O R G A N I C / F E R T I L I Z E R: 2012

Nov 23, 2012

LOAD "*",8,1

trip down memory lane. while sipping coffee this morning, i suddenly became curious about how many of you all are old enough to remember this:

load "*",8,1

(which is also in my blog header) ... well, if you were ever curious, it's a command from commodore dos, which instructs the computer to load the first thing on the disk. as long as the first thing was what you wanted to load up, it was a cool, quick way to do it.

hope you are having a wonderful thanksgiving holiday.

Nov 2, 2012

sccm: top console users report

let me preface this post by saying, this is in a 2007 environment. in a 2012 environment, you have user/device affinity. :-) right?

you’re thinking to yourself… self, this already exists natively in configmgr, why am i reading this blog post? let me try to answer that. in some environments, it is not uncommon for domain accounts to run as services on a workstation (e.g. blackberry, mcafee, etc). when this happens, the top console user for a system ends up being the service account.

i figured the best thing to do would be to write my own and eventually elevate it to a view of some type that i could use for reporting. i started off by taking apart the v_gs_system_console_usage_maxgroup view and creating my own query. what I ended up with is a bit frankenstein with some of the field names that do not make sense. this is somewhat because the original query used a different method of calculation… and mostly because i am freakin’ lazy.

here’s the final outcome:

        SELECT ResourceID, MAX(TotalUserConsoleMinutes0) AS GroupID_MAX
            SystemConsoleUser0 LIKE '%myfilter%'
AND TotalUserConsoleMinutes0 > 0 GROUP BY ResourceID ) AS CSL_UNIQ ON CSL_UNIQ.ResourceID = SYS_CUG.ResourceID AND CSL_UNIQ.GroupID_MAX = SYS_CUG.TotalUserConsoleMinutes0 inner join v_R_System sys on sys.ResourceID = sys_cug.ResourceID


the part highlighted above is where you would apply your filtering of any user names. this can be a positive filter to pull in any names that match some wildcard or negatively by excluding any that you do not want to see. it seems to work, but if you find different, bad, or better results, please comment, and let me know!

Oct 26, 2012

winnate: keyboard shortcuts

picked these up in a trailing end post from wired. good stuff to keep on hand:

Windows logo key + start typing: Search your PC

Ctrl+plus (+) or Ctrl+minus (-): Zoom in or out of many items, like apps pinned to the Start screen or in the Store

Ctrl+scroll wheel: Zoom in or out of many items, like apps pinned to the Start screen or in the Store

Windows logo key + C: Open the charms

Windows logo key + F: Open the Search charm

Windows logo key +H: Open the Share charm

Windows logo key +I: Open the Settings charm

Windows logo key + K: Open the Devices charm

Windows logo key + O: Lock the screen orientation (portrait or landscape)

Windows logo key + Z: Open commands for the app

Windows logo key + PgUp: Move the Start screen and apps to the monitor on the right (apps in the desktop won’t change monitors)

Windows logo key + PgDn: Move the Start screen and apps to the monitor on the left (apps in the desktop won’t change monitors)

Windows logo key + Shift+period (.): Snap an app to the left

Windows logo key + period (.): Snap an app to the right

Oct 3, 2012

winnate - problems connecting to wireless networks

chances are, if you work in an office building with managed wireless access points, you have probably run into this problem outlined here: http://support.microsoft.com/kb/2749073

in particular this problem manifests in cisco equipment filed under CSCua29504. cisco has released updates to correct this problem. i’m guessing you are in an environment where windows 8 isn’t exactly a supported platform yet so it’s highly unlikely the wireless controllers will be updated soon just to make you happy. there is a workaround – roll back to older drivers that are not windows 8 logo certified and hence have not implemented 802.11w. according to the kb article listed earlier, there is no means of turning off 802.11w support in windows 8. :-|

it took a little digging to find this problem, but i found the best info in this blog post which has all the pertinent links you could ever want.

anyway, until next problem… :)

Sep 14, 2012

problem encountered using ftp-ssl with opalis (and corrected)

for a few days, i have been intermittently pulling my hair out trying to figure out why ftp-ssl with the opalis “upload file” object wasn’t working. after trying many permutations, i finally figured it out. sigh.

it required some opening ports and other stuff… but the last thing that got me was this particular setting which i’ll get to in a second. for now, let’s examine the error in the output:

Error Summary: Connection to FTP site failed
OPR-FTP(9560) v3.6.17.8 SCRIPT LOG FILE
Thu Sep 13 08:46:52 -- Line 6:     FTPLOGON "myftpsite" /user=xxxxxxxx /pw=************** /port=xxx /servertype=FTPSDATA /trust=ALL /timeout=30
Thu Sep 13 08:46:52             => *Logging on to <myftpsite> as SSL/FTP with secure control and data channels.
Thu Sep 13 08:46:52             => *Logon in progress...
Thu Sep 13 08:47:07             => *Change directory (CWD) failed during log on -- may need to use /allowerrors option.
Thu Sep 13 08:47:08             => *Connection to FTP site failed. [1152]
Thu Sep 13 08:47:08 -- Line 7:     IFERROR goto errorexit
Thu Sep 13 08:47:08 -- Line 14:    :errorexit
Thu Sep 13 08:47:09 -- Line 15:    LOGMSG "Error executing FTP script"
Thu Sep 13 08:47:09             => Error executing FTP script
Thu Sep 13 08:47:09 -- Line 16:    EXIT
Thu Sep 13 08:47:09             => *Exit OPR-FTP.


from the way this looks, during the CWD command, something failed around the log on process. this is what threw me. had i been smart enough to turn on trace logging at this point, i would have spent much less time trying to figure this out. as it were, i went through every permutation i could think of trying to figure out the magic combination. after many cycles of dumb, i discovered tracing was an option (not in the manual) and turned it on.

