Task Scheduler – powershell script

Short manual how to add a task with a power shell script


  • Programm/Script = C:windowssystem32windowspowershellv1.0powershell.exe
  • -> Add arguments = -noprofile -noexit -executionpolicy bypass -file C:pathscript.ps1
  • run with highest privileges

password expiration mail

# Please Configure the following variables....
$log_date =  Get-Date -format yyyy-M-d
$from = "email@mail.de"
$mail_debug = "false" # true = on / false = off
$mail_debug_email = "email@mail.de"
$mail_log = "false" # true = on / false = off
$mail_log_email = "email@mail.de"
$logfile = "C:passwordexpirelog_$log_date.txt"

#Get Users From AD who are enabled
Import-Module ActiveDirectory
$users = get-aduser -filter * -properties * |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }

Set-Content -Value "Name;Emailaddress;Daystoexpire"  -Path $logfile # Write first line

foreach ($user in $users)
$Name = (Get-ADUser $user | foreach { $_.Name})
if ($mail_debug -eq "true" )
$emailaddress = $mail_debug_email
# if ($mail_debug -eq "false" )
# $emailaddress = $user.emailaddress

$passwordSetDate = (get-aduser $user -properties * | foreach { $_.PasswordLastSet })
$PasswordPol = (Get-AduserResultantPasswordPolicy $user)
# Check for Fine Grained Password
if (($PassworldPol) -ne $null)
$maxPasswordAge = ($PasswordPol).MaxPasswordAge

$maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge

$expireson = $passwordsetdate + $maxPasswordAge
$today = (get-date)
$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
$subject="hybris domain password expiring"
$body ="

Dear $name,

Your domain password is due to expire in $daystoexpire days. To change your password,

For additional support please contact the  IT department.

The domain password must meet the following requirements:
	<li>password length must be at least 8 characters</li>
	<li>the last 5 passwords are may not be reused</li>
	<li>password must not contain the users account name or parts of the users full name that exceed two consecutive characters</li>
	<li>password must contain characters from three of the following four categories:</li>
	<li>english uppercase characters (A through Z)</li>
	<li>english lowercase characters (a through z)</li>
	<li>base 10 digits (0 through 9)</li>
	<li>non-alphabetic characters (for example, !, $, #, %)</li>

#if ($daystoexpire -lt $expireindays)
# Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High
if ($daystoexpire -eq "14" )
Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High
Add-Content -Value "$name;$emailaddress_log;$daystoexpire" -Path $logfile
if ($daystoexpire -eq "3")
Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High
Add-Content -Value "$name;$emailaddress_log;$daystoexpire" -Path $logfile

if ($mail_log -eq "true" ){
Add-Content -Value "log send to $mail_log_email"  -Path $logfile
$body_log= (Get-Content $logfile | out-string )
Send-Mailmessage -smtpServer $smtpServer -from $from -to $mail_log_email -subject "LOG - domain password expiring" -body $body_log


Here is the recipe for buttermilk cuts

The following is stirred with the stirrer:

  • 3 cups sugar
  • 1 packages of Vanilla sugar
  • 3 Owner
  • 1 Cup buttermilk 500 ml
  • 4 cups flour (1 Mix packet of baking powder underneath)

The whole is then poured onto a baking tray.
Then you mix 2 Cups grated coconut with ½ cup of sugar and sprinkle it on the batter.
Then the cake comes in 200 Degrees or slightly less for 20 Minutes in the oven.

When the cake is ready, equal 150 Grams of butter and melt 1 give cup cream to it and both together make hot. This liquid is then sauce, even if you can not imagine, poured on the cake. I always distribute it with a tablespoon, then it will be nice and smooth enough for the whole cake.

The wars. Cake also tastes 2-3 still and can also freeze days super.

Tell me then, how he became.

Windows 8 Enterprise - Windows activation fails (DNS name does not exist)

When using the Windows 8 Enterprise version it may happen, that comes when activating the following error message:

DTC: 0x8007232B
Error Description: The DNS name does not exist

This problem occurs only or Volume License. in Enterprise versions. Dissolve this issue following:

  • One must, as an administrator command prompt (DOS-Konsole) perform.
    For Windows 8 to install best a "Classic Start Menu". The can download best here: http://classicshell.sourceforge.net/
  • Then give a her following command: slmgr -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
    The xxxxx-xxxxx-xxxxx-xxxxx-xxxxx you replace your MAK product key.

