Monday, April 25, 2016

PowerShell: BATCH Script to Allow PowerShell Scripts to Execute

For some SysAdmins, they will use one or more tools to deploy software to a range of computers on their network. For me, it our monitoring tool that allows are to remote execute scripts to do some sort of task.

Writing in PowerShell is amazing and is Microsoft's best yet command line tool. However by default for security purposes, script execuition is blocked for untrusted or unsigned scripts.

I won't go into Signing scripts just now but using the following command will allow you to run PowerShell Scripts

Set-ExecutionPolicy -RemoteSigned

This line still provides a level of protection while still allwoing you to execute custom scripts. Other switches include -bypass and -unrestricted.

So how can we get a large number of these set?

There are a number of ways:
  1. Group Policy
  2. Batch Script
The reason for me writing this BATCH Script is that it allows me to deploy and run on a computer regardless of the Domain it is joined to.

Copy and paste this code into a text file called SetExecutionPolicy.bat and then Save.

This script also creates entries into the Windows Event Viewer to tell you if and when the command has been executed, or if it failed to run.



@echo off

REM -------------------------------------------------------------
REM       Set-ExecutionPolicy RemoteSigned for Powershell
REM          Date: 10-Spet-2015
REM        Author: Daniel Burrowes
REM -------------------------------------------------------------



Echo Setting PowerShell Execution Policy for RemoteSigned

PowerShell.exe Set-ExecutionPolicy RemoteSigned

IF %ERRORLEVEL% NEQ 0 goto ERROR    

EVENTCREATE /T INFORMATION /L APPLICATION /ID 100 /D "PowerShell Execution Policy has been set to RemoteSigned"
GOTO DONE

:ERROR 

EVENTCREATE /T ERROR /L APPLICATION /ID 100 /D "PowerShell ExecutionPolicy batch script failed to run." 


:DONE

Echo Done!

EXIT

PowerShell: Download and Install Citrix Receiver

I have been doing quite a bit of work lately on PowerShell scripting for work and this is a common one we deploy to our clients that use Citrix.

This script does the following:
  1. Creates the folder C:\Install\CitrixReceiver
  2. Downloads the latest Citrix Receiver software from the Citrix website
  3. Installs the downloaded Receiver silently
The link for the Citrix Receiver is: http://downloadplugins.citrix.com/Windows/CitrixReceiver.exe

Works with PowerShell v2 and higher.
A lot of my scripts are built to work at this level as it means that I can deploy my scripts to older machines without having to first upgrade PowerShell.

Copy and paste the code into a text file called InstallCitrixReceiver.ps1.



# --------------------------------------------------------------------------
#                Citrix Receiver Install Script
#                   Date: 14-Mar-2016
#               Created by: Daniel Burrowes
# --------------------------------------------------------------------------

# -Verbose and -Debug

[CmdletBinding()]
param()

# --------------------------------------------------------------------------
#  Change Log
#
#  14-Mar-2016
# -Added /IncludeSSON to argument list
# --------------------------------------------------------------------------

#Create install directory
Write-Verbose "Creating Install Directory"
$InstallDir = "C:\Install\CitrixReceiver"
New-Item -Path $InstallDir -ItemType directory -Force


Function Download-Citrx {

 $Source = "http://downloadplugins.citrix.com/Windows/CitrixReceiver.exe"
 $destination = "C:\Install\CitrixReceiver\CitrixReceiver.exe"

    Write-Verbose "Downloading Software..."
    (New-Object System.Net.WebClient).DownloadFile($Source, $Destination)
    Write-Verbose "Time taken: $((Get-Date).Subtract($start_time).Seconds) second(s)" 

}

Write-Verbose "Downloading Latest Citrix Receiver"
Download-Citrx

Write-Verbose "Running silent install of Citrix Receiver"
Start-Process -FilePath "C:\Install\CitrixReceiver\CitrixReceiver.exe" -ArgumentList "/silent /IncludeSSON" -Wait -Verbose -PassThru

Executing Powershell scripts may require you to allow scripts to run.:
#Set-Execution Policy -RemoteSigned

Tuesday, May 26, 2015

VMware ESXi E1000 vs VMXNET3 Network Adapters

I found this really helpful article from Rickard Nobel who has done a set of testing showing the performance improves when using VMXNET3 network adapters over the emulated E1000 cards.

http://rickardnobel.se/vmxnet3-vs-e1000e-and-e1000-part-1/

http://rickardnobel.se/vmxnet3-vs-e1000e-and-e1000-part-2/

Check it out and leave a comment.

Monday, May 25, 2015

Windows Update Servers List

Here is a list of the server addresses required for accessing Microsoft Update servers.
This may required for firewall or proxy policies.
  • http://windowsupdate.microsoft.com 
  • http://*.windowsupdate.microsoft.com 
  • https://*.windowsupdate.microsoft.com 
  • http://*.update.microsoft.com 
  • https://*.update.microsoft.com 
  • http://*.windowsupdate.com 
  • http://download.windowsupdate.com
  • http://download.microsoft.com 
  • http://*.download.windowsupdate.com 
  • http://wustat.windows.com 
  • http://ntservicepack.microsoft.com

See this article for further information

Windows Activation Servers

In some case you might need a list of the servers required for Microsoft Windows activation to apply to a firewall or proxy policy.

