicitly trusted on the authoring computer which makes it eligible to be used to sign a PowerShell script
The newly created certificate is then used to sign a custom PowerShell script
The public certificate is then imported onto the target/remote system where the script is intended to be executed
The target system is assumed to be running an ExecutionPolicy of “AllSigned” which requires that all scripts must be signed by an approved entity before it is executed
Previously I’ve posted a HOWTO for resolving a CID mismatch issue with virtual machines and snapshots when those VMware are running on ESXi. That can be found here:
But what happens if you have the same error under VMware Workstation (11)? Today I had a reason to detach a secondary disk from one VM and temporarily connect it to another. When I was done, I tried to reattach the secondary disk back to it’s original VM. When I tried to reboot however I received the following error:
In the HOWTO posted above, this can be resolved by updating the CID and ParentCID fields inside of the plain text .VMDK configuration file for the VM. Unfortunately that doesn’t apply to VMware workstation because this “descriptor” / configuration data is stored in the same file as the “-flat” disk making it impossible to edit with a plaintext editor such as notepad. Instead we need to use a Hex Editor. Don’t worry, this is much simpler than it sounds.
If you’ve used PowerShell for length of time at all, I promise this HOWTO is going to be revelation and will fundamentally change how you use PowerShell.
PowerShell is full of objects. All of those objects have properties. Many of those properties have their own sub properties. Those child properties can then still have even more properties underneath them. While it is fantastic that we have all of this data at our fingertips, it is often exceptionally difficult to know what’s available. It’s a case of not knowing what you’re missing because you didn’t know about it in the first place.
To combat this, PowerShell includes an excellent command called Get-Member which shows what properties are available on an object. The problem is, it doesn’t show sub properties and nor does it show the values of those properties. This combination makes searching for available data both frustrating and annoying. I’m pleased to report I now have a solution for this problem!
I recently found myself having to learn about “JSON” for work. In a nutshell, JSON is an alternative to XML and is a text based representation of data. To work with JSON, PowerShell includes a cmdlet called ConvertTo-JSON. By complete accident I discovered that this cmdlet has a very interesting capability. If you pipe any object into it, it will spit out absolutely everything PowerShell knows about that object, nested sub properties and all.
I then did some research and discovered a free standalone tool (no installation required) called jsonview.exe from CodePlex. This tool provides a graphical tree view of JSON data. Can you see where this is going? Wouldn’t it be amazing if you had a nice graphical interface to view all of the data inside of an object, regardless of how far down it was nested?
Consider the following example. We have a cmdlet called Send-Email that isn’t working properly. When we try to use it, all we get is an error “Unable to connect to the remote server”.
The question is? What server? And why can’t it connect to it?
I am a big fan of the traditional Blackberry philosophy of building hardware and software that can get work done quickly in as few steps as possible.
With the release of OS10, Blackberry effectively had to build a new OS from scratch. This is a ton of work and as a result, many of the refinements that were added to OS7 over the years are now missing. I have read many forum posts of people requesting feature x to be added back to the platform. Blackberry has finite resources for development and testing and simply can’t implement everything all at once. As a result, these posts become effectively nothing but noise. It was clear to me that forums alone are an ineffective method for getting Blackberry the information it needs for what features to implement next.
What is required is a “single source of truth” or a curated list of all requested new features and the relative popularity of each. I have decided to take ownership of this problem and attempt to solve this at a global scale by providing a common platform for everyone to voice their requests.
I have created a new voting poll that I intend to be a living list of new feature requests for the Blackberry 10 operating system. I am formally offering myself as the official curator of these requests. You can see the first iteration of the poll below that includes a number of feature requests that I personally have after using my Classic for several days. My hope is that others will review my list and if they agree can vote on those items. Alternatively they can add their own. I will be monitoring the new submissions and if they don’t already exist or are not entirely unreasonable I will add them to the poll.
Below is the poll and the questions. Please if possible leave feedback either here or on the official poll website (available at http://poll.fm/536y9) as the feedback is required to correlate the numbers in the polls to show the relative interest in a given feature and to give this poll the weight it needs to have any hope of affecting change.
If you have any questions, comments or suggestions, please leave them in the comments as well. I want to make this a tool that the entire Blackberry community can leverage and maybe, just maybe influence the behavior of Blackberry itself!
If you would like to see new feature requests added to this poll or changes to the existing entires, please add the entry to the “other” field in the poll and then leave comments on how you feel your idea should be implemented.
