Okay – just ran across something VERY annoying with Win10

I could not get into my laptop’s BIOS or boot menu.

Not even from a power off.

Thanks Microsoft. Yes, they did it. And here’s how to undo it.

1] On the Start Menu go to Settings.
2] Go to System
3] Go to Power & sleep
4] On the right side, at the bottom, click Additional Power Settings.
5] Click Choose what the power buttons do on the left pane
6] Click Change settings that are currently unavailable, then scroll to the bottom and UNCHECK Turn on fast startup

Save your changes and you’ll be able to get to your BIOS and boot menu a=on the next reboot.

Comments Off on Okay – just ran across something VERY annoying with Win10 Posted in Uncategorized Tagged

Boy have I been away or what?

I’ve been seriously bad about keeping this up to date and I’m going to try to get it going again.

To start with I’m going to try to put forward some of the scripts I’ve written for work, sanitized of course to remove data. I’m also going to try to publish some about the things I’m doing outside of work. One of those is working on some new ‘saddle bags’ for my motorcycle.

Comments Off on Boy have I been away or what? Posted in Uncategorized

Interlude III : Setting Primary Group ID

Ran into an interesting situation at work today. An account had had the primary group changed from the Domain Users group to another group and then the Domain Users membership was removed. Needless to say, this caused some issues with an application that was granting rights based on membership to the Domain Users group. That got me thinking about how to set the primary group on an account without having to root around inside the ADUC utility.

Setting this is pretty simple from a PowerShell perspective. Fisrt we need to find the SID of our desired primary group. To do this we use the following:

$groupsid = (Get-ADGroup "group name").sid

This gets us the SID information in a variable where we can work with it. Notice I said “where we can work with it” versus just “in a variable”. If you look at the variable contents you’ll find we have more than just the SID.

[PS]>$groupsid | fl
BinaryLength : 28
AccountDomainSid : S-1-5-21-<SID stuff here>
Value         : S-1-5-21-<SID stuff here>-513

We actually have three values : the binary length, the domain SID the group is in, and the full SID of the group. We need to be concerned with only the Value, and specifically only with the last bit, 513. To get that portion we’re going to use two string functions – LastIndexOf and Substring. The LastIndexOf is going to give us the position of the last occurrence of the character “-” which comes just before the group ID (513). By adding one to that and using the Substring function we’ll be able to get everything to the right of that. We’ll place this into a variable that is defined as an integer value since the property on the user object has to be an integer value.

[int]$primarygroupid = $groupsid.Value.Substring($groupsid.Value.LastIndexOf("-")+1)

Finally we can update the user object with the primary group ID value

Set-ADUser "user" -Replace @{primaryGroupID=$primarygroupid}
Comments Off on Interlude III : Setting Primary Group ID Posted in Uncategorized

Spam sucks

Today I found an email from Diane Schultz ( diane@franchise-path.com ) which was quite obviously a form email trying to get me to buy into a franchising scheme. The really odd post was it was on an email address I exclusively use for job searches. And it was done using a spamming outfit called Stream Send ( http://www.streamsend.com ).  Stream Send lists among its partners and affiliates the DMA, which means that they probably follow the same harvest-spam-make-them-opt-out misbehavior of other DMA partners.

To both of them – thank you for wasting my time with junk there was no reason to think I would be interested in.

Unlocking an account on every DC without forcing replication

Today I’m going to go over a script which will address an issue admins in a large network face : unlocking an account on DCs that spread across multiple WAN links WITHOUT FORCING A REPLICATION.

This script is fairly straight forward but does require the person running it have domain admin privileges and access to the AD PowerShell extensions.

The core of what is needed is a simple command : Unlock-ADAccount. We can start by laying out that command:

Unlock-ADAccount <user>

Since we are interested in doing this on all DCs we’ll include the option -Server. Obviously we can do it the hard way:

Unlock-ADAccount <user> -Server DC1
Unlock-ADAccount <user> -Server DC2
….

