Category Archives: Computers and Internet

Windows 10 (8.1): built-in commands is not recognized as an internal or external command


I see quser.exe and telnet.exe is in C:\Windows\System32.

image

But in Command prompt, it says “is not recognized as an internal or external command”. WTF Microsoft?

image

They screwed up (may be in name of security) big time.  I installed telnet client in Windows Features. It’s the same deal. WTF?

I didn’t find anything on Internet to fix this issue. Apparently I checked few computers of my friends, I found same f****** results.

Temporary Solution: .

  • Press Windows Key and R to launch Run window

image

  • Browse to C:\Windows\System32 and select cmd.exe. Click Ok to launch the Command Prompt.
  • Try now, it works.

image

Someday I will find what’s the reason it doesn’t work, if we launch just cmd.exe.

Country Codes used in Active Directory


User account has c and co attributes to specify the country of the user. c attribute has the country code and co has actual country name. When we edit the user accounts to populate the country code,  we need to know the correct code. These country codes are defined in ISO 3166 (LINK).

If you use PowerShell, use this command to update the country.

Set-ADUser <SAMAccountName> -Country US

For you convenience, I have created an CSV file (LINK) and also the table below.

English short name

Alpha-2 code

Afghanistan

AF

South Africa

ZA

Åland Islands

AX

Albania

AL

Algeria

DZ

Germany

DE

Andorra

AD

Angola

AO

Anguilla

AI

Antarctica

AQ

Antigua and Barbuda

AG

Saudi Arabia

SA

Argentina

AR

Armenia

AM

Aruba

AW

Australia

AU

Austria

AT

Azerbaijan

AZ

Bahamas (the)

BS

Bahrain

BH

Bangladesh

BD

Barbados

BB

Belarus

BY

Belgium

BE

Belize

BZ

Benin

BJ

Bermuda

BM

Bhutan

BT

Bolivia (Plurinational State of)

BO

Bonaire, Sint Eustatius and Saba

BQ

Bosnia and Herzegovina

BA

Botswana

BW

Bouvet Island

BV

Brazil

BR

Brunei Darussalam

BN

Bulgaria

BG

Burkina Faso

BF

Burundi

BI

Cabo Verde

CV

Cayman Islands (the)

KY

Cambodia

KH

Cameroon

CM

Canada

CA

Chile

CL

China

CN

Christmas Island

CX

Cyprus

CY

Cocos (Keeling) Islands (the)

CC

Colombia

CO

Comoros (the)

KM

Congo (the Democratic Republic of the)

CD

Congo (the)

CG

Cook Islands (the)

CK

Korea (the Republic of)

KR

Korea (the Democratic People’s Republic of)

KP

Costa Rica

CR

Côte d’Ivoire

CI

Croatia

HR

Cuba

CU

Curaçao

CW

Denmark

DK

Djibouti

DJ

Dominican Republic (the)

DO

Dominica

DM

Egypt

EG

El Salvador

SV

United Arab Emirates (the)

AE

Ecuador

EC

Eritrea

ER

Spain

ES

Estonia

EE

United States of America (the)

US

Ethiopia

ET

Falkland Islands (the) [Malvinas]

FK

Faroe Islands (the)

FO

Fiji

FJ

Finland

FI

France

FR

Gabon

GA

Gambia (the)

GM

Georgia

GE

South Georgia and the South Sandwich Islands

GS

Ghana

GH

Gibraltar

GI

Greece

GR

Grenada

GD

Greenland

GL

Guadeloupe

GP

Guam

GU

Guatemala

GT

Guernsey

GG

Guinea

GN

Equatorial Guinea

GQ

Guinea-Bissau

GW

Guyana

GY

French Guiana

GF

Haiti

HT

Heard Island and McDonald Islands

HM

Honduras

HN

Hong Kong

HK

Hungary

HU

Isle of Man

IM

United States Minor Outlying Islands (the)

UM

India

IN

British Indian Ocean Territory (the)

IO

Indonesia

ID

Iran (Islamic Republic of)

IR

Iraq

IQ

Ireland

IE

Iceland

IS

Israel

IL

Italy

IT

Jamaica

JM

Japan

JP

Jersey

JE

Jordan

JO

Kazakhstan

KZ

Kenya

KE

Kyrgyzstan

KG

Kiribati

KI

Kuwait

KW

Lao People’s Democratic Republic (the)

