All posts by Mike Dixson

SOLVED: Windows does not have enough information to verify the certificate

Problem

When moving from one ADFS server to another I imported a full certificate chain and private key into Machine certs on the new Windows 2016.
The certificate displayed fine and chain is complete.

However viewing the certificate properties via ADFS the certificate information gives the error “Windows does not have enough information to verify the certificate”

Solution

Move the intermediate certificate to the Intermediate Certificate Authorities > Certificates store

It seems stupidly obvious in retrospect but Windows itself could view the cert fine, and the import was done via Machine Certificates so you’d think it would put things in the right place.

Skype for Business Launch At Start Up Minimized Group Policy GPO

You think that having Skype launch minimized at start up would be an easy and well known Group Policy ADMX file or such… but no no no.
No easy life for you Mr Sysadmin.

Well for you yes, cause I’m writing how I managed to achieve it so you don’t have to bang your head against the desk too much.

Configures Skype’s Own AutoStart

This might be a bit belt and braces and the order 3 item below starts Skype4B on Windows start up already.

  • User Configuration
    • Preferences
      • Windows Settings
        • Registry
          • AutoOpenMainWindowOnStartUp (Order:1)
HiveHKEY_CURRENT_USER
Key pathSoftware\Microsoft\Office\16.0\Lync
Value nameAutoOpenMainWindowWhenStartup
Value typeREG_DWORD
Value data0x0 (0)

All Common option set to No

Minimize Skype

  • User Configuration
    • Preferences
      • Windows Settings
        • Registry
          • MinimizeWindowToNotificationArea (Order: 2)
HiveHKEY_CURRENT_USER
Key pathSoftware\Microsoft\Office\16.0\Lync
Value nameMinimizeWindowToNotificationArea
Value typeREG_DWORD
Value data0x1 (1)

Start Skype with Windows

Again this is a bit belt and braces, I’d go with this option over the first as the only method of starting Skype.

Also note that lync.exe is in the path, so the value data could just be lync/lync.exe so that the officeXX in the path doesn’t matter, for a bit of future proofing.

  • User Configuration
    • Preferences
      • Windows Settings
        • Registry
          • Lync (Order: 3)
          • Action: Replace
HiveHKEY_CURRENT_USER
Key pathSoftware\Microsoft\Windows\CurrentVersion\Run
Value nameLync
Value typeREG_SZ
Value data%ProgramFiles(x86)%\Microsoft Office\root\Office16\lync.exe

This should then be applied to the OU that the users exist in and Domain Computers be given read access.

Dism.exe Cleaning Up Invalid Images

After finishing editing and wim image using dism I was being left with Windows still thinking the image was still mounted somehow and not able to remount the image file.
Thanks to a post here I finally managed to resolve the issue by deleting keys under “HKLM\SOFTWARE\Microsoft\WIMMount\mounted images\”

Next I just need to find how to be able to delete the folders ProgramData\Microsoft\Windows\SystemData underneath the root of a mounted image after it’s been unmounted. Windows is locking them but there are no handles open to them

[Solved] WDS Driver Filters Not Working

Like many people it seems I’ve been scratching my head as to why  WDS’s Driver Package Filters were not matching my hardware when imaging a machine that I’d created a driver package group for.

After looking at Greg Shields technet post I was convinced I just needed to grab the model name straight off of the machine type beforehand via a powershell WMI get and I’d be laughing. Alas this still did not work.

I found the best way was to enable the Debug log on WDS, then pull the info directly from what WDS was seeing and use that to create the filters.
I’ve also written a powershell script to pull the details from the debug log as otherwise it takes a fair bit of time.
I’ve posted this here:
https://github.com/mikedixson/Get-SMBios-Strings-From-WDS

Powershell list all properties of an object

Some powershell get commands only output a handful of the object properties get-CalendarProcessing being one such command, than returns just one property.

To get all properties of an object you can pipe to format-list *
get-CalendarProcessing -identity [email protected] | Format-List *

If you know the specific attribute you are after you can still access this variable using select-object.
get-CalendarProcessing -Identity [email protected] | Select-Object AllowConflicts

Get Boot Time For all computers in an OU – Powershell

I wrote the following script enumerates an OU and then looks up the last boot time for each computer.

https://github.com/mikedixson/GetLastBootTimeFromOU

Note: I’m starting to put any scripts I write on GitHub, this will make it easier for you copy down and easier for me to keep any scripts up to date.

Easy GPO Audit Using Powershell

After poking around the Group Policy Objects (GPO) of an infrastructure that was new to me I needed a decent way of producing a quick and useful report on the state of the GPOs.

Because the ComputerVersion and UserVersion numbers are listed as two figures, one for AD and one for Sysvol just an export-csv of get-gpo left me with blank ComputerVersion and UserVersion.

I found this post: https://community.spiceworks.com/topic/551588-get-gpo-userversion-and-computerversion-troubles

By using the following powershell I was able to within minutes provide useful information on the state of the GPOs.

get-gpo -all | select Displayname,ID,Description,GPOStatus,CreationTime,ModificationTime,@{Label="ComputerVersion";Expression{$_.computer.dsversion}},@{Label="UserVersion";Expression={$_.user.dsversion}}| export-csv gpo-audit.csv

A small bit of conditional formatting later and we can see that the Domain GPO has a large amount of user setting edits and should be split into a user only GPO and a computer GPO (I won’t go into where these GPOs should be linked at this stage).
A snipping of an excel spreadsheet with colour coding providing meaning to the figures

SOLVED: False cursor position when entering and editing text in a cell in Excel

Similar to this article I was experiencing a false cursor position and the cursor position and text shifting when editing versus when viewing the cell

I played with the formatting and found that enabled LTR (Left to right formatting) helped, at least made it usable to edit the cell.

However I found the solution for me was to change the font!! Somehow the font the problem cell had become formatted as MS Shell DG font (a font I can’t actually see in the font browser now).
Changing the cell’s font back to the default Calibri resolved the issue!

I’m running Version 1708 (Build 8431.2131 Click-to-Run)