tracing the error revealed the following (truncated):

ReadServerResponse::read 47 bytes: 250 CWD successful. "/" is current directory.
ReadServerResponse::read 46 bytes: 150 Opening data channel for directory list.
ReadServerResponse::read 33 bytes: 425 Can't open data connection.


so as you can see, the misleading error indicated it was in the log on process when in actuality, the log on worked fine. now i knew i could stop screwing around with security and test some of the other options and stumbled upon the one that worked.



once again, if you look at the trace logs, it shows it here (truncated again):

ReadServerResponse::read 47 bytes: 250 CWD successful. "/" is current directory.
ReadServerResponse::read 52 bytes: 227 Entering Passive Mode (216,133,255,186,254,27)
ReadServerResponse::read 25 bytes: 150 Connection accepted
ReadServerResponse::read 17 bytes: 226 Transfer OK
ReadServerResponse::read 19 bytes: 200 Type set to A
ReadServerResponse::read 17 bytes: 226 Transfer OK

Sep 13, 2012

retrieving wmi class mof information

this powershell powertip is SO cool i just had to repeat it.

using the wmiclass type accelerator, you can use a method called gettext to pull down the mof. so using their example, the following command is issued:



from that, we receive the following information:

[dynamic: ToInstance, provider("WMIPingProvider"): ToInstance]
class Win32_PingStatus
    [read: ToSubClass, key] String Address;
    [read: ToSubClass, key] uint32 TimeToLive = 80;
    [read: ToSubClass, key] uint32 Timeout = 4000;
    [read: ToSubClass, key] uint32 BufferSize = 32;
    [read: ToSubClass, key] boolean NoFragmentation = FALSE;
    [read: ToSubClass, key] uint32 TypeofService = 0;
    [read: ToSubClass, key] uint32 RecordRoute = 0;
    [read: ToSubClass, key] uint32 TimestampRoute = 0;
    [read: ToSubClass, key, ValueMap{"0", "1", "2"}: ToSubClass] uint32 SourceRouteType = 0;
    [read: ToSubClass, key] String SourceRoute = "";
    [read: ToSubClass, key] boolean ResolveAddressNames = FALSE;
    [read: ToSubClass, ValueMap{"0", "11001", "11002", "11003", "11004", "11005", "11006", "11007", "11008", "11009", "11010", "11011", "11012"
, "11013", "11014", "11015", "11016", "11017", "11018", "11032", "11050"}: ToSubClass] uint32 StatusCode;
    [read: ToSubClass] uint32 ResponseTime;
    [read: ToSubClass] uint32 ResponseTimeToLive;
    [read: ToSubClass] boolean ReplyInconsistency;
    [read: ToSubClass] uint32 ReplySize;
    [read: ToSubClass] String RouteRecord[];
    [read: ToSubClass] String RouteRecordResolved[];
    [read: ToSubClass] uint32 TimeStampRecord[];
    [read: ToSubClass] string TimeStampRecordAddress[];
    [read: ToSubClass] string TimeStampRecordAddressResolved[];
    [read: ToSubClass, MaxLen(4096): ToSubClass] String ProtocolAddress = "";
    [read: ToSubClass, MaxLen(4096): ToSubClass] String ProtocolAddressResolved = "";
    [read: ToSubClass, ValueMap{"0", ".."}: ToSubClass] uint32 PrimaryAddressResolutionStatus;


how cool is that?! thanks scripting guy (ed)! btw, here’s his article.

Sep 4, 2012

finding the right nic in server core

a recently deployed server, on windows 2008 server core, start kicking out some replication notifications which when checking the configuration did not seem to jive. i started poking around when i realized the horror: i don’t know where to find what i’m looking for!

long story short, the server suffered from a biological procedural failure to set the nic properly to the right speed. while the nic was set for auto, it was not set for the critical 1gb full auto. the question now is how was this determined, even though netsh is not helpful for this scenario? the answer is … the registry. <sigh>


finding the right interface guid

this is a fairly simple and probably routine thing for you if you’ve done any digging around. the idea is to find the nic with the right ip address associated to it. it’s difficult sometimes to do this when you have a server with four nics but only one enabled. this is a smart way to filter them out.

  • navigate to hklm\system\currentcontrolset\services\tcpip\parameters\interfaces.
  • under interfaces, you should find a set of guids which probably looking something like this example: {FD15E5DE-C7D1-4443-9045-3B1E0A884D0F}.
  • either open each one and look at the ipaddress value or just search at the root of services for the ip address.


  • when you have found the correct entry, copy the key name. (yes, copy the long guid :( … just right-click and copy key name then grab the guid)


finding the right nic to modify

now that you have the right interface guid, it’s time to find the right nic and poke around at setting the link speed correctly.

  • navigate to hklm\system\currentcontrolset\class.
  • there’s only one guid you need to look for here: {4D36E968-E325-11CE-BFC1-08002BE10318}. there’s probably lots of them.
  • search for the interface guid you found above. i would strongly recommend the “search” method i mentioned earlier, starting from the root of class.

you should find yourself at the appropriate area of the registry. most likely, you will see multiple keys named 0000 through something like 0006*. notice the guid you were looking for is the netcfginstanceid? now you’re in the right place to do yet more digging. :(


* or however many keys it takes to store the configuration per interface.


finding the right value for speedduplex

i mentioned earlier the server had the wrong setting. i was referring to the speed/duplex seen as *speedduplex in the registry. great. how do i know what to set that to? simple. you find the reference table.

  • navigate to hklm\system\currentcontrolset\control\class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0002\ndi\params\*speedduplex\enum.*
  • find the entry with the right description.
  • the name of the entry is the value to set for speed/duplex.

