Edit local policy via powershell

Similar Messages

• SCCM 2012: update client machine policy via powershell?

  Hi,
  Does SCCM 2012 R2 have powershell command built-in to trigger update actions of SCCM client (update machine policy etc)?
  J.
  Jan Hoedt

  To update client machine using Power Shell, you can check below link
  http://blogg.alltomdeployment.se/2014/02/howto-force-remote-clients-to-update-their-sccm-clients-machine-policy-retrieval-evaluation-cycle-via-powershell/
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• Edit PWA instance via PowerShell

  Hi,
  I would like to edit one of my existing PWA instances (Project Server 2013) to change e.g. the DB server name. Via Central Administration, I would go to the Project Server Service application, select the PWA site and click "Edit".
  What is the equivalent PowerShell command for this? If I try this via Mount-SPProjectWebInstance, I am getting "Project Site is already in use".
  Many thanks for your help.
  Joerg

  Hi Joerg,
  You should execute the 'Dismount-SPProjectWebInstance' command first (http://technet.microsoft.com/en-us/library/jj219523(v=office.15).aspx)
  The Mount-SPProjectWebInstance creates a new Project Web Instance but does not update an existing instance.
  Hope this helps

• Query the Local Computer Policy with PowerShell

  One of our applications requires some local computer policy settings for some services accounts and we wanted to be able to query these values with a Remote PowerShell window. 
  I was unable to find the registry keys that hold the Local Computer Policy and I also tried activating and importing the import-module grouppolicy but couldn’t figure out how to query the local policy. 
  Below are the values I am interested in seeing:  I also tried the posting here which was most like what I was looking for but no luck.
  SeAssignPrimaryTokenPrivilege(Replace a process-level token)
  SeImpersonatePrivilege (Impersonate a client after authentication)
  SeServiceLogonRight (Log on as a service)
  SeIncreaseQuotaPrivilege (Adjust memory quotas for a process)
  SeBatchLogonRight (logon as a batch job)
  https://social.technet.microsoft.com/Forums/scriptcenter/en-US/9fac4ebd-ab68-4ee9-8d5a-44413f08530e/wmi-query-for-user-rights-assignment-local-computer-policy?forum=ITCG
  Thanks,
  Chris
  Chris J.

