Category Archives: Windows

SOLVED: Windows does not have enough information to verify the certificate

Problem

When moving from one ADFS server to another I imported a full certificate chain and private key into Machine certs on the new Windows 2016.
The certificate displayed fine and chain is complete.

However viewing the certificate properties via ADFS the certificate information gives the error “Windows does not have enough information to verify the certificate”

Solution

Move the intermediate certificate to the Intermediate Certificate Authorities > Certificates store

It seems stupidly obvious in retrospect but Windows itself could view the cert fine, and the import was done via Machine Certificates so you’d think it would put things in the right place.

Dism.exe Cleaning Up Invalid Images

After finishing editing and wim image using dism I was being left with Windows still thinking the image was still mounted somehow and not able to remount the image file.
Thanks to a post here I finally managed to resolve the issue by deleting keys under “HKLM\SOFTWARE\Microsoft\WIMMount\mounted images\”

Next I just need to find how to be able to delete the folders ProgramData\Microsoft\Windows\SystemData underneath the root of a mounted image after it’s been unmounted. Windows is locking them but there are no handles open to them

[Solved] WDS Driver Filters Not Working

Like many people it seems I’ve been scratching my head as to why  WDS’s Driver Package Filters were not matching my hardware when imaging a machine that I’d created a driver package group for.

After looking at Greg Shields technet post I was convinced I just needed to grab the model name straight off of the machine type beforehand via a powershell WMI get and I’d be laughing. Alas this still did not work.

I found the best way was to enable the Debug log on WDS, then pull the info directly from what WDS was seeing and use that to create the filters.
I’ve also written a powershell script to pull the details from the debug log as otherwise it takes a fair bit of time.
I’ve posted this here:
https://github.com/mikedixson/Get-SMBios-Strings-From-WDS

Powershell list all properties of an object

Some powershell get commands only output a handful of the object properties get-CalendarProcessing being one such command, than returns just one property.

To get all properties of an object you can pipe to format-list *
get-CalendarProcessing -identity [email protected] | Format-List *

If you know the specific attribute you are after you can still access this variable using select-object.
get-CalendarProcessing -Identity [email protected] | Select-Object AllowConflicts

Get Boot Time For all computers in an OU – Powershell

I wrote the following script enumerates an OU and then looks up the last boot time for each computer.

https://github.com/mikedixson/GetLastBootTimeFromOU

Note: I’m starting to put any scripts I write on GitHub, this will make it easier for you copy down and easier for me to keep any scripts up to date.

Easy GPO Audit Using Powershell

After poking around the Group Policy Objects (GPO) of an infrastructure that was new to me I needed a decent way of producing a quick and useful report on the state of the GPOs.

Because the ComputerVersion and UserVersion numbers are listed as two figures, one for AD and one for Sysvol just an export-csv of get-gpo left me with blank ComputerVersion and UserVersion.

I found this post: https://community.spiceworks.com/topic/551588-get-gpo-userversion-and-computerversion-troubles

By using the following powershell I was able to within minutes provide useful information on the state of the GPOs.

get-gpo -all | select Displayname,ID,Description,GPOStatus,CreationTime,ModificationTime,@{Label="ComputerVersion";Expression{$_.computer.dsversion}},@{Label="UserVersion";Expression={$_.user.dsversion}}| export-csv gpo-audit.csv

A small bit of conditional formatting later and we can see that the Domain GPO has a large amount of user setting edits and should be split into a user only GPO and a computer GPO (I won’t go into where these GPOs should be linked at this stage).
A snipping of an excel spreadsheet with colour coding providing meaning to the figures

Powershell Script to Check if a Website is Up and if Not Restart a service

The below PowerShell script check the website is responding AND doesn’t returns a certain string, if either test is failed then a Windows service is restarted, forcefully if necessary after a grace period.

Please note that I have modified this script to make it more easily customisable and not had the opportunity to test with the strings switched out for the variables. The logic is sound and works.

Also note that this is one code block (word press isn’t a fan of it being one though :-/
You can download the file here CheckWebsiteIsUp.ps1

$webClient = new-object System.Net.WebClient
$webClient.Headers.Add("user-agent", "PowerShell Script")


#Initialising
$webClient = new-object System.Net.WebClient
$webClient.Headers.Add("user-agent", "PowerShell Script")

#Variables to modify
$output = "" #Define output variable
$serviceName = "confluence" #Short windows service name
$smtpServerName = "smtp.website.com" #SMTP Server name
$fromEmailAddress = "[email protected]" #Email address for mail to come from/reply address
$stringToCheckFor = "The service is unavailable" #String to check for. Note that this will be searched for with wildcards either side
$startTime = get-date
$output = $webClient.DownloadString("http://www.website.com/") #Modify this url to be the url you want to test
$endTime = get-date

#Main workload
#The below checks for the string "The service is unavailable" from your website and if found forcefully restarts the defined service
if ($output -And $output -notlike "*$stringToCheckFor*") {
"Site Up`t`t" + $startTime.DateTime + "`t`t" + ($endTime - $startTime).TotalSeconds + " seconds"
} else {
"Fail`t`t" + $startTime.DateTime + "`t`t" + ($endTime - $startTime).TotalSeconds + " seconds"
stop-service $serviceName -force
"Stop Service Command Sent"
$svc = Get-Service $serviceName
$svc.WaitForStatus('Stopped','00:05:00') #Waits for service to enter stopped state or 5 mins has passed, whichever is first
get-service $serviceName | where-object {$_.Status -eq "Stopped"} | restart-service #Belt and braces but only restarts the service if it's stopped.
$svc.WaitForStatus('Running','00:01:00') #Waits for service to enter Running state or 1 minute to pass, whichever is first
Send-MailMessage -From “[email protected]” -To “$fromEmailAddress” -SmtpServer “$smtpServerName” -Subject "$serviceName Service Restarted" -Body "$serviceName Service Restarted" #Sends an email alert that the service was restarted
}

Solution: Wacom Intuos Pen and Touch Pressure Sensitivity in Photoshop

So in order to use pressure sensitivity in Photoshop you MUST have Use Windows Ink enabled.

Wacom Control Panel use Windows Link
Wacom Control Panel use Windows Link

But without it no pressure sensitivity at all and in Brush Dynamics the pen control option just gives you an exclamation mark next to it.

Update: I’ve upgraded one of my machines to Windows 10 and Windows Ink doesn’t seem necessary on that one for pressure sensitivity.

Reinstalling TCP/IP Network Stack Windows 7

Taken from [https://pandapow.co/how-to/win-reset-adapter/] – These instructions were used by a colleague recently when his network stack was b0rK3n. Running both the reset for tcp4 and tcp6 seemed to be key. Just resetting 4 did not resolve his issue.

Open the Command Prompt as an administrator

Run the commands in this document in a Command Prompt that has been started “*as administrator*”.

  1. Click the *Start menu*
  2. Type *cmd* in the search box,
  3. *right-click* the cmd item at the top and select *Run as administrator* from the menu

Reset Winsock

Resets Winsock Catalog to a clean state.
netsh winsock reset
*Restart computer*

Reset Firewall

This command restores the Windows Firewall with Advanced Security policy to the default policy.
netsh advfirewall reset

Reset BranchCache

Resets the BranchCache service. Flushes the local cache. Every configuration parameter of BranchCache will be reset to its default value.
netsh branchcache reset

Reset IPv4

Resets TCP/IP and related components to a clean state.
netsh int ip reset

Reset IPv6

Resets IPv6 configuration state.
netsh int ipv6 reset