As we transition from Windows Automatic Updates to the more capable System Center Configuration Manager (SCCM or ConfigMgr), the timing and the appearance of alerts and update-related content is changing as well. I think it may be confusing to non-technical users, so I thought I’d document the most common elements alerts and windows
This alert pops-up in the upper right corner of the screen on Windows 8 family systems.
Windows 7-style alert above the system tray in the lower-right corner.
I’m severely disappointed that Microsoft has removed from Server 2012 the tools required for managing and configuring Remote Desktop for Administration. On previous server editions, I’ve used the Remote Desktop Services Manager to troubleshoot colleagues and delegated administrators’ access issues. We’ve also had situations where the SSL certificate used to identify the server and to encrypt traffic has expired and needed some intervention.
Some discussion on Mark Minasi’s support forum indicates that some of this functionality is returning in Server 2012 R2. In the meantime, and until all our servers get upgraded, I’ll be using a combination of the Task Manager (which shows user sessions),
Displaying user logon sessions in Server 2012 Task manager
and Process Explorer, which can show the username and start time for process.
With Mark’s permission, I’m mirroring the video of his recent web talk “The Case for PowerShell: Why You Should Learn-PowerShell So You Needn’t Leave-Industry.” Read more about it in his recent newletter.
He shared it via Skydrive, but there are some capacity constraints in place that have been blocking access. (Really, Microsoft‽‽ You’ve suspended Mark Minasi’s SkyDrive account‽)
Hopefully, folks can download it here, or watch it online:
The Case for PowerShell
Thanks, Mark, for your evangelism and expertise.
Wondering about the physical memory configuration of a system?
PS> gwmi Win32_PhysicalMemory | ft DeviceLocator,@{l='Size (GB)';e={$_.Capacity / 1GB} } -a
I’m trying to augment the Bare Metal Recovery boot image provided by EMC as part of the NetWorker Client to support recovery in our VMware vSphere environment. The BMR .ISOs include a sources\boot.wim file that I should be able to modify.
I started with these somewhat date instructions in the VMware knowledgebase. I copied the contents of the .ISO file to a temporary directory on my PE Build system (Windows 8 guest). Using the Windows ADK, I mounted the sources\boot.wim file.
C:\Temp>dism /mount-image /imagefile:c:\temp\NW-MBR-ISO\sources\boot.wim /index:1 /mountdir:c:\temp\mount
I downloaded the latest VMware Tools, then used the /A switch (administrative install) on the setup file to extract the contents to a local folder. The driver files are contained within Program Files\VMware\VMware Tools\VMware\Drivers. I copied that directory to my working location, then added the drivers to the WIM files.
dism /image:c:\temp\mount /add-driver /driver:c:\temp\drivers /recurse
DISM reported success, so I committed the changes and umounted the WIM file.
dism /unmount-image /mountdir:c:\temp\mount /commit
The files I copied off of the EMC-provided ISO were not sufficient to create a new bootable image. So I used the CopyPE command to create a new base image, which included a file source for the PE image as well as the appropriate boot sector files. Since the image source files were identical to the file in the EMC disk image (because this is how they created the image), I just copied my customized boot.wim over the default boot.wim. Then I was able to use the makewinpemedia command to create a new .ISO image.
I’ve been able to boot the image, and it loaded the VMXNET3 like a champ. We’ll see how the Bare Metal Recover process goes. Thankfully, this is a test and not a crisis.
