Remove Symantec Agent with Group Policy.

I had a project where I have to deploy Sophos on 500 PC’s, however Symantec had to be uninstalled as a first step. There are few ways to uninstall Symantec via SCCM or Group policy configured to push out a scheduled tasks and run a powershell command. I choose group policy as it’s the quickest method for me. Symantec licenses were coming to an end and all the remote agents had to be removed.

As a first step create a new Group Policy, call it Uninstall Sep.

Go to Scheduled Tasks, right click and create a new task.

Follow the exact steps and make sure to use the account NT AUTHORITY\System which basically has god permission on all computers. When group policy is pushed to the computer, the scheduled task will run with administrative permissions and it will not prompt the user to enter an account.

You can define the triggers, I set mine to run daily and run at 12pm as users will be at lunch. The action tap is configured to start a program which is powershell as detailed below.

The program command is C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe and the argument -ExecutionPolicy Bypass -windowstyle hidden -noninteractive -nologo -noprofile -file “\\ci-pdc\SYSVOL\yourcompany.local\scripts\Script.ps1” Basically the script will run in the background and the user will not have any popup window, and no interaction whatsoever. I need this to run as quiet as possible. As you can see I put this script on my sysvol on one of my DC’s.

The Script.ps1 contains one simple command: (Get-WmiObject -Class Win32_Product -Filter “Name=’Symantec Endpoint Protection'” -ComputerName . ).Uninstall() this will run in powershell and removed Sep and all the data that is involved with the agent installed. Sophos does not like when you have another anti-virus program running and all the files and data associated with Symantec have to be deleted.

The script does not reboot the PCs and I found out that it’s not necessary to reboot the PC to push out Sophos even though it’s recommended. You can decide what the Settings and Common tap works for you as I left everything as default.

Assign the Group policy to the OU that contains the computers with security filtering configured for Authenticated Users and Domains Computers. You can either let Group policy update the PC’s based on whatever schedule your group policy runs on or force the update by right clicking the OU within Group Policy Management and click on Group Policy Update..

Let Group Policy apply to the PCs and you can check on one of them and go to Tasks Scheduler and see if the new tasks that you created shows up there. Once Group policy is pushed and the tasks had run on the PC, you can go to the Symantec Endpoint Protection Manager and check the status of the PC the agent is installed on. You can do this by going to Clients and see where your PC is and right click on it and select Edit Properties. Check the Deployment status and it should say Uninstall successful. This indicate the script had ran on the PC and uninstalled the SEP agent. You can delete the PC from the Symantec Endpoint Protection Manager to free up the license.

Once all this was done, I used SCCM 2016 to push Sohops as an application. I will include more details on that later on….



How do I change office 365 from first release for deferred channel to current channel with office deployment tool?

You can do this using the Office 365 Deployment Tool: Office 2016 Deployment Tool

TechNet has detailed instructions for how to use that tool (Overview: Office Deployment Tool), but the basics for this situation are:

  • Extract setup.exe and the configuration.xml file from the Microsoft download.
  • Edit the XML file to reflect the new settings that you desire (in this case, specifying the current release channel). This is a great interactive tool for helping you build a custom configuration.xml: Office Click-To-Run Configuration XML Editor
  • Open a command line and run: setup.exe /configure configuration.xml (you must have local admin rights to do this and browse to where the files are)
  • The Office click to run installer will make the changes and notify you when complete. This will reinstall office and keep the existing setup settings in place.

Other Method you can try which made this process is easier without the need of deployment tool is utilizing Microsoft script.

What is UPN and why to use it?

UPN or User Principal Name is a logon method of authentication when you enter the credentials as instead of Windows authentication method: domainname\username to be used as login. So UPN is BASICALLY a suffix that is added after a username which can be used in place of “Samaccount” name to authenticate a user. So lets say your company is called ABC, then instead of ABC\Username you can use at the authentication popup.

The additional UPN suffix can help users to simplify the logon information in long domain names with an easier name. Example: instead of “”, change it to “username@atlanta”, if you create an UPN suffix called Atlanta.

To add an UPN to active directory (via AD Domains and Trusts) is very simple (A Global Catalog Server is required; see note at the end of this post). See here or read below the steps to add UPN suffix to a florest

“Adding a UPN Suffix to a Forest

Open Active Directory Domains and Trusts.
Right-click Active Directory Domains and Trusts in the Tree window pane, and then click Properties.
On the UPN Suffixes tab, type the new UPN suffix that you would like to add to the forest.
Click Add, and then click OK.

Now when you add users to the forest, you can select the new UPN suffix to complete

the user’s logon name.”

ADSI – This is an acronym for Active Directory Service Interface. A library of routines that provide an interface to various directories, such as the Windows NT user account database and Active Directory. ADSI can be used in VBScript, Visual Basic, Visual Basic for Applications, and other environments. Besides NT and Active Directory, ADSI also supports Novell bindery, Novell NDS, Internet Information Server (IIS), and other LDAP compliant directories.

LDAP – This stands for Lightweight Directory Access Protocol. A language based on the X.500 directory standard that allows clients and servers to communicate. The LDAP provider allows access to the hierarchical structure of Active directory. However, the Windows NT user account database (the SAM account database on local computers) is not LDAP compliant.

WinNT – Windows NT namespace provider, supporting the Windows NT user account database. The WinNT provider can also be used to access Active Directory, but it exposes it as a flat namespace.

PowerShell – Microsoft’s new scripting language and command line shell, based on C# and the Microsoft .NET Framework. PowerShell statements can be entered one at a time in the PowerShell command line shell, or in a script with the statements saved in a file with .ps1 extension.

Directory Service – Repository of network operating system information to manage users and resources in a network.

Active Directory – Microsoft’s directory service database for Windows 2000, 2003, and 2008 networks. Stores information about resources on the network and provides a means of centrally organizing, managing, and controlling access to the resources. Recently, this has been called Active Directory Domain Services, or AD DS. Microsoft also has a product called Active Directory Lightweight Domain Services, or AD LDS (formerly called Active Directory Application Mode, or ADAM).

AD DS – Acronym for Active Directory Directory Services.

AD LDS – Acronym for Active Directory Lightweight Directory Services. This used to be called Active Directory Application Mode, or ADAM.

ADO – Acronym for ActiveX Data Objects. ADSI can act as an OLE-DB provider that allows database queries of Active Directory using ADO. Searches using ADO are only allowed in the LDAP namespace. For more information, see ADO Search Tips.

WMI – Acronym for Windows Management Instrumentation. WMI is a new management technology allowing scripts to monitor and control managed resources throughout the network. Resources include hard drives, file systems, operating system settings, processes, services, shares, registry settings, networking components, event logs, users, and groups. WMI is built into clients with Windows 2000 or above, and can be installed on any other 32-bit Windows client.

ADsPath – A string that specifies an object in Active Directory or the NT SAM account database. In Active Directory, the ADsPath includes the provider (either “LDAP://” or “WinNT://”) and the path to the object in Active Directory. Using the LDAP provider, this path includes the Distinguished Name of the object.

Distinguished Name – A string that uniquely identifies an object in Active Directory. Used by the LDAP provider to bind to the object. The Distinguished Name, sometimes abbreviated DN, specifies the name of the object (the Relative Distinguished Name) and the location of the object in the hierarchical structure of Active Directory. The DN of any object is a string of Relative Distinguished Names separated by commas.

Relative Distinguished Name – The name of an object in Active Directory relative to it’s location in the hierarchical structure of AD. The Relative Distinguished Name, sometimes abbreviated RDN, will be the lowest level component of the Distinguished Name. The RDN must be unique in the container (or OU), while the DN will be unique in the forest.

cn = Common Name
Active Directory Attribute = SAM-Account-Name
LDAP property = sAMAccountName

source: Names for Objects in Active Directory:

Well written article on name atributes

More in UPN

Good information on UPN with screenshots

When a user principal name (UPN) is used at logon and the forest has more than one domain, a global catalog server is required to resolve the name.

Installation, Storage and Compute With Windows server 2016

This is my personal study notes for the book and exam This is a supplement book that should be used with other materials to prepare you for the exam.

Chapter 1 Key Notes:

Install Windows Servers in host and compute environment.

Skills in this Chapter:

  • Install, upgradeI, migrate servers and workloads.
  • Install and configure Nano Server
  • Create, manage, and maintain images for deployment

Skills 1.1: Install, upgrade, and migrate servers and workloads

  • Which Windows server should you install?
  • Which installation option should you use?
  • Which roles and features does the server need?
  • What virtualization strategy should you use?

