Archive for the ‘Windows Server 2008 R2’ Category

enumerate site / web permission per web application PowerShell Script

Posted by IsaacBlum at 5 July 2011

Category: Business, For The Greater Good, Free Help, Microsoft, PowerShell, SharePoint, SharePoint 2010, SharePoint 2010 Foundation, Windows Server 2008 R2

Tags: , , , , , ,

Use case: Needed to understand the current security layout of a SharePoint site that was migrated from 2007 to 2010. The customer didn’t know what permissions were set where. They needed a way to report on how each site was granting or restricting permissions.

*Notes:

  • I’m not disposing of any objects. Sure I understand this is bad, but the intention of this script is to be run one time in a test environment. So if you plan on running this in production, I would suggest adding the dispose objects.
  • Script is set to put the raw xml file at the C:\, you change this in the .ps1 file.
  • Runs against all web applications in farm minus central admin.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

$logfilepath = "C:\"
 
##Create Table - ScanTable
$ScanTable = New-Object system.Data.DataTable "ScanTable"
$col1 = New-Object system.Data.DataColumn ("URL", [string])
$col2 = New-Object system.Data.DataColumn ("Member", [string])
$col3 = New-Object system.Data.DataColumn ("BasePermissions", [string])
$col4 = New-Object system.Data.DataColumn ("PermFriendlyName", [string])
$col5 = New-Object system.Data.DataColumn ("User_Group", [string])
$ScanTable.columns.add($col1)
$ScanTable.columns.add($col2)
$ScanTable.columns.add($col3)
$ScanTable.columns.add($col4)
$ScanTable.columns.add($col5)
 
$PermLevels = @{}
 
function getsec
{
	Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue
 
	$PortalName = Get-SPWebApplication | select DisplayName
	foreach ($p in $PortalName)
	{
		$webapp = Get-SPWebApplication | ? {$_.DisplayName -eq $p.Displayname}
		#$webapp = Get-SPWebApplication | ? {$_.DisplayName -eq "SharePoint"}
		foreach ($s in $webapp.Sites)
		{
			foreach ($web in $s.AllWebs)
			{
				foreach ($r in $web.roles)
				{
					$permpermmask = $r.PermissionMask
					$permname = $r.Name
					$PermLevels.Add("$permpermmask", "$permname")
					trap [Exception] {continue;}
				}
				$red = $web.HasUniqueRoleDefinitions
				foreach ($perm in $web.Permissions)
				{
					#$perm | select *
					#$perm.PermissionMask
					$permpermmaskcurrent = $perm.PermissionMask
					$level = $PermLevels.Get_Item("$permpermmaskcurrent")
					if ($perm.xml -like "*GroupName*")
					{
						$usergroup = "SharePoint Group"
					}
					if ($perm.xml -like "*UserLogin*")
					{
						$usergroup = "AD User"
					}
					$MemberIsADGroup = $perm.Member.IsDomainGroup
					if ($MemberIsADGroup -eq $true)
					{
						$usergroup = "AD Group"
					}
					$output = $ScanTable.Rows.Add($web.url, $perm.Member, $perm.BasePermissions, $level, $usergroup)
				}
			}
		}
	}
	$ScanTable.WriteXML("$logfilepath\SecurityReport.xml")
}
getsec
2 Comments

The ENU localization is not supported by this SQL Server media

Posted by IsaacBlum at 4 May 2011

Category: Business, For The Greater Good, Free Help, Microsoft, SQL Server 2008 R2, Windows Server 2008 R2

Tags: , , ,

I had just installed SQL 2008 R2 Analysis Services, Then I rebooted to install SQL Reporting services, all of the sudden i received this error  “The ENU localization is not supported by this SQL Server media.”

Fix:

Copy  %InstallMedia%\resources\1033\setup.rll to C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\Resources\1033 * Overwrite the file located here. *

P.S. Know Idea on the Support from MS on this fix. So do this at your own risk.

2 Comments

SharePoint Diagnostic Studio : Re-Post

Posted by IsaacBlum at 25 April 2011

Category: Business, For The Greater Good, Free Help, Microsoft, PowerShell, SharePoint, SharePoint 2010, SharePoint 2010 Foundation, Windows Server 2008, Windows Server 2008 R2

Tags: , ,

The SharePoint Diagnostics Studio gathers and consolidates Event and Diagnostic (ULS) logs in addition to information from the Usage database and presents it through a graphical user interface supporting clarity and a single view into issues impacting a deployment.

The SharePoint Diagnostics Studio provides a wide variety of reports intended to address the most common issues impacting capacity, performance, availability, and usage that can be used independently or together to identify and isolate issues occurring in a SharePoint environment.
No Comments

Built-in accounts are used as application pool or service identities.