* the 0002 indicates that it might be a different interface number. remember, there’s one for every network configuration stored. yours might be 0003 or 0005 or whatever.



setting the speedduplex value

now that you have the right value, set the thing and go… :)

  • navigate to hklm\system\currentcontrolset\control\class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0002.
  • locate the value named *speedduplex and change the value to the value you located in the reference table above.


obviously you can use this for other settings as well. :) hope that helps.





Aug 23, 2012

winnate – where’s the ctrl+alt+del?

do you prefer your lock screen to require the ctrl+alt+del key sequence to log on? well, i do. i admit it might be force of habit, but i really enjoy that little sense of security. by default, in windows 8, when you hit a key, the picture screen scrolls up, and let’s you log on.

if you want your security blanket back, this is what you do:

  • open control panel
  • open up user accounts
  • click on “manage user accounts”


  • switch to the advanced tab
  • under secure sign-in, enable “Require users to press Ctrl+Alt+Delete”


and you’re off… :)

Aug 22, 2012

winnate – .net framework 3.5

hi again.

the first thing i wanted to do when i experienced things i wanted to capture was to fire up live writer. well, i probably didn’t mention it, but i rebuilt my desktop because i was running layer upon layer of betas, previews, and release candidates with windows 7. anyway, a total exercise in frustration trying to blog on something only to run into a different problem that i have to blog on… and so here we are. :)



when i attempted to install live writer, i realized .net framework 3.5 was required and missing. generally, you can enable features like this in “programs and features.”


i mean, it really should be that simple. however, if your system administrator (or you) has changed policies to redirect your computer to windows server update services (wsus) instead of windows update, you will run into an error message that looks like the following:

Windows couldn't connect to the Internet to download necessary files. Make sure that you're connected to the Internet, and click Retry to try again.

you’ll probably see this error code as well: 0x800f0906.



the good news is with the right command, you can install .net framework from the installation files. open an elevated cmd prompt and issue the following command:

dism /online /enable-feature /featurename:NetFx3 /All /Source:x:\sources\sxs /LimitAccess 


note: x:\ represents the location of your installation files.


here’s the link to the article if you want to read more: http://msdn.microsoft.com/en-us/library/hh506443.aspx

winnate – modifying hidden sizes

recently i made the jump to windows 8 (hence the name winnate – uh win8?). if you have been a long time user of windows, then you will appreciate the pun since some stuff in windows 8 is -not- winnate knowledge.

i’m collecting all of the annoyances, changes, tips along the way and am going to blog about them because i know i’ll be looking for it later. :( secondarily, it might help you too. ;-) here’s the first one.


modifying the bordersize

in windows 7, modifying border size was not an issue at all. however, in windows 8, it’s quite a ways buried. in fact, you are left with adjusting it in the registry. why? i dunno. if you want, you can modify the registry to change it. otherwise, this cool utility seems to do the trick. it doesn’t require installation either: tiny windows borders


modifying the desktop icon size

again, another seemingly missing setting is the icon size for items on your desktop. this is pretty simple.

  • minimize everything so you don’t disrupt anything or inadvertently change the size in other stuff.
  • click on an empty area on the desktop.
  • hold down the ctrl-key and scroll up or down on your mouse to adjust the size.

if you don’t have a scrollwheel on your mouse, i doubt you are running windows 8 anyway. :)

Aug 20, 2012

atlanta systems management user group [atlsmug] meeting 9/7/2012!

if you haven't heard, it's time for another quarterly (?) meeting. :) to help ease your registration (because i know you're coming,) i have embedded the ticket form below. schedule details are still be ironed out and maintained at www.atlsmug.org. look forward to seeing you there!

Jul 20, 2012

system center 2012 configuration manager ... UNLEASHED!

hi all. a book that i (and many other authors) worked on has released on amazon as a kindle edition. the paperback will follow up a little later.

based on the title of the book i have to ask a question. if i dramatized the release, would it be... SYSTEM CENTER 2012 CONFIGURATION MANAGER UNLEASHED! ... RELEASED! ...? hmmm. i dunno. :) anyway...


the book description:

imageThis is the comprehensive reference and technical guide to Microsoft System Center Configuration Manager 2012. A team of expert authors offers step-by-step coverage of related topics in every feature area, organized to help IT professionals rapidly optimize Configuration Manager 2012 for their requirements, and then deploy and use it successfully. The authors begin by introducing Configuration Manager 2012 and its goals, and explaining how it fits into the broader System Center product suite. Next, they fully address planning, design, and implementation. Finally, they systematically cover each of Configuration Manager 2012's most important feature sets, addressing issues ranging from configuration management to software distribution. Readers will learn how to use Configuration Manager 2012's user-centric capabilities to provide anytime/anywhere services and software, and to strengthen both control and compliance. The first book on Configuration Manager 2012, System Center Configuration Manager 2012 Unleashed joins Sams' market-leading series of books on Microsoft's System Center product suite: books that have achieved go-to status amongst IT implementers and administrators worldwide.

you can get your copy here: http://www.amazon.com/System-Configuration-Manager-Unleashed-ebook/dp/B008LW61JI/.

