Maintenance mode is great however, when you have a single ESXi host and you have perfected the perfect VM startup order and you have to place your host into maintenance mode how do you start your VMs in the same order without having to manually do it?
ESXi VMs not starting due to maintenance mode
In this post, I will detail step-by-step how to start the VM auto-start sequence after you’ve exited maintenance mode.
Enable SSH by right-clicking on the host and selecting Services > Enable Secure Shell (SSH)
SSH into the ESXi host (I’m going to use PuTTY)
Run the following command to autostart your VMs vim-cmd hostsvc/autostartmanager/autostart
Now your VMs will start booting up in the autostart order you created.
You can even tell your VMs to shutdown in the reverse order by just running the auto shutdown command vim-cmd hostsvc/autostartmanager/autostop
I tried to find official documentation from VMware about this process but I wasn’t able to find any.
LinuxServer.io makes some great Docker images. I’ve been using their UniFi Controller image for a very long time. Sadly it is being deprecated in January 2024. Fortunately, they have a new replacement image named UniFi Network Application. There’s a bit more to the setup as the database portion has been decoupled from the image.
In this post, I’ll show you step-by-step how to set up the UniFi Network Application with Docker.
The UniFi Network Application uses MongoDB for its database we will need to set that up. MongoDB is composed of two elements, the main database and a stats database.
When you first make a MongoDB container it needs to be initialized there are a few methods to do this. I’ll be using the shell script method as I was able to make that word with all the environment variables I wanted to use.
Setup
Make a folder to store everything in. I’ll call mine unifi-net-app.
Download the docker-compose.yml, the init-mongo.sh, and the sample.env files from my GitHub https://github.com/thedxt/UniFi-Docker and place them in the folder.
The sample.env file shows you the variables you will need to define.
The variables are:
CONTAINER_NAME is the name of your UniFi stack. There will be two containers spawned.
The one with _CORE appended to it is the LinuxServer.io UniFi Network Application image.
The one with _DB appended to it is the official MongoDB image. It is currently pinned to version 4.4 as that’s the highest version UniFi supports.
MONGO_DBNAME is the name of the MongoDB database that stores all the data. The second database for stats will have _stat appended to it.
MONGO_USER is the database user for the UniFi database and the stats database.
MONGO_PASS is the password for the database user for the UniFi database and the stats database.
With the release of geoSCOUT version 9.0 geoLOGIC has upgraded the geoSCOUT launcher. As part of the upgrade process to version 9.0, you should be upgrading the geoSCOUT launcher as geoSCOUT users will get a warning message stating that they need the new launcher. They can still use geoSCOUT even if the launcher isn’t upgraded but they will keep seeing the warning message every time they open geoSCOUT.
Warning message about the old geoSCOUT launcher
The geoSCOUT launcher upgrade can be a challenging task in a large environment when users don’t have local admin. In this post, I’ll detail what I’ve discovered about how the geoSCOUT launcher works and include a PowerShell script to upgrade the launcher.
Discovery
The geoSCOUT launcher seems to work by looking for a user’s GMAP.ini file saved in the user’s %AppData%, if that file isn’t present then the launcher will throw an error.
When you install geoSCOUT using the Desktop_Build_NonAdmin installer or the Desktop_Build installer both of them use the context of the path that executed the install to populate the user’s GMAP.ini file saved in %AppData%.
My theory on how part of the geoSCOUT launcher works is that it uses the user’s GMAP.ini file to find the geoSCOUT server and for version 8 it loads gsmainV8.exe from the Programs directory in the geoSCOUT network location.
The geoSCOUT version 9.0 launcher seems to work the same way as the version 8 launcher did except that instead of launching gsmainV8.exe it launches gsmap.exe. Technically speaking you could run geoSCOUT by just launching gsmap.exe but that isn’t the recommended way.
After the geoSCOUT upgrade to version 9.0 if a user is using a shortcut to gsmainV8.exe they will get the warning that their launcher is out of date and needs to be upgraded even if their geoSCOUT launcher has been upgraded on their system.
The way the geoSCOUT launcher works is important because it shows us that unlike the normal geoSCOUT user install the path you use to install the launcher doesn’t matter.
Backups are a good thing to have. Within Microsoft Configuration Manager you can set up a backup maintenance task, but what if you need to run a backup on demand how do you do that?
Microsoft Configuration Manager (ConfigMgr) has had a few names the longest-standing name was SCCM (System Center Configuration Manager) it also used to go by the name SMS (Systems Management Server) you will still find references to SMS even on the current version of ConfigMgr. For simplicity, I’m going to refer to it as ConfigMgr.
In this post, I will detail step-by-step how to configure backups for ConfigMgr and how to run an on-demand backup of ConfigMgr.
A few years ago I wrote a post about how to Swap Office 365 Licenses. Microsoft has deprecated the cmdlets that were used in that post specifically Set-MsolUserLicense and has replaced them with Microsoft Graph cmdlets specifically Set-MgUserLicense.
In this post, I will show step-by-step how to swap Microsoft 365 licenses using Microsoft Graph and PowerShell.
We need a few more permissions than the default permissions for Microsoft Graph.
Run the following command to connect Microsoft Graph to your Microsoft 365 tenant with the necessary permissions Connect-MgGraph -Scopes User.ReadWrite.All, Organization.Read.All
Now let’s find out what SKUs we have to work with.
