Start Menu locations - Or add a simple Start Menu yourself without 3rd party tools

I keep forgetting the path to the Start Menu:

"C:\Program Data\Microsoft\Windows\Start Menu\Programs"

This is the same for Windows 7 up to Windows 10, and for Server 2012 to Server 2016.

But, wouldn't it be nice to have some sort of start menu without installing some malware/spyware infested tool? Then this quick fix is for you:

• Display "Hidden items" on your C: Drive.
• Open File Explorer and browse to your C: Drive. 
• On the View tab, check the "Hidden items" checkbox.
• Add a New Toolbar on your Taskbar.
• Right-click on a blank area of your Taskbar and select Toolbars > New Toolbars.
• Browse to the Start Menu\Programs folder.
• In the New Toolbar dialog box, browse to the "C:\Program Data\Microsoft\Windows\Start Menu\Programs" folder. 
• Click the "Select Folder" button.
• Click the "Select Folder" button to add the new Toolbar to your Taskbar.

Here's what it looks like:

How to Microsoft LAPS Local Administrator Password Solution

This is something I implemented at our company.
It's pretty straight forward, if you get the access rights right.

Microsoft is offering the Local Administrator Password Solution (LAPS) that provides a solution to the issue of using a common local account with an identical password on every computer in a domain. LAPS resolves this issue by setting a different, random password for the common local administrator account on every computer in the domain. Domain administrators using the solution can determine which users, such as help-desk administrators, are authorized to read passwords.
Compromised identical local account credentials could allow elevation of privilege if an attacker uses them to elevate from a local user/administrator to a domain/enterprise administrator. Local administrator credentials are needed for occasions when logon is required without domain access. In large environments, password management can become complex, leading to poor security practices, and such environments greatly increase the risk of a Pass-the-Hash (PtH) credential replay attack.
LAPS simplifies password management while helping customers implement recommended defenses against cyber-attacks. In particular, the solution mitigates the risk of lateral escalation that results when customers use the same administrative local account and password combination on their computers.

This part came from PeteNetLive, and worked like a charm:

Download LAPS from here

Install Laps on a DC with all the options. (if you apply the defaults it will only install the GPO Extensions), which is what you would want on the 'controlled machines'.

Install the LAPS software to the target machines, in fact it's just a copy of some files.

msiexec /i \\Server\Share\laps.x64.msi /quiet

or
msiexec /i c:\laps.x64.msi /quiet

Extend Active Directory Schema:

On the management machine run the following two PowerShell commands, to add the two new attributes to Active Directory.

Import-Module AdmPwd.PS
Update-AdmPwdADSchema 

Check/Set Permissions to Read Local Admin Passwords

grant the rights to the computers themselves to be able to update the password in Active Directory. (If you have nested OU's, simply apply on the top level OU). Change the value in red to suit your own OU/OU's.

Set-AdmPwdComputerSelfPermissions -OrgUnit 'Domain Computers'

To see who has rights to view the passwords in AD (for a given OU), use the following command. Below you can see the default of SYSTEM and Domain Admins is displayed.

Find-AdmPwdExtendedRights -Identity 'Domain Computers'

To grant read password permissions to a particular group, use the following syntax, below I have an AD group called HelpDesk setup and I'm adding them into the AD ACL to be able to read local administrator passwords for the Domain Computers OU.

Set-AdmPwdReadPasswordPermissions -Orgunit 'Domain Computers' -AllowedPrinciples PeteNetLive\HelpDesk

Note: If you have multiple groups you can separate/delimit them with a comma.

Deploy the GPO Extensions to 'Controlled' Machines

On the management machine, create a new GPO object, and link it to the OU containing the computers/servers you want to apply the password settings to.

Edit the GPO.

Navigate to:

      

Computer Configuration > Policies > Administrative Templates > LAPS

The policy that turns LAPS on is the last one 'Enable local admin password management' > Enable it.

