Windows | techdork

Archive for the ‘Windows’ Category

get-eventlog does not display time on out-file

Tuesday, November 26th, 2019

Powershell is fun and yet there are times it can be annoying.

I am doing a refresh as I am looking for a new job. My last one was not script minded.

A simply test was to get use get-eventlog sort by index and time. It did this. Next was to output index, time and source.

get-eventlog -logname Security -newest 50 |select-object -property index,time,source | sort time,index | out-file c:\last.txt

The other two worked. Time did not.

You would think it would be obvious to simply use “time” and well; it isn’t.

You need to use timegenerated or timewritten.

get-eventlog -logname Application -newest 50 |select-object -property index,timegenerated,source | sort index,time

Enable Remote Desktop for Server 2019.

Wednesday, July 31st, 2019

Server 2019 is making it’s appearance and of course we needed to enable Remote Desktop. Things change in time and of course so must Windows. The config option is not in it’s normal place.

I am not making a post at this time and I did find a very good writeup on this….

Posted in 2019, Remote Desktop, Windows | Tagged conf, remote desktop, server 2019 | Leave a comment

Is there a log for RDP connections?

Wednesday, July 31st, 2019

I had a request for a list of people who accessed a terminal server. Basically, an argument over use.

There is a log file which could help in such matters. Bring up Computer Management and drill your way down to it. The path is:

System Tools/Event Viewer/Applications and Services Logs/Microsoft/Windows/TerminalServices-LocalSessionManager

The log you need is called Operational. When you access it, it will be trough the Event Viewer. This is ok for a quick check or simply seeing the last time logged in. More detail would require using the LOG file. Not going to do that at this time as this was a “Quick and Dirty” need. If there is a need for a better report, I will update this….

Posted in 2008, Remote Desktop, Terminal Server, Windows | Tagged login, troubleshooting | Leave a comment

Quick way to get license

Monday, April 15th, 2019

Every once in awhile I get the question of what license was installed on this windows vm?

A simple powershell way is to use:


powershell “(Get-WmiObject -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey”

Posted in 10, PowerShell | Tagged lic, powershel | Leave a comment

Win32_OperatingSystem class missing

Saturday, February 2nd, 2019

We were fortunate to not have an issue for the wannacry ransomware. It was time to make sure this this never happened. We have a script designed to tell us when a system lacked the patching it needed.

While running it on one system; I received a rather peculiar error:

Win32_OperatingSystem class missing

I tried all the usual repairs and and tried to rebuild the WMI repository. Still the error persisted.

The following commands solved this issue:

cd %windir%\system32\wbem
for /f %%s in ('dir /s /b *.mof *.mfl') do mofcomp %%s

Information came from the following Technet entry.

Posted in Malware, PowerShell, Security, Windows | Tagged powershell, troubleshooting, wannacry | Leave a comment

sshd service stopped, exist status 255

Friday, April 20th, 2018

I had one server with an sshd service which would terminate right after starting.

The event log would have the following error:

The description for Event ID 0 from source sshd cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

sshd: PID 9960: `sshd' service stopped, exit status: 255

Not too helpful of a message.

I decided to re-run the setup with an elevated Cygwin terminal.

ssh-host-config

*** Info: Generating missing SSH host keys
*** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
*** Info: Creating default /etc/ssh_config file
*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
*** Info: Creating default /etc/sshd_config file

*** Info: StrictModes is set to 'yes' by default.
*** Info: This is the recommended setting, but it requires that the POSIX
*** Info: permissions of the user's home directory, the user's .ssh
*** Info: directory, and the user's ssh key files are tight so that
*** Info: only the user has write permissions.
*** Info: On the other hand, StrictModes don't work well with default
*** Info: Windows permissions of a home directory mounted with the
*** Info: 'noacl' option, and they don't work at all if the home
*** Info: directory is on a FAT or FAT32 partition.
*** Query: Should StrictModes be used? (yes/no) yes

*** Info: Privilege separation is set to 'sandbox' by default since
*** Info: OpenSSH 6.1. This is unsupported by Cygwin and has to be set
*** Info: to 'yes' or 'no'.
*** Info: However, using privilege separation requires a non-privileged account
*** Info: called 'sshd'.
*** Info: For more info on privilege separation read /usr/share/doc/openssh/README.privsep.
*** Query: Should privilege separation be used? (yes/no) yes
*** Info: Note that creating a new user requires that the current account have
*** Info: Administrator privileges. Should this script attempt to create a
*** Query: new local account 'sshd'? (yes/no) no
*** ERROR: Couldn't create user 'sshd'!
*** ERROR: Privilege separation set to 'no' again!
*** ERROR: Check your /etc/sshd_config file!
*** Info: Updating /etc/sshd_config file

*** Info: Sshd service is already installed.




*** Warning: Host configuration exited with 1 errors or warnings!
*** Warning: Make sure that all problems reported are fixed,
*** Warning: then re-run ssh-host-config.

After that. The service stayed up.

Make sure you verify the access. This particular server had sshd configured for one login and of course I didn’t have the password.

Posted in 10, Cygwin, Windows | Tagged cygwin, sshd, Windows 10 | Leave a comment

Skip first line with import-csv

Friday, October 20th, 2017

I have a data file which generates with a header line. I have check script which uses the file and I wanted to skip it but I am using a foreach loop and did not want to add an if/then.

The problem line:

Import-Csv $file -header("fullname","email", "notification","version") foreach {

I remembered the select -first option and I wondered if there was a skip option?

I made a quick change and added a pipe with select -skip 1

Import-Csv $file -header("fullname","email", "notification","version") | select -skip 1 | foreach {

Tested the script and sure enough the first line was skipped.

Posted in PowerShell, troubleshooting | Tagged import-csv, powershell, scripting | Leave a comment

Telephone activation is no longer supported

Thursday, April 27th, 2017

I have a secured cluster where there is no Net access. The users had licenses for Office 2013 and wanted to use them inside the cluster.

Office likes to activate itself. It tried and gave an error. I restarted Word and it gave the options for Internet and telephone activation. I selected telephone and I selected my location and was rewarded with:

Telephone activation is no longer supported for your product

Oooooookay. No Net and no telephone…….

Luckily this is just a “feature.”

I went through the telephone process and activated the installation. The only problem now are templates which appear to be downloaded from the Net. But, I will take care of that if they complain.

Posted in 2012, troubleshooting | Tagged Office 2013, Windows | Leave a comment

Failed to download this file. Error code 0x800C0008

Friday, January 6th, 2017

One of our services gave an odd error. External user would attempt to access it and they would get an error about a configuration file not downloading.

The part of the error message that interested me was:

Failed to download this file. Error code 0x800C0008

What was odd was the service worked inside the firewall.

I thought it was browser related and checked the Net.

I tried the suggested registry change:

Start Registry Editor.
For a per-user setting, locate the following registry key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

For a per-computer setting, locate the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
On the Edit menu, click Add Value, and then add the following value:
“BypassSSLNoCacheCheck“=Dword:00000001
Exit Registry Editor.

This did not need a reboot and the change worked.

To add more “oddness” the service started working before the affected users made the change.

Hmmmmmm? Network people or Security people?

Posted in 2008, Internet Explorer, Windows | Tagged Security, Troubleshoot, Windows | Leave a comment

Mouse selecting many things

Wednesday, January 4th, 2017

Minor odd issue. For some reason my mouse was selecting all virtual machines in XenCenter.

Problem was simply a stuck shift key. Banged it a couple times and the problem went away.

Posted in Windows | Tagged mouse, Troubleshoot | Leave a comment