I had an issue where Microsoft had issued a TS license pack key that had way too many licenses in it versus what was actually purchased through the CSP portal and I needed to remove some additional per user RDS licenses.

I had mixed results when trying to remove, and a lot of the information on the web I found was mainly for device CALS and not the user ones i needed to remove.

In the end I found a way to remove RDS CALS on Server 2016 (this will work on other server os’ too)

This command below displays the licensing info:

PS C:\Windows\system32> Get-WmiObject Win32_TSLicenseKeyPack|Select KeyPackId, ProductVersion, TotalLicenses, TypeAndModel|Format-List

KeyPackId      : 2

ProductVersion : Windows 2000 Server

TotalLicenses  : 4294967295

TypeAndModel   : Built-in TS Per Device CAL

KeyPackId      : 3

ProductVersion : Windows Server 2016

TotalLicenses  : 5

TypeAndModel   : RDS Per User CAL

KeyPackId      : 4

ProductVersion : Windows Server 2016

TotalLicenses  : 500

TypeAndModel   : RDS Per User CAL

This command below is what actually removes 495 licenses from keypack 4 ID

Invoke-WmiMethod -Class Win32_TSLicenseKeyPack -Name RemoveLicensesWithIdCount -ArgumentList 4,495

__GENUS          : 2

__CLASS          : __PARAMETERS

__SUPERCLASS     :

__DYNASTY        : __PARAMETERS

__RELPATH        :

__PROPERTY_COUNT : 1

__DERIVATION     : {}

__SERVER         :

__NAMESPACE      :

__PATH           :

ReturnValue      : 0

PSComputerName   :

Re-run the command to check and confirm the licenses have been removed from the targetted keypack ID.

Get-WmiObject Win32_TSLicenseKeyPack|Select KeyPackId, ProductVersion, TotalLicenses, TypeAndModel|Format-List

KeyPackId      : 2

ProductVersion : Windows 2000 Server

TotalLicenses  : 4294967295

TypeAndModel   : Built-in TS Per Device CAL

KeyPackId      : 3

ProductVersion : Windows Server 2016

TotalLicenses  : 5

TypeAndModel   : RDS Per User CAL

KeyPackId      : 4

ProductVersion : Windows Server 2016

TotalLicenses  : 5

TypeAndModel   : RDS Per User CAL

Internet Explorer Autocomplete / Form suggestion keys

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete]
“Append Completion”=”no”
“AutoSuggest”=”no”

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Use FormSuggest”=”no”
“FormSuggest PW Ask”=”no”

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete]
“Append Completion”=”no”
“AutoSuggest”=”no”

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
“Use FormSuggest”=”no”
“FormSuggest PW Ask”=”no”

[HKEY_LOCAL_MACHINE\Software\\Policies\Microsoft\Internet Explorer\Control Panel]
“FormSuggest”=dword:00000000
“Form Suggest Passwords”=dword:00000000

Example XML File which can be used as a template for creating layoutmodification.xml in Windows 10.

I’ve had issues where the extra taskbar code, code was missing when the start layout was exported using powershell using export-startlayout command. The xml exported but was missing the customised taskbar default pinned items.  The ”  xmlns:taskbar=”http://schemas.microsoft.com/Start/2014/TaskbarLayout doesn’t get exported to the XML and the code under    <taskbar:TaskbarPinList> isn’t included.  In 1607 this worked more out of the box, but 1703 was slightly different.

<?xml version="1.0" encoding="utf-8"?>

<LayoutModificationTemplate

xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"

xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"

xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"

xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"

Version="1">

<DefaultLayoutOverride>

<StartLayoutCollection>

<defaultlayout:StartLayout GroupCellWidth="6">

<start:Group Name="Microsoft Office">

<start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk" />

<start:DesktopApplicationTile Size="2x2" Column="4" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk" />

<start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk" />

<start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk" />

<start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk" />

<start:DesktopApplicationTile Size="2x2" Column="2" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk" />

</start:Group>

<start:Group Name="Windows Apps">

<start:DesktopApplicationTile Size="1x1" Column="4" Row="4" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk" />

<start:DesktopApplicationTile Size="1x1" Column="5" Row="2" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk" />

<start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.WindowsStore_8wekyb3d8bbwe!App" />

<start:Tile Size="2x2" Column="2" Row="2" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />

<start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk" />

<start:DesktopApplicationTile Size="1x1" Column="4" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk" />