Camera named files like this: P1050640.JPG. To rename the all files in the directory, I used the following:
PS> $i = 1; gci | % { ren $_ $( '2013 Pool Setup {0:D2}.JPG' -f $i++ ) }
Following Greg’s advice, as well as the Tomcat docs here are the steps I’ve performed to update the SSL certificates used by two Tomcat instances:
E:\Tomcat\conf> %java_home%\bin\keytool -genkey -keystore mytomcatserver.keystore -storepass ############ -alias tomcat2013 -keyalg RSA -keysize 2048 -dname "CN=mytomcatserver.uvm.edu, OU=Enterprise Technology Services, O=University of Vermont, L=Burlington, ST=VT, C=US" -validity 730
E:\Tomcat\conf> %java_home%\bin\keytool -certreq -keystore mytomcatserver.keystore -storepass ############ -keyalg RSA -alias tomcat2013 -file mytomcatserver.csr
Now, there are two options for importing the certificate, and I’m not sure if there are implications for the difference:
To import the chained cert (ordered with the host cert, interm. cert, then rootCA cert):
E:\Tomcat\conf> %java_home%\bin\keytool -import -keystore mytomcatserver.keystore -storepass ############ -alias tomcat2013 -file mytomcatserver_uvm_edu.cer -trustcacerts
Now, we need to update the tomcat server.xml so that the keyalias attribute references our new certificate’s alias. Then, when the tomcat process is cycled, it should use the new cert.
I will probably need to refer to this myself, but maybe someone else will find this useful.
Still working through some print queue management tasks, I needed to change permissions on a collection of printers. Yesterday, I broke down and did a bunch of repetitive work in the GUI, and noticed there were some inconsistencies in the permissions applied to a clients print queues. Today, I decided that I would fix them, but I didn’t want to use the GUI.
Although the Server 2012 Printer Management Set-Printer cmdlet can change the permissions through its -PermissionSDDL parameter, I haven’t found a workable (even if you call SDDL workable) way to do so on a Server 2008 system.
So I fell back to using PowerShell with Helge Klein’s SetACL command-line tool. I could also have used his COM version if I wanted to be really efficient. I use an array of arguments to the external command. See this Scripting Guy post for more info on calling external commands.
Here’s what I did:
# Retrieve a list of target printers
PS C:> $rlprinters = gwmi Win32_Printer -filter "Name like 'RL -%' OR Name like 'RL-%' "
# Construct a list of printer names in \\[hostname]\[sharename] format
PS C:> $printers = $rlprinters | % { '\\' + $_.SystemName + '\' + $_.ShareName }
# Create some variables to make the command construction simpler
PS C:> $setacl = 'C:\local\bin\SetACL.exe'
PS C:> $group = 'DOMAIN\RL-PrinterGroup'
# Iterate through the list of printers, calling SetACL for each
PS C:> foreach ( $p in $printers ) {
>> & $setacl '-on', $p , '-ot', 'prn', '-actn', 'ace','-ace',"n:$group;p:full"
}
It worked like a champ.
Note that I needed to run an elevated PowerShell session (run as Administrator) to be able to make the changes. Also, I tested this on a single printer before attempting to make bulk changes. I also have a nightly dump of my printer configuration. You get the idea.
You can include multiple actions for each invocation of SetACL, and there are a number of ways to collect output in case you need to follow-up on problems when applying changes to large collections of printers. Hopefully, this is enough to get you started,
I find the printer management scripts included with Server 2008 bothersome. However, until we get to Server 2012, with its shiny new printer management cmdlets, I’ll keep trying to make do with what we have.
I was pleased to find an old post on the Printing Team’s blog about using the .Net System.Printing namespace with PowerShell to automate things. Some brief experimenting looks promising.
For the moment, in order to switch the printer driver version on about fifteen printers (all the same model), I used PowerShell and WMI, like this:
PS C:\> $printers = Get-WmiObject Win32_Printer -filter "Name like 'RL -%'"
PS C:\> $printers | sort Name | ft Name, DriverName -a
PS C:\> $printers | Where DriverName -eq 'HP Universal Printing PCL 6 (v5.3)' | % {
>> $_.DriverName = 'HP Universal Printing PCL 6 (v5.6.1)'
>> $_.Put()
>> }
This took quite a while to execute, but did work. What I need to do now is modify the permissions on each printQueue. I doubt I can leverage Get-ACL and Set-ACL for this.
We have a number of 32-bit Windows 2008 print servers that we want to migrate to Windows Server 2012, for the printer management PowerShell cmdlets, among other things. I found a helpful blog post about using the PRINTBRM utility to migrate print queues, which mentions that you need to have both 32-bit and 64-bit drivers versions of all the drivers in order to migrate from a 32-bit to a 64-bit OS instance.
