HOWTO: Add a Local User to Windows 10 Using Group Policy (Add it To Local Administrators Group)
Posted by edwgon in 64-bit, Active Directory, credentials, Group Policy Object, Local Group, local user, Windows 10, windows 7 on November 4, 2020
Since there are some outdated information about this topic, I’m going to give the steps necessary to create a local user to a Windows 10 machine using AD Group Policy, and then add this user to the local Administrator group.
First, create a new policy using Group Policy Management Editor and follow this screenshot:
Next, click on New and select Local User. In the Action field, select Update. For the other fields, select the options you need.
Click OK button and that’s basically how it’s done.
Next, I’m going to assign this user to the local Administrator group. I will be using the same group policy to achieve this.
Right-click on Restricted Groups and then click on Add Group…
Next, you’re going to type the username we created in the previous step.

Click OK to go to the next crucial step. You’re going to a work with This group is a member of section and click Add button
Next, type Administrators and click OK
The properties should look like the following screenshot
That’s all there is to it.
PowerShell: Remove Google Chrome (any version)
Posted by edwgon in Browsers, PowerShell on October 27, 2020
The following PowerShell script will allow you to remove any installed version of Google Chrome.
Function UninstallChrome() {
$app = get-wmiobject Win32_Product | Where-Object {$_.Name -eq "Google Chrome"}
$removeChrome = $app.IdentifyingNumber msiexec /x
$removeChrome /q
}
# If chrome is running then close the process and uninstall it
If (Get-Process chrome -ErrorAction SilentlyContinue) {
# Chrome is running
# Stop chrome process
Stop-Process -Name chrome -Force
# Now uninstall chrome
UninstallChrome
} Else {
# Chrome is not running…
# Uninstall chrome
UninstallChrome
}
PowerShell: Create a Repetitive Scheduled Task for Shadow Copy
Posted by edwgon in Uncategorized on October 14, 2020
The following article describes how to create a scheduled task that creates Shadow Copies in Windows 10. The scheduled task will run daily and at 8:00AM and every 4 hours for a total of 8 hours.
Here are is the PowerShell code that does it:
# Create a scheduled task
$taskAction = New-ScheduledTaskAction -Execute "wmic.exe" -Argument "shadowcopy call create Volume=C:\"
# Set how many times the task runs daily and its frequencey
$taskTrigger = New-ScheduledTaskTrigger -Daily -At 8am
$taskTrigger.Repetition = $(New-ScheduledTaskTrigger -Once -At "08:00" -RepetitionDuration "8:00" -RepetitionInterval "04:00").Repetition
# Task owner is SYSTEM account and task runs wether user is logged on or not
$taskPrincipal = New-ScheduledTaskPrincipal -UserID "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount -RunLevel Highest
# Task settings to wake device, to run hidden and to allow to run on battery
$taskSettings = New-ScheduledTaskSettingsSet -WakeToRun -Hidden -AllowStartIfOnBatteries
# Setup scheduled task object
$scheduledTask = New-ScheduledTask -Principal $taskPrincipal -Action $taskAction -Trigger $taskTrigger -Settings $taskSettings
# Register scheduled task based on setup information gathered from $scheduledTask variable
Register-ScheduledTask "Daily Shadow Copy" -InputObject $scheduledTask
Next the screenshots of the result when the code is executed.



SCCM Task Sequence Remove Video Drivers
Posted by edwgon in 64-bit, dell, deploy, deployment, drivers, Error Code 0x80004005, Microsoft System Center Configuration Manager 2012 R2 SP1, OS Deployment, sccm, windows 7, Windows 7 Upgrade, windows 7 x64 on August 1, 2019
During my project to upgrade all our Windows 7 Enterprise SP1 (64bit) devices to Windows 10 Enterprise 1809 (64bit), I ran into a compatibility issue during the task sequence. Windows 7 video drivers were detected as incompatible during the in-place upgrade to Windows 10, so I had to find a way to remove the drivers during the SCCM task sequence.
This is the batch file code I used to disable, then remove video drivers from the task sequence.
@ECHO OFF
REM Driver is disabled
devcon disable =display
REM Driver is removed here
devcon remove =display
REM reg add command replaces whatever value is in the SearchOrderConfig with the appropriate value to tell the system NOT to go to windows update for driver updates
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching /t REG_DWORD /v SearchOrderConfig /d 0x0 /f
REM Driver package is removed here
FOR /F “tokens=4 delims= ” %%A IN (‘devcon driverfiles ^=display ^| FINDSTR “Driver installed from”‘) DO devcon.exe dp_delete -f %%A
EXIT 0
The following shows where in the task sequence I add the video driver removal step. Also, note that I have a step to copy devcon.exe utility which is not on Windows 7 by default.
I’ve extensively tested this on my DELL devices and it works perfectly.
SCCM Task Sequence Error Code 0x80004005
Posted by edwgon in deployment, drivers, Error Code 0x80004005, Microsoft System Center Configuration Manager 2012 R2 SP1, OS Deployment, sccm, SCCM 2012, task sequence, windows 7, Windows 7 Upgrade, windows 7 x64 on August 1, 2019
While attempting to perform an in-place upgrade from Windows 7 Enterprise to Windows 10 Enterprise I came across Error Code 0x80004005.
Looking at C:\WINDOWS\CCM\Logs\smsts.log gave me the clues on the error message.
There are many posts on how to fix this particular error message; it seems that this error code is pretty generic and it shows up on several instances in many SCCM operations – this document particularly deals with a task sequence for an in-place operating system upgrade.
Since this was an in-place Windows upgrade, I needed to find out more detailed information and I was able to get it from C:\$WINDOWS-BT\Sources\Panther this folder contains a list of .XML files that collect compatibility data that is collected during the upgrade process.
