Unable to use Power Shell AD cmdlets on Remote Server

Posted on February 11, 2015 by Thomas.Marcussen

I came across this error when building a web service executing powershell cmdlets

When executing the commands directly on the server worked without problems

but when using New-PSSession to invoke the scripts I ended up with the following error:

WARNING: Error initializing default drive: ‘Unable to contact the server. This
may be because this server does not exist, it is currently down, or it does not
have the Active Directory Web Services running.’.
Unable to contact the server. This may be because this server does not exist,
it is currently down, or it does not have the Active Directory Web Services
running.
+ CategoryInfo : ResourceUnavailable: (:) [Get-ADObject], ADServe
rDownException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirector
y.Management.Commands.GetADObject
+ PSComputerName : localhost

Note that PSComputerName was not defined in my script – default is localhost.

To resolve the problem i did the following:

Added “-Computername <Server1>” to my script file (Server1 is a domain controller, that had Active Directory Web Services running (default on Domain controllers running Windows Server 2012 R2) (Check Link for running on Windows Server 2003 and Windows Server 2008)
Executed “Winrm QuickConfig” on Server1

I was searching for groups with a specific like description with the following command: get-adobject -Filter {description -like “ps1*”}

and the result with the problem solved:

PSComputerName : Server1
RunspaceId : b83f4390-36b7-4cfa-8539-279b12fce09f
DistinguishedName : CN=Application Group
1,OU=Applications,DC=ThomasMarcussen,DC=com
Name : Application Group 1
ObjectClass : group
ObjectGUID : 4c57f3b5-726b-4de7-882b-2c80b3f0fdb8

PSComputerName : Server1
RunspaceId : b83f4390-36b7-4cfa-8539-279b12fce09f
DistinguishedName : CN=Application Group
2,OU=Applications,DC=ThomasMarcussen,DC=com
Name : Application Group 2
ObjectClass : group
ObjectGUID : 70289cdd-0277-457e-bc2d-162703342f74

Access Director 2.4.0.2 released!

Posted on January 2, 2015 by Thomas.Marcussen

It’s been some time since our last update, but here we go again

Access Director has been updated and released

This is a major upgrade, all previous versions should be uninstalled prior to installing the new versions

Short list of changes

Its now possbile to use localized balloon notification (or your own)
Language default is en-us
- valid values are auto, or specific lananuge files e.g. de-de.lng (must reside in existing languages folder)
Localized menu options (remember du save lng files as unicode)
Registry modifications now resides in HKLMSoftwareNoLightPeopleAccess Director
as per request the MSI, and application itself is now signed
Removed the need for any registry keys needed for the service to start (will run with default values if no other is present
Updated Policy Prefences template included in zip file

Direct Download Link: http://tinyurl.com/mtc4pzo

let me know of bugs and feature requests 🙂 @MarcussenThomas

Advanced Installer

Posted on December 29, 2014 by Thomas.Marcussen

For many years I’ve been working with Wise Package Studio, the best tool ever for application repackaging projects. Since Wise Package Studio is End of life – announced in December 2011. Now seemed like a good time to find a new tool, Flexera Admin Studio seemed like the obvious choice, but is rather expensive (still a great tool)

In some cases Orca (http://www.technipages.com/download-orca-msi-editor) would get the job done, but still would take a long time

I remembered coming across Advanced Installer at TechEd NA, so decide to have a look at the tool

There is a free trial from the website and also a free version: http://www.advancedinstaller.com/download.html

Advanced Installer comes in multiple versions, I choose to test the Architect version, mainly because it had the following features highlighted

Repacker
App-V
SCCM
MSI Quick-Edit

My test of the product was a great success !

Today I will recommend this product to my customers looking to repackage or edit MSI’s, it has a nice and intuitive interface, much like Wise Package Studio had 😉

Have a look at some of the videos from Advanced Installer on YouTube: https://www.youtube.com/channel/UCIPx2SPC1K7_DoPdVeFHoNg

Change the size of a virtual machine by using a Azure PowerShell script

Posted on October 7, 2014 by Thomas.Marcussen

Finally i got around to moving my demo environment to Azure

I don’t need my environment to perform 100% while not using it, so came a cross this nice way to scale my environment on-demand.

