Monthly Archives: April 2011

The Blog Wrap-up For April 2011

  • Press a button–get the result

    Think before you pressed OK in gpedit. Or buy a piece of software which thinks for you.

  • MVP–check!

    Yeah, again.

  • Migrate scheduled tasks from 2003 to 2008

    Easy way to move scheduled tasks from one host to other.

  • %SystemRoot%system32 secrets: Choice

    The utility of choice, sometimes.

  • Myths #1: Number of previous logons to cache

    Popular mistakes, issue One

  • Check your certificate status visually

    Another utility to use if you have many web sites with SSL certificates.

  • BITS Transfer PowerShell cmdlets

    BITSAdmin is dead? Almost.

  • BITS Transfer PowerShell cmdlets

    One friend of mine told me that I shouldn’t have spread knowledge about BITSAdmin command while there was the PowerShell cmdlets in place. Well, to some extent he is definitely right:

    • 1) PowerShell is better self-documented.

    2) It is waaaay easier to script with.

    3) It is more simple to use in some basic situations like “just give me that darn file”.

    4) Many people just like PoSh.

    So, the tasks I did in my post about BITSAdmin seems to be done in one command:

    Start-BitsTransfer –source <URL> –destination <PathToFile>

    but one need to do his homework better:


    Seems like the module for BITS is not imported by default. Let’s correct the mistake:


    and now we have our cmdlets:


    So, let’s our download begin:


    Excellent, isn’t it (it even show the progress very visually)? No, it isn’t. Because when I turned my network connection off the download was cancelled:


    Even though it was stated that “BITS will try again” – it wouldn’t and there wasn’t any job registered with BITS. I don’t know why, actually (I hope my friend will explain it to me), but I found a “workaround”. Just add “-Asynchronous” option to the string and it will fork just fine for you although you won’t be able to see that beautiful download bar:



    But even when the state changed to “Transferred”, there was only a .tmp file in my directory. Actually, when I started the command without “-Asynchronous” option, I’ve got the file immediately after the end of the transfer, but you already know that you cannot then resume the transfer if it was interrupted. Therefore, I had to complete the transfer manually:


    Not very big difference from what we did with BITSAdmin, I guess. And I couldn’t tell how to do is to monitor my jobs in fasion BITSAsmin /MONITOR does.

    So, let’s sum it up:

    1) PoSh is best for scripting

    2) You can use for interactive tasks whichever command set you are used to, but remember, that BITSAdmin can be discontinued any moment

    So, my best approach is, do everything I can with PoSh and monitor with BITSAdmin, until someone tells me how to do it with PoSh 😉

    Check your certificate status visually

    imageJust another not bad tool. If you don’t have a wildcard certificate in use, probably you have many of them and in many places.Usually such kind of system is being monitored automatically with some system (OpsMgr, nagios, custom software), but sometimes you just need to get an overview of what’s happening right now. In this case you can use some report if you have one suitable, or write your own report, or use the following tool: VerifySSLSertificate.It’s small, robust and have just several but essential functions and settings. You can save and load a list of servers to check, save a certificate from a server and set a warning threshold. That’s it. Do you need more to get a brief overview? I doubt it, to be honest, it is quite visual:


    So, thanks you, Chris Blankenship, for this tool and several others.

    Myths #1: Number of previous logons to cache

    imageYou know, as an IT Pro I often meet some persistent myths about OS, protocols or whatever else. Sometimes these encounters become sooo frequent, that explaining these wrongs just bore  me to death. What’s even more amazing: these wrongs are explained usually on so many blogs, pages and other places that… Well, anyway, probably some people who know people who read my blog don’t read those blogs and pages, therefore I’ll try to show some more of these mistakes.

    Let’s begin from the very basic, but one of the most frequent mistakes about Group Policy. Yeah, the one which is in the subject of the post. I saw once a man who was nearly fired because of it. Really. Like always: “the boss comes in and tells an IT guy to restrict number of times his sales managers can logon into their laptops without connecting to the company’s LAN by 15 times”. “No problem” answers the guy, changes the setting to 15 and reports the task is done. Some time later it occurs that it wasn’t and all hell’s broke loose. What’s happened and how to fix it?

    First of all, it was a mistake not to check if everything works smoothly after changes (I’ve done some nasty things over it too… Bad memories Winking smile).