Run the following command to get the list of SKUs in your Microsoft 365 tenant Get-MgSubscribedSku -All | select SkuPartNumber
By default, Windows servers display lots of details when you logon to them and rarely leave you wondering what it’s doing. A while back I ran into an issue that was causing 15 minute login times when a user would log in to the computer for the first time. This was particularly a problem with shared systems like meeting room computers as many users may have never logged into that computer before. The problem scales with the more meeting rooms you have and the more users you have, and typically people are rushing for meetings and don’t have time to wait for a long Windows login process.
From the user’s perspective, it looks like the computer would just sit at Welcome for 15 minutes. Yes, you can go dig into the event logs and see what’s causing that or you could make it so the computer can output what it’s doing, making it so the users can provide you with more useful information.
To do this you need to enable verbose statuses. This is enabled by default on Windows servers but not regular Windows devices. When a regular Windows device logins in and sits at the Welcome message it is doing stuff but not telling you what it’s doing.
In this post, I will detail step-by-step how to enable the Windows verbose login status with a GPO or Intune.
The Process
GPO
Make a new GPO
Go to Computer Configuration > Policies > Administrative Templates > System
Set Display highly detailed status messages to Enabled.
Link the GPO to the OU of the devices you want to enable Verbose Status on.
Microsoft has been warning about the deprecation of the MS Online and Azure AD PowerShell cmdlets for a while now; the end date is fast approaching, and some of the commands have stopped working. You can read the Microsoft post about the deprecation here.
Microsoft Graph is becoming a day-to-day reality and a tool we’ll need to use to manage items in Microsoft 365 with PowerShell.
In this post, I’ll cover step-by-step how to setup the Microsoft Graph PowerShell SDK to connect to a Microsoft 365 tenant and show how it works and how to secure it.
Installing
To get started with Microsoft Graph we first need to install it.
Open PowerShell as Admin
Install Microsoft Graph PowerShell SDK by running the command Install-Module Microsoft.Graph
Connecting
Now that the Microsoft Graph is installed we can connect to a Microsoft 365 tenant.
Run the following PowerShell command to connect to a Microsoft 365 tenant Connect-MgGraph
Login with a Global Admin account.
You will now see a screen that lists the permissions that Microsoft Graph needs to function.
Microsoft Graph permissions
Select Consent on behalf of your organization and click Accept
It is normal that the Microsoft Graph Command Line Tools shows up as unverified, there is a long-standing issue on GitHub about it. You can read more about Issue #482 on GitHub.
Now you are connected to the Microsoft 365 tenant and can run Microsoft Graph cmdlets.
How it works
I got curious about why the application permissions are needed and what is happening. Here’s what I found out.
When you click Accept it creates an enterprise application in Microsoft Entra ID (Azure AD) named Microsoft Graph Command Line Tools and has an Application ID of 14d82eec-204b-4c2f-b7e8-296a70dab67e and grants the app delegate permission to the permissions that were listed. By selecting Consent on behalf of your organization allows the app to not have to ask for the permissions every time you use it.
A while back I saw someone’s computer that had a company logo in the Windows taskbar; it looked super slick. I wanted to duplicate the same thing in my setup.
The documentation on what causes a company logo to show up in the search box in the Windows taskbar and the Windows start menu is kind of lacking however, after playing around I figured it out. It’s the custom default theme in Microsoft 365 that will cause the organization logo to show up on Windows devices connected to a Microsoft 365 tenant be it joined or just registered devices.
Before and after adding the company logo branding
In this post, I will show step-by-step how to add a custom default theme to your Microsoft 365 tenant that will also apply to the search box in the taskbar of Windows devices. This works on Windows 10 and Windows 11.
DKIM (DomainKeys Identified Mail) is a way to help validate the authenticity of the emails you send.
DKIM adds a signature to your email by using a private key and a public key. Your public key is your DKIM DNS record and only your email server knows your private key. When you have DKIM setup every email you send gets signed with DKIM.
A DKIM signature is built from the hashed values of some of the email headers, one of which is the hash of the email body itself. With the hashed value of the email headers, DKIM encrypts it by using a private key and a public key and adds the encrypted result to the email as a DKIM header signature. This is similar to how PGP works. If you want to know more about PGP you can read more in my post about PGP.
When the recipient receives an email that was signed with DKIM, the recipient’s email server can validate that the email hasn’t been tampered with by decrypting the DKIM header signature using the sender’s public key. If the message was altered the DKIM header signature wouldn’t exist or the decrypted result wouldn’t match.
In this post, I will detail step-by-step how to enable DKIM on a Microsoft 365 tenant by using the GUI and PowerShell.
I’m a big fan of using copy paste as it helps me reduce typos and allows me to paste links or other information quickly between systems. Previously I wrote a post that covers how to enable copy paste with VMRC (VMware Remote Console) however that’s not super useful for the users that are using Omnissa Horizon (formerly VMware Horizon). If you want to know how to enable copy paste with VMRC you can read my post about it called VMware Copy Paste Enabler.
The default configuration of VMware Horizon is that copy paste only works in one direction. You can paste items into VMware Horizon but you can’t copy items out, from an end-user perspective they may report that as broken. Thankfully there’s an easy way to enable full copy paste in both directions in Omnissa Horizon.
In this post, I will detail step-by-step how to enable copy paste in both directions in VMware Horizon.
Perquisites
Have the Horizon GPO templates deployed to your Central Store.