This is possbile with a simple powershell script:

Function HowTo-SetAzureVMSize{
[CmdletBinding()]
param(
[parameter(Mandatory=$true)]
[string]$ServiceName,
[parameter(Mandatory=$false)]
[ValidateNotNullOrEmpty()]
[string]$Name=$ServiceName,
[parameter(Mandatory=$true)]
[string]$VMSize
)
PROCESS{
Get-AzureVM –ServiceName $ServiceName –Name $Name |
Set-AzureVMSize $VMSize |
Update-AzureVM
}
}
HowTo-SetAzureVMSize -ServiceName {your-cloud-service-name} -Name {your-vm} –VMSize “{your-desired-vm-size}”

Example:

Function HowTo-SetAzureVMSize{
[CmdletBinding()]
param(
[parameter(Mandatory=$true)]
[string]$ServiceName,
[parameter(Mandatory=$false)]
[ValidateNotNullOrEmpty()]
[string]$Name=$ServiceName,
[parameter(Mandatory=$true)]
[string]$VMSize
)
PROCESS{
Get-AzureVM –ServiceName $ServiceName –Name $Name |
Set-AzureVMSize $VMSize |
Update-AzureVM
}
}
HowTo-SetAzureVMSize -ServiceName ThomasMarcussen -Name TMSRV001 –VMSize “Standard_D2”

Currently not all hardware configurations are available in all locations – I tested in Western Europe.

Virtual Machine Sizes:

A0 (Shared core, 768 MB Memory)
A1 (1 core, 1.75 GB Memory)
A2 (2 cores, 3.5 GB Memory)
A3 (4 cores, 7 GB Memory)
A4 (8 cores, 14 GB Memory)
A5 (2 cores, 14 GB Memory
A6 (4 cores, 28 GB Memory)
A7 (8 cores, 56 GB Memory)

D1 (1 core, 1.75 GB Memory)
D2 (2 cores, 7 GB Memory)
D3 (4 cores, 14 GB Memory)
D4 (8 cores, 28 GB Memory)
D11 (2 cores, 14 GB Memory)
D12 (4 cores, 28 GB Memory)
D13 (8 cores, 56 GB Memory)
D13 (16 cores, 112 GB Memory)

Allowed values are:

ExtraSmall
Small
Medium
Large
ExtraLarge
A5
A6
A7
A8
A9

Basic_A0
Basic_A1
Basic_A2
Basic_A3
Basic_A4

Standard_D1
Standard_D2
Standard_D3
Standard_D4
Standard_D11
Standard_D12
Standard_D13
Standard_D14

Admin Rights: The Root Of Many Vulnerabilities

Posted on September 3, 2014 by Thomas.Marcussen

A recent survey conducted by BeyondTrust (www.beyondtrust.com), a developer and marketer of least privilege management software, reveals that 92% of critical vulnerabilities reported by Microsoft could have been prevented simply by removing administrator rights from Windows users. Also, the survey points out, removing administrator rights helps companies protect themselves and their computers against 94% of Microsoft Office, 89% of Microsoft Internet Explorer, and 53% of Windows vulnerabilities. Given the prevalence of Microsoft software in today’s corporate environment, these numbers should give any administrator pause.

Get a head start removing Admin Rights – by using Access Director from Basic Bytes

TrayCuts for Windows

Posted on July 1, 2014 by Thomas.Marcussen

TrayCuts for Windows is now available for download

The tool was developed for a customer, who needed company specific-shortcuts in the tray icon area

TrayCuts will allow you to add shortcuts in th tray icon area, just by placing folders and links in a specific folder

The location for shortcuts can be configured from registry

Download it from http://www.thomasmarcussen.dk

Application repackaging – Active Setup & Windows Installer Repair

Posted on June 29, 2014 by Thomas.Marcussen

If you repackage or deploy applications you need to know about Active Setup and Windows Installer Repair

The best methods are documented first, but also other alternative ways.

