I work in an environment where local admin privileges for users isn't allowed. At all. This is very nice, but can be also be a pain when employees who must have local admin permissions to run a program or install software that requires elevated privileges even if only to do the install. There is a user in bookkeeping who receives a monthly DVD from a vendor of ours that contains much needed reports. In order to look at the reports and make a backup, she must run the executable on the DVD. The executable requires Admin privileges for the install. So since I've been here, every month I run the .exe, UAC appears and I supply the much-needed information to run the installer.

If this was a one time program I would use the Microsoft Application Compatibility Toolkit gimmick to bypass UAC http://www.techrepublic.com/blog/windows-and-office/selectively-disable-uac-for-your-trusted-vista-applications/ However, since this is a new DVD sent to her each month I need some kind of tool she can use herself for this operation.

I have looked around Server Fault and also did Google-Fu, but haven't found anything useful. I might be one of some in a unique situation.

I want to use Poweshell to make the tool. Ideally, I want her to be able to put in the DVD and then launch the Poweshell tool (from her desktop shortcut, no doubt) that looks at the DVD drive and runs the setup.exe file as a local admin without the UAC prompt, without her having to supply any credentials.

What I have so far is some pieced together junk at the moment. I am not a Powershell Jedi. I am a Poweshell padawan. I have half of what I need. I still need to store the password so it doesn't have to be defined and input each time she runs the script. I want this to be as smooth and as few clicks as possible.

For the creds I am choosing to go with the local admin account since that password doesn't change. The local admin account will get the job done. I will need to store that account information on the computer so Powershell can retrieve the account each time she runs the script. So this will need to be an encrypted file in a path variable.

# define path to store password and input password 
$path = "C:\Users\User\Password folder"
# get the encrypted local admin password from user path
$encpwd = Get-Content $path\admin.bin
# convert admin file to secure string 
$passwd = ConvertTo-SecureString $encpwd
# define local admin credential 
$cred = new-object System.Management.Automation.PSCredential 'computer name\local admin',$passwd
# go to DVD drive launch setup.exe as local admin with no user input required
Set-Location D:\
Start-Process PowerShell -Cred $cred -ArgumentList .\setup.exe

I might get a few downvotes for this, but I know somewhere I need to define and put in ""Read-Host "some text about entering password" -AsSecureString"" in an existing variable or a new variable. I have to get the password input into the process. I have tried a few spots. Thoughts? Wisdom? Impossible?

Windows 7 Pro Powershell v4

This answer to theCleaner's question helped me some Windows DHCP Server - get notification when a non-AD joined device gets an IP address but the answer to his question involved Quest Poweshell cmdlets. I would like to achieve a solution with plain old Powershell v4 cmdlets.

Problem

I currently receive no notification of new DHCP leases at all. I would like to receive notifications when someone plugs into one of our jacks here, gets a DHCP lease from our Windows Server 2012 DHCP server, but hasn't been AD-joined. So I want an email notification of new DHCP leases for non-AD joined devices.

What I've tried

I have put together some Powershell code, borrowing some from theCleaner's question mentioned above.

 Get-DhcpServerv4Lease -allleases -ScopeId #myscopeIDhere | Select-Object @{expression= {$_.hostname}; label='name' } | export-CSV -notypeinformation C:\dhcp\LeaseLog.csv

import-module activedirectory

#get input CSV

$leaselogpath = "c:\DHCP\LeaseLog.csv"
Import-csv -path $leaselogpath | 
#query AD for computer name based on csv log
foreach-object `
{ 
   $NameResult = Get-ADComputer -Filter * 
   If ($NameResult -eq $null) {$RogueSystem = $_.name}
   $RogueSystem | Out-File C:\DHCP\RogueClients.txt -Append
   $RogueSystem = $null

}
Get-Content C:\DHCP\RogueClients.txt | Select-Object -Unique | Out-File C:\DHCP\RogueClientsFinal.txt
Remove-Item C:\DHCP\RogueClients.txt

#send email to sysadmin
$smtpserver = #my email server IP address here
$from="[email protected]"
$to="[email protected]"
$subject="Non-AD joined DHCP clients"
$body= (Get-Content C:\DHCP\RogueClientsFinal.txt) -join '<BR>&nbsp;<BR>'
$mailer = new-object Net.Mail.SMTPclient($smtpserver)
$msg = new-object Net.Mail.MailMessage($from,$to,$subject,$body)
$msg.IsBodyHTML = $true
$mailer.send($msg)

I receive the email "Non-AD joined DHCP clients" but there are no objects in the email. We do have non-AD joined DHCP leases (I connected a non-AD laptop the network for testing), but the laptop doesn't show in the email. I don't receive any red test after running the script either.