LA

Lesotho

LS

Latvia

LV

Lebanon

LB

Liberia

LR

Libya

LY

Liechtenstein

LI

Lithuania

LT

Luxembourg

LU

Macao

MO

Macedonia (the former Yugoslav Republic of)

MK

Madagascar

MG

Malaysia

MY

Malawi

MW

Maldives

MV

Mali

ML

Malta

MT

Northern Mariana Islands (the)

MP

Morocco

MA

Marshall Islands (the)

MH

Martinique

MQ

Mauritius

MU

Mauritania

MR

Mayotte

YT

Mexico

MX

Micronesia (Federated States of)

FM

Moldova (the Republic of)

MD

Monaco

MC

Mongolia

MN

Montenegro

ME

Montserrat

MS

Mozambique

MZ

Myanmar

MM

Namibia

NA

Nauru

NR

Nepal

NP

Nicaragua

NI

Niger (the)

NE

Nigeria

NG

Niue

NU

Norfolk Island

NF

Norway

NO

New Caledonia

NC

New Zealand

NZ

Oman

OM

Uganda

UG

Uzbekistan

UZ

Pakistan

PK

Palau

PW

Palestine, State of

PS

Panama

PA

Papua New Guinea

PG

Paraguay

PY

Netherlands (the)

NL

Peru

PE

Philippines (the)

PH

Pitcairn

PN

Poland

PL

French Polynesia

PF

Puerto Rico

PR

Portugal

PT

Qatar

QA

Syrian Arab Republic

SY

Central African Republic (the)

CF

Réunion

RE

Romania

RO

United Kingdom of Great Britain and Northern Ireland (the)

GB

Russian Federation (the)

RU

Rwanda

RW

Western Sahara*

EH

Saint Barthélemy

BL

Saint Kitts and Nevis

KN

San Marino

SM

Saint Martin (French part)

MF

Sint Maarten (Dutch part)

SX

Saint Pierre and Miquelon

PM

Holy See (the)

VA

Saint Vincent and the Grenadines

VC

Saint Helena, Ascension and Tristan da Cunha

SH

Saint Lucia

LC

Solomon Islands

SB

Samoa

WS

American Samoa

AS

Sao Tome and Principe

ST

Senegal

SN

Serbia

RS

Seychelles

SC

Sierra Leone

SL

Singapore

SG

Slovakia

SK

Slovenia

SI

Somalia

SO

Sudan (the)

SD

South Sudan

SS

Sri Lanka

LK

Sweden

SE

Switzerland

CH

Suriname

SR

Svalbard and Jan Mayen

SJ

Swaziland

SZ

Tajikistan

TJ

Taiwan (Province of China)

TW

Tanzania, United Republic of

TZ

Chad

TD

Czech Republic (the)

CZ

French Southern Territories (the)

TF

Thailand

TH

Timor-Leste

TL

Togo

TG

Tokelau

TK

Tonga

TO

Trinidad and Tobago

TT

Tunisia

TN

Turkmenistan

TM

Turks and Caicos Islands (the)

TC

Turkey

TR

Tuvalu

TV

Ukraine

UA

Uruguay

UY

Vanuatu

VU

Venezuela (Bolivarian Republic of)

VE

Virgin Islands (British)

VG

Virgin Islands (U.S.)

VI

Viet Nam

VN

Wallis and Futuna

WF

Yemen

YE

Zambia

ZM

Zimbabwe

ZW

Exchange 2013: Get-MoveRequest batch status returns nothing


I have added batch migrations (with an csv file) in Exchange 2013 web console. Then I wanted to see the migration (mailbox move) status in Exchange Shell.

Get-MoveRequest –BatchName “CorrectBatchName”

That returned nothing. I was baffled. I found the answer when I ran the following command. BatchName property has the correct batch name format.

Get-MoveRequest | FL

Answer: Since I submitted the migration batch in web console, it submitted to the migration service. Correct command is,

Get-MoveRequest –BatchName “MigrationService:Your Batch Name”

To see the statistics info, use this command.

Get-MoveRequest -BatchName “MigrationService:Your Batch Name”   | Get-MoveRequestStatistics

How to check PowerShell version?


