windows

Install Quest On Demand Migration agent using Powershell

January 3, 2022

Here's a script that I'm using to roll out the Quest ODM agent on PCs in my environment that do not have access to the LAN. I used Atera Service Desk to deploy it for internet-only installation.

Agent install and hosting

This script requires that you download the Device Agent from the Quest Migration for Active Directory downloads page:

Once that's complete, you will need to upload the file to a publicly accessible file share. I used Azure Files to create a storage container and provide direct access to the file. This URI will be pointed to in the script, so you cannot use something like OneDrive or SharePoint without special configuration.

Script

Before running this script, you will need to change the following XXX values:

$QuestODMMSIURI – This will be the publicly accessible MSI that you uploaded to your file share.
Auth Key – Found on the Quest Migration for Active Directory downloads page

Function Invoke-ODM_Agent_Install {

	$InstallCheck = Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Quest\On Demand Migration For Active Directory\ODMAD_AD" -ErrorAction SilentlyContinue
  
  If ($null -eq $InstallCheck) {
    Write-Host 'Downloading ODM agent.' 
    $QuestODMMSIURI = 'XXX' # Change to use your own Azure Files URI
    $QuestODMdest = 'C:\Temp\ODM\QuestODM.msi' 
    Invoke-WebRequest -Uri $QuestODMMSIURI -OutFile (New-Item -Path $QuestODMdest -Force)

    Write-Host 'Installing ODM agent.'
    cmd /c "msiexec.exe /I `"C:\Temp\ODM\QuestODM.msi`" /qn SERVICEURL=https://us.odmad.quest-on-demand.com/api/ADM AUTHKEY=XXX" # Change to use your own authkey from Quest
    Write-Host 'Finished installing ODM agent.' 
  }
  ElseIf ($null -ne $InstallCheck) {
    Write-Host 'ODM agent is already installed.'
  }
  Else {
    Write-Host 'ERROR!' 
  }

}

Invoke-ODM_Agent_Install

Discuss...

Convert m4a audio files for Ringcentral

November 30, 2021

#telephony #Windows

Ringcentral requires audio files to be saved as .mp3 files.

To do this, you'll need to convert your audio that you recorded in the Voice Recorder from .m4a into .mp3 using the app Audacity and the ffmpeg plugin. Audacity and ffmpeg are open source programs that can convert audio into different formats. Audacity is the main program and ffmpeg is an extension that Audacity uses to open .m4a files.

Install Audacity and the ffmpeg extension

Before you'll be able to convert the file, follow these steps to get Audacity and ffmpeg set up on your computer:

Download the Audacity installer: https://github.com/audacity/audacity/releases/download/Audacity-3.1.2/audacity-win-3.1.2-64bit.exe
Run the file and install Audacity with default settings:
Navigate to the ffmpeg downloader page: https://lame.buanzo.org/ffmpeg64audacity.php
Click on the link for the ffmpeg v.2.2.2 installer:
Run the file and install ffmpeg with default settings:

Convert your audio file

After the setup is complete for both apps, follow these steps to convert your audio file:

Open Audacity and navigate to File > Open and select your .m4a file:
Navigate to File > Export > Export as MP3:
Choose where you want to save the file and leave all options as default. Click the Save button:
Leave the export options as default. Click the OK button:

After the window closes, your conversion will be complete. You can close Audacity without saving the file.

Navigate to the location where you saved the .mp3 file and upload it to Ringcentral.

Discuss...

Hyper V and Windows 10 – Cannot find the Microsoft Software License Terms

November 10, 2021

#Windows #HyperV

I tried setting up a new Windows 10 VM in Hyper V with default options, but I sometime receive the following error when going thru the installation:

Windows cannot find the Microsoft Software License Terms. Make sure the installation sources are valid and restart the installation.

Screenshot of Windows Setup, error message

I thought it was an issue with my Windows 10 ISO, but the MD5 checked out OK.

The fix:

Power off the VM.
Edit the Settings on the VM.
In the Settings window, navigate to the Memory tab. Change the Minimum Ram setting in the Dynamic Memory option from 512 MB to something like 1024 MB.
Restart the VM.

Screenshot of Hyper-V, Memory setting

Add AAD login after creating an Azure VM

September 20, 2021

#Windows #Azure #AzureAD

If you've deployed an Azure VM and did not enable the “Login with AAD credentials”, option, you can enable sign in using Azure Active Directory credentials later using Cloud Shell with this command in Azure CLI:

az vm extension set \
--publisher Microsoft.Azure.ActiveDirectory \
--name AADLoginForWindows \
--resource-group ResourceGroup \
--vm-name VMName

After running that command, you'll need to add an entry to the local group to allow interactive sign in using RDP. The extension doesn't add this permission and you will need to do it manually, running this command in a remote Powershell:

net localgroup "remote desktop users" /add "AzureAD\user@domain.com"

You will also need to add 2 lines the RDP file downloaded from the “Connect” tab so that you can connect without issues:

enablecredsspsupport:i:0
authentication level:i:2

After connecting to the VM using RDP, you will also need to disable network-level authentication from Control Panel.

