Thursday, December 18, 2014

How to Create a bootable Windows 2012 R2 USB Disk? (applies to Windows 8.1 also)

Pre-requisites: 7-Zip software (Download it from here: http://7-zip.org/), Windows 2012 (R2) ISO (or Windows 8.1 ISO), 8GB or more USB disk
  • Open Command Prompt in elevated mode (Run as Administrator)
  • Type diskpart and press Enter
  • Type list disk and press Enter. Note the list of existing disks.
  • Insert the USB Disk
  • Type list disk and press enter again. Note the new disk showed up which is our USB disk. I assume the new disk is 2 for example purpose.
  • Type select disk X where X is your USB disk. E.g., select disk 2. Press Enter.
  • Type clean and press enter.
  • Type create partition primary and press enter to create primary partition 1.
  • Type select partition 1 and press enter.
  • Type active and press enter to make the partition 1 active
  • Type format fs=ntfs and press enter. This will format the partition 1 as NTFS volume.
  • Type assign and press enter to assign the USB disk to a drive letter.

  • Now right click on Windows Server 2012 R2 or Windows 8.1 ISO file, select 7-Zip –> Extract Files…
  • Select your USB disk to extract the ISO contents to the USB disk
That’s all. Boot the server or computer using the bootable USB disk.
Posted by at No comments:

How to logoff remote desktop sessions via command line tools?

Query the Remote Server for Current Terminal Sessions


To query and list the sessions on the remote session, you could use QUser.exe or QWinsta
1. QUser
QUser command comes with all the latest Windows clients and servers. This will list the sessions
of the remote server (or local machine).
NOTE: if you are using Windows XP, you need to add this location into your System path:
C:\WindowsSystem32DLLCache. To do this, in command prompt, type the following.
SET PATH = %PATH%;C:WindowsSystem32DLLCache;
QUser help shows,
C:\Anand>QUser /?
Display information about users logged on to the system.
QUERY USER [username | sessionname | sessionid] [/SERVER:servername]
username Identifies the username.
sessionname Identifies the session named sessionname.
sessionid Identifies the session with ID sessionid.
/SERVER:servername The server to be queried (default is current).
E.g.,
C:>quser /server:MyCitrixSVR
USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
johndoe ica-tcp#966 10 Active 7 7/31/2008 3:04 PM
averagejoe ica-tcp#969 1 Active 9 7/31/2008 3:30 PM
familyman ica-tcp#984 5 Active 1:06 7/31/2008 4:33 PM
normaldude ica-tcp#987 2 Active 4 7/31/2008 6:20 PM


2. QWinsta
QWinsta is liLle different and beLer. It has more features and options. It comes with all flavors of
Windows. QWinsta command line help displays as,
C:>qwinsta /?
Display information about Terminal Sessions.
QUERY SESSION [sessionname | username | sessionid]
[/SERVER:servername] [/MODE] [/FLOW] [/CONNECT] [/COUNTER]
sessionname Identifies the session named sessionname.
username Identifies the session with user username.
sessionid Identifies the session with ID sessionid.
/SERVER:servername The server to be queried (default is current).
/MODE Display current line seLings.
/FLOW Display current flow control seLings.
/CONNECT Display current connect seLings.
/COUNTER Display current Terminal Services counters information.
E.g.,
C:>qwinsta /server:citrixserver
SESSIONNAME USERNAME ID STATE TYPE DEVICE
0 Disc rdpwd
ica-tcp 65536 Listen wdica
rdp-tcp 65537 Listen rdpwd
console 16 Conn wdcon
ica-tcp#966 johndoe 10 Active wdica
ica-tcp#969 apple 1 Active wdica
ica-tcp#984 averagejoe 5 Active wdica
ica-tcp#987 familyman 2 Active wdica
ica-tcp#989 whoisme 3 Active wdica
You are welcome to try the other options QWinsta provides.


Logoff the Remote Sessions


To Log off the terminal session of the remote server, you can use any one of two command line
tools. One of LOGOFF and another one is RWINSTA. Before you log off the remote session, you
should know the ʺSession IDʺ which you get it from ʺQUSERʺ OR ʺQWINSTAʺ commands as
above stated.


1. Logoff
Logoff command kicks off (logging off) the specified remote session. Log off help shows,
C:>logoff /?
Terminates a session.
LOGOFF [sessionname | sessionid] [/SERVER:servername] [/V]
How to logoff remote desktop sessions via command line tools? | ..:::: … http://anandthearchitect.wordpress.com/2008/08/01/how-to-logoff-remo…
3 of 7 02/26/2013 05:20 PM
sessionname The name of the session.
sessionid The ID of the session.
/SERVER:servername Specifies the Terminal server containing the user
session to log off (default is current).
/V Displays information about the actions performed.
E.g.,
C:>logoff /server:infra-apps 1 /v
Logging off session ID 1


2. RWinsta
RWinsta has same parameters and does same thing as log off command. It simply means Reset
Windows STAtion. The help goes as,
C:>RWinsta /?
Reset the session subsytem hardware and soOware to known initial values.
RESET SESSION {sessionname | sessionid} [/SERVER:servername] [/V]
sessionname Identifies the session with name sessionname.
sessionid Identifies the session with ID sessionid.
/SERVER:servername The server containing the session (default is current).
/V Display additional information.
E.g.,
C:>RWinsta /Server:MyWinServer 1
Note: RWinsta command does not return anything.
Happy Re-seLing the remote sessions.
Posted by at No comments:

Tuesday, February 4, 2014

Set network configurations from the command line in Windows

Lets use the following criteria:

We will be setting up Local Are Connection

    IP        : 172.168.100.2
    MASK    : 255.255.255.0
    GW        : 172.168.100.1
    GW Metric    : 1

Here is the syntax for IPv4:

netsh interface show config
netsh interface ip set address name="Local Area Connection" static 172.168.100.2 255.255.255.0 172.168.100.1 gwmetric=1
Posted by at No comments:

Check for duplicate Security Identifiers (SID) on your domain

Open a command prompt and type

C:\ ntdsutil

 and press ENTER.

Now type

C:\ security account management

and press ENTER.

Now type

C:\ connect to server DNSNameOfSAMDatabaseServer

 and press ENTER.

Now type

C:\ check duplicate sid

and then press ENTER.

If you have duplicates it will be listed.
Posted by at No comments:

Wednesday, November 20, 2013

AN Authentication Error has occured (0X507)

This error occured when you try to connect from your XP (SP 2 or 3) or Vista desktop to Windows 2008 TS. This is NLA error. WIndows 2008 use NLA for security reason. 

To solve this error you need to make registory changes. 




1. Click on Start and Click on RUN (if it is Vista type regedit in search)
2. Type Regedit and click OK
3. It will open registory editor
4. Click on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
5. In right hand panel right click on Security Packages and clcik Modify.
6. In box leave all value and add tspkg at end As new value. and click OK.Refer Image
7. Now click onHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
8. In right hand side panel right click on Security Provider and click Modify
9. In data add word credssp.dll as new value. Do not change any other value
8. Click OK and exit from registery Editor
9. Restart your compute

If you are responsible for maintaining Windows Terminal Server in your environment then i strongly recommend to use "Windows Server 2008 Terminal Services Resource Kit" . This book is really very helpful.
  
Posted by at No comments:

Sunday, November 17, 2013

SEP 12.1 & Dos commands



We should be familiar with dos commands to start & stop services related to SEP.

Symantec Endpoint Protection Service is dependent on Symantec Web service so when we try to stop web service only it will stop SEPM service also.

Net stop semwebsrv

Type ‘Y’to stop the service, you can see it's stopping SEPM service first then Apache service.

To start both the services again type

Net start semsrv

IF you wish to stop only Symantec Endpoint Protection Manager Service only

Net stop semsrv

To start Symantec Endpoint Protection Manager service again

Net start semsrv

o stop Symantec Endpoint Embedded database service.

net stop sqlanys_sem5

To start it again

net start sqlanys_sem5

How to restart Shared insight cache service through command line if it’s installed.

Sc start “Shared insight cache”

Sc stops “Shared insight cache”

Sc query “Shared insight cache”



In many cases we may required to stop SEP client service to replace sylink.xml or for any other troubleshooting.

To stop SEP client service

smc -stop

After typing this command there won't be any command prompt window, SEP yellow shied icon  should disappear after typing this command.