After that Windows starts activation without an error message and display the message,: The Product Key has been successfully installed.

Staging-Folder / Quotas

or the theme Staging Folder. Staging quota is an often neglected topic, resulting in consequence, however in practice the most problems. It is in this howto realize a connection line between these two independent settings drawn, as between the size of the staging folder (So the Quota) and the replication behavior, there is a strong connection.

First, a little theory, the very roughly sketched, what happens when you change.

For example, when a file on Server A changed, replicates its data to the server B, sends server A after the change a "change notification" to the server B. After comparing the databases (or. whose entries) is Server B now start an inquiry to Server A, the file to be replicated.
Server A is now, after receiving the request from server B, the corresponding file "trainee", d.h. grab the file and put it into the staging folder below "DfsPrivateStaging".
There is using Remote Differential Compression (DRC) checked, what parts need to be transferred to the file, and the file is then broken down into the necessary parts.
These parts are transferred to the server B, composed the file again (possibly. involving the local parts of the file, that were not transferred with, because they were already present on the server B), to then extracted to create the location.

This process costs, depending on file size and file type, a lot of CPU power and disk performance. It therefore makes sense, to gestagen re not always just with often changed files data, but to leave the files are possible in the Staging Folder, since there are already calculated many "file pieces".

The staging folder is subject to the staging quota. That means, that the server A and the server which have B configures a staging quota determined, how much data can be put there.

If this quota is too low, must be gestaged anew the files repeatedly, which can have a high CPU load and disk load result. Moreover, the data transfer rate decreases and may, at worst, to almost a complete stop replication.

This is caused Settings, uses the Microsoft for the shrouds of data by default. There is a so-called low-water mark (60% Staging of-Quota) and a High Water Mark (90% Staging of-Quota). If the high water mark is exceeded, to delete the oldest data from the Staging Folder, to the low-water mark is reached again, also 60% quotas.
Exceeding the watermarks and the resulting deletion of data is in the DFS-R Eventlogs among the Event IDs 4202, 4204, 4206 and 4208 appropriate. A sensible measure from this point could therefore be, the quota by at least 50% to increase.

So If you imagine, that at a staging quota of 4096 MB a ca. 4 GB would gestagen large file…

– it must packed,
– calculates checksums
– be dismantled and;
– it must be deleted from the Staging Folder almost all data,
– then the 4 transfer GB file.

After this mechanism to other files will also be held again, which in turn must be recalculated - a high expenditure.

As long as the staging folder size under 100% of quotas is, is the DFS-R Server replicate nine files at a time: 5 sending (outbound) and 4 received (inbound) Threads, d.h. a total of 9 files.
If a quota is reached (the quota is "elastic", not "static"), is a thread for deletion used, until the quota utilization of affected replication group again under 60% sinks.
However, at the time of the quota are exceeding all 4 inbound or all 5 used outbound threads, may occur in unfavorable constellations to, that ALL outbound or. inbound threads or utilized RPC connections the server be blocked, complete scavenging of Quotas. This means in practice, that hardly or. any other data other than this one file and increase the so-called strong backlogs.

To illustrate again: Occurs this effect, can on the entire server no replication group replicate more data, until the quota again under 60% declined. However, if a file in the Staging Folder, which is a whole greater than the quota, can last until the completion of replication of this file, this process. This means in practice therefore a temporary stoppage of data replication from this server. Other models to be found at [6].

The quotas have by default in new replication folders size of 4096 MB. This value should be adapted in any case his claims. It must be clearly stated, that there can be no concrete statement to the size of quotas in principle – this is to decide in individual cases. However, one should the size of the quotas if possible as large as humanly possible in proportion to the mass of data the data to be replicated choose. At best, the quota is even the same as the data of the corresponding mass replication group.

During the initial replication much quota space is required in the normal case, since all data must be transferred (unless it were data Pre-Staged or cross-file RDC is possible). For this reason, it is recommended, to choose very generous during the initial replication the Quota. In the best case, if enough memory, at least as large as the total amount of data to be replicated (see above).

If you have more free memory, you can even up to a thumb formula of 1.5x replication folder size go for the Quota, because by checksums, old staging files etc. certainly can come together more data, provides as the folder itself.

