find all shares in a domain

We have been looking for a tool to find all the shares in a domain. It can be used to remove potential virus threats , or discover what is out there.

VMware ESX network cloning

Ever wanted to clome your network settings across multiple ESX hosts ?


Execute this first :

Add-pssnapin VMware.VimAutomation.Core -ErrorAction SilentlyContinue


That adds in the relevant Powershell tools save you having to use PowerCLi


Then copy and paste this into a .ps1 file


$srvconnection = Connect-VIServer (Read-Host “Please enter the name of your VCenter SERVER”)
$sourceHost = Get-VMHost -Name (Read-Host “Enter the name of your existing server as seen in the VI Client Source:”)
$targetHost = Get-VMHost -Name (Read-Host “Enter the name of the server to configure as seen in the VI Target Client:”)

#Collecting source information
$sourceHostObj = Get-VMHost -Name $sourceHost -Server $srvconnection
write-host “Exporting vSwithes configurations from $sourceHost”
$sourcevSwitches = $sourceHostObj | Get-VirtualSwitch
write-host “Exporting Port Group configurations from $targetHost”
$sourcevPGs = $sourceHostObj | Get-VirtualPortGroup

#Collecting target host information
$targethostObj = Get-VMHost -Name $targetHost -Server $srvconnection
write-host “Exporting vSwithes configurations of target $targetHost”
$targetvSwitches = $targetHostObj | Get-VirtualSwitch
write-host “Exporting Port Group configurations of target $targetHost”
$targetvPGs = $targetHostObj | Get-VirtualPortGroup

# determine the difference
$differencevSwitches = Compare-Object $sourcevSwitches $targetvSwitches
$differencevPGs = Compare-Object $sourcevPGs $targetvPGs

# Only process the difference in vSwitches
$differencevSwitches | %{
$newvSwitch = $_.InputObject
Write-Host “Creating Virtual Switch $($newvSwitch.Name) on $targetHost”
if($newvSwitch.Nic) {
$outputvSwitch = $targethostObj | New-VirtualSwitch -Name $newvSwitch.Name -NumPorts $newvSwitch.NumPorts -Mtu $newvSwitch.Mtu -Nic $newvSwitch.Nic
} else {
$outputvSwitch = $targethostObj | New-VirtualSwitch -Name $newvSwitch.Name -NumPorts $newvSwitch.NumPorts -Mtu $newvSwitch.Mtu

# Only Process difference in Port Groups
$differencevPGs | %{
$newvPG = $_.InputObject
Write-Host “Creating Port group “”$($newvPG.Name)”” on vSwitch “”$($newvPG.VirtualSwitchName)”” on target host $targetHost”
$outputvPG = $targethostObj | Get-VirtualSwitch -Name $newvPG.VirtualSwitchName | New-VirtualPortGroup -Name $newvPG.Name-VLanId $newvPG.VLanID



Only thing to note is it creates the VMotion ports incorrectly , delete them and add them as a VMKernel port.



Servers pending reboots via WSUS and email

We have been working on a WSUS project , and its coming to a close. The client required information on which servers required rebooting to complete a patch.

We came up with this script


$csvfile=’drive WSUS Scriptsrebootpending.csv’
$computerScope = new-object Microsoft.UpdateServices.Administration.ComputerTargetScope
$computerScope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::InstalledPendingReboot
$wsus.GetComputerTargets($computerScope) |
Select FullDomainName,IPAddress,RequestedTargetGroupName |
Export-Csv $csvfile -NoType


$smtpServer = “your smtp server”
$msg = new-object Net.Mail.MailMessage
$att = new-object Net.Mail.Attachment($csvfile)
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$msg.From = “your address”
$msg.To.Add(“your address”)
$msg.Subject = “pending reboots”
$msg.Body = “Check attachment:”,$messagebody
#”Here is todays copy for ”

Usernames from Email exchange 365

If you have email addresses and need to get usernames ( this is for the cloud based exchange 365 ) :-

Open powershell and :

Import-Module ActiveDirectory

Also logon to Exchange environment Exchange 2010 in the cloud:-


$LiveCred = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $LiveCred -Authentication Basic -AllowRedirection

Import-PSSession $Session


Then the script is:-

Get-Content emailtest.csv | %{

Get-Mailbox $_ | Select-Object PrimarySmtpAddress, UserPrincipalName

} | Export-Csv users.csv -NoTypeInformation

WSUS – machines go then come back ?

