Make Win 10 or 11 Pro / Ent LTSC

@echo off

:: first go get the skus.zip - in the issues are the ones for W11 too
echo  Starting conversion to LTSC... 

:: If not launched as admin, relaunch
net.exe session 2>NUL 1>&2
if not %errorlevel%==0 (echo  You are NOT ADMIN. Relaunching... 
powershell Start -File "cmd '/K %~f0 runas'" -Verb RunAs
goto out)

:start
    pushd "%CD%"
    CD /D "%~dp0"
    echo  Take ownership of the skus subfolders 
    "%windir%\system32\takeown.exe" /F "%windir%\system32\spp\tokens\skus\csvlk-pack" /R /A /D Y
    "%windir%\system32\icacls.exe" "%windir%\system32\spp\tokens\skus\csvlk-pack" /T /grant Administrators:F
    "%windir%\system32\takeown.exe" /F "%windir%\system32\spp\tokens\skus\IoTEnterpriseS" /R /A /D Y
    "%windir%\system32\icacls.exe" "%windir%\system32\spp\tokens\skus\IoTEnterpriseS" /T /grant Administrators:F
    "%windir%\system32\takeown.exe" /F "%windir%\system32\spp\tokens\skus\IoTEnterpriseSK" /R /A /D Y
    "%windir%\system32\icacls.exe" "%windir%\system32\spp\tokens\skus\IoTEnterpriseSK" /T /grant Administrators:F
    "%windir%\system32\takeown.exe" /F "%windir%\System32\spp\tokens\EnterpriseS" /R /A /D Y
    "%windir%\system32\icacls.exe" "%windir%\system32\spp\tokens\skus\EnterpriseS" /T /grant Administrators:F
    echo. 

    echo  Extract and copy the new skus 
    FOR /F "tokens=1,2,3 delims= " %%A IN ('wmic os get Caption') DO @IF %%C EQU 10 "%windir%\System32\tar.exe" -v -x -f skus10.zip -C %windir%\system32\spp\tokens\skus
    FOR /F "tokens=1,2,3 delims= " %%A IN ('wmic os get Caption') DO @IF %%C EQU 11 "%windir%\System32\tar.exe" -v -x -f skus11.zip -C %windir%\system32\spp\tokens\skus
    
    echo  Reinstall the new licenses - be patient, this will take a minute 
    cscript.exe %windir%\system32\slmgr.vbs /rilc
    echo  Uninstall the actual product key 
    cscript.exe %windir%\system32\slmgr.vbs /upk
    echo  Remove the KMS 
    cscript.exe %windir%\system32\slmgr.vbs /ckms
    echo  Remove the old product key from registry 
    cscript.exe %windir%\system32\slmgr.vbs /cpky
    echo  Install LTSC Product key 
    :: use key from https://learn.microsoft.com/en-us/windows-server/get-started/kms-client-activation-keys - it requires a KMS Server, otherwise you will have to manually change the license from KMS to MAK
    cscript.exe %windir%\system32\slmgr.vbs /ipk M7XTQ-FN8P6-TTKYV-9D4CC-J462D
   

:end
    :: cleanup
    del /f /q "skus*.zip" 2>nul
    :: check the Windows version
    wmic os get Caption | findstr "Microsoft"
    echo  Now we should reboot... 
    choice /t 30 /c yn /d n /n /m "press  "Y"  in the next 30 seconds if you want to reboot"
    if errorlevel 2 goto :out
    if errorlevel 1 shutdown.exe -r -f -t 0

:out
    :: reset the colors
    echo.

Remove .appx from some newly converted to LTSC computers

$ErrorActionPreference= 'silentlycontinue'

$cred = Get-Credential -Message "Please enter admin credentials valid on target computers";
if($cred -isnot [PSCredential]) {Write-Host -ForegroundColor Red -BackgroundColor DarkBlue "No valid credentials provided. Exiting!" ; exit 1}

foreach($comp in Get-Content -Path C:\temp\complist.txt) {
 Write-Host -ForegroundColor Blue -NoNewline " `nStart on $comp : "
 $sess = New-PSSession -Credential $cred $comp
 if ($?) { Write-Host -ForegroundColor Green "session to $comp established";
  Invoke-Command -Session $sess -scriptblock { Get-AppxPackage -AllUsers | Remove-AppxPackage -ErrorAction Continue; Get-AppxProvisionedPackage -Online | Remove-AppxProvisionedPackage -Online; }
  if ($?) {  Write-Host -ForegroundColor Green "RAN on $sess" } else { Write-Host -ForegroundColor Red "FAIL on $sess" }
 }else{ Write-Host -ForegroundColor Red "Unable to connect to $comp" }
}

Write-Host -ForegroundColor Yellow -BackgroundColor DarkGreen "`nScript Done!`n"
exit

Powershell backup

 #Backup folder
$dateStr = (Get-Date -Format "yyy-MM-dd-HH-mm")
$Source = "C:\source"
$Staging = "U:\BKPTemp"
$Destination = "U:\Backup\destination_$dateStr.zip"
Get-ChildItem "U:\Backup\" -Recurse -File | Where CreationTime -lt  (Get-Date).AddDays(-90)  | Remove-Item -Force
Add-Type -AssemblyName System.IO.Compression.Filesystem
Copy-Item -Path $Source -Destination $Staging -Recurse
[System.IO.Compression.ZipFile]::CreateFromDirectory($Staging, $Destination)
Remove-Item -Path $Staging -Force -Recurse
exit

List Members of AD groups

To get the members of a group, we need to login into a server with an admin account.

