Windows Spotlight Wallpaper

Windows Spotlight has some nice wallpaper and I’d like to keep a couple for later use, so here’s the shortest Powershell script I could make to save them to my Pictures directory:

$src = "$env:LOCALAPPDATA\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets"

$dest = "$env:USERPROFILE\Pictures\Windows Spotlight"

Get-ChildItem "$src" | where {$_.length -gt "141160"} | foreach {cp "$src\$_" "$dest\$_.jpg"}

I only copy files greater than 141160 bytes because some files in that directory are not wallpapers and the largest non-wallpaper file is 141160 bytes. So it’s a good starting point.

Advertisements

If user exists?

Getting a simple check if an AD user exists has been a nightmare. I wanted something simple and straightforward and I finally found it.

$userobj = $(try {Get-ADUser $user} catch {$Null})
If ($userobj -ne $Null) {
   Write-Host "$user already exists" -foregroundcolor "green"
}
else {
   Write-Host "$user not found " -foregroundcolor "red"
}

Another options would be to use dsquery:

if (dsquery user -samid $user) {
   Write-Host"$($user.name) exists."
}
else {
   Write-Host"$($user.name) doesn't exist."
}

These are the simplest options I can find.

Powershell and SNMP

I’ve been trying to get all my servers snmp settings fixed and it’s been kind of a pain. Powershell doesn’t have any good cmdlets, but I’ve found a couple examples. This is very nice script, but doesn’t work on remote machines unless you do PS Remoting. (I need to bone up on my PS remoting now.)

I ended up using the following for the base of a script. I need only a very simple script so this looks for a specific registry key which will be the name of the CommunityString. Since mine is ‘Public’, I’m just looking for that.

function Get-RemoteRegistryValue ([string]$ComputerName, [string]$KeyPath, [string]$Value) {
    try {
        $Hive = [Microsoft.Win32.RegistryHive]::LocalMachine
        $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($Hive, $ComputerName)
        $key = $reg.OpenSubKey($KeyPath)
    } catch {
        return "ERR"
    }
    return $key.GetValue($Value)
}
Get-RemoteRegistryValue -ComputerName $server -KeyPath 'SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities' -Value 'Public'

Intel AC-7260 and UniFi

An Intel AC-7260 (on my Latitude 7440) was stuck at 54Mbps when connecting to my Ubiquiti AP AC-Lite. It’s been a great AP to me and all my other devices connect right up, so the issue must be with the laptop or wifi adapter. I found that the laptop wouldn’t connect at all if I set WPA2 to use AES only which is recommended because TKIP is deprecated.

wpa2_auto.PNG
I don’t like reduced performance.

When transferring large files I’d only get 3.5MBps. Ohfercryinoutloud, a cheap flash drive does better than that!

After messing with settings and drivers for a while, I finally found what was needed to get the AC-7260 to connect to WPA2 with AES/CCMP.

Using the latest Intel drivers (v19.70)

  1. Right Click / Status on the wifi adapter while connected to the SSID.
  2. Click Wireless Properties.
  3. Go to the Security tab and change the Encryption Type to AES.
  4. Set AP to use WPA2 with AES/CCMP.

    wifi_status.PNG
    Forcing it to use AES for this SSID.

Next, just make sure you’re on a A band for best performance by either using the Connection tab next to the Security tab or by using the Preferred Band setting in the Advanced tab of the driver.

xfer_increase.png
The changes made a difference.

WSUS: Reset Server Node While Browsing Computers

I’ve run into another very annoying WSUS bug and this one deals with Computer Model information being corrupted when being entered into the SUS DB.

wsus_groups.png
Crashing groups highlighted in red.

Twice I’ve encountered a bug where the WSUS console would crash every time I tried to browse the All Computers or Unassigned Computers groups, but it wouldn’t crash when I browse another sub-group.

I found a very useful blog post that showed how to fix it but I’m unable to find it now; however, I was able to remember the steps I took.

