Categories
Active Directory Microsoft Windows

Microsoft Active Directory Time Sync Settings

So I was recently asked by a client: “Why is the time on my PC 5 minutes off from my phone?”

Now this is a small environment, a very small environment (1 Server and 7 workstations). The first thing I thought about was what does the server clock look like? So I remoted into the server and sure enough it had the same time as the workstation.

I went and checked the registry and found that the server was pointed get its time from time.windows.com, but for some reason that was not working.

I then used the following command to point it to several of the pools hosted by NIST.gov

w32tm /config /manualpeerlist:time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov,time-d-g.nist.gov /syncfromflags:manual /reliable:yes /update

After that I restarted the W32Time (Windows Time) service to make the update work.

Once that is done it should force a resync of the time service which could take some time to update and to sync with all the workstations.

I hope you find this post helpful, and if so please share it with your friends.

The More You Know: Unlocking Windows God Mode

Today I wanted to talk about this is a little known feature that has existed on in Windows based workstations since at least Windows 7 when I first heard about it. Since then this “folder” for lack of a better work has been following me around to every PC I have had since then.

At first glance it looks like your Windows Control Panel on Steroids

As you can see from the screen shot, There are about 219 (on my machine, your mileage may vary) settings that you can edit.

To gain access to this you first need to start off by creating a new folder. When the folder is created and you are asked to give it a name you will need to insert this String into the field.

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

Press Enter and the icon will change from this

To this

I hope you found this helpful and informative, and I look forward to you coming back soon.

PowerShell – Windows Update report to .CSV

A while back I was asked by my boss to come up with a way to get a report of all the Windows Updates installed on a remote server that is at a client’s site and that we do not have access to.

I thought to myself that he must be crazy to think that we could even find a utility that would enable us to do that.

Well….. Apparently with the right Power Shell Commands you can do it. Here is the Syntax for the Script that you will need to save as a .ps1

$Session = New-Object -ComObject “Microsoft.Update.Session”
$Searcher = $Session.CreateUpdateSearcher()
$historyCount = $Searcher.GetTotalHistoryCount()
$Searcher.QueryHistory(0, $historyCount) | Select-Object Date,
   @{name=”Operation”; expression={switch($_.operation){
       1 {“Installation”}; 2 {“Uninstallation”}; 3 {“Other”}}}},
   @{name=”Status”; expression={switch($_.resultcode){
       1 {“In Progress”}; 2 {“Succeeded”}; 3 {“Succeeded With Errors”};
       4 {“Failed”}; 5 {“Aborted”}
}}}, Title | Export-Csv -NoType “$Env:userprofileDesktopWindows Updates.csv”

The result looks something like this:

I hope you find this post helpful and are able to use this going forward.

Network Discovery turning off after Clicking Save

So I ran into this issue with a client where Network Discovery turns off after I try to turn it on and click Save.

I then went and checked on the setting and it was sent back to off. It did not make sense what was going on.

I did some google searching and found this on the Microsoft Forum

I could end this post here, but just encase the post gets deleted, here is a list of the services that you need to make sure are Enabled and Running to turn on Network Discovery.

–      DNS Client
–      Function Discovery Resource Publication
–      SSDP Discovery
–      UPnP Device Host
Hope this is helpful for someone. 

How to tell if your users AD account password has expired

Like I said in a previous post we are dealing with the after math of a disaster so most of our Administrative tools are still offline until we get around to bringing back online. One of those tools was a real life saver and would email not only the admin team but the end users that their AD password was about to expire. So without that we are flying blind, which is not a big deal for the day to day management of our network.

Moving along I got a call the other day from one of my users who was working remote who said that he could not connect to email. So I asked him when was the last time he reset his password, which he said he did not know.

So I opened up my command line and ran the following command

net user %USERNAME% /domain

Replace %Username% with the username you want to query and it will return a ton of information about the user account including the date the password will expire. 

How to install PowerCLI

Recently VMware has changed the way you install PowerCLI from being the standard MSI installer that we have all been used to for years, to downloading and installing it from the PowerShell Repository.

Here is the process for installing PowerCLI:

Open PowerShell by running it as an Administrator

Once PowerShell loads up you will want to change the Execution Policy to Remote Signed

Set-ExecutionPolicy RemoteSigned

Once that is done you can install PowerCLI by running this command:

Install-Module -Name VMware.PowerCLI -Scope CurrentUser

You will then be prompted at least twice to give your consent to download and install from an untrusted repository.

Windows Update error 0x80243004…..

While performing routine server maintenance on one of my terminal servers at work I received one of the many vague error messages that Microsoft in their (In)finite wisdom give us to help troubleshoot the problem. Normally I would just ignore the error message and come back to it at a later time but as I am in the middle of a tight window I figured I would give it a shot an troubleshoot it (Crazy I know).

So first I start by Google-ing “Error Code 80243004” and I get several hits. The first one I get takes me to a Microsoft article about the issue:

http://windows.microsoft.com/en-us/windows7/windows-update-error-0x80243004

It was very short and to the point (which I appreciated greatly at 11 PM), but the answer I got really made me think that it was pulling my leg. Since it was a Microsoft article I took it seriously and followed it’s sage advice and amazingly it worked!!! (or so it seems at the time of me writing this)

Apparently the little notification that you get when you log in that tells you that you have updates to install is more than just an annoying little pop up. Without it being present your updates will fail (Unless you have it disabled in Group Policy). So from what I can tell, one of my users must have gotten tired of seeing that pop up and told the system to make it go away, and because of that I was unable to update the system until I brought it back.

Why would anyone make that little notification so important? I am really posing a serious question here, and if you have an answer it would be greatly appreciated down below in the comments.

Also if you are like me and enjoy looking at pictures to help you through issues, I would say check out this blog post as well:

http://jackstromberg.com/2013/09/code-80243004-windows-update-encountered-an-unknown-error/

I hope this post has been helpful to you and I will continue to post more of these (As I discovered more update issues from my casual perusing of my network).