This past week I have had multiple terminals up with different clients on different terminals connected to different Microsoft services. I quickly realized that I needed to know if I was already connected or not to each Microsoft service. I knew that Get-PPSession was a key to this, but what surprised me was azure and msols didn’t have a PPSession to review. I use 4 different connections on a daily basis. The Msol, Exchange Online, Compliance, and Azure AD. Here is how you can quickly test each service to see if it’s connected.
Msol Service
With Msol we want to test a command to see if it works. We output that command to null. The command I found to be the quickest for this is Get-MsolDomain. Once we run the command we check to see how successful that command was with $?. I like to put things into arrays for future use. So, I dropped it into a $Results and then present those display those results.
With Exchange online, we can use the Get-PSSession. We search the connection uri for outlook.office365. We also look at the state to be opened. We then ask if how many sessions there are. if it’s greater than 0, then we are good to go. Believe it or not, this is a one-liner.
With Compliance, it’s similar to the exchange online. We are using the Get-PSSession again. This time we are looking for the word compliance and the state open as well. Once again, this can be a one-liner.
Finally, we come to the Azure AD, Just like the Msol, we have to check it using a command. I have seen people use the Get-AzureADTenantDetail commandlet. So we will use that commandlet and pipe it into out-null. Then we confirm if it worked with the $? command.
Any IT professional will tell you, technology changes almost daily. Some things seem like they will never change then bam, it changes. For example the dependency on IE. In the 90s and most of the 20s it was IE. Firefox and Chrome started back then but didn’t really gain traction. Now here it is 2021, Google search no longer supports IE. Microsoft no longer supports IE. IE is a bad word in the security world. So it’s time to move away from IE. Most companies have done just that. Thousands of security-minded websites no longer develop for IE and purposely broken their sites on IE. The immortal IE was a problem this week.
Scenario – Always IE
A user called in and stated “Every time I go to ADP I get a message saying ‘Your browser isn’t supported.'” The browser was IE. ADP was a URL link on the desktop. URL links go to the default browser. The user stated that they changed the default browser to Google Chrome more than once, but it changes back after they restart the computer.
Who, What, Where, When, How
Who: The user was a standard user and located in the User OU in AD.
What: URL link is opening IE instead of google chrome.
Where: End user’s laptop.
When: Every time they reboot.
How: When they double click a url icon.
With this info gathered, I started troubleshooting. I changed the default browser to Google chrome. The user stated after a reboot it changes back. I rebooted the machine to see this behavior. Sure enough, the default app changed from Google Chrome to IE. The most common thing that changes the default apps around is Group Policy. I ran gpresult /r on the computer and saw a default app policy.
Hum…
I logged into the server and loaded the group policy. Sure enough, there was a default app policy. This policy lived at the top level of the domain as well. Default app policy lives under Computer > Policies > Administrative Templates > Windows Components > File Explorer > Default Associations Configuration File. They use an XML file on a share that can be read by everyone in the company. I looked into this file and saw .htm, .HTML, HTTP, and https were set to internet explorer.
At this point, I knew this was going to be a change request. I informed the client that this is a change request. Then I contacted the client’s leadership and acquired permission from the leadership via email. They responded with, YES PLEASE! This is my CYA that I needed. My assets were covered. Time to kick it into high gear.
Inside the default app XML file, I changed the .htm, .HTML, HTTP, and HTTPS progId to ChromeHTML and the ApplicationName to Google Chrome. This is what it looked like.
I asked the user to reboot their computer and test if the URLs opened in google chrome. The user reported that it did. I called few other users in the org and tested with them. Normally I would create a new OU and test with a test box, but this client did not have a test box. So, why not test in production! Please don’t test in production unless you have to.
In the end, the problem was a Default App Policy. Fixing that fixed more than just this single user’s issue. The leadership was happy with the change and they enjoyed using their drag and drop URL icons.
As always, if you have questions, feel free to ask.
Need to find duplicates in an array? It’s as simple as using a group object. So we take an array, and group the array by property or group of properties. Then we search those groups for any group that has a count of 2 or greater. Then we display those groups. Here is the heart of the code:
Now it’s as simple as wrapping this one-liner into a function. The Group-object property switch can take multiple inputs. So it’s best to set that as a list of strings. Here we go:
I have been working with group policy recently and have been enjoying it. I wanted to share this knowledge with the rest of the world. I’m going to do that through a few scenarios. This first part is gathering information. More information you have, the more likely you will be successful at resolving the issue.
