Deploy .pfx cert embedded in script (a sort of 'cat << EOF' for windows)

@echo off
::
::  
:: In order to prepare the certificate please run
:: 'certutil -encode the_pfx_cert base_64_cert`
:: then paste the base_64_cert in the section below
:: Please note that the certificate password has to be given as start paramater to this script!
:: (eq: "cert-inst.bat S3cr3tPassw0rd")

:: If the cert was already installed, exit
REG QUERY HKCU\SOFTWARE\neXt /v CertInstalled
If %errorlevel%==0 goto :eof

:: define the temp name of the extracted cert
set extractedfile=%temp%\extract-%random%.txt

:: set the password needed to decode the cert
set certpasswd=%~1

:: separate the cert from this script
call:extractembedded embeddedfile %extractedfile%

:: process the extracted file
certutil -decode %extractedfile% %extractedfile%.pfx

certutil -f -user -p %certpasswd% -importpfx %extractedfile%.pfx

:: clean-up
::del %extractedfile% %extractedfile%.pfx

:: leave a trace in the registry, so the cert will not be installed again and again
REG ADD HKCU\SOFTWARE\neXt /v CertInstalled /t REG_DWORD /d 1

:: clean exit
exit /b

:: begin of the embed cert & extraction procedure
:: After the next line, please paste the "base_64_cert" created by certutil -encode
goto:embeddedfile
-----BEGIN CERTIFICATE-----
MIIMngIBAzCCDGQGCSqG
[...]
k05EzAQIFXJaGHOuxZcCAggA
-----END CERTIFICATE-----
:embeddedfile
:: before the previous line you can find the end of the "base_64_cert"

:: cert extraction procedure
:extractembedded
setlocal EnableDelayedExpansion
set embedbegin=goto:%~1
set embedend=:%~1
set embedcert=%~2
if exist %embedcert% del %embedcert%
set tmprndfile=%temp%\%random%.%random%
findstr /n ^^ "%~f0" > %tmprndfile%
call :seekembed < %tmprndfile%
del %tmprndfile%
exit /B
:seekembed
set oneline=:eof
set /P oneline=
if !oneline! == :eof goto nostart
set oneline=!oneline:*:=!
if not !oneline! == %embedbegin% goto seekembed
:getline
set oneline=:eof
set /P oneline=
if !oneline! == :eof goto nostop
set oneline=!oneline:*:=!
if !oneline! == %embedend% goto :eof
echo/!oneline!>> %embedcert%
goto getline
:nostart
echo Error finding start delimiter %embedbegin%
goto :eof
:nostop
echo Error finding stop delimiter %embedend%
goto :eof

TS - FR keyboard by default

Keyboard
Data collected on: 4/21/2015 1:44:16 PM

General

Details

Domain	domain.local
Owner	DOMAIN\Admins du domaine
Created	4/21/2015 1:32:00 PM
Modified	4/21/2015 1:42:44 PM
User Revisions	18 (AD), 18 (sysvol)
Computer Revisions	1 (AD), 1 (sysvol)
Unique ID	{0E240A4C-8A26-4761-8907-DB164F024AFC}
GPO Status	Enabled

Links

Location	Enforced	Link Status	Path
TS	No	Enabled	domain.local/Member Servers/TS

This list only includes links in the domain of the GPO.

Security Filtering

The settings in this GPO can only apply to the following groups, users, and computers:

Name

NT AUTHORITY\Authenticated Users

Delegation

These groups and users have the specified permission for this GPO

Name	Allowed Permissions	Inherited
NT AUTHORITY\Authenticated Users	Read (from Security Filtering)	No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS	Read	No
NT AUTHORITY\SYSTEM	Edit settings, delete, modify security	No
		No

Computer Configuration (Enabled)

Policies

Administrative Templates

Policy definitions (ADMX files) retrieved from the local machine.