The actual complexity and age of the password is set in the 'Password Settings' policy, > Enable it and accept the defaults.
Note: the other two policies are;
Name of the administrator account to manage: Use if you you have manually created another common admin account on all your machines NOT if you have renamed the local administrator account.
Do not allow password expiration time longer than required by policy: Set to Enabled.

View the Local Admin Passwords for Controlled Machines.

1. You can do this from PowerShell with the following command;

Get-AdmPwdPassword -ComputerName hostname

Or if you have installed the Fat client, you can launch that from;

C:\Program Files\LAPS\AdmPwdUI.exe

Or as it's an AD object attribute, you can view it on the Computers AD object.

Source 1
Source 2

Check WAN IP address at icanhazip.com and mail the results

Since my ISP had planned maintenance last week, i couldn't access my boxes at home from the internet. My WAN IP address had changed. This happens once a year maybe but it's annoying enough to make something for it.

I found a great script from Leon van Efferen, but it didn't do exactly what i needed so i modified it a bit.

First off the check against whatismyip.com didn't work anymore, so i modified that to check against icanhazip.com.

Which by the way you can also do from Powershell directly:

(Invoke-WebRequest icanhazip.com).Content.Trim()

Then i wanted to receive an email everyday just to know it's still working and to be able to check my IP address always, not only if it changes.

This is what i came up with:

###########################################################################
#
# NAME:  CheckWANIP 
#
# COMMENT: Check the WAN IP Address based on ifconfig.me Automation page
#   and e-mail a message .
#
###########################################################################

#Set Target Domain
$TargetDomain = "domain.com" #Enter your FQDN that is linked to your WAN ip address

Function SendMail {
$EmailFrom = "IPCheck@domain.com" #Enter the e-mail address it should send the message from.
$EmailTo = "user@domain.com" #Enter the e-mail address it should send the message to.
$Subject = "External IP Address at icanhazip.com is $current_WAN_IP" #Enter your subject the e-mail message should contain.
$Body = "Compare the IP addresses from domain.com $DNS_WAN_IP and DNS records from ifconfig.me $Current_WAN_IP"  #Enter the message that the e-mail should contain.
$SMTPServer = "smtp.gmail.com" #Enter the FQDN of your SMTP server eg. smtp.gmail.com
$SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 25) #Enter your SMTP Port eg. 587
$SMTPClient.EnableSsl = $false # Change to $false if you don't want to use SSL
$SMTPClient.Send($EmailFrom, $EmailTo, $Subject, $Body)
}

# Do not change anything below this line.
$DNS_WAN_IP = [System.Net.Dns]::GetHostAddresses("$TargetDomain") | select-object IPAddressToString -expandproperty  IPAddressToString
Write-host "Resolved IP Address of $TargetDomain = $DNS_WAN_IP" 
$Current_WAN_IP = (Invoke-WebRequest icanhazip.com).Content.Trim()
Write-host "Current WAN IP Address = $Current_WAN_IP"
SendMail
Write-host "Sending email"
exit

Then you can schedule it as a daily task:
Powershell.exe "& 'C:\path to script\CheckWANIP.ps1'"

Windows 8 and the missing Wifi profile manager

Never missed it until i needed it just now.
In Windows 7 there's a wifi profile manager.

Here you can edit your wifi connections, even those your currently not connected to.

In windows 8 its gone....

Now you must use Netsh from the windows 8(.1) CLI (cmd).

Open a run box window (or press win+R) then type cmd to open Windows 8 CLI.

To see stored wireless profiles, type:

   netsh wlan show profiles

This will show a list of saved profiles of your connected WLAN devices. Then you'll need to write/save/memorize the profile name that you want to change.

To see the stored key (WPA/WEP/etc) of a specific profile:

   netsh wlan show profiles name=[profile name] key=clear

You'll find the key content under security settings.

To delete a stored profile:

   netsh wlan delete profile name=[profile name]

This will delete the stored profile of every WLAN interface. If you want to delete the profile of a specific WLAN interface, you need to use the following:

   netsh wlan delete profile name=[profile name] interface=[interface name]

Or you can use an open source tool called: WiFi Profile Manager 8.