This is the list as defined by Microsoft:
  • http://go.microsoft.com/
  • https://sls.microsoft.com/
  • https://sls.microsoft.com:443
  • http://crl.microsoft.com/pki/crl/products/MicrosoftRootAuthority.crl
  • http://crl.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl
  • http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl
  • http://crl.microsoft.com/pki/crl/products/MicrosoftProductSecureServer.crl
  • http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureServer.crl
  • https://activation.sls.microsoft.com

See this article for further information:

Monday, April 20, 2015

EATON IPM Appliance: Update IP address

The EATON Intelligent Power Manager is a software package that help monitor and manager UPS connected to your server infrustracture and can be installed in different ways. For virtual environments, the easiest way is to deploy the pre-configured Virtual Appliance for VMware ESXi.



However what I discovered is there is no easy way to reconfigure the IP addresses just from the management console. As the appliance is based on Centos Linux, you can use basic Linux commands to change the IP address.

For this, you will need either direct console access or SSH.
As you will be changing the IP address and a disconnection will be required, I advise connecting via the direct console.

  1. Log on to the Virtual Appliance as root
    (Default username is 'root'; default password is eaton)
  2. Use vi to modify the ifcfg-eth0 file

    #vi /etc/sysconfig/network-scripts/ifcfg-eth0

    Update with the following lines:
    DEVICE=eth0
    BOOTPROTO=static
    ONBOOT=yes
    TYPE=Ethernet
    IPV6INIT=no
    IPADDR=x.x.x.x
    NETMASK=255.255.255.0


    Then, save and close (:wq)
  3. Use vi to modify the sysconfig/network file

    #vi /etc/sysconfig/network


    Update with the following lines:
    NETWORKING=yes
    NETWORKING_IPV6=yes
    HOSTNAME=localhost
    DOMAINNAME=localdom
    GATEWAY=x.x.x.x


    Then, save and close (:wq)
  4. Restart the network service to have settings take affect

    #service network restart

Office 365 ScanPST to fix corrupted Outlook files

In Office 365, which uses the Click-to-Run technology, Office program files are now in a new location.



When you experience issues with Outlook, often you would use the ScanPST.exe tool to repair PST and OST files with Outlook.

This tool can now be found in the following location:

C:\Program Files\Microsoft Office 15\root\office15\ScanPST.exe

This should apply for both 32-bit and 64-bit installations of Office 365.

Friday, February 27, 2015

Unable to activate Office 2013

During the setup of some PCs recently I found the error that Office 2013 would not activate. While I did some Google searches and a lot of forums often said the solution was to reinstall the software, which is a lot of effort, especially if you have the error on multiple computers.

This is the error I received:

.
For this particular instance, I found that I had to open an Office app (whether it was Word or Excel etc.) as Administrator. Meaning, right-clicking the icon and selecting Run as Administrator.

Once it was running as Administrator, I was able to get it activiated.

Not sure what was different able that installation but that's what I had to do to get it activated.

Outlook 2003 showing incorrect email time on Citrix XenApp 5.0


Environment


Citrix XenApp 5.0
Windows Server 2008 R1 (64-bit)
Microsoft Office 2003 Professional (32-bit)

Scenario


When using Outlook 2003 via Citrix session, time zones in Outlook would not match the user session time via Citrix. Email would show the wrong received timestamps.

However if you log on to the same server via Microsoft Remote Desktop (RDP) instead of via Citrix (ICA) the timestamps would be correct.

When going to Options > Calendar Options > Time Zones... Outlook would default to (GMT) Coordinated Universal Time.



Solution


We found that registry for AppInit_DLLs registry entries for Citrix was missing. Specifically, the DLL references that provided the necessary hooks for Citrix to provide the time zone redirection of the client session. Since the office application was 32-bit, this meant that the reference for 32-bit applications for these required hooks weren't being applied despite what the Windows Server GPO was instructing or redirecting.
 
 
This is the correct setting.

32-bit Application Reference


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows

AppInit_DLLs = c:\progra~2\citrix\system32\mfaphook.dll,mfaphook.dll



64-bit Application Reference 


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
 
AppInit_DLLs = c:\progra~2\citrix\system32\mfaphook64.dll,mfaphook64.dll


Tuesday, February 17, 2015

MYOB PowerPay 8.x on Windows 8/Windows Server 2012

MYOB PowerPay is old. Like... really old. The database engine behind this software was built in 1990 and is by a company called ACI which no longer exists. So expecting to run it on a modern operating system like Windows 8 is a high expectation.

Originally I tried what everyone else would do and go straight for the Windows Compatibility settings. I tried everything and every version with no luck.

However this is how I got it going on Windows Server 2012 R2 Remote Desktop Server, so this should also apply to Windows 8.

So normally after the install of PowerPay 8.x you will see this error:
"4D Engine has stopped working"

  

 Go to the Start Screen and search for "Environment Variables"



On the System Properties screen, click on Settings under the Performance heading



Go to the Data Execution Prevention tab. Make sure DEP is set to On. Then click Add.



Browse to where MYOB PowerPay is installed and select PowerPay.exe and click Open.



Click Apply.



MYOB PowerPay will now open.


If this post helped you, please leave a comment below or even consider dropping a donation.