limbo
This is an old revision of the document!
Table of Contents
Limbo
Most new information will end up here, until it matures and finds a proper home.
Nas4Free
ZFS Cleanup Command
Delete num of the oldest snapshots, filtered by filt:
zfs list -t snapshot -o name -S creation | grep filt | tail -n +num | xargs -n 1 zfs destroy -r
ZFS Disk Replacement
- Pull out old disk and let the volume degrade.
- Take note of the
/dev/adaNpath andIDof the old drive.
- Put in new disk, confirm it's visible, and
/dev/adaNpath matches. - Run the following at the shell:
zpool replace vault ID /dev/adaN # example, replace old drive ID 8711796128315062028 with new mount at /dev/ada3: zpool replace vault 8711796128315062028 /dev/ada3
- Confirm re-silvering is in progress.
Operating System Deployment
Image Capture
Via DISM from WinPE
- c: drive is the operating system we are capturing (may not always be c:)
- z: drive is the target location where we're saving the image
- Recommend naming the WIM file [VM_name]-[Description].wim
- Recommend the /name switch be [Windows Edition] - [Description] build
- If the /compress switch is omitted then the default compression of fast will be used
dism /capture-image /imagefile:z:\Win10Ent_x64-Custom.wim /capturedir:c:\ /name:"Windows 10 Enterprise - Custom build" /compress:maximum
Misc
WMI
:: query the machine's model wmic csproduct get name :: sample output... Name Latitude E7250
Applying above information we can filter the Inject Drivers tasks in MDT via the following Query WMI condition:
SELECT * FROM Win32_ComputerSystem WHERE Model LIKE "%Latitude%7250%"
CMD
Multiple Commands on Same Line
It's possible to concatenate commands in to a single line via &:
cmd /c exit /b 3010 & echo %errorlevel%
PowerShell
GUIDs
Script to generate N GUIDs
[System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null $count = [Microsoft.VisualBasic.Interaction]::InputBox("How many GUIDs to generate?", "Question", 1) $file = ".\GUIDs.txt" Remove-Item $file -Force -ErrorAction Ignore $guids = @() for($i=0; $i -lt $count; $i++){ $guids += New-Guid } $guids | ConvertTo-Csv -NoTypeInformation | select -Skip 1 | % {$_ -replace '"', ""} | Out-File $file -Encoding utf8
XML
Saving with XmlWriter for more control
# this is our file with XML data $fileName = "c:\stuff\data.xml" # get content from the file and cast it as XML [xml]$data = get-content $fileName # do stuff with the XML # back-up the old file just in case Copy-Item $fileName ($fileName + ".bak") # save the standard way # $data.Save($fileName) # ^ this works in most cases, but we have no control over the file encoding, nor the formatting of the XML # so we are likely to just get condensed XML without any white-space formatting # save the fun way # first we use XmlWriterSettings to set the text encoding and indent formatting $xmlSettings = New-Object System.Xml.XmlWriterSettings $xmlSettings.Encoding = [System.Text.Encoding]::ASCII $xmlSettings.Indent = $true # then we use the XmlWriter to save $xmlWriter = [System.XML.XmlWriter]::Create($fileName, $xmlSettings) $data.Save($xmlWriter) # remember to flush and close the XmlWriter $xmlWriter.Flush() $xmlWriter.Close()
GPO
Scheduled Tasks as SYSTEM
In many cases it is desirable to run Scheduled Tasks as NT AUTHORITY\SYSTEM, however the wizard occasionally messes this up for us after clicking OK. This is visible when re-opening the Scheduled Task and reviewing its settings. The easiest solution is to go in to the XML and replace the relevant bit.
For example, here is an entire ScheduledTasks.xml that will run a PowerShell script on three triggers - machine startup, 8am, and 5pm. It allows running on-demand, and will run asap after missed schedule. The preference item is also going to get removed when the GPO is no longer applied, so the preference item is setup as Replace.