It should be noted, that the quotas (briefly mentioned above) or on all servers. Replication folders must be set individually. Furthermore is noted, that the quotas apply only per replication folder, ie on all replication groups as needed can be customized (and should).

NOTE: At the end of this thread once again the haunting Note, very good to plan quotas and always keep in mind. Are there problems here, is sometimes all DFS-R structure affected.


Author: bad, MCSEboard.de

Manage OS X's downloaded file warning system

When Apple shipped Mac OS X 10.5, one of the new features was a warning about opening downloaded files (this feature is also present in Mac OS X 10.6). The first time open you such a file, a dialog appears, asking if you’re sure you want to open the file, because it was downloaded from the Internet. The idea behind this feature is a good one—as a user, you should know when you’re launching a program that’s been downloaded, just in case it was somehow downloaded without your knowledge.In practice, though, this “quarantine” feature can be incredibly annoying, depending on what sorts of files you download. In my case, it’s a real pain because when I often download web-hosted applications, such as Geeklog (which runs macosxhints.com) and phpMyAdmin, a tool for managing MySQL databases.

These downloads can consist of thousands of files, typically a combination of images and text files. The text files are a mix of HTML, PHP (a scripting language), and pure text, but none are actually Mac OS X executable files. The first time I try to open each of those thousands of text files for editing, I see the warning dialog. After about the fifth file, I become very irritated by the warning, and it does more harm than good, as I just blindly click away at it to make it vanish.

There are two solutions to this problem—one removes the warning dialog from already-downloaded files, and the other prevents any future downloads from being flagged with the warning. Note that you do not have to implement both solutions; you can just remove the warning from already-downloaded files while leaving the warning system itself active, if you prefer.

Remove warning from downloaded files

To remove the warning dialog from already-downloaded files, you need to use Terminal (in Applications -> Utilities), and the command itself differs slightly between 10.5 and 10.6. In 10.5, copy and paste this command:

find ~/Downloads/geeklog-1.6.1 -type f -exec xattr -d com.apple.quarantine {} ;

In 10.6, copy and paste this command:

xattr -d -r com.apple.quarantine ~/Downloads

Note that these commands can take a while to run if there are a lot of files in your Downloads folder. You can also change the directory they run on by modifying the ~/Downloads bit of the command—just change it to reflect the full path to whatever folder you’d like to update. (Remember to use backslashes before spaces, if any of the items on the path contain spaces.)

I personally use this method alone, while leaving the warning system itself active—I just really don’t need to be warned 1,653 times when I try to open each of the files in the Geeklog distribution.

Permanently disable the warning system

If you’d like to disable the warning dialogs completely (for any files you download in the future), open Terminal and copy and paste this command:

defaults write com.apple.LaunchServices LSQuarantine -bool NO

After you get the command prompt back (you won’t see any feedback; the command prompt will simply appear again), restart your Mac. From now on, you won’t be warned when opening downloaded files. It goes without saying, but making this change reduces the security of your machine. As I mentioned earlier, I’ve chosen to leave the warning system in place, and just remove the warning flag from downloaded files when I feel the need.

If you do permanently disable the system, and then decide you’d like it back, repeat the above command, but change NO to YES and reboot your Mac.

I have tested both the one-time and permanent solutionn methods on 10.5 and 10.6, and they work as described (including the bit to turn the warnings back on). Thanks to Jonathan Rentzsch, Ken Aspeslagh, and Timothy Luoma for various pieces of this hint.

How do I reset the IMAP cache for Apple Mail

Rebuild The Mailbox

1. Select the mailbox that is exhibiting the problem in the mailbox list of the Apple Mail main window.

2. Click the Mailbox menu item in the menu bar at the top of your screen.

3. Select the Rebuild item to rebuild the mailbox. This can take a long time depending on how much mail is in your mailbox.

If this does not work, you can use the method below to do clear the Apple Mail IMAP cache and force Apple Mail to re-download all of your email from the IMAP server.

Clear The IMAP Cache

1. Quit Apple Mail. It cannot be running for this procedure.

2. Click the Finder icon in your Dock. This will open a new file browser window.

3. Go to the Library folder.

4. Go to the Mail folder.

5. Find the folder named IMAP-user@domain.com. user@domain.com should be the email address that you are having problems with.

6. Move this folder to another location on your hard drive. Do not delete this folder in case there is a problem and you need to restore it.

