A few days ago I wrote about a PowerShell Script to Install Printer Drivers.

I noticed there was a problem with this script: some drivers fail to load with error 1797 which means ERROR_UNKNOWN_PRINTER_DRIVER.

I reread the AddPrinterConnection documentation on MSDN but it didn’t mention anything about additional required permissions or anything.

But then I read the remarks sections of the Win32_Printer Class and it mentions that for some operations the SeLoadDriverPrivilege is required.

In VBScript we can indicate it like this:

But how to do this in PowerShell?

I didn’t find a way to enable a specific privilege but we can enable all by setting Scope.Options.EnablePrivileges to $true.

So I modified the script like this:

I wrote a PowerShell script to install all printer drivers on a Citrix or Terminal Server.

Actually the script isn’t specific to Citrix or Terminal Server but on such environments we need to preload all drivers because users do not have the permissions to do that.

I have chosen for PowerShell because you can do it in a one-liner which makes it easy to run this script from my Altiris server on all Citrix Servers.

The idea is that we enumerate all the shared printers on a Printer Server and make a connection to each printer. This will make sure that the driver is installed if it wasn’t already present.

The script could even be scheduled to enforce that newly added printer drivers are added to each Citrix Server.

(more…)

In Exchange it’s possible to hide a Mailbox from the (Global) Address List. You can do that in the Exchange System Manager:

But after you have hidden a Mailbox you cannot create an Outlook profile for it (or add it as an extra mailbox).

When you click Check Name in the wizard you’ll get an error:

The common workaround is to remove the “Hide from Exchange address lists” setting, create the profile (or add the Mailbox) and afterwards set it again.

Once the profile is created it all keeps working.

There is an easier solution though!

(more…)

In my previous post I explained how to get the recursive group membership with a very simple Powershell Script.

Commenter Michel thought that the script only tested one level deep but it doesn’t.

But let’s prove that!

Create 3 Global Groups in your Active Directory and name them Level1, 2 and 3:

Make Level3 a Member of Level 2 and make Level a member of Level 1 and finally add an account to the Level 3 group:

(more…)

In this post I will show an easy way to get the recursive group membership for the current user.

I use this in a logon script to handle certain tasks based on group membership.

Most scripts I see for this task do a manual recursive enumeration but in a large environment this could be very slow.

A better way would be to use the tokenGroups attribute of the Active Directory user object.

The tokenGroups attribute is an array of SIDs computed by Active Directory and is used to verify user access.

We need to translate these SIDs to their sAMAccountNames to get the actual group names.

In unmanaged code this could be accomplished by calling the DsCrackNames API or the IADsNameTranslate interface.

(more…)

Yesterday I was packaging an application called Kluwer Juridische Bibliotheek. When the user first starts this application a screen with the License Conditions pops up and it must be accepted:

I always try to remove such things as I don’t think it’s necessary for every user to accept it.

(more…)

I usually change the text below the “This Computer” icon to reflect the current username and servername:

This is an ancient trick, just set the the LocalizedString Value of the following key:

to “%USERNAME% on %COMPUTERNAME%”.

It get’s a little more complicated if you want to set this from a script, because the environment variables are replaced with the actual value BEFORE they are entered in the Registry.

(more…)

I remembered from a previous project that when the Citrix Web Interface this is caused by a setting called generatePublisherEvidence in the Aspnet.config file.

This behaviour has been documented by Citrix in CTX117273.

If you read it carefully you will see the note that you need to fix it in 2 places for an x64 system.

If you know me a little than you have probably guessed I wanted to fix this with a nice script. I have chooses PowerShell this time because it has good support for XML and I made a one-liner so I can easily use it in an Embedded Altiris script.

The script changes the config file for both x86 and x64:

EDIT: If you run by commandline you need to care of quotes within quotes, easiest thing to do is to use double quotes (“) to surround the commandline and use single quotes (‘) for Strings inside the commandline:

I needed to do a mass password change on imported accounts and decided to do this with Powershell. For some reason (maybe because I am using PowerShell 2.0) I got an unexpected error when using the Password property or the SetPassword method (RandomPassword is a function I wrote that generates Random passwords the meet the Complexity Requirements):

(more…)

When you uninstall Exchange 2007 you need to remove all Mailbox- and Public Folder databases. If you try to remove the Public Folder Database this will fail because there are replicas of the system folders in the Public Folder database. I didn’t find a way to remove these replicas from the Exchange Management GUI but it can be done with the following Powershell Code:

Get-PublicFolder -Server <exchange server> “\” -Recurse -ResultSize:Unlimited | Remove-PublicFolder -Server <exchange server> -Recurse -ErrorAction:SilentlyContinue
Get-PublicFolder -Server <exchange server> “\Non_Ipm_Subtree” -Recurse -ResultSize:Unlimited | Remove-PublicFolder -Server <exchange server> -Recurse -ErrorAction:SilentlyContinue
Get-PublicFolder -Server <exchange server> “\Non_Ipm_Subtree” -Recurse -ResultSize:Unlimited | Remove-PublicFolder -Server <exchange server> -Recurse -ErrorAction:SilentlyContinue

(change <exchange server> to the name of your Exchange Server)