Group Policy: Create mapped drive that is synced locally to be available offline.

If you have users that go to client sites and will not always have access to a network connection, and need access to some non confidential documents on the network creating Administratively assigned cashed files can be the way to go.

1. Create a new group policy object.





2. In Group policy Management Editor expand:
     User configuration> Administrative Templates> Network>
     Offline Files> Select Specify Administratively assigned Offline Files




3. Select Enabled.
    Then Select "Show"
    In the show contents window enter the name of the UNC path of the network share in the "Value Name"             field. Leave the value field blank and select ok. Creating the offline share is done.



And in the same policy we will map the drive for the share that we just made available offline.

4. Again in Group Policy Management Editor Expand:
    Preferences> Windows Settings> Drive Maps


1. Set Action to "Update" (This will re-map the drive if the user removes it)
    Set Location: the location of the network share.
    Select the "Reconnect" radio button
    Label as: Gives the share a desired name
    Select a drive letter
    select apply
   


































Link the GPO to the desired organizational unit that contains the users you wish to provide the offline files to. When they log in next they will have a mapped drive that will sync locally and be available to use offline.


Posted by No comments:
Labels: , ,

Powershell: Reset user password and set to change at next logon

This powershell script can be used to reset user passwords quickly and force them to change it on their next logon. Copy this script into powerhell ISE and save it as a .ps1 file. When you run the script it will prompt you for the username. You can change the password variable to be whatever you want.

$Identity = read-host "Enter User name"
$password = P455w0rd

Set-adaccountpassword -Identity $Identity -reset -newpassword (ConvertTo-SecureString -AsPlainText $password -Force)
Set-aduser $user -changepasswordatlogon $true

or to statically assign the password use the following script:

Set-adaccountpassword -Identity (read-host "Enter User name") -reset
-NewPassword (Read-Host -AsSecureString "New Password")
Posted by No comments:
Labels:

Format Hard Disk or USB Removable Storage using Diskpart

Format Hard Disks or USB removable storage using the diskpart command line utility.

Open command prompt
Diskpart – To initiate the diskpart utility
List disk – To list all available disks.
Select disk – Select the disk you wish to format.


 Detail disk – Find out more details about the selected disk. Handy to make sure you are formatting the right disk.


















Clean all – Formats the disk
Create partition primary – Creates a partition on the disk. If you don’t specify the size all available             space will be used by default.
Select partition 1 - Select desired partition
Active – Sets the selected partition as active.
Format fs=(enter desired filesystem ntfs, fat32 ect.) – formats the volume with the requires file system


















Assign – to give the drive the next available drive letter or you can specify one by typing
Assign letter=(desired letter)







Exit – to exit diskpart
Posted by No comments:
Labels: ,

Restore a Deleted Active Directory Object

To restore a deleted Active Directory Object in Server 2008 or 2003 (this can also be preformed also in server 2012 but the active directory recycle bin is much easier and faster) you can perform a using ldp.exe to recover the items as long as the time to live for the deleted objects container hasn't passed.

   















 1.     Log in to Active Directory Server as an Domain Administrator
 2.     Open ldp.exe using Command Prompt or Powershell























3.    Select Connection menu, select Connect, then type server name.

 




















4.    Select Connection menu, select Bind and Select OK
The Deleted Objects folder is hidden by default you will need to make it visible





















5.    Select Options menu and Select Controls.
Expand the Load Predefined container list and select Return deletedobjects. Select OK






















6.       Select the View menu, select Tree, and then use the dropdown to select the distinguished name of the domain. For Example DC=Contoso,DC=com.





















7.       Expand the Domain Name container and then Expand Deleted Objects container.













8.       Right click on the desired account, then click Modify.





















9.       In the Attribute box, type isDeleted. Under Operation, select Delete, and then select Enter.

 























10.   In the Attribute box, type distinguishedName, in the Values box, type:
CN=User Name,OU= Organizational Unit,DC=domain,DC=name.
Under operation, select Replace and then Select Enter.

11.   Select the Extended check box and then Select Run.


























You will need to reset password, enable the account and fill in any missing attributes and groups











Done! It is much easier with server 2012 and the active directory recycle bin. But if using server 2008 
or below this is the easiest and least disruptive way to restore a deleted user account.
Posted by No comments:
Labels:

View Applied Group Policy for Logged on User

To troubleshoot issues relating to group policy run one of the following commands.

To generate a report in html format type into Command Prompt or Powershell:

Gpresult /h c:\test.html(or whatever local or network location you desire)

Then browse to the location and open the report in a web browser. 












To view the results within Command Prompt or Powershell simply type:

gpresult /r

Posted by No comments:
Labels: ,

Find who is logged onto a computer within domain

Someone causing havoc on your network and all you have is the computername? Here is a handy little powershell script to find the culprit.

1. Open Powershell

2. Enter the following script.

get-wmiobject win32_computersystem -comp "computername" | select USername,Caption,Manufacturer






















3. Done
Posted by No comments:
Labels:

Remove Driver Package from Driver Store

Handy little command line tool to permanently delete drivers from the driver store in Windows.

1. Open a administrative command prompt

2. to view drivers in driver store type:
 pnputil.exe -e












3. Find the driver you want to remove and insert the "Published Name" into the command
pnputil.exe -d oem$.inf
$=number of the drivers Published Name.

4. Done. 
Posted by No comments:
Labels:

Adding Driver package to Windows installation

You can add your own driver package to a bootable windows installation using dism. It can save a lot of time and heartache post installation.

1. First I like to move the install.wim file to an accessable location. On the windows installation media open the sources folder and copy the install.wim file to your root directory.

2. Then create a folder in your root directory in this case I like to use "mount"

3. Open an administrative command prompt

3. To mount the wim file type:

dism.exe /Mount-WIM /WimFile:"C:\install.wim" /index:1 /MountDir:"C:\mount"




4. To inject the drivers into the wim type:
dism /image:C:\mount /Add-Driver /driver:"C:\Driver location" /recurse
(ensure all drivers are located in the same location and the packages have been unzipped to expose the files)









5. To unmount and commit the changes type:
dism /unmount-wim /Mountdir:C:\mount /commit


6. Copy the wim file back into sources folder on the windows installation media.

7. Done! Never worry about about drivers again.
Posted by No comments:
Labels: , ,

Give Calendar permissions with Powershell

Here is a handy Powershell script I wrote to give Calendar permissions via Powershell. Paste the script into Powershell ISE and play it. We often get requests from PA's and senior staff needing fast access to users calendars this makes short work of it. It will add the exchange snap-in, then prompt you for the users mailbox. Enter the user whose calendar is being granted access to. Then the current calendar permissions will be shown then you will be prompted to enter the user requiring access. Then enter permission level and the script will finally display the permissions after the change. (This is for Exchange 2010 for other versions remove the snapin command from the first line.)

 add-pssnapin Microsoft.Exchange.Management.PowerShell.E2010
cls

$user = $null

$user = read-host "Calendar Being Configured"
$user = $user + ":\calendar"

get-mailboxfolderpermission -Identity $user | ft user,accessrights

$Identity = $null

$Identity = read-host "User Being Granted Access"

$AccessRights = $null
$AccessRights = read-host "Access Required - Editor,Owner,Reviewer,Contributor"


Add-MailboxFolderPermission -Identity $User –User $Identity –AccessRights $AccessRights

get-mailboxfolderpermission -Identity $user | ft user,accessrights 
Posted by No comments:
Labels:
Subscribe to: Posts (Atom)