Reset Internet Explorer settings from command line.

The group policy can block access to reset Internet Explorer which seems to need it much more than it should. To bypass this and reset the settings back to the default:

From a command prompt:

C:\> RunDll32.exe InetCpl.cpl,ResetIEtoDefaults

This will pop up the Reset Internet Explorer Settings window. Click Reset to reset everything except you personal settings. Obviously, you can check the “Delete personal settings” box if you want to delete you personal settings as well.

Exchange Search Mailbox

In order to search a mailbox, the account you are using must be a member of the “Discovery Management” role group.

To check:
[PS] >Get-RoleGroupMember “Discovery Management”

To add somebody to a role:
When you add somebody as follows, you will prompted for the member. For example, Administrator.
[PS] >Add-RoleGroupMember “Discovery Management”

If you are doing this as Administrator and are adding the Administrator account, you will need to restart your EMS (Exchange Management Shell).

Once you have added the role, you will be able to use the Search-Mailbox cmdlet. There are many search options. Below is a simple example searching the subject of a mailbox. The way this works is that the search results are sent to a target mailbox and folder.

[PS] C:\> Get-Mailbox alias | Search-Mailbox -SearchQuery {Subject:”searchfor“} -TargetMailbox mailbox -TargetFolder “foldername

[PS] C:\> Get-Mailbox jim | Search-Mailbox -SearchQuery {Subject:”work rules“} -TargetMailbox mailadmin -TargetFolder “SearchJim

So, in this example, the mailbox jim will be searched for any message with “work rules” in the subject line. Any results, will be put in the mailadmin’s mailbox in a folder called SearchJim.

You can do the same thing for the body of the message:
-SearchQuery {Body:”somethinginthbody”}

Or a date range, except you have to specify sent or received:
-SearchQuery {Received:(1/1/2010..12/31/2010)}
-SearchQuery {Sent:(1/1/2010..12/31/2010)}

Or if you want to search for more than one criteria:
[PS] C:\> Get-Mailbox alias | Search-Mailbox -SearchQuery {Subject:”searchfor” AND Body:”searchsomethingelse” AND Sent:(01/01/2010..12/31/2010)} -TargetMailbox mailbox -TargetFolder “foldername

To search To or From with a date with an estimate instead of copy to TargetMailbox:
Search-Mailbox alias -SearchQuery {Sent:(01/01/2015..12/31/2015) AND AND} -EstimateResultOnly

Moving mysql to a different partition – Ubuntu 12.04

I needed to move my MySQL databases to a different partition, since I was outgrowing the space. I created new space and used a mv command to move the files and preserve the permissions. I moved them to /mysql.

I set the permissions for the new directory:
chown mysql.mysql /mysql
chmod 700 /mysql
Then, I needed to modify the /etc/apparmor.d/tunables/alias file. Note: It is actually documented in the alias file for MySQL.

# vi /etc/apparmor.d/tunables/alias

alias /var/lib/mysql/ -> /mysql/,

# service apparmor restart
# service mysql start

Grant user permission to unlock Active Directory accounts.

OS: Windows 2012 R2

This is the command I used to grant a group permission to unlock accounts.

C:\> DSACLS “ou distinguished name” /i:s /G “group name“:rpwp;LockOutTime;user



Timestamp and lftp

I was using lftp to get a file and do a local listing of the transferred file. The timestamp was days off when I used “local ls”. With some experimentation, I was able to find that if I pass the command a switch I could get the file creation time.

This is what I used:

lftp> local ls -cl

Internet Explorer Group Policy not changing.

I was trying to change the home page policy and the proxy settings for Internet Explorer 11. I had looked at this a couple times but did not resolve the issue. I even started looking toward a registry option when I knew that this had to work. It turns out that is something really stupid, and has been the case for a long time. I just needed to hit the F6 key while the cursor was still on the changed setting. Then, you will see the red line under the setting go from red to green. It turns out that there are few function keys are important so I will note them here.

F5: This will configure and update of the settings.
F6: This will update only the setting you are currently positioned on.
F7: This will ignore only the setting you are currently positioned on.
F8: This will ignore all changes.

Windows 2012 R2 and .Net 3.5 Features

I changed my CD/DVD drive letter after I installed Windows Server 2012 R2 and a couple other features. Then, I wanted to install the .NET Framework 3.5 feature. It kept complaining out not being able to find the source. I had to set the new source location for it to install correctly.

From Server Manager, you add the role as you normally would until you get to the “Confirm installation selections” window:

Click the “Specify an alertnate source path” link and for the path enter the location with the correct directory of your 2012 R2 installation source. Since I changed my drive letter to the Z drive, mine was as follows.


From here, it installed as it normally would.

Note: I also discovered that if you apply some updates and then need to add the .NET 3.5 Framework feature, you might need to uninstall one or two of the updates. In my case, I had to remove update 2966828. I used the method specified here:

Uninstall/Install an Update from the Command Line – Windows Server 2012 R2

To list all installed updates:

c:\>wmic qfe list

To install an update:

c:\>wusa C:\somedirectory\someupdate1234567.msu

To uninstall an update:

c:\>wusa /uninstall /kb:1234567

Ubuntu – /var/log/syslog not rotating.

I was having trouble with any of the logs managed by rsyslog not rotating. This resulted in a number of huge log files, especially the /var/log/syslog file. Not only those but also others from remote systems since I was using this server as a syslog server.

All I needed to do is comment out the following line in the /etc/rsyslog.conf file:

$PrivDropToUser syslog

I restarted the rsyslog service.

# service rsyslog restart

Windows Group Policy to Run a Script with Privilege.

Sometimes you need to make a change to a lot of desktops, and you need to use an account with administrator level privilege. The best way I found to do this other running a script that would make the changes remotely was to add it to the startup script option in the a Group Policy.

I wrote the script (and tested it, obviously), and saved it with the logon scripts so it would replicate to all the domain controllers.

Then, I identified a current policy and edited it. This is a Computer Configuration policy that causes the script to be run upon reboot. You want to change the properties (add your script/command) for:

Computer Configuration/Policies/Windows Settings/Scripts/Startup
Click Add…
You can run the script from anywhere, but I chose the logon script directory for redundancy and efficiency.

This is where I stored the script and referenced:

Another option is store the script with the policy which might even be a better choice:

Once you’ve added the script, click Ok and close the Group Policy Management Editor.

Return top