The admin account is member of another domain in the same forest, but the groups are in a different domain. In order to perform the inquiry, an AD controller server for the target domain must be specified.

Simple select: Get-ADGroup -Filter { Name -like "*the_searched_group*" } -Server DC.TARGET.TLD | Get-ADGroupMember -Server DC.TARGET.TLD | Select-Object name, objectClass | Out-GridView

#to be run as normal user, so excel lauches without interference, it will ask for admin cred when needed

$wrkfldr='C:\temp'
$server='DC.TARGET.TLD'
$grps="app*-VNC*"
$cred = Get-Credential;
$ErrorActionPreference= 'silentlycontinue'

$excel = New-Object -ComObject Excel.Application
$excel.Visible = $true
$wb = $excel.Workbooks.Add()

$groups = Get-ADGroup -Credential $cred -filter { name -like $grps } -server $server | Select Name -ExpandProperty Name

foreach ($group in $groups){ Get-ADGroupMember -Credential $cred -identity $group -server $server | Where-Object {$_.objectClass -eq "user"} | Select-Object Name | Export-Csv "$wrkfldr\$group.csv" -NoTypeInformation }

Get-ChildItem $wrkfldr\*.csv | ForEach-Object {
if ((Import-Csv $_.FullName).Length -gt 0) {
    $csvBook = $excel.Workbooks.Open($_.FullName)
    $csvBook.ActiveSheet.Copy($wb.Worksheets($wb.Worksheets.Count))
    $csvBook.Close()
    }
}

RDP Disconnected! Error Code: 2308 Error Description: Socket closed

After a windows update, a couple of Windows 2016 Servers on AWS started rejecting the RDP connections.
mRemote was giving the error "RDP Disconnected! Error Code: 2308 Error Description: Socket closed". MS RDP is giving "This computer can't connect to the remote computer. Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator."

After a bit of tinkering, I found that the problem seems to be the RDP TLS and encryption level.

To solve it:

- remote connect Registry Editor to the affected server and change the DWORD 
HKLM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer from "2" to "0" 


- remote connect Services.msc to the affected server and restart TermService

Windows could not complete the installation. To install windows on this computer restart the installation

SHIFT-F10 to bring up command prompt.
cd c:\windows\system32\oobe
msoobe.exe
Make a generic account and password. 
Hit finish (if it requests a product key and you have one, enter it now.  if OEM/No key required, just finish). 
Set time/date. 
Finish.

Deploy .pfx cert embedded in script (a sort of 'cat << EOF' for windows)

@echo off
::
::  
:: In order to prepare the certificate please run
:: 'certutil -encode the_pfx_cert base_64_cert`
:: then paste the base_64_cert in the section below
:: Please note that the certificate password has to be given as start paramater to this script!
:: (eq: "cert-inst.bat S3cr3tPassw0rd")

:: If the cert was already installed, exit
REG QUERY HKCU\SOFTWARE\neXt /v CertInstalled
If %errorlevel%==0 goto :eof

:: define the temp name of the extracted cert
set extractedfile=%temp%\extract-%random%.txt

:: set the password needed to decode the cert
set certpasswd=%~1

:: separate the cert from this script
call:extractembedded embeddedfile %extractedfile%

:: process the extracted file
certutil -decode %extractedfile% %extractedfile%.pfx

certutil -f -user -p %certpasswd% -importpfx %extractedfile%.pfx

:: clean-up
::del %extractedfile% %extractedfile%.pfx

:: leave a trace in the registry, so the cert will not be installed again and again
REG ADD HKCU\SOFTWARE\neXt /v CertInstalled /t REG_DWORD /d 1

:: clean exit
exit /b

:: begin of the embed cert & extraction procedure
:: After the next line, please paste the "base_64_cert" created by certutil -encode
goto:embeddedfile
-----BEGIN CERTIFICATE-----
MIIMngIBAzCCDGQGCSqG
[...]
k05EzAQIFXJaGHOuxZcCAggA
-----END CERTIFICATE-----
:embeddedfile
:: before the previous line you can find the end of the "base_64_cert"