Posted by IsaacBlum at 21 February 2011

Category: Business, For The Greater Good, Free Help, Microsoft, SharePoint, SharePoint 2010, SharePoint 2010 Foundation, Windows Server 2008, Windows Server 2008 R2

Tags: , , , , , ,

By default the SharePoint Trace service runs as local system.This script will fix that. 

1. Create a SharePoint 2010 Trace Account. Ex: SPTrace

2. Edit lines 2 and 3 of the PowerShell script.

3. Run script on each server in farm. (not FAST or SQL servers) a. PS C:UsersspinstallDesktop> .TraceAccountFix.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

# Trace Account Details
$TraceAccount = "DomainSPTrace"
$TraceAcctPWD = "Enter The password here"
$SecTraceAcctPWD = (ConvertTo-SecureString $TraceAcctPWD -AsPlainText -force)
 
# Formatting
$TraceAccountDomain,$TraceAccountUser = $TraceAccount -Split "\"
 
# Get the tracing service.
$farm = Get-SPFarm
$tracingService = $farm.Services | where {$_.Name -eq "SPTraceV4"}
 
$Cred_TraceAcct = New-Object System.Management.Automation.PsCredential $TraceAccount,$SecTraceAcctPWD
 
## Add Managed Account for Trace Account
$ManagedAccountTrace = Get-SPManagedAccount | Where-Object {$_.UserName -eq $TraceAccount}
If ($ManagedAccountTrace -eq $NULL) 
{ 
	Write-Host -ForegroundColor White "- Registering managed account" $TraceAccount
	New-SPManagedAccount -Credential $Cred_TraceAcct | Out-Null 
}
Else {Write-Host -ForegroundColor White "- Managed account $TraceAccount already exists, continuing."}
 
 
# Get the managed account.
$managedAccount = Get-SPManagedAccount "$TraceAccount"
If ($tracingService.ProcessIdentity.ManagedAccount -notlike "*$managedAccount*"){
 
# Set the tracing service to run under the managed account.
$tracingService.ProcessIdentity.CurrentIdentityType = "SpecificUser"
$tracingService.ProcessIdentity.ManagedAccount = $managedAccount
$tracingService.ProcessIdentity.Update()
 
# This actually changes the "Run As" account of the Windows service.
$tracingService.ProcessIdentity.Deploy()
}
 
Try{
([ADSI]"WinNT://$env:COMPUTERNAME/Performance Log Users,group").Add("WinNT://$TraceAccountDomain/$TraceAccountUser")
}
catch {Write-Host -ForegroundColor White " - $TraceAccount is already an in the Performance Log Users group, continuing."}
 
Write-Host "All Done"
1 Comment

Trust Relationship Between Workstation and Domain Fails After a SnapShot

Posted by IsaacBlum at 10 January 2011

Category: Business, For The Greater Good, Free Help, HyperV, Microsoft, virtualization, VMWare, Windows 7, Windows Server 2008, Windows Server 2008 R2

Tags: , , , , , ,

Trust Relationship Between Workstation and Domain Fails after you restore to a previous snapshot for either VMware or Hyper. This is because by default every 30 days the Active Directory(AD) server will change the machine key for each of its members. In a development environment where security is not important. This can cause a headache, causing you to unjoin then rejoin servers back to the domain. The other option is to disable this function.

  1. On the Domain Controller : Launch Group Policy Management -> Control PanelSystem and SecurityAdministrative ToolsGroup Policy Management
  2. Edit the default group policy or edit the GPO of your choice.
  3. Edit “Domain member: Maximum machine account password age” = 999   Located -> Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
  4. Edit “Domain member: Disable machine account password changes” = Enabled   Located -> Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
  5. Edit “Domain controller: Refuse machine account password changes” = Enabled   Located -> Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
  6. Lastly run “gpupdate /force” on all servers that need this change.

Resource links:

http://technet.microsoft.com/en-us/library/cc781050(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc785826(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc781050(WS.10).aspx

No Comments

Monitoring or checking content on a website using PowerShell

Posted by IsaacBlum at 4 January 2011

Category: Business, For The Greater Good, Free Help, Microsoft, MOSS 2007, PowerShell, SharePoint, SharePoint 2010, Windows 7, Windows Server 2008, Windows Server 2008 R2

Tags: , , , ,

If you ever have a need to monitor a website for uptime, one approach is to buy an application that can monitor websites. Ex http://www.ipsentry.com/ or http://www.eventsentry.com/ (relatively cheap software that I have used in the past). The other option is to use PowerShell. This script is meant to be run on a monitoring server. Once its running it will check all the URLs you set in the configuration section of the PowerShell script. If an error in encountered it will send an email. The PowerShell has comments in all the areas you would want to change. The base script comes from http://blogs.technet.com/b/otto/archive/2007/08/23/quick-and-dirty-web-site-monitoring-with-powershell.aspx , I made a few changes…  Added the forever loop, force sending emails, added the ability to send credentials, set interval, added additional comments. Thanks and let me know if you have any questions.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

function siteupdown{
## Display Help
if (($Args[0] -eq "-?") -or ($Args[0] -eq "-help")) {
   ""
   "Usage: SysinternalsSiteTest.ps1 -alert
<address> -log"
   "       -alert
<address>      Send e-mail alerts"
   "       -log                  Log results"
   ""
   "Example: SysinternalsSiteTest.ps1 -alert somebody@nospam.com -log"
   ""
   exit
}
 