In the background, the extension will change the Join Type of the VM to “Azure AD Joined” and your Devices blade will update with that information after a couple of minutes.

No need to re-create the VM.

Just putting this here for my notes.

Discuss...

Meraki split-tunnel VPN Powershell script

September 8, 2021

#Windows #Powershell #Meraki

I wrote up a quick and dirty Powershell script today that adds a split-tunnel VPN connection, asks the user for connection info, dials the connection, then configures static routes.

# Add-MerakiVPN.ps1
# Creates a split-tunnel VPN connection and adds static routes.
# Tim D'Annecy 2021-09-08

function Add-MerakiVPN {
 
    $ServerAddress = 'blahblahblah.dynamic-m.com' # Change this value to match your Meraki hostname
    $ConnectionName = 'Meraki VPN'
    $PresharedKey = 'blah' # Change this value

    Add-VpnConnection `
        -Name $ConnectionName `
        -ServerAddress $ServerAddress `
        -TunnelType L2tp `
        -EncryptionLevel Optional `
        -SplitTunneling `
        -AllUserConnection `
        -L2tpPsk $PresharedKey `
        -AuthenticationMethod Pap, MSChapv2 `
        -Force

    $StaticRoutes = @(
        '10.0.13.0/24', # Change these to match your internal subnets
        '10.0.12.0/24',
        '172.16.0.0/16'
    ) 

    try {
        rasphone.exe -d $ConnectionName
        Start-Sleep -Seconds 30
        $StaticRoutes | foreach {
            New-NetRoute -DestinationPrefix $_ -InterfaceAlias $ConnectionName
        }
    }
    catch {
        Write-Error 'There was an error adding the VPN connection'
        exit
    }
}

Add-MerakiVPN

One-line Powershell script to input a list of users and output Active Directory info

August 26, 2021

#Powershell #Windows

This one-liner imports a CSV formatted with at least the header Name and a list of user names. It outputs to a CSV with the SamAccountName and Enabled properties.

import-csv ".\in.csv" | ForEach-Object  { Get-ADUser -Identity $_.Name -Property samaccountname,enabled } | Select-Object -Property samaccountname,enabled | Export-Csv -Path ".\out.csv" -NoTypeInformation -Append

Discuss...

Get SSID name in Powershell

August 16, 2021

#Windows #Powershell

I found this post on Reddit and wanted to save the command for my notes.

Running this command in Powershell will give you the PC's currently connected SSID. This is handy for troubleshooting network issues when connected remotely through a PSSession.

netsh wlan show interfaces | select-string SSID

Fix RSAT error 0x800f0954

August 9, 2021

#Windows

Open Local Group Policy Editor (gpedit.msc)
Change entry at Computer Configuration > Administrative Templates > System > Specify settings for optional component installation and component repair to “Enabled” and check the box for “Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)”

Run gpupdate in Command Prompt.
Open Settings > Apps > Apps & features > Optional features and click “Add a feature”. Search for and install “RSAT: Active Directory Domain Services and Lightweight Directory Services Tools”

Alternatively, you can add it through Powershell:

Add-WindowsCapability -Online -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0

Verify the installation was complete by running Import-Module activedirectory in Powershell.

Allow Windows Quick Assist UAC prompts in Intune

August 6, 2021

#Windows #Intune

On Windows, to allow Quick Assist to display UAC prompts to a remote user, you need to make a few quick changes.

Microsoft Endpoint (Intune)

Older instructions are here: https://www.cloud-boy.be/portfolio/run-as-admin-gives-black-screen-in-quick-assist-teamviewer-intune-fix/ [A]

New instructions are:

Open the Endpoint management dashboard
Click on “Devices” and select “Configuration profiles”. Click on “Create profile”. Change Platform to “Windows 10 and later” and the Profile type field to “Settings catalog (preview)”. Click the “Create” button.
Give it a basic name and navigate to the “Configuration settings” page.
Click the “Add settings” button. Double click on the “Local Policies Security Options” entry in the Settings picker pane on the right. Check the box for the option “User Account Control Switch To The Secure Desktop When Prompting For Elevation”. Back on the main settings area to the left, change the dropdown to “Disabled” and click the “Next” button.
Enable the policy to all devices (as needed) and then test.