Jul 18, 2012

atlanta techstravaganza presentations

if you were fortunate enough to be in atlanta for the event, you might not need it. nice to have as a refresher though. for everyone else, here are the recordings from the event: http://www.atltechstravaganza.com/event-presentations/

not all of them were captured, it turns out. oh well. you can't have everything go right all the time. :)

Jul 11, 2012

powtoon for presentations

spent a few minutes this morning using a service called powtoon. it's basically a flash application that presents a way of creating presentations (or movies) in an animated fashion. after watching a couple of videos, it's actually quite easy to do.

the premise is you have a canvas on which you can add objects of varying types. when you add an object, you're adding it against a timeline displayed in seconds.


the idea is that most objects have some type of controllable egress/ingress. for example, you can make things fade in or move up or down. you can add effects like having a hand show up and pull the object away.


it's a bit limited in what you can do... but it's a really cool start. sign up for a beta invite and try it out.

here's the one I put together this morning for fun: http://bit.ly/O5rlap

Jul 6, 2012

error when using add-type with microsoft.exchange.webservices.dll

yesterday, I was goofing around w/ the ews dll trying to use it to retrieve some information from exchange. well, I got it working on my laptop but could not get it working on my other two systems which kept erring out with the following message:

[3] {C:\temp} > Add-Type -Path "c:\temp\Microsoft.Exchange.WebServices.dll"
Add-Type : Could not load file or assembly
'file:///c:\temp\Microsoft.Exchange.WebServices.dll' or one of its
dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)
At line:1 char:1
+ Add-Type -Path "c:\temp\Microsoft.Exchange.WebServices.dll"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Add-Type], FileLoadException
+ FullyQualifiedErrorId : System.IO.FileLoadException,Microsoft.PowerShell.Commands.

after a few unsuccessful iterations of stupidity, I examined the configuration:

  • working system
    • windows 8
    • powershell v3
    • framework 4.5
  • non-working system
    • windows 7
    • powershell v3
    • framework 4.0

I talked to jonathan walz about it for a short spell because I didn't want to believe the framework was the issue even though I saw a few posts referencing security and opening things up in with caspol and things like that. anyway, it was a partially educated guess and other parts having nothing left to try... but as you've probably already figured out, loading framework 4.5 rc fixed it.

Jul 5, 2012

system center licensing

hi all. my friend marnix recently completed a 5-part series on licensing. licensing can be complicated enough to understand but really gets “complified” when things change between versions so i wanted to point out this series. if you recall at the atlanta techstravaganza, one of the topics was understanding system center licensing.

anyway, here’s the post:

Jun 25, 2012

a guest post? not quite...

i received this interesting request from "sarah" asking if i had an interest in a guest blog post. isn't that interesting? here's the email:

Hi Marcus,

I'm getting in touch with you because I'm interested in writing an article for your blog. I came across your blog post marcusoh.blogspot.com while writing for a website on music production. During my research, I've found an increasing focus in terms of design as the tools and technology available today improve our ability to customize how create music and collaborate as musicians

Please let me know if you'd be interested in an article this topic. Thanks, and I look forward to hearing from you soon.


as you know, i write tons on music, music theory, musical collaboration, and such. NOT. if sarah's "research" on the purpose/scope/focus of my blog is any indication of her research in music, i wouldn't be interested even if i did have a topic that was germane to her research. this, by far, is the best giveaway though:


smtp.com? oh boy. a short perfunctory search revealed that sarah not only dabbles in music research but also childhood psychology and development as indicated in this blog post i found.

Jun 22, 2012

enumerating dns records with powershell

here's a way to list dns records with powershell going through wmi. keep in mind the dns class does not appear to support wildcards. :(

get-wmiobject -ComputerName servername -Namespace root\microsoftDNS -Class MicrosoftDNS_ResourceRecord -Filter "domainname='mydomain'" | select textrepresentation

i haven't figured out how to loop through subdomains and dump them out yet. :/ it's a start. hopefully you guys have something better you can share.

Jun 21, 2012

windows phone 8 for business

i have spent most of this morning listening to the windows phone summit keynote in the background. i started paying a lot more attention when the windows phone 8 for business part came up. it's not too awful. this speaker is pretty good!


if you missed the video, it's located here: http://channel9.msdn.com/Events/Windows-Phone/Summit

the stuff for business (as in manageability, encryption, etc) starts ~28 minutes in. big news is the windows phone and windows 8 os share a common core, thus providing some really interesting benefits. here are the key items:

  • complete security platform: encryption and secure boot covered by bitlocker
  • flexible app distribution: signed applications deployed by internal application store instead of marketplace (think sideload-esque) supporting on-premise intranet or cloud
  • device management: covered by the same technologies that manage windows os
  • deep voip integration: skype or cell looks identical -- could mean reduced minutes plan
  • company hub: company-personalized application to highlight apps, provide news, provide alerts, self-service profile capability

by the way, the consumer video demo around ~1:03 is REALLY cool. the other demo around ~1:25 is pretty cool, too. the current inrix app, by the way, is pretty stellar for traffic information.

Jun 19, 2012

xian network manager 2012

if you're an opsmgr admin, you either have used or have heard of jalasoft. they've been in the market for quite a while now -- nearly 10 years maybe. anyway, i just wanted to help them get the word out that their 2012 product has released. anyway, i don't have opsmgr 2012 deployed yet so understanding the functional limitations with network discovery is at a bit of a loss right now.

the product screenshots look kind of compelling though. the use of a concept called "netflow" seems to stick out -- which appears to be a kind of way to view traffic patterns and determine  endpoints pushing around a lot of packets.


this seems to be a pretty good definition of netflow according to my friend glenn graham:

Similarly, NetFlow-enabled routers and switches capture measurements of the network traffic at points in the network and transmit this captured data in the form of User Datagram Protocol (UDP) or Stream Control Transmission Protocol (SCTP) packets to a NetFlow collector for further processing, analysis and archiving.

it definitely appears worth a look. check it out: http://www.jalasoft.com/xian/networkmanager

Jun 18, 2012

ad replication status tool

by now, if you haven't heard of it already, you probably will soon enough. microsoft released a new tool which outputs the replication status of your AD infrastructure. anyway, it's like viewing the same data ... a little more visually. i would love to see more dataviz ... but it's a great start. here's an overview from the download page:

The Active Directory Replication Status Tool (ADREPLSTATUS) analyzes the replication status for domain controllers in an Active Directory domain or forest. ADREPLSTATUS displays data in a format that is similar to REPADMIN /SHOWREPL * /CSV imported into Excel but with significant enhancements.

