Deploying WPA2 WiFi profile (including Pre-Shared key) using Group Policy

Date : April 13, 2019

Problem

Whilst there is a setting in Group Policy Preferences to deploy WiFi settings, this does not include the WiFi Pre-Shared Key (PSK).

The following method will allow you to also push out the Pre-Shared Key:

Solution

From a PC that already has the WiFi profile installed:

Open command prompt (as admin) and run the following command. Make a note of the name of the profile you want to export:

netsh wlan show profiles

Run the following command, replacing the profile name with the one you wish to export, and path to an existing folder where an XML file will be created

netsh wlan export profile name="MyWiFiSSID" folder=C:\WLAN key=clear

Note that the key=clear is vital for this to work.

Copy that XML file to a network share that is accessible from the computer accounts. Do bear in mind the WiFi key is visible in plain text within this file, so consideration must be taken as where/how to store it.

The following command is used to install the profile:

netsh wlan add profile filename="\\servername\share\Wi-Fi-MyWiFiSSID.xml" user=all

… however, this will reinstall and reconnect the WiFi each time.

From my experience, the best method is to create a Computer Startup script GPO that will only run once. This one does the trick:

IF EXIST C:\WiFi.txt GOTO END

netsh wlan add profile filename="\\servername\share\Wi-Fi-MyWiFiSSID.xml" user=all >> C:\WiFi.txt

:END


How to fix: “NBP filesize is 0 bytes” when PXE booting. PXE-E23 error.

Date : September 6, 2018

Issue

When attempting to PXE boot a UEFI machine, the following error is displayed:

NBP filename is boot\x64\wdsmgfw.efi
NBP filesize is 0 Bytes
PXE-E23: Client received TFTP error from server

 

Solution

Copy "C:\Windows\System32\RemInst\boot\x64\wdsmgfw.efi" to “<WDS root>\Boot\x64\wdsmgfw.efi

This error is caused by wdsmgfw.efi missing from <WDS root>\boot\x64\ directory.


Canon MFD: “Could not verify the information specified for Department ID Management”

Date : July 21, 2017

Issue

You get the following error when printing from a client:

Could not verify the information specified for Department ID Management or User Management. Printing will be canceled. Refer to [Troubleshooting] in Help for more information.

You have a Canon copier/MFD setup in a print server/client scenario. You also have Department ID’s requirement enabled.

 

Solution

You need to install the Canon Driver Information Assist Service on the print server.

The installer is called “DIASsetup.exe” and resides in the “misc” folder on the driver installation directory.

Printing should work fine from clients once this service is installed on the print server.


Accessing the BIOS on Lenovo V110-15ISK laptop

Date : June 15, 2017

Accessing the BIOS and boot options are critical for installing Windows or PXE booting. If I’m being honest, it took me a few attempts to get into the BIOS for this model of laptop. If I put this info here it may help a fellow techie elsewhere..

 

To access the BIOS..

press Fn+F2

 

To access the Boot Menu..

press Fn+F12


Migrate shares from one Windows server to another

Date : March 19, 2017

If you need to migrate your shares from one Windows server to another, the Microsoft documentation will give you the “proper” process (by way of File Server Resource Manager). This is a much quicker and dirtier method that I’ve used many times.

Perhaps you’re migrating your file server, or simply setting up another one; everyone at some point will need to migrate SMB shares and permissions. Luckily, it’s a relatively painless process:

Firstly if you haven’t already done so you should copy the data to the new server, keeping permissions and attributes intact

 

Steps:

  • On the old server: open regedit and browse to: HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares
  • Export the key
  • On the new server: check the same key and see if any shares already exist and need to be kept. If they do, export the key and keep it safe.
  • Transfer the exported registry key to the new server and double-click to import it.
  • (if you need to reinstate the original shares, re-import the new reg key over the top)
  • Reboot the server and that’s it!

 

I told you it was easy!


How to establish PowerShell connection into Office 365 Exchange

Date : March 4, 2017

We all know how important PowerShell has become, so it important to be able to establish a connection to Office 365.

Some things just can’t be done through the web-based GUI that Microsoft provides (or take a lot longer to do. Think repetitive tasks).

 

The 3 commands you will need to connect are:

 

$cred=Get-Credential
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $Session

 

Enter these one at a time, and you’ll then be connected to Office 365 Exchange!

 

You can verify the connection with the very simple command to show you a list of all your users:

Get-Mailbox

 

Happy PowerShell-ing!


