Skip to main content

Posts

Showing posts from July, 2015

Task Scheduler Run with Highest Privileges

Ticking the box on task scheduler to run the task with highest privileges is like running the script or task at an elevated command prompt. Some task like disabling network interface card, will need to set the task at highest privilege. So if you want to automate or set a task scheduler disabling and enabling a network interface card this type of task will need to set the scheduler to run with highest privileges. How to know whether you need to tick or run with highest privileges? If the batch file or script runs normally at a command prompt but if you set at task scheduler it does not work as expected and the result is 0X1. Then try to set the scheduler to run at highest privileges. If still does not work,then could be some other issues which need Google time..LOL..you need to troubleshoot and check whether commands that you set on the script or batch file can be automated. ---------------------------------- Free Android app, download at Google play: Android Divin

Get SID of the currently logon user

How to quickly get SID  (security identifier) of the currently logon user via command line? In windows 7 or Windows 8 its quite easy to get the SID of the currently logon user. The command does not even require an elevated command prompt. Just open a command prompt and type this command:       whoami /all Sample output will be like this: User Name                       SID ================== ============================================ my-pc\dusername007      S-1-5-81-8841277008-196834560-851378809-7010 The SID, the computer name and the user name will be displayed. In a domain environment, to get the FQDN for the currently logon user type this command:     whoami /fqdn Cheers..Just a quick tips.. Hope it helps..

How to add criteria in Active Directory Administrative Center

Active Directory Administrative Center is a great tool for System Administrator to manage large Active Directory. ADAC also provides some criteria when searching. Add criteria is not shown by default. So if you are new to ADAC it is just a single click to show the add criteria option. See screen shot below on how to make it visible: From the ADAC also you will be able to find Windows Powershell history, which you can modify and use it to automate some process. To dig further see Technet link below: https://technet.microsoft.com/en-us/library/dd560661%28v=ws.10%29.aspx Linux Android App cheat sheet: https://play.google.com/store/apps/details?id=com.LinuxMobileKit

Get members of Global Security Group via command line

How to list Active Directory security group members? How to query AD security group members? List the global security group members and its logon username in Active Directory  using command line. Using dsquery from command line you can get all the security group members and redirect the output to a text file. If setting a fine grained password policy in Windows 2012, you will need to set a global security group and apply the PSO or password setting object to the global security group. This command below will come handy to list the users or members in which the PSO is being applied. It can also be used to pipe the list of members and set whatever settings that need to be set like all users on the group must change password at next logon. To use this command must login on the DC or a computer with RSAT and pipe the command to PowerShell using Invoke-Command. dsquery group DC= Domain_Name ,DC= loc al -name PSO_GlobalSecurity_Group |  dsget group -members To redirect

Find inactive users and computers in Active Directory

A simple command to get a list of inactive users and computers in Active Directory . It's quick and easy to get the list of inactive users and computers, but you need to run this on the server. This command below will list all inactive users which has been inactive for about 30 days or more. dsquery user -inactive 30 This command below will list all inactive computers which has been inactive for about 30 days or more. dsquery computer -inactive 30 Replace the number "30" for any number of days. It's a good practice to disable accounts not in use to reduce the footprint of security risk. If you are 100% sure that the account will not be needed anymore, better remove the account from Active Directory rather than disabling it. Or if you love history or not sure about deleting the account, then just disable it. The command can be tweak and run on PowerShell if you need to do it remotely. Any tips about quick and

PowerShell get DHCP enabled NIC

How to get NICs with DHCP enabled? A one liner code to get DHCP network interfaces card and its IP Address settings.   Get-WmiObject win32_networkadapterconfiguration | where {$_.DHCPEnabled -eq “True”} To save a few more bytes used this code: gwmi win32_networkadapterconfiguration | ? {$_.DHCPEnabled -eq “True”} A quick and easy way to get DHCP enabled NICs with the help of PowerShell. Sample output: DHCPEnabled       : True IPAddress         : {192.168.11.50} DefaultIPGateway : {192.168.11.254} DNSDomain         : CiscoFW_01 ServiceName       : e1cexpress Description       : Intel(R) 82579LM Gigabit Network Connection Index             : 7 DHCPEnabled       : True IPAddress         : DefaultIPGateway : DNSDomain         : ServiceName       : BthPan Description       : Bluetooth Device (Personal Area Network) Index             : 22 DHCPEnabled       : True IPAddress         : DefaultIPGateway : DNSDomain         :