This tool lets you view all connections ever made in an easy to use GUI.
Go to the website for more info.

Get system up time script and alternative ways

Save as a ps1 script, and run.

$computer = "computername"

$lastboottime = (Get-WmiObject -Class Win32_OperatingSystem -computername $computer).LastBootUpTime

$sysuptime = (Get-Date) – [System.Management.ManagementDateTimeconverter]::ToDateTime($lastboottime) 
  
Write-Host "$computer has been up for: " $sysuptime.days "days" $sysuptime.hours "hours" $sysuptime.minutes "minutes" $sysuptime.seconds "seconds" 

Outputs like:

PS D:\_DATA\Scripts> .\Uptime.ps1

computername has been up for:  71 days 4 hours 26 minutes 50 seconds

Alternatives:

1. Go to "Start" -> "Run".

2.  Write "CMD" and press on "Enter" key.

3. Write the command systeminfo | find "up time" and press on "Enter" key.

1. Go to "Start" -> "Run".

2.  Write "CMD" and press on "Enter" key.

3.  Write the command "net statistics server" and press on "Enter" key.

4.  The line that start with "Statistics since …" provides the time that the server was up from.

•   The command "net stats srv" can be use instead.

Uptime.exe Tool Allows You to Estimate Server Availability with Windows NT 4.0 SP4 or Higher

Source

Alternate source

What are "Schannel" errors and how to stop logging them

With certain Microsoft products, such as Exchange and Lync you see your evelogs filling up with "Schannel" errors; event id: 36888 The following fatal alert was generated: 51. The internal error state is 1306.

The event it self doesnt give out a lwhole lot of information but here is an explanation for it from technet:

When you enable Schannel event logging on a computer that is running Microsoft Windows NT Server 4.0, Microsoft Windows 2000 Server, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft Windows Server 2008, or Microsoft Windows Server 2008 R2, detailed information from Schannel events can be written to the Event Viewer logs, in particular the System event log. This article describes how to enable and configure Schannel event logging. 


The internal error state is 1203 - From a support forum: "This event is seen on windows 2008 R2 running IIS. If a user tries to access a web site using HTTP but specifies an SSL port in the URL then this event is logged. This event is expected as the client is trying to use the wrong port or the wrong protocol to access the site
The error 1203 indicates invalid ClientHello from the client. This is by design and you can ignore this warning."

If your System eventlog is filling up with "Schannel" errors, and you want to stop this behavior, you can do the following.

Enable /disable logging

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Note This registry key is present already in Windows 2000 and XP Professional.

1. Start Registry Editor. To do this, click Start, click Run, type regedt32, and then click OK.
2. Locate the following key in the registry:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
3. On the Edit menu, click Add Value, and then add the following registry value:
   Value Name: EventLogging
   Data Type: REG_DWORD
   Note After you add this property, you must give it a value. See the table in the "Logging options" section to obtain the appropriate value for the kind of events that you want to log.
4. Exit Registry Editor.
5. Click Start, click Shut Down, click to select Restart, and then click OK to restart the computer. (Logging does not take effect until after you restart the computer).

Logging options

The default value for Schannel event logging is 0x0000 in Windows NT Server 4.0, which means that no Schannel events are logged. In Windows 2000 Server and Windows XP Professional, this value is set to 0x0001, which means that error messages are logged. Additionally, you can log multiple events by specifying the hexadecimal value that equates to the logging options that you want. For example, to log error messages (0x0001) and warnings (0x0002), set the value to 0x0003.