## Create the variables
$global:GArgs = $Args
 
$urlsToTest = @{}
$urlsToTest["SP2010"] = "http://sp2010/Pages/default.aspx"
## Add more URLs for monidoting **Note URL cannot be rediriecting urls.
#$urlsToTest["TechNet Redirect"] = "http://www.microsoft.com/sysinternals"
#$urlsToTest["Sysinternals Home"] = "http://www.microsoft.com/technet/sysinternals/default.mspx"
#$urlsToTest["Sysinternals Forum"] = "http://forum.sysinternals.com"
#$urlsToTest["Sysinternals Blog"] = "http://blogs.technet.com/sysinternals"
#$urlsToTest["Sysinternals Downloads"] = "http://download.sysinternals.com/Files/NtfsInfo.zip"
 
$successCriteria = @{}
$successCriteria["SP2010"] = "*press releases*"
## Add more success criteria here.
#$successCriteria["TechNet Redirect"] = "*Mark Russinovich*"
#$successCriteria["Sysinternals Home"] = "*Mark Russinovich*"
#$successCriteria["Sysinternals Forum"] = "*Sysinternals Utilities*"
#$successCriteria["Sysinternals Blog"] = "*Sysinternals Site Discussion*"
#$successCriteria["Sysinternals Downloads"] = "*ntfsinfo.exe*"
 
## Set Username Password and domain here
$Username = 'be'
$Password = 'password!!!1'
$Domain = 'gen'
 
## sets up the call
$webClient = new-object System.Net.WebClient
$webClient.credentials = New-Object System.Net.NetworkCredential($Username, $Password, $Domain)
 
foreach ($key in $urlsToTest.Keys) {
   $alert = $false
   $output = ""
 
   $startTime = get-date
   $output = $webClient.DownloadString($urlsToTest[$key])
   $endTime = get-date
 
   if ($output -like $successCriteria[$key]) {
      $key + "`t`tSuccess`t`t" + $startTime.DateTime + "`t`t" + ($endTime - $startTime).TotalSeconds + " seconds"
 
      if ($GArgs -eq "-log") {
         $key + "`t`tSuccess`t`t" + $startTime.DateTime + "`t`t" + ($endTime - $startTime).TotalSeconds + " seconds" >> WebSiteTest.log
      }
   } else {
      $key + "`t`tFail`t`t" + $startTime.DateTime + "`t`t" + ($endTime - $startTime).TotalSeconds + " seconds"
	  $alert = $true
      if ($GArgs -eq "-log") {
         $key + "`t`tFail`t`t" + $startTime.DateTime + "`t`t" + ($endTime - $startTime).TotalSeconds + " seconds" >> WebSiteTest.log
		 $alert = $true
      }
 
      if ($alert -eq $true) {
         Write-Host "Sending Email"
		 ## Set email settings Below. $emailFrom, $EmailTo, $smtpServer
		 $emailFrom = "email@nospam.com"
         $emailTo = "email@nospam.com"
         $subject = "URL Test Failure - " + $startTime
         $body = "URL Test Failure: " + $key + " (" + $urlsToTest[$key] + ") at " + $startTime
         $smtpServer = "smtp.nospam.com"
         $smtp = new-object Net.Mail.SmtpClient($smtpServer)
         $smtp.Send($emailFrom,$emailTo,$subject,$body)
      }
   }
}
}
## Makes the script run forever.
$i=1
for ($i -le 5; $i++)
{
## Change the number, to change check site interval. 1 = 1 seconds, 30 = 30 seconds, etc..
sleep 30;
siteupdown}
</address></address>
No Comments

SharePoint 2010 – Configuring Adobe PDF iFilter 9 – Search PDF ** now with FAST Search info!!

