Posted on

Windows GPO

Remove Apps from Start:
https://social.technet.microsoft.com/Forums/en-US/b694628c-0f34-419c-873c-8c5163a5261a/how-do-i-remove-all-programs-from-appearing-in-start-menu?forum=windowssteadystate

Change registry via reg file via GPO:
https://blogs.technet.microsoft.com/askds/2007/08/14/deploying-custom-registry-changes-through-group-policy/

Lock screen timeout:
Computer Conifg>Policies>Windows Settings>Security Settings>Local Policies>Security Options and find Interactive logon: Machine inactivity limit

Screen saver config:
User Config.>Admin. Templates>Control Panel>Persomalization
Enable screen saver
Prevent changing screen saver
Password protect the screen saver
Screen saver timeout
Force specific screen saver

https://community.spiceworks.com/topic/1416384-gpo-to-lock-the-computer-after-10-minutes-of-inactivity

 

Disable user confirmation while shadowing user’s session:

Local Group Policy – Administrative Templates – Windows Components – Remote Desktop Services – Remote Desktop Session Host – Connections

Chose – Set rules for remote control of Remote Desktop Services users sessions

https://community.spiceworks.com/topic/478662-rdp-disable-the-please-wait-for-user-to-respond-prompt

 

Enable or disable displaying file extensions (Active Directory only):

https://www.dtonias.com/show-hide-extensions-for-known-file-types/123

User Configuration – Preferences – Control Panel Settings – Folder Options
Here, right-click Folder Option and then click Folder Options (At least Windows Vista) in the New menu.
In the folder settings window that opens, uncheck Hide extensions for known file types on the Advanced tab. Click OK to save the Group Policy setting and then apply it through the Group Policy Management Console.

 

Allow user to log in locally:

Policy/Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc785165(v=ws.10)

Folder Redirection HowTo:
https://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/

Posted on

Manage LSI RAID controller, installed on server running ESXi, in Windows

For example, we want to monitor MEGARAID SAS 9341-4I:

LSI Software:
https://www.broadcom.com/products/storage/raid-controllers/megaraid-sas-9341-4i#downloads

On ESXi:
– Download VMware Driver – usually from VMware site
– Download SMIS Provider
– Enter Maintenance Mode
– Set Host Image Profile Acceptance Level to Community in Security configuration.
– Install driver: esxcli software vib install -v /vmfs/volumes/VOLUME-NAME/DRV-DIR-NAME/DRV-NAME.vib –no-sig-check
– Reboot.
– Install SIMS Provider: esxcli software vib install -v /vmfs/volumes/VOLUME-NAME/DRV-DIR-NAME/SIMS-NAME.vib –no-sig-check
– Reboot.
– Check everything installed fine: esxcli software vib list | grep -i lsi
– Check LSI RAID appeared Health Status in vSphere Client or Web Client.
– Exit Maintenance Mode.
– Check CIM Server started in Security Profile. Also check its startup policy.
– Check CIM Server port.
– Check or set host name in DNS And Routing.

On Windows:
– Download and install Latest MegaRAID Storage Manager (MSM)
– Configure ESXi server’s A record in DNS or write it to hosts file.
– Start MSM and set “Display all the ESXi-CIMOM…” in Configure Host.
– Enter ESXi server’s IP and start discovery.

Troubleshooting:
– ping ESXi host to be sure it is available in network
– download SLP Helper utility and set ESXi host’s IP in slp_helper.php

HOWTOs:
https://habrahabr.ru/company/simnetworks/blog/241605/
https://pyatilistnik.org/kak-ustanovit-megaraid-smis-providers-na-vmware-esxi-5-5/
https://bogachev.biz/2015/09/08/Установка-MegaRAID-SMIS-Providers-на-VMware-ESXi-5-5/
https://serenity-networks.com/how-to-install-lsi-megaraid-storage-manager-msm-on-vmware-esxi-5-5/

Troubleshooting:
“Unable to connect to CIMOM server” in MSM

Posted on

Local admin in domain network & Add custom limited rights to admin in domain

Local admin in domain network:
GPO:
Computer configuration – Windows settings – Security settings – Restricted groups – Add Group  – Choose group with admins – Add “Administrators” in “this group is a member of” field.

https://zona.su/2009/01/restricted-groups-remote-desktop.html
https://windowsnotes.ru/windows-server-2008/dobavlyaem-domennyx-polzovatelej-v-lokalnuyu-gruppu-bezopasnosti/

Было бы весело понять как предоставлять админа на каких-то конкретных серверах или рабочих станциях. Или их группах. Т.е. этот юзер – админ на сервере 1 и группе компов А, а вот тот – на серверах 2,3 и 4 и группе компов Б.

Add custom limited rights to admin in domain

Базово:
Идем в AD – Users and Computers
Щелкаем правой по домену (или по отдельной OU, если надо только OU  дать админить).
Delegate control
Выбираем группу или пользователя
Задаем нужные права
Posted on

If “Send to” menu item disappeared

Copy %userprofile%\AppData\Roaming\Microsoft\Windows\SendTo from the user’s profile that hasn’t disappeared.
Or restore Send To folder default contents:

Open install.wim from “sources” folder of install .iso
Copy 3\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\ to %userprofile%\AppData\Roaming\Microsoft\Windows\SendTo of user thar has Send To item disappeared.

Posted on

Useful CMD commands in Windows + .BAT files context

Find out motherboard details:

wmic baseboard get product,Manufacturer,version,serialnumber

https://x-flame.ru/kak-uznat-model-materinskoj-platy-cherez-cmd/

Visible WiFi networks details:

netsh wlan show networks mode=bssid

Start program with parameters from .bat file :<

start "" "c:\program files\Microsoft Virtual PC\Virtual PC.exe" -pc MY-PC -launch
In other words, give it an empty title before the name of the program to fake it out.

https://stackoverflow.com/questions/154075/using-the-start-command-with-parameters-passed-to-the-started-program

Save output to file:

command.name > fileName.txt

Remove text from file:

findstr /v /i /L /c:"Mabrur" text.txt >out.txt

/v means “lines that do not contain
/i means “case-insensitive”.
*all lines containing the /L literal string Mabrur, whether it is as product or some other column, or is part of a longer string will be excluded.

https://stackoverflow.com/questions/49569889/how-to-delete-some-line-from-txt-file-using-batch

Posted on

Disable beep Windows 8/8.1/10/2012

net stop beep
sc config beep start= disabled

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Beep

Start = 0x00000000
HKEY_CURRENT_USER\Control Panel\Sound
beep = no
Posted on

Windows Update 80070003 error, if Server 2012 R2 do not want to update

net stop wuauserv

DISM /Online /Cleanup-Image /RestoreHealth

If there is an error ” The source files could not be downloaded”:

gpedit.msc

Computer Configuration > Administrative Templates > System

Specify settings for optional component installation and component repair setting

Contact Windows Update directly to download repair content instead of Windows Server Update Service (WSUS).

or

DISM /Online /Cleanup-Image /RestoreHealth /source:WIM:X:\Sources\Install.wim:1 /LimitAccess Where “X” is the drive letter where the ISO is located. Simply change the “X” to the correct drive letter

 

sfc /scannow

shutdown /r /f

 

https://www.thewindowsclub.com/dism-fails-source-files-could-not-be-found

https://support.microsoft.com/ru-ru/help/947821/fix-windows-update-errors-by-using-the-dism-or-system-update-readiness