HOW TO CREATE WMI FILTERS FOR SPECIFIED VERSION OF WINDOWS ( GROUP POLICY)

Hi ya,

If you want to create a group policy where you want to filter the GP by the version of windows you have come to the right place.




1. On your Domain Controller, Open Group Policy Management console
( Windows + R and "gpmc.msc" )
2. Right click in WIM Filters and Click on New


3. Put the name you desire - Say "Windows 7 - device" for windows 7
4. Click on Add
Use the following for different version of windows

WMI Filter to target: Windows 7 Workstations
Query Namespace: root\CIMv2
Query: select * from Win32_OperatingSystem where (Version like "6.1 and ProductType = "1"

WMI Filter to target: Windows 8.0 and Windows 8.1 Workstations
Query Namespace: root\CIMv2
Query: select * from Win32_OperatingSystem where (Version like "6.2%" or Version like "6.3%") and ProductType = "1"

WMI Filter to target: Windows 10 Workstations
Query Namespace: root\CIMv2
Query: select * from Win32_OperatingSystem where Version like "10%" and ProductType = "1"




Good luck !!!

HOW TO ORGANIZE YOUR ORGANIZATIONAL STRUCTURE (OU)

HOW TO ORGANIZE YOUR ORGANIZATIONAL STRUCTURE (OU) PROPERLY

Hi Ya,

I have seen many messy Active Directory Structure where there is mixture of users and computers. Creating and targeting policy is a messy. When you built your AD,it  will look like the picture on the right.

They are the default Microsoft AD OU structure. These OU has specific Purpose.

OU	CONTENTS
Builtin	The Builtin container holds default service administrator accounts and domain local security groups. These groups are pre-assigned permissions needed to perform domain management tasks.
Computers	The Computers container holds all computers joined to the domain without a computer account. It is the default location for new computer accounts created in the domain.
Domain Controllers	The Domain Controllers OU is the default location for the computer accounts for domain controllers.
ForeignSecurityPrincipals	The ForeignSecurityPrincipals container holds proxy objects for security principals in NT 4.0 domains or domains outside of the forest.
LostAndFound	The LostAndFound container holds objects moved or created at the same time an Organizational Unit is deleted. Because of Active Directory replication, the parent OU can be deleted on one domain controller while administrators at other domain controllers can add or move objects to the deleted OU before the change has been replicated. During replication, new objects are placed in the LostAndFound container.
NTDS Quotas	The NTDS Quotas container holds objects that contain limits on the number of objects users and groups can own.
Program Data	The Program Data container holds application-specific data created by other programs. This container is empty until a program designed to store information in Active Directory uses it.
System	The System container holds configuration information about the domain including security groups and permissions, the domain SYSVOL share, DFS configuration information, and IP security policies.
Users	The Users container holds additional predefined user and group accounts (besides those in the Builtin container). Users and groups are pre-assigned membership and permissions for completing domain and forest management tasks.

 Source:  https://sites.google.com/a/pccare.vn/it/ent-admin-pages/default-containers

Many engineers will just create users, computer or security group inside one of these OU or  Just create OU  saying users and workstation. Personally I don't like engineers doing this because this makes harder to manage the OU structure and it will create mess on long run. Instead creating a separate organizational unit (OU) naming as your Organization name would just do good.

If you have a small to medium organization to maintain, do create a a separate parent OU relating to your organizational name. Add sub OU creating Users , computers and Groups to organize.

This makes way way  convenient to maintain Active Directory (AD). This not only help you to understand your AD, It will also easy on applying group policy to apply. This is because you can create sub OU inside the parent OUs

For example if my Organization have floors or room, I can create OU under that name and place my computer base on floors. Easily apply printing Group policy to the computer base on floor 1.

HOW TO DELETE THE DOMAIN USER PROFILE CORRECTLY

HOW TO DELETE THE DOMAIN USER PROFILE CORRECTLY

Hi ya,

I believe every one has deleted user folder from

"C:\Users" to make some space on the windows drive or C drive.
Deleting user folder on a domain environment may cause user to login with a temporary profile. This is because when  new user log in a computer they also create SID records on the windows registry. Deleting user folder on "C:\Users"  wont delete the registry record.

In order to avoid messing up the registry , here is the right way to delete the user folder.
Login is as administrator account on the computer where you need to delete the user folder.