Specific capabilities for this tool include:

  • Expose Active Directory replication errors occurring in a domain or forest.
  • Prioritize errors that need to be resolved in order to avoid the creation of lingering objects in Active Directory forests.
  • Help administrators and support professionals resolve replication errors by linking to Active Directory replication troubleshooting content on Microsoft TechNet.
  • Allow replication data to be exported to source or destination domain administrators or support professionals for offline analysis.

get your copy of the tool here: http://www.microsoft.com/en-us/download/details.aspx?id=30005

Jun 13, 2012

winnate – using windows 8 with cisco vpn

are you having the same connection issue i was when trying to use the cisco vpn client? here’s what the message looks like:


the message states: Reason 442: Failed to enable Virtual Adapter.

this is the second time i’ve had to do this so i figured capture it. anyway, found the steps here: http://social.msdn.microsoft.com/Forums/en-US/windowsdeveloperpreviewgeneral/thread/6fe817f3-27fe-4068-995a-aced4508ee3e

anyway, it looks like the vpn client tries to enable the virtual adapter by its display name. the installation does some funky crap with the display name:
  • broke: @oem8.inf,%CVirtA_Desc%,Cisco Systems VPN Adapter for 64-bit Windows
  • good: Cisco Systems VPN Adapter for 64-bit Windows

once you remove the crud and try again, it works. here’s the actual steps that raman posted:
Open Registry editor by typing regedit in Run prompt
  • Browse to the Registry Key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CVirtA
  • Select the DisplayName to modify, and remove the leading characters from the value data up to "%;" i.e.
    • For x86, change the value data from something like "@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter” to "Cisco Systems VPN Adapter”
    • For x64, change the value data from something like "@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows” to "Cisco Systems VPN Adapter for 64-bit Windows”
  • Try connecting again

    self-study guide for system center

    here's some more good stuff scott wrote for use as study guides. excellent materials ...

    system center 2012 self-study guide (complete edition)


    the individual parts...

    system center 2012 self-study guide (overview)

    system center 2012 self-study guide (advisor and app center)

    system center 2012 self-study guide (configmgr)

    system center 2012 self study guide (data protection manager and endpoint protection)

    system center 2012 self study guide (operations manager)

    system center 2012 self study guide (orchestrator and service manager)

    system center 2012 self study guide (unified installer and virtual machine manager)

    Jun 12, 2012

    checking dns forwarders of all domain controllers

    • connect to the ldap provider

    $dcs = [adsi]LDAP://ou=domain controllers,dc=mydomain,dc=com

    • get a list of all dcs

    $dcs = $dcs.psbase.children | select -ExpandProperty name

    • query the dns class
    $dcs | % { Write-Output $_ ; (gwmi -Namespace root\microsoftdns -ComputerName $_ -Query "select forwarders from microsoftdns_server").forwarders }

    configuration manager 2012 service pack 1

    the announcement of enhancements for configmgr 2012 with sp1 was delivered yesterday at teched. here's a rundown from the slides (since i am not there):

    • Platform Support:
      • Windows 8
      • Windows 8 tablet (Intel SoC) support
      • Mac OS X
      • Linux and Unix
        • Hardware Inventory:
          • 16 core classes viewable through Resource Explorer
          • Extensible model – supports custom classes and pluggable providers
          • ARP shows all native installed software (e.g. rpm’s or pkg’s)
          • Create collections of Linux/UNIX computers
        • Software Deployment
          • Using the Package and Program model
          • Deploy/patch software, deploy OS patches and run maintenance scripts that target a collection
        • Secure and Authenticated communications
        • Consolidated reports
    • Operating System Deployment:
      • Windows To Go support
      • BitLocker changes:
        • TPM and PIN
        • Used Space BitLocker
      • Prestage media now supports additional content types:
        • Before: WIM
        • Now: WIM, Applications, Drivers, Package/Programs
    • Application Delivery:
      • Metro style applications
      • Deep link applications
      • Network cost support
    • Flexible hierarchy management:
      • Ability to add a new Central Administration Site
      • Migration between ConfigMgr 2012 hierarchies
    • Hierarchy easier to control:
      • When: Schedule replication for a given link
      • What: SQL Server distributed views
      • How much: Compression for SQL Server data
    • Setting Management: User Profile and Data Management
      • Client Side Caching
      • Roaming User Profiles
      • Folder Redirection
    • PowerShell Provider Cmdlets:
      • Scope: Tasks exposed in the Administration Console
      • How:
        • Suitable experience for administrator (not the SDK)
        • Align with PowerShell general conventions


    here's a summary slide from the deck which is available at the teched site under the myteched section. look for MGT309. :)


    opsmgr is running around crashing servers

    okay, calm down. i'm totally sensationalizing the actual issue. had a domain controller go sour this morning, basically no longer advertising sysvol. here's a sample of the event:

    Event Type:      Error
    Event Source: Application Error
    Event Category: (100)
    Event ID: 1000
    Date: 1/1/2012
    Time: 12:00:00 PM
    User: N/A
    Computer: <Computer Name>
    Faulting application svchost.exe, version 5.2.3790.3959, faulting module netman.dll, version 5.2.3790.3959, fault address 0x0000000000008d4f.