One of our engineers wrote this little rough and ready script that recreates the  AccountDomainSid and SUSClientID in the registry. This is caused often by VMs that have been cloned from a template.


Requirements are that PSEXEC is installed in the same directory as where the script is ran. We tend to create folder on the WSUS server and run it from there

@echo off

set /p a=”Enter IP Address or Name: please DO NOT include \”

psexec \%a% net stop wuauserv

psexec \%a% REG DELETE “HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdate” /v AccountDomainSid /f

psexec \%a% REG DELETE “HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdate” /v PingID /f

psexec \%a% REG DELETE “HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdate” /v SusClientId /f

psexec \%a% net start wuauserv

psexec \%a% wuauclt /resetauthorization /detectnow

psexec \%a% wuauclt /reportnow


echo Machine should reappear in approx 10 minutes.




He also adapted one that will force a machine to detect and report its WSUS status to the WSUS server


@echo off

set /p a=”Enter IP Address or Name please DO NOT include \ : “

psexec \%a% net stop wuauserv

psexec \%a% net start wuauserv

rem psexec %a% wuauclt.exe /resetauthorization

psexec \%a% wuauclt.exe /detectnow

psexec \%a% wuauclt.exe /reportnow


echo …………………………………………………………..


echo ————–

echo A report and detectnow has been run on the machine you specified.



Apple Airplay and Meru have found out that Meru and Apples airplay systems dont always play well together. Specifically, the configuration out of the box doesnt work at all.

We have found the following settings of use :


Log into the GUI
Click on the “Configuration” Tab
Click on “System Settings” under “Devices”
Click on “UDP Broadcast Up”
Click “Add”
Enter port number “5297″ click OK
Repeat to enter in port numbers “5298″ and “5353″
Click on “UDP Broadcast Down”
Click “Add”
Enter port number “5297″ click OK
Repeat to enter in port numbers “5298″ and “5353″
Click on the “Configuration” Tab
Click on “ESS” under “Wireless”
Select the relevant ESS profile and click “Settings”
Set the “Allow Multicast Flag” to “On”

Reset home folders

GiraffeIT have often been asked how to reset home folders. It can be quite time consuming if done manually on a range of users.

We have found, tested and sucessfully used the following scriptlet. Its a powershell script so dont forget to allow execution.



Mandatory Profiles have been asked many a time to create mandatory ( or roaming as they used to be known ) profiles for various people.

The benefits are small, rapidly loading profiles that end users cannot write back to.

1.) Make a local user on the server

2.) Make the user member of the local administrators group on your server

3.) Login in with this user and customize for example the start menu

4.) Create a share on your file server.

5.) Copy the complete template folder from the C:Users directory to the new server share

6.) Rename the template folder to mandatory.V2 The .v2 is significant as it tells windows seven its a man profile for it.

7.) Delete the Local and LocalLow folders from the AppData folder

8.) Open REGEDIT and load the NTUSER.DAT hive ( make sure HKEY_USERS is highlighted

9.) Right-click on the Mandatory profile and choose permissions

10.) Delete the template user and add the Authenticated Users (Full Control)

11.) Unload the NTUSER.DAT from your registry

12.) Rename the NTUSER.DAT to NTUSER.MAN

13.) change the relevant users profiles in ADUC or via Policy preferences.


Preparing your desktop delays

GiraffeIT have been investigating a curious issue where no matter what server load is the profile that is loading ( a mandatory windows seven on since you ask ) is taking an age to get “past” preparing your desktop.

We moved the profiles to different servers, we disabled DFS namespaces ( crucially note that DFS replication is strongly advised against being used ) monitored network traffic with wireshark.

The problem wasn’t obvious. There were no RSOP/GPResult errors. All looked fine.

Logons were taking 2m40 under low load and 15minutes(!) under heavy load.

We eventually diagnosed the fault as an errant file filter placed on filescreening. The curious desktop.ini was being screened on the fileserver. Once removed the thin ( 1.7Mb ) mandatory profile loaded quickly.

23seconds now from CTRL-ALT-DEL to working desktop.


GiraffeIT have found a fantastic bit of free Apple image software that really helps us deploy multiple Apple mac images to multiple machines. Its called Deploystudio ( available here )

Its straightforward to get it installed, and works really really well. Had a few minor snags ( mostly to do with clients errant DNS servers ) but no showstoppers.