:: cert extraction procedure
:extractembedded
setlocal EnableDelayedExpansion
set embedbegin=goto:%~1
set embedend=:%~1
set embedcert=%~2
if exist %embedcert% del %embedcert%
set tmprndfile=%temp%\%random%.%random%
findstr /n ^^ "%~f0" > %tmprndfile%
call :seekembed < %tmprndfile%
del %tmprndfile%
exit /B
:seekembed
set oneline=:eof
set /P oneline=
if !oneline! == :eof goto nostart
set oneline=!oneline:*:=!
if not !oneline! == %embedbegin% goto seekembed
:getline
set oneline=:eof
set /P oneline=
if !oneline! == :eof goto nostop
set oneline=!oneline:*:=!
if !oneline! == %embedend% goto :eof
echo/!oneline!>> %embedcert%
goto getline
:nostart
echo Error finding start delimiter %embedbegin%
goto :eof
:nostop
echo Error finding stop delimiter %embedend%
goto :eof

CMD tmpwatch / logwatch

@echo off

:: (c)2015 s@toXX.guru

set watchdir="C:\Program Files\Research In Motion\BlackBerry Enterprise Server\logs"

:: remove older files

forfiles /p %watchdir% /s /m *.* /c "cmd /c Del @path" /d -30

:: remove empty folders !!! cd on a different drive first, if that's the case !!!

:: D:\

cd  %watchdir%

for /f "tokens=*" %d in ('dir /ad/b/s ^| sort /R') do rd "%d"

Shorter version:

forfiles /p [PATH] /s /m [FILE-PATTERN] /D -[MM/DD/yyyy] /c "cmd /c del @path"

for /f "delims=" %%d in ('dir [PATH] /s /b /ad ^| sort /r') do rd "%%d"

kill dial-up if a program runs for more than 15 min or it doesn`t run at all

@echo off
:: (c)2015 sorin@toXX.guru

setlocal

:: echo Checking if EDI (Gedi_dsk.exe) runs for more than 15 min and disconect if true
for /F "tokens=1" %%t in ('tasklist /FO TABLE /FI "CPUTIME gt 00:15:00" /FI "IMAGENAME eq Gedi_dsk.exe"') do (
if "%%t" ==  "Gedi_dsk.exe" (rasdial /disconnect >NUL )
)

::the same result can be obtained using pslist:
::for /F "tokens=11 delims=: " %%f in ('"pslist Gedi_dsk 2>NUL"') do (
::if %%f geq 15 ( rasdial /disconnect >NUL )
::)

:: echo if EDI is not started wait a few seconds try again, then disconnect if it is still not there
for /F "tokens=1" %%t in ('tasklist /FI "IMAGENAME eq Gedi_dsk.exe" 2>NUL') do (
if NOT "%%t" ==  "Gedi_dsk.exe" (
:: echo program not running wait a few seconds and check again
ping -n 5 -w 1000 1.1.1.1 >NUL
for /F "tokens=1" %%t in ('tasklist /FI "IMAGENAME eq Gedi_dsk.exe" 2>NUL do (
if NOT "%%t" ==  "Gedi_dsk.exe" ( rasdial /disconnect >NUL )
)
)
)
endlocal

Autodiscover and/or EWS unavailable on Exchange 2007/2010

Symptom: Outlook crashes or you cannot access OutOfOffice settings after you install a package that contains the .NET Framework 3.5 with SP1 and the .NET Framework 2.0 with SP2 on an Exchange 2007 or on an Exchange 2010 server (CAS role)

Problem described in:
kb958934
kb952883
kb976814


My solution:

Turn of any mmc, powershel console, emc etc.

Uninstall .net 3.5 sp1
Uninstall .net 3.0 sp2
Uninstall .net 2.0 sp2

In this order, without restarting!
if it complains that "you can't uninstall, some other package depends on it", do this:

net stop MSExchangeTransportLogSearch /yes
net stop MSExchangeTransport /yes
net stop MSExchangeServiceHost /yes
net stop MSExchangeSearch /yes
net stop MSExchangeRepl /yes
net stop MSExchangePop3 /yes
net stop MSExchangeMailSubmission /yes
net stop MSExchangeMailboxAssistants /yes
net stop MSExchangeIMAP4 /yes
net stop MSExchangeFDS /yes
net stop MSExchangeSA /yes
net stop MSExchangeEdgeSync /yes
net stop MSExchangeAntispamUpdate /yes
net stop MSExchangeADTopology /yes
net stop MSExchangeIS /yes
ping -n 5 -w 1000 1.0.0.0 >nul
net stop w3svc /yes

If you still can't uninstall, use procexp's "find" feature and close any .NET handle still open.

At the end there should be no reference to .NET in the installed programs.
DO NOT RESTART!

Install .net 3.0 (I used version 3.0.4506.30 downloaded in 2008 an forgotten on server...)
DO NOT RESTART!