    it isn't immediately obvious, but this problem is actually caused by opsmgr (as in the blog title implies). to be absolutely fair, opsmgr isn't actually at fault. however, it pounds the crap out of netman.dll which exposes a bug, causing the failure of the server service. when you lose the server service, you lose any process running spawned from svchost. that's a lot of stuff.

    here's the full article: http://support.microsoft.com/kb/2670298. it also links back to kevin holman's blog. ;-)

    Jun 11, 2012

    windows 7 and wmi repair

    a friend sent me an im today asking if i had experienced a situation with windows 7 that generally acted "funky", seemingly hanging applying settings, and such. what he determined from trace evidence is that wmi initiated a repair, but it wasn't initiated by an admin.

    i told him i could have sworn i had seen where windows 7 behavior changed and initiated a self-repair when it found certain conditions to be true. (i, of course, cannot find this anywhere now so if you know where it is, please leave a link in the comments!)

    long story short, windows 7 does initiate a self-repair. it isn't immediately evident in this article, but this article talks about a hotfix which suppresses unnecessary full diagnostics -- which can be cpu intensive, causing the problems my friend experienced. from the article:

    When you perform one of the following operations on a computer that is running Windows Server 2008 R2 or Windows 7, the operation may take a long time to complete:

    • Start the computer
    • Log on to Windows

    For example, the computer takes three or more minutes to start.

    here's the article if you're interested: http://support.microsoft.com/?id=2617858

    Jun 4, 2012

    self-study guide for powershell

    here's another great study guide from the same friend. sharing is caring!


    Top Level Site for PowerShell: http://www.microsoft.com/powershell


    Windows PowerShell Training

    • Windows PowerShell Getting Started Guide
    • Scripting with Windows PowerShell
    • Windows PowerShell Owner’s Manual
      • Getting Started with Windows PowerShell
      • Customizing the Windows PowerShell Console
      • Windows PowerShell Shortcut Keys
      • Piping and the Pipeline
      • Running Windows PowerShell Scripts
      • The Windows PowerShell Profile
      • Windows PowerShell Aliases
    • Windows PowerShell User’s Guide
      • Windows PowerShell Basics
      • Object Pipeline
      • Windows PowerShell Navigation
      • Working with Objects
      • Using Windows PowerShell for Administration
      • Introducing the Windows PowerShell ISE
      • Appendix 1 – Compatibility Aliases
      • Appendix 2 – Creating a Custom Windows PowerShell Shortcut
    • Windows PowerShell Webcasts/Podcasts (a list of 76 different PowerShell presentations in multiple formats – to see the entire list select “MORE” on right-hand side opposite the heading that reads “IT Professionals (76)”)
      • Introduction to Windows PowerShell
      • Using Windows PowerShell 2.0
      • Windows PowerShell Basics for IT Professionals (2-part series)
      • TechEd 2011 Birds-of-a-Feather (Sessions 04): PowerShell: Best Practices From The Field
      • Managing Web Infrastructure Systems with Windows PowerShell 2.0
      • How Do I:
        • PowerShell – The Basics
        • PowerShell Variables
        • PowerShell Scripts and the Command Line
        • PowerShell and WMI
        • Creating Output with PowerShell
        • PowerShell – Object Manipulation
        • Pipelining
    • TheVBScript-to-Windows PowerShell Conversion Guide


    PowerShell Podcasts

    These audios offer Windows PowerShell tips, news and interviews that you can listen to at your convenience.


    Useful PowerShell Blogs

    This is a sampling of some of the blogs that are being written on the subject of Windows PowerShell.  Some of these are independent blogs and their contents are not reviewed or controlled by Microsoft.


    PowerShell Scripts

    This section represents links to actual PowerShell scripts that have been developed for review and reuse.  These scripts are intended to keep administrators from having to “start from scratch” when developing scripts.  While they will almost certainly require some modification, the intent is to give admins a starting point to learn how to do various tasks related to PowerShell in their own environments.



    PowerShell Forum

    This forum is a place where administrators can ask question, read discussions among technical professionals, and engage with the online PowerShell community.


    PowerShell Tools


    PowerShell Books

    The following is a partial list of books that have proven useful as PowerShell resources, both to the new admin and the experienced developer.  This is not intended as a complete list of PowerShell books, but is intended only as a sample for the admin looking to start building his or her library.


    Additional PowerShell Resources

    A variety of external resources offered to the PowerShell community in the form of blogs, sample scripts, wikis, forums, etc.


    PowerShell v3 (beta)

    These resources are specifically designed to help prepare for the newest version of PowerShell to be released in the near future.

    self-study guide for system center endpoint protection

    whether you call it forefront endpoint protection (fep) or system center endpoint protection (scep), you might find these resources valuable as a means of getting up to speed. a good friend of mine created this awesome guide. anyway, sharing is caring. here you go...



    Top Level Site for SCEP: http://www.microsoft.com/fep


    Forefront Training

    Featured Videos


    Microsoft Forefront Virtual Event (TechNet Edge)


    Forefront Endpoint Protection 2010 (TechNet)

    • What’s New in FEP 2010 Update Rollup 1
    • Release Notes
    • Overview
    • System Requirements
    • Getting Started
    • Planning and Architecture
    • Performance and Scalability
    • Server Installation
    • Client Deployment
    • Operations
    • Troubleshooting
    • Technical Reference


    System Center 2012 Endpoint Protection

    • System Center Endpoint Protection 2012
      • What’s new in Forefront Endpoint Protection 2012?
      • Endpoint Protection (TechNet)
        • System Center 2012 Endpoint Protection Privacy Statement
        • Information and Support for System Center 2012 Endpoint Protection
        • Endpoint Protection Client Help
          • Why do I need antivirus and antispyware software?
          • Getting started
          • Scanning for viruses, spyware, and other potentially unwanted software
          • What’s real-time protection?
          • How do I know that Endpoint Protection is running on my computer?
          • What are virus and spyware definitions?
          • How do I remove or restore items quarantined by Endpoint Protection?
          • What is the Microsoft Active Protection Service Community?
          • Troubleshooting
          • Glossary
    • Endpoint Protection in Configuration Manager
      • Introduction to Endpoint Protection in Configuration Manager
      • Planning for Endpoint Protection in Configuration Manager
      • Configuring Endpoint Protection in Configuration Manager
      • Operations and Maintenance for Endpoint Protection in Configuration Manager
      • Security and Privacy for Endpoint Protection in Configuration Manager
      • Technical Reference for Endpoint Protection in Configuration Manager


    Forefront Webcasts/Podcasts

    These videos and audios offer Forefront Endpoint Protection tips, news and interviews that you can listen to at your convenience.