Recommended !



NetVol not replicating, yet GPOs are ?

We were called out today for a job where a Domain controller ( DC ) was responding to requests , but only really, really slowly. Hit an alternative DC and it logged you on at the speed of light. Some digging was involved and GiraffeIT diagnosed that the netvol wasnt replicating.

The fix wasnt too bad.

  1. Stop the NTFRS service
  2. add in an administrator / elevated privledge user to the system information folder on the server with full control
  3. goto the folder that has a uniqueID and rename it ( I chose folderXYZold
  4. find the “private” folder , rename that ( I chose PrivateOLD )
  5. Restart the NTFRS service.
  6. Either await replication on cycle, or force start with the active directory sites and services snap in.

SOPA / Protect IP

We dont normally venture into the politics side of things here at ,however this one has us a little bit worried.

If you are unsure of what the fuss about SOPA / ProtectIP is about , have a look at this :

SOPA / ProtectIP



DNS Scavenging

Happy new year !

A site I visited over the Christmas period was experiencing issues with DNS. There were no obvious faults other than an exceedingly large number of records in a somewhat small environment.

I discovered that the DHCP lease time was set to 8 hours and that scavenging was not set at all.

A few days later after the cycle had completed and 875 scavenged nodes later all is healthy again. Not to mention a decrease in network traffic.

Printer Scripts for Windows Seven

I have been onto a site recently, and had issues with the Group Policy Preferences not applying to the printers. I found out that this was due to the time it takes the printer to respond to the request to be “mapped” and made default.

I spent a few hours and hacked around some code and came up with this little masterpiece to allow multiple room printers to be added to the relevant OU based PC

‘—————Delete all Printers————————————————–
Dim wshNetwork, sPrintPath, clPrinters, i
Set wshNetwork = CreateObject(“WScript.Network”)

‘Remove Existing Printers
Set clPrinters = wshNetwork.EnumPrinterConnections
On Error Resume Next
For i = 0 to clPrinters.Count – 1 Step 2
wshNetwork.RemovePrinterConnection clPrinters.Item(i+1), true
On Error Goto 0

‘—- For citrix script, un-comment following two lines:

‘Set Sh = CreateObject(“WScript.Shell”)
‘sys = Sh.ExpandEnvironmentStrings(“%CLIENTNAME%”) ‘sys= the returned workstation name (Citrix only)

‘—- For normal Windows machines un-comment the following line

sys = wshNetwork.ComputerName ‘sys = computer name (standard domain workstations – not citrix)

‘—- Note, you can’t have both of these uncommented!!!

‘User = CreateObject(“WScript.Network”).Username ‘ This returns the logged on username to variable: User


CName = UCase(sys) ‘Get name from network object (Uppercase)
Set oNet = CreateObject(“WScript.Network”)

‘ -=( Add printer and set a default based on computer name (CName) )=-

‘ Test for Left(CName,NumberofChars)


if Left(CName,3) = “W21” Then

oNet.AddWindowsPrinterConnection “\print-serverw21-mono”
oNet.AddWindowsPrinterConnection “\print-serverw21-colour”
oNet.SetDefaultPrinter “\print-serverw21-mono”

Elseif Left(CName,3) = “W22” Then

oNet.AddWindowsPrinterConnection “\print-serverw22-Mono”
oNet.AddWindowsPrinterConnection “\print-serverw22-Colour”
oNet.SetDefaultPrinter “\print-serverw22-mono”

etc etc

end IF


Updated a few of my iDevices tonight. No real revolution , just a miriad of evolutions.

DelProf2 was called into a site to help diagnose some GPO not working quite how they were expecting.
Long of the short is a locally cached copy of the profile was being stored on the local machines. There are a few settings you can use in Windows 2008R2 to prevent the cached copy staying on the machine for more than x days. However for completeness I wanted the profiles gone there and then. Cue DelProf2. ( available here ) A few tweaks and a rough and ready batch file called via a startup trigger in a GPO and voila. No more cached local profiles at machine turn on.

New Blog !

We hope to add more of GiraffeIT real world experiences in here. I hope to share some of the issues and solutions that the herd have met and overcome.

GiraffeIT – sticking our neck out so you dont have to