<start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />

<start:Tile Size="1x1" Column="4" Row="3" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />

<start:DesktopApplicationTile Size="2x2" Column="2" Row="4" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />

<start:Tile Size="2x2" Column="0" Row="2" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />

<start:DesktopApplicationTile Size="2x2" Column="0" Row="4" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" />

<start:DesktopApplicationTile Size="1x1" Column="5" Row="3" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk" />

</start:Group>

<start:Group Name="Applications">

<start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\SAP Front End\SAP.lnk" />

<start:DesktopApplicationTile Size="1x1" Column="2" Row="1" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\KeePass\KeePass.lnk" />

<start:DesktopApplicationTile Size="1x1" Column="3" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\EPSON Projector\Easy Interactive Tools Ver.4.11.lnk" />

<start:DesktopApplicationTile Size="1x1" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Crestron AirMedia\AirMedia.lnk" />

</start:Group>

</defaultlayout:StartLayout>

</StartLayoutCollection>

</DefaultLayoutOverride>

<CustomTaskbarLayoutCollection PinListPlacement="Replace">

<defaultlayout:TaskbarLayout>

<taskbar:TaskbarPinList>

<taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />

<taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk" />

</taskbar:TaskbarPinList>

</defaultlayout:TaskbarLayout>

</CustomTaskbarLayoutCollection>

</LayoutModificationTemplate>

 

Connect to Exchange Online through Windows PowerShell with administrator credentials (when it prompts for username and password, your username is your email address for office 365/EXO admins). You can make a PS script to connect to exchange online rather than running them individually).

 

Notes: PS needs to be able to run scripts, if you get an error trying to run a command, try running this command first to enable execution of commands from PS:

 

Set-ExecutionPolicy RemoteSigned


Then try connecting using below

 

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session


Get a users mailbox’s current permissions

Once a connection has been established run the following PowerShell command to check users mailbox permission settings:

Get-MailboxPermission -Identity examaple.user1@company.com

(You will see the something similar to below in your PS window showing access rights for users)

 

pic1

 

 

 

Adding access to a another users mailbox

 To add access to another users mailbox you would type the below command, the first email address in the command is the user that you’re granting access to the second users mailbox. So the first user will have access to and when the outlook client is opened next, user 1 would see user 2’s full mail box inside user 1’s outlook client.

Command:

Add-MailboxPermission -Identity example.user1@company.com -User example.user2@company.com -AccessRights FullAccess 

 

 

pic2

 

Once added run the get command again to and check for the username of the user you just granted access to in the list to ensure command completed ok. Once confirmed exit the PS session if you’re finished using EXO by running the following command to close your PS session, otherwise you may use up all your PS sessions and have to wait for them to time out.

 

Remove-PSSession $Session

 

Removing Mailbox access from a user

Occasionaly there may be a request to remove a users access to another mailbox, so for removing we do something similar to what we did above with remove at the start of the command

 

1)      Remove-MailboxPermission -Identity example.user1@company.com -User example.user2@company.com -AccessRights FullAccess

 

 

pic3

 

 

 

 

The client log files for different CM components are located in the %WINDIR%\System32\CCM\Logs folder (x86) or  in %WINDIR%\SysWOW64\CCM\Logs ( x64 OS).

 

The config manager server log files are located in the C:\Program Files (x86)\Microsoft Configuration Manager\Logs or SMS_CCM\Logs folder , these are handy to see what’s happening when trouble shooting pxe deployment issues or to view other logs. I use CM trace or SMS trace to make viewing logs easier.

 

For servers the IIS logs can be found in %WINDIR%\System32\logfiles\W3SVC1

Repair SCCM client remotely

Posted: October 2, 2014 in SCCM, Scripts

 

Description:

This is a basic vbscript called by windows cscript to repair config manager clients. CM Clients can become broken for a number of reasons in enterprise environments. The  script has been tested on 2007 and should work on 2012 too. This script can be easily modified to retrieve hosts from a text file e.g computers.txt if you’re targeting a number of broken clients.

