September 18th, 2019 | Tags:

https://gallery.technet.microsoft.com/Windows-Backup-wbadmin-2014479e

September 18th, 2019 | Tags:

Block 1: Connect to the WSUS server and set the configuration.
We are first going to set the property “Download update files to this server only when updates are appoved”, turn off all update languages, and then set the only update language to English. At the end, this would all be pointless if we didn’t commit our changes with .Save.

Of course there are a lot more things you can do, just let intellisense go to work for you.

$wsus = Get-WSUSServer -Name wsus.domain.local -PortNumber 8530
$wsusConfig = $wsus.GetConfiguration()
$wsusConfig.DownloadUpdateBinariesAsNeeded = $True
$wsusConfig.AllUpdateLanguagesEnabled = $false
$wsusConfig.SetEnabledUpdateLanguages("en")
$wsusConfig.Save()

Block 2: Verifying an Auto-Approval rule is set and enabled.
In this example, we are simply going to check and see if “My Approval Rule” is created, and enabled. Read more…

September 18th, 2019 | Tags:

This script will look for GPOs which have no settings at all and delete them.

Import-Module GroupPolicy
$GPOs = Get-GPO -All
foreach ($GPO in $GPOs)
{
if (($GPO.Computer.DSVersion -eq 0) -and ($GPO.User.DSVersion -eq 0)) {
    write-host $GPO.DisplayName is an empty GPO.
    $GPO.DisplayName | Remove-GPO
    }
}
September 18th, 2019 | Tags:

These policies generally are meant for just computer or user settings. This script will disable the empty settings (for example, if a GPO has only computer setttings, it will disable user settings). This is important as it does speed up performance by not having to process empty policies.

Import-Module GroupPolicy
$GPOs = Get-GPO -All
foreach ($GPO in $GPOs)
{
if (($GPO.Computer.DSVersion -eq 0) -and ($GPO.GpoStatus -ne "ComputerSettingsDisabled")) {
    write-host $GPO.DisplayName has no computer settings and not disabled.  Disabling...
    $GPO.GpoStatus="ComputerSettingsDisabled"
    }
 
if (($GPO.User.DSVersion -eq 0) -and ($GPO.GpoStatus -ne "UserSettingsDisabled")) {
    write-host $GPO.DisplayName has no user settings and not disabled.  Disabling...
    $GPO.GpoStatus="UserSettingsDisabled"
    }
}
September 18th, 2019 | Tags: , ,

Unlinked GPOs are just simply policies that aren’t applied to any OU or site. These policies aren’t

$BackupPath="C:\temp\GPOBackups"
Get-GPO -All | Sort-Object displayname | 
Where-Object { If ( $_ | Get-GPOReport -ReportType XML | 
Select-String -NotMatch "<LinksTo>" )
{
Backup-GPO -name $_.DisplayName -path $BackupPath
$_.DisplayName | Out-File $BackupPath\unlinked.txt -Append
#Outputting the results to the screen
$_.Displayname | Select-Object DisplayName
#Uncomment this when you're ready to delete all the ones the script finds..
# $_.Displayname | remove-gpo
}
}
September 18th, 2019 | Tags:

System Environment

Read more…

September 17th, 2019 | Tags:

A very simple fix can take care of this issue. In this repro, the following applies:

  • I have a rule by GPO scoped to allow RDP to all systems from any IP. This is administrator defined, and cannot be changed.
  • Only the IP 192.168.1.36 will be able to access 192.168.1.39 with RDP
  • No other ports or connectivity will be affected

Read more…

September 5th, 2019 | Tags:

Mound the VHD,将 C:/Windows/System32/osk.exe 做个备份;
将同路径下的cmd.exe重命名为osk.exe;
重启,进入Windows登录界面,选择辅助功能,开启屏幕小键盘;
此时弹出来的是命令提示符,我们新增一个用户,输入
net user 用户名 密码 /add
再将刚才新增的用户添加到管理员组
net localgroup administrators 用户名 /add
重启,使用刚才新增的管理员账户登录吧。

August 15th, 2019 | Tags:

【起因】

zabbix 由于监控条目过多,模板套用不当导致历史数据过大, 因此导致磁盘空间暴涨, 现在准备清理数据库。
Read more…

August 15th, 2019 | Tags:

特别提醒:

a、文中测试的Zabbix版本为 3.0.3 。

b、清理数据属于高危操作,请在测试环境中验证后再执行线上操作!!!

 
Read more…