I opened the last XML file and this gave me the actual clue as to what was failing during the upgrade process – video drivers were the culprit!
Now I know what’s going on during the task sequence and I can attempt to fix this issue.
I’ll blog about how to fix this issue in a new post, stay tuned!
Uninstalling Applications in SCCM not Working
Posted by edwgon in Application Deployment, sccm, SCCM Client, Uncategorized, Uninstall Application on December 15, 2018
I had quite the experience when several of my applications refused to uninstall. I spent several days troubleshooting this issue and going through logs to the point that I ended up opening a case with Microsoft.
It appears that if any of application that you’re trying to uninstall has an installation deployment job set to ‘available’ or ‘required’ – no uninstall task will work. You have to delete all your installation deployment jobs as it appears that installation jobs have a higher precedence.
Here are some notes from Microsoft.
Here are the details.
The uninstall deployment wasn’t get enforced as per the logs. Here is what we see in the logs.
CIAgentJob({FFF396C4-40D1-481D-AC35-196D80F45D90}): EnforceCIs CIAgent 12/14/2018 11:18:42 AM 2972 (0x0B9C)
Initiating Enforce tasks. CIAgent 12/14/2018 11:18:42 AM 2972 (0x0B9C)
Skipping non compliant policy CI ScopeId_935E5529-E59C-4F44-9332-DBAF15F5C166/ProhibitedApplication_d0830875-5b6a-422b-bfee-142777b8361e:3. CIAgent 12/14/2018 11:18:42 AM 2972 (0x0B9C)
No mandatory Enforce tasks. No actions will be performed. CIAgent 12/14/2018 11:18:42 AM 2972 (0x0B9C)
- I could reproduce the same thing in my lab as well. So it seems like since we have an Install deployment active, the uninstall required deployment didn’t get triggered.
- Performed some testing by removing the active “available” installdeployment from the machine. Now as suspected it triggered the required uninstall deployment and the app got removed.
- Did some code review and internal checks
- I could confirm that the install deployment always wins. I.e. even there is an uninstall deployment (required) the install action always WIN.
DELL OptiPlex 7060 & SCCM OS Deployment
Posted by edwgon in AHCI, dell, DELL Optiplex 7060, Intel Rapid Storage Technology F6, OS Deployment, sccm, SSD Drives, task sequence, Uncategorized on December 4, 2018
Recently we started buying DELL OptiPlex 7060 desktops and I ran into a situation where WinPE wouldn’t work properly as there was no IP address assignment and no C drive showing in the environment.
Fixing the missing NIC hardware was easy enough; however, the environment was still lacking a hard drive. These 7060 models come with SATA SSD drives and an Intel Rapid Storage Technology F6 controller.
Installing Intel drivers or DELL drivers didn’t work.
After many hours of trying different things, here’s the solution I found. In the BIOS, change the storage settings from RAID ON (DELL’s default setting) to AHCI…just that simple.
There are many interesting documents comparing AHCI and Raid On, I suggest you read them, but AHCI is newer technology and we decided to stick with this setting on our desktop devices.
Conflicting VIB: Upgrading to ESXi 6.5
Posted by edwgon in dell, DELL PowerEdge R330, esxi, ESXi 6.5, Uncategorized, VIB, vmware on October 18, 2018
While attemtping to upgrade from ESXi 6.0 to 6.5, I received the following message from Upgrade Manager:
The upgrade contains the following set of conflicting VIBs: VMware_bootbank_ehci-ehci-hcd_1.0-4vmw.600.3.69.5572656 Remove the conflicting VIBs or use Image Builder to create a custom upgrade ISO image that contains the newer versions of the conflicting VIBs, and try to upgrade again.
After researching this message and not finding an answer that could fix it, I called Vmware support and this is what they suggested.
My server hardware: DELL PowerEdge R330
- Support asked me to download 6.5 upgrade, the zip file though. ESXi 6.5 zip file for DELL PowerEdge R330 can be found here. Click on the Vmware ESXi 6.5 U2 section and then click on the ‘Other formats’ link do download the .zip file.
- Next, upload this file to the host you’re trying to upgrade.
- Log on to the host as root and type the following command
- esxcli software vib install -d “/vmfs/volumes/Datastore/DirectoryName/PatchName.zip”
- Reboot your host
The actual Vmware KB can be found here.
How to Share a Folder in Outlook 2013
Posted by edwgon in Exchanage 2016, exchange, exchange server, Outlook 2013, Uncategorized on May 5, 2018
I was asked to share an Outlook 2013 folder for a user and I ran into a scenario…most imformation out there targets older versions of Outlook and Exchange. We run Exchange 2016 and Outlook 2013 (latest version), so most of the information out there didn’t work for me, so I decided to document how I was able to achieve sharing folders in Outlook 2013.
For this excersice we’re going to share a folder named: Test Folder
From the mailbox we want to share Outlook folders
- Right-click on the user’s mailbox name and select Folder Permissions
- Next, click on Permissions tab and Add the user you’re going to allow to access, or share, the folder(s)
- View the screenshot for the permissions settings
- Next, right click on the Inbox folder and click on Properties
- Click on Permissions tab and you’re going to add the same user you added at the mailbox permissions level (step 3)
- View the screenshot for the permissions settings
- Next, you’re going to right click on the folder you want to share and click on Properties
- Click on Permissions tab and you’re going to add the same user again
- Permissions here are set based on your requirements
- View the screenshot for the permissions settings
- That’s all that needs to be done
- The next and final step is to go to the Outlook client of the user that needs access to the folder and add the mailbox
These steps worked for me, none of the other information out there worked.
Recent Comments