7. Open Apple Mail and it will now re-download all email from the IMAP server and rebuild your IMAP cache. This can take a while depending on how much mail is in your account.

hybris breaks new ground for B2B companies

The mobile phone was born in the enterprise and remains a key tool connecting businesses. As consumers we know that today mobile is more than just voice.

So let’s take a look at what happens when we mix some hybris B2B functionality with a smart phone enabled workforce. Using hybris Stream and a mobile B2B app, Toto quickly orders the dynamite he needs for tomorrow.
His boss, Dan, receives the approval notification en route to a meeting and actions it on the go.
The order needs delivery notification so Annette , using the hybris customer service module, gives Toto a call. Toto confirms the delivery instructions and business carries on as usual.

For more information please head to www.hybris.com

Install Firmware passwords

Setting up a firmware password should be a must for companies and institutions that require a certain level of security. The reasons for this should be quite obvious so I won’t explain on these.

There are a couple of methods that an administrator can use to set up the firmware password before is handled to a user (DeployStudio being the most common?) or during the first login of that user using a first boot Applescript with a simple GUI.

The method I am going to explain here is how to set the password by using a simple installer. The main benefit of this being versatility.

No rocket science involved basically we are going to create an installer that runs a bash script and holds a copy of Apple’s binary setregproptool. No file is installed on the computer other than the receipt of the installer itself.

Let’s dig into it!

1st we need to obtain a copy of the setregproptool . We can do this easily enough if the computer in which you are working is a 10.7 or 10.8 by mounting the Recovery partition and copying it from there

Lets create a directory where we’ll store the binary, the scripts and the pkg

cd ; mkdir firmwareInstaller ; cd firmwareInstaller
diskutil mount Recovery HD
hdiutil attach -quiet /Volumes/Recovery HD/com.apple.recovery.boot/BaseSystem.dmg
cp /Volumes/Mac OS X Base System/Applications/Utilities/Firmware Password Utility.app/Contents/Resources/setregproptool .
hdiutil detach /Volumes/Mac OS X Base System/
diskutil unmount Recovery HD

Now for the sake of documenting check which version you just got and read through the available switches

sudo ./setregproptool

I am getting this on a 10.8.2

setregproptool v 2.0 (9) Jun 20 2012

Create the two scripts, one for enabling the firmware password and the second to disable the same. I highly recommend you create the installer and “uninstaller” in pairs and always match the version numbers. This is specially critical if you are required to change the firmware passwords in the future and versioning starts to be an issue.
The main reason for this is that computer models newer than 2010 require the same password to disable the prompt, so the “uninstaller” version should always match the installer version used previously.

This is, for example, you receive a brand new recent model half batch of computers, then you install your firmware password version 1.0. Then the next week you receive the other half of the shipment and install the firmware password version 1.1. Then if you use the uninstaller 1.0 to target all of them only the first half will have it disabled. What a difficult explanation but I hope is clear

Also it is a good practice that when you set the password to blank when disabling it. This way you won’t face problem if the computer needs to be protected again

touch enable.postflight.sh disable.postflight.sh

enable.postflight.sh could be something like this

# VERSION 1.0 of the password enabler. Use the same version to disable it.
# Deactivating the password if it was set. Asuming the password was blank
./setregproptool -d -o “”
sleep 1
# Setting the password and the mode
$setregproptool -m command -p “NewPassword” -o ""
# Logging
echo "The firmware password version 1.0 is now set up!"
exit 0

and disable.postflight.sh could be

# VERSION 1.0 of the password disabler. Works only if the password was set up using the same version enabler
# Setting the password to blank WILL TAKE EFFECT AFTER REBOOT
$setregproptool -p "" -o "NewPassword"
sleep 1
# Disable the prompt for password
$setregproptool -d -o "NewPassword"
# Logging
echo "Firmware password now set to blank and prompt disabled, reboot for the changes to take effect!"
#forget that the password was ever installed. Munki likes this
pkgutil --forget com.mycompany.pkg.firm.pass
exit 0

As long a you use the same pkg name you can verify what version of the password a computer has by running

pkgutil --info com.mycompany.pkg.firm.pass

Then use the correct uninstaller

Packing the installer should be easy enough

Let the mass deployment of firmware passwords begin!

EDIT: reader please note that when I created my package I was using the great Packages application. If you are reading this now and you use pkgbuild to create your installers then your scripts need to be correctly named. See comments below for more info