If anyone has suggestions please let me know. I obviously have something wrong somewhere in my script. I personally think it might have to do with my AD cmdlets and the CSV import.

What we want to do

I want to setup a private virtual lab on my hyper-v host (HOST). We currently run Exchange Server 2007 SP3 on our email server and plan to upgrade it to Exchange Server 2013. My team wants to test the upgrade process before rolling out production. We want to have a lab on HOST using a Private Switch in Hyper-V 2012 (Windows Server 2012 server only running Hyper-V role). In the lab we want to have our Exchange Server 2007 SP3 email server, a DC holding all FSMO roles, and a workstation running office to test email functionality.

What we have tried

We setup HOST with a private switch. Using Veeam BR, we successfully replicated our email server and DC to HOST. Both VMs had their correct IP configurations and able to ping each other. At first, Exchange even worked (worked meaning, in the mgmt console all the mailboxes and settings were there and right), SYSVOL shares were searchable, and everything was good. That only lasted a few minutes. After a few minutes ping was all that worked. Network shares weren't reachable. Exchange couldn't find the DC.

On the DC, AD wasn't happy. I saw various errors for the RPC server unavailable, ADWS can't be reached, and a primary DC cannot be found.

Reboots of both VMs didn't fix anything. Blowing the VMs away and replicating VMs back to HOST resulted in the same thing: things work for a few minutes and then, I only assume this, Active Directory goes awry. I assume DNS isn't the problem since from both VMs I can ping the hostname? Any suggestions?

Thanks!

update 9/1/2015 Email VM has DC\DNS server as its primary DNS server. DC\DNS looks to itself for primary DNS.

Running Get-ADComputer -identity (name of email server) returns the following Red text

Get-ADComputer: Unable to find a default server with Active Directory Web Services running.

ADWS is running on my DC\DNS server.

EDIT to show troubleshooting steps taken Per longneck's suggestion I did seize all of the roles to the DC. However, AD still isn't working for my lab VMs. DNS is working, but AD isn't. Both VMs have Public status for their NICs. Even after changing to Private AD isn't working. The GUI tools for AD won't work because a Domain can't be contacted. I assumed it is because we have other sites (our branch offices). Obviously replication won't work because the DC can't contact the partners. So using NTDSUtil I deleted the other DCs. Doing a reboot after DC removal, still no dice. Also, I found the SYSVOL and NETLOGON shares won't share. I tried the first two suggestions from this link http://www.eventid.net/display.asp?eventid=13559&eventno=657&source=NtFrs&phase=1 but still AD doesn't work.

9/2/2015 UPDATE

I am throwing in the towel on this one. I will create a new domain on some VMs in our lab and use the domain just for testing. I am not sure why AD wouldn't work in my setup, but it wouldn't. If things weren't wonky, I am sure longneck and joeqwerty's answers would have worked.

My problem is I cannot collect ADDS or DNS events with Nxlog and send them to an ELK server. In the Nxlog config for the DC and DNS server I have the following Query

<QueryList>\
  <Query Id="0">\
     <Select Path="Security">*</Select>\
     <Suppress Path="Security">*[System[(EventID=4624 or EventID=4776 or EventID=4634 or EventID=4672 or EventID=4688 or EventID=4769)]]</Suppress>\
     <Select Path="System">*[System/Level=2]</Select>\
     <Select Path="Microsoft-Windows-ActiveDirectory_DomainService">*</Select>\
     <Select Path="Microsoft-Windows-DNS-Server-Service">*</Select>\
  </Query>\
</QueryList>

The config file works correctly without the Active Directory and DNS paths. The desired Security and System logs go to ELK correctly. I have also tried leaving only the ADDS or DNS paths in the config file with no luck. I don't think I have the correct paths for ADDS and DNS in the config and that is my problem. My Google-fu and Bing-fu hasn't found any results giving me the Event ID channel for ADDS and DNS events. I've only found the Event ID channels for Application, Security, System, and Setup. Any suggestions? I'm up for any!