[PS] Remove-AutodiscoverVirtualDirectory -Identity "EXCHANGE2007\Autodiscover (Default Web Site)"
[PS] New-AutodiscoverVirtualDirectory
[PS] Set-ClientAccessServer -Identity "EXCHANGE2007" -AutoDiscoverServiceInternalUri https://exchange2007.domain.tld/autodiscover/autodiscover.xml
[PS] Test-OutlookWebServices | fl

If you receive Error 401 when attempting to run Test-OutlookWebServices | FL, disable the loopback check in  HKLM\SYSTEM\CurrentControlSet\Control\Lsa  "DisableLoopbackCheck" DWORD, 1

- In IIS Manager make sure ASP.NET 2.0.50727 is ENABLED
- In IIS Manager make sure Autodiscovery and EWS uses only "Integrated windows authentication" and that the security cert is "require ssl", "128 bit" and "ignore client certificates"

- Verify that the folder %ExchangeInstallaDir%\ClientAccess\Autodiscover is readable by "authenticated users"
 - perform iisreset /noforce

[PS] Test-OutlookWebServices | FL should give you a good answer now, if not, make sure the autodiscover DNS entry exists:

- in DNS Manager rightclick the local forward lookup zone, "Other new records", "SRV", service "_autodiscover", pri "10", weight "5", port "443", host "autodiscover.domain.tld"
- in DNS Manager, new A-Record "autodiscover.domain.tld"


[PS] Test-OutlookWebServices | FL should give you a good answer now, if not, get the backup tape, it's that time...

"FullyQualifiedErrorId : -2144108477,PSSessionOpenFailed"

The PowerShell window displayed this error.

VERBOSE: Connecting to E15MB2.exchange2013demo.com.
New-PSSession : [e15mb2.exchange2013demo.com] Processing data from remote server e15mb2.exchange2013demo.com failed
with the following error message: The WinRM Shell client cannot process the request. The shell handle passed to the WSMan Shell function is not valid. The shell handle is valid only when WSManCreateShell function completes successfully. Change the request including a valid shell handle and try again. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ConnectionURI “$connectionUri” -ConfigurationName Microsoft.Excha …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : -2144108212,PSSessionOpenFailed

The cause of this error in my specific case was that the SSL certificate was no longer bound to the Exchange Back End website on that Exchange 2013 server.

To fix this, in IIS Manager right-click the Exchange Back End website and click Bindings.

Highlight https and click Edit.

If you see “Not selected” like I did, click on Select.

Choose the certificate you want to bind to the site.

Apply the changes and retry the Exchange management shell. If it connects successfully to the server then you have most likely resolved this issue.

ChangeSN Windows XP

' WMI Script - ChangeSN.vbs
'
'sorinakis@g***.com
'**************************

ON ERROR RESUME NEXT
Dim VOL_PROD_KEY
VOL_PROD_KEY = "12345123451234512345" 'put here the real license without dashes
Dim WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.RegDelete "HKLM\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\WPAEvents\OOBETimer"
'delete OOBETimer registry value
for each Obj in 
GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf 
("win32_WindowsProductActivation")
result = Obj.SetProductKey (VOL_PROD_KEY)
if err <> 0 then
WScript.Echo Err.Description, "0x" & Hex(Err.Number)
Err.Clear
end if
next

Recreate Offline Address Book - Exchange 2010

1.    Create a new OAB.

a.    Open Exchange Management Console, expand “Organization Configuration” ->”Mailbox”.
b.    Click “Offline Address Book” tab. Right click the blank area and click “New Offline Address Book”.
c.    Type a different OAB name and click “Browse” to select the Exchange 2010 mailbox server as OAB generation server.
d.    Checked “Include the default Global Address Lists” option. As shown below:
e.    Click Next and checked “ Enable Web-base distribution” option and “ Enable public folder distribution” option. Click “Add” to select the default OAB virtual directory.
f.     Click “Next”, click “New” and click “Finish” to complete the creating process.

 

2.    Restart related services.

a.    Restart the “Microsoft Exchange System Attendant” service.
b.    Restart “Microsoft Exchange File Distribution” service.

 

3.    Update the new OAB and set it as default.

a.    Right click the new create OAB and click “Update” to update it manually. Waiting 15-30 minutes for the OAB generate finished.
b.    Right click the new OAB and click “set as default”. Click “Yes” to confirm it.

 

4.    Associate the new OAB to all the users’ mailbox databases.

a.    Expand “Server Configuration” ->”Mailbox”. Right click “mailbox database” and select “Properties”.
b.    Click “Client Settings” tab, under “Offline Address Book” option, click “Browse” button to choose the new created OAB. It will associate the new OAB to the mailbox store. Click “OK”. As shown below.
c.    Let problematic users click “Send/Receive” button on their Outlook client to download OAB, check whether the problem is resolved.

