The following is the Powershell equivalent of unticking the box below for the folder “C:\temp”:
NTFS Permissions Inheritance
$acl = get-acl "C:\temp" $acl.SetAccessRuleProtection($true,$true) $acl | set-acl
Note that SetAccessRuleProtection takes two boolean arguments; the first turns inheritance on ($False) or off ($True) and the second determines whether the previously inherited permissions are retained ($True) or removed ($False).
Very simply returns True or False for a given list of hostnames or IP addresses depending on whether or not it can connect to TCP/3389 – a successful connection does not mean that you will be able to login, of course. If you’re running RDP on a non-standard port, you’ll need to adjust the script appropriately.
param( [parameter(Mandatory=$true,ValueFromPipeline=$true)][string[]]$computername ) $results = @() foreach($name in $computername){ $result = "" | select Name,RDP $result.name = $name try{ $socket = New-Object Net.Sockets.TcpClient($name, 3389) if($socket -eq $null){ $result.RDP = $false }else{ $result.RDP = $true $socket.close() } } catch{ $result.RDP = $false } $results += $result } return $results
These two are useful if you’re writing scripts which require certain modules (such as ActiveDirectory) or snapins (such as SQL, Exchange or VMware) to be present on the local system and you want to check for them before executing the bulk of the script.
Check if a given Module (In this instance “ActiveDirectory”) is present on a system:
if($(Get-Module -ListAvailable) -match "ActiveDirectory"){"Module Present"}else{"Module Not Present"}
Check if a given Snapin (In this instance “VMware.VimAutomation.Core”) is present on a system:
if($(Get-PSSnapin -Registered) -match "VMware.VimAutomation.Core"){"Snapin Present"}else{"Snapin Not Present"}
Some of the most common snapins are:
If you need to change the drivers for a large number of printers, such as on a print server, then you can use the following Powershell to do it. Set $driver to the name of the driver you wish to set and $pattern to match for the printers you wish to affect (so you don’t change the driver on printers you don’t want to).
Note: This script will run pretty quickly, but depending on the number of printers it may take upwards of 10 minutes for Windows to do all the background processing associated with the driver changes. Keep an eye out for a bunch of rundll32.exe processes which will spawn; once they close themselves down the changes should be complete.
$driver = "HP Universal Printing PCL 6 (v5.4)" $pattern = "HP" $printers = gwmi win32_printer foreach($printer in $printers){ $name = $printer.name if($name -match $pattern){ & rundll32 printui.dll PrintUIEntry /Xs /n $name DriverName $driver } }
If you have a 2008/R2 failover cluster then it’s possible you may come across the following errors at some point after an unplanned failover:
Unable to obtain the primary cluster name identity token
An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client
As a result, your clustered resources may refuse to start.
Now, assuming that you haven’t done something stupid, like deleting the cluster computer account from AD, you should be able to resolve this problem by right-clicking on the failed CNO on the Summary page of the Failover Cluster Manager, go to “More Options” and then “Repair Active Directory Object”. You should then be able to start all the cluster resources successfully. Thanks to wonhchoi.com for pointing me in the right direction.
As to what might have caused this problem in the first place? Well that’s still something of a mystery to me at the moment…
Situation
You’re using PrintBRM.exe to migrate printers between servers (or to backup and later restore them on the same server) but when it tries to restore the print queues it fails with “Failed to restore print queue <Printer name>. Error 0x800706d9″
Cause
PrintBRM tries to query the Windows Firewall when it creates the shares for the print queues. If the Windows Firewall service is disabled, this step fails and the print queue is not created.
Solution
Start the Windows Firewall service (and make sure you either have physical access to the box, iLO/DRAC access, have already configured the firewall not to protect your network interfaces by default or have put an exception in for inbound RDP traffic, otherwise starting the service will lock you out of the box) and run the PrintBRM restore again.
SSH is great; SSH port forwarding is really great, but forwarding CIFS over SSH in Windows is a huge pain in the arse, especially in Vista/Windows 7. Thankfully I came across this handy guide, which walks you through the process: http://www.nikhef.nl/~janjust/CifsOverSSH/VistaLoopback.html
To summarise (in case the page ceases to exist):
hdwwiz.exe and add a Microsoft Loopback Adaptorsc config smb start= demand to disable autostart of the SMB servicenetsh interface portproxy add v4tov4 listenaddress=10.255.255.1 listenport=445 connectaddress=10.255.255.1 connectport=44445 to create a portproxy rule that redirects traffic to port 445.net start smb when any user logs inYou should now be able to connect to SMB shares using \\10.255.255.1\<sharename> (see below for a note about name resolution).
As an addendum, I found that I had to use a local account to run the Scheduled Task (SYSTEM in this instance) because my I’m using my laptop from remote sites without access to my domain, so if I try and use a domain account it can’t authenticate against a DC when it tries to run.
If you want to access more than one machine on the remote network (and the required SSH server config is in place to allow port forwarding to those machines), then you can simply add another IP address to the Loopback interface and create a new portproxy rule for it using a different port (such as 44446), then add a new port forwarding rule for it in your SSH client.
Also, if you want name resolution to work, there’s a handy hack you might be able to make use of (which will explain the existence of my previous post about the Windows name resolution process). You can add the hostnames and pseudo-IP addresses to your lmhosts file, which should permit you to resolve those hosts while tunnelling, without breaking your resolution when connecting to them locally (Because windows will try DNS/NetBIOS broadcast before looking at the lmhosts file). If you do this, you will be asked to authenticate the first time you connect to each machine due to the name/address mismatch.
To undo the changes:
sc config smb start= auto to set the smb service to start automatically againnetsh interface portproxy delete v4tov4 listenaddress=10.255.255.1 listenport=445 to remove the portproxy rule (change as needed to remove any additional ones)You’d be surprised how many people don’t know this and how rarely that matters (OK, probably not that surprised). This is the process Windows uses to resolve names to IP addresses, it can be useful when troubleshooting name resolution issues or in the few edge cases where you need the same hostname to resolve to different addresses depending on where you are:
Note: If the host name is 16 characters or longer or an FQDN, Windows does not try to resolve the host name using NetBIOS/WINS/LmHosts.