WSUS – Throttle Bandwidth Utilisation

Just had an issue today where I approved WSUS updates for maintenance and came to the realisation that as soon as you approve new updates WSUS automatically begins to download them. Here I am trying to isolate why the browsing internet, reviewed the gateway, noted download traffic was massive from the WSUS server, logged on and noticed…. akamai.

WSUS - Akamai

 

Yep, I didn’t even realise (noob I know) but I’ve found a way to manage the downloads by WSUS (and other Microsoft services that are chucking a sneaky). BITS is a sneaky little service that most people may not even realise is affecting the performance of their internet use. Here’s an acrostic poem I prepared earlier:

Background
Intelligent
Transfer
Service

All we need to do is throttle the amount of bandwidth the service uses during a certain time frame.

  1. Open Group Policy Management
  2. Browse to Computer Configuration > Policies > Administrative Templates > Network > Background Intelligent Transfer Serice
  3. Double click Limit the maximum network bandwidth for BITS background transfers
    WSUS - BITS GPO
  4. Enable the settings and configure as per your requirements
    WSUS - BITS GPO Details
  5. Hit OK, associate the GPO to your WSUS server.
  6. If you want it to take effect immediately, logon to the WSUS server and run a gpupdate /force
  7. You’ll notice the bandwidth utilisation drop within seconds.

 

TL;DR: Configure GPO to throttle BITS utilisation and force update on WSUS server.

 

 

 

 

Batch script to determine 32 or 64 bit Windows Operating Systems and perform an action

I think that’s the longest title I’ve ever made! Anyway, if you’re like me and need to work on different Windows Operating Systems and would like to distinguish between architecture types when executing batch scripts, then you’ve come to the right place.

Check out the below script and use it to make your life easier:

@echo off
::Written by Samontech

SET Version=Unknown

wmic os get osarchitecture | FINDSTR /IL “32” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”32″

wmic os get osarchitecture | FINDSTR /IL “64” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”64″

ECHO The OS architecture of Windows found is %VERSION% bit

IF %VERSION% == “32” GOTO OLD
IF %VERSION% == “64” GOTO NEW
::If no versions are found go to UNKNOWN
GOTO UNKNOWN

:OLD
ECHO Execute script for 32 bit OS
***Insert awesome script work here!
GOTO FINISH

:NEW
ECHO Execute script for 64 bit OS
***Insert awesome script work here!
GOTO FINISH

:FINISH
ECHO Script executed successfully
GOTO END

:UNKNOWN
ECHO OS Architecture Unknown

:END

It’s very similar to my batch script which deletes temporary files on all Windows Operating systems, but, use your imagination and put it to use e.g. upgrading Adobe Reader, Adding Registry keys, the list goes on!

CA ARCserve 2012 R2 Support

So Citrix XenApp 6.5 is now EOS and we’re forced to go to XenDesktop going forward? What’s the big deal right? Well I guess that means that Server 2012 and Server 2012 R2 will not be supported to deliver XenApp and future customers may need to pay for a full fledged VDI/Session Based remote solution (even if they don’t require it) and of course pay the premium price. So what may be an alternative? Well with Server 2012’s improved RDP sessions (PDF scrolling, internet browsing etc), this may be a viable option for smaller businesses that do not require a full VDI environment.

But questions you always need to ask when moving to a new OS, what other applications will you need to run on this OS and will they be supported. Third party AV, monitoring tools, firewalls, backup, line of business applications …. and the list goes on! Which leads me to the above title (since we conveniently stumbled upon this today).

Here’s a quick run down:

  • CA ARCserve Backup r16.5 WITH update 3 now supports Server 2012 R2 as well as Windows 8.1
  • D2D is currently not supported (as per ARCserve’s compatibility matrix)

For the friendly IT guys out there who haven’t had the chance to test whether D2D works on 2012 R2, I have already done this for you. Here are my findings:

  • D2D installation completes without errors or issues
  • Full D2D backups work without errors or issues
  • Incremental D2D backups work without errors or issues
  • Granular file restore work without errors or issues
  • Bare metal restores work without errors or issues

So I guess in a nutshell, it works! Woohoo! Keep in mind though that this is still not “officially” supported.

