Microsoft WSUS Rebuild

To re-install WSUS with a clean database i.e. no previous configuration:

Run Windows Powershell as Administrator and use the following commands:

  • Uninstall-WindowsFeature -Name UpdateServices,Windows-Internal-Database -Restart

 

  • Post restart, delete EVERYTHING in the C:\Windows\WID\ (for Win 2012 r2) folder.

 

  • Then run the following command to re-install WSUS:
    Install-WindowsFeature UpdateServices -Restart

 

This only works on PowerShell 3 or higher.

 

UPDATE
I had to run the postinstallation tasks manually via Powershell using the WID db, if using SQL you need to add in sql_instance=

C:\Program Files\Update Services\Tools\WsusUtil.exe content_dir=”<<dir of update download location>>

 

creds: https://serverfault.com/questions/449914/how-to-completely-wipe-wsus-and-start-again

Windows Printer Communication / Printing Issues

This post is intended to cover a number of printing issues in Windows, I’ll add cases and solutions over time.

Printer was installed and connected via USB but jobs showing in the queue and not printing / cancelling, preventing anything else from printing

  1. Click the [Start Orb]
  2. Type: “services.msc” (without the quotation marks) into the search bar at the bottom of the [Start Menu]
  3. A single result named “services” should appear, [Left Mouse Click] that link to open the Services Admin Console.
  4. Locate the “Print Spooler” service in the list, a healthy print spooler service should look like the image below:
    Inline images 1
  5. If yours is in a “Stopped” state then continue to step 6, otherwise [Right Mouse Click] on the list entry for the service and [Left Mouse Click] “Stop”.
  6. Now open Windows Explorer (My Computer for example), navigate to the following directly and delete all of the files you see in there: C:\Windows\System32\spool\PRINTERS
  7. Back to the “services admin console”,  [Right Mouse Click] on the list entry for the service and [Left Mouse Click] “Start”.
  8. If the service fails to start then note down the error message and let me know.

Night Porter Email (Pyinstaller, PiP etc)

1. Install Python 2.7

2. Install PIP (from http://stackoverflow.com/questions/4750806/how-to-install-pip-on-windows)
Python 2.x and Python ≤ 3.3

Flying in the face of its ‘batteries included’ motto, Python ships without a package manager. To make matters worse, Pip was–until recently–ironically difficult to install.

Official instructions

Per http://www.pip-installer.org/en/latest/installing.html

Download get-pip.py, being careful to save it as a .py file rather than .txt. Then, run it from the command prompt.

python get-pip.py
You possibly need an administrator command prompt to do this. Follow http://technet.microsoft.com/en-us/library/cc947813(v=ws.10).aspx

Alternative instructions

The official documentation tells users to install Pip and each its dependencies from source. That’s tedious for the experienced, and prohibitively difficult for newbies.

For our sake, Christoph Gohlke prepares Windows installers (.msi) for popular Python packages. He builds installers for all Python versions, both 32 and 64 bit. You need to

Install setuptools http://www.lfd.uci.edu/~gohlke/pythonlibs/#setuptools
Install pip http://www.lfd.uci.edu/~gohlke/pythonlibs/#pip
For me, this installed Pip at C:Python27Scriptspip.exe. Find pip.exe on your computer, then add its folder (eg. C:Python27Scripts) to your path (Start / Edit environment variables). Now you should be able to run pip from the command line. Try installing a package:

pip install httpie
There you go (hopefully)! Solutions for common problems are given below:

Proxy problems

If you work in an office, you might be behind a HTTP proxy. If so, set the environment variables http_proxy and https_proxy. Most Python applications (and other free software) respect these. Example syntax:

http://proxy_url:port
http://username:password@proxy_url:port
If you’re really unlucky, your proxy might be a Microsoft NTLM proxy. Free software can’t cope. The only solution is to install a free software friendly proxy that forwards to the nasty proxy. http://cntlm.sourceforge.net/

Unable to find vcvarsall.bat

Python modules can be part written in C or C++. Pip tries to compile from source. If you don’t have a C/C++ compiler installed and configured, you’ll see this cryptic error message.