Posted by IsaacBlum at 19 August 2010

Category: Business, For The Greater Good, Free Help, Microsoft, SharePoint, SharePoint 2010, SharePoint 2010 Foundation, Windows Server 2008, Windows Server 2008 R2

Tags: , , , , , , , ,

Thanks http://support.microsoft.com/kb/2293357

  1. Install PDF iFilter 9.0 (64 bit) from http://www.adobe.com/support/downloads/detail.jsp?ftpID=4025 (http://www.adobe.com/support/downloads/detail.jsp?ftpID=4025)
  2. Download PDF icon picture from Adobe web site http://www.adobe.com/misc/linking.html (http://www.adobe.com/misc/linking.html) and copied at C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions14TEMPLATEIMAGES
  3. Add the following entry in docIcon.xml file, which can be found at: C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions14TEMPLATEXML
    <Mapping Key=”pdf” Value=”pdf16.gif” />
  4. Add pdf file type on the File Type page under Search Service Application
  5. Open regedit
  6. Navigate to the following location:
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftOffice Server14.0SearchSetupContentIndexCommonFiltersExtension
  7. Right-click > Click New > Key to create a new key for .pdf
  8. Add the following GUID in the default value
    {E8978DA6-047F-4E3D-9C78-CDBE46041603}
    • Name: Extension
      Type: REG_SZ
      Data: pdf
    • Name: FileTypeBucket
      Type: REG_DWORD
      Data: 0×00000001 (1)
    • Name: MimeTypes
      Type: REG_SZ
      Data: application/pdf
  • Restart the SharePoint Server Search 14
  • Reboot the SharePoint servers in Farm
  • Create a Test site (with any out-of-box site template) and create a document library upload any sample PDF document(s).
  • Perform FULL Crawl to get search result.

**FAST Search Info**

By default fast search will index inside of pdf’s, however this would may be necessary to edit/ add this if using a third party IFliter.

Edit this file :

C:FASTSearchetcconfig_dataDocumentProcessorformatdetectoruser_converter_rules.xml

Add this :

<ConverterRules>
<IFilter>
<trust>
<ext name=”.pdf” mimetype=”application/pdf” />
</trust>
</IFilter>
<MimeMapping>
<mime type=”application/pdf”>PDF File</mime>
</MimeMapping>
</ConverterRules>

Run psctrl reset to reset all currently running item processors in the system.

No Comments

Enable Wireless, Server 2008 R2, rtl8191se

Posted by IsaacBlum at 12 April 2010

Category: Business, For The Greater Good, Free Help, Microsoft, Windows Server 2008, Windows Server 2008 R2

Tags: , , , , , ,

So this all started when I wanted to enable my wireless adapter. I found the Latest driver(rtl8191se).  But everytime I tried to  install the driver i got this error: “The service section in the inf invalid” . Of course this was driving me crazy…. I spent at least an hour looking through an INF file to see if i could figure out what the problem was.  Anyway long story short see below.

The walkthrough below is not from me. Link

After installing Windows Server 2008 or Windows Server 2008 R2, the wireless adapter or WiFi adapter is not working or functioning. System cannot detect or see any wireless networks with no wireless networks available error message, and system cannot connect to Internet or wireless LAN.

To make matter worse, users have installed the proper signed driver for the wireless adapter, either through Windows Update, drivers CD from vendor or download latest and correct driver from OEM or manufacturer’s website. In Device Manager, the wireless or WiFi network adapter is working properly. And, when using Windows Server built-in diagnostics feature to troubleshoot the no wireless connection problem, it indicates that the wireless adapter is either having driver or hardware issue.

The cause of the no wireless connection is that Windows Server 2008 and Windows Server 2008 R2 disables and turns off Wireless LAN service by default, which supports the wireless WLAN Auto Configuration service, and configures WLAN AutoConfig for automatic startup.

In order to turn on Wireless LAN and WLAN AutoConfig service in Windows Server 2008 and Windows Server 2008 R2, go to Server Manager (in Administrator Tools). Go to Features branch and click on Add Features. Click and tick the check box for Wireless LAN Service. Complete the installation wizard to install wireless support.

The Wireless LAN Service configures the WLAN AutoConfig service to start automatically, regardless of whether the computer has any IEEE 802.11 wireless adapters installed. When enabled, WLAN AutoConfig enumerates every wireless network adapter installed on the computer, manages IEEE 802.11 wireless connections, and manages the wireless connection profiles that contain the settings required to configure a wireless client to connect to a wireless network. WLAN AutoConfig allows user to connect to an existing wireless network (data encryption key or network key may be required), change wireless network connection settings, configure a connection to a new wireless network, and specify preferred wireless networks. WLAN AutoCofig also notifies user when new wireless networks are available. When switching wireless networks, WLAN AutoConfig dynamically updates your wireless network adapter settings to match the settings of that new network and a network connection attempt will be made.

No Comments

  • Archives

  • Tags

  • Subscribe

  • Pages

  • More

  • Disclaimer…

    This is my personal weblog. The opinions expressed herein are my own and are not representative of any 3rd party influence. The owner of this blog reserves the right to edit or delete any comments submitted to this blog without notice if they are deemed to be spam, offensive or otherwise inappropriate. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.


    Lastly, I do my best to document my sources if the article is not of my own creation. If I have missed or forgotten to source your work. I would love feedback via the comments section. Thank you.

DreamHost promos
SiteLock