Group Policy Issue – Windows 10 April 2018

There appears to be a weird issue where in the April 2018 release of Windows 10 group policy fails to refresh the user part of the group policy. Instead you get the message below

This is caused by the netlogon service not running (and being set to manual?!). To resolve the issue you need to do the following:

  • Press Win + R on the keyboard to open the run window
  • Type in services.msc and click run
  • Scroll down and look for Netlogon, if the status is not Running, then that’s why you’re getting this issue
  • Double-Click on Netlogon and change the Startup Type to Automatic and click the Start button
  • Once the service is running, click the OK button
  • Now try running gpupdate again

If you have a large number of computers running Windows 10 and want to fix them all you can make this change using group policy. To do so carry out the following in an appropriate Policy object

  • Start Group Policy Management on a Domain controller
  • Select the appropriate group policy
  • Select Computer Configuration > Preferences > Windows Settings > Services
  • Add a new service and use the following settings
    • Startup: Automatic
    • Service Name: Netlogon (you can pick from the list)
    • Service Action: Start Service
  • You can also set the service to restart on failure by going to the Recovery tab
  • Click  OK

All going well this should resolve the group policy issue. If this helped you please let me know!

Auto login a domain joined computer

Every now and then you come across a situation where you just need a computer to log in and start an application without user intervention. While it is not ideal from a security point of view sometimes it is a necessity. On a non domain joined computer you are able to use the netplwiz command to setup an automated login. However on a domain joined computer this option does not exist. To do the same on a domain joined computer you need to use the regedit as administrator. Once open you need to browse down to the follow location “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon“.

From here there is 4 entries you need to change to suite your needs.

  1. AutoAdminLogin – Needs to be set to 1 to enable auto login
  2. DefaultDomain – Needs to be set to the domain you are logging into (either PC name or AD name)
  3. DefaultUserName – Needs to be set to the user that you want to autologin
  4. DefaultPassword – Needs to be set to the password of that user account. Be aware that this is kept in plain text and can be looked up by any user with access to the registry! If this registry entry is not there you need to add it. (This is just a string registry item.)

After this you can restart the computer and if it is all configured correctly it will login with the user that was specified. You can disable the auto login also by changing the AutoAdminLogin to 0

regedit-autologin

Error changing print driver Server 2012/R2

I have had a issue that has been plaguing me the last few days where I was unable to update the printer drivers on a shared printer. With the error message “Printer settings could not be saved. This operation is not supported.” After a bunch of searching I found that if you unable to change the printer drivers on a Windows Server 2012/R2 Server you need to first untick the share option on the printer. The change the drivers for the printer. After which you can re-share the printer on the network / directory.

Kudo’s go to https://flamingkeys.com as they had the above information on their blog.

Modify a distribution group members in Outlook

Accessing the Distribution List

  1. Selecting the Home tab and click on the Address Book
    Fig 1. The Home tab
    DL-Outlook-1
    Fig 2. The Address Book option on the Home tab
    DL-Outlook-2
  2. In the Search section enter the display name of your distribution list. E.g. QualityCommittee
    Fig 3. The Search field in the Global Address List (GAL)
    DL-Outlook-3
  3. Double click on the distribution list or right click and the select Properties. The details of the central distribution list will be displayed in a new window.
    Fig 3.  Example of a central distribution list and location of the Modify Members button
    DL-Outlook-4
  4. Click on the Modify Members… button

Adding Members to the Distribution List

  1. Click Add… and then search for the name or user ID of the person you want to add.
  2. Once you have found the person you want to add either double click on their name or highlight the name and click Add.
  3. Once you have the people in your list that you want to add click the OK button.
  4. You should then see them on the list. Click OK.
  5. Click OK again to close the properties window.

Removing Members from the Distribution List

  1. Search through the list for the person you want to remove. Highlight their name.
  2. Click on the Remove button.
    Click OK.

Windows Server 2012R2 stuck at “Updating your system”

I recently installed a batch of updates across all the servers I manage. Everything went smoothly throughout the download, installation and restarting of all the servers bar 1. This particular server was unable to make it past ‘Updating your system 12%’. I tried a number of different tricks such as disabling driver signing and safe mode to no avail.

After some searching through copious forums and articled I found the solution to my problem. First I needed to boot into the startup menu by resetting the VM a number of times. Then I selected the option to open the command prompt. Then all that was required was to enter a DISM command to roll the system image back to before the updates were installed.

The command that was run to do so is as follows.
dism.exe /image:C:\ /cleanup-image /revertpendingactions

After this the server restarted and everything was all working.