Windows Update not working (0% downloading) on Windows Server 2016 behind a proxy server

Date : February 19, 2017

Issue

I recently had a fresh Server 2016 installation that was stuck on “0% downloading” updates permanently. Note: We also have to go via a proxy server for our internet connection.

From the command line, if you run:

netsh winhttp show proxy

you will see the system proxy hasn’t been set.

 

Solution

If you have to go through a proxy server to get an internet connection, you will need to first set your (user) proxy server in Internet Explorer options menu, then run:

netsh winhttp set proxy source=ie

Now your Windows Update should work as expected again (you many need to restart the service first). Not quite sure why this has become “a thing” seeing as Server 2012 R2 never needed this, but hey-ho!

 

 

Alternative solution

Alternatively, just run this single command:

set proxy proxy.mycompany.com:8080

And to configure the proxy bypass:

set proxy proxy.mycompany.com:8080 "<local>;bar"

 


Cannot print to network printer: “Win32 error code returned by the print processor: 5. Access is denied.”.

Date : December 2, 2016

Issue

Cannot print to network printer. Print jobs appear and disappear as expected in the print queue, however no data is sent to the printer.

Event viewer shows the following:

The document Test Page, owned by USERNAME, failed to print on printer PRINTER. Try to print the document again, or restart the print spooler.
Data type: RAW. Size of the spool file in bytes: 145189. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\SERVERNAME. Win32 error code returned by the print processor: 5. Access is denied.

If you run Process Monitor with “process name = printfilterpipelinesvc.exe” you’ll see the following:

CreateFile    C:\Windows\System32\spool\PRINTERS\*.tmp    ACCESS DENIED

Solution

Give modify permissions to Everyone on the following directory: C:\Windows\System32\spool\PRINTERS\


Microsoft SQL Server 2012 SP2 failed with error: -2068643838. Sophos Enterprise Console installation error

Date : October 26, 2016

I was trying to install Sophos Enterprise Console on a new server (a process I have done many, many times) and got hit with a very generic error message, prompting me to look at the installer log file.

I had a look, and all looked happy until it tried to execute the following command to install SQL Express:

 

INFO : Running command line: C:\sec_541\ServerInstaller\pre-reqs\sqlExpress2012SP2\SQLEXPR_x64_ENU.exe /Q /HIDECONSOLE /IACCEPTSQLSERVERLICENSETERMS /ACTION=INSTALL /FEATURES=SQL /INSTANCENAME=SOPHOS /SQLSVCACCOUNT="NT AUTHORITY\SYSTEM" /SQLSYSADMINACCOUNTS="BUILTIN\Administrators" /NPENABLED=1 /TCPENABLED=0

 

Then this:

ERROR : Command: Microsoft SQL Server 2012 SP2 failed with error: -2068643838

Darn!

(more…)


Migrate files from one Windows server to another, keeping permissions and attributes intact

Date : October 26, 2016

Need to replace one of your file servers? Maybe you’re migrating from Server 2008 to 2012/2016.

Use this command to copy your files from one server to another keeping ACL permissions, owner info, timestamps etc. intact:

robocopy source destination /E /ZB /DCOPY:T /COPYALL /R:1 /W:1 /V /TEE /LOG:C:\copy.txt
(remember – robocopy knows how to handle UNC paths, also)

Best of luck with the rest of your migration!

 

Explanation of switches:

/E – copies subdirectories, including empty ones

/ZB – use restartable mode; if access denied use Backup mode (useful for locked files)

/DCOPY:T – copies timestamps for the directories

/COPYALL – copies: attributes, timestamps, ACL permissions, owner info, audit info

/R:1 – number of retries

/W:1 – wait time between retries

/V – verbose output

/TEE – output to console, as well as log file

/LOG:C:\copy.txt – log file location


“Applying computer settings” or “Please wait” taking a VERY long time. KB2775511 to the rescue!

Date : October 23, 2016

I had a friend reach out to me for some help: there was a single Windows 7 computer at his work that would intermittently get stuck at “Please wait…”for about 30 mins when booting.

“No problem”, I said. First thing to try is enabling verbose messaging through Group Policy. “Please wait…” hides the real startup messages that you tend to see on Windows Server OS’es

A few days goes by and I get a phone call from my friend again. The computer is stuck again, this time saying “Applying computer settings…”. Not very helpful.

This is where the magical KB2775511 comes in. This is a must have for any Windows domain environment and contains over 90 various domain-focused fixes, including Folder Redirection, SMB, Offline Files, Group Policy etc. This update has fixed many of my issues, both directly and indirectly.

(more…)


@