  The local GPO is a bit tricky.  Administrative Templates go into a registry.pol file, but for the rest of the settings you see in the local GPO, they're just configured on the computer (generally in the registry somewhere.)  If you change, for
  example, the user rights assignments with ntrights.exe, you'll see those changes reflected in the local Group Policy object as well.  This different from domain GPOs, where there's an INF file that contains all the settings that aren't part of an administrative
  template registry.pol file.
  Regarding user rights assignments, there's no quick and easy way to get at this information that I'm aware of.  NTRights.exe makes it easy to change user rights assignments, but doesn't offer functionality to query the existing settings.  For that,
  you need to use the Win32 API function
  LsaEnumerateAccountsWithUserRight.  This can be done from PowerShell, but it involves some embedded C# code that uses P/Invoke... it's about the most complicated type of code you're likely to encounter in a PowerShell script.
  I tinkered around with this recently, and this code seems to work (though it's a little on the ugly side):
  # All of this C# code is used to call the Win32 API function we need, and deal with its output.
  $csharp = @'
  using System;
  using System.Runtime.InteropServices;
  using System.Security;
  using System.Security.Principal;
  using System.ComponentModel;
  namespace LsaSecurity
  using LSA_HANDLE = IntPtr;
  [StructLayout(LayoutKind.Sequential)]
  public struct LSA_OBJECT_ATTRIBUTES
  public int Length;
  public IntPtr RootDirectory;
  public IntPtr ObjectName;
  public int Attributes;
  public IntPtr SecurityDescriptor;
  public IntPtr SecurityQualityOfService;
  [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
  public struct LSA_UNICODE_STRING
  public ushort Length;
  public ushort MaximumLength;
  [MarshalAs(UnmanagedType.LPWStr)]
  public string Buffer;
  [StructLayout(LayoutKind.Sequential)]
  public struct LSA_ENUMERATION_INFORMATION
  public IntPtr PSid;
  sealed public class Win32Sec
  [DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
  SuppressUnmanagedCodeSecurityAttribute]
  public static extern uint LsaOpenPolicy(LSA_UNICODE_STRING[] SystemName,
  ref LSA_OBJECT_ATTRIBUTES ObjectAttributes,
  int AccessMask,
  out IntPtr PolicyHandle);
  [DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
  SuppressUnmanagedCodeSecurityAttribute]
  public static extern uint LsaEnumerateAccountsWithUserRight(LSA_HANDLE PolicyHandle,
  LSA_UNICODE_STRING[] UserRights,
  out IntPtr EnumerationBuffer,
  out int CountReturned);
  [DllImport("advapi32")]
  public static extern int LsaNtStatusToWinError(int NTSTATUS);
  [DllImport("advapi32")]
  public static extern int LsaClose(IntPtr PolicyHandle);
  [DllImport("advapi32")]
  public static extern int LsaFreeMemory(IntPtr Buffer);
  public class LsaWrapper : IDisposable
  public enum Access : int
  POLICY_READ = 0x20006,
  POLICY_ALL_ACCESS = 0x00F0FFF,
  POLICY_EXECUTE = 0X20801,
  POLICY_WRITE = 0X207F8
  const uint STATUS_ACCESS_DENIED = 0xc0000022;
  const uint STATUS_INSUFFICIENT_RESOURCES = 0xc000009a;
  const uint STATUS_NO_MEMORY = 0xc0000017;
  const uint STATUS_NO_MORE_ENTRIES = 0xc000001A;
  IntPtr lsaHandle;
  public LsaWrapper()
  : this(null)
  // local system if systemName is null
  public LsaWrapper(string systemName)
  LSA_OBJECT_ATTRIBUTES lsaAttr;
  lsaAttr.RootDirectory = IntPtr.Zero;
  lsaAttr.ObjectName = IntPtr.Zero;
  lsaAttr.Attributes = 0;
  lsaAttr.SecurityDescriptor = IntPtr.Zero;
  lsaAttr.SecurityQualityOfService = IntPtr.Zero;
  lsaAttr.Length = Marshal.SizeOf(typeof(LSA_OBJECT_ATTRIBUTES));
  lsaHandle = IntPtr.Zero;
  LSA_UNICODE_STRING[] system = null;
  if (systemName != null)
  system = new LSA_UNICODE_STRING[1];
  system[0] = InitLsaString(systemName);
  uint ret = Win32Sec.LsaOpenPolicy(system, ref lsaAttr,
  (int)Access.POLICY_ALL_ACCESS,
  out lsaHandle);
  if (ret == 0) { return; }
  if (ret == STATUS_ACCESS_DENIED)
  throw new UnauthorizedAccessException();
  if ((ret == STATUS_INSUFFICIENT_RESOURCES) || (ret == STATUS_NO_MEMORY))
  throw new OutOfMemoryException();
  throw new Win32Exception(Win32Sec.LsaNtStatusToWinError((int)ret));
  public SecurityIdentifier[] ReadPrivilege(string privilege)
  LSA_UNICODE_STRING[] privileges = new LSA_UNICODE_STRING[1];
  privileges[0] = InitLsaString(privilege);
  IntPtr buffer;
  int count = 0;
  uint ret = Win32Sec.LsaEnumerateAccountsWithUserRight(lsaHandle, privileges, out buffer, out count);
  if (ret == 0)
  SecurityIdentifier[] sids = new SecurityIdentifier[count];
  for (int i = 0, elemOffs = (int)buffer; i < count; i++)
  LSA_ENUMERATION_INFORMATION lsaInfo = (LSA_ENUMERATION_INFORMATION)Marshal.PtrToStructure(
  (IntPtr)elemOffs, typeof(LSA_ENUMERATION_INFORMATION));
  sids[i] = new SecurityIdentifier(lsaInfo.PSid);
  elemOffs += Marshal.SizeOf(typeof(LSA_ENUMERATION_INFORMATION));
  return sids;
  if (ret == STATUS_ACCESS_DENIED)
  throw new UnauthorizedAccessException();
  if ((ret == STATUS_INSUFFICIENT_RESOURCES) || (ret == STATUS_NO_MEMORY))
  throw new OutOfMemoryException();
  throw new Win32Exception(Win32Sec.LsaNtStatusToWinError((int)ret));
  public void Dispose()
  if (lsaHandle != IntPtr.Zero)
  Win32Sec.LsaClose(lsaHandle);
  lsaHandle = IntPtr.Zero;
  GC.SuppressFinalize(this);
  ~LsaWrapper()
  Dispose();
  public static LSA_UNICODE_STRING InitLsaString(string s)
  // Unicode strings max. 32KB
  if (s.Length > 0x7ffe)
  throw new ArgumentException("String too long");
  LSA_UNICODE_STRING lus = new LSA_UNICODE_STRING();
  lus.Buffer = s;
  lus.Length = (ushort)(s.Length * sizeof(char));
  lus.MaximumLength = (ushort)(lus.Length + sizeof(char));
  return lus;
  Add-Type -TypeDefinition $csharp
  # Here's the code that uses the C# classes we've added.
  $lsa = New-Object LsaSecurity.LsaWrapper
  $sids = $lsa.ReadPrivilege('SeInteractiveLogonRight')
  # ReadPrivilege() returns an array of [SecurityIdentifier] objects. We'll try to translate them into a more human-friendly
  # NTAccount object here (which will give us a Domain\User string), and output the value whether the translation succeeds or not.
  foreach ($sid in $sids)
  try
  $sid.Translate([System.Security.Principal.NTAccount]).Value
  catch
  $sid.Value
  You do need to know the proper string for each user right, and they are case sensitive. 
  Edit:  You can get a list of right / privilege names from
  https://support.microsoft.com/kb/315276?wa=wsignin1.0 ; they're the same values used for NTRights.exe.