Collapse this tableExpand this table:

Value	Description
0x0000	Do not log
0x0001	Log error messages
0x0002	Log warnings
0x0004	Log informational and success events

Source

Outlook web access opens in "Light mode" by default on Windows 8.1

If you upgraded to Windows 8.1 and tried to access Outlook Web App with the new Internet Explorer 11, you probably noticed that the “Use the light version of Outlook Web App” checkbox is checked and disabled on the login page:



That means that IE11 is willing to render only the basic version of OWA which was originally designed to target legacy browsers. This is quite embarassing, because IE11 is a really modern browser even in the preview!
The solution is to force IE to render OWA in compatibility mode. You can add the site to the compatibility list in the Tools –> Compatibility View Settings dialog:



This didn’t solve my problem, because only top-level domains can be added to this list, but I could take the advantage of the fact that according to the first checkbox, intranet sites are by default rendered in compatibility view. So I added my OWA URL to the list of sites in the Intranet Zone in the Tools –> Internet Options –> Security –> Local intranet –> Sites –> Advanced dialog.
According to some forum posts, the same issue arises with Office 365 and some popular websites like GitHub as well.

Source

Find and reset disconnected RDP Sessions

We have a lot of servers. When I get disconnected, I may leave hanging sessions on those servers which I forget to properly close. Then, after I change the password for my admin account, I sometimes get locked out as a result of what I had open in the now disconnected session.

Tracking this down is always annoying and time consuming.
When users (including administrators) are terminated, you want to find and reset those sessions too. 

ServerSessions.vbs is a script for admins to run to track down sessions on servers and optionally reset them. You can list sessions on all servers in a domain, and reset either all or just disconnected sessions

The script in VBS:

'ServerSessions.vbs
'Lists and optionally resets a user's server sessions
'Alan dot Kaplan at VA dot Gov. 
'10/24/2011.  10/26 version fixed logging when list only
Option Explicit    
dim wshShell
Set wshShell = WScript.CreateObject("WScript.Shell")
Dim retval
Const ADS_CHASE_REFERRALS_ALWAYS = &H20
Dim oConn, oCmd, oRS
Dim strADSPath, strADOQuery
Dim strDomainCN
Dim fso,logfile, appendout
Dim strUser, strSessionID
'Get the default ADsPath for the domain to search.
Dim root: Set root = GetObject("LDAP://rootDSE")
strADSPath = root.Get("defaultNamingContext")

Const ForAppend = 8
Set fso = CreateObject("Scripting.FileSystemObject")

If (Not IsCScript()) Then   'If not CScript, re-run with cscript...
 dim quote
 quote=chr(34)

 WshShell.Run "CScript.exe " & quote & WScript.ScriptFullName & quote, 1, true
    WScript.Quit             '...and stop running as WScript
End If
If InStr(1,MyOS,"Server",1) = 0 Then
 MsgBox "You must run this from server OS",vbExclamation + vbOKOnly,"Error"
 'WScript.Quit
End If
retval = MsgBox("This script will identify and optionally logoff disconnected sessions for a user on all of the servers " & _
 "in AD within a domain. Do you want to continue?",vbYesNo + vbQuestion,"Get List of all Servers")
 If retval = vbNo Then WScript.Quit

strADSPath = InputBox("Get server list from what domain","Domain",strADSPath)
 If strADSPath = "" Then WScript.Quit
strUser = InputBox("Search for what username?","User Name",wshShell.ExpandEnvironmentStrings("%USERNAME%"))
If strUser = "" Then WScript.Quit
dim message
message =  "Do you want to:" & VbCrLf & _
   "1) Get list only" & VbCrLf & _
   "2) Reset disconnected sessions" & VbCrLf & _
   "3) Reset all sessions for user" & VbCrLf & _
   "0) Quit" 
Dim iActionType
iActionType  = InputBox(message,"Choose Action",1)
iActionType = CDbl(iActionType)
If iActionType = 0 Then WScript.Quit

GetServerList
wshShell.Run "notepad.exe " & quote & logfile & quote
' =========== Functions and Subs ==========
Sub GetServerList()
 '--- Set up the connection ---
 Set oConn = CreateObject("ADODB.Connection")
 Set oCmd = CReateObject("ADODB.Command")
 oConn.Provider = "ADsDSOObject"
 oConn.Open "ADs Provider"
 Set oCmd.ActiveConnection = oConn
 oCmd.Properties("Page Size") = 50
 ocmd.Properties("Chase referrals") = ADS_CHASE_REFERRALS_ALWAYS

 logfile = Replace(strADSPath,",","_")
 logfile = Replace(logfile,"DC=","")
 logfile = wshShell.ExpandEnvironmentStrings("%userprofile%") & "\desktop\" & strUser & " In " &  logfile & ".txt"