1. Open Run or (Windows + R)

2. Type in "SYSDM.CPL" and Hit Enter

This will open your system Properties 

3. Go to "Advanced" tab 

4. Click on User profile "Settings"

5. Select the profile you want to delete and press delete

The above is the Microsoft recommended way to remove the profile .

OTHER WAYS TO DELETE  DOMAIN USER PROFILE

#Note: This can also help the people who are getting temporary login profiles.

Login as administrator account on the computer

1. Always make a note of the user name that you are going to delete
2. Delete selected user folder from the  "C:\Users"

3. Open Run or (Windows + R)

4. Type in "REGEDIT" and Hit Enter
5. Click on File then Export
6. Give a name and location to back up your registry.
#Step 5 and 6 is to be on safe side , if you accidentally delete wrong SIDs or Mess up the regedit.
7. Navigate to the following location  

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

8. Browse through the Profile list and their username will show on Profileimagepath

9. Delete the records

Good luck !!

HOW TO TYPE ALL MSC (MICROSOFT MANAGEMENT CONSOLE) COMMAND LIKE IT PRO

HOW TO TYPE ALL MSC (MICROSOFT MANAGEMENT CONSOLE) COMMAND LIKE IT PRO

Hi all, 

If you are wondering how to open MSC command like an IT PRO. You can remember this commands and act like an IT Pro.

DSA.MSC	Active Directory Users & Computers
DSA.MSC /DOMAIN=domainname
DSA.MSC /SERVER=servername
DSSITE.MSC	Active Directory Sites & Services
GPEDIT.MSC	local Group Policy Editor
VIRTMGMT.MSC	Hyper V manager
MSTSC.MSC	Remote Desktop
DHCPMGMT.MSC	DHCP Manager
DISKMGMT.MSC	Disk Management
DNSMGMT.MSC	DNS Manager
COMPMGMT.MSC	Computer Management
EVENTVWR.MSC	Event Viewer
DEVMGMT.MSC	Device Manager
FSMGMT.MSC	Shared Folders
SERVICES.MSC	Service Configuration
RSOP.MSC	Resultant Set of Policy
SECPOL.MSC	Local Security Policy
LUSRMGR.MSC	Local Users and Groups
DFRG.MSC	Disk Defragmenter
REGEDIT.EXE	Run Registry Editor
MMC.EXE	Microsoft Management Console
PERFMON.MSC	Performance Monitor
DCPOL.MSC	Domain Controller Security Policy
DOMAIN.MSC	Active Directory Domains & Trust
DOMPOL.MSC	Domain Security Policy
DFSGUI.MSC	Distributed File System
IAS.MSC	Internet Authentication Service
INETMGR	Internet Information Service (\Windows\system32\inetsrv)
RRASMGMT.MSC	Routing and Remote Access
TSCC.MSC	Terminal Services
APPWIZ.CPL	Add/Remove Programs
TIMEDATE.CPL	Date/Time Properties
DESK.CPL	Display Properties
INETCPL.CPL	Internet Properties
MAIN.CPL	Mouse Properties
MAIN.CPL KEYBOARD	Keyboard properties
FONTS	For Fonts folder
NCPA.CPL	Network Connection
SYSDM.CPL	System properties
CMD.EXE	Command Prompt
MSINFO32.EXE	Hardware and software configuration information
MSCONFIG	System Configuration
WINVER	Windows Version
CONTROL	Control panel
NETPLWIZ	User Account
MRT	Microsoft Windows Malicious Software Removal Tool
FIREWALL.CPL	Firewall

Good Luck !!

HOW TO REMOVE MULTIPLE SCOPE ON DHCP USING POWERSHELL

HOW TO REMOVE MULTIPLE SCOPE ON DHCP USING POWERSHELL

Hey all,

I accidentally created lots of scope by mistake !!
it was not possible to delete all of the scope physically so I used simple poweshell script to do my job.

Edit as you according to your needs

For ($i=1; $i-lt 255;$i++)
{
$i= $i + 1

$scpID = "192.$i.0.0"
Write-host $scpID 

Remove-dhcpserverv4scope -computername "youcomputername.domain.local" -scopeid $scpID

}



Edit the IPaddress range and your FQDN name.
Save the above on notepad using .ps1 extenstion.

GROUP POLICY TO LOCK USER SCREEN AFTER INACTIVITY (IDEAL TIME)

HOW TO : 

GROUP POLICY TO LOCK USER SCREEN AFTER INACTIVITY (IDEAL TIME)

Server:Windows Server 2012 

Client: Windows 7


Today one of my client asked me if their computer could be auto locked after certain amount of ideal time. So here is what I did to apply the settings.I have seen people using task scheduler and batch file to do this but I find this much more easier to apply.