<?xml version="1.0" encoding="utf-8"?> <ScheduledTasks clsid="{SOME-GUID-0}"> <TaskV2 clsid="{SOME-GUID-1}" name="Task Name" image="1" changed="2018-05-24 18:21:33" uid="{SOME-GUID-2}" disabled="0" userContext="0" removePolicy="1"> <Properties action="R" name="Task Name" runAs="NT AUTHORITY\SYSTEM" logonType="Group"> <Task version="1.3"> <RegistrationInfo> <Author>domain\some-sysadmin</Author> <Description></Description> </RegistrationInfo> <!-- START OF THE IMPORTANT PART --> <Principals> <Principal id="Author"> <RunLevel>HighestAvailable</RunLevel> <GroupId>NT AUTHORITY\SYSTEM</GroupId> </Principal> </Principals> <!-- END OF THE IMPORTANT PART --> <Settings> <IdleSettings> <Duration>PT5M</Duration> <WaitTimeout>PT1H</WaitTimeout> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <ExecutionTimeLimit>PT0S</ExecutionTimeLimit> <Priority>7</Priority> <StartWhenAvailable>true</StartWhenAvailable> <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable> </Settings> <Triggers> <BootTrigger> <Enabled>true</Enabled> </BootTrigger> <CalendarTrigger> <StartBoundary>2018-04-26T08:00:00</StartBoundary> <Enabled>true</Enabled> <ScheduleByDay> <DaysInterval>1</DaysInterval> </ScheduleByDay> </CalendarTrigger> <CalendarTrigger> <StartBoundary>2018-04-26T17:00:00</StartBoundary> <Enabled>true</Enabled> <ScheduleByDay> <DaysInterval>1</DaysInterval> </ScheduleByDay> </CalendarTrigger> </Triggers> <Actions Context="Author"> <Exec> <Command>powershell.exe</Command> <Arguments>-ExecutionPolicy Bypass -File "\\path-to-script\script.ps1" -Parameter "stuff"</Arguments> </Exec> </Actions> </Task> </Properties> </TaskV2> </ScheduledTasks>
SCCM
Tigger CCM Actions
Trigger: Hardware Inventory, Hardware Inventory Collection Cycle
# PowerShell
Invoke-WMIMethod -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000001}"
# CMD
WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000001}" /NOINTERACTIVE
Trigger Codes:
{00000000-0000-0000-0000-000000000001} Hardware Inventory
{00000000-0000-0000-0000-000000000002} Software Inventory
{00000000-0000-0000-0000-000000000003} Discovery Inventory
{00000000-0000-0000-0000-000000000010} File Collection
{00000000-0000-0000-0000-000000000011} IDMIF Collection
{00000000-0000-0000-0000-000000000012} Client Machine Authentication
{00000000-0000-0000-0000-000000000021} Request Machine Assignments
{00000000-0000-0000-0000-000000000022} Evaluate Machine Policies
{00000000-0000-0000-0000-000000000023} Refresh Default MP Task
{00000000-0000-0000-0000-000000000024} LS (Location Service) Refresh Locations Task
{00000000-0000-0000-0000-000000000025} LS (Location Service) Timeout Refresh Task
{00000000-0000-0000-0000-000000000026} Policy Agent Request Assignment (User)
{00000000-0000-0000-0000-000000000027} Policy Agent Evaluate Assignment (User)
{00000000-0000-0000-0000-000000000031} Software Metering Generating Usage Report
{00000000-0000-0000-0000-000000000032} Source Update Message
{00000000-0000-0000-0000-000000000037} Clearing proxy settings cache
{00000000-0000-0000-0000-000000000040} Machine Policy Agent Cleanup
{00000000-0000-0000-0000-000000000041} User Policy Agent Cleanup
{00000000-0000-0000-0000-000000000042} Policy Agent Validate Machine Policy / Assignment
{00000000-0000-0000-0000-000000000043} Policy Agent Validate User Policy / Assignment
{00000000-0000-0000-0000-000000000051} Retrying/Refreshing certificates in AD on MP
{00000000-0000-0000-0000-000000000061} Peer DP Status reporting
{00000000-0000-0000-0000-000000000062} Peer DP Pending package check schedule
{00000000-0000-0000-0000-000000000063} SUM Updates install schedule
{00000000-0000-0000-0000-000000000071} NAP action
{00000000-0000-0000-0000-000000000101} Hardware Inventory Collection Cycle
{00000000-0000-0000-0000-000000000102} Software Inventory Collection Cycle
{00000000-0000-0000-0000-000000000103} Discovery Data Collection Cycle
{00000000-0000-0000-0000-000000000104} File Collection Cycle
{00000000-0000-0000-0000-000000000105} IDMIF Collection Cycle
{00000000-0000-0000-0000-000000000106} Software Metering Usage Report Cycle
{00000000-0000-0000-0000-000000000107} Windows Installer Source List Update Cycle
{00000000-0000-0000-0000-000000000108} Software Updates Assignments Evaluation Cycle
{00000000-0000-0000-0000-000000000109} Branch Distribution Point Maintenance Task
{00000000-0000-0000-0000-000000000110} DCM policy
{00000000-0000-0000-0000-000000000111} Send Unsent State Message
{00000000-0000-0000-0000-000000000112} State System policy cache cleanout
{00000000-0000-0000-0000-000000000113} Scan by Update Source
{00000000-0000-0000-0000-000000000114} Update Store Policy
{00000000-0000-0000-0000-000000000115} State system policy bulk send high
{00000000-0000-0000-0000-000000000116} State system policy bulk send low
{00000000-0000-0000-0000-000000000120} AMT Status Check Policy
{00000000-0000-0000-0000-000000000121} Application manager policy action
{00000000-0000-0000-0000-000000000122} Application manager user policy action
{00000000-0000-0000-0000-000000000123} Application manager global evaluation action
{00000000-0000-0000-0000-000000000131} Power management start summarizer
{00000000-0000-0000-0000-000000000221} Endpoint deployment reevaluate
{00000000-0000-0000-0000-000000000222} Endpoint AM policy reevaluate
{00000000-0000-0000-0000-000000000223} External event detection
limbo.1551801761.txt.gz · Last modified: 2019/03/05 11:02 by thekojukinator