• Hit with Virus that executed via PowerShell Scripting. Can I disable Powershell on my network via Group Policy and what implications does that have for me.

  Our network was hit recently with virus previously unknown, O97M.Crigent.  It is a nasty Macro virus that targets Microsoft Office Documents & Spreadsheets and uses a combination of Macros and Scripts via Powershell. 
  How do I disable PowerShell scripting via Group Policy?
  Will this raise any issues such as random application or network failures or other issues?
  Can I apply it to the entire domain or should I be selective and only apply it to the workstations?
  Network Summary: Windows 2008 Active Directoy Server, 75% Windows 7, 25% Windows XP workstations.
  DouglasOfSanMarcos

  Disabling Windows PowerShell can be done with GPO:
  Computer Configuration | Administrative Templates | Windows Components | Windows PowerShell
  From GPO Description: "This setting exists under both "Computer Configuration" and "User Configuration" in the group policy editor. The "Computer Configuration" has precedence over "User Configuration."
  By default this option is restricted any way on computers.
  I would be very selective when apply it at all:
  Workstations - I would apply to test group of workstations first, just to see that there are no side effects before applying to all computers. 
  Server - I wouldn't apply it at all. I have seen too many issues when setting this policy on Exchange and other systems.
   If you are using a Group Policy to define a PowerShell logon, logoff or computer script, that script will disregard any execution policy set locally or through a GPO.
  http://4sysops.com/archives/set-powershell-execution-policy-with-group-policy/
  http://technet.microsoft.com/en-us/library/hh849812.aspx
  Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

• [Forum FAQ] How to install and configure Windows Server Essentials Experience role on Windows Server 2012 R2 Standard via PowerShell locally and remotely