Scenario – User can’t hear conference call
The ticket came in as, “I can’t hear people on a conference call with XYZ company.” The help desk guy tried to figure it out. He updated the ticket with “It’s just broke.” Then he escalated the ticket to me. So, I called the person up and was blasted with an ear full of, “it ain’t working, and this be broke and that be broke, and I needed this call for a client, and and and…” The normal basically.
Who, What, Where, When, How
Here is the information I pulled. Who is the User? What computer is the user using? What is the real problem? Where is the Computer located? Where are the user and computer located in AD? When did this start happening? Finally, how can I recreate the issue?
Once I pulled that information, I discovered they were using a Website to communicate with an HR company via web conferencing. Hum… Anyways, The computer was in the standard laptop OU, and the user was inside the standard Recruiter’s OU. The problem was only noticed that week. I asked her to try another site and finally had her try google video conferencing. None of these technologies worked. I finally had her try a product She has used in the past that worked. This product was an in-house remote connect with the audio program. The in-house program worked. At this point, I knew the browser was ok. There was something else stopping it. I suspected Group Policy at this point.
Hum…
To confirm group policy was doing this to her, I ran the “Group Policy Results Wizard” in the group policy management console towards the bottom. Inside the wizard, I selected the computer she was on. Then I selected her. The wizard did its wizard magic and gave me a full list of everything that was applied to her, how long each step took, and which one won over the other. Sure enough, she had a browser policy attached to her. From the wizard, I was able to see the website she was trying to use was not listed. At this point, I had some work to do.
Make a change request with managements. If approved, move to the next step. If not, tell the user they are not allowed to use the conferenceing software on those sites.
Add the site to the group policy
then run gpupdate /force on her computer
Management did not approve the change. So, I called the user and informed them of the issue. They were not happy, but then I had the power of management behind me.
Deeper Dive
There are a few things in the Scenario to take note of.
Getting the right information from the user is key.
Scopes of group policies on a user and the OU they are in.
The group policy management tool has some cool troubleshooting tools.
Permissions from Management, AKA, cya.
Getting the right information from the user
Getting the right information is hard sometimes. Here is the conversation that went down between me and her.
Me: Which computer is this happening on?
Her: ALL OF THEM! (First Key that it’s group policy)
Me: let’s focus on one computer. Which computer was the first computer you noticed this issue?
Her: Gives me a computer name.
Once I had the computer name that it happened first. I pinged it to see if it was active or not. I also know that she has logged into the computer within the past few days as the ticket she put in was only a few days old.
AD information and Scopes
As I had a hint that this might be a group policy-related item from when she said, “It happens Everywhere” I made sure to note at the OU the computer was located in and the OU the user was located in. Then I started up group policy management and looked at her and her computer there. Her OU had the browser policy inherited from the top-level user OU. Then I used the tools inside group policy to confirm the issue.
Using built in tools to confirm
Group policy management console has a set of very useful tools that will help out to gather information. The first tool is the Group Policy Modeling tool. This tool will create a “what if” to the information you feed it. It doesn’t need access to the computer in question, just the domain. The second tool, the one I used is called Group Policy Results. This bad boy needs access to the computer. What it does is it reaches into the computer and pulls the group policy information. This one shows you what happened. It’s kind of like running gpresult /r on a computer, but on drugs. This tool confirmed the browser policy was attached.
CYA like a kid in a candy shop
Group policy has the power to change everything that is connected to it. A simple small change can have rippling effects for years to come. There is a real chance of tattooing your network as well. Tattooing is where a group policy change stays after the policy has been removed. So, best to CYA yourself. For those that don’t know CYA means to cover your assets. This is why I brought management into the picture. They get paid the big bucks and if something happens, I can point to the email I sent to the management. The manager said no, and thus the answer became no.
I hope this was helpful for you all. The one thing I want you to take away from this blog is CYA! You can be the best at your job, but if you make a change and management don’t agree, cya can save your tail.
As always, if you have questions, feel free to ask.
The goal of this blog is to show you a way to speed up a computer using basic software commands/programs. I use these daily and I have seen them work. Sometimes they don’t sometimes they do.