The DC\DNS server and the ELK server are running on Windows Server 2012. ELK install is running the latest stable releases of ELK.

I'm interested to know your thoughts and/or experience with using Disk2vhd to migrate a physical Exchange 2007 server to a virtual machine. I assume (from reading articles on P2V exchange) that using System Center's P2V tools is the preferred method, but I'm on a tight budget. I read about Disk2vhd, a free sysinternals tool, while doing bing/google searches and while I did find some articles on P2V Exchange using Disk2vhd the articles were older and were based in lab environments. I want to know has anyone used Disk2vhd in a production environment, after successful testing of course, for a P2V migration of Exchange using Hyper-V. What did you experience? Any advice on such a migration?

There seems to be a problem with Windows 8 wifi drivers working with specific WAPs. I have a Windows 8 ultrabook that works famously on my wifi network at home. When I take it to work (yeah we're BYOD) there are issues with connecting. A coworker of mine has the same problem. The Windows 8 laptops will only get a limited connection to the wireless network. Running the troubleshooter will "fix" the problem for about 3 minutes then the device is back to limited. The troubleshooter says "Not a valid IP configuration: fixed" and "no default gateway: fixed." Then you have full connection for 0 to 3 minutes before it goes back to limited. Bizarre (to me anyway). Right off I thought it would be a driver issue. I updated the drivers to the latest and greatest for the Intel Centrino Wireless-N 2230. Didn't work. I uninstalled the Windows 8 driver then installed the Windows 7 driver for the device. That didn't work either (so I went back to the Windows 8 driver). I made sure the power management was correct, i.e., the laptop couldn't turn off the adapter to save on power. That didn't work either.

• at this point I think I should mention that, yes, all other laptops (windows 7 and XP) and wireless devices (iphones and win8 phones) connected and functioned perfectly on the wireless network*

What could be causing the intermittent issue? Especially since it's only Windows 8? I'm not sure why I went here, but I went into the settings for the WAP. Perhaps the firmware for this Netgear model didn't want to play nicely with Windows 8? It's possible given the age (a few years old Wireless-N 802T v2). I updated the firmware on the device. That didn't fix the issue. My frustration was quite high to say the least. So, I scoured the tech forums. Oddly enough, I did find something I hadn't tried that someone had tried which was changing the channel/frequency setting in the WAP from auto to, in his case, channel 6. That worked for him. I gave it a shot. Guess what? It worked for nearly an hour then the ultrabook just disconnected. It didn't even go to limited. It just disconnected. I changed to other channels only to find the same disappointment.

This doesn't happen on my home network. I talked with my coworker and she said the same about her home network. It is only at work with the Netgear WN802T v2 WAP.

Stupid things I tried that obviously didn't fix the issue: Turning off the firewall Disabling other network adapters besides the Intel Centrino Resetting WinSock

Thoughts? Anyone?

I want to make sure the users connection is as secure as possible. Our RDWeb server has a .local name (for this question it will be called rdweb.contoso.local) and a public name: rdweb.contoso.com

We have a premium ssl from godaddy for the RDWeb website (rdweb.contoso.com). When a user clicks to run remoteapp A it connects to the rdweb server. The connection box to the rdweb server says, "...connecting to rdweb.contoso.local" then asks for the user to login to rdweb.contosto.local. After successful login a window asks the user if he wants to continue to the connection of rdweb.contoso.local because it cannot be verified. If you click on view certificate you can see that for that connection the self-signed certificate I built in IIS is being used. Is this secure? The remote app used from RDWeb is an HR/payroll application that has sensitive employee information.