FIX :

1. On your Domain Controller, Open Group Policy Management console 

( Windows + R and "gpmc.msc" )

2. Create Group policy using your desire name

3. Edit your policy

4. Navigate to User Configuration \ Policies \ Control panel \ Personalization 

5. Edit the following 4 settings

Enable screen saver - Enable

Password protect the screen saver - Enable

Screen saver time out - Enable, Your desire ideal period

Force specific screen saver - Enable , blank path

6. Apply the Group policy to your desire Organizational Unit

Good Luck !!

CONVERT NETWORK LOCATION TYPE TO PRIVATE ON WINDOWS SERVER 2012

HOW TO : 

CONVERT NETWORK LOCATION TYPE TO PRIVATE ON WINDOWS SERVER 2012

One of my client host server(Non-domain) was on Public Network location type which restricted me from remote login to the server. When I checked the network setting it was on public network. Changing type from public to private was not as easy windows 7.

So if you are stuck as I was, here is the fix for that.

FIX :

1. Login to your server
2. Open local group policy editor ( Windows + R and "gpedit.msc" )
3. Navigate to the following path

Computer Configuration/Windows Settings/Security Setting /Network List Manager Policies

4. Select your connected netowork
5. On the Network location tab change it into Private

DISK MANAGEMENT : THERE IS NOT ENOUGH SPACE AVAILABLE ON THE DISK(S) TO COMPLETE THIS OPERATIONAL.

ERROR  : 

DISK MANAGEMENT : THERE IS NOT ENOUGH SPACE AVAILABLE ON THE DISK(S) TO COMPLETE THIS OPERATIONAL.

On windows server 2012

Since my virtual server was running low on disk space, I had to increase the disk volume from the Hyper-V manager to my server. While expanding the volume, I had the error and here is what I did to resolve it !!

FIX :

1. Open Disk Management ( Windows + R and "diskmgmt.msc" )

2. Click on  Action then Rescan Disks

3. Extend your volume as desire.

CREATE GROUP POLICY TO INSTALL WIFI SSID (PROFILE)

HOW TO : 

CREATE GROUP POLICY TO INSTALL WIFI SSID (PROFILE) or

CREATE A GROUP POLICY TO DEPLOY A COMPANY WIRELESS NETWORK

on Server Window server 2012 / R2 to Windows 7 / 8 / 10

SOLUTION:
1. On the test laptop key in the wifi password manually.

2. After you have connected the test laptop. Open Command prompt with administrator  privileged 

3. On Command prompt type in the following 

netsh wlan show profiles

4.  The above command will show you your recent added SSID
5.  Type in the following command to export the SSID setting 

netsh wlan export profile "Above SSID Name" folder=c:

6. This will export an XML file to your C drive.

7. Now copy your XML file to your server(shared location). I usually do mine under

\\yourdomain.name\NETLOGON

eg \\Easy.local\NETLOGON

or copy to your company's script repository (for security)

8. On the notepad, save the following on .Bat extension

netsh wlan add profile filename="\\yourdomain.name\NETLOGON\wifi filename.xml" user=all

9. Save the both files at same location.

10. On your Domain computer open Group policy management , Create a policy with a desire name 

11. Edit the following setting on the group policy

Computer Configuration \ Policies \ Windows settings \ Scripts (Startup/shutdown)

12. Right click and Properties on start up icon

13. Click on Add , and locate your previous bat file . Make sure you use above UNC path (step 7) to navigate your bat file.

14. Save and link it to your desire OU.

GOOD LUCK!!

WINDOWS SERVER UPDATE SERVICES (WSUS) ERROR : CONNECTION ERROR

ERROR:

WINDOWS SERVER UPDATE SERVICES (WSUS) ERROR : CONNECTION ERROR

on Windows Server 2012 / R2

An error occurred trying to connect the WSUS server. This error can happen for number of reasons. Check connectivity with the server, Please contact your network administrator if the problem persists.

If you have tired and failed reseting the server node, Try repairing your Wsus

FIX:
On your server where WSUS is installed.
1. Open Command line using Administrator Privileged.
2.  On the Command prompt type in
               CD \
               CD "C:\Program Files\Update Services\Tools" 
               wsusutil postinstall -servicing