Tag: Windows

Disabling Inactive Domain User and Computer Accounts in Active Directory with Ansible

In my last article I wrote about having Ansible run several audit requests including: “We need a list of all inactive user accounts” as well as “We need a list of inactive computer accounts”. Now that we have those listed, we can let Ansible clean those up. I preferred to create a new playbook for these tasks. First it will list the Users and Computers it will be handling first, next it will disable the account, followed by moving it to either the Inactive_Users or Inactive_Computers OU. I never delete the accounts as we prefer to disable, then move them.

Below is my ansible playbook “fix_AD_Inactive-Users-AND-Computers-90days.yml” 

---
- hosts: pdc
  gather_facts: no
  tasks:
     - name: copy file to windows
       win_copy:
          src: files/fix_inactive_usr.ps1
          dest: c:\it\fix_inactive_usr.ps1

     - name: copy file to windows
       win_copy:
          src: files/fix_inactive_pc.ps1
          dest: c:\it\fix_inactive_pc.ps1

     - name: Fix inactive users - 90 days
       win_shell: c:\it\fix_inactive_usr.ps1
       register: inactive_usr

     - debug: var=inactive_usr.stdout_lines

     - name: Fix inactive computers - 90 days
       win_shell: c:\it\fix_inactive_pc.ps1
       register: inactive_computer

     - debug: var=inactive_computer.stdout_lines

Below is the code for “fix_inactive_usr.ps1”

$date = (get-date).AddDays(-90)

$USR = (Get-ADUser -Filter {LastLogonDate -lt $date} -Property Enabled | Where-Object {$_.Enabled -like "true"} | Select DistinguishedName).DistinguishedName
echo $USR
ForEach ($Item in $USR){
   Disable-ADAccount $Item
   Move-ADObject -Identity $Item -TargetPath "OU=Disabled_Accounts,DC=contoso,DC=com"
   }

Please note in the PowerShell scripts above and below, you will need to change “DC=contoso,DC=com” to reflect your actual domain

Below is the code for “fix_inactive_pc.ps1”

# Specify inactivity range value below
$DaysInactive = 90
# $time variable converts $DaysInactive to LastLogonTimeStamp property format for the -Filter switch to work

$time = (Get-Date).Adddays(-($DaysInactive))

# Identify inactive computer accounts

$PC = (Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Property Enabled | Where-Object {$_.Enabled -like "true"} | Select DistinguishedName).DistinguishedName
echo $PC
ForEach ($Item in $PC){
   Disable-ADAccount $Item
   Move-ADObject -Identity $Item -TargetPath "OU=Disabled_Computers,DC=contoso,DC=com"
   }

Migrating VM’s on XEN to VMware

2 years ago I was tasked with migrating some vm’s off XEN to VMware, these were my notes:

1.) Take SNAPSHOT!!!!

2.) Uninstall Citrix via add/remove programs (dont restart)

3.) Manually run C:\programfilesx86\citrix\xentools uninistaller.exe (dont restart)

4.) Device Manager (uninstall devices w/Citrix driver) (dont reboot) (May have to uninstall twice)

5.) Device mgr (show hidden devices) look for citrix drivers and uninstall if any are shown

6.) Restart machine – take another snapshot (just incase)

7.) open device MGR, double check for XEN drivers (shouldnt be any)

8.) Open the registry editor (regedit) and navigate to:

HKLM\SYSTEM\CurrentControlSet\Services\

Delete all Keys that begin with “XEN*” and repeat it for all “CurrentControlSet” Keys you may have for example

HKLM\SYSTEM\CurrentControlSet1\Services\
HKLM\SYSTEM\CurrentControlSet2\Services\

Now navigate to:

HKLM\SYSTEM\CurrentControlSet\Control\Class\

and delete the “UpperFilters” value found under the contents of the following two Keys:

