Powershell. Get computers from Active Directory with low disk space.

We have float pool in VMware Horizon and often C: disk is running out of space.
Here is a quick script that I wrote to get all computers from AD with low disk space.

Of course you can wrap it into function, add email notification or make some peace of code better, but I’m to lazy to do it:)
Here is how it’s looks like:

You just need to change $lowspaceGB to any disk space you need and $OU to yout target ou.
Also this script required ActiveDirectory powershell module on computer which run this code and winRM ports must be opened on target computers.

This script will ping every pc in OU and if computer will reply then disk space will be evaluated and printed out to console.

$lowspaceGB = "19"
$OU = "OU=Horizon-VDI,OU=CR,DC=Domain,DC=com"

$allpcs = Get-ADComputer -SearchBase $OU -Filter *
$availablepcs = @()
$lowspacepc = @()
$allpcs | %{
if (Test-Connection $_.DNSHostName -Count 1 -ErrorAction SilentlyContinue){
$availablepcs += $_.DNSHostName
}
}
foreach($pc in $availablepcs){
$freespace = (Invoke-Command -ComputerName $pc -Command {Get-PSDrive C}).Free
if ($freespace/1GB -lt $lowspaceGB){
$obj = New-Object System.Object
$obj | Add-Member -Type NoteProperty -Name "DNSHostName" -Value $pc
$obj | Add-Member -Type NoteProperty -Name "FreeSpaceGB" -Value ([math]::truncate($freespace/1GB))
$lowspacepc += $obj
}
}
$lowspacepc

Download script.

Windows Server 2016 and Flash Player.

If you are searching for how to enable flash player on Windows Server 2016 you should keep in mind that you must install RDSH as MS recomendation.
But if you havent license for RDHS and flash player that all you need then just run from cmd:

dism /online /add-package /packagepath:”C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.14393.0.mum

And of course, you must restart server. Thanks to God that no reboot requred for at least ip address change like in windows 98.

Group Policy Issue. Clients with KB3163622 stop to apply some GPO.

We are faced with GP problem after installing KB3163622 update .
All Policies with security filters weren’t proceeded by updated (with mentioned KB) clients.
Following error logged by command gpresult /v:

Filtering: Not Applied (Unknown Reason)

No additional information logged in eventlog.
Microsoft says that they change processing procedure and now when you add security filter you also should add either “Authentificated Users” group or “Domain Computers” group with Read permission (Don’t add Apply access for this groups) on Delegated tab.

gpo

If you have a lot of policies with filters you can use PowerShell Script from Microsoft Gallery, this script will check all policies and add appropriate permissions.

Squid. Pop3/SMTP. Firewalld based Linux.

Imagine that you have installed Squid on firewalld based system.
First interface (eth0) connected into internal network and second (eth1) to internet.
To allow client browsing you can use http_access, but if you want to enable client to use for example pop3 or smtp (which squid is not support) the only way is sNAT.

I can find how to enable NAT for all ports (Masquerading, snat) and how to nat port with iptables, but cannot find how to limit it by ports trough firewalld.
Most of Linux admins advice to downgrade to iptables. Here is how to do that with firewalld:

Relay Postfix emails to MS Exchange. SpamAssassin,Postfix,Exchange Step-by-Step. Part 2.

In previous article we’ve installed spamassassin and pair it with Postfix.
It’s time to relay all external filtered emails to our exchange.

From now your Postfix should relay all filtered by spamassassin emails to Microsoft Exchange, you can stop here or you can enable Postfix as Smart Host in Exchange send connector, relay for exchange already configured above.