    Next, the settings is not what many think of it. If we read its description (this is a good thing to do before a change) then we’ll see the following line: “Determines the number of users who can have cached credentials on the computer”. Number of users, not number of logons per user. That’s it. If you have notebook with 15 users using it (wow…), then the setting will help you. But no restriction for the only one.

    Third. Bad news here: I don’t know actually the way to do what this boss wants. And I am not sure that it exists while using only built-in means. Still it is not a cause for telling the boss that you’ve done it Smile

    %SystemRoot%system32 secrets: Choice

    We won’t assess the next three commands – chglogon, chgport and chguser – because they are all replaced by change. Therefore the next candidate in the race is


    While not being helpful alone it could be useful in batch scripts. Those can be actually very powerful, still I like PowerShell more because it allows me to do stupid things faster and of more quality. But just in case you want to do some *.bat files with not linear logic depending on a user’s input, you can use it. For example, you can ask something like this:


    =))) Moreover, you can set default choice and auto accept it after some time:


    I haven’t pressed a key here, but the command substituted “b” after 5 seconds of waiting.

    Getting out the user’s choice is not perfectly straightforward. It doesn’t return the result as I’m used to. It put the result into %ERRORLEVEL% variable. It is not a big deal, but… I’d rather use PowerShell for it, really. Nevertheless, if you are still addicted to DOS shell, it is sometimes your “choice” 😉

    Migrate scheduled tasks from 2003 to 2008

    Well, the time has come for me to learn at last syntax for schtasks what I was reluctant to do. Some time you have to migrate a task or a bunch of them from one computer to another. In my case it was even more “interesting” task: migrate some tasks from Windows Server 2003 box to Windows 2008 R2. If you have only one it is no problem to move it manually, but what if there are many of them? Here it is: the moment of schtasks’ triumph! =)

    What it can do for us is to export 2003’s tasks into an XML file. Suppose we have task “Command Prompt” which launches cmd.exe once:




    Now let’s use our secret weapon (run it from 2008 box):


    In Task.xml we now have the following content:

       1: <?xml version="1.0" encoding="utf-16"?>

       2: <Task version="1.1" xmlns="">

       3:   <RegistrationInfo>

       4:     <Author>trofimov</Author>

       5:   </RegistrationInfo>

       6:   <Triggers>

       7:     <TimeTrigger>

       8:       <Enabled>true</Enabled>

       9:       <StartBoundary>2011-04-10T23:43:00</StartBoundary>

      10:     </TimeTrigger>

      11:   </Triggers>

      12:   <Settings>

      13:     <Enabled>true</Enabled>

      14:     <DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter>

      15:     <ExecutionTimeLimit>PT259200S</ExecutionTimeLimit>

      16:     <Hidden>false</Hidden>

      17:     <WakeToRun>false</WakeToRun>

      18:     <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>

      19:     <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>

      20:     <RunOnlyIfIdle>false</RunOnlyIfIdle>

      21:     <Priority>5</Priority>

      22:     <IdleSettings>

      23:       <Duration>PT600S</Duration>

      24:       <WaitTimeout>PT3600S</WaitTimeout>

      25:       <StopOnIdleEnd>false</StopOnIdleEnd>

      26:       <RestartOnIdle>false</RestartOnIdle>

      27:     </IdleSettings>

      28:   </Settings>

      29:   <Principals>

      30:     <Principal>

      31:       <UserId>System</UserId>

      32:     </Principal>

      33:   </Principals>

      34:   <Actions>

      35:     <Exec>

      36:       <Command>C:WINDOWSsystem32cmd.exe</Command>

      37:       <WorkingDirectory>C:WINDOWSsystem32</WorkingDirectory>

      38:     </Exec>

      39:   </Actions>

      40: </Task>

    which we can now import to our W2008R2 box with schtasks or even through GUI:




    Of course, doing that with schtasks is more efficient way to import more than one task, but GUI is much more spectacular 😉

    Press a button–get the result

    GPODo you know at which moment exactly does your GPO apply really? When you switch the radio button to “Enabled”? Or when you close a GPO console? I’ve been wondering about it for some time (but of course I was to lazy to test it myself 😉 ), but some time ago, while being on a training I asked a trainer and we conducted experiment on spot, because he didn’t know it either. During the experiment we got proof that the settings you change are implemented as soon as you press the “OK” or “Apply” button with this particular setting. You don’t believe me? Test it yourself or watch the short clip about it if you are lazy too (but remember: my English is far from ideal =( ):