Pimp your Powershell Prompt

I use powershell a lot at work – I’m not a guru by any means and I often find it hard to remember the commands I have run in a session, either for future use or for documenting in my time sheet (which also acts as a point of reference for future helpdesk tickets).

When I started going through the Powershell in a month of lunches book (which I highly recommend or the Powershell v3 book) I decided to use the start-transcript commandlet to record all my powershell activities.  This worked very well until I would scroll through several screens worth and then forget what file I had saved my transcript too.  There was also the possibility of forgetting to transcript everything.

By using the powershell profile file I was able to enter the commands to automatically set the transcript to the current date. I was then able to modify the title of the powershell prompt to display the filename so I could always see where the file was saved with the added bonus of a variable being used if I ever needed to open the transcript

My next step was to include the time in the powershell prompt – this enables me to go back through the transcript and see how long it took to run the commands for my timesheet entries.  Remembering back to the good old dos days, I remembered the prompt command. A quick bit of experimenting with the Date command I had the current time displayed at the beginning on the Powershell prompt. Note this is displayed after the previous command is run, so technically it’s not the exact current time, but the time that the prompt was displayed on the screen.

The final profile script can be copy/pasted into notepad by typing in

notepad $profile

is as follows:-

cd \andy\powershellinamonthoflunches

$log="c:\temp\powershelllogs-" + $env.username + (get-date -uformat "%y%m%d-%H%M") + ".txt"
start-transcript $log
$host.ui.rawui.WindowTitle = $log

function prompt
{
write-host ((Date -uformat %T).ToString() + "PS " +$(get-location) + ">") -nonewline
return " "
}

This ends up with a powershell prompt that looks like the following. Hope this brief posting inspires you to change your powershell prompt to be even more useful for you.

 

Powershell prompt with the filename in the title and current time in the prompt

 

Group Policy Naming Conventions?

Jeremy Moskowitz from the GPAnswers website posted a good question today – How do you name your Group Policies? Strangely enough it had never occurred to me to have a naming convention for the GP’s – normally I just make sure they are descriptive enough in the name and use the comment fields in 2008 and newer to provide a changelog of the Group Policy and details on what it should do. However, this does rely on EVERYONE updating the group policy and I know this doesn’t always happen – even I sometimes forget to fill in this information when making a quick change, so have a standard naming convention seems a great idea. Having the author (or initials) is also important so other people can easily hunt track you down to get clarification or assistance on the settings.
Do you have any naming conventions that you use?

Fixed – Windows 2008 Server continually boots into safe mode.

We had a weird issue this morning after applying windows updates to a server and found that the server had rebooted into safe mode. We tried various methods of forcing the server back to normal mode through the F8 prompt, even attempting a Windows Repair from cd but nothing seemed to work.
In the end we ran “bcdedit /deletevalue safeboot” from the command prompt, rebooted the server and it came back up in normal mode. There was a long, very dramatic pause, whilst the server reverted changes to the windows updates but we were eventually able to log back into the server. We then took a snapshot and installed the windows updates 50% at a time – and of course, this time every patch installed successfully.
I suspected that the server was reading the bcd and booting into safe mode, but I’d have thought that pressing F8 and selecting normal mode would have overwritten this selection – obviously I was wrong.
I really long for the good old boot.ini days.
The Technet article “Restart the domain controller in Directory Services Restore Mode Remotely” gave us the bcdedit commands to run. It was amazing how many google hits there are for failing to restart a server in safe mode (oops – here’s another one), but not many on how to stop a Windows 2008 Server from starting in safe mode.

Fixed – Printers missing in Windows 2008 r2 (and Windows 7)

As part of a client migration this week I had to install a whole load of new printers on a new Windows 2008r2 server. In particular, one copier printer had about 7 different printers setup pointing to the same device – this was to allow the user to select which tray they wanted to print to without having to change the printer settings each time.
By the time I got to my fifth printer I noticed that the devices window was only showing two printers. When I selected the details view in explorer it was only showing printer1 and printer4, pressing F5 to refresh the screen would only show printer2 and printer3. This was really disconcerting as I kept getting interrupted in what I was doing so it was hard to work out which printers had already been setup when they did not appear in the user interface. However they did appear in the list of printers when I went to print something from notepad.
Puzzled, I did some searching and eventually came across Network Steve’s post about bringing back printers in Windows 7. Following his instructions and creating a new Key under hklm \Software \Microsoft \Windows \CurrentVersion\ Explorer \ControlPanel \NameSpace called {2227a280-3aea-1069-a2de-08002b30309d} a new icon appeared in control panel called printers and I can now see all of the printers so Thanks Steve!
Incidentally, these printers were set up and shared on a print server and then accessed on a locked down terminal server. I haven’t been able to work out how to get the list of printers to show up for a locked down user within control panel. The printer icon is not a normal .cpl file so I can’t include that in the list of available icons in control panel for users to use. This is not a critical function but helps when testing and troubleshooting printer issues for users in the future.

Howto enable Group Policy event logging in Windows2008

There are many websites on the internet that talk about the previous method of enabling group policy logging by adding the UserEnvDebugLevel registry entry as per Microsoft kb article 221833. Unfortunately this does not work in Windows2008 and the kb article does not link to another article that does work.

However I found out that this was changed (in Vista I think) to a different registry entry and a new log file is created. Create a new Dword value called GpSvcDebugLevel under HKLM\Software\Microsoft\Windows NT\Current Version\Diagnostics and set the value to 100002 (in hex). This will then create a file called gpsvclog.log in the %windir%\debug directory.

It looks like the preferred method of debugging the logs is to read the events that are stored in Eventvwr under Applications and Services Logs\ Microsoft\ Windows\ GroupPolicy\ Operational

Fixed – Group Policy settings show “An error occurred while generating report: An unknown error occurred while the HTML report was being created.”

Whilst doing some troubleshooting work for a client’s group policy settings that were not being applied to a vista machine I launched the Group Policy Management Console (gpmc) and when I went to view the Resultant Set Of Policy (RSOP) of a client machine and when I tried to view the default domain policy I received the message “An error occurred while generating report: An unknown error occurred while the HTML report was being created.” All other group policies appeared fine – it was just the default domain policy – arguably the most important one and not an easy one to restore. My first step was to use a DC that did not have the gpmc installed to use the native group policy tools within the Active Directory Users and Computers snapin. Fortunately this tool worked and I could see the settings…..lots of them.
As I knew the group policy did not seem to be corrupt I then went back into gpmc and attempted a backup of the group policies. All but the default domain policy backed up successfully.
The error message almost looked similar to issues when trying to view web pages on a server with the enhanced ie security enabled but it didn’t really make sense that it was only affecting one group policy.

After a few minutes of digging I found an entry on tek-tips (a site I don’t like to use due to the popups and nag screens) but in this case the answer worked. From Roadki11’s posting on tek-tips.com:-

Cause:
Seems to be something with importing IE security settings.

Solution:
Edit install.ins inside: {GUID of Policy}\user\MICROSOFT\IEAK

[Security Imports]
ImportSecZones=1

Set it back to “0”

Using gpmc I obtained the guid of the policy by right clicking the policy and choosing properties then I connected to c:\WINDOWS\SYSVOL\sysvol\domain\Policies\{guid}\user\Microsoft\ieak
First I made a backup and then edited install.ins, set ImportSecZones to 0 and was then able to edit the policy in gpmc.
Hopefully the background information and the instructions on how to connect to the correct file helps others.
Whilst you are in the gpmc make sure you go down to Group Policy Objects, right click, Backup All, select a location, enter the date and time stamp for the description and back those policies up. Document where the backups are stored so that if you need to restore them they are easily accessible – even on another computer.
I’ve now added the backup to our checkup and system documentation instructions so at a minimum we will have monthly backups of the group policies and a documented location for where this information is kept. In an ideal world, printing off the settings would also be a good way to document the information too.