Minimum hardware Requirement for installing Windows Server 2016:

  • Processor: 1.4Ghz 64bit
  • Ram: 512 MB ECC for server core, 2GB WCC for server with Desktop Experience.
  • Disk Space: 32Gb bare Minimum on a SATA or comparable drive
  • Network adapter: Ethernet, with gigabit throughput
  • Monitor: Super VGA (1024 X 768) or higher
  • Keyboard and mouse
  • Internet (Activation, Windows updates)

Windows Server 2016 does not support the use of ATA, PATA, IDE, or EIDE interfaces fot boot, page, or data drives. Additional space is need when installing Desktop Experience, additional roles, computer has more than 16GB or more of RAM. The additional disk space is required for paging, hibernation, and dump files.

Maximum hardware and Virtualization limits:

Previously processor maximum were at one time measured in the number of sockets, now it has changed to numbers of cores and logical processors.

The maximum hardware configuration for Windows Server 2016 are as follows:

  • Processor: A server host supports up to 512 logical processors (LPs) if Hyper-v is installed.
  • Memory: Up to 24 Terabytes per host server and up to 12 terabytes per virtual machine.
  • VHDX Size: Up to 64 Terabytes.
  • Virtual Machine: Up to 1,024 per host machine.
  • Virtual machine processors: Up to 240 virtual machine.

* Inter Processors have a feature called Hyperthreading, which enables a single core to process two threads simultaneously when Hyper-V is running. Intel processors have two LPs per core when Hyper-v is running and one LP per core when Hyper-v is not running. AMD Processors have a one LP per core.

Determining appropriate Windows Server 2016 edition per Workloads:

Questions to ask:

  • What roles and features will you need to run on the server?
  • How will you obtain license for the server?
  • Will you be running Windows Server 2016 on a virtual or physical machine?

Windows Server 2016 Editions:

  • Windows Server 2016 Datacenter, This is intended to large and powerful servers in highly virtualized environment. It allows for unlimited number of operating system environment (OSEs) or Hyper-v Containers. (OSE is used to describe Windows instances running on a computer. An OSE can be physical or virtual machine. An example would be a server running hyper-v as well as one virtual machine, each would be considered an instance.) Datacenter Features include: Storage Space Direct, Storage Replica, Shielded VM and a new networking stack with additional virtualization options.
  • Windows server 2016 Standard can run two OSE, and it has the same core set of features as the Datacenter. It lacks the storage and networking features.
  • Windows Server 2016 Essentials: Same features as in the Datacenter and Standard, however it does not include the Core installation option, It supports only one OSE and a maximum of 25 users and 50 devices.
  • Windows Server 2016 Multi-point Premium Server, It used for academic licensing and enable multiple users to access a single server installation.
  • Windows storage server 2016 server: The storage server edition is bundled as part of a dedicated storage hardware solutions.
  • Windows Hyper-V server 2016: Available at not cost, it’s only a hypervisior without GUI.

Storage Space Direct: We can use inexpensive drive arrays to create high-availability storage solutions without the need for expensive arrays or controllers with built-in storage management intelligence. The intelligence is incorporated into the OS enabling the use of JBOD(just bunch of disks arrays) .

Storage Replica: Provides-Storage-agnostic, synchronous, asynchronous volume replication between local or remote servers using SMB Version 3 protocol.

Shielded Virtual Machine: Provides VM’s with from compromised admins that have access to Hyper-V host computer by encrypting the VMs state and its virtual disks.

Network controller: Provides a central automation point for network infrastructure configuration, monitoring, and troubleshooting.

Performing a mass deployment:

For a mass operating system deployment, you can use a server-based technology, such as Windows Deployment Services (WDS), to deploy image files automatically. WDS enables you to create boot images as a way of deploying the WDS boot image is to use the Preboot Execution Environment (PXE) feature included with most network interface adapters. PXE is built into the adapter’s firmware and enables a computer with no operating system to discover a Dynamic Host Configuration Protocol (DHCP) server on the network and request a configuration from it. The DHCP server supplies the client with the IP address of a WDS server, which the client then uses to connect to the server and download a boot image. The client system can then boot from that image and run a WDS client program that initiates the operating system installation.

