Enable Windows Update “Features on Demand” and “Turn Windows features on or off” in WSUS Environments

I Found this website very usefull and searched long for this.

If you are running Microsoft Windows in a domain environment with WSUS configured, you may notice that you’re not able to install some FODs (Features on Demand), or use the “Turn Windows features on or off”. This will stop you from installing things like the RSAT tools, .NET Framework, Language Speech packs, etc…

You may see “failure to download files”, “cannot download”, or errors like “0x800F0954” when running DISM to install packages.

To resolve this, you need to modify your domain’s group policy settings to allow your workstations to query Windows Update servers for additional content. The workstations will still use your WSUS server for approvals, downloads, and updates, however in the event content is not found, it will query Windows Update.

Enable download of “Optional features” directly from Windows Update

  1. Open the group policy editor on your domain
  2. Create a new GPO, or modify an existing one. Make sure it applies to the computers you’d like
  3. Navigate to “Computer Configuration”, “Policies”, “Administrative Templates”, and then “System”.
  4. Double click or open “Specify settings for optional component installation and component repair”
  5. Make sure “Never attempt to download payload from Windows Update” is NOT checked
  6. Make sure “Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)” IS checked.
  7. Wait for your GPO to update, or run “gpupdate /force” on the workstations.

Please see an example of the configuration below:

Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)

You should now be able to download/install RSAT, .NET, Speech language packs, and more!

Install Fonts with Powershell

Fix Domoticz DB

The FIX::

You need to have sqlite3 installed on your Pi

CODE: SELECT ALL

If you have it you can do the following commands:

CODE: SELECT ALL

Remove first line of dumped database:
tail dump.sql -n +2 > dump1.sql
# Make back-up of original just in case:
mv domoticz.db domoticz.bak.db
# Import into fresh database:
sqlite3 domoticz.db < dump1.sql
# Clean-up the temporary files:
rm dump*.sql

https://www.domoticz.com/forum/viewtopic.php?t=10984

Domoticz Cisco Port on / of switch

Script is created by Johan ven Boomgaard.

 

Disable-Enable automapping Echange 2016

Because automapping is not always working correct, just created this script to re-enable automapping with the correct settings. This script you need to run on the Exchange server.

 

Update Synology Mail Plus spam server more than once a day.

Update Synology Mail Plus spam server more than once a day

Just found the scripts that you can run and schedule to run more often than once a day. And if you run ClaimAV as virusscanner.

Run the following scripts.

bash /volume1/@appstore/MailPlus-Server/scripts/SpamRuleUpdate.sh all
bash /volume1/@appstore/MailPlus-Server/scripts/SpamAutoLearn.sh
bash /volume1/@appstore/AntiVirus/scripts/clamav.sh check_update

AD Send mail on password reset

This is based on Security Event ID 4724. When this is logged on the domain controller, Task Scheduler kicks this script. And send a mail to Admin and user. And also creates a local log file who reset the password.

 

AD Send mail on Account Lock

At a company where I worked, there was no logging with account lock and the had plans to change the GPO that accounts will not be auto unlocked.
So I also added mailing to the admin of that specific OU (Country)

I found a script from Maxzor1908 on Technet
That was the basic. I Added a lot of extra.