  As we all know,
  the Windows Server Essentials Experience role is available in Windows Server 2012 R2 Standard and Windows Server 2012 R2 Datacenter. We can add the Windows Server
  Essentials Experience role in Server Manager or via Windows PowerShell.
  In this article, we introduce the steps to install and configure Windows
  Server Essentials Experience role on Windows Server 2012 R2 Standard via PowerShell locally and remotely. For better analyze, we divide this article into two parts.
  Before installing the Windows Server Essentials Experience Role, please use
  Get-WindowsFeature
  PowerShell cmdlet to ensure the Windows Server Essentials Experience (ServerEssentialsRole) is available. (Figure 1)
  Figure 1.
  Part 1: Install Windows Server Essentials Experience role locally
  Add Windows Server Essentials Experience role
  Run Windows PowerShell as administrator, then type
  Add-WindowsFeature ServerEssentialsRole cmdlet to install Windows Server Essentials Experience role. (Figure 2)
  Figure 2.
  Note: It is necessary to configure Windows Server Essentials Experience (Post-deployment Configuration). Otherwise, you will encounter following issue when opening Dashboard.
  (Figure 3)
  Figure 3.
    2. Configure Windows Server Essentials Experience role
  (1)  In an existing domain environment
  Firstly, please join the Windows Server 2012 R2 Standard computer to the existing domain through the path:
  Control Panel\System\Change Settings\”Change…”\Member of. (Figure 4)
  Figure 4.
  After that, please install Windows Server Essentials Experience role as original description. After installation completed, please use the following command to configure Windows
  Server Essentials:
  Start-WssConfigurationService –Credential <Your Credential>
  Note: The type of
  Your Credential should be as: Domain-Name\Domain-User-Account.
  You must be a member of the Enterprise Admin group and Domain Admin group in Active Directory when using the command above to configure Windows Server Essentials. (Figure 5)
  Figure 5.
  Next, you can type the password for the domain account. (Figure 6)
  Figure 6.
  After setting the credential, please type “Y” to continue to configure Windows Server Essentials. (Figure 7)
  Figure 7.
  By the way, you can use
  Get-WssConfigurationStatus
  PowerShell cmdlet to
  get the status of the configuration of Windows Server Essentials. Specify the
  ShowProgress parameter to view a progress indicator. (Figure 8)
  Figure 8.
  (2) In a non-domain environment
  Open PowerShell (Run as Administrator) on the Windows Server 2012 R2 Standard and type following PowerShell cmdlets: (Figure 9)
  Start-WssConfigurationService -CompanyName "xxx" -DNSName "xxx" -NetBiosName "xxx" -ComputerName "xxx” –NewAdminCredential $cred
  Figure 9.
  After you type the commands above and click Enter, you can create a new administrator credential. (Figure 10)
  After creating the new administrator credential, please type “Y” to continue to configure Windows Server Essentials. (Figure 11)
  After a reboot, all the configurations will be completed and you can open the Windows Server Essentials Dashboard without any errors. (Figure 12)
  Figure 12.
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  Part 2: Install and configure Windows Server Essentials Experience role remotely
  In an existing domain environment
  In an existing domain environment, please use following command to provide credential and then add Server Essentials Role: (Figure 13)
  Add-WindowsFeature -Name ServerEssentialsRole
  -ComputerName xxx -Credential DomainName\DomainAccount
  Figure 13.
  After you enter the credential, it will start install Windows Server Essentials role on your computer. (Figure 14)
  Figure 14.
  After the installation completes, it will return the result as below:
  Figure 15.
  Next, please use the
  Enter-PSSession
  cmdlet and provide the correct credential to start an interactive session with a remote computer. You can use the commands below:
  Enter-PSSession –ComputerName
  xxx –Credential DomainName\DomainAccount (Figure 16)
  Figure 16.
  Then, please configure Server Essentials Role via
  Add-WssConfigurationService cmdlet and it also needs to provide correct credential. (Figure 17)
  Figure 17.
  After your credential is accepted, it will update and prepare your server. (Figure 18)
  Figure 18.
  After that, please type “Y” to continue to configure Windows Server Essentials. (Figure 19)
  Figure 19.
  2. In a non-domain environment
  In my test environment, I set up two computers running Windows Server 2012 R2 Standard and use Server1 as a target computer. The IP addresses for the two computers are as
  below:
  Sevrer1: 192.168.1.54
  Server2: 192.168.1.53
  Run
  Enable-PSRemoting –Force on Server1. (Figure 20)
  Figure 20.
  Since there is no existing domain, it is necessary to add the target computer (Server1) to a TrustedHosts list (maintained by WinRM) on Server 2. We can use following command
  to
  add the TrustedHosts entry:
  Set-Item WSMan:\localhost\Client\TrustedHosts IP-Address
  (Figure 21)
  Figure 21.
  Next, we can use
  Enter-PSSession
  cmdlet and provide the correct credential to start an interactive session with the remote computer. (Figure 22)
  Figure 22.
  After that, you can install Windows Server Essentials Experience Role remotely via Add-WindowsFeature ServerEssentialsRole cmdlet. (Figure 23)
  Figure 23.
  From figure 24, we can see that the installation is completed.
  Figure 24.
  Then you can use
  Start-WssConfigurationService cmdlet to configure Essentials Role and follow the steps in the first part (configure Windows Server Essentials Experience in a non-domain environment) as the steps would be the same.
  The figure below shows the status of Windows Server Essentials.
  Figure
  25.
  Finally, we have successfully configured Windows Server Essentials on Server1. (Figure 26)
  Figure 26.
  More information:
  [Forum
  FAQ] Introduce Windows Powershell Remoting
  Windows Server Essentials Setup Cmdlets
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