To start SEP client service

smc -start



To disable SEP client firewall service

smc -disable –ntp

To enable client firewall service

smc -enable -ntp

If the SEP client UI is password protected:

smc -disable -ntp -p

I hope it's been informative.
Posted by at No comments:

Tuesday, November 12, 2013

Using a Command Line to Uninstall Software on Remote PCs

WMIC (Windows Management Instrumentation Command-Line) is a potent tool that often doesn't see much use due to the lack of (easily accessible) documentation available. More information can be found on WMIC here: http://technet.microsoft.com/en-us/library/bb742610.aspx. Some great switches and alternate options can be found here: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/wmic_overview.mspx. We’ll be using WMIC with domain admin credentials to crawl through a list of nodes (PCs/Laptops) and uninstall an example program without interrupting the user.

01. Load up a command shell with appropriate access permissions

Though a WMIC instruction can be given appropriate credentials prior to operation, it is typically best-practice to avoid clear-text typing the password (who is that looking over your shoulder;)). We’ll execute the runas command like the following:

Runas /user:DomainAdminAccount@DOMAIN cmd

… which will prompt us for the credentials of our DomainAdminAccount. If authenticated, we’ll be handed a command shell running as the Admin

 02.     
Verify Program Installation (an optional informative step)

With our WMIC prompt, we can ask many questions of a node (or nodes) and receive some nicely formatted replies. Though formatting the replies is beyond the scope of this "How To", much more information can be found on the internet.

So let's find out if a particular node even has our target software (Spiceworks does attempt to list this information in its software scan)

>/node:COMPUTERNAME product get name,version,vendor

This command asks WMI to reply with a list including the Name, Version, and Vendor of all compliant software installations.

If you would like to filter for a specific product, you may do so. Here's an example scanning a networked machine for all installed applications from the vendor "Apple, Inc"

>/node:ANOTHEREXAMPLE product where vendor="Apple Inc." get name,vendor

(*Note from Anders4221:
A small hint if you have special characters like '-' or '/' in the computer name you need to use ' ' characters in order to get information from client)

(**Note from Joe3034:
Here is how you use wildcards in your search:

Surround the like phrase in double quotes and your search criteria in single quotes, and use % as the wildcard symbol.

e.g.:
/node:ComputerXYZ product where "vendor like 'adobe%'" get name,version,identifyingNumber )

03. Call for the Uninstallation

So we can make a call to the WMI interface to uninstall a particular product... let's pick on the MobileMe Control Panel from our previous example. The command:

>/node:EXAMPLE product where name="MobileMe Control Panel" call uninstall

... will prompt you for confirmation in the following (long) format:

Execute (\\EXAMPLE\ROOT\CIMV2:Win32_Product.IdentifyingNumber="{6DA9102E-199F-43A0-A36B-6EF48081A658}",Name="MobileMe Control Panel",Version="2.1.0.24")->Uninstall() (Y/N/?)?

.. to which you must reply 'y' if you wish to uninstall. WMI compliant software will run the default uninstalation procedures without the user needing to do anything (they receive no prompts etc).

**Note that you may also use the
/nointeractive flag like /node:EXAMPLE product where name="MobileMe Control Panel" call uninstall /nointeractive to prevent the confirmation request!
-thx Bart2691

04. Call Uninstall for a List of Machines (an optional informative step)

Let's assume you just got word that Adobe Reader has a serious flaw in it's old version. In a panic, you asked all your users to blindly install the new version of Adobe reader straight from Adobe's site. Thankfully, they all managed to do so... however you've received 3 tickets so far about an Acrobat.com icon on the desktop.

You have a flat text file of all your computer's names stored in c:\computers.txt. You pop open a WMIC shell with appropriate permissions and enter the following command:

>/failfast:on /node:@"c:\computers.txt" product where name="Acrobat.com" call uninstall /nointeractive

Which iterates through your list, skipping nodes that are invalid (eg:machine is turned off) and those that don't meet the criteria. You'll need to confirm 'y' that you want to uninstall on every node unless you use the nointeractive flag.

* Updated Note from Bart2691
... an easy way to automate answering 'Yes'. Examples for doing it by PC or a text file is to use the /nointeractive flag. Additionally, if you don't wish to hang on failed nodes, use the /failfast:on flag to quickly skip a node that isn't responding.

** note from true911 (unconfirmed)
The correct flag is failfast:on, not fastfail:on

wmic /failfast:on /node:@"FILENAME.txt" product where "name like 'microsoft office professional edition 2003'" call uninstall /nointeractive

This for Spiceworks for this links.
Posted by at No comments:
Subscribe to: Posts (Atom)