Map remote printer

map a local printer to TS session when "bring local printers to TS" fails miserably and start the App only after the printer is available

@echo off
setlocal enableextensions enabledelayedexpansion
set result=0
ser printer=oj100
Title Adding Printer. Be patient...
echo Adding printer. Do not start App yet...
ping -n 2 1.1.1.1 >nul 2>nul
taskkill /fi "username eq %username%" /im app.exe 2>nul
%userprofile%\delprint.vbs
ping -n 2 1.1.1.1 >nul 2>nul
echo Please wait. Starting Installation...
echo ..
for /F "tokens=2 delims=/: " %%f in ('%userprofile%\gettscip.exe') do (
echo Your IP is: %%f
:loop
net use \\%%f\ipc$ /d /y >nul 2>nul
ping -n 1 1.1.1.1 >nul 2>nul
net use \\%%f\ipc$ && set result=1
echo Result: !result!
if not !result! equ 1 goto :loop
Echo Add printer. This is going to take up to 5 minutes, be patient...
rundll32 printui.dll,PrintUIEntry /in /n "\\%%f\!printer!" /u /q /Gw
echo Setting default printer...
echo.
rundll32 printui.dll,PrintUIEntry /y /n  "\\%%f\!printer!" /q
echo.
)
Echo Starting App...
ping -n 3 1.1.1.1 >nul 2>nul
taskkill /fi "username eq %username%" /im app.exe >nul 2>nul
endlocal
C:\Users\Public\Desktop\App.lnk

Recursive owner and rights changing on subfolders

We assume the username==folder_name

the specific version for vista+ profiles:

@echo off
Echo (c) 2012 s@toma.gXXX
Set rprofiles=D:\path\to\profiles
For /f "delims=.V2" %%* in ('dir %rprofiles% /B') Do (
echo target is %rprofiles%\%%*.V2 User is %USERDOMAIN%\%%*
takeown /f "%rprofiles%\%%*.V2" /r
icacls "%rprofiles%\%%*.V2" /setowner %USERDOMAIN%\%%* /T /C
icacls "%rprofiles%\%%*.V2" /grant:r %USERDOMAIN%\%%*:F Administrateurs:F System:F /T
rem dir /B /W "%rprofiles%\%%*.V2"
rem ping -n 1 -w 1000 1.1.1.1 >nul
)

or the simple version:

cd d:\path\to\folders\
For /f "Tokens=*" %* in ('dir /B') Do  @cacls %* /E /C /T /G "%*":F

RD Shadow in 2012 R2

PS:>

Import-Module RemoteDesktopServices

Get-RDUserSession | select UserName,SessionId,UnifiedSessionId

mstsc /shadow:%UnifiedSessionId” /control /noConsentPrompt

the SessionId and UnifiedSessionId might have to be used, depending on how the wind blows and at what angle the Sun is on the sky :)

Watermark Printer

This is a very crude version of a "Watermark Printer" - it prints on a "preprinted paper" (e.g. something containing the company logo)


@echo off

:: ------------------------------------------------------------------
:: install redmon in %userprofile%\appdata\redmon
:: put this script in %userprofile%\appdata\redmon\email.bat
:: create new printer with port RPT1:
:: configure port redirect to %userprofile%\appdata\redmon\redrun.exe
:: port arguments %userprofile%\appdata\redmon\email.bat  %%1

:: ------------------------------------------------------------------
:: Ghostscript configuraton
set GS_INSTALL="%userprofile%\appdata\redmon\gs"
set GS_VERSION=8.63
:: LibTIFF configuraton
set LIBTIFF_INSTALL=%userprofile%\appdata\redmon\GnuWin32
:: PDF viewer configuraton (no need to set, if PDF is a registered file type)
set PDF_READER=
:: Watermark background config
set BACKGROUND="%userprofile%\appdata\redmon\\Watermark.pdf"
:: PDFTK location
set PDFTK="%userprofile%\appdata\redmon\"
:: ------------------------------------------------------------------
:: temporary PDF directory
set PDF_DIR=%TEMP%\1
:: delete old temporary PDF directories if required
for /d %%D in ("%TEMP%\1\") do if not "%%D"=="%TEMP%\1\" rd /s /q "%%D"
:: create if required
if not exist "%PDF_DIR%" md "%PDF_DIR%"
echo myass > %PDF_DIR%\blah
:: check if file is given
if not "%~1" == "" goto CHECK_FOUND
echo ERROR: No file name given!
goto END
::----------
:CHECK_FOUND
:: check for file existence
if exist "%*" goto SET_FNE
echo ERROR: File "%*" not found!
goto END
::------
:SET_FNE
:: set input file, name and extension
call :set_input_file_name_ext "%*"
:: check file type
if "%INPUT_EXT%" == "" set INPUT_NAME=%~n1.ps
if "%INPUT_EXT%" == "" set INPUT_EXT=.ps
if "%INPUT_EXT%" == ".ps" goto PROCESS_PS
if "%INPUT_EXT%" == ".tiff" goto PROCESS_TIFF
if "%INPUT_EXT%" == ".tif" goto PROCESS_TIFF
if "%INPUT_EXT%" == ".pdf" goto PROCESS_PDF
echo ERROR: File type "%INPUT_EXT%" not supported!
goto END
:: --------
:PROCESS_PS
:: set file names
set PS_FILE=%INPUT_FILE%
set PDF_FILE=%PDF_DIR%\%INPUT_NAME%.pdf
:: convert to PDF
"%GS_INSTALL%\gs%GS_VERSION%\bin\gswin32c.exe" -dSAFER -dNumRenderingThreads#%NUMBER_OF_PROCESSORS% -sDEVICE#pdfwrite -o "%PDF_FILE%" -c .setpdfwrite -f "%PS_FILE%"
goto DISPLAY
:: ----------
:PROCESS_TIFF
:: set file names
set TIFF_FILE=%INPUT_FILE%
set PDF_FILE=%PDF_DIR%\%INPUT_NAME%.pdf
:: convert to PDF
"%LIBTIFF_INSTALL%\bin\tiff2pdf.exe" -o "%PDF_FILE%" -f "%TIFF_FILE%"
goto DISPLAY
:: ---------
:PROCESS_PDF
:: set file name
set PDF_FILE=%INPUT_FILE%
::
:: ------------------------------------------------------------------
:DISPLAY
:: open PDF file in reader
:: start /b "%PDF_READER%" "%PDF_FILE%"
::
:: apply background
%PDFTK%\pdftk.exe "%PDF_FILE%" background %BACKGROUND% output "%PDF_DIR%\output.pdf"
:: call OUTLOOK - ugly for the moment
"C:\Program Files (x86)\Microsoft Office\OFFICE14\OUTLOOK.EXE" /a "%PDF_DIR%\output.pdf"