System/Group Policy

Policy	Setting	Comment
User Group Policy loopback processing mode	Enabled
Mode: Merge

User Configuration (Enabled)

Preferences

Windows Settings

Registry

2 (Order: 1)

General

Action

Update

Properties

Hive	HKEY_CURRENT_USER
Key path	Keyboard Layout\Preload
Value name	2
Value type	REG_SZ
Value data	00000409

Common

Options

Stop processing items on this extension if an error occurs on this item	No
Run in logged-on user's security context (user policy option)	No
Remove this item when it is no longer applied	No
Apply once and do not reapply	No

1 (Order: 2)

General

Action

Update

Properties

Hive	HKEY_CURRENT_USER
Key path	Keyboard Layout\Preload
Value name	1
Value type	REG_SZ
Value data	00000c0c

Common

Options

Stop processing items on this extension if an error occurs on this item	No
Run in logged-on user's security context (user policy option)	No
Remove this item when it is no longer applied	No
Apply once and do not reapply	No

ShowStatus (Order: 3)

General

Action

Update

Properties

Hive	HKEY_CURRENT_USER
Key path	Software\Microsoft\CTF\LangBar
Value name	ShowStatus
Value type	REG_DWORD
Value data	0x4 (4)

Common

Options

Stop processing items on this extension if an error occurs on this item	No
Run in logged-on user's security context (user policy option)	No
Remove this item when it is no longer applied	No
Apply once and do not reapply	No

Label (Order: 4)

General

Action

Update

Properties

Hive	HKEY_CURRENT_USER
Key path	Software\Microsoft\CTF\LangBar
Value name	Label
Value type	REG_DWORD
Value data	0x0 (0)

Common

Options

Stop processing items on this extension if an error occurs on this item	No
Run in logged-on user's security context (user policy option)	No
Remove this item when it is no longer applied	No
Apply once and do not reapply	No

AutoAdjustDeskBand (Order: 5)

General

Action

Update

Properties

Hive	HKEY_CURRENT_USER
Key path	Software\Microsoft\CTF\MSUTB
Value name	AutoAdjustDeskBand
Value type	REG_DWORD
Value data	0x0 (0)

Common

Options

Stop processing items on this extension if an error occurs on this item	No
Run in logged-on user's security context (user policy option)	No
Remove this item when it is no longer applied	No
Apply once and do not reapply	No

Autodiscover and/or EWS unavailable on Exchange 2007/2010

Symptom: Outlook crashes or you cannot access OutOfOffice settings after you install a package that contains the .NET Framework 3.5 with SP1 and the .NET Framework 2.0 with SP2 on an Exchange 2007 or on an Exchange 2010 server (CAS role)

Problem described in:
kb958934
kb952883
kb976814


My solution:

Turn of any mmc, powershel console, emc etc.

Uninstall .net 3.5 sp1
Uninstall .net 3.0 sp2
Uninstall .net 2.0 sp2

In this order, without restarting!
if it complains that "you can't uninstall, some other package depends on it", do this:

net stop MSExchangeTransportLogSearch /yes
net stop MSExchangeTransport /yes
net stop MSExchangeServiceHost /yes
net stop MSExchangeSearch /yes
net stop MSExchangeRepl /yes
net stop MSExchangePop3 /yes
net stop MSExchangeMailSubmission /yes
net stop MSExchangeMailboxAssistants /yes
net stop MSExchangeIMAP4 /yes
net stop MSExchangeFDS /yes
net stop MSExchangeSA /yes
net stop MSExchangeEdgeSync /yes
net stop MSExchangeAntispamUpdate /yes
net stop MSExchangeADTopology /yes
net stop MSExchangeIS /yes
ping -n 5 -w 1000 1.0.0.0 >nul
net stop w3svc /yes

If you still can't uninstall, use procexp's "find" feature and close any .NET handle still open.

At the end there should be no reference to .NET in the installed programs.
DO NOT RESTART!

Install .net 3.0 (I used version 3.0.4506.30 downloaded in 2008 an forgotten on server...)
DO NOT RESTART!