So, is the self-signed certificate okay for the connection from the RDWeb website to the rdweb server? We have a premium ssl for the rdweb website itself (rdweb.contoso.com)

If that self-signed certificate isn't safe for this situation then how can I make it safe? Purchase an SSL for the .local from godaddy?

we've been using this process for a while and I just happened to think about the safety of the connection. I understand it's encrypted and I do trust the certificate since I know it came from the server. Just wanting some thoughts on it.

Thanks everyone.

OS: server 2008 r2 Windows 7 and 2008 r2 active directory environment The RDWeb users logins into RDWeb from external location to our local network

My work is going to roll out a new application (HR, Payroll, etc.) called springbrook to our remote employees. The application runs on one of our physical servers (Win 2008 R2) and to use it locally, I had to map a network drive to the server on the local employee's computer. I created a desktop shortcut to the app so the user doesn't have to go inside the mapped drive and run it that way. They just click on the desktop shortcut.

Springbrook uses the LDAP protocol (in our case Active Directory) to authenticate the user trying to login against the login id’s already inside of Springbrook, so when the session is established it requires that the user logs in and is authenticated to the domain which in turn makes the connection to the LDAP connector which verifies user info and allows them access.

Our hardware firewall is a Sonicwall TZ210 device. I have the VPN setup in that device. At the remote site on the user's workstation who will be using Springbrook I have correctly setup the sonicwall VPN client. At the remote worksation I can establish a connection to our network, map the network drive and bring up the Springbrook login page. When I put in the credentials, a Springbrook error message pops up telling me I put in an incorrect password. That's not the case because I know the credentials are correct.

I contacted Springbrook about this and the tech told me that somehow the authentication isn't happening in the VPN tunnel.

Okay. I knew that, haha

He then said that they use Citrix for their remote employees. I'm sure Citrix has a very nice WebApp tool, but if I can do this through a VPN tunnel and save us money that would be great.

Any suggestions my fellow techies?

Server: Win 2008 r2 Firewall\VPN: Sonicwall tz210 Active Directory Domain

I've enabled LDAP in our firewall and got the same results. That didn't work. Other than that, I haven't tried anything. The remote workstation runs the same "stuff" as the local workstations that are running springbrook just fine.

Alright fellow techies here's the rundown. I have installed Server 2008 r2 Remote Dekstop Services on a VM in my network. I installed the following RD role services: RD Session Host, Licensing, Connection Broker, Gateway, Web Access. When I set things up originally, the gateway server and RDWeb worked as it should locally. After getting things running locally (remoteserver.domainname.local) I wanted to test things externally. From the outside, I couldn't get things running (meaning I could connect to rdweb access externally, but when I tried to run an app I would get the message "can't connect/find computer"). Here's my setup for external access

• The VM has every RD Services role services installed on it, meaning it acts as gateway, rd web access, session host, licensing, the whole bit.
• I made a self-signed certificate on the gateway server (gateway.domainname.net is the cert name). Internally, I have a secondary forward-lookup zone called domainname.net with an A record gateway pointing to the local IP of the gateway server. On our public DNS (domainname.net) I have an A record gateway. This is to access the RDWeb externally.
• In IIS I have the following authentication settings RDWeb: All disabled except for anonymous authentication Rpc: All disabled except for basic and windows RpcWithCert: All disbled except for windows authentication
• I have the necessary web access config in our sonicwall tz210 (https and rdp, external ip pointing to local ip of rds server)
• RAP and CAP have the correct user and computer groups, authentication, and allowed devices

After all of this, here's what happens accessing externally. I can login correctly to RDWeb Access (I've tried a bogus login, I can't login to it so that's working properly). I see the Apps for use. I click on an app, click connect, the credential window opens, I put in the correct user creds, it tries to connect to the gateway server, but then the cred window comes back in view. I tried to reach a limit of failed logins, but never reached one, haha.

So from the same external client machine I try to connect to the gateway through a Remote Desktop connection. I put in the correct gateway settings in the RD window, try to connect and get the same results as I did in RDWeb access.

I checked the event logs on the RD Services machine and saw the following event IDs around the time I tried to login externally:

ID 6037 with the message "The program svchost.exe, with the assigned process ID 2168, could not authenticate locally by using the target name host/gateway.domainname.net. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name. Try a different target name."