Method I

Active Setup Method:

This is one of the best practices in MSI Packaging which uses the native Active Setup behavior of Windows and Windows Installer HKCU keys repair techniques.

One should follow these specific steps while using this method:

Make sure all HKCU keys in the MSI Package that we are creating are under structured component names like CurrentUser, CurrentUser1, etc.
The Package author should be able to judge and set the key path for that Component properly.
As per Microsoft Component guidelines, make sure the components containing HKCU keys are as few in count as possible, for example only one component (CurrentUser) with all HKCU keys with best key path set is the best practice.
Create the following registry keys under the main hive:

HKLMSoftwareMicrosoftActive SetupInstalled Components{GUID of the MSI}
ComponentID=PackageName_ComponentName
StubPath=[SystemFolder]msiexec.exe /fu {Product Code of the MSI} /q
Version=ProductVersion

The principle of Active Setup behavior is when a new user logs on for the first time, then the Active Setup will perform a checksum between HKLMSoftwareMicrosoftActive SetupInstalled Components{GUID of the MSI} and HKCUSoftwareMicrosoftActive SetupInstalled Components{GUID of the MSI}; and if the GUID is not present under HKCU, then it performs all actions which are under that main hive (StubPath, Version) and populates the GUID under HKCU. The main Advantage of Active Setup is it performs an action only once per User with the Checksum behavior by matching the entries under HKLM and HKCU.

Method II

Active Setup Method:

This method can be used for both MSIs and Non-MSIs

Create a silent SMS script or Wise Script (for eg:-Script.exe) which will create the needed HKCU registry entries for the application. Then place that EXE in the Application [INSTALLDIR] in your MSI Pkg or Executable binary memory.

Then create the following additional registry entries in the MSI Package or within the Script whichever is applicable:

HKLMSoftwareMicrosoftActive SetupInstalled Components{GUID or AppName}

ComponentID=PackageName_ComponentName

StubPath=”[INSTALLDIR]Script.exe”

Version=ProductVersion

The Active Setup performs the regular checksum (comparison of entries under) HKLM and HKCU and if the respective unique GUID or AppName is not present under HKCU hive, then it will perform all actions (StubPath, Version) and populates the GUID or AppName under HKCU hive too. This is only once per user — for the first time — to populate HKCU hive.

Method I and method II use the Active Setup feature, and One should understand the advantages of one over the other. Method I requires source resiliency to populate HKCU keys, where as method II does not require this as the Script.exe does everything.

Method I and method II can be used in any scenarios like if Advertised entry points are present or NOT present.

Method III

Windows Installer repair method

Typically the body of the script will be;

Check for the existence of a Flag key under
HKCUSoftwareCompany NameApplications{ProductName][productversion]
Installed=True

If the key exists then quit else initiate the Windows Installer repair to populate HKCU keys:

Msiexec /fu {Product Code of the MSI} /q

And edit and create registry key (Basically a Flag Key which can be any key which your firm adopts)
HKCUSoftwareXYZ*Applications{ProductName][productversion]
Installed=True
End
* XYZ= Name of the organization Company
And keep this script exe in HKLMSoftwareMicrosoftWindowsCurrentVersionRun.

One should keep in mind that the /p switch can also be used to repair files (populate) user-specific data (Profile data) with the following syntax:

Msiexec /fup {Product Code Of the MSI) /q

Method IV

Silent empty exe with valid shortcut:

Create a silent empty exe and its Advertised shortcut and place both of them in the Application [INSTALLDIR]. And use them as entry points to trigger healing to populate HKCU keys.

