Posts made by wrx7m

Still in the same boat. It only applies the setting when linked to the OU of the user and have a user or group specified in the security filtering, but it applies it to all systems, not just the RDS server.

@pmoncho said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

@wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

@dbeato said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

@wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

I ran into an issue with Adobe Reader preventing users on my RDS server from printing PDFs that is solved by disabling protected mode.

I created a GPO with a User configuration GPP update for the corresponding DWORD value. The only way I have gotten it to work, is if I apply the GPO to the OU that contains the AD user object and have the Security filtering set to a group of users or a single user. I have tried item-level targeting to only apply to the RDS server, but it applies to any system that the user logs into.

I also tried the opposite- Linking the GPO to the server OU and setting the Security Filtering to only the computer account for the RDS server and item-level targeting to a specific group of AD users. This didn't do anything.

How can I set it to update HKCU only for users on the RDS server?

You can do a item level target based on the RDS server instead as well.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789189(v%3Dws.11)

Tried this already (sans loopback) but didn't work.

You mentioned that you have a server OU. Do you have your RDS servers in their own OU?

Is loopback mode setup for replace or merge? (if merge, then another GPO somewhere else could be creating issues.)

You setup a test. If RDS servers are in own OU, loopback in replace mode, then just set one policy (other than loopback) and check the registry for the one user to see if the change had been made

Servers are in the same OU at this point. Going to be trying the loopback in merge mode to see if it will target the correct server.

@dbeato said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

@wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

I ran into an issue with Adobe Reader preventing users on my RDS server from printing PDFs that is solved by disabling protected mode.

I created a GPO with a User configuration GPP update for the corresponding DWORD value. The only way I have gotten it to work, is if I apply the GPO to the OU that contains the AD user object and have the Security filtering set to a group of users or a single user. I have tried item-level targeting to only apply to the RDS server, but it applies to any system that the user logs into.

I also tried the opposite- Linking the GPO to the server OU and setting the Security Filtering to only the computer account for the RDS server and item-level targeting to a specific group of AD users. This didn't do anything.

How can I set it to update HKCU only for users on the RDS server?

You can do a item level target based on the RDS server instead as well.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789189(v%3Dws.11)

Tried this already (sans loopback) but didn't work.

@flaxking said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

You have to enable loopback processing for the server and then it will process user configuration linked to it

Where would I do this? In the same GPO that I am setting the GPP?

I ran into an issue with Adobe Reader preventing users on my RDS server from printing PDFs that is solved by disabling protected mode.

I created a GPO with a User configuration GPP update for the corresponding DWORD value. The only way I have gotten it to work, is if I apply the GPO to the OU that contains the AD user object and have the Security filtering set to a group of users or a single user. I have tried item-level targeting to only apply to the RDS server, but it applies to any system that the user logs into.

I also tried the opposite- Linking the GPO to the server OU and setting the Security Filtering to only the computer account for the RDS server and item-level targeting to a specific group of AD users. This didn't do anything.

How can I set it to update HKCU only for users on the RDS server?

@scottalanmiller said in Virtualization when there is only one VM?:

@DustinB3403 said in Virtualization when there is only one VM?:

@Pete-S said in Virtualization when there is only one VM?:

@DustinB3403 said in Virtualization when there is only one VM?:

@scottalanmiller said in Virtualization when there is only one VM?:

@DustinB3403 said in Virtualization when there is only one VM?:

It's super simple to take a closet for example and put a vent near the top of the wall to let heat escape.

Not if you don't have that closet, the vent would let in hotter air, or you don't have outside access from a closet.

Of course, if you physically don't have any space, then using this example doesn't make sense. The question really is "at what point should a business start looking at different form factors (from the desktop style)?"

It ridiculous to even think there is no space for a rack. Unless someone runs a company out of their bedroom. A rack takes what, 5 square feet?

Ha. yeah I get it I totally do. And you can get a rack for pennies on the dollar if you are really looking.

Cost of the rack isn't the issue. Space to put it that is safe, clean, has power, central to the cabling, can be cooled, etc.

So, not here-

@JasGot This looks like something I can use. Thanks for posting.