  1. Using SSMS, export the table tbComputerTargetDetail to a csv. (Select * query, then save the results as csv.)
  2. Sort the various columns to find the one with the box (like an unknown character). This is the corrupt entry. For me, its always been the ComputerModel field.

    wsus_corrupt_example.png
    A similar example.
  3. Note the TargetID #.
  4. You can use the TargetID number in the tbComputerTarget table to find out the hostname of the offending machine for a permanent fix.*
    SELECT FullDomainName
    FROM [SUSDB].[dbo].[tbComputerTarget]
    WHERE TargetID = '<targetid#>'
  5. Blank out this field.
    UPDATE [SUSDB].[dbo].[tbComputerTargetDetail]
    SET ComputerModel=''
    FROM [SUSDB].[dbo].[tbComputerTargetDetail]
    WHERE TargetID='<targetid#>'

WSUS will be working again.

*To fix this issue on my client machines, I’ve only needed to update the offending machine’s BIOS.

WSUS Doesn’t Download Updates

While rebuilding WSUS (once again) I discovered another snag. When first configuring WSUS I put in “D:” for the drive to store the updates because the wizard didn’t like “D:\”. Unfortunately, both are wrong. From what I read in various posts, the wizard used to default to the largest drive with free space and append \WSUS for a directory. If you just specify “D:”, the updates try to download to D:WsusContent and not D:\WsusContent. (The eventlog shows this.)

A comment on this blog post helped fix it without a reinstall:

wsusutil movecontent D:\WsusContent D:\WsusContent\movelog2.log -skipcopy

After a reboot (and waiting, as WSUS isn’t very speedy) , the updates started downloading.

For future installs: don’t specify the just the root of a drive, specify a subdirectory like “D:\WSUS”.

PS: here’s what the log file says:

2017-04-07T21:04:23 Successfully stopped WsusService.
2017-04-07T21:04:23 Beginning content file location change to D:\WsusContent
2017-04-07T21:04:23 Did not copy files due to -skipcopy flag.
2017-04-07T21:04:23 Successfully changed WUS configuration.
2017-04-07T21:04:24 Successfully changed IIS virtual directory path.
2017-04-07T21:04:24 Successfully removed existing local content network shares.
2017-04-07T21:04:24 Successfully created local content network shares.
2017-04-07T21:04:24 Successfully changed registry value for content store directory.
2017-04-07T21:04:24 Successfully changed content file location.
2017-04-07T21:04:25 Successfully started WsusService.
2017-04-07T21:04:25 Content integrity check and repair...
2017-04-07T21:04:25 Initiated content integrity check and repair.

pi-hole.net: DNS based ad-blocking

pi-hole.net is a fun little project. I set it up as a VM and set my DHCP server to use it as the DNS server and whammo! insta-adblocking.

GOOD:

  • Easy to install and setup. (Walk through the wizard to install, then update your DHCP server to use pi-hole as your DNS server.)
  • Fast and small. (Well, it was designed to run on a Raspberry Pi.)
  • Nice GUI and reports.
  • Effective.
  • Fun little weekend project.

BAD WISHLIST:

  • There is nothing bad, but I wish it would run under Alpine Linux. The Ubuntu server I spun up is terribly large.

RESULTS:

pi-hole.net doesn’t block everything that uBlock does, but it does catch an extra 3% more ads than without uBlock (according to the sites I visit), and it will help all the tablets and phones on your network that don’t have uBlock.

dashboard212[1]

Rebuilding WSUS gotchas

I had to rebuild my SUS server because the old one was still on Win2008 (x86) and I couldn’t get any of the Win10 Anniversary Edition updates.

After rebuilding the server, everything is going great. The service is installed, the updates are downloading, and I see that there are updates for the SUS server pending. So I apply them and reboot.

And the updates breaks SUS and the SUS Console giving me a constant “Reset Server Node” error.

I found this post with details to fix it. KB3159706 needs some post install steps done to unbreak SUS. (Why can’t these post install steps can’t be done automatically or with a warning?)

Summary of the fix:

  1. Open an elevated Command Prompt window and run: “C:\Program Files\Update Services\Tools\wsusutil.exe” postinstall /servicing
  2. Install HTTP Activation under .NET Framework 4.5 Features
  3. Restart the WSUS service.

Also, don’t forget to add the port (:8530) to the GPO:

gpo_update_settings.PNG

(I haven’t configured SSL yet. It is recommended, and it does change the port to 8531.)