{4D36E96A-E325-11CE-BFC1-08002BE10318}
{4D36E97D-E325-11CE-BFC1-08002BE10318}

Repeat it for all “CurrentControlSet” Keys you may have for example:

HKLM\SYSTEM\CurrentControlSet1\Control\Class{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet1\Control\Class{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet2\Control\Class{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet2\Control\Class{4D36E97D-E325-11CE-BFC1-08002BE10318}

9.) goto c:\windows\system32 & delete all xen drivers

10.) reboot & make sure no BSOD

11.) run vmware converter

Ansible Automation: Gather list of all services on windows servers and clients

I had another audit request to gather all services on windows servers in an environment of about 70+ servers. I knew doing this through Ansible would be allot faster than going to each server individually. In the end it took less than 5 minutes to gather the services on 70+ servers.

When running the script I usually tee the output to text:

IE: ansible-playbook Audit_win_list_all_services.yml | tee /tmp/audit/Windows_services.txt

Here is my playbook:

Audit_win_list_all_services.yml

Ansible Automation: Gather list of all software installed on windows servers and clients

I had a request to gather all software installed on windows servers in an environment of about 70+ servers. I knew doing this through Ansible would be allot faster than going to each server individually. In the end it took less than 5 minutes to gather the installed software on 70+ servers.

I had seen a few playbooks online from other Ansible Admins doing this via Win32_Product, but I have seen warnings about using Win_32Product causing problems.

So after reading this article, I created the following playbook (I initially used a normal debug statement, but the output had allot of unnecessary info, so I split the output by newline and printed that list):

Below is my playbook:

win_list_all_programs.yml

STOP 0x0000007B Resolved on P2V’d Windows SBS 2011

***The following was on a Hyper-V vm, but this also applies to VMware.***

****This should work on most versions of Windows (doesn’t have to be SBS)****

The other week we picked up a new client with an emergency issue. They had an SBS 2011 Server on failing hardware. The hardware was so bad that we didn’t think it would last until the replacement server would arrive. We had an older Server that had enough power to handle their server virtualized until their new hardware arrived. So I started the virtualization process. This is where the fun began. (There were several issues minor issues, but I’ll stick to the major problem here.)

After creating the vm without any disk drives, I attached the newly created drives and powered up the vm and was greeted by the BSOD: STOP 0x0000007B.

Luckily there is an easy fix for this and  you don’t need restart the p2v.

  • Boot the vm off any Windows CD/DVD (Windows 7 & up. Doesn’t have to be the same OS as vm. You could also mount the drive on the host or another vm. If you mount the drive, just run regedit)
  • After booting off OS cd, when you encounter the language selection, hit Shift-F10 for a command prompt
  • At the command prompt, run regedit
  •  In regedit, highlight Hkey_Local_Machine
  • With Hkey_Local_Machine highlighted, goto File, and Load Hive
  • In Load Hive, select the drive letter where Windows OS was installed (C: in this case), then go to: Windows\System32\config\system
  • Name the Hive whatever you want (IE: recovery)
  • Expand HKEY_LOCAL_MACHINE\recovery\ControlSet1\Services\intelide
  • Change the data for value “Start” from “3” to “0”
  • Now goto File and “Unload Hive” (If you run into issues make sure Hkey_Local_Machine is highlighted)
  • Exit regedit and reboot the machine and you’re good to go

If you still have issues after reboot, check the following keys and set them to:

Aliide = 3
Amdide =3
Atapi = 0
Cmdide = 3
iaStorV = 3
intelide = 0
msahci = 3
pciide = 3
viaide = 3

Resolving issues after migrating Windows 7 to new hardware (BSOD Stop 7B 0x0000007B)

Awhile ago, I had a client that had purchased several of the same laptops for training purposes.  Since all of the laptops were the same make and model, I setup 1 of the 10 as a master image that I had locked down so the trainees had limited access to the pc. Any changes made are automatically wiped after logout/reboot. For faster deployment of the laptops, I had created an image of the first laptop via Clonezilla (I am a big fan of Open Source).