[PS] Remove-AutodiscoverVirtualDirectory -Identity "EXCHANGE2007\Autodiscover (Default Web Site)"
[PS] New-AutodiscoverVirtualDirectory
[PS] Set-ClientAccessServer -Identity "EXCHANGE2007" -AutoDiscoverServiceInternalUri https://exchange2007.domain.tld/autodiscover/autodiscover.xml
[PS] Test-OutlookWebServices | fl

If you receive Error 401 when attempting to run Test-OutlookWebServices | FL, disable the loopback check in  HKLM\SYSTEM\CurrentControlSet\Control\Lsa  "DisableLoopbackCheck" DWORD, 1

- In IIS Manager make sure ASP.NET 2.0.50727 is ENABLED
- In IIS Manager make sure Autodiscovery and EWS uses only "Integrated windows authentication" and that the security cert is "require ssl", "128 bit" and "ignore client certificates"

- Verify that the folder %ExchangeInstallaDir%\ClientAccess\Autodiscover is readable by "authenticated users"
 - perform iisreset /noforce

[PS] Test-OutlookWebServices | FL should give you a good answer now, if not, make sure the autodiscover DNS entry exists:

- in DNS Manager rightclick the local forward lookup zone, "Other new records", "SRV", service "_autodiscover", pri "10", weight "5", port "443", host "autodiscover.domain.tld"
- in DNS Manager, new A-Record "autodiscover.domain.tld"


[PS] Test-OutlookWebServices | FL should give you a good answer now, if not, get the backup tape, it's that time...

Windows Shell for TS - without Domain Controller

On the RD Session Host Configuration ,the following (compiled as c:\windows\tssession.exe) script is executed as initial shell:

;(c)2014  sorinakis@g**il.com

;msgbox, Username: %A_UserName%
AuthUsers = Administrator|administrator
Loop Parse, AuthUsers, |
{
 ifEqual, A_LoopField, %A_Username%
 {
  Sleep, 500
  Run, explorer.exe
  ;MsgBox EXPLORER Executed.
  GoTo, End
 }
else
 {
  ;MsgBox In the ELSE branch.
  Sleep, 500
  Run, D:\Partages\apps\LCM\Bin\wrun32.exe -ws -c D:\Partages\apps\LCM\etc\CBLCONFI-RZ_APP.ini utmenu
  Sleep 500
  WinMaximize, ahk_class AcucobolWClass
  IfWinExist, Cie(01)
  {
   WinMaximize,  Cie(01)
   Sleep, 500
   WinWaitClose, Cie(01)
   Sleep, 500
   Run, shutdown /l
  }
  Return
 }
}
End:
Sleep, 100
;MsgBox At the END.

Tune UP (in fact down) Windows 2008 R2

sssc config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc config mrxsmb20 start= disabled

netsh int tcp set global rss=disabled
netsh int tcp set global chimney=disabled
netsh int tcp set global autotuninglevel=disabled
netsh int ip set global taskoffload=disablednetsh int tcp set global autotuninglevel=disablednetsh int tcp set global ecncapability=disablednetsh int tcp set global timestamps=disablednetsh advf set allp state off


:: reg add "HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /v DisableTaskOffload /t REG_DWORD /d "1" /f

reg add "HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters" /v DisableBandwidthThrottling /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp" /v TcpAutotuning /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v TcpAutotuning /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v TcpAutotuning /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /v EnableTCPA /t REG_DWORD /d "0" /f

Watermark Printer

This is a very crude version of a "Watermark Printer" - it prints on a "preprinted paper" (e.g. something containing the company logo)


@echo off

:: ------------------------------------------------------------------
:: install redmon in %userprofile%\appdata\redmon
:: put this script in %userprofile%\appdata\redmon\email.bat
:: create new printer with port RPT1:
:: configure port redirect to %userprofile%\appdata\redmon\redrun.exe
:: port arguments %userprofile%\appdata\redmon\email.bat  %%1