• WRVS4400N accessing local services via external IP

  Hello everyone,
  Recently I'm having issues with accessing local services via external IP. Short description of configuration:
  - sub.mydomain.com pointing to my external IP.
  - few web services running on my local server with reverse proxy on Apache 2
  - firewall on router enabled
  - ips on router disabled
  - single port forwarding: WAN 80->Lan 443, WAN 443->LAN 443
  - accessing my services via sub.mydomain.com/service1, sub.mydomain.com/service2, etc
  - I had to create a new rule in internet access policy allowing LAN, any, any to
  Basicaly if I go no matter if I type http or https I will be redirected on 443.
  That configuration has beed working without any issues for a month. Recently I have increased the amount of DHCP users and suddenly it's not working any more. I can still access my services from outside but not from LAN.
  Restarting router does the trick for a while, sometimes for few minutes, sometimes longer.
  Enabling IPS is the way to go but then I'm limited to around 22Mbit/s.
  I did almost everything what is possible to solve this issue, I'm lost and frustrated. I have no idea what happend.
  What I can't understand that it was working, suddenly it's stopped and there are two solutions, either to enable IPS or to restart router which to be honest aren't the solution I'm looking for.
  Please help me point the problem.
  Thank you in advance
  Best regards
  Bartek

  Hi, My name is Eric Moyers. I am a Network Support Engineer in the Cisco Small Business Support Center.
  I recieveed your email and have looked at your posting. This seems like it may be more complicated that what should be handled in a chat. Could you please call into the the Small Business Support Center for support.
  Check the listings on this link and contact the center nearest you.
  http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
  If you are in the US, please call 1-866-606-1866, and any answering agent should be able to assist you.
  Eric Moyers
  Cisco Network Support Engineer
  CCNA, CCNA-Wireless
  1-866-606-1866

• Local admin rights when Edit locally

  Hello, all!
  We have the same problem as in
  Local Admin rights to "Edit Locally" ?
  "The end users do not have administrator rights on their local PCs , they logon to the domain server with restricted rights. When it comes to portal, when trying to edit a document with "Edit locally" it is not possible to do is even if the user has all the rights for the document in the Portal KM configuration. When we make the user local admin, everything is OK"
  We are on SPS14, Windows XP SP2. Domain users can run corresponding applications and can create dirs or files in a temp directory. We also utilize env. variable SAPKM_USER_TEMP but with no success.
  Could yoã please suggest, how to find rights needed to execute Local Edit. Are there any way to trace this Docservice ActiveX?

