Thursday, 28 June 2018

Desktop Wallpaper Group Policy doesn't work for Win 10 clients: workaround

 
Windows 10 does funky things with wallpapers. It likes to make a cached copy in  %appdata%\roaming\microsoft\windows\themes\cachedfiles
and it will sometimes make a copy under  %AppData%\roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg as well.
 
There is different behavior on Windows 7 and Windows 10 on desktop wallpaper. In Windows 7, when we log into the system, the cached wallpaper file will re-generated automatically.

But in Windows 10, if the wallpaper path didn’t change, the cached wallpaper will not re-generate.

After I deleted below file and log off/log on I can see the desktop wallpaper automatically changed on Windows 10.
 
%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
So I applied this deletion operation to the domain controller as a log off  script, the script which is as below.
I created a .bat file and the content is:
del %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
 


Replication to all domains

Replicate to all domains via command prompt:
repadmin /syncall /AePD

Quickly replicate to Azure AD via Azure ADConnect using PowerShell from Azure AD Connect server (if you have hybrid mode)
Start-ADSyncSyncCycle
  
via Replmon GUI:
 
 
 
 
 

 

Wednesday, 14 June 2017

System Drive running out of disk space due to installer folder

Symptom: 
Environment :

Server 2012 R2.
Test Environment for application
Problem :
almost out of disk space (C Drive). Out of 60 GB only 3GB is left. This occurs after routine Microsoft patching cycle completes. After checking the folder size we noticed that Windows Installer hidden folder utilizes over 22GB of files and WinSxS utilizes over 8GB of files. Is it advised to move 'Installer' folder to another shared location and then create a shortcut to run "mklink /D C:\Windows\Installer D:\C_DRIVE\Windows\Installer" or is there any other alternative method we need to consider to clean up the disk space.
you need to resolve this issue

Cause: 
Normal behavior


Resolution:
Creating link path into installer folder is last option 
Note : Not recommended, nor supported deleting files from this directory.
Windows Installer Cache, located in c:\windows\installer folder, is used to store important files for applications installed using the Windows Installer technology and should not be deleted. If the installer cache has been compromised, you may not immediately see problems until you perform an action such as uninstall, repair, or update on a product.

More information : 

Windows/installer folder may contain Orphaned Patches, but the tricky job how to identify the registered or not patch.
During the research I have found a script might help us, please check :

From another side please apply this update on the system and reboot “update MSI.DLL :

Additionally, thought to share this with you if applicable. The value of the MaxPatchCacheSize under HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer policy is the maximum percentage of disk space that the installer can use for the cache of old files

More information :
and 

There is no limitation as to how many files that we could store in the windows folders. The content in the folder c:\windows\Installer are added by the msi based installations. When they are planning to install so many applications that would lay down 7000 files, they would want to consider the space and the other performance issues as well

Therefore last efforts if above did not resolve the issue :
 1. Increase C: volume size ( if possible) (recommended action).
 2.  Workaround : (prefer to apply on test environment within the installed application).

Copy using Windows explorer C:\Windows\Installer to another disk, e.g., D:\C_DRIVE\Windows\Installer
Make a backup copy of C:\Windows\Installer

Type the following commands in a cmd.exe window running as Administrator:
rmdir /s /q C:\Windows\Installer
mklink /D C:\Windows\Installer D:\C_DRIVE\Windows\Installer


Force Active Directory replication on a domain controller

Force Active Directory replication on a domain controller

In order to force Active Directory replication, issue the command 'repadmin /syncall /AeD' on the domain controller.  Run this command on the domain controller in which you wish to update the Active Directory database for.  For example if DC2 is out of Sync, run the command on DC2.

A = All Partitions
e = Enterprise (Cross Site)
D = Identify servers by distinguished name in messages.

By default this does a pull replication - which is how AD works by default.  If you want to do a push replication use the following command:

repadmin /syncall /APeD

P = Push

You want to do a push replication if you make changes on a DC and you want to replicate those changes to all other DC's.  For example, you make a change on DC1 and you want all other changes to get that change instantly, run repadmin /syncall /APeD on DC1.

Active Directory Replication Monitor (replmon) tool can be also used to sync across all domains
- synchronize each directory partition with all servers >> push mode and cross site boundaries.

note: gpupdate /force updates the group policies

Can't send an email message when Full Access permission is granted to a shared mailbox in Exchange Server

Can't send an email message when Full Access permission is granted
Sent on behalf email bounce back with message "This message could not be sent. Try sending the message again later, or contact your network administrator. You do not have the permission to send the message on behalf of the specified user. Error is [0x80070005-0x0004dc-0x000524]"
Solution:
Seems this has to undergo cleanup activity from Caching folder

Method 1
Configure the shared mailbox as an additional account. To do this, follow these steps:
  1. On the File menu, click Info.
  2. Click Account Settings, and then click Account Settings.
  3. Select your account, and then click Change.
  4. In the Change Account dialog box, click More Settings.
  5. On the Advanced tab, click Add.
  6. Enter the name of the mailbox, and then click OK.

    After you make this change, the additional mailbox is listed on the Advanced tab in the Microsoft Exchange dialog box.
  7. In the Microsoft Exchange dialog box, click OK.
  8. In the Change Account dialog box, click Next.
  9. Click Finish, and then click Close.
Method 2:
Caching Folder

follow steps 1 to 6 to get advanced tab and click outlook data file settings

Copy the cache patch (C:\Users\??enterloggedinusername\AppData\Local\Microsoft\Outlook\ and remove the .ost and also delete files from 'Offline Address Books' folder.
We were able to send message without any hassles after this corrective approach.

List all SIDs

need to run this using admin privileges via windows PowerShell cmd

Get-ADUser -Filter * -SearchBase "ou=Sales,ou=West,dc=MyDomain,dc=com" |  Select sAMAccountName, SID

ex: Get-ADUser -Filter * -SearchBase "ou=users,ou=department,dc=yourdomain,dc=com" |  Select sAMAccountName, SID

How to send Node to Node Message in Windows 7 Connected Nodes

by default this feature has been deprecated in Windows 7
however, a domain admin with domain privileges can do so from command prompt

syntax:

msg /server:L1411004 console testmsg

where L1411004 is the hostname and testmsg is the actual message

If you encounter the following error message:-

- troubleshooting error: "Error 5 getting session names" then,
- Error 1722 getting session names

On the machine that you cannot message to:
Use regedit to navigate to: (this access destination hostname via Admin mode from source machine from registry console itself. this again requires admin privileges. Type regedit from cmd prompt. Then Click File >> Connect Network Registry

















error connecting network registry pop-up usually appears when the destination windows firewall is activated and blocks all incoming connections. try to figure out this by allowing icmp ports. also, make sure remote registry services are running on either hosts.

and then change the destination registry settings AllowRemoteRPC value data from 0 to 1 base hexadecimal

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

Then change the following value:

Name : AllowRemoteRPC
Type : REG_DWORD
Value : 1