:: ------------------------------------------------------------------
:END
exit
::
:: ------------------------------------------------------------------
:: Subroutine: set_input_file_name_ext
:: Arguments:  %1 = "path/name.ext"
:: Purpose:    set environment vars to input file, name and extension
:: ------------------------------------------------------------------
:set_input_file_name_ext
set INPUT_FILE=%~1
set INPUT_NAME=%~n1
set INPUT_EXT=%~x1
goto :eof
:: ------------------------------------------------------------------

Allow login only if the member of a certain OU comes from a certain IP subnet

@echo off
:: (c)2014 sorinakis@g*il.com
setlocal enableextensions enabledelayedexpansion
set config=c:\pair.txt

:: find the primary OU that user belongs to
for /F "tokens=3 delims=/,CN=" %%n in ('"gpresult /R | findstr CN | findstr /I %username%"') do (
 set myou=%%n
)
:: echo myou is: !myou!

:: find the client subnet (need gettscip.exe from www.ctrl-alt-del.com.au in the path somewhere)
for /F "tokens=2 delims=/: " %%f in ('gettscip.exe') do (
 for /F "tokens=1-3 delims=/." %%g in ('echo %%f') do set mynet=%%g.%%h.%%i
)
:: echo mynet is: !mynet!

:: read the config file containing the pair IP_subnet/Organisational_Unit (or group)
:: the pair have to be separated by a space, ex: '192.168.1 Users' comments start with ;
for /F "eol=; tokens=1,2 delims=/ " %%l in ('type !config!') do (
 set net=%%l
:: set group=%%m
 set ou=%%m

:: find if the user belongs to a group
rem for /f %%f in ('"net user /domain %username% | findstr /i %group%"') do set /a ingroup=yes

:: if the two pairs are identical, the user can login from that subnet
 if "!net!"=="!mynet!" (
::  if "!ingroup!"=="yes" (
 if /I "!ou!"=="!myou!" (
   set canrun=yes
  )
 )
)
::echo canrun: !canrun!

:: if the user can't login let him know, then end the session
if NOT "!canrun!"=="yes" (
 echo Sorry %username%, "!myou!" are NOT ALLOWED to login from !mynet!.0/24
 msg %username% Sorry, %username% is NOT ALLOWED to login from this location.
 shutdown /l
)

:: Cleanup variables at end
endlocal

Delete old printers ond add new ones - second version

This version keeps track of the default printer :)

' s@to**.guru - Jan 08 2015 Replace the default Printer

'********************************************************************************************************************
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("WScript.Shell")
Set objNetwork = CreateObject("WScript.Network")
'Set wmiLocator = CreateObject("WbemScripting.SWbemLocator")
'Set wmiNameSpace = wmiLocator.ConnectServer(objNetwork.ComputerName, "root\default")
'Set objRegistry = wmiNameSpace.Get("StdRegProv")
'strComputer = "."
'Const HKEY_CLASSES_ROOT  = &H80000000
'Const HKEY_CURRENT_USER  = &H80000001
'Const HKEY_LOCAL_MACHINE = &H80000002
'Const HKEY_USERS         = &H80000003
userprrf = objShell.Environment("PROCESS")("UserProfile")
lockfile = "\prinstalled"
oldlockfile = "\printersinstalled"
strnewSrv = "\\2K12SRV\"
strOldSrv = "\\critesdc\"
arrPrinters = Array("HP Color LaserJet 4700 PCL 5c","HP Color LaserJet 4700 PCL 5c Sales","HP LaserJet 4100 Series PCL6 Sales","HP LaserJet 4250 PCL6","HP Laserjet 5100tn","Xerox WorkCentre 5655 PS","Xerox7545 PS")

