Learn about my 2012 Core Survival Guide here.

Date and Time settings

This blog is going to cover the basic of viewing and changing your time settings.  If you are like me I seem to always forget to set the correct time zone and need to correct it after the install.

How to view Date and Time settings

Viewing the date and time is very strait forward.  This is one of the simplest PowerShell cmdlet to work with. 

PowerShell Command:

Get-Date

Or

Get-Date | format-list *

In the sample output below I demonstrate both of the above commands. 

How to change Date and time setting

I am not sure why, but this one took me some time to figure out.  None of the examples on the Get-Help showed the syntax for just setting the date and time.  Below is the syntax I used to set the date and time on this computer.

PowerShell Command:

Set-date "12/12/2012 10:30 PM"

The output below shows the time was changed.  Keep in mind that domain joined computers by default will sync their time from a domain controller. This can make your time change short lived.

How to View the current Time Zone

I had to use WMI calls to get the time zone.  Below is the syntax I used.

PowerShell Command:

 (Get-WmiObject win32_timezone).caption

As you can see below this command show you what time zone this computer is in.

How to Change the Time zone setting

I searched for a simple one line method in PowerShell to set the time zone and came up empty.  The only easy way I found to do this in a one liner is using a command line utility tzutil.exe. 

Command:

TZUTIL /s "US Eastern Standard Time"

How to get a complete list of Time Zones

Command

TZUTIL /l > timezone.txt

Notepad timezone.txt 

Since this output is large and scrolls off the screen I piped it to an output text file and opened the file with notepad

I hope you found this useful.  Please leave me a comment.  Let me know if there are any core tasks you would like me to cover.

Bruce

Learn about my 2012 Core Survival Guide here.

Computer Name Setting

This blog is going to cover the basic of viewing and changing your computer name.  Setting the computer name is an option when you are installing the OS, or you can let the installer auto name your server.  If for some reason you need to rename your computer it can be done using PowerShell.

How to view computer name

I view the computer name by looking at the environment variable "ComputerName".

PowerShell Command:

Get-Content ENV:Computername

In the sample output below I see that this computer name is "CORETEST1"

How to change computer name

I change the computer name by using the Rename-Computer cmdlet.  

PowerShell Command:

Rename-Computer -NewName MyCoreBox -restart

In the output below we see that this computer is rename from "CORETEST1" to MyCoreBox.  Since the box reboots with this command I have to capture a second screen shot after the reboot to confirm the setting.

Screen shot after reboot

I hope you found this useful.  Please leave me a comment.  Let me know if there are any core tasks you would like me to cover.

Bruce

Learn about my 2012 Core Survival Guide here.

Joining the Domain

Everybody at some point will need to join their computers to the domain.  This blog will cover the basics of viewing your settings, joining the domain and removing your computer from the domain.

How to view Domain Settings

We can view the domain name by using a WMI object Win32_ComputerSystem.  I still looking for a good way to do this native with PowerShell 3.0

PowerShell Command:

(Get-WmiObject Win32_ComputerSystem).domain

The output below shows the domain name of the computer.  In this case it is "WORKGROUP"

How to join the computer to the Domain

By joining your computer to the domain you will get all of the benefits that the domain has to offer.  The PowerShell cmdlet we use is “Add-computer”.

PowerShell Command:

Add-computer -DomainName Contoso.com -Credential Contoso\Administrator -Restart

The output below of the first command shows the current domain name of the computer.  In this case it is "WORKGROUP".  The second command joins the computer to the domain Contoso.com.  In addition, the second command will prompt you for credentials of an account with domain join privileges in the domain you are trying to join.

How to Join a Domain and place the computer in an Organizational Unit (OU)

Most corporations have well defined OU structures and do not want computer objects place in the default folder.  By placing the computer object in the correct OU saves you time.  Below is the cmdlet that will help us with that.  You must know the complete distinguished name (spelling counts here) of the OU you wish to place the computer into.  If the distinguished name has any spaces in it you must quote the entire name.  I found it makes my life easier to always quote the distinguished name.

PowerShell Command:

Add-computer -DomainName Contoso.com -OUPath "OU=Servers, OU=Assets,DC=Contoso,DC=COM" -Credential Contoso\Administrator -Restart

The output below of the first command shows the current domain name of the computer.  In this case it is "WORKGROUP".  The second command joins the computer to the domain Contoso.com in the OU "Servers".  In addition, the second command will prompt you for credentials of an account with domain join privileges in the domain you are trying to join.  The computer will reboot when the command is completed.