Cost for bulk uploading to Microsoft’s Exchange Hosted Archive

As part of our investigations into hosting mail online using Microsoft Exchange Hosted services I have spent several hours on the phone with several companies to obtain prices and quotes. A couple of companies are out of the running as they didn’t bother to return my calls and although Microsoft were helpful, they just did not get it.
One of their offerings is email archiving. Every email sent and received, both internally and internally is copied to the archive service which is then searchable for ediscovery or just in case you can’t find that one email you know you received way back when. The only downside with this is the old email currently sitting on the exchange server that would not be searchable. However according to the Buy Microsoft Exchange hosted Services, “”You may bring historical data into the archive for a one-time charge, which is priced per GB”
As you can purchase the standard archive service from Microsoft and the same page contains prices for this service, it makes sense that Microsoft would be able to provide costs for this data import. About 2 hours on the phone later I realised that Microsoft unfortunately do not have a clue and nobody was able to give me a straight answer or even a ballpark figure. I was bounced around to several departments until eventually someone said that this service is purchased through the reseller channel. This doesn’t really make sense as the BPOS service itself can basically be purchased direct so why not the data import?
Our reseller is Ingram Micro, but their price list is only available to people with an account – useless for a tech like me who is trying to get some data together. However, CDW came to the rescue and this service is available by purchasing the “Microsoft Exchange Hosted Archive Historical Data Load at a cost of $60 per user (not per GB as in the original Microsoft documentation). The part number is 74P-00053. If you have an Enterprise Select agreement the part number is 74P-0059 but the price is still the same.

I’m not sure why Microsoft can’t give this price in the original web page and say to contact your normal reseller for more information.
Once the order has been placed there are more hoops to go through to get the data sent to Microsoft. The data can apparently be ftp’d to Microsoft – I’m hoping this is actually secure ftp – but as most users are going to have many Mb’s or Gb’s of data the normal scenario is to put the data onto a USB drive. I was pleased and also surprised to see they support Truecrypt. For more details of the process, continue to read the rest of the entry.
Continue reading “Cost for bulk uploading to Microsoft’s Exchange Hosted Archive”

OMSA configuration files – finally posted.

I’ve finally got around to uploading and saving the Dell Configuration and Dell alert script files that will assist in obtaining alerts when Dell Servers detect a problem. The script files are pretty self explanatory – the conf.bat file configures the alerts on the server, dellalert.bat gets activated and sends and email to your email address or pager/sms email address.

Note that for easy transfer from client site to client site, it’s probably best to set the mailserver parameter to be the mx record of your mail server (assuming you allow smtp out from client machines) – this way it’s one less thing to change when deploying at client sites.

For more information check out the OMSA configuration section of this blog although the main post with instructions is at Dell Open Manage Server Administrator OMSA Alert Setup Updated.

Download the Configure OMSA Batch File zip file here

Preventing Trend Micro from scanning server after the umpteenth time of installation.

When you have a problem with Trend and have to keep reinstalling it on the server, it gets extremely frustrating waiting for the agent to do a prescan and then fail to complete the install due to “unable to install the client/server security agent.Contact Trend Micro support. Error copying FlowControl.dll”

The problem of flowcontrol.dll can be fixed by deleting the trend micro\Client Security Agent folder after you have uninstalled the software. If you get a problem deleting perficrcperfmonmgr.dll then unregister it with regsvr32 /u perficrcperfmonmgr.dll  Wait a few seconds and then rename the Client Security Agent folder to .old.  Repeat the installation and the software should install with no problems.  (Note that you may have to reboot if the Security Agent service fails to stop)

To prevent the server from rescanning for virus’s (which after all it has been doing in the past and will take a long time on a server), edit the autopcc.ini that can be found in the \\server\ofcscan\autopcc.cfg folder.  Change NoPreScan to 1 instead of 0 and then run the autopcc.exe install program.

For what it’s worth, we are looking at using Trend due to some of the features such as the Remote Manager capabilities and the fact that they do seem to listen to their users and resellers.  I had a good training session with one of their Technical managers a week ago which was really great. unfortunately the install that sparked this blog post has caused me no end of problems and Symantec would be a much more efficient install in this case.