Kevin Oppihle's Tech Notes

When installing the printer even as an administrator on the PC it fails to complete with error 740  Open up a command prompt as an administrator then run the following command to open up the "add a device" printer installation wizard: rundll32 printui.dll,PrintUIEntry /il Select the printer and the installation should complete properly with elevated credentials.

  In Azure AD Sync you get the following 8344 Insufficient access rights to perform the operation on one or multiple accounts: Go to ADUC and right click on your domain to open Properties. Go the Security Tab and confirm the account that is used for synchronization has the following permissions: If still having the issue, I have found that if your sub OU or users are blocking inheritance that can also block the permissions from applying to the lower OU’s. Here is an example of proper setting in an sub OU. Note it says “Disable Inheritance” indicating inherence is properly enabled: Note: Inheritance may be disabled for another reason so please confirm with your Administrative team before revising. Worse case you can manually add those permissions without enabling inheritence.   The same can happen to an individual user. In this case Inheritance is disabled thus the option displayed to “Enable Inheritance” :

  When you access your 365 Exchange mail trace and run a query it will show the “Go Hunt for this message” option.       However if you don’t have the proper Microsoft Defender Licensing it appears to fail the hunt: For a more manual FREE method of clear those messages out such as the one in the image below we can use the Compliance Features. From Admin Centers Open Compliance: Content Search: Name and Description (Shorter name is easier for script later)   I am only removing from Exchange in this instance:  I selected Query Build so I can customize for my query:  Confirm/Submit: You can monitor it from the Content Search and open it once status is complete:   Double click to open the results: Reminder: If your query legitimate or not contains more than 10 emails per mailbox or more that 50,000 mailboxes this will not work! If you have more than 10 it may only delete the first 10 it finds. If you run it over and over again it still won’t remove any m

  Veeam is now supporting OTP App MFA in their console application with the release of Veeam Backup and Replication v12. There is some preliminary work required. It requires a read through understanding first, but it works.   High level - While you can only do so much with access to the server, you can block RDP to it (best practice) and force MFA on local accounts in Veeam.   The snag is to turn on MFA you cannot use groups, so you need to add your Administrator or anyone else individually, set Veeam permissions and remove the default Administrators group.   To skip/block any account from requiring MFA you click on "this is a service account" and it won’t force MFA.   You then turn on MFA for the system. That enables it for the user that needs MFA and everyone else that is not a "service account". It will prompt them with a scannable app code and one you can cut and paste into an app such as mobile authenticator or ITGlue.   If access to that

If you have a newer domain you can setup failover to the new DHCP and then remove the failover dependency after or you can do a quick file copy if you can have a quick down window. I am a fan of the following process for efficiency: First I would recommend lowering your TTL on DHCP to 30 min to an hour Open command prompt as an administrator from the server you are exporting DHCP from: netsh dhcp server export C:\source\dhcp.dat all Copy the dhcp.dat to the C:\source\ on the new DHCP server Run the following command from command prompt as an administrator: netsh dhcp server import C:\source\dhcp.dat all Confirm settings imported and revise scopes as necessary Disable old DHCP server (disable service to avoid auto start later) Enable/Authorize new DHCP server and scope and test Note: Dont forget to point any DHCP helpers or other network appliances as necessary to the new DHCP server. Another migration method is to run the following:  From current DHCP Server export to c:\source (named

It happens all the time. You have a system you cant reach internally or other remote access software, but you can ping it and know it is alive. You know if it is restarted it will probably allow you access and you don't want to drive across town or worse to press a power button.  From a domain controller logged on as administrator run the following command from the run menu " Shutdown /i " The following shutdown menu will appear: ' Click Add to add the computer name you need to restart or shutdown. If you want it to restart it without delay, change the option from Restart to Shutdown so you can access and uncheck the greyed out "Warn user of the action" Then change dropdown back to restart and you can restart without "warning" You will have to put in a comment as well. before clicking ok. I would recommend you also open up a command prompt and run a constant ping using the Ping -t command to see when it goes offline and comes back for example: