使用 Let's Encrypt 來作為 VDI - RDCB 憑證時更新 GPO 派送 Thumbprints 的處理

連接 RemoteAPP 或 VM 的時候會跳出以下訊息
A website is trying to run a RemoteApp Program. Make sure that you trust the publisher before you connect to run the program
This Remoteapp program could harm your local or remote computer.

已知這個必須以 GPO 派送 RDCB 憑證的 Thumbprints
GPO 設定路徑如下:

Windows Components\Remote Desktop Services\Remote Desktop Connection Client

>> Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
但要使用 Let's Encrypt 這種兩、三個月就要更換一次憑證的免費方案的話
還要手動更新 GPO 設定中的指紋太麻煩了，於是找到相關的 PowerShell 指令可以用

Step-by-Step Guide for upgrading SYSVOL replication to DFSR (Distributed File System Replication)

以下文章非本人撰寫，僅為預防出處網頁有一天不存在而轉載
This Article is not written by myself.
Just a backup in case of the original one might be offline someday.
All credit goes to http://www.rebeladmin.com

Origin URL：
http://www.rebeladmin.com/2015/04/step-by-step-guide-for-upgrading-sysvol-replication-to-dfsr-distributed-file-system-replication/

SYSVOL is a folder shared by domain controller to hold its logon scripts, group policies and other items related to AD. All the domain controllers in network will replicate the content of SYSVOL folder. The default path for SYSVOL folder is %SystemRoot%\SYSVOL. This folder path can define when you install the active directory.

Windows Server 2003 and 2003 R2 uses File Replication Service (FRS) to replicate SYSVOL folder content to other domain controllers. But Windows server 2008 and later uses Distributed File System (DFS) for the replication.  DFS is more efficient than FRS. Since windows server 2003 is going out of support, most people already done or still looking for migrate in to latest versions. However migrating FSMO roles WILL NOT migrate SYSVOL replication from FRS to DFS. Most of the engineers forget about this step when they migrate from windows 2003 to new versions.

For FRS to DFS migration we uses the Dfsrmig.exe utility. More info about it available on https://technet.microsoft.com/en-au/library/dd641227(v=ws.10).aspx

Chrome 的 Command Mode (--headless) 進行 ScreenShot

遇到一個問題

使用 Chrome 的 Command Mode (--headless) 進行 ScreenShot 指令如下:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --headless --disable-gpu --run-all-compositor-stages-before-draw --aggressive-cache-discard --disable-notifications --disable-remote-fonts --disable-reading-from-canvas --disable-remote-playback-api --disable-shared-workers --disable-voice-input --enable-aggressive-domstorage-flushing --window-size=1024,768 --screenshot="C:\Temp\ScreenShot.png" "https://www.google.com"

這個指令在 cmd 視窗直接執行時沒有問題，可以取得圖檔

但是如果放到 Task Scheduler 裡面跑的時候卻無法取得圖檔

由於不知道怎麼查 Chrome 的 Log ，所以先朝打開 Log 著手

在以下網站查到了怎麼開 Log

PHP Webhook API Close Connection

Webhook API 一般希望在接收連線資料後盡速將連線中斷再去執行後面的其他運算
實際運作可以這樣:
1. 先回應 200 ok
2. 取得 HTTP header
3. 取得送來的資料
4. 斷線
後面再去做資料運算
程式碼這樣寫

Hidden / Disable items in Windows 10 Settings App

微軟想用 Settings App 取代 Control Pannel

其中的一些設定項目必須用以下方式在 GPO 中設定才能隱藏起來

https://support.microsoft.com/en-za/help/4019502/how-to-use-the-settings-app-group-policy-on-windows-10

1. Open the Local Group Policy Editor and then go to Computer Settings, Administrative Templates, and then Control Panel.
2. Double-click the Group Policy Settings Page Visibility option and then select Enable.
3. Depending on your need, specify either a ShowOnly: or Hide: string.
   If you want to only show only Proxy and Ethernet, the string would be as follows:
   ShowOnly:Network-Proxy;Network-Ethernet
   Hide:Network-Proxy;Network-Ethernet

To determine the URI of a Settings app page, look up the URI on the ms-settings: URI scheme reference page.

https://docs.microsoft.com/en-us/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference

踩雷系列: Windows Server 2019 網卡設定 發生錯誤: Windows cannot access the specified device path or file

新式的設定視窗中

Settings -> Ethernet -> Change adapter options

顯示:

Windows cannot access the specified device, path or file. You may not have the appropriate permission to access the item.

事實上如果開檔案總管自己輸入 Control Pannel 到舊式的網卡設定是沒問題的

解決辦法參考：

超簡單利用 php 透過 API 將圖片傳到 imgur (免費)

註冊 imgur API

首先到 https://imgur.com 註冊帳號 (註冊過程不寫了)

登入後點選左邊 imgur icon 下拉選單選到 developer api

Install SQL on Server Core

先用 Standard / Enterprise 版產生 ConfigurationFile.INI
*. Express 版本安裝 GUI 沒有一個 (Ready to Install 的步驟可以停下來產生 .ini 檔)
取得 ConfigurationFile.INI 後進行以下變更

有關磁碟機 Drive 的一些 PowerShell 指令

指定光碟機為 Z:

Get-WmiObject -Class Win32_volume -Filter 'DriveType=5' | Select-Object -First 1 | Set-WmiInstance -Arguments @{DriveLetter='Z:'}
改好後須 Reboot (或有什麼 Command 可以移除舊的 Drive Letter?)

將 Disk Online

Get-Disk | where {$_.OperationalStatus -eq "Offline"} | Set-Disk -IsOffline $False

變更分割區磁碟代號

Get-Disk -Number 1 | Get-Partition -PartitionNumber 2  | Set-Partition -NewDriveLetter D

KMSHost Install

Windows Server
slmgr.vbs /ipk KMS-Key
slmgr /ato

Office 2010
https://www.microsoft.com/en-us/download/confirmation.aspx?id=25095
slmgr.vbs /ipk KMS-Key
Office 2010： slmgr /ato BFE7A195-4F8F-4F0B-A622-CF13C7D16864

Office 2013
https://www.microsoft.com/de-ch/download/details.aspx?id=49164
slmgr.vbs /ipk KMS-Key
slmgr /ato 2E28138A-847F-42BC-9752-61B03FFF33CD

Office 2016
https://www.microsoft.com/de-ch/download/details.aspx?id=49164
slmgr.vbs /ipk KMS-Key
slmgr /ato 98EBFE73-2084-4C97-932C-C0CD1643BEA7

Office 2019
https://www.microsoft.com/de-ch/download/details.aspx?id=57342
slmgr.vbs /ipk KMS-Key
slmgr /ato 70512334-47B4-44DB-A233-BE5EA33B914C

Office 2010 KMS Host Package 無法安裝在 Windows Server 2016 以上版本的解決:
執行後在 C:\Program Files (x86)\MSECache\OfficeKMS 取得 kms_host.vbs
修改後直行即可
Search: If (Ver(0) = "6" And Ver(1) >= "2") Or (Ver(0) >= "7") Then
Replace: If (Ver(0) = "6" And Ver(1) >= "2") Or (Ver(0) >= "7") Or (Ver(0) => "10") Then