But that is hard work if you have a lot of DCs, say 50 or more, or if the DCs are changing. So let’s add something to the script to make it smarter:

$DCList = Get-ADComputer -Filter * -SearchBase ‘ou=Domain Controllers,dc=contoso,dc=com’
Foreach ($targetDC in $DCList.Name)
{
Unlock-ADAccount <user> -Server $targetDC
}

We’ve added a little brains here. The Get-ADComputer cmdlet is used to get the names of all the computers [-Filter *] in our Domain Controllers OU [-SearchBase ‘ou=Domain Controllers,dc=contoso,dc=com’]. We’re dumping the results of this command into the variable $DCList. The end result is that we wind up with an array where each item in the array has multiple properties. We’re interested in one, Name. The Foreach command essentially allows us to loop through all of the array values one at a time. We use another single-value variable, $targetDC, to hold the current DC name. In five lines we are able to do what might take a hundred or more.

So far so good. But what happens if a DC is offline or unreachable? The script blows up. We’ll add an option to our Unlock-ADAccount cmdlet to keep everything going along rather than just halting

$DCList = Get-ADComputer -Filter * -SearchBase ‘ou=Domain Controllers,dc=contoso,dc=com’
Foreach ($targetDC in $DCList.Name)
{
Unlock-ADAccount <user> -Server $targetDC -ErrorAction SilentlyContinue
}

Now the script will just roll on if it hits a downed DC. But it would be nice to know about that, right? So let’s add TRY-CATCH

$DCList = Get-ADComputer -Filter * -SearchBase ‘ou=Domain Controllers,dc=contoso,dc=com’
Foreach ($targetDC in $DCList.Name)
{
Try
{
Unlock-ADAccount <user> -Server $targetDC -ErrorAction SilentlyContinue
}
Catch
{
$errormsg = $targetDC + ” is down/not responding.”
Write-Host $errormsg -ForegroundColor white -BackgroundColor red
}
}

There. Now we get a message indicating a particular DC was down. The ForegroundColor option allows us to specify white as the text color, while the BackgroundColor option allows us to specify red as the text background, making it stand out in our shell window.

But if we’re doing that why not give ourselves a clue as to where we’re at by doing something similar in the Try section:

$DCList = Get-ADComputer -Filter * -SearchBase ‘ou=Domain Controllers,dc=contoso,dc=com’
Foreach ($targetDC in $DCList.Name)
{
Try
{
Unlock-ADAccount <user> -Server $targetDC -ErrorAction SilentlyContinue
Write-Host (“Completed on ” + $targetDC) -BackgroundColor DarkGreen
}
Catch
{
$errormsg = $targetDC + ” is down/not responding.”
Write-Host $errormsg -ForegroundColor white -BackgroundColor red
}
}

Great, but it’s kind of useless to have to adjust the script for each user. Let’s add an argument to our script and, before trying the script, check to make sure it isn’t empty.

$targetacct = $args[0]
if ($targetacct -ne $null)
{
$DClist = get-adcomputer -filter * -SearchBase ‘ou=domain controllers,dc=contoso,dc=com’ | Sort-Object name
Try
{
Get-ADUser $targetacct
Foreach ($targetDC in $DClist.Name)
{
“Processing ” + $targetacct + ” on DC ” + $targetDC | Out-Default
Try
{
Unlock-ADAccount $targetacct -Server $targetDC -ErrorAction SilentlyContinue | Out-Null
Write-Host (“Completed on ” + $targetDC) -BackgroundColor DarkGreen
}
Catch
{
$errormsg = $targetDC + ” is down/not responding.”
Write-Host $errormsg -ForegroundColor white -BackgroundColor Red
}
}
}
Catch
{
$errormsg = $targetacct + ” is an INVALID account. Check to see if it exists and that this is the SAM name.”
Write-Host $errormsg -ForegroundColor white -BackgroundColor Red
}
}
else
{
write-host “INVALID Parameters!”
Write-Host “USAGE: unlock.ps1 <USERNAME>”
}

Not only have we added the input from arguments (the first line), but in the second line we set up an IF-ELSE structure to ensure we have an actual value. [And yell at us when we don’t!] We also added an additional line [“Processing….”] so that we have an even better idea of what is being tried, not just whether it succeeded or not. There’s even a check [Try … Get-ADUser….] to see if the account actually exists and exit if it doesn’t.