Essentials – Access Director

Posted on February 13, 2014 by Thomas.Marcussen

Allowing a known user to elevate specific applications or tasks on demand

http://www.youtube.com/watch?v=-ZrL_rbqYlI

In the video we are logged on a workstation with the TestUser
TestUser is not member of the Local Administrators group
TestUser is member of the custom created local group Access Director

When requesting local administrators access using the tray icon, it will verify that we are a know user that is a member of the local group Access Director. If we are member of the local group we will be elevated for a predefined number of minutes (2 minutes in the example)

When elevated, we can click on any application and RunAs Administrator – we will as always be prompted for our logged on credentials, but this time the application is running with local administration privileges.

When the timer hits 2 minutes, our administration privileges are expired.

This will make it possible ONLY to elevated, when needed and not having to load the full profile with administrative privileges

The tray icon does not require additional rights to run
A local system service will handle all requests
All options are configurable through gpo and/or registry

Read more about latest additions at https://basic-bytes.com

Microsoft System Center 2012 R2 Configuration Manager – Clients for Additional Operating Systems has been updated

Posted on October 24, 2013 by Thomas.Marcussen

The Clients for Additional Operating Systems allow you to manage Apple Mac, UNIX and Linux computers using System Center 2012 R2 Configuration Manager

Version:	Date Published:
1.0.0.7020	10/23/2013
File name:	File size:
ConfigMgr Clients for Linux.exe	46.7 MB
ConfigMgr Clients for AIX.exe	115.7 MB
ConfigMgr Clients for HP-UX.exe	49.0 MB
ConfigMgr Clients for Solaris.exe	57.2 MB
ConfigmgrMacClient.msi	5.4 MB

Microsoft System Center 2012 R2 Configuration Manager supports the management of Apple Mac clients. The client for Mac computers allows you to discover Mac OS X devices, collect inventory, manage settings, and deploy applications and patches using your Configuration Manager environment.
Microsoft System Center 2012 R2 Configuration Manager supports the management of UNIX and Linux servers. The clients for UNIX and Linux extends the scope of your Configuration Manager environment to collect inventory, deploy software, and run reports about UNIX and Linux servers in your enterprise. The client operates as a workgroup client that is managed by Configuration Manager.
Mac Client: The following Mac versions are supported in this release:

Mac OS X 10.6 (Snow Leopard)
Mac OS X 10.7 (Lion)
Mac OS X 10.8 (Mountain Lion)

The following scenarios are supported through the Mac client in Microsoft System Center 2012 R2 Configuration Manager Preview:

Discovery – Discovers Mac OS X system in Active Directory and through network discovery
Hardware Inventory – Provides hardware inventory and auditing of computers running Mac OS X, including a list of installed software similar to add/remove programs for Windows systems.
Settings Management – Ensures computers running Mac OS X comply with company policies using scripts and preference list management.
Application Deployment – Distributes required software via app model.
Software Updates Management – Distributes patches utilizing Software Distribution and Settings management features.

UNIX/Linux Client: The following UNIX and Linux versions are supported in this release.

AIX Version 7.1, 6.1, 5.3
Solaris Version 11, 10, 9
HP-UX Version 11iv2 , 11iv3
RHEL Version 6 , 5, 4
SLES Version 11, 10, 9
CentOS Version 6, 5
Debian Version 6, 5
Ubuntu Version 12.4 LTS, 10.4 LTS
Oracle Linux 6, 5

The following scenarios are supported by the UNIX and Linux clients:

Hardware Inventory – Hardware inventory can be viewed through Resource Explorer and can be used to create collections of UNIX and Linux computers.
Software Inventory – Through hardware inventory the list of natively installed software can be gathered from the UNIX and Linux computers – similar to add/remove programs for Windows systems.
Software Distribution – Deploy new software, update existing software and apply OS patches to collections of UNIX/Linux computers (using a package and program). Run arbitrary maintenance scripts on a collection of UNIX/Linux servers.
Secure and Authenticated Communications
Consolidated Reports

http://www.microsoft.com/en-us/download/details.aspx?id=39360