How to leave a Domain

When you leave a domain you default back to the “Workgroup”

PowerShell Command:

Remove-Computer -UnjoinDomaincredential Contoso\Administrator -Passthru -Verbose -Restart 

The output below of the first command shows the current domain name of the computer.  In this case it is "Contoso.Com".  The second cmdlet will remove it from the domain.  In addition, the second command will prompt you for credentials of an account with domain join privileges in the domain you are trying to leave.  Finally when the command completes the computer will reboot.

I hope you found this useful.  Please leave me a comment.  Let me know if there are any core tasks you would like me to cover.

Bruce

Learn about my 2012 Core Survival Guide here.

Remote Desktop

This is one of the more complex settings to get correct.  For remote desktop to work you need to have two registry keys and a firewall rule set up correctly.  If the registry key does not exist you will receive an error when you try to view or set it with PowerShell.  Remote Desktop is disabled if either of the following two settings are true:

fDenyTSConnections = 1

Remote Desktop application firewall rule is disabled

If "UserAuthentication" has a value of 1 indicates that only secured connections will be used. 

How view current Remote Desktop settings

fDenyTSConnections is the registry key that enables or disables Remote Desktop. A value of zero indicates that Remote Desktop is being allowed. 

PowerShell Command:

If you receive an error it indicates the property does not exist or you typed the command in correctly.

UserAuthentication is the registry key that will enable secure connections. A value of one indicates that Remote Desktop will only use Secure Connections. 

PowerShell Command:

Once again if you receive an error it indicates the property does not exist or you typed the command in correctly.

If the Remote Desktop Firewall Rules is "Enabled", like in the screen shot below, then the firewall rules will allow remote desktop to work.

PowerShell Command:

The screen shot below show that the firewall rules are correct for remote desktop.

How to enable Remote Desktop settings

Setting fDenyTSConnections registry key.

PowerShell Command:

If key does not exist this is the command to use.

In the screen shot below you see the current value, followed by the command to modify the value (in yellow), then followed by the command to confirm the setting.

How to enable Remote Desktop Firewall Rules.

PowerShell Command:

In the screen shot below you see the current value, followed by the command to change it, then followed by a command to confirm the settings have been changed.

How to enable Secured Remote Desktop Session

This setting determines if all connections are allowed or only Secured Connections.  A value of 1 for this setting indicates that only Secured Connections.

PowerShell Command:

If key does not exist this is the command to use.

The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.

How to Disable Remote Desktop

Setting fDenyTSConnections registry key

PowerShell Command:

If the key did not exist you can use this command to create the key and set the value.

PowerShell Command:

The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.

How to disable Remote Desktop Firewall Rules

PowerShell Command:

In the screen shot below the first command shows the current value, followed by the command to disable the Remote Desktop firewall group, then followed by the command to confirm the setting changed.

I hope you found this useful.  Please leave me a comment

Bruce

Learn about my 2012 Core Survival Guide here.

PowerShell Remote Management

Windows Server 2012 has PowerShell remoting enabled by default.  In order to manage PowerShell Remote Management correctly you will need to logon with an account that is a member of the local administrators account.

How to determine if remoting is configured correctly

You can determine if remoting is configured by creating a new PowerShell session.  If the session is created successfully then remoting is configured correctly.  The cmdlet we use to create a new PowerShell session is New-PSSession.

PowerShell Command:

New-PSSession

In the screen shot below remoting is configured correctly.

In the screen shot below remoting is not configured correctly.  This is just one of the possible errors depending on what is not configured correctly.

How to enable remote management

The Scripting Guy wrote a good blog on remoting so I will share the link with you.  No reason to recreate the wheel.

http://blogs.technet.com/b/heyscriptingguy/archive/2012/12/30/understanding-powershell-remote-management.aspx

There is a simple PowerShell cmdlet (Enable-PSRemoting) to enable remoting.  This command does the following:

1. Starting or restarting the WinRM Service
2. Setting the WinRM service to startup type to Automatic
3. Creating a listener to accept requests on any IP address
4. Enabling Windows Firewall inbounds rules exceptions for wm-management traffic

 PowerShell Command:

Enable-PSRemoting

Below you can see it quite simple. 

How to disable remote management

By default on Windows Server 2012 remote management is enabled.  It is NOT a best practice to disable this setting.  With that said this is how it can be done.  It will requires several steps to complete.

PowerShell Command:

Disable-PSRemoting

To stop the WinRM service use the following command

Stop-Service -name WinRM

How to disable the WinRM service

Set-Service -Name WinRM -StartupType Disable

To restore the value of LocalAccountTokenFilterPolicy to zero use the following:

PowerShell Command:

set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system" -name "LocalAccountTokenFilterPolicy" -Value 0

To disable the Windows Remote Management firewall rules use the following:

PowerShell Command:

Enable-NetFirewallRule -DisplayGroup "Windows Remote Management"

I hope you found this useful.  Please leave me a comment

Bruce