Date Last opened for all applications

Because several applications are paid separately (Visio is the example) from the rest of O365, and we were running low on licenses (and we also didn’t have a Software Audit tool installed), I had to find the quick and dirty (ie cheap and fast) way of finding out the information required.

It was easy to pull who had a license associated with their account. Just log into the Admin Portal admin.microsoft.com, navigate under Billing > Licenses > click on the product.

In my case it’s Visio Plan 2. Licenses 0 available, 32 assigned.

Powershell to the rescue

$name = $env:COMPUTERNAME
$path = "\\fileserver.domain.tld\share\subdir\" + $name + "_lastusedApp.csv"
Get-ChildItem -Path ${env:ProgramFiles(x86)} -Filter "*.exe" -Recurse | Get-ItemProperty | select name,lastaccesstime | sort -Property lastaccesstime | Export-Csv -Path $path -Encoding ascii -NoTypeInformation

Just need to run that remotely on the system. You can psexec or I was trying to use the invoke-command but was coming up with lack of rights to run remote scripts and didn’t need to look any further.

The .csv then shows a list of all installed applications and the last time they were opened. Unfortunately if someone never reboots their system (uptime over a year or so) and keeps the application(s) open that entire time, it’ll appear as though they haven’t “used” it in the last year. Just something to keep in mind.

Tinypilot KVM

I decided to get a tinypilot kvm device for testing purposes – it’s actually pretty neat. Sure I could have saved a few bucks by building it myself, but this way I save time and support someone else’s great ideas.

Anyway, to update the device, SSH to it (DNS name is generally tinypilot)

Login with tinypilot/flyingsopi

Run

/opt/tinypilot/scripts/upgrade && sudo reboot

Corrupt User Profile

Eventviewer was showing Event ID 1515 and I was logged in as with a temporary profile. No other user was experiencing this, so I went about fixing with REGEDIT.

  • Open Regedit
  • Start > Run > regedit
  • Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\
  • Find any profiles with “.bak” in them
  • Delete the .bak entire subkey
  • Log off, log on

Windows Apps

So this all started because I was unable to open the Windows Security Center. It just wouldn’t open.

I tried to open SecHealthUI.exe directly (C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI*\) and that failed out. Eventviewer showed Faulting application name: sechealthui.exe, faulting module name: KERNELBASE.dll. Someone wanted me to re-run the kernelbase.dll registry (regsvr32 kernelbase.dll) which doesn’t do anything unless you give yourself administrative privs to the kernelbase.dll file. And didn’t fix my issue anyway.

What did help me was re-installing all of the Windows Apps with the following powershell command:

  • windows key + x
  • Select Windows Powershell (Admin)
  • Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
  • Profit

And, because this is entitled “Widnows Apps”..

  • Uninstall XBox Windows-related items
  • Select Windows Powershell (Admin)
  • Get-AppXPackage *xboxapp* -AllUsers | Remove-AppXPackage

Enable SNMP on ESXi

Inheriting 3 different companies’ worth of Virtual infrastructure is sometimes a giant PITA. This holds true especially when the 3 different companies all had multiple “admin’s” working at any given time without established standards for naming, setup, configuration, or even maintenance.

Some of the newly-installed VMWare equipment wasn’t showing up on my Nagios monitoring board. First step is to make sure that snmp is setup and actually running (hint, it was not).

I ended up at this auvik support site – and, if it wasn’t so expensive (our budget is about 1/3 of what it “should be” – I would be running this for monitoring of our infrastructure. Think of it as cloud prtg. https://support.auvik.com/hc/en-us/articles/206311526-How-to-enable-SNMP-on-a-VMware-ESXi-hypervisor#topic_esx6

Since we’re running ESXi 6.5 and 6.7 currently:

  • SSH to your ESXi box using the root account
  • esxcli system snmp set -r
  • esxcli system snmp set -c YOURCOMMUNITY
  • esxcli system snmp set -p 161
  • esxcli system snmp set -L "City, State, Country"
  • esxcli system snmp set -C noc@domain.tld
  • esxcli system snmp set -e yes

Or, if you’re using ESXi 7:

  • SSH to your ESXi box using the root account
  • esxcli system snmp set --communities YOURCOMMUNITY
  • esxcli system snmp set --enable true

Nagios Add User

Yes, I’m a creature of habit. I started using Nagios back in 2005 and it was awful. I mean it “worked”, but I had no idea what I was doing. Reinstalling, installing, configuring, new jobs… each time I was learning from my previous mistakes and making it better. It’s now at the point I can perform most of the work without actually referencing anything else. But the point of this blog is for my own notes, so here goes.

  • SSH to your nagios server. I use putty from my primary Windows desktop.
  • Switch to root
    • sudo su -
  • Create the new web user account and password
    • htpasswd /usr/local/nagios/etc/htpasswd.users MYNEWUSER
  • Enter the password twice

Sometimes you’ll receive an error message about “You do not have permission to view information for any of the services you requested”. So we’ll have to edit the cgi.cfg.

  • SSH to your nagios server
  • sudo su -
  • nano /usr/local/nagios/etc/cgi.cfg
  • Add the MYNEWUSER wherever necessary
    • authorized_for_system_information=nagiosadmin,userhere,MYNEWUSER

Battery Health Windows

Had a remote user complain that his laptop’s battery was only lasting “about 5 minutes” before it would either shutdown or he’d have to plug it in. The laptop was 3 years old, but the battery had already been replaced ~6 months ago.

It’s at this point that I’d like to push my own thinking. This user had received a new-to-him laptop as the first member of his team to be upgraded from Windows 7 to Windows 10. If you’re familiar with Dell products, he upgraded from a 7480 to a 7490 laptop. If you’re also familiar with how office politics goes, as soon as one person on a team has something new/shiny, the others want it too. Well this PoC upgrade process (he was part of a pilot group) went well. Fast forward 6 months and the rest of his team is receiving 7400 laptops and he feels like he’s missing out (total conjecture) as part of their windows 10 upgrade process.

Anyway, you can run the battery report remotely assuming they’re somehow connected to the network – usually via a VPN or directly on the network.

  • Run Powershell as an Administrator
    • windows key + x, Windows Powershell (Admin)
  • powercfg /batteryreport /output "C:\temp\battery-report.html"
  • Open the battery-report.html in any browser

Ramblings Of An IT Person