 Usage:

E.g  cscript scriptname.vbs computername

 

'Repair SCCM Client
'------------------------------------------------------------

Option Explicit
On Error Resume Next

Dim sComputer, sSCCMClient

If WScript.Arguments.Count = 0 Then
sComputer = InputBox("Enter computer name to repair")
Else
sComputer = WScript.Arguments(0)
End If

Set sSCCMClient = GetObject("winmgmts://" & sComputer & "/Root/Ccm:SMS_Client")

If Err <> 0 Then
MsgBox "Error:" & "(" & Err.Number & ")" & vbCrLf & Err.Description
Else
sSCCMClient.RepairClient
MsgBox ("Repair started for " & UCase(sComputer))
End If

WScript.Quit

Client ConfigMgr console Properties

%windir%\System32\CCM\SMSCliUI.exe
%windir%\SysWOW64\CCM\SMSCliUI.exe

Run Advertised Program (x64 & x86)

%windir%\System32\CCM\SMSRAP.CPL
%windir%\SysWOW64\CCM\SMSRAP.CPL

Task Sequence Progress Bar (x64 & x86)

%windir%\System32\CCM\TsProgressUI.exe
%windir%\SysWOW64\CCM\TsProgressUI.exe

SMS Agent Host Restart (x64 & x86)

%windir%\System32\CCM\CcmRestart.exe
%windir%\SysWOW64\CCM\CcmRestart.exe

SCCM (ConfigMgr) Client Repair – Command Line/ VB script / Powershell

%windir%\System32\CCM\ccmrepair.exe
%windir%\SysWOW64\CCM\ccmrepair.exe

—-policy.vbs—————-

On Error Resume Next
Dim oCPAppletMgr
Set oCPAppletMgr = CreateObject(“CPApplet.CPAppletMgr”)
Dim oClientActions
Set oClientActions = oCPAppletMgr.GetClientActions()
Dim oClientAction
For Each oClientAction In oClientActions
If oClientAction.Name = “Request & Evaluate Machine Policy” Then oClientAction.PerformAction
End If
Next
———————————————–
Powershell:

————-
Code Snippet

function repairclient([String] $strComputer)
{
$SMSCli = [wmiclass] “\\$strComputer\root\ccm:sms_client
$SMSCli.RepairClient()
}
———————————————–

 

SCCM Command line actions

WMIC is a great tool used to manage wmi from the command line, its been around a while and has been part of windows OS’s since XP. Its handy for a heap of things to manage workstations and retrieve data from systems and the bios.

Combine the power of psexec @ computers.txt list at target endpoints that have disabled or corrupted software distribution agents, and you will be on your way to fixing broken agents and deploying required software.

 

Disable Software-Distribution:
WMIC /namespace:\\root\ccm\policy\machine\requestedconfig path ccm_SoftwareDistributionClientConfig CREATE ComponentName=”Disable SWDist”,Enabled=”false”,LockSettings=”TRUE”,PolicySource=”local”,PolicyVersion=”1.0″ ,SiteSettingsKey

Re-Activate Software-Distribution:

WMIC /namespace:\\root\ccm\policy\machine\requestedconfig path ccm_SoftwareDistributionClientConfig WHERE ComponentName=”Disable SWDist” delete /NOINTERACTIVE

 

Trigger Hardware Inventory:

WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000001}” /NOINTERACTIVE

Trigger Software Inventory

:
WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000002}” /NOINTERACTIVE

Trigger DataDiscoverRecord (DDR) update:
WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000003}” /NOINTERACTIVE

Force a FULL HW Inventory on next HW-Inv Schedule:

WMIC /namespace:\\root\ccm\invagt path inventoryActionStatus where InventoryActionID=”{00000000-0000-0000-0000-000000000001}” DELETE /NOINTERACTIVE

Repair SMS/SCCM Agent on a remote client:
WMIC /node:%MACHINE% /namespace:\\root\ccm path sms_client CALL RepairClient

Repair a list (all clients listed in clients.txt) of remote SMS/SCCM Agents

:
WMIC /node:@clients.txt /namespace:\\root\ccm path sms_client CALL RepairClient

PSTools – PSExec switches and usage

Posted: February 3, 2014 in Apps, Scripts
Tags: ,

 

Syntax

 

Usage: psexec [\\computer[,computer2[,…] | @file]][-u user [-p psswd][-n s][-l]

[-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>]

[-a n,n,…] cmd [arguments]

 

Options

 

-a

Separate processors on which the application can run with commas where 1 is the lowest numbered CPU. For example, to run the application on CPU 2 and CPU 4, enter: “-a 2,4”

-c

Copy the specified program to the remote system for execution. If you omit this option the application must be in the system path on the remote system.

-d

Don’t wait for process to terminate (non-interactive).

-e

Does not load the specified account’s profile.