Batch script to delete printer drivers

Friday the 13th…

HP Universal Print drivers… HP1606dn running off server 2008R2… If you’re already starting to get chills down your spine, don’t worry, you’re not alone! Have you had corrupt drivers downloaded from your print server onto your client workstations and BAM your print spooler service chugs and chugs? Here is a quick script that has saved our service desk from painstakingly removing drivers manually:

@echo off
::Delete All Printer Drivers
::Written by samontech

net stop spooler
taskkill /F /IM explorer.exe
taskkill /F /IM spoolsv.exe
taskkill /F /IM printisolationhost.exe
cd /d %windir%\system32\spool\drivers
for /F “delims=” %%i in (‘dir /b’) do (rmdir “%%i” /s/q || del “%%i” /s/q)
start explorer.exe
net start spooler

Delete All Printer Drivers.zip

Note: Any Windows Explorer windows open will automatically close.

If you have a print server and your printers are deployed via group policy, then restart your workstations. If this is a standalone machine, restart and reinstall working print drivers.

It’s still a work in progress but for the most part it should do the trick. I’ll be adding more scripts to help you with any future printer problems.

Microsoft Exchange Administration Tips

Ever found yourself in a situation where all your staff have an unlimited quota for their Exchange mailboxes? Or you wanted to find out who your biggest culprits for large mailboxes were?

I ran into a situation yesterday where a manager requested that a quota be applied to all mailboxes but providing exclusions to the higher ups 🙂 now when you’re talking about a small site with 10 users it doesn’t sound too bad but as soon as your mailbox database starts dealing with hundreds or thousands of users, things don’t seem quite as easy. Fear not! Powershell is here to save us all!

Here are a few simple commands that may help you:

View all mailbox quotas
get-mailbox -filter { usedatabasequotadefaults -eq $false -AND recipientTypeDetails -eq ‘usermailbox’  }

Retrieve mailbox sizes
Get-MailboxStatistics -Database “Mailbox Database Name” | Select DisplayName, ItemCount, TotalItemSize | Sort-Object TotalItemSize -Descending | Export-CSV C:\MailboxSizes.csv

Set all mailboxes to use database defaults
get-mailbox -filter { usedatabasequotadefaults -eq $false -AND recipientTypeDetails -eq ‘usermailbox’  } | set-mailbox -UseDatabaseQuotaDefaults $true

Excluding special users

  1. Open Exchange Management Console
  2. Go to Microsoft Exchange On-Premises > Recipient Configuration > Mailbox.
  3. Locate the mailbox you want to provide an exception for. Right click and select properties.
  4. Click on Mailbox Settings > Storage Quota > Properties
  5. Untick “Use mailbox database defaults”
  6. Tick the options required and set the values for warning, prohibit send etc.

Now that you’ve set an awesome default mailbox size limit, want some customised warning messages? You know it!

Customize Quota Messages

Warning 
New-SystemMessage -QuotaMessageType WarningMailbox -Language EN -Text “Your mailbox is now within xMB of the allowable size limit. Please clean out emails to reduce your mailbox size. Move items to public folders or delete any items you don’t need from your mailbox and empty your Deleted Items folder.”

Prohibit Send
New-SystemMessage -QuotaMessageType ProhibitSendMailbox -Language EN -Text “Your mailbox can no longer send messages as the size limit has been reached. Please reduce your mailbox size. Move items to public folders or delete any items you don’t need from your mailbox and empty your Deleted Items folder.”

Prohibit Send and Receive (Ouch!)
New-SystemMessage -QuotaMessageType ProhibitSendReceiveMailbox -Language EN -Text “Your mailbox can no longer send or receive messages as the size limit has been reached. Please reduce your mailbox size. Move items to public folders or delete any items you don’t need from your mailbox and empty your Deleted Items folder.”

 

Enabling Active Directory Recycling Bin – Windows Server 2012

Ever have to do an authoritative restore? Tombstone Reanimation? Feeling chills down your spine?  Me too… Server 2012 says no to this! And I agree wholeheartedly. So how do we do it? Pre-requisites:

  •  The domain functional level of the forest needs to be at least Windows Server 2008 R2

How to set it up:

Powershell

  • Type the following command: Enable-ADOptionalFeature “Recycle Bin Feature’ -scope ForestOrConfigurationSet -target –domainname -server domaincontroller

GUI

  • Open Active Directory Administrative Center from the Tools menu in Server Manager
  • Right click your domain in the navigation tree and select “Enable Recycle Bin”

 

Notes:

  • Enabling the AD recycling bin is irreversible so once you do it you can’t undo it.
  • To confirm the recycling bin has been enabled, a Deleted Objects container will appear at the root of the Domain Controller.

Easy as pie 🙂

Installing Applications on a Terminal Server

Because of the Sophos issues that many of my clients experienced, many endpoints required a re-installation, particularly on Terminal Servers. This is a quick and easy reminder of best practices for installing applications on a terminal server.