    Forefront Forums

    These forums provide administrators opportunities to engage in discussions related to Forefront Endpoint Protection.  It is a place where questions can be asked/answered, where you can review conversations on relevant topics by other administrators, and where you can interact with other IT professionals.


    Forefront Endpoint Protection 2010 Support

    On this site, you can search an extensive database for answers to technical issues.  This site allows you to locate relevant Knowledge Base (KB) articles, as well as enabling you to search by events or error codes.



    Here, administrators can download both FEP 2010 as well as the FEP 2010 Security Management Pack for use with System Center Operations Manager (SCOM)


    Useful Blogs

    These blogs are where experts in Forefront technologies post their thoughts, relevant information, news, and general guidance.  They are very useful methods for administrators to remain up to date on the latest information related to Forefront Endpoint Protection.


    Forefront Classroom Training

    This section lists the various training classes available for Forefront Endpoint Protection.  These classes are available through Microsoft’s training partners.

    • Course 50509A: Implementing Forefront Endpoint Protection 2010 (2-day instructor led)
      • After completing this course, students will be able to:
        • Articulate the value proposition and key features of FEP 2010.
        • Understand the protection technologies built into the FEP client to protect desktops, laptops and servers from malicious code threats.
        • Understand the fundamental concepts of System Center Configuration Manager 2007.
        • Understand the FEP server components and how they are integrated into a System Center Configuration Manager 2007 infrastructure.
        • Understand how to manage FEP client policy and definition updates.
        • Understand the FEP client architecture and how the client can be deployed across an organization.
        • Understand the various options for monitoring, alerting and reporting on the health and malware activity of FEP clients.
        • Understand how FEP can leverage System Center Operations Manager 2007 to provide real-time monitoring of high value endpoints.

    Jun 1, 2012

    upgrading to windows 8 release preview

    i saw some tweets a couple of days ago referencing a release preview blog that was posted and pulled because it posted early. well, i looked off and on for an announcement about it yesterday but ended up missing it because i was out.

    long story short, if you missed it too, it's available now. :) now, consider your options before you move forward. there is no going back to what you had before so be prepared. the only going back is reinstalling.

    speaking of reinstalling, if you're upgrading from xp, vista, or 7 the good news is there are some things that you can keep. windows 7 is the friendliest in that respect. if you are running one of the earlier windows 8 previews, put on your sad panda face because you will not be keeping anything relative to programs, windows settings, or account info. that detail is available in the faq.


    this morning i'm taking the plunge and installing the release preview. that means i'll be spending the weekend reinstalling apps. :) joy. good luck. if you're doing the same thing, let me know if you run into anything worth mentioning.

    May 24, 2012

    two upcoming events i wanted to mention

    hi and good morning. i wanted to mention a couple of upcoming events that may interest you.



    JUNE 1ST: the first is the atlanta techstravaganza event which has turned into an annual thing. not sure if you know this or not but atlanta systems management user group is a part of it and has been since the inception. the event has a great line-up of folks -- both mvp and other talent. it's a full day event with food, prizes, etc so plan accordingly. the schedule, registration, and everything else can be found at www.atltechstravaganza.com. hope you can make it!



    MULTIPLE EVENTS: the second event is windows server 2012 community roadshow which is brought to you by fellow mvps. it's a four hour event at various locations both stateside and internationally. you can get all the information at the following location: https://ws2012rocks.msregistration.com/Default.aspx

    sorry atlanta peepz -- it doesn't appear there's going to be an atlanta event. the closest you'll get is charlotte. that's some poo. oh well. the others don't get the atlanta techstravaganza event! get to one or the other. they both look good... :)

    May 17, 2012

    "get computer/ip status" activity throws raw socket error

    recently ran across this quirk trying to test a runbook in orchestrator...


    imagewhile in the runbook designer, whenever the "get computer/ip status" activity is called, it fails with the following error:




    the error summary text in its entirety:

    Raw socket error. Error: 10013 An attempt was made to access a socket in a way forbidden by its access permissions.


    according to this microsoft article (thanks richard catley), the error translates to this:

    WSAEACCES (10013)
    Translation: Permission denied.
    Description: An attempt was made to access a socket in a way that is forbidden by its access permissions. For example, this error occurs when a broadcast address is used for sendto but the broadcast permission is not set by using setsockopt(SO_BROADCAST). Another possible reason for the WSAEACCES error is that when the bind (Wsapiref_6vzm.asp) function is called (in Microsoft Windows NT 4 .0 Service Pack 4 [SP4] or later), another program, service, or kernel mode driver is bound to the same address with exclusive access. Such exclusive access is a new feature of Windows NT 4.0 SP4 and later, and it is implemented by using the SO_EXCLUSIVEADDRUSE option.


    which means absolutely nothing to me -- except there is a possible permission issue somewhere. :) after posting to the technet forum, i decided to file a bug. as any decent human being does, i searched to see if the bug had already been filed. sure enough it had. it's right here if you want to read the details.



