Category Microsoft Windows Server 2008

Azure – Update Management

How to maintain the patch status of your Windows and Linux machines

You can use Update Management in Azure Automation to manage operating system updates for your Windows and Linux machines in Azure, in on-premises environments, and in other cloud environments.” Microsoft

To enable on a specific virtual machine in Azure

Note – You only pay for logs stored (Log Analytics)

Enabling the option can take up to 15mins

Useful reference links

Bulk Add Azure VMs and Non Azure Machines

Ping sweep script test

import-CSV "" | 
$result = Test-Connection -ComputerName 
$_.Name -Count 1 -Quiet $, $result -join ',' | out-file "c:\scripts\PingSweep\computer_results.txt" -Append 

Create list of computers to ping Comupters.txt 

Create batch file pingsweep.bat  

for /f %%s in (computer.txt) do (ping -n 1 %%s) open  cmd pingsweep.bat >> PINGSWEEPQUOTES.TXT 

Please test all scripts in a lab environment. We have no liability for any issues caused.

If you would prefer a more advanced script in PowerShell, check out this  example of a ping script in PowerShell written by Jamie Crookes "Ping utility function/module for PowerShell" can be found here

How To Access A SQL Server 2008 Databases WITHOUT SA (SysAdmin) Credentials

Challenge : How to make a backup of a SQL 2008 database without knowing any working credentials.

Log on to the Windows 2008 R2 server running SQL Server 2008 as a domain admin.

Launch SSMS (SQL Server Management Studio)

Issue the windows credentials have no permissions and there were no obvious groups in AD (Active Directory) which would have access.

So…back to basics…..

PS tools to the rescue


Download PS Tools

Store in c:\temp\

The tool to use is PSexec

Launch command prompt

Browse to c:\temp

Type : psexec -i -s SSMS.exe

This will launch SSMS (SQL Server Management Studio) as system. By luck would have it, window auth under “system” has full SA rights in SQL 2008.

I can then connect to all databases and compete the backups. I can then also check the security permissions for users

Robocopy. Copy Move Files Older or Newer than X number of days

Script options

  • Move only files under 60days old
  • Move files older than 60days
  • Move files back
  • Move files older than 182 is number of days (6 months roughly)
  • Move only files under 60days old


  • /MAXAGE:n :: MAXimum file AGE – exclude files older than n days/date.
  • /MINAGE:n :: MINimum file AGE – exclude files newer than n days/date.
  • /copyall /s  :: copys all sub folders and moves files to the folders
  • /mov Moves files, and deletes them from the source after they are copied.
  • /move Moves files and directories, and deletes them from the source after they are copied.  (note the MOVE option will fail if any files are open and locked)

Move only files under 60days old
robocopy c:\temp c:\temparchive /mov /MAXAGE:60 /copyall /s >c:\temp\FileUnder60daysMoved.txt

Move only files under 60days old back 
robocopy c:\temparchive c:\temp /mov /MAXAGE:60 /copyall /s >c:\temp\FileUnder60daysMovedReturned.txt

Move files older than 60days
robocopy c:\temp c:\temparchive /mov /MINAGE:60 /copyall /s >c:\temp\FilesOver60daysMoved.txt

Move files older than 60days back
robocopy c:\temparchive c:\temp /mov /MINAGE:60 /copyall /s >c:\temp\FilesOver60daysMovedreturned.txt

182 number of days (6 months roughly)
robocopy c:\temp c:\temparchive /mov /MINAGE:182 /copyall /s >c:\temp\FilesOver182daysMoved.txt

Deletes the original directories after moving
robocopy c:\temp c:\temparchive /move /MINAGE:60 /copyall /s >c:\temp\FilesOver60daysMoved.txt

Microsoft examples in more detail

WSUS and Windows 10 Clients – UsoClient.exe

So, you deploy a GPO to Window 10 clients, but your in a hurry to get the clients to check in…

As a SysAdmin for many years I would log on to a client, open command prompt and type :

wuauclt /detectnow  (Windows 7 / Windows Server 2008/2012 clients)


In Windows 10 you will notice that it doesn’t do anything and doesn’t show you anything. (As shown above)

(confirmed on

An example of “Whats New” in Windows 10, and Windows Server 2016 To check or scan “Windows Update” from the command prompt :
CMD (Run As Administrator)

UsoClient.exe startscan

And there is more switches….

  1. StartScan – Used To Start Scan
  2. StartDownload – Used to Start Download of Patches
  3. StartInstall – Used to Install Downloaded Patches
  4. RefreshSettings  – Refresh Settings if any changes were made
  5. StartInteractiveScan  – May ask for user input and/or open dialogues to show progress or report errors
  6. RestartDevice – Restart device to finish installation of updates
  7. ScanInstallWait – Combined Scan Download Install
  8. ResumeUpdate – Resume Update Installation On Boot

Check / Set / Sync Time Source for Windows Servers

To set the time ( Tested against Windows 2016)

Launch CMD as administrator
exampled c:\time 09:00:00 AM   – This will set the time to 9am

Note a time source if domain joined will up date the time clock again
Check the source
c:\w32tm /query /status Will show the time “Source”

To set an internet based NTP

c:\w32tm /config /syncfromflags:manual /manualpeerlist:””

This will take effect after stopping and starting the W32Time service

stop-service w32time
start-service w32time

for settings to take effect

check status
c:\w32tm /query /status Will show the new time “Source”

To check sync is working
c:\w32tm /resync (Check the time sync)


See an advert of interest, click it, this site is funded by ad clicks.

Get a list of inactive computers which have not logged on to the domain in the last 12 weeks

# Inactive computers ( this will include systems not regularly used)

# Launch command prompt as administrator and run the following commands

Dsquery computer -inactive 12 -limit 500

# Lists computers inactive for over 12 weeks and returns a limit of 500 results

Dsquery computer -inactive 12 -limit 500 | dsmod computer -disabled

# Lists computers inactive for over 12 weeks and returns a limit of 500 results and disables the computer accounts


# Similar command can be done for users.


Hide Folders Under Share with Access Based Enumeration

So todays challenge. Hide visible folders under share to users who don’t have access.


We create some new shares. Folders are then created under the share and NTFS permissions set.

Share Name : Shared Folder

Folder :

  • IT (NTFS Permissions – IT group Only)
  • HR (NTFS Permissions – HR group Only)
  • PAYROLE (NTFS Permissions – Payrole group Only)
  • ALL USERS (NTFS Permissions – HR Only)

I created a share. When logged in as a user, i could see all the folders under the shared folder.
As you would expect, I could only open the folders I had access to.

So, is this suitable? It doesnt let users in to folders they dont have access to, but it does tell them which folders are there.

So this is where “Access Based Enumeration” might come in. This feature hides folders from users that do not have permission to that folder.
Access based enumeration (ABE) came out in Windows Server 2008.

How to setup Access Based Enumeration:

  • Launch “SERVER MANAGER” (Server 2012 or Server 2016)
  • Click on “SHARES”
  • Right click on each share you want to set ABE, select “PROPERTIES”
  • Click “SETTINGS”

The next time a user logs in and views the share only users that have permissions to that folders under the share will be able to see them. The folders they dont have permission to will not appear.

—Always try things in a lab environment, always seek further information before implementing from the vendor i.e —