Creating a scheduled task without being administrator

Good morning, I was working on a scheduled task that would run on a user’s PC and start a particular application when the user logged into their machine and it had to run as the user in particular logging in.  What I discovered was that if the user wasn’t administrator on the box I would get an access denied in both PowerShell and schtasks.

scheduledtask

What I figured out was that if you choose to run the task at logon (I assume this probably applies to at startup as well) it requires administrative rights but if you schedule the task as an hourly, daily, weekly, etc. task it doesn’t require administrative rights to create it.  Now this requires that what the task is running itself doesn’t need administrative rights but in my case it does not.

scheduledtask2

Now you may be asking yourself why didn’t he simply create a scheduled task through group policy.  Well, the reason for that is I wanted it to target a specific computer collection in SCCM that targeted only laptops.  I could have done it with a GPO and even filtered the GPO with WMI filtering and accomplished the same thing but the application is pushed out through SCCM and I wanted everything that went with it targeted to that collection.  Maybe slightly more work on my part but good to know nonetheless.

Quickly fix Windows is not Genuine from different Windows versions.

I had an issue today with an old KMS server that some machines had been talking to getting shut down and then the machines months later complaining that they couldn’t find the KMS server.  I  then removed the KMS server’s DNS entries and prevented it from publishing them to dns which had been missed before.  That isn’t the purpose of this post though so if you need more info the below two links help out a lot.

How to remove a KMS Server from your Infrastructure

Additional info for Server 2008 only.

Back to the purpose of my post was when I get tickets for activations (as I have over the past few days) I wanted an easy script to run slmgr, remove the product key, input, and activate the new key.  We use MAK keys in our environment so just for the few machines that were set up for KMS a simple script sounded like an easy way to take care of them. Problem is I run Windows 10 and the machines I was trying to fix were Windows 7. SLMGR.vbs is version specific so although I probably could have copied one off a windows 7 machine I came up with the below solution to work on any version of Windows.  To accomplish this I used our old friend psexec which creates a session runs each slmgr command locally on their machine and outputs the result after prompting for a machine name.  A really simple script but maybe someone will find this useful.  Don’t forget to put psexec in the same directory you run the script from.  Happy Friday 🙂

set /p machinename=Input the PC Name:%=%
PsExec.exe \\%machinename% cscript %SystemRoot%\System32\slmgr.vbs /upk
PsExec.exe \\%machinename% cscript %SystemRoot%\System32\slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
PsExec.exe \\%machinename% cscript %SystemRoot%\System32\slmgr.vbs /ato

 

 

Outlook additional mailboxes and from functionality

This is an old issue that I haven’t encountered lately but I was reminded of the other day when adding a shared mailbox for a user and felt a post might help someone else out. Previously I got a request that when sending from a mailbox that had been added as additional mailboxes the from is always sent from the default mailbox not from the additional mailbox unless you go up to options and click the from button to enable the from field and change the from address as shown below.snip_20160602101231

As it is easy to forget to change the from field and kind of a pain to change every time I went on the hunt for an answer to my dilemma.  I can’t seem to find this functionality in Microsoft’s documentation anywhere, but if you add the mailbox as a new email account instead of an additional mailbox the from address will change based on what mailbox you are in when you click new email.  As in the screenshot below you can accomplish this by  going to the file tab and account settings.

snip_20160602101853

To add the mailbox click new on the email tab, then click next.  Then type in the mailbox name and the email address.  The password can be left blank since aslong as you have full access and sendas permissions delegated to the user in Exchange.  Then just click next through the rest of the prompts and finally click finish.

snip_20160602102725

The only caveat to this is that automapping in Exchange adds as an additional mailbox so you might end up with duplicate entries of the same mailbox.  To fix this you will need to add the mailbox permissions through EMC (Exchange Management Console).  Microsoft has instructions on how to add the permissions without automapping in this Technet Article but the command for the EMC is also below.

Add-MailboxPermission -Identity JeroenC -User 'Mark Steele' -AccessRight FullAccess -InheritanceType All -Automapping $false

If you want to fix existing auto-mapping behavior for all the permissions on a particular mailbox the below commands will do the trick.

$FixAutoMapping = Get-MailboxPermission sharedmailbox |where {$_.AccessRights -eq "FullAccess" -and $_.IsInherited -eq $false}
$FixAutoMapping | Remove-MailboxPermission
$FixAutoMapping | ForEach {Add-MailboxPermission -Identity $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $false}

So there you have it, a simple fix for someone using a shared mailbox that needs to be able to send from the shared mailbox.
The articles I posted are from Exchange 2010 and Outlook 2010 but I have confirmed the functionality is the same in Outlook 2013 and Exchange 2013.
 