    anyway, i verified i was in local admin, etc. turns out you have to launch the console with run as administrator permissions to elevate it properly in order for the activity to have the required access. jeff fanjoy describes it in the bug.




    you may have read robert hearn's post about running the runbook tester as another user. so... what do you do in the scenario where you must run the runbook tester as a different user since there's no perceivable way to perform a runas a different user and run as administrator?

    well, i couldn't find a way in the windows UI... but if you know of one, please comment up. you can do it, but it's convoluted. here you go:

    1. log in as the user.
    2. open up a cmd prompt with run as administrator.
    3. execute the following:

    "C:\Program Files (x86)\Microsoft System Center 2012\Orchestrator\Runbook Designer\RunbookDesigner.exe"

    what if you don't want to log on as the user? i dunno how to do that one. go figure it out, and let me know. :)

    May 10, 2012

    managing client remediation in configmgr 2012

    picked up this article from steve rachui. been extremely negligent on writing blogs and reading blogs this last year because of some other commitments. anyway, kent agerlund lays out a process for using settings management (aka dcm) to turn off client remediation for scenarios where a targeted selection of machines (e.g. servers, domain controllers, etc) may exist under stricter change control processes that do not allow the client to reinstall itself.

    anyway, check out the article here: http://blog.coretech.dk/kea/configure-client-remediation-in-configmgr-2012-to-monitor-only-using-settings-management/

    May 3, 2012

    ntlm authentication is not dead nor are its problems

    hanging out at tec this week, a recurring theme came up more than once. it's this thing called maxconcurrentapi. here's some relevant links:



    Mar 23, 2012

    remote desktop keyboard shortcuts

    because you're going to need them... and when you get around to using windows 8, you'll see what I mean. I picked this up from mintywhite.com. dropping it here for reference.

    Mar 22, 2012

    powershell timer

    picked up this cool thing on this equally cool post.

    $timer = [System.Diagnostics.Stopwatch]::StartNew

    now you got all kinds of options... :)

    Mar 21, 2012

    how to manage emails and tasks

    warning: this is not really a technology related post.

    this is a system I use to manage my team, my tasks, follow-ups, etc. it's all based in the paradox of choice that is outlook and the way you can do practically the same thing in about 37 different ways. I demonstrated this to my team the other week, and they really enjoyed it and found it immensely practical. (I might be embellishing a little with my use of the word "immensely". :) )

    the concept is that 95% of the email you receive, you will probably never do anything with. we hang on to it though for fear we'll forget about it the second it moves out of our inbox. I use my system to correctly identify emails, looking at them once, categorizing them and moving on. why spend energy rereading the same email over and over?


    creating a framework

    first of all, define some folders for categories. for instance, I use the following:

    • @action - things I need to follow up with
    • @archive - stuff I need to hold on to

    you may have some other things you need. you'll figure it out as you go along. in the mean time, try to follow this:

    • if it's possible to respond to the email in under a minute, then it's time best spent doing it right then.
    • if it requires some research or work, file it away momentarily in the @action folder.
    • if you need to hang on to the email because it's important, put it in @archive.
    • if it doesn't fall into any of the above, just delete it.


    organizing your system

    so how is it that you're going to remember stuff in the @action folder? well, that's simple... and it's at this point that you have to decide the system that will work for you. for me, I use follow up flags. others may use tasks or calendar entries. I'll describe the system I use since I can't really adequately define theirs.

    since it would be a righteous pain to have to flag messages and then move them, I use what outlook 2010 introduced known as "quick steps." I created a quick step named @action which moves the message to the @action folder, marks it as read, and flags it for follow up.


    as for @archive, I simply move stuff manually because believe it or not, it's exceptionally rare that I get email that I MUST hold on to. if you're not sure, throw it in @archive.

    notice in my quick step the flag message is set for follow up tomorrow. if you require additional timeframes, you might want to create more quick steps and label them like @action - 1 day, @action - 3 day, etc.

    as you complete things, clear the flags, delete the messages, archive them, etc.


    your morning preamble

    now, my disclaimer about all this is that no system really works unless you work the system. so... categorize all day long. you may end up with a zero item inbox, but you will most likely forget important things to do.

    SNAGHTML1ce2415aevery morning, it should be as chronic as coffee and as routine as ritual for you to open outlook and go to your @action folder. this will be the beginning of your day to ensure that anything that required follow up will get follow up. I typically spend about 15 minutes of my morning organizing what I intend to do with the items in @action.

    an easy way to do this is to create a category called "today" and then apply categories to your items. if you add the category column to your view, you will be able to see which items need your attention.

    adding to that, creating additional quick steps can help in this process. for example, I created the following pair of quick steps to help in my morning preparation:

    • clear @action - after going to the @action folder, I want to clear all of the categories in there so I can start fresh. this quick step does just that.
    • today - this quick step categorizes a message with "today." what's so awesome about this? I can multi-select messages and apply the "today" category.

    now every time you look in your @action folder periodically throughout the day, you know what has to get done.


    bonus round

    don't like having a cluttered view in @action? I didn't either. I ended up creating a search folder to draw out anything that's flagged, marked with the today category, and in the @action folder. after adding the new "today" search folder into my favorites, I get a quick glance of all of my things to do.


    much better!


    so in short

    1. for each message... reply, archive, or set for follow up.
    2. every morning, check your actions folder.
      • clear your categories
      • mark the items that you need to do today
    3. for every completed task... clear, delete, or archive the message.

    did I mention that you don't need paper and pen? if you're in a meeting and someone throws an action at you, send yourself an email and apply this same methodology to your own email.

    anyway, give it a try. let me know if it works for you. :)