Installing Powershell to install roles:

The basic syntax of the cmdlet is as follows:  install-windowsfeature -name featurename [- includeallsubfeature] [-includemanagementtools] To install a role or feature, you must use a PowerShell session with administrative privileges. Then, you must determine the correct name to use for the role or feature you want to install. To do this, you can list all of the available roles and features available in Windows by running the Get-WindowsFeature cmdlet, the first part of which is shown in Figure 1-11.

You can also add the IncludeAllSubFeature parameter to install all of the subordinate components for a role. Unlike Server Manager, which automatically includes the management tools associated with a role when you install it, the Install-WindowsFeature cmdlet does not. If you want to install the Microsoft Management Console snap-in or other tools used to manage a role or feature, you must add the IncludeManagementTools parameter on the command line.

*In Windows Server 2016, you can no longer add or remove the GUI elements after the operating system installation. In addition, there is no Minimal Server Interface option, as in Windows Server 2012 R2. This means that, at installation time, you must choose between a full graphical interface, similar to that of Windows 10, and a command line only.

When you select the Windows Server Core installation option, you get a stripped-down version of the operating system. There is no Taskbar, no Explorer shell, no Server 39 Manager, no Microsoft Management Console, and virtually no other graphical applications. However, the advantages of running servers using the Server Core option are several, including the following: Hardware resource conservation Server Core eliminates some of the most memory- and processor-intensive elements of the Windows Server 2016 operating system, thus devoting more of the system resources to running applications and essential services. Reduced disk space Server Core requires less disk space for the installed operating system elements, as well as less storage space devoted to memory swapping, which maximizes the utilization of the server’s storage resources. Fewer updates The graphical elements of Windows Server 2016 are among the most frequently updated features, so running Server Core reduces the number of updates that administrators must apply. Fewer updates also means fewer server restarts and less downtime. Reduced attack surface The less software there is running on the computer, the fewer entrances there are available for attackers to exploit. Server Core reduces the potential openings presented by the operating system, increasing its overall security

Configuring Server Core:

Immediately after the installation, however, you might be forced to perform some basic post-installation tasks interactively, such as configuring the network adapter, renaming the computer, and joining the server to a domain

With this information, you can select the interface of the adapter you want to configure and use a command like the following to configure it: new-netipaddress -interfaceindex 6 -ipaddress – prefixlength 24 -defaultgateway

The functions of the command line parameters are as follows:

interfaceindex Identifies the adapter in the computer to be configured, using index numbers displayed by the Get-NetAdapter cmdlet.

ipaddress Specifies the IP address to be assigned to the adapter.

prefixlength Specifies the subnet mask value to be associated with the IP address. The numeral specifies the number of network bits in the IP address. For example, a prefixlength value of 24 is the equivalent of a subnet mask value of

defaultgateway Specifies the IP address of a local router that the computer should use to access other networks.

To configure the DNS server addresses for the adapter, you use the SetDnsClientServerAddress cmdlet, as in the following example: Set-dnsclientserveraddress -interfaceindex 6 -serveraddresses (“″,””)

To rename the computer and join it to a domain, you can use the Add-Computer cmdlet, as in the following example: add-computer -domainname -newname ServerB – credential adatum\administrator

The functions of the command line parameters are as follows:

domainname Specifies the name of the domain that you want the computer to join

newname Specifies a computer name that you want to assign to the computer

credential Specifies the domain and account names for a domain user with domain join privileges

Manage Windows Server Core installations using Windows PowerShell, command line, and remote management capabilities

As an alternative to the Add-Computer PowerShell cmdlet, you can use the Netdom.exe tool from the command prompt to rename a computer and join it to a domain. To rename a computer, you use the following command:  netdom renamecomputer %computername% /newname: newcomputername, To restart the computer after changing its name, you use the Shutdown.exe tool, as follows: shutdown /r.  To join a computer to a domain using Netdom.exe, use the following command: netdom join %computername% /domain: domainname /userd: username /passwordd:* In this command, the asterisk (*) in the /password parameter causes the program to prompt you for the password to the user account you specified.

In Windows Server 2016, the Windows Remote Management (WinRM) service is enabled by default, so you can create a remote PowerShell session using the New-PsSession cmdlet, as in the following example: new-pssession -computername rtmsvrd

In this example, Rtmsvrd is the remote Server Core computer you want to manage. 43 Running this command creates a connection to remote computer and assigns it an ID number as shown in Figure: