Upgrading your current KMS Server (Server 2008 R2) to support Windows 8 and Server 2012 activation

If you’re in an enterprise environment, chances are that you have a KMS server running (usually either Windows 7 or Server 2008 R2).  So now that Windows 8 and Server 2012 has hit VLSC for SA customers you’ll most likely want to begin testing and performing pilot deployments but we need to get our Key Management Server to accept these new clients.  If you have tried to activate your KMS keys with existing KMS hosts you will receive the following error message:

Error: 0xC004F050 The Software Licensing Service reported that the product 
key is invalid.

Thankfully for us, Microsoft has released an update that will upgrade Windows 7 or Server 2008 R2 KMS Hosts to support Windows 8 and Windows Server 2012, you can view the KB article by clicking here (KB2691586).  You will need to request the hotfix from the KB.  Once downloaded, open up an elevated command prompt and execute the update (which acts as a windows update package).  When it finishes installing you will need to restart your server.

Now that our server is back up, we need to replace the KMS Host key with one for 2012 or Windows 8.  Open an elevated command prompt and enter slmgr.vbs /upk which will show us Uninstalled product key successfully when complete.  Now we install our new key with slmgr.vbs /ipk product-key-here

You should now be presented with a product activated successfully window.  You can also run
slmgr.vbs /dlv and under description you should see VOLUME_KMS_2012.  Now you can start to activate your new Windows 8 and Server 2012 clients.

Allowing anonymous relay on Exchange 2007/2010 on connectors for programs to send via SMTP using your Mail servers and how to secure it for internal use only.

I was recently helping out a colleague at another school as they were having difficulty in a specialised application sending e-mails to external addresses.  After a bit of investigating we found that the send connector configured for internet e-mail wasn’t allowing anonymous connections to it (which is dangerous) but since this particular application didn’t allow us to specify authentication details we were forced to enable anonymous relay for this connector.

I will first show you the PowerShell command that we used to grant the anonymous permissions for the connector that you specify:

Get-ReceiveConnector “Default SBSSERVER” |
Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON”
-ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

Now the above is really one command getting piped into another, so first of all we are specifying a particular receive connector, in this case Default SBSSERVER (change this to reflect the connector you want to modify).  We are then simply giving rights to anonymous logons (anyone) telling exchange to accept any recipient.

Now as for securing this connector, I would strongly suggest creating a separate one for this particular application (for example Sales App Connector).  We then add incoming IP restrictions, by editing the properties of the receive connector and adding entries to Receive mail from remote servers that have these IP addresses using either specific IP addresses or IP ranges in CIDR notation (so 10.1.0.0/16).

And there you have it, allowing anonymous connections / relay for internal applications to use.

Getting a list of users in Active Directory as well as their Logon Script using dsquery and dsget

So I’m preparing on doing a clean-up of our NETLOGON/SYSVOL folder containing about 50 or so different logon scripts (plenty of which I know are no longer used).  I wanted to create a list of all of our active directory users along with what logon script they were assigned (I could then feed this list into excel and play around).  I realised that I could get this information using dsquery, but how exactly do I build a query to get a logon script.  The following command is what I used, I will then break it down for a better understanding.

dsquery user -name * | dsget user -display -loscr > C:\users_script.txt

So we’ve got our dsquery, which is really looking for AD object types of user with a name of anything, so basically ALL user objects in Active Directory (you can also optionally specify a limit using -limit).  We then pass on this list to dsget which will use this information to obtain the objects’ display name (with -display) and logon script (-loscr).  I am then simply piping the output to a text file.

So that is a quick and easy way of getting a list of all users in AD along with their logon script.

Short blog hiatus…

So you may see that I haven’t been blogging lately. The reason being that I have a new job (focusing on Systems Engineering/Admin, Network Admin as well as IT Super Hero), so I’ve been mainly focusing on that and getting up to speed.  Now that I’ve settled in I will be back at it writing up on my adventures in the world of IT.  Expect more soon.

Adding a ToolTip to a Picture Control in VB.Net

So here is a quick one. I was recently developing a small application written in VB.Net and went to add a tool tip to a picture control displaying the Windows UAC Shield but found that I couldn’t.  So after a litle poke around I found that I could initialise the ToolTip method and apply to the control that I wanted.  The following snippet is assigning the tooltip to my picture control (in this case picShield):

Dim tt As New ToolTip()
tt.SetToolTip(picShield, "Requires Administrative Privilages")

The above will then attach itself at run time to the control you specify and instance a Tool Tip for it.

Installing the PowerShell ISE (Integrated Scripting Environment) on Windows Server 2008 R2

I was recently looking at modifying our SharePoint warm-up script as we had found out that it wasn’t working as it should be.  So I went to fire up the small but useful PowerShell ISE and found that it wasn’t available.  So there are two ways to go about getting it installed.

First off is running the Windows Add Feature under Server Manager.  You will find the Windows PowerShell ISE and be able to tick and install the feature.  The other method which is quite easy is to use PowerShell.

First off we need to import the ServerManager module into PowerShell and then we can go ahead and add the ISE feature.  The following snippet will do it all for you via PowerShell.

Import-Module ServerManager
Add-Windowsfeature PowerShell-ISE

And that is all you have to do to get the wonderful PowerShell ISE going under Windows Server. Hope that helps.

Deploying printers via Group Policy and getting them pushed out the right way as well as solving driver installation issues (0x80070bcb Specified printer driver was not found and needs to be downloaded)

So we recently upgraded our printing infrastructure with a whole new lot of printers and software (along with a shiny new version of PaperCut MF) and have implemented a global queue or better known as Follow Me Printing.  So how do we go about pushing out all the new global printers to our users.  Well along with the 50 other projects we have on the go, one of them is a clean up of our group policy, so after removing around 15 GPOs related to our old printers I got to work.

So for starters I’ve created a GPO which will contain all of our Follow Me Printing settings, including deploying the PaperCut Client and Global Queue Printers. In our environment we have a mix of Windows XP, Windows Vista and Windows 7 which will all handle printers being deployed via Group Policy differently (Microsoft make things so easy, don’t they).  For XP, things are simple, simply add the printer to be deployed either by user or computer preference under control panel > printers. For Vista and 7 however this is where it gets tricky.  If you are using a driver which has been loaded on the machine before, the printer will deploy, otherwise you will receive an error in the event log such as the following:

The user 'Printer Name Here' preference item in the 'Group Policy Object
{GUID-GOES-HERE}' Group Policy object did not apply because it failed with
error code '0x80070bcb The specified printer driver was not found on the system
and needs to be downloaded.' This error was suppressed.

This basically means that the client couldn’t download the driver, but the real reason is because of UAC and the computer not requesting permission to install a driver. Thankfully there is a Policy that we can enable that will allow us to set the permission requirements during printer driver installation.

Using the Point and Print Restrictions Policy we can enable printer driver installation without it getting hassled by UAC. Under Windows Vista it is a User Policy and on Windows 7 it is a Computer Policy (I have both enabled for good measure). So enable toe Point and Print Restrictions Policy and change the following options:

  • When installing drivers for a new connection: Do not show warning or elevation prompt
  • When updating drivers for an existing connection: Show warning only

Once we have configured the Point and Print Restrictions Policy printers will download and install on any client computer that the Object is targeting.

Hope that helps a few people out when setting up and configuring their Group Policy Printer Distribution, any queries please comment.

Getting back the OneNote 2010 Printer by Installing a generic printer driver, and then configure it for Microsoft Office OneNote 2010

So we had a few users delete their OneNote printer from the Printers List in Windows.  OneNote is a great program and is bolstered by the use of the printer allowing you to push pretty much anything into OneNote. We ran an office repair but the printer didn’t actually return for our users, so I started looking at how the OneNote printer is configured and created a new instance of the printer.  The following is basically a walk through of installing and configuring a local printer for OneNote 2010 (also applies to OneNote 2007).

First off we need to install the generic printer driver in Windows. To do this, follow these steps:

  1. Click Start, type printers in the Start Search box, and then click Devices and Printers in the Programs list.
  2. On the left side of the page near the top, click Add a printer.
  3. In the Add Printer dialog box, click Add a local printer.
  4. Click to select the Use an existing port option, select the appropriate port, and then click Next. For example, you can select LPT1.
  5. Under Manufacturer, select Generic, select Generic / Text Only under Printers, and then click Next.
  6. If you receive a message about drivers, click to select the Use the driver that is currently installed (recommended) option, and then click Next:
  7. Click Next, and then click Finish.

So now how do we go about configuring this newly installed generic printer for use with OneNote, follow these instructions for doing that:

  1. In the printer list, right-click the Generic / Text only printer, and then click Printer Properties.
  2. Click the Ports tab, and then click to select the Send To Microsoft OneNote Port check box.
  3. Click the Advanced Tab, select Send to Microsoft OneNote Driver in the Driver list, and then click Print Processor.
  4. Under Print processor, select winprint, select RAW under Default data type, and then click OK.
  5. Click the General tab, change the name of the printer to Send To OneNote 2010, and then click OK.

And now we can finally use the printer to submit pretty much anything to OneNote 2010.  We didn’t really learn why the Office repair didn’t re-add the printer as the research we found on the internet led us to believe that it would add the printer, but just in case it doesn’t you now know how to manually add it.

Increase the number of visible users per page on group creation and user selection screen in Moodle 2.2

So we had a query come through our Help Desk recently to ask if we can increase the users in the user selection box as staff members were having difficulty managing their classes and creating groups as they couldn’t CTRL click and had to type in the names of their students. So I started having a dig around the code in Moodle to find out if we can change the default value.

After poking around the source code and looking at some search results on Google, I found the file that was needed and it can be found in user/selector/lib.php – Line: 740

So we want to go to line and change MAX_USERS_PER_PAGE to equal what we want (a higher value, and in this case we gave it 500). The following is an extract of what we are changing.

/**
 * User selector subclass for the list of users who are not in a certain group.
 * Used on the add group members page.
 */
class group_non_members_selector extends groups_user_selector_base {
    const MAX_USERS_PER_PAGE = 500;

Save the file and now reload your group creation page and you should now be able to select multiple users in a large user base list. Also, it is important to note that the MAX_USERS_PER_PAGE variable is in multiple places and affects different user selection boxes depending on where you edit it.

How to Multicast a Ghost image (GhostCast) using the Altiris Deployment Console 6.9

We recently needed to image a large number of machines in a short amount of time.  Anyone who has dealt with Altiris and use Ghost as their method of imaging know that Altiris wont by default Multicast the image and will instead push it out individually to each client that connects. So here is a little tip on getting your images pushed out via Multicast.

When you have created your imaging job, enter the properties of the imaging task and replace %IMAGE_FILENAME% to @MCSESSION with SESSION being the name of the GhostCast session we will create in the next step.

Now that we have configured the job to tell Ghost to connect to our GhostCast session it is time to start up GhostCast (which can be found under <DS installed path>\Ghost\GhostSrv.exe). Once the window is open we can say that we are going to restore an image and now select the Ghost image that we want to restore (Usually under<DS installed path>\Images\OperatingSystem\..) and now select Accept Clients. Now that we are ready to image, we can boot the computers we want to image into automation and run the imaging job we configured earlier to them. Click on the image to the right to see what your GhostCast window should look like.

Now you will see once they have booted up and started the modified imaging job that they will be at the Symantec Ghost screen waiting for a GhostCast session to start.  We now simply need to go into GhostCast and start sending out the image.  You can see that all of the clients have also appearing in our GhostCast window.