MDT 2013 Update 2 UDI Wizard – domain join credentials issue

I recently upgraded to MDT Update 2 integrated with SCCM 1602.  Previously I used to install Windows 7 using MDT UDI (2013 I think?) and configured the OSDJoinDomain and OSDJoinPassword variables as collection variables on the collections I had the task sequence.  But after the 2013 update 2 install, on my new task sequence for Windows 10 they would show up like the below and it wouldn’t join the domain.

Capture3.PNG

So thanks to some help on this TechNet forum we were able to come up with a workaround.

  1. Create two custom variables and place them just before the UDI Wizard step in your task sequence.  One will be the account used to join the domain and the other the accounts password.Capture4.PNGCapture5
  2. Then open up the UDI Wizard Designer and on the new computer details page under “domain join credentials” put in the custom variables you setup into the default value boxes (remember to use %% around your task sequence variables).Capture6
  3. Then simply save your changes and update your MDT Toolkit package in SCCM.  Then you should be all set.

 

Simple RoboCopy Function for quick transfers

A couple of weeks ago I got to thinking, I do these little robocopy transfers all the time why not write a function so I can do a transfer and I don’t have to go looking up all the parameters.  So after a few minutes, the below script was born.  Simply run the script in Powershell, and it will prompt for the old folder (source) and the new folder (destination).  Once the copy is complete it will monitor the source directory and copy any changes until you exit the script which is great when a user is still working in the source directory such as when you need to move a home directory.  It also sticks a log file in the directory you ran the script.  Just keep in mind that this is setup to be a mirror copy and if you reverse the source and destination you will copy the blank destination to your source and end up with a blank directory.

It’s an extremely simple script but maybe it will save someone a little time.  Also in case you haven’t aren’t familiar with robocopy it is the best folder syncing tool out there and has been available since Windows Server 2003.  It won’t sync single files but will sync folders up wherever you need them, resume transfers where they left off on flaky network connections, allows throttling and much more.

function fun-robocopy {
$ScriptPath = (Get-Item -Path ".\" -Verbose).FullName
$Logfile = $ScriptPath+"\Robocopy Logfile.log"
$OLDFolder = Read-Host -Prompt 'Input Old folder to move'
$NewFolder = Read-Host -Prompt 'Input New folder to move to'
Robocopy $OldFolder $NewFolder /MIR /COPYALL /V /FP /XO /LOG+:$Logfile /TEE /Z /MON:1 /MOT:30 /W:5 /R:2
}
fun-robocopy
snip_20160531170841

Shutting off WiFi when connected to a wired connection

In the company I work for we commonly have laptops that are connected to a wired connection and are also connected to WiFi.  This isn’t good practice and DNS gets a little weird when it gets registered IP addresses from both the WiFi adapter and a registration from the wired connection.  I have been using a VB script from intelliadmin that monitors the wired connection and disables the WiFi adapter when the wired connection is plugged in which works great.  You can do as intelliadmin suggests and run it as a group policy computer configuration logon script.  The problem that I ran into with that method is that as group policy runs when a computer starts up if it’s not connected to the network the script wouldn’t run.  Even worse I ran into issues where the user would have their computer connected to a wired connection and shut it off with the wireless connection still disabled. If the user booted up off-network they would call in complaining they had no WiFi.  The solution was to copy intelliadmins vb script local and run as a scheduled task on the local machine.

  1. Use the below batch script to copy the file somewhere local on the machine.  Set this up as a computer startup script via GPO.
xcopy \\domain.com\sysvol\startupscriptgpolocation\netswitch.vbs "%ALLUSERSPROFILE%\scripts\" /D

2. Then setup a scheduled task up via group policy to run the script as system with the
action setup as start a program with the program/script (If you need help see this                    TechNet article) “%ALLUSERSPROFILE%\scripts\netswitch.vbs” and your parameters          (i.e.  “Local Area Connection” “Wireless Connection”).

Now whether your users are off-network or on-network, they will only use the WiFi adapter when an Ethernet Connection is unavailable.

IE Enterprise Mode Site list won’t load sites put into site list manager

I was working on setting up Enterprise Mode Site list for some internal legacy sites so that IE 11 would automatically start them in Enterprise mode.  I followed this article from the billamore.com blog (very well put together article by the way) on how to setup logging and deploy sites you want ran in enterprise mode this way if you have a site that hasn’t been upgraded to be up to par with IE 11 it will still work.  Well I couldn’t seem to figure out why it wasn’t loading the sites in enterprise mode.  All the reg entries were there everything seemed fine.  Well after using this Powershell script a few times to clear the downloaded site list I found a forum on technet that had my answer buried all the way at the bottom.  You can’t use http:// at the start of the site it has to simply be the top level domain for example “domain.com”.  I figured since it simply said URL http://domain.com would work just fine or even http://domain.com/page1.  Guess I figured wrong.snip_20160524164001