-f

Copy the specified program even if the file already exists on the remote system.

-i

Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.

-h

If the target system is Vista or higher, has the process run with the account’s elevated token, if available.

-l

Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group).

On Windows Vista the process runs with Low Integrity.

-n

Specifies timeout in seconds connecting to remote computers.

-p

Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password.

Note that the password is transmitted in clear text to the remote system.

-s

Run the remote process in the System account.

-u

Specifies optional user name for login to remote computer.

Specify a valid user name in the Domain\User syntax if the remote process requires access to network resources or to run in a different account.

-v

Copy the specified file only if it has a higher version number or is newer on than the one on the remote system.

-w

Set the working directory of the process (relative to remote computer).

-x

Display the UI on the Winlogon secure desktop (local system only).

-priority

Specifies -low, -belownormal, -abovenormal, -high or -realtime to run the process at a different priority. Use -background to run at low memory and I/O priority on Vista.

computer

Direct PsExec to run the application on the remote computer or computers specified. If you omit the computer name PsExec runs the application on the local system, and if you specify a wildcard (\\*), PsExec runs the command on all computers in the current domain.

@file

PsExec will execute the command on each of the computers listed in the file.

program

Name of application to execute.

You can enclose applications that have spaces in their name with quotation marks e.g. psexec \\weslaptop “c:\long name app.exe”.

arguments

Arguments to pass (note that file paths must be absolute paths on the target system).

1. Autostart folder
   Everything in here will restart.
   C:\windows\start menu\programs\startup {english}
   C:\windows\Menu Démarrer\Programmes\Démarrage {french}
   This Autostart Directory is saved in    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
   Folders Startup=”C:\windows\start menu\programs\startup”
   ‘So it could be easily changed by any program.

2. Win.ini
   [windows]
   load=file.exe
   run=file.exe

3. System.ini [boot]
   Shell=Explorer.exe file.exe

4. c:\windows\winstart.bat
   ‘Note behaves like an usual BAT file. Used for copying deleting specific files. Autostarts
    everytime

5. Registry
   [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
   [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]
   [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
   [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
   [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
   [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
   [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]

6. c:\windows\wininit.ini
   ‘Often Used by Setup-Programs when the file exists it is run ONCE and then is deleted by     windows
    Example: (content of wininit.ini)
    [Rename]
    NUL=c:\windows\picture.exe
    ‘This example sends c:\windows\picture.exe to NUL, which means that it is deleted. This
    requires no interactivity with the user and runs totaly stealth.

7. Autoexec.bat
   Starts everytime at Dos Level.
                                                             
8. Registry Shell Spawning
   [HKEY_CLASSES_ROOT\exefile\shell\open\command] @=”\”%1\” %*”
   [HKEY_CLASSES_ROOT\comfile\shell\open\command] @=”\”%1\” %*”
   [HKEY_CLASSES_ROOT\batfile\shell\open\command] @=”\”%1\” %*”
   [HKEY_CLASSES_ROOT\htafile\Shell\Open\Command] @=”\”%1\” %*”
   [HKEY_CLASSES_ROOT\piffile\shell\open\command] @=”\”%1\” %*”
   [HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command] @=”\”%1\” %*”
   [HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command] @=”\”%1\” %*”
   [HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command] @=”\”%1\” %*”
   [HKEY_LOCAL_MACHINE\Software\CLASSES\htafile\Shell\Open\Command] @=”\”%1\” %*”
   [HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command] @=”\”%1\” %*”
    
   The key should have a value of Value “%1 %*”, if this is changed to “server.exe %1 %*”,
   the server.exe is executed EVERYTIME an exe/pif/com/bat/hta is executed.
   Known as Unkown Starting Method and is currently used by Subseven.

 9. Icq Inet
   [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\test]
   “Path”=”test.exe”
   “Startup”=”c:\\test”
   “Parameters”=””
   “Enable”=”Yes”

   [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\
   This key includes all the APPS which are executed IF ICQNET Detects an Internet Connection.

9. Misc Information
   [HKEY_LOCAL_MACHINE\Software\CLASSES\ShellScrap]
   @=”Scrap object” “NeverShowExt”=””
                                                             
   The NeverShowExt key has the function to HIDE the real extension of the file (here) SHS.
   This means if you rename a file as “Girl.jpg.shs” it displays as “Girl.jpg” in all programs
   including Explorer.
   Your registry should be full of NeverShowExt keys, simply delte the key to get the real
   extension to show up.