I wrote a little script to quickly show me which print drivers need a 64-bit version installed. It can take a moment to run if you have many printers configured.
UPDATE: I made a couple changes, most notably that the count of printers using a driver is now optional (since it can take a while on a system with lots of printers).
<#
.SYNOPSIS
Lists printer drivers, whether 32- and 64-bit versions are installed,
and how many printers are using each driver.
.PARAMETER Printers
Includes a counter of the printers using each printer driver. On a system
with many installed printers, this can take a a little time, so this
functionality is optional.
.EXAMPLE
PS C:\local\scripts> .\Get-PrinterDriverArchitecture.ps1 | format-table -auto
Name x86 x64
---- --- ---
Brother HL-5250DN True False
Epson LQ-570+ ESC/P 2 True False
HP Business Inkjet 2230/2280 True False
HP Business Inkjet 2250 (PCL5C) True True
HP Business Inkjet 2800 PCL 5 True False
This command lists the installed printer drivers, and whether 32-bit (x86)
or 64-bit (x64) drivers are available.
.EXAMPLE
PS C:\local\scripts> .\Get-PrinterDriverArchitecture.ps1 | where x64 -eq $false | ft -a
Name x86 x64
---- --- ---
Brother HL-5250DN True False
Epson LQ-570+ ESC/P 2 True False
HP Business Inkjet 2230/2280 True False
HP Business Inkjet 2800 PCL 5 True False
This command uses the Where[-Object] cmdlet to filter out those drivers that
have a 64-bit driver installed.
.EXAMPLE
PS C:\local\scripts> .\Get-PrinterDriverArchitecture.ps1 -Printers | ft -a
Enumerating printers:
WID - Kyocera TASKalfa 3050ci KX
WC - Kyocera TASKalfa 300ci KX
UFS - Canon iR-ADV C5035
...
Name x86 x64 Printers
---- --- --- --------
Brother HL-5250DN True False 5
Epson LQ-570+ ESC/P 2 True False 0
HP Business Inkjet 2230/2280 True False 1
HP Business Inkjet 2250 (PCL5C) True True 0
HP Business Inkjet 2800 PCL 5 True False 1
This command includes the -Printers switch parameter to add a count of
the printers using each driver. Enumerating the printers can take a while
if there are lots of them installed, so this behavior is optional.
.NOTES
- Author : Geoffrey.Duke@uvm.edu
- Mod. Date : May 28, 2013
#>
param( [switch] $printers )
$wmi_drivers = get-wmiobject Win32_PrinterDriver -Property Name
$drivers = @{}
foreach ($driver in $wmi_drivers) {
# Isolate the driver name and platform
$name,$null,$platform = $driver.Name -split ','
if ( -not $drivers[$name] ) {
switch ( $platform ) {
'Windows NT x86' { $drivers[$name] = [ordered]@{
'Name'=$name; 'x86'=$true; 'x64'=$false }; break }
'Windows x64' { $drivers[$name] = [ordered]@{
'Name'=$name; 'x86'=$false; 'x64'=$true }; break }
default { write-warning "Unexpect platform $platform on driver $name"}
}
}
else {
switch ( $platform ) {
'Windows x64' { $drivers[$name]['x64'] = $true; break }
'Windows NT x86' { $drivers[$name]['x86'] = $true; break }
default { write-warning "Unexpect platform $platform on driver $name"}
}
}
}
if ( $printers ) {
# Initialize all printer counts
$drivers.keys | foreach { $drivers[$_]['Printers'] = 0 }
# Add a count of the number of printers using each driver
# With some progress info
write-host 'Enumerating printers:'
$count = 0
get-wmiobject Win32_Printer -Property Name,DriverName | foreach {
write-host " $($_.Name)" -foreground darkgray
$drivers[$_.DriverName]['Printers']++
$count++
}
write-host "Retrieved $count printers"
}
# Output collection of objects
$drivers.keys | sort | foreach { New-Object PSObject -Property $drivers[$_] }
I hope this is useful to others.