Disk Cleanup
Disk cleanup is a powerful built-in tool that allows you to clean up temporary files and whatnots. It’s a very surface-level tool. I tend to prefer tools like wise disk cleaner over this tool. In this tool you can clean up a full range of items:
Disk Cleanup has two modes. A mode for standard users and a mode for Admins. Of course, you have to have admin rights to run the admin side of the app. Disk cleanup starts in standard mode. You know it’s in standard mode by the lack of options and the button with the admin shield on it called “Clean Up System Files”.
Standard user Mode
Download Program Files
Temporary Interent Files (Edge and IE Only)
DirectX Shader Cache
Delivery Optimization Files
Recycle Bin
Temporary Files
Thumbnails
Clean Up System Files – Admin Mode
When you click the “Clean Up system files”, disk cleanup restarts with more options. These options down blow. They include things like windows update items.
Windows update Cleanup
Windows update log files
Downloaded program files
temporary internet files (only edge and IE)
DirectX Shader Cache
Delivery Optimization Files
Device Driver packages
Language resource files
The Recycling Bin
Temporary files
Temporary windows installation files
Thumbnails
Wise Disk Cleaner
The next tool is a disk cleaner as well, but it goes much further than the basic standard disk cleanup. This tool is called wise disk cleaner by the company called wise. They also make wise registry cleaner and more. This software will clean out the temporary files of all of your browsers, your windows, cookies, and much more. It’s repo of what it looks for is fairly large. What I like about wise is it is smart as well. It knows what can be dangerous and what is not. You can tell it to be dangerous as well.
Wise disk cleaner on startup.
All you have to do is click the scan and then clean up. It does everything for you. Along with the scan and clean-up, it also offers disk defragging for HHDs. The system slimming and advanced cleaner are tools for the more advanced user and I wouldn’t recommend using them if you are new to computers.
I personally like that wise has a portable version in the portable apps platform and all versions have command-line switches as well. Here is more useful information:
After I run the disk cleaner, I run the wise registry cleaner on computers. Whenever a program installs, updates add to and so on with the OS, the registry gets junky. This junk often times has pointers to dead ends and other items that slow down the system. It is important to clean up those bad pointers, especially after a windows update.
What I like about Wise Registry Cleaner is it offers backing up your system with a restore point and a registry back before it does anything. They know that something bad could happen. The app also offers different scan types. Fast, Deep, and Custom.
Wise Registry Cleaner Start Page
The next example is a deep scan of a system I was working on.
Wise Registry Cleaner Scan
Wise Registry cleaner also has command lines like the disk cleaner. Here is some useful links.
This tool allows you to quickly find issues with your OS. Missing files, missing registry keys, and more. It validates your internal OS settings. The command has to be run as an administrator.
SFC /Scannow
SFC has much more flags that you can run, but I will not cover them in this blog. That’s worthy of its own blog post. For more information, you can check out the Microsoft documentation here.
DISM Cleanup
Finally, you can use the DISM command to reach out to Microsoft itself and compare/repair your system. the /online flag tells dism to go online. The /cleanup-image opens up the cleaning process and the various commands after that repair different items.
dism /online /cleanup-image /checkhealth
This command checks the system for anything that might be corrupt or damaged. This one is a high level and it also checks itself. Basically lets make sure the tool works.
dism /online /cleanup-image /scanhealth
This command scans the system for missing files, damaged files, and much more based on the image from Microsoft. This one is much more in-depth than the checkhealth. This part takes some time and once complete, the system is ready for the next command.
dism /online /cleanup-image /restorehealth
This command takes the list from scanhealth and the online repository and repairs the OS image. Without this command, nothing is getting fixed. It’s also best to run this command last. If this process appears stuck at any point, that’s normal. Let it do what it gots to do.
Final thoughts
I have come across lots of computers recently where office updates have damaged the OS and left thousands of useless files lying around. Completing these tasks has brought new life into those computers. It doesn’t work all the time, but when it does, it’s awesome. Out of all of the systems I have worked with the number one issue I see the most is age. Most slow computers are due to the fact that the computer is 10 years old trying to run the latest and greatest. My suggestion for those machines is linux.
I hope these little tricks will help you in your day-to-day IT endeavors.