  Hello Roman,
  here a note which describes a solution for a user account wuth restricted rights:
  The Edit Locally activex will be installed based on following
  installation steps:
  The browser will recognize that the KM DocService activex has to be
  started.
  In case of the activex isn't installed on the the PC, it will be
  downloaded from the KM server (...etc/docservice/docservice.cab)
  The browser will extract two DLLs from the docservice.cab file
  (docservice.dll and sapkmprogressplayer.dll) and register them on the
  local PC. To see if the installation succeed you can open within the
  browser following dialog: Tools/Internet Options/Settings/View Objects,
  look for program file SAP KM DocService Control.
  Registry keys in following areas will be created:
  Area HKEY_CLASSES_ROOT:
  HKCR\AppID\{5F8983A6-347C-46B9-BA7A-1B87E5DAE0BC}
  HKCR\ProgressPlayerMod.ProgressPlayer
  HKCR\ProgressPlayerMod.ProgressPlayer.1
  HKCR\CLSID
  HKCR\TypeLib
  Area HKEY_LOCAL_MACHINE:
  HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Down
  Downloaded Program Files/DocService.dll
  HKLM\Software\Microsoft\Code Store Database\Distribution Units\
  When finishing these steps successfully the installed version can be
  located within the browser dialog Tools/Internet Options/Settings/View
  Objects SAP KM DocService Control and den KM DocService will
  start loading the document content from the KM server and starting the
  corresponding application for editing.
  Installation with restricted user accounts:
  With restricted user accounts e.g. no access rights to create registry keys in the area of HKCR or HKLM etc., which lets the described installation fail, following installation procedure leads to success:
  Register the needed DLLs manually on the PC (e.g. via a shell command script) with a user account having enough access rights.
  1.1 Create an installation folder (don't use /windows/system32) on the PC and copy the DLLs (docservice.dll and sapkmprogressplayer.dll) to it (extract them from docservice.cab with a tool e.g. winzip).
  1.2 Open a command shell on this installation folder.
  1.3 Unregister possible existing versions with the following command:
  "regsvr32 docservice.dll /U " and "regsvr32 sapkmprogressplayer.dll /U "
  1.4 Register the both DLLs with: "regsvr32 docservice.dll" and "regsvr32 sapkmprogressplayer.dll "
  1.5 If the two registration steps fail check the permissions to write
  into the system registry.
  1.6 The installation folder do not need special permissions, the linkage to the DLLs will be done via the system registry.
  1.7 Additionally the following setting is mandatory to succeed the installation:
  Disable the "ActiveX Version Check" function within the KM Configuration
  SystemAdministration->SystemConfig->KnowledgeManagement->
  ->Configuration->ContentManagement->Utilities->Editing->LocalEditing-> ActiveX Version Check (Uncheck the checkbox)
  Setting a different TEMP directory:
  In cases that it is problematic to use the standard %TEMP% directory, setting the environment variable SAPKM_USER_TEMP pinpointing to a corresponding directory path (e.g. X:\SHARES\USERS\xxx\CheckedOutDocuments) will be also supported. If the access to that directory fails the standard %TEMP% directory will be used as fallback.
  Hope this helps,
  Michael
  Message was edited by: Michael Braun

• Create local user via dropdown from .csv

  Hello
  i try to create a powershell script to create local users on Win7.
  All the user informations are stored in a .csv file.
  Now I'd like to have a dropdown-menu to choose which user should be created.
  So i want the first column of the csv displayed in the Dropdown.
  When a option gets choosen the script should read the rest of the information out of the .csv-file and create the user with it.
  i got some parts to create a dropdown and to create local users via .csv, but my limited powershell knowledge keeps me from putting it to one piece.

  Hi Yannick Hassler,
  To create local users with properties listed in a csv file, and also add the users to a local group, please refer to the script below:
  import-csv d:\3.csv | foreach{
  $server=[adsi]"WinNT://$env:computername"
  $user=$server.Create("User",$_.name)
  $user.SetPassword($_.password)
  $user.SetInfo()
  # add extra info
  $user.Put('Description',$_.description)
  $user.SetInfo()
  # add user to mandatory local group
  $group = $_.group
  $group=[adsi]"WinNT://$env:computername/$group"
  $group.Add($user.path)
  # add users to other groups
  Please also save your .csv file d:\3.csv like this :
  Name
  password
  group
  description
  TUTTLSX
  Password
  Users
  Test user
  annaretu
  Password
  Users
  Test user11
  I hope this helps.