'********************************************************************************************************************
' If this script was already run at least once for this user, EXIT and don't look back
If (objFSO.FileExists(userprrf & lockfile)) Then
  Wscript.Quit
End If
' Delete old lockfile
objFSO.DeleteFile(userprrf & oldlockfile)
'' If we're on the TS server create lockfile and Exit!
'If objNetwork.ComputerName = "2K12TS1" Then
'  Set objFile = objFSO.CreateTextFile(userprrf & lockfile, true)
'  Set objFile = objFSO.GetFile(userprrf & lockfile)
'  objFile.Attributes = 2
'  Wscript.Quit
'End if

'********************************************************************************************************************
' Make spooler autostart without waiting
' use Microsoft's way of getting StdRegProv, set_binary is special!
'Set oRegistry = _
'   GetObject("Winmgmts:root\default:StdRegProv")
'strPath = "SYSTEM\CurrentControlSet\Services\Spooler"
'uBinary = Array(80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,20,00,64,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00)
'Return = oRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE, _
'   strPath, _
'   "FailureActions", _
'   uBinary)
'oShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Start", 2, "REG_DWORD"

'********************************************************************************************************************
' get the default printer
strdefValue = "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Device"
strdefPrinter = objShell.RegRead(strdefValue)
strdefPrinter = Split(strdefPrinter, ",")(0)
'wscript.Echo "Actual default printer: " & strdefPrinter
' put the default printer into the lockfile if we want to keep it for historical records
'Set objFile = objFSO.CreateTextFile(userprrf & lockfile)
'objFile.Write strdefPrinter & vbCrLf
'objFile.Close

'********************************************************************************************************************
'Delete old printers using either printui.dll or AddWindowsPrinterConnection
wscript.sleep 100
For Each strPrn in arrPrinters
strPrinter = (strOldSrv & strPrn)
'wscript.echo "removing "  & strPrinter
strCmd = "rundll32 printui.dll,PrintUIEntry /dn /n """ & strPrinter & """ /q"
      objShell.Run strCmd,,true
'    objNetwork.RemoveWindowsPrinterConnection strOldSrv & strPrn
Next

'********************************************************************************************************************
' to make sure all printers are removed, Deletes RegistryKey with all subkeys in Network printers
'sPath = "Printers\Connections"
'lRC = DeleteRegEntry(HKEY_CURRENT_USER, sPath)
'Function DeleteRegEntry(sHive, sEnumPath)
' Attempt to delete key.  If it fails, start the subkey enumration process.
'lRC = objRegistry.DeleteKey(sHive, sEnumPath)
' The deletion failed, start deleting subkeys.
'If (lRC <> 0) Then
' Subkey Enumerator  
'On Error Resume Next  
'lRC = objRegistry.EnumKey(HKEY_CURRENT_USER, sEnumPath, sNames)  
'For Each sKeyName In sNames    
'If Err.Number <> 0 Then Exit For    
'lRC = DeleteRegEntry(sHive, sEnumPath & "\" & sKeyName)  
'Next  
'On Error Goto 0
' At this point we should have looped through all subkeys, trying to delete the key again.  
'lRC = objRegistry.DeleteKey(sHive, sEnumPath)
'End If
'End Function
' Now let's recreate only the "root" Key we deleted before
'objRegistry.CreateKey HKEY_CURRENT_USER,sPath

'********************************************************************************************************************
' we have zero network printers, let`s remove all unused drivers by using Microsoft`s own prndrvr.vbs
' first restart print spooler in order to release open files
'Set objWMIService = GetObject("winmgmts:" _
'    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
'Set colServiceList = objWMIService.ExecQuery _
'        ("Select * from Win32_Service where Name='Spooler'")
'For each objService in colServiceList
'     errReturn = objService.StopService()
'Next
'wscript.sleep 1000
'Set colServiceList = objWMIService.ExecQuery _
'    ("Select * from Win32_Service where Name='Spooler'")
'For each objService in colServiceList
'     errReturn = objService.StartService()
'Next
'oShell.Run "cscript %systemroot%\system32\prndrvr.vbs -x"

'********************************************************************************************************************
'Add new printers using either printui.dll or AddWindowsPrinterConnection
wscript.sleep 100
For Each strPrn in arrPrinters
strPrinter = (strNewSrv & strPrn)
'wscript.echo "installing "  & strPrinter
strCmd = "rundll32 printui.dll,PrintUIEntry /in /n """ & strPrinter & """ /u /q /Gw"
      objShell.Run strCmd,,true
'    objNetwork.AddWindowsPrinterConnection strNewSrv & strPrn
Next