P2V Gotchya

We all have one of those old servers sitting quietly humming away in the rack. That everyone knows needs to be replaced but no one wants to touch because it does that really important business function X or stores all the data for app Y that just can’t go down. Then one day something happens to that server and *poof* that server is no more or you get a scare when the RAID card or some other part decides to give up the go.

Recently I found myself in the first scenario where the good all SBS server that’s been quietly humming away decided to have a system board failure on a Sunday morning. Thankfully the tech hoarder that I am I had another server of the same model sitting at home propping up the ol’ nerf gun. What I did know but didn’t want to think about was that this old server I had spare was also just as old as the one that failed. After transferring the drives etc over to the new old server everything looked great and was running without error. However Monday morning at 4am it decided to drop the RAID card and give up. Thankfully I also had a spare one of these (I know so much *stuff*). Thankfully this managed to get the server back to life before the business day started.

At that point I decided I really like my weekends and weekday sleep-ins. After some investigation I had decided that the best thing to do in the short term is to virtualise the server onto some newer more stable hardware. That evening I ran the VMware Standalone converter on the server and just a couple of hours later the server was so I thought happily running away in VMware. The next morning however I awoke to find a number of server failure alerts and a SBS VM that does not want to do anything but sit at the ‘Applying Computer Settings’ screen.

Needless to say the Tuesday at work was not a chill day in the slightest when trying to fire up the physical server it decided that it had done its duty and was not working anymore. Which with the help of some other IT support got us to the conclusion that the VM is the only way forwards. After a number of coffee’s and a fair bit off cussing we found that the reason for the VM freezing and failing to run any services such as exchange was that the old hardware which obviously was no longer connected was still hiding away in the device manager. After removing all the hidden raid cards and chipset devices the VM decided that it is going to work perfectly.

So if you were like me and have a physical server that you have virtualised to VMware and it wont behave take a moment to check out the hidden devices in the device manager. It might just save you a few grey hairs.

Find all unread emails in Outlook

Sometimes Outlook will display that there is 1 or more unread emails however when you look in the unread email folder there are none. By following the steps below you can find those emails and mark them as read.
  1. In the “Search Current Mailbox (Ctrl+E)” box, type: read:no and hit Enter.
  2. When it shows “Find More on Server” link, click it. Then the unread email(s) should appear.

Compatibility:

This works with Office 2010, Office 2013 and Office 2016.

Fix Unknown Hardware Health Status in VMware ESXI

Unknown Hardware Health IssueThe other day my monitoring software for a particular ESXI host went crazy saying that there was a number of severe hardware failures detected. Upon investigation the virtual machines on the server were running perfectly. However if you believed the host, it had encountered a failure in almost every component. After some investigation the culprit was a failed service on the host. All that was required to resolve the ‘Severe Hardware Failure’ was to re-start the CIM Server service.

This can be found in the ‘Configuration’ tab in the vSphere Client. You then need to go to the ‘Security Profile’ side menu option and click properties under the ‘Services’ section. You then scroll till you find the ‘CIM Server’ service.

Managing Disks with Powershell

In Powershell version 3.0 which is found in Server 2012 and Windows 8 you are able to manage hard drives entirely from Powershell. This means you are able to add, initialize, format and name disks entirely from the command line. (Even in one line if you so wished)

In this blog entry I am going to run through:

  • How to get disks that have a raw partition format
  • Initialize the disk
  • Create partitions on the disk
  • Format the volume to the desired File system format

To get started we need to get a list of all the disks in the system that have no file system format. To do this we use the following Powershell command.

This will return a table formatted list of disks connected to you system that currently have no file system format.

GetRawDisks

Now that we have a list of disks we can initialize them to the desired partition style. To do this we need to use the Initialize-Disk command.

InitializeDisk

If you run a Get-Disk command after this you will see that the Partition Style has changed from RAW to MBR or GPT.

Now that the disk is initialized we need to create a partition on it. To do this we can use the New-Partition command. By using the -AssignDriveLetter parameter we will get windows to assign the next available drive letter to the new partition. In this case we are using the -UseMaximumSize to create a partition that will fill the size of the disk. You are able to use the -Size command instead to allow for the creation of multiple partitions on the one disk.

NewPartition

All that remains now is to format the newly created partition to the desired file system format. To do this we use the Format-Volume command. You have the option of formatting the disk as exFATFATFAT32NTFS and ReFS. We are going to use NTFS in this case. You are also able to set drive labels at this point.

FormatVolume

At this point you now have a fully formatted and partitioned disk that is accessible in windows.

Now that we know what each part does we can string all the commands together. This is done by using the -PassThru command and the piping character |.

OneLine

I hope this will help you to work smarter not harder! NP