  1. Log on to the server as a domain administrator
  2. Open up command prompt and type the following command
    change user /install
  3. Your session will now be ready to install applications that will work across all user profiles.
  4. Install the application required e.g. Microsoft Office
  5. Once you have finished the install open up command prompt again and type in
    change user /execute


Cleanup Windows & Java Temporary Files using a Batch Script

Recently, there was a breakout of malware tricking people to install a fake “anti-virus” software, which in turn infected their machines. Mind you, the primary reason machines get infected in the first place is because people are browsing dodgy websites so BE CAREFUL or get PROTECTED!

The infected files are usually downloaded to a temporary internet files folder or java temporary folder and are executed/installed from there. It’s always good practice to clear out these temporary files to prevent malicious activity as well as save you some disk space. This batch script can be used as a scheduled task or deployed through your favourite monitoring tool to “cleanup” these temporary files.

This script should work on all Windows platforms so happy cleaning 🙂

Delete All Temporary Files

Note: copy and paste the below code into notepad and save as the text file as a .bat file. Change the “Save as type” to All Files and make sure you add a .bat to the end of the name e.g. Cleanup.bat. There is a tutorial post located here.

@echo off
::Written by Samontech
::Determine which version of Windows is installed
::Set Variable Version to unknown

SET Version=Unknown

VER | FINDSTR /IL “5.0” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”Windows 2000″

VER | FINDSTR /IL “5.1.” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”Windows XP”

VER | FINDSTR /IL “5.2.” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”Windows 2003″

VER | FINDSTR /IL “6.0.” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”Windows Vista”

VER | FINDSTR /IL “6.1.” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”Windows 7″

VER | FINDSTR /IL “6.2.” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”Windows 8″

VER | FINDSTR /IL “6.3.” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”Windows 8.1″

ECHO The version of Windows found is %VERSION%

IF %VERSION% == “Windows XP” GOTO XP
IF %VERSION% == “Windows 2000” GOTO XP
IF %VERSION% == “Windows 2003” GOTO XP
IF %VERSION% == “Windows Vista” GOTO WIN7
IF %VERSION% == “Windows 7” GOTO WIN7
IF %VERSION% == “Windows 8” GOTO WIN7
IF %VERSION% == “Windows 8.1” GOTO WIN7

::If no versions are found go to UNKNOWN
GOTO UNKNOWN

:WIN7
ECHO WIN7 script to execute
cd /D C:\users
ECHO Clean Temp Folder
for /D %%a in (*.*) do DEL /F /S /Q “%%a\AppData\Local\Temp\*.*”
for /D %%a in (*.*) do FOR /D %%b IN (“%%a\AppData\Local\Temp\*.*”) DO RMDIR /S /Q “%%b”
ECHO Clean IE Cache
for /D %%a in (*.*) do DEL /F /S /Q “%%a\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*”
for /D %%a in (*.*) do FOR /D %%b IN (“%%a\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*”) DO RMDIR /S /Q “%%b”
ECHO Clean JAVA Cache
for /D %%a in (*.*) do DEL /F /S /Q “%%a\AppData\LocalLow\Sun\Java\Deployment\cache\*.*”
for /D %%a in (*.*) do FOR /D %%b IN (“%%a\AppData\LocalLow\Sun\Java\Deployment\cache\*.*”) DO RMDIR /S /Q “%%b”

GOTO FINISH

:XP
ECHO XP script to execute
cd /D “C:\Documents and Settings”
ECHO Clean Temp Folder
for /D %%a in (*.*) do DEL /F /S /Q “%%a\Local Settings\Temp\*.*”
for /D %%a in (*.*) do FOR /D %%b IN (“%%a\Local Settings\Temp\*.*”) DO RMDIR /S /Q “%%b”
ECHO Clean IE Cache
for /D %%a in (*.*) do DEL /F /S /Q “%%a\Local Settings\Temporary Internet Files\*.*”
for /D %%a in (*.*) do FOR /D %%b IN (“%%a\Local Settings\Temporary Internet Files\*.*”) DO RMDIR /S /Q “%%b”
ECHO Clean JAVA Cache
for /D %%a in (*.*) do DEL /F /S /Q “%%a\Application Data\Sun\Java\Deployment\cache\*.*”
for /D %%a in (*.*) do FOR /D %%b IN (“%%a\Application Data\Sun\Java\Deployment\cache\*.*”) DO RMDIR /S /Q “%%b”

GOTO FINISH

:FINISH
ECHO Temporary files successfully deleted
GOTO END

:UNKNOWN
ECHO Operating System Unknown

:END

 

Edit: Added Windows 8 paramater 🙂 special thanks to wampbox for that!