• How to set Full Crawl Schedule as None via Powershell command

  How to set Full Crawl Schedule as None via Powershell command

  $ssa = "Search Service Application"
  $contentSource = Get-SPEnterpriseSearchCrawlContentSource -SearchApplication $ssa -Identity "Local SharePoint Sites"
  $contentSource.IncrementalCrawlSchedule = $null
  $contentSource.FullCrawlSchedule = $null
  $contentSource.Update()
  Basically you set Schedule to Null.
  Amit

• Ip local policy - DMVPN head-end router

  hey guys,
       On my DMVPN head-end router (3845 - running 151-4.M2) , I'm learning a default route from the internal core that I want the remote spoke to learn via EIGRP (internet access is via tunnel and thru head-end f/w's).  And to avoid having a static route configured for the remote public IP pointing to the internet router, I've tried using a local policy to set the next hop for all VPN traffic from the router to be the internet router.  However, when I remove the static to the remote, I lose the remote peer and it seems the local policy is not engaged.  Any help would be appreciated..
  interface Loopback0
  ip address 10.103.255.1 255.255.255.255
  interface Tunnel10
  bandwidth 10000
  ip address 10.103.254.1 255.255.255.0
  no ip redirects
  ip mtu 1400
  no ip next-hop-self eigrp 1
  ip nhrp authentication xxx
  ip nhrp map multicast dynamic
  ip nhrp network-id 100
  ip nhrp holdtime 600
  ip nhrp redirect
  ip tcp adjust-mss 1360
  no ip split-horizon eigrp 1
  tunnel source GigabitEthernet0/1
  tunnel mode gre multipoint
  tunnel key 1234
  tunnel protection ipsec profile DMVPN-PROFILE
  interface GigabitEthernet0/0
  description Routed link to Core
  ip address 10.100.160.105 255.255.255.252
  duplex auto
  speed auto
  media-type rj45
  interface GigabitEthernet0/1
  description Link to External segment
  ip address 1.1.1.4 255.255.255.0
  duplex auto
  speed auto
  media-type rj45
  router eigrp 1
  network 10.100.160.104 0.0.0.3
  network 10.103.254.0 0.0.0.255
  network 10.103.255.1 0.0.0.0
  passive-interface default
  no passive-interface Tunnel10
  no passive-interface GigabitEthernet0/0
  eigrp router-id 10.103.255.1
  ip access-list extended vpn-traffic
  permit esp any any
  permit udp any any eq isakmp
  permit udp any any eq non500-isakmp
  route-map vpn-default permit 10
  description Default route to Internet for encrypted traffic
  match ip address vpn-traffic
  set ip next-hop 1.1.1.2
  ip local policy route-map vpn-default

  Dave,
  I think let's do the reasonable thing here and separate termination and tunneled traffic into VRFs (VRF-lite).
  You can put gig0/1 into one VRF and leave everything else in global (remember to add "tunnel vrf ..." on tunnel interface.
  Result - separation of overlay and transport - you can have two default routes, one for connectivity to spokes, one for traffic to be passed over tunnel.
  Marcin

• Can you add delegate access to a user's calendar or mailbox folder via powershell?

  Basically I want to know if you can grant a user delegate access to another user's calendar or meeting room using native  powershell commands?
  I know you can do this via method 1, listed below, however when you grant permissions in this way and if a user wants to see who has delegate access to their calendar or inbox by going to delegate access in outlook they will not see user's who have access
  to their calendar or inbox.
  Method 1:
  Add-MailboxFolderPermission -Identity "userA:\Calendar" -User UserB -AccessRights editor
  The above is a nice and simple way of granting userB EDITOR access to UserA's calendar.
  But as stated above as you are using mailboxFolderPermissions and not DelegateAccess, this applies directly to this folder and if userA goes to their delegate access view in Outlook, they will not see that userB has access to their calendar.
  I know that you can use the below commands to see a list of user's who have delegate access to you calendar:
  Get-Mailbox userA | Get-CalendarProcessing | select resourcedelegates
  I am new to powershell and don't know if there is a way of setting delegate access to a user's calendar or inbox/folder via powershell commands, similar to the above.
  Any help with this query would be much appreciated!
  thanks

