We’ve had some issues with admins improperly applying permissions in the past, and in recent times as well. Because of this, we’ve decided that maintaining permissions change logging to determine who it is that’s having issues learning how to apply permissions can get some extra training on how to appropriately set file ACEs. The issue with doing this is that it generates ~40GB of compressed Windows logs daily, or closer to 100GB uncompressed. So, how can we use PowerShell to parse through the binary logs, store the info we need, and then get rid of the relatively gigantic evtx files?
Continue reading File server permissions change auditing.
Today I got a half-joke request from a colleague to write script to help him audit service accounts across a multitude of servers. Initially, I didn’t see the use of writing a full script to do this for myself and my AD environment so I fired off this from my phone as a quick/dirty version.
Continue reading Powershell Script to Audit Service Accounts Across All Servers
Trying to install Exchange 2013 Management tools on Windows 8.1 is likely to present some problems by default. Unless you’ve already installed the IIS components required by Exchange you’ll get an extremely unhelpful error message when trying to install, saying that it cannot be installed on a client-based OS.
Continue reading Exchange 2013 Management tools on Windows 8.1
Our fileserver was running low on space and still growing at about 80GB/month. Rather than throw more storage at it, which would only buy us another few months before we had to do it again, I figured I’d look for something that would archive unused data to secondary storage, without rendering it unreachable.
Continue reading Online File Server Archiving with PowerShell
We’re in the middle of an Exchange 2007 to 2013 On Premise migration, and we haven’t been having the best time. After a major mail crash in 2011, every time we’ve attempted to move off the recovered server, either to Exchange 2010 or to a freshly built Exchange 2007 setup, we’ve encountered major, migration stopping issues.
Continue reading Exchange 2013 2007 CoExistence Frozen Transport Queues
While working to get rid of all our 2003/2008 DCs to get our AD to a 2012 Native level I came across one 2008 DC that was extremely difficult to rid ourselves of. It was created about a year ago to replace our 2003 FSMO master, and had been running without major issue since then. After building a new 2012 VM, and DCPromo’ing it, I transfered the FSMO roles to a stable server and set out to demote and decommission the 2008 machine. Upon running dcpromo from an admin shell, the system began to detect the ADDS binaries, and failed. The message it failed with was an extremely helpful “Failed to detect if Active Directory Domain Services binaries were installed. The error was: An error with no description has occurred.” Lovely.
Continue reading dcpromo fails with An error with no description has occurred on Server 2008R2
Going through my site-stats, and list of common referrers I found a few neat things, the first is that Google provides about 98% of my traffic. That wasn’t surprising, but I’m interested in the following two referrers, which are rather frequent, and are not public websites.
Continue reading Things that make me happy…
I was asked if it was possible to rebrand our Office apps so that by default, we’d all be compliant with corporate branding when composing email, PowerPoint presentations, and Word documents. If I didn’t get to do fun things with computers, that would actually sound like the worst thing ever. But this kind of stuff is neat, so yay me! Continue reading Change default font in Office 2010 (Outlook, Word, PowerPoint) by GPO
I wanted to install a cert on my router so that I could stop getting shit for not trusting it when I log in. However, installing the cert on every device that I access it with. Since I’ve got all my computers on a domain, I can just install the CA role on my DC, so I don’t need to fuck around with an untrusted CA like StartCom who offer free certs, but still require you to install the CA chain, or buy a ridiculously overpriced cert from some random CA.
Continue reading Generate Certificate for TomatoUSB from Active Directory CA
I have been trying to figure out how to get all my machines to use the same PATH since it’s getting annoying always forgetting that things aren’t included on my desktop PATH that are on my laptop, and vice versa.
Continue reading Set multiple custom %PATH% variables through Group Policy