@scottalanmiller said in VMware Host Cannot Connect from vSphere Client:

@wrx7m said in VMware Host Cannot Connect from vSphere Client:

@scottalanmiller said in VMware Host Cannot Connect from vSphere Client:

Writing this up for @Osvaldo ... working on trying to update a vSphere client machine (ESXi host) that needs a patch for version 6.0.0. Want to go to 6.7, but it won't even try that until we apply this patch. Patch keeps updating to 47% complete and then crashing on us. So we get nowhere.

Could also be an issue if a vendor-specific ISO was used to initially install ESXi. I ran into a similar problem with Dell; I had to get the Dell ISO from their downloads for the specific server model/service tag.

It's a Dell here, that's a very real possibility.

Any luck?

@JaredBusch said in What Are You Doing Right Now:

@siringo said in What Are You Doing Right Now:

We're paying about $AU6 a gallon for fuel down here, not sure what it is in the US?

Lucky. It is almost twice that in SoCal.

Another thing to consider is the HCL. The server or other hardware might have been dropped from the HCL after a certain version and that could be causing an issue.

@wrx7m said in VMware Host Cannot Connect from vSphere Client:

@scottalanmiller said in VMware Host Cannot Connect from vSphere Client:

Writing this up for @Osvaldo ... working on trying to update a vSphere client machine (ESXi host) that needs a patch for version 6.0.0. Want to go to 6.7, but it won't even try that until we apply this patch. Patch keeps updating to 47% complete and then crashing on us. So we get nowhere.

Could also be an issue if a vendor-specific ISO was used to initially install ESXi. I ran into a similar problem with Dell; I had to get the Dell ISO from their downloads for the specific server model/service tag.

Here is a link to Dell's site regarding their specific version of ESXi-
https://www.dell.com/support/article/us/en/04/sln288152/how-to-download-the-dell-customized-esxi-embedded-iso-image?lang=en

@scottalanmiller said in VMware Host Cannot Connect from vSphere Client:

Writing this up for @Osvaldo ... working on trying to update a vSphere client machine (ESXi host) that needs a patch for version 6.0.0. Want to go to 6.7, but it won't even try that until we apply this patch. Patch keeps updating to 47% complete and then crashing on us. So we get nowhere.

Could also be an issue if a vendor-specific ISO was used to initially install ESXi. I ran into a similar problem with Dell; I had to get the Dell ISO from their downloads for the specific server model/service tag.

@frodooftheshire said in Windows NLA service on 2016/2019 DCs:

Hi guys,

I'm sure lots of you are pretty aware of the issue where you reboot a 2012/2016/2019 DC and the network profile gets set to private instead of domain. I've read lots of ways to combat this - delayed start of NLA service and scripts that restart the service but I wanted to see how you guys resolved this. I've tried delayed start on some DCs with mixed results. At this point I'm leaning towards a script that executes after a certain amount of time, but I wanted to see how you're solving the issue.

Have not seen this on the server level without changing/adding a NIC.

@Obsolesce Thanks, man! I will try my hand and making these adjustments. Appreciate the help and guidance.

@dafyre said in Windows 10 search only gives blank box:

@wrx7m said in Windows 10 search only gives blank box:

Pretty sure this is the same issue that has been reported for a couple of months. I pretty sure that this is the patch released to fix it
https://www.askwoody.com/2020/the-latest-optional-non-security-c-d-week-patch-for-win10-1903-and-1909-is-out/

Seems like I read something about that at some point today saying that it didn't work.

https://www.askwoody.com/2020/win10-search-is-working-again/

@scottalanmiller said in What Are You Watching Now:

Just finished Season 3 of Coupling for the hundredth time.

This Coupling? https://www.imdb.com/title/tt0237123/?ref_=fn_al_tt_1

Pretty sure this is the same issue that has been reported for a couple of months. I pretty sure that this is the patch released to fix it
https://www.askwoody.com/2020/the-latest-optional-non-security-c-d-week-patch-for-win10-1903-and-1909-is-out/

@Obsolesce said in Powershell - SFTP Upload Using Posh-SSH:

@wrx7m said in Powershell - SFTP Upload Using Posh-SSH:

However, I would still like feedback on if there is a better way to write the repetitive lines. Here is the latest version of the script for many to many.

There is, but I mean... its' a small single use script so I don't know if its' worth it if you can't "just do it as you write it the first time". What you have is working... do you really care if the username and password is in the script? Only you can know... but practice wise, definitely not. Repetitive lines, no, functions yes, loops yes, built objects yes.

I can dive in if you are wondering for the sake of learning, sure, glad to help.... ? (but not tonight, i'm beat and soon time for bed)

Thanks. They don't offer cert-based auth from what I can see on their site. Also, I am asking because I am interested in learning how to do it properly.

Well, I am updating the script, as the requirements changed from multiple local dirs to single sftp dir, to multiple local dirs to multiple sftp servers' dirs.

Tip for WP-Engine users-
I had some issues using WP-Engine's path option in their sftp user settings. The feature essentially creates a shortcut to root when you connect. I was telling the script to go to a specific directory, '/inventory', based on root as being root. So, my script would error out because, when I connected, the script would try to go to /inventory/inventory. After changing the $SftpPath variable back to '/', it worked.

However, I would still like feedback on if there is a better way to write the repetitive lines. Here is the latest version of the script for many to many.

# SFTP Upload of Inventory From CSV files to WPEngine SFTP. Requires installation of Posh-SSH 
# Install-Module -Name Posh-SSH (https://github.com/darkoperator/Posh-SSH)

# Set the credentials
$Password = ConvertTo-SecureString 'PasswordGoesHere' -AsPlainText -Force
$Credential1 = New-Object System.Management.Automation.PSCredential ('username', $Password)
$Credential2 = New-Object System.Management.Automation.PSCredential ('username', $Password)
$Credential3 = New-Object System.Management.Automation.PSCredential ('username', $Password)
$Credential4 = New-Object System.Management.Automation.PSCredential ('username', $Password)

# Set local file path and SFTP path
$FilePath1 = "D:\Data\SW\SWRUN\BA\BAUPC.CSV"
$FilePath2 = "D:\Data\SW\SWRUN\MI\MIUPC.CSV"
$FilePath3 = "D:\Data\SW\SWRUN\SS\SSUPC.CSV" 
$FilePath4 = "D:\Data\SW\SWRUN\NM\NMUPC.CSV"
$SftpPath = '/'

# Set the Hostnames of the SFTP servers
$SftpServer1 = '1.sftp.wpengine.com'
$SftpServer2 = '2.sftp.wpengine.com'
$SftpServer3 = '3.sftp.wpengine.com'
$SftpServer4 = '4.sftp.wpengine.com'

# Load the Posh-SSH module
Import-Module Posh-SSH

# Establish the SFTP connection
$Session1 = New-SFTPSession -ComputerName $SftpServer1 -Credential $Credential1 -AcceptKey -Port 2222
$Session2 = New-SFTPSession -ComputerName $SftpServer2 -Credential $Credential2 -AcceptKey -Port 2222
$Session3 = New-SFTPSession -ComputerName $SftpServer3 -Credential $Credential3 -AcceptKey -Port 2222
$Session4 = New-SFTPSession -ComputerName $SftpServer4 -Credential $Credential4 -AcceptKey -Port 2222

# Upload the files to the SFTP path
Set-SFTPFile -SessionId ($Session1).SessionId -Localfile $FilePath1 -RemotePath $SftpPath -Overwrite
Set-SFTPFile -SessionId ($Session2).SessionId -Localfile $FilePath2 -RemotePath $SftpPath -Overwrite
Set-SFTPFile -SessionId ($Session3).SessionId -Localfile $FilePath3 -RemotePath $SftpPath -Overwrite
Set-SFTPFile -SessionId ($Session4).SessionId -Localfile $FilePath4 -RemotePath $SftpPath -Overwrite

#Disconnect all SFTP Sessions
Get-SFTPSession | % { Remove-SFTPSession -SessionId ($_.SessionId) }

@anthonyh said in Windows Server 2012 - Task Scheduler Issue:

So, I ended up just re-creating the jobs manually. It wasn't nearly as cumbersome as I had imagined. I'd export the job and use the XML as reference.

Things seemed good, until Friday (1/31). Some of the jobs I re-created did not run that night. They have subsequently ran successfully though...just "skipped" Friday even though they're scheduled to run that day of the week (Monday - Friday)...so what the heck?!

I've been meaning to move these jobs to another box, but it's been low priority. I guess this is a sign that I should do that....

Do you have backup jobs or VSS running at the same time? Could be a stun.