  Delegate access is simply a combination of folder rights (which you've described) and Send As right, which is conferred by Add-MailboxPermission or Send On Behalf of right, which I'm not sure if you can confer with PowerShell. Set-CalendarProesssing applies
  to resource mailboxes like conference rooms, not to user mailboxes.
  Update: "Send on Behalf of" is conferred this way:
  Set-Mailbox UserMailbox -GrantSendOnBehalfTo UserWhoSends
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• How to Add Multiple Driver Packages Using Reference File via PowerShell

  Hey All - 
  I've got a task I'm working on which would be much easier via PowerShell.  I tried figuring it out, but couldn't so thought I'd post.
  The Task
  I need to create about 50 new, empty driver packages (most are in the same folder in the console) and am trying to find a method of doing so where I may use a source text file / csv file as reference in the command line.  Each package has a unique name
  and source path.  Here are examples:
  - Latitude E5440 Win7 x86 [A01]   \\server\drivers\5440x86
  - Latitude E5440 Win7 x64 [A01]   \\server\drivers\5440x64
  The Structure
  All of the ones I want to add via PowerShell will go into the same folder in the console.  They will be in the folder "root\New Drivers\Dell CAB Drivers" 
  Any ideas or will this just take more time than it's worth for 50?  Thanks!
  Ben K.

  Also, the creation of the driver package won't be your biggest challenge, as it's as simple as New-CMDriverPackage (see:
  http://technet.microsoft.com/en-us/library/jj821724(v=sc.20).aspx).
  The biggest challenge is relating your models to a share name (unless they're all Latitude).
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Server 2012 R2: How do I set VLAN data for the Host Virtual Switch (via PowerShell)?

  I need to modify the Host (NOT the VM's) VMSwitch VLAN settings via Powershell for automation purposes.
  In Server 2012 (NOT R2), this can be done via modifying
  MSVM_VLANEndPointSettingData
  However, it seems in Server 2012 R2, that class is gone. I've manually searched through the MSVM classes, and it seems that the Host VMSWitch VLAN settings are stored
  in MSVM_EthernetSwitchPortVlanSettingData. Unfortunately, I have no way of tying that class to a specific VMSwitch.
  Any know how to do this on Server 2012 R2?

  Hi,
  I found some similar issue with your case, however this forum is not focus on the develop related issue,
  Therefore I suggest you more about the develop question please post to the MSDN forum.
  The related information:
  Problem with CPU load and WMI errors when Hyper-V is installed?
  http://social.technet.microsoft.com/Forums/windows/en-US/4eca1f42-8630-48b4-85fa-e9569445d832/problem-with-cpu-load-and-wmi-errors-when-hyperv-is-installed
  The third party solution:
  How to: Fix error 0x80041010 on Windows 8.1 + Hyper-V
  http://www.seankilleen.com/2013/11/how-to-fix-error-0x80041010-on-windows.html
  MSDN forum Developer Network
  http://social.msdn.microsoft.com/Forums/en-US/home?forum=WAVirtualMachinesVirtualNetwork&filter=alltypes&sort=lastpostdesc
  Thanks for your understanding and support.
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Getting error while trying to edit locally  the document in KM of portal.

  Hi all
  we have configured  file server in km portal as fsdb mode in portal (ep 7  sp 14). We were able to edit locally the documents . But all of a sudden from some of the PCs  we are getting the following error while  trying to edit the documents.
  The download of the document failed .
  Is there any PC specific configuration required? For the same user  we are able to edit the documents from some PCs  but from another it is not working.
  Thannking you.
  Rajendra.

  Hi,
  You have to set your activex control properly. then only edit locally in KM will work.
  Also check the below wiki
  https://www.sdn.sap.com/irj/scn/wiki?path=/display/KMC/HowtotroubleshootproblemswithLocalEditing
  Hope that helps
  Raghu