Clients were not able to download windows update. In the Windowsupdate.log, following entries were found
# WARNING: Download failed, error = 0x80244019
http://192.168.1.15:8530/Content/35/A49C2828A8DA7AC1B2F9F337D18E7D628C71F635.cab, local path = C:\Windows\SoftwareDistribution\Download\0135d679f6dc8ae16fb2353ef1ec1c4f\windows6.1-kb3177186-x64-express.cab
2016-09-14 14:22:35:785 956 860 DnldMgr Error 0x80244019 occurred while downloading update; notifying dependent calls.
Upon investigation, download directory was not right. Opening IIS Manager ->Sites->WSUS Administration->Content->Managed Virtual Directory->Advanced Settings->Physical Path was pointing to the wrong folder. After correcting the folder path, clients were able to download the updates.
**This was a replacement WSUS server that I stood up in preparation for windows 10 clients. Somehow during the configuration, it pointed to wrong wsuscontent folder location.
Wednesday, September 14, 2016
Friday, September 2, 2016
Powershell - Get GUID of installed program
Get a GUID of a installed program and Uninstall string or path of installed software programs
Get-WmiObject -Class Win32_Product -ComputerName . | Where-Object -FilterScript {$_.Name -like "Java 8 Update*"} | Format-List -Property *
Get-WmiObject -Class Win32_Product -ComputerName . | Where-Object -FilterScript {$_.Name -like "Java 8 Update*"} | Format-List -Property *
Thursday, September 1, 2016
MSS Groupp Policy Settings
As per the new RMF directive, we are to follow the DISA STIG benchmark for Windows 7 and Windows Server 2012 R2. Although we will have months to go, I have started looking at implementing the security controls. "MSS" Group Policy are missing.
The "MSS" Group Policy settings are not and never have been included with a default, out-of-the-box installation of Active Directory. They were an add-on developed by a consulting group out in the field, and the settings were deemed so useful that they were included with the "Solution Accelerator" known as Security Compliance Manager. (It's been known under various similar names previously, such as "Windows 7 Security Compliance Management Toolkit.")
The problem is, the Security Compliance Manager comes with a whole bunch of junk that you do not want, such as a SQL Express instance. Junk that you really do not want to install on a domain controller. You only want to extract from it just the piece that you want, which is the "LocalGPO.msi" package.
Download the Security Compliance Manager installation. Run it on your server.Run the .exe, but do not continue with the installation. The installer deflates some files into a temp directory on the hard drive, such as
Windows 7 and Windows Server 2012 R2
Install LocalGPO.msi on your server. Then launch the new "LocalGPO Command-line" shortcut that you will find in your Start Screen. Run it as Administrator. Type
Windows Server 2012 R2
The version that is hosted on this Microsoft blog written by Aaron Margosis contains a download link to a version of the MSS Extension that works for me with 2012 R2 with no 'hacking' required. That's a link to a zip file. Inside the zip file, you will see a directory named 'Local_Script'. Inside that folder, you will find a subfolder named 'MSS_Extension'. Simply transfer that MSS_Extension directory to your 2012 R2 domain controller. Then open a command prompt and browse to that directory. Then run:
The "MSS" Group Policy settings are not and never have been included with a default, out-of-the-box installation of Active Directory. They were an add-on developed by a consulting group out in the field, and the settings were deemed so useful that they were included with the "Solution Accelerator" known as Security Compliance Manager. (It's been known under various similar names previously, such as "Windows 7 Security Compliance Management Toolkit.")
The problem is, the Security Compliance Manager comes with a whole bunch of junk that you do not want, such as a SQL Express instance. Junk that you really do not want to install on a domain controller. You only want to extract from it just the piece that you want, which is the "LocalGPO.msi" package.
Download the Security Compliance Manager installation. Run it on your server.Run the .exe, but do not continue with the installation. The installer deflates some files into a temp directory on the hard drive, such as
C:\a1b2c3d4e5f6a0b1c2 or D:\a1b2c3d4e5f6a0b1c2. In that directory you will find a data.cab file. Open that file, and extract the file named GPOMSI and rename that file to LocalGPO.msi. Now cancel the SCM installer and it will delete the temp files.Windows 7 and Windows Server 2012 R2
Install LocalGPO.msi on your server. Then launch the new "LocalGPO Command-line" shortcut that you will find in your Start Screen. Run it as Administrator. Type
cscript LocalGPO.wsf /ConfigSCE.Windows Server 2012 R2
The version that is hosted on this Microsoft blog written by Aaron Margosis contains a download link to a version of the MSS Extension that works for me with 2012 R2 with no 'hacking' required. That's a link to a zip file. Inside the zip file, you will see a directory named 'Local_Script'. Inside that folder, you will find a subfolder named 'MSS_Extension'. Simply transfer that MSS_Extension directory to your 2012 R2 domain controller. Then open a command prompt and browse to that directory. Then run:
Cscript LocalGPO.wsf /ConfigSCEAdvanced XML Filering in the Windows Event Viewer
I was trying to filter events on DC to check for NTLM & kerberos authentication. There are limitations using basic filtering.
I can use XML filtering and Custom Views.Custom Views using XML filtering are a powerful way to drill through event logs and only display the information you need. With Custom Views, you can filter on data in the event. To create a Custom View based on the username, right click Custom Views in the Event Viewer and choose Create Custom View.
Click the XML Tab, and check Edit query manually. Click ok to the warning popup. In this window, you can type an XML query. For this example, we want to filter by AuthenticationPackageName, so the XML query is:
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[EventData[Data[@Name="AuthenticationPackageName"] = "NTLM"] and System[(EventID=4624)]]</Select>
</Query>
</QueryList>
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[EventData[Data[@Name="AuthenticationPackageName"] = "Kerberos"] and System[(EventID=4624)]]</Select>
</Query>
</QueryList>
I can use XML filtering and Custom Views.Custom Views using XML filtering are a powerful way to drill through event logs and only display the information you need. With Custom Views, you can filter on data in the event. To create a Custom View based on the username, right click Custom Views in the Event Viewer and choose Create Custom View.
Click the XML Tab, and check Edit query manually. Click ok to the warning popup. In this window, you can type an XML query. For this example, we want to filter by AuthenticationPackageName, so the XML query is:
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[EventData[Data[@Name="AuthenticationPackageName"] = "NTLM"] and System[(EventID=4624)]]</Select>
</Query>
</QueryList>
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[EventData[Data[@Name="AuthenticationPackageName"] = "Kerberos"] and System[(EventID=4624)]]</Select>
</Query>
</QueryList>
Subscribe to:
Posts (Atom)