 If fso.FileExists(logfile) Then fso.DeleteFile logfile,True
 set AppendOut = fso.OpenTextFile(logfile, ForAppend, True)
 strDomainCN = DomainCN(strADSPath)

 '--- Build the query string ---
 strADOQuery = "<LDAP://" & strDomainCN & "/" & strADSPath & ">;" & "(&(OperatingSystem=*Server*)(objectClass=computer))" &  ";" & _
     "Name;subtree"
 oCmd.CommandText = strADOQuery

 '--- Execute the query for the object in the directory ---
 Set oRS = oCmd.Execute
 If oRS.EOF and oRS.Bof Then
   MsgBox  "No Servers AD entries found!",vbCritical + vbOKOnly,"Failed"
   appendout.WriteLine "Query Failed"
 Else
  While Not oRS.Eof
     SessionQuery oRS.Fields("Name")
    oRS.MoveNext
  Wend
 End If

 oRS.Close
 oConn.Close
End Sub
Sub SessionQuery (strServer)
 WScript.Echo "Checking " & strServer
 dim objEx, data
 Set objEx = WshShell.Exec("QWinsta /server:" & strServer)
 'one line at a time
 While Not (objEx.StdOut.AtEndOfStream)
  data = objEx.StdOut.ReadLine
  If InStr(1,data,strUser,1) Then
   strSessionID = GetSession(data)
   if iactionType = 1 then
    EchoAndLog strServer & ",found session for " & strServer
   Else
    Wscript.echo strServer & ",found session for " & strServer
   End if
   'always logoff
   If iActionType = 3 Then ResetSession strServer, strSessionID
   'Logoff disconnected
   If iActionType =2 And InStr(1,data,"disc",1) Then
    ResetSession strServer,strSessionID
   End If
  End If
 Wend
End Sub
Sub ResetSession(strServer, ID)
 Dim strCommand, oExec
 strCommand = "reset session " & id & " /server:"  & strServer
 Set oExec    = WshShell.Exec(strCommand)
 wscript.sleep 500

 'this is typically empty
 While Not (oExec.StdOut.AtEndOfStream)
  EchoAndLog oExec.StdOut.ReadLine
 Wend

 If oExec.ExitCode <> 0 Then
      EchoAndLog strServer & ",Problem resetting session " & ID & " on server " & strServer & ", Non-zero exit code, " & oExec.exitcode
 Else
  EchoAndLog strServer & ",Reset session " & ID & " on server " & strServer
 End If
End Sub
Function DomainCN(strPath)
 DomainCN = Replace(strPath,",",".")
 DomainCN= Replace(DomainCN,"DC=","")
End Function
Function MyOS()
 Dim oWMI,ColOS,ObjOS, OSver
 Set oWMI = GetObject("winmgmts:\\.\root\cimv2")
 Set ColOS = oWMI.ExecQuery("SELECT Caption, version FROM Win32_OperatingSystem")
 For Each ObjOS In ColOS
   MyOS = objOS.caption & Space(1) & objos.version
 Next
End Function
Function GetSession(text)
  text = strip(lcase(Text))
  Dim tArray, i
  tArray = Split(text,Space(1))
  i = 0
  While tArray(i) <> lCase(strUser)
   i = i +1
  Wend

  GetSession = tArray(i+1)
End Function

Function Strip(text)
 text = Replace(text,vbtab,Space(1))
 While InStr(text,Space(2)) > 0
  text = replace(text,Space(2),Space(1))
 Wend
 Strip = text
End Function

Sub EchoAndLog (message)
 'Echo output and write to log
 Wscript.Echo message
 AppendOut.WriteLine message
End Sub 

Function IsCScript()
    If (InStr(UCase(WScript.FullName), "CSCRIPT") <> 0) Then
        IsCScript = True
    Else
        IsCScript = False
    End If
End Function

Source