Error: Unable to find vcvarsall.bat

You can fix that by installing a C++ compiler such as MinGW or Visual C++, but again it’s often easier to check Christoph’s site for your package http://www.lfd.uci.edu/~gohlke/pythonlibs/

3. Install Pyinstaller
http://pythonhosted.org/PyInstaller/#installing-using-pip

4. Apply updated to porters.py via BitBucket

5. Using updated porters.py run
pyinstaller –onefile –noconsole –icon=portericon.ico porters.py

Microsoft BitLocker TPM Initialization in Domain

First set the OU containers permissions to allow the NTSELF user of systems to write back TPM-ownerinformation, required when first initializing the TPM client:

1. Open Active Directory Users and Computers.

2. Select the OU where you have all computers which will have Bitlocker turned ON.

3. Right Click on the OU and click Delegate Control.

4. Click Next and then click Add.

5. Type SELF as the Object Name.

6. Select create a custom task to delegate.

7. From the object in the folder, select Computer Objects.

8. Under show these permissions, select all 3 checkbox.

9. Scroll down in permissions and select the attribute Write msTPM-OwnerInformation.

10. Click Finish.

11. CUSTOM: Now add the computer to the AD Group named “bitlocker”

12. CUSTOM: Finally power up client, turn on TPM and then initialize TPM in Windows

13. CUSTOM: Enable bitlocker (must be logged in as local/domain admin) and check AD comp object for keys

Next follow the MS article on configuring AD / Bitlocker

http://technet.microsoft.com/en-us/library/cc766015(v=ws.10).aspx

 

To manage the keys you’ll need to register the BitLocker viewer from RSAT as detailed by MS here http://support.microsoft.com/kb/928202

Must be run as a domain admin:     regsvr32.exe BdeAducExt.dll

 

 

trust relationship failed, windows domain

HKLM\System\CurrentControlSet\services\Netlogon\Parameters

Change the value:

DisablePasswordChange=1

 

2016-07-21 UPDATE:

Discovered this thread which mentions using PowerShell to reset the machine password, if you haven’t completed the registry change:

Open PowerShell as administrator. Run this command sequence:

$credential = Get-Credential

(enter domain admin account when prompted)

Reset-ComputerMachinePassword -Server <<YOUR DC NAME HERE>>

Thanks to: https://community.spiceworks.com/how_to/108912-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed

Wise exe switches

Ripped directly from http://www.symantec.com/connect/blogs/wisescript-command-line-options

NOTE: I did find for Aleph that when running the uninstaller (unwise32.exe) I needed to use the shorthand C:Progra~1<<INSTALLDIR>>INSTALL.LOG syntax for it to find the log file.

[expand Title=”You can apply the following command line options to the WSE file. Command line options let you compile as well as set properties.”]

/c file.wse
Compiles the installation script.
/c /s file.wse
Compiles the installation script silently. You can use this option with the /d option.
WiseScript Installations Command Line Options

You can apply the following command line options to compiled .EXE files.

/M
Runs the installation in manual mode, prompting for system directories (examples: Windows, System).
/M=filename
Specifies a value file for installation.
/S
Installs in silent (automatic) mode with no end user choices.
Uninstall Command Line Options

You can apply the following command line options to the WiseScript Express uninstall executable file, unwise.exe or unwise32.exe.

/Z
Removes empty directories, including the one containing Unwise.
/A
Automatic mode. The Wise splash screen appears on the destination computer, and the uninstall proceeds immediately with no end user choices, except for questions about uninstalling shared files.
/S
Silent mode. The uninstall proceeds silently with no splash screen, no dialogs, and no end user choices.
/R
Rollback mode.
/U
Removes the Select Uninstall Method dialog, which means the end user does not see options for a custom, automatic, or repair uninstall.
When you use command line options for the uninstall program, you must send it the path to the log file as a parameter. It must be the log file that is in the same folder as unwise.exe. If the path to the log file contains spaces, it must be surrounded by quotation marks.

Example:
“C:Program FilesApplicationUNWISE.EXE” /A “C:Program FilesApplicationINSTALL.LOG” Application Uninstall[/expand]