:: ------------------------------------------------------------------
:: Ghostscript configuraton
set GS_INSTALL="%userprofile%\appdata\redmon\gs"
set GS_VERSION=8.63
:: LibTIFF configuraton
set LIBTIFF_INSTALL=%userprofile%\appdata\redmon\GnuWin32
:: PDF viewer configuraton (no need to set, if PDF is a registered file type)
set PDF_READER=
:: Watermark background config
set BACKGROUND="%userprofile%\appdata\redmon\\Watermark.pdf"
:: PDFTK location
set PDFTK="%userprofile%\appdata\redmon\"
:: ------------------------------------------------------------------
:: temporary PDF directory
set PDF_DIR=%TEMP%\1
:: delete old temporary PDF directories if required
for /d %%D in ("%TEMP%\1\") do if not "%%D"=="%TEMP%\1\" rd /s /q "%%D"
:: create if required
if not exist "%PDF_DIR%" md "%PDF_DIR%"
echo myass > %PDF_DIR%\blah
:: check if file is given
if not "%~1" == "" goto CHECK_FOUND
echo ERROR: No file name given!
goto END
::----------
:CHECK_FOUND
:: check for file existence
if exist "%*" goto SET_FNE
echo ERROR: File "%*" not found!
goto END
::------
:SET_FNE
:: set input file, name and extension
call :set_input_file_name_ext "%*"
:: check file type
if "%INPUT_EXT%" == "" set INPUT_NAME=%~n1.ps
if "%INPUT_EXT%" == "" set INPUT_EXT=.ps
if "%INPUT_EXT%" == ".ps" goto PROCESS_PS
if "%INPUT_EXT%" == ".tiff" goto PROCESS_TIFF
if "%INPUT_EXT%" == ".tif" goto PROCESS_TIFF
if "%INPUT_EXT%" == ".pdf" goto PROCESS_PDF
echo ERROR: File type "%INPUT_EXT%" not supported!
goto END
:: --------
:PROCESS_PS
:: set file names
set PS_FILE=%INPUT_FILE%
set PDF_FILE=%PDF_DIR%\%INPUT_NAME%.pdf
:: convert to PDF
"%GS_INSTALL%\gs%GS_VERSION%\bin\gswin32c.exe" -dSAFER -dNumRenderingThreads#%NUMBER_OF_PROCESSORS% -sDEVICE#pdfwrite -o "%PDF_FILE%" -c .setpdfwrite -f "%PS_FILE%"
goto DISPLAY
:: ----------
:PROCESS_TIFF
:: set file names
set TIFF_FILE=%INPUT_FILE%
set PDF_FILE=%PDF_DIR%\%INPUT_NAME%.pdf
:: convert to PDF
"%LIBTIFF_INSTALL%\bin\tiff2pdf.exe" -o "%PDF_FILE%" -f "%TIFF_FILE%"
goto DISPLAY
:: ---------
:PROCESS_PDF
:: set file name
set PDF_FILE=%INPUT_FILE%
::
:: ------------------------------------------------------------------
:DISPLAY
:: open PDF file in reader
:: start /b "%PDF_READER%" "%PDF_FILE%"
::
:: apply background
%PDFTK%\pdftk.exe "%PDF_FILE%" background %BACKGROUND% output "%PDF_DIR%\output.pdf"
:: call OUTLOOK - ugly for the moment
"C:\Program Files (x86)\Microsoft Office\OFFICE14\OUTLOOK.EXE" /a "%PDF_DIR%\output.pdf"

:: ------------------------------------------------------------------
:END
exit
::
:: ------------------------------------------------------------------
:: Subroutine: set_input_file_name_ext
:: Arguments:  %1 = "path/name.ext"
:: Purpose:    set environment vars to input file, name and extension
:: ------------------------------------------------------------------
:set_input_file_name_ext
set INPUT_FILE=%~1
set INPUT_NAME=%~n1
set INPUT_EXT=%~x1
goto :eof
:: ------------------------------------------------------------------

Clear Win7 UserProfile

' Clear Win7/Win2008 User Profile and registry
' to be executed on each Terminal Server
'(c)2012-2014 sorinakis@gmail

Set WshShell = CreateObject("WScript.Shell")
Set WshNet = WScript.CreateObject("WScript.Network")
Set WMIService = GetObject("winmgmts:\\.\root\cimv2")
Set objRegistry = GetObject("winmgmts:\\.\root\default:StdRegProv")
set WshFSO = CreateObject("Scripting.FileSystemObject")
const HKEY_LOCAL_MACHINE = &H80000002

dim strUser
Do
strUser = InputBox(vbCrLf & "Please enter the username you wish to reset: ", "Profile Cleaner")

 If TypeName(strUser) = "Empty" Then
     WScript.Quit
 End If
If Len(Trim(strUser)) = 0 Then
     MsgBox "You have to Enter Username To Reset",48
 End If
Loop While Len(Trim(strUser)) = 0
'' debug
'with createobject("wscript.shell")
'.popup "User: " & strUser , 5 , "Info"
'end with
'' end debug
if CStr(CheckUser(strUser)) then
Set Account = WMIService.Get("Win32_UserAccount.Name='" & strUser & "',Domain='" & WshNet.UserDomain & "'")
strRegKey = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" + Account.SID

if CheckRegKey(strRegKey) then
strUserProfile = WshShell.ExpandEnvironmentStrings(WshShell.RegRead("HKEY_LOCAL_MACHINE\" + strRegKey + "\ProfileImagePath"))
strRmtFldr = WshShell.ExpandEnvironmentStrings(WshShell.RegRead("HKEY_LOCAL_MACHINE\" + strRegKey + "\CentralProfile"))
Else
MsgBox "  The registry key for user " & strUser & " does not exist! Can NOT backup and clean anything!" & vbCrLf & vbCrLf & "Please manually check for and rename the USERPROFILE and ROAMINGPROFILE Folders.",16
wscript.quit
End If
strRegFile = strUserProfile & "\reg_backup.reg"
regCmd = "regedit.exe /E """ & strRegFile & """ " & """HKEY_LOCAL_MACHINE\" & strregKey & """"

If WshFSO.FolderExists (strUserProfile) Then
 '' debug
 'with createobject("wscript.shell")
 '.popup "Backup: " & strUserProfile , 5 , "Info"
 'end with
 '' end debug
WshShell.Run regCmd, 0, True
 WshFSO.MoveFolder strUserProfile , strUserProfile & ".backup"
End If

If WshFSO.FolderExists (strRmtFldr) Then
 '' debug
 'with createobject("wscript.shell")
 '.popup "Backup: " & strRmtFldr , 5 , "Info"
 'end with
 '' end debug
   WshFSO.MoveFolder strRmtFldr , strRmtFldr & ".backup"
End If

 '' debug
 'with createobject("wscript.shell")
 '.popup "Removing: HKEY_LOCAL_MACHINE\" & strRegKey , 5 , "Info"
 'end with
 '' end debug
 DeleteSubkeys HKEY_LOCAL_MACHINE, strRegKey
 Sub DeleteSubkeys(HKEY_LOCAL_MACHINE, strRegKey)
    objRegistry.EnumKey HKEY_LOCAL_MACHINE, strRegKey, arrSubkeys
    If IsArray(arrSubkeys) Then
        For Each strSubkey In arrSubkeys
            DeleteSubkeys HKEY_LOCAL_MACHINE, strRegKey & "\" & strSubkey
        Next
    End If
    objRegistry.DeleteKey HKEY_LOCAL_MACHINE, strRegKey
 End Sub


' Open the backed up profile it in explorer...

'strPath = "explorer.exe /e, strRmtFldr" & ".backup"
'WshShell.Run strPath 

'debug
  with createobject("wscript.shell")
 .popup "Profile of " & strUser & " has been processed.", 5 , "Info"
 end with
 '' end debug
wscript.quit                  
Else
MsgBox  "USER " & strUser & " NOT FOUND!", 16
wscript.quit
End If

Function CheckRegKey(strRegKey)
On Error Resume next 
strUserProfile = WshShell.ExpandEnvironmentStrings(WshShell.RegRead("HKEY_LOCAL_MACHINE\" + strRegKey + "\ProfileImagePath"))
  If Err.Number <> 0 Then
    Err.Clear
CheckRegKey = false
else
   Err.Clear
CheckRegKey = true
End If
end function

          
Function CheckUser(user)
On Error Resume next
with CreateObject("WScript.Shell")
Set Account = WMIService.Get("Win32_UserAccount.Name='" & User & "',Domain='" & WshNet.UserDomain & "'")
end with
CheckUser = (Err.Number = 0)
On Error Goto 0
end function