A few years had gone by and there was an issue with one of the laptops. We checked the warranty status and found it was out of warranty. Rather than pay for repairs, it was cheaper to find a replacement on Amazon. Unfortunately, the one on Amazon had a different processor (not that big of a deal).

The new laptop arrived and I pushed out the image to the replacement laptop and when it booted we were greeted with the BSOD Stop 7B 0x0000007B. Rather than reload and reconfigure Windows from scratch I used a tool I had used in the past to help with this exact issue: fix_7hdc.vbs. To resolve this:

  1. Download fix_7hdc.vbs and copy the .vbs to a USB drive
  2. restart the pc.
  3. When the pc is restarting keep tapping the F8 key.
  4. When the Advanced Startup Options Menu appears, Select “Repair My Computer”
  5. In that window, select “Command Prompt”
  1. Insert your USB drive
  2. To find the drive letter of your USB drive via DOS prompt type: wmic logicaldisk get name,description
  3. Once you have the drive letter, goto that drive: e:
  4. Run the script via: cscript fix_7hdc.vbs /enable /search
  5. When the script is done, you are safe to reboot.
  6. Windows made it quite a bit further after reboot, but it still had issues so I rebooted into safe mode and logged in as the administrator and let Windows Find and install the drivers it was able to on its own. When completed I rebooted to Windows and downloaded the rest of the needed drivers and installed the latest Windows updates.

Unable to activate BitLocker after imaging Surface Pro or Surface Book

I ran into the following error after pushing an image to a Microsoft Surface Book and configuring the imaged device for a new user. I tried to Turn on BitLocker and immediately saw:

This device cannot use a Trusted Platform Module.  Your administrator must set the “Allow Bitlocker without a compatible TPM” option in the  “Required additional authentication at startup” policy for OS volumes

During the imaging process I had turned off TPM via BIOS, so I rebooted into BIOS ad made sure TPM was enabled. Next I saved and exited BIOS and restarted. WIth TPM enabled in BIOS I did the following:

  1. Entered Device manager: (Type device  Manager in Start Menu)
  2.  In Device Manager, look for “Security Devices” (If you don’t see “Security Devices”, click on “View” and “Show hidden devices”.
  3. Under Security Devices you should See “Trusted Platform Module 2.0” or similar
  4. Right Click on that and select Properties
  5. Mine showed the device was not detected
  6. I then clicked on cancel (In the TPM Properties screen)
  7. I then Right Clicked on TPM module and selected “Uninstall device”
  8. This required a reboot which I did.
  9. After reboot I checked the device manager and TPM was shown as working properly. I was then able to turn on and configure BitLocker

Shadow an RDP session

I was working on migrating VM’s via Hyper V cluster failover remotely, and a college asked if there was a way to Shadow. We tried both connecting to 1 host via logmein with no luck. I searched and found a way to shadow via RDP.

1.) I was log’d host via logmein (could easily be RDP)
2.) I then created another domain admin user called test since I was on as administrator. They logged into another host on the same network via logmein as the test user
3.) Then they RDP’d as the user test to the server I was logged into as administrator
4.) I opened remote desktop services manager and looked to see the session number administrator was logged in as (it was session 3)
5.) They opened command prompt (right clicked run as administrator). In the command prompt they typed: shadow 3
6.) I was prompted “Do you want to relinquish control” which I did.
7.) They could then see my desktop and do whatever in it, but I couldn’t see
8.) I X’d out and reconnected and we were golden.
9.) + stops the shadow

For more info, see: http://support.microsoft.com/kb/278845

#Windows #RDP

Force static IP clients to move to DHCP

The following will set the client to use DHCP:

netsh interface ip set address “Local Area Connection” dhcp

Unfortunately, you will need to do the same with DNS as well (otherwise it remains statically assigned)

netsh interface ip delete dns “Local Area Connection” all

Place that in GPO as a startup script after testing.