Granted this is a linear script and can several minutes to run based on WAN links and DC load, but that is a lot better that forcing a replication across multiple small pipes.

Comments Off on Unlocking an account on every DC without forcing replication Posted in Uncategorized

The first of two interesting problems….

Recently I had a service call from a user who was having a not so abnormal problem – messages that should have wound up in the Inbox of Outlook were instead winding up in the Junk E-mail folder.

Thinking this will be a simple matter I went over and added the from address to the Safe Senders list and tested. And had my test go into Junk E-mail.

Weird – “maybe there’s a blocking entry or a rule interfering” I thought. No and no.

I started digging and Googling at this point. Finally I found a possibility. I logged into the Outlook web interface and went to Options|See all options. I then went to the Manage myself drop-down and chose Another user, selecting the user with the issue.

Going down to the Block or Allow link on that user’s options I found the junk email filtering was turned on and where the “junk” sender was listed in the block list. Simply turning off the Outlook web junk email filter fixed the problem, but to make sure it didn’t come back I removed the “junk” sender from the Outlook web block senders list too.

 

Copyright info

Comments Off on The first of two interesting problems…. Posted in Uncategorized

Washing machine trouble

This is a little off-topic for me but given how hard it was to piece this together I figured I would compile it all into one place for the next person to find.

 

NOTE – I am NOT an appliance repair technician. This information is presented as-is-follow-at-your-own-risk. I am NOT responsible for any loss you incur. You have been warned.

 

My Whirlpool washing machine recently began having a problem. Occasionally it would reach the end of the spin cycle and then start to fill with water again. This was mildly annoying, but could be fixed for a while by unplugging the washer for a couple of minutes then plugging it back in. It then began to have an additional symptom – it would agitate before filling. In figuring out what was wrong I ran into the following information.

I will walk through each of four troubleshooting/repair steps. These are in order of skill, and amazingly price as well.

Step 1 – check the water lines. It is possible, particularly with hard water, to have the hoses from the wall connectors to the connectors on the washer clog with deposits. Cut off the water, disconnect power, and disconnect the hoses. Check them for flow by either blowing air or (better) hooking them up to a garden hose and blowing water through. Reconnect the hoses and then power and turn on the water. If your washer runs fine at this point great. Otherwise go to step 2.

Step 2 – check the ATC hose. You will need some mechanical ability for this, along with one or more tools. In my case I needed a small socket wrench.

1] Unplug the washer from power.

2] Remove the control panel from the washer top. This varies from washer model to washer model. In my case there were two screws at the top on the back and two metal retaining clips accessible by reaching between the drum and the top. I was able to find instructional videos on Youtube made by repair techs that show how to do this properly. FIND AND WATCH THEM! If your washer is like mine you could accidentally break the door closed sensor if you don’t know what to look for.

3] Once you have the control panel loose look for a plastic hose. On my washer this hose was connected to the fabric softener yes/no switch. GENTLY pull this hose free of the control. If the washer has water in it good, if not fill it several inches full. Blow into this hose.

You should hear bubbles. If not, fill the tub a bit further and try again. If you still don’t hear bubbles, or if it feels like you are blowing against a solid object then this hose is clogged. You will need to find out how to get to the other end of it for your model. If you hear bubbles go on to the next step.

Step 3 – Replace the ATC control. This is where you start spending money unfortunately. If this is a Whirlpool or Kenmore brand machine check the control that the plastic ATC hose goes into. I found that my control, OEM part number W10177795, had been replaced with a new version, part W10292584. If you have the W10177795 part order this new W10292584 part. I was able to find this part from several online dealers for 45-60 dollars and got mine via Amazon for just under $49.