ID 10 RADWebAccess "RD Web Access was unable to access gateway.domainname.net, which is the server that is specified as running the RemoteApp and Desktop Connection Management service. Ensure that the computer account of the RD Web Access server is a member of the TS Web Access Computers security group on gateway.domainname.net"

ID 4625 "An account failed to log on.

Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed: Security ID: NULL SID Account Name: Administrator Account Domain: gateway.domainname.net

Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a

Process Information: Caller Process ID: 0x0 Caller Process Name: -

Network Information: Workstation Name: USER-LAPTOP Source Network Address: External IP Source Port: 63125

Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols."

I don't think the VM has a null SID. The SID of the VM and it's physical host have different SIDS. I can access the blank page for rpc externally using the external gateway name.

It seems like authentication is a problem. Also, is it a problem that the external name of the gateway server doesn't match the local name? The external name (which the cert is based on) is gateway.domainname.net and the internal name is remoteserver.domainname.local. That's the only thing I can think of that would be the problem, but the external name has to be different from the local right? Internally, I ping gateway.domainname.net and it gives me the correct local IP of the server. Now, there isn't an actual computer name in AD, but I don't know how I would achieve that?

I hope I've been clear....any help would be appreciated. I think I'm close to achieving this. :)

I want to eliminate Logmein costs. Currently, users go through Logmein to access their work desktops from home. I know I can use Remote Desktop Services in Sever 2008 R2 to eliminate this logmein cost and possibly even make it easier for the users. The users only login to their work desktops from home or wherever, on occasion, to use work apps. I think they would really like using RDWeb Remote Apps. Internally, everything works fine. I have the access rules in place in my sonicwall unit to allow external traffic to our RD Session Host Server/gateway/etc., but I think I must have a valid SSL to get access to RDWeb externally. Is that correct? I've tried to access the rdweb link externally, but of course it fails because the address is https://servername.local/rdweb I'm pretty sure the blasted local is keeping me from being able to test this before we purchase a SSL. I've even tried the farm name (that works locally btw), but it still fails.

I have everything in place, but just can't test it externally. Maybe I'm missing something. Like I said earlier, all of it works correctly internally, so I've setup the Remote Desktop Services correctly: licensing, gateway, session hosts, rdweb apps, etc. It's probably just something for the external stuff I'm missing or that I do in fact must have a valid SSL in place for external traffic to get through.

Thanks in response.

I hope this question makes sense

I've been an IT professional for county government over 2 1/2 years and this problem has occurred 3 times. I can fix it by restarting the primary server, but I would like to fix it without having to take that route. Here's the situation. On our primary server (from here on out called Server1) we have software running called Springbrook (fund accounting and utility billing enterprise software). The users access Springbrook via mapped drives to Server1. I place shortcut on their desktops that pulls the software from the mapped drive. Sometimes, I don't know why, 3 or more users lose access to Server1, which causes them to lose access to Springbrook. The rest of us can still access Server1. By losing access to Server1 I mean PC A cannot ping, RD to, or access shares on Server1. Ping tells me the remote host is unreachable, RD gives the same message, and when I try to explore the mapped drive the message tells me the network path is not available. If I restart Server1 then those 3 users can suddenly access Server1 again.

I assume the only thing happening is that a network service is restarting, but I don't know if it's the NetLogon service, an AD service, or it may be something else I'm not aware of. Restarting the users' PCs doesn't solve the problem. Nor does rejoining the PC to the domain fix the issue; it's always restarting Server1 that fixes the issue.

This doesn't happen often. Like I said, in the 2 1/2 years I've been here it's happened 3 times. Out of those 3 times it hasn't been the same PCs either. I would like to know how to prevent it or at least how to fix it without restarting the server completely.

AD domain. Windows Server 2008 R2 server. Sonicwall TZ210 firewall. Netgear 24 port gig switch. PCs hook into Netgear gig 5 port switches.

Thanks.

EDIT: Thanks for the answers so far. Poor question writing on my part. I failed to mention that the affected PCs can communicate with other PCs on the network, even Server2 (we have to DCs). Server1 can't ping to the affected PCs either.