'********************************************************************************************************************
' Try to put back the default printer
'Set objFile = objFSO.OpenTextFile(userprrf & lockfile)
'Do Until objFile.AtEndOfStream
'    strNewDefPrinter = objFile.ReadLine
'Loop
'objFile.Close

strNewDefault = (Replace(strdefPrinter,strOldSrv, strNewSrv))
'wscript.Echo "New default printer: " & strNewDefault
strCmd = "rundll32 printui.dll,PrintUIEntry /y /n """ & strrNewDefault & """ /u /q /Gw"
      objShell.Run strCmd,,true
'objNetwork.SetDefaultPrinter strNewDefault


'********************************************************************************************************************
' Tell the user to check his default printer
beep = chr(007)
objShell.Run "cmd /c @echo " & beep & beep, 0
'with createobject("wscript.shell")
'   .popup "Tous vos imprimantes réseau ont été installés. SVP vérifier et changer votre imprimante DÉFAULT si nécessaire.",30, "Printers Manager"
'end with
'objShell.Exec("control printers")

'********************************************************************************************************************
' We're done, let's leave a hidden file in userprofile, so at next login this script will exit
Set objFile = objFSO.CreateTextFile(userprrf & lockfile, true)
Set objFile = objFSO.GetFile(userprrf & lockfile)
objFile.Attributes = 2
Wscript.Quit

Delete old printers and change the default

'Change default Printer and delete the old ones
'(c)2014 s@xxxxxxxx.com
' defaultlist example: service Client,\\2K12SRV\HP 4050 P005

PrintServer = "2K8SRV" 'Old Print server name goes here - case sensitive
listfile = "\defaultlist.txt"
lockfile = "\defaultprt"
Set objNetwork = CreateObject("WScript.Network")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objSysInfo = CreateObject("ADSystemInfo")
Set objShell =  CreateObject("WScript.Shell")
userprrf = objShell.Environment("PROCESS")("UserProfile")
strComputer = "."
'strCurPath = CreateObject("Scripting.FileSystemObject").GetAbsolutePathName(strComputer)
strCurPath = "\\2k12srv\netlogon\deploy" ' relpath doesn't seems to work on UNC
 wscript.echo strCurPath
If (objFSO.FileExists(userprrf & lockfile)) Then
 'Debug
 'with createobject("wscript.shell")
 '.popup userprrf & "Lockfile EXIST!" , 1 , "Info"
 'end with
 Wscript.Quit
End If

'On Error Resume Next
strName = objSysInfo.UserName
' Split full username by comma (warning: comma is a valid char in OU, verify personally that it doesn't exist in your OU!)
arrUserName = Split(strName, ",")
' remove OU= or DC= for the last 2 OU's
arrOU = Split(arrUserName(1), "=")
arrOU2 = Split(arrUserName(2), "=")
'put those OU toghether
strOU = arrOU2(1) & " " & arrOU(1)
' open the list of OU vs printers pairs
Set objFile = objFSO.OpenTextFile(strCurPath + listfile, 1)
 Do Until objFile.AtEndOfStream
 ' they are separated by comma, first is OU second is printer
 defaultArray = split(objFile.ReadLine,",")
 readOU=defaultArray(0)
 defaultprt=defaultArray(1)
 ' Debug
 'with createobject("wscript.shell")
 '.popup "Check: """ & strOU & """ = """ & readOU & """ Choose """ & defaultprt & """. " , 1 , "Info"
 'end with
 If strOU = readOU Then
  ' Debug
  'with createobject("wscript.shell")
  '.popup "Found: """ & strOU & """ = """ & readOU & """ Printer: """ & defaultprt & """. " , 5 , "Info"
  'end with
  ' first ensure that the printer is installed, then set it default
  objNetwork.AddWindowsPrinterConnection defaultprt
  objNetwork.SetDefaultPrinter defaultprt
  exit do
 End If
Loop
objFile.Close

'Remove old printers
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colInstalledPrinters =  objWMIService.ExecQuery _
    ("Select * from Win32_Printer")

For Each objPrinter in colInstalledPrinters
    'Debug
    'with createobject("wscript.shell")
  '.popup "Name: " & objPrinter.Name , 1 , "Info"
  'end with
  'Wscript.Echo "Name: " & objPrinter.Name
    i = 0
    ReDim Preserve arrPrinterName(i)
    arrPrinterName(i) = objPrinter.Name
        If InStr(arrPrinterName(i), PrintServer) Then
            Set objNetwork = WScript.CreateObject("WScript.Network")
            'Debug
        'with createobject("wscript.shell")
      '.popup "Removing: " & arrPrinterName(i) , 5 , "Info"
      'end with       
            objNetwork.RemovePrinterConnection arrPrinterName(i)
            i=i+1
        Else
            'Debug
        'with createobject("wscript.shell")
      '.popup "Skipped: " & arrPrinterName(i) , 5 , "Info"
      'end with       
        End If

Next

' Leave a lockfile in user's home
Set objFile1 = objFSO.CreateTextFile(userprrf & lockfile)
Wscript.Quit