1] Unplug the washer.

2] If you put the control panel back on in the previous step take it off again.

3] Unplug the hose from the ATC control

4] Unplug any wiring harnesses. BE CAREFULL – before just pulling on the harness check to see if it is a locking harness. Mine had a blue harness with two wires and not lock and a 7-wire white harness that had a squeeze lock.

5] Remove the knob from the front. This knob most likely will just be a keyed push-on knob that will pull straight off (mine was).

6] Locate the retaining tab on the control and gently lift it up. Mine was located opposite of the wiring harnesses. The control will need to be rotated slightly and then should pull out the back.

7] Put the new control by reversing the steps. FOLLOW MURPHY’S LAW OF REPAIR – do NOT put the control panel back onto the washer completely. Murphy will come along and make you remove it again.

Plug the washer back in and try it. If it functions properly fantastic. If not proceed to step 4.

Step 4 – Replace the timer control. This is a far more expensive part in comparison to the ATC control but cheaper than a repair tech or a new washer. I was able to find his part on the internet from 130-160 dollars.

1] Unplug power from the washer.

2] If you put the control panel back on in step 3 pull it off again (Remember Murphy’s law of repair).

3] Locate the timer control. Again there are instructional videos on Youtube for specific machines – I am only going over the basic Whirlpool/Kenmore instructions.

4] READ THIS STEP FULLY. Remove the top knob. The knob is a locking knob. There is a push pin on the underside of the timer control which you must pull down in order to free the top knob.

5] READ THIS STEP FULLY. Remove the lower knob/cover. This is most likely keyed so be sure to pay attention to how it comes off so you can match it on the new control. I found using a PLASTIC paint remover was best for this as it prevented the control panel from being scratched and provided sufficient lift.

6] Remove the attached wiring harnesses. Again CHECK FOR LOCKING HARNESSES before just yanking on the wire. On most of these there will be two wiring harnesses, one small and one big.

7] Lift the retaining tab and slide the control. On mine the tab was located on the same side as the large wiring harness and the control slid to that direction.

8] Lift the control out and replace it.

9] Reconnect the wiring harnesses.

10] Put the lower and upper knobs back on and plug the power cord back in

At this point test. If you’ve done it right you should have a fully working washer and can reassemble the control panel back onto the washer top.

If the washer still does not work correctly, call a repair technician in – you have much more serious trouble that is beyond this guide.

Hope this helps any one who has stumbled across it! Good luck!

Comments Off on Washing machine trouble Posted in Uncategorized

Outlook Web logon troubles…

Ran into this issue this morning.

One of our users had let his network password expire. Normally this is not an issue – the user is prompted for a new password as soon as he logs into the network. This user however is different from normal – He is an external user who only uses Outlook Web. He couldn’t change his password due to the Outlook Web Access page erroring on the change password functionality.

I went into the EMC on the Exchange 2010 server hosting OA and looked at the configuration.

We are using formas based authentication and therefore I needed to look at the segmentation settings. Openning EMC I went to Client Access under Server Configuration, and in the configuration pane I selected the OA server and then the OWA instance in the Outlook Web App tab in the bottom half. I then clicked the properties button and went the to Segmentation tab in the properties dialog. Scrolling down I found the Change Password entry and veried it was set to enabled.

As this was correct I then needed to make sure that is was really enabled.

Openning regedit I went to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchange OWA. Once there I found that the 32-bit DWORD key ChangeExpiredPasswordEnabled was missing. I added the key and set the value to 1 and exited regedit. I then openned an Admin command prompt and ran an IISRESET.

Taking a test user of mine I reset its password and set it to change on next logon. I then openned the OWA page and proceeded to login. Success – I now had a prompt to reset the password as required on the account.

Comments Off on Outlook Web logon troubles… Posted in Uncategorized