You can check installed PowerShell version in three ways. Check out the commands below:

PS C:\> $PSVersionTable
Name                           Value
—-                           —–
PSVersion                      5.0.10130.0
WSManStackVersion              3.0
SerializationVersion           1.1.0.1
CLRVersion                     4.0.30319.42000
BuildVersion                   10.0.10130.0
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3

PS C:\> $Host.Version
Major  Minor  Build  Revision
—–  —–  —–  ——–
5      0      10130  0

PS C:\> (Get-Host).Version
Major  Minor  Build  Revision
—–  —–  —–  ——–
5      0      10130  0

AD: Get Display Name from user name (SAMAccountName)


I read PowerShell.com’s blog get display name out of user name in a one line.

Here is a quick way to find the current user in your Active Directory and retrieve account information such as the display name:

([adsisearcher]"(samaccountname=$env:USERNAME)").FindOne().Properties['displayname']

I have even found easier way than using Active Directory PowerShell Module.

(Get-ADUser $env:USERNAME).name

Exchange: How to get Mailbox size in Exchange Shell?


Get-MailboxStatistics cmdlet gives TotalItemSize which is the mailbox size. But the TotalItemSize doesn’t contain the mailbox size in numbers, it’s a PowerShell deserialized object.

This command displays the mailbox size from the value property:

(Get-MailboxStatistics -Identity username).TotalItemSize.Value

Example output: 10.43 GB (11,202,063,583 bytes)

But how to make it usable in creating reporting or other purpose. Convert that value to a string, split at ‘(‘ and take the first item in the split array.  Here is the command that gives you usable mailbox size.

(Get-MailboxStatistics -Identity username).TotalItemSize.Value.ToString().Split(“(“)[0]

Example output: 10.43 GB

If you want in all in bytes, use this cmdlet:

(Get-MailboxStatistics -Identity username).TotalItemSize.Value.ToString().Split(“(“)[1].Split(” “)[0].Replace(“,”,””)

Example output: 11202063583

Hope it is helpful for you.

Internet Explorer (IE) – “Continue to this website” option is missing


With the new update (KB2661254), Microsoft is started blocking the websites with certificate key length is 1024 or less. With this IE will never let you connect to site at all. All you get is “Click here to close this webpage”.

Image

Fortunately Microsoft explained how to override this security feature in the same KB article (https://support.microsoft.com/en-us/kb/2661254).

Solution:

  1. Open Command Prompt with Administrative Privileges (right click CMD.exe and select “Run as administrator”)
  2. Type certutil -setreg chain\minRSAPubKeyBitLength 512
  3. Log off and log back in

Here is the resolution by editing the registry key from the KB article:

Allow key lengths of less than 1024 bits by using registry settings
Microsoft does not recommend customers use certificates less than 1024 bits long. Customers may however need a temporary workaround while a longer term solution is developed to replace RSA certificates with a key length of less than 1024 bits length. In these cases, Microsoft is providing the customers the ability to change the way the update functions. Customers configuring these settings are accepting the risk that an attacker may be able to break their certificates and use them to spoof content, perform phishing attacks, or perform Man-in-the-Middle attacks.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
On Windows 8 or Windows Server 2012-based computers that have the update applied, the following registry path and settings can be used to control detection and blocking of RSA certificates with less than 1024 bit key lengths.

HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDLLCreateCertificateChainEngine\Config

There are four main values that control how keys under 1024 bits blocking works. These are as follows: •MinRsaPubKeyBitLength
•EnableWeakSignatureFlags
•WeakSignatureLogDir
•WeakRsaPubKeyTime
Each of these values and what they control are discussed in the following sections.

For operating systems starting with Windows Vista and Windows Server 2008, you can use certutil commands to change these registry settings. On Windows XP, Windows Server 2003, and Windows Server 2003 R2, you cannot use certutil commands to change these registry settings. However, you can use Registry Editor, reg command, or reg file.
MinRsaPubKeyBitLength
MinRsaPubKeyBitLength is a DWORD value that defines the minimum allowed RSA key length. By default, this value is not present, and the minimum allowed RSA key length is 1024. You can use certutil to set this value to 512 by running the following command:

certutil -setreg chain\minRSAPubKeyBitLength 512

NoteAll certutil commands shown in this article require local Administrator privileges because they are changing the registry. You can ignore the message that reads “The CertSvc service may have to be restarted for changes to take effect.” That is not required for these commands because they do not affect the certificate service (CertSvc).

You can revert to blocking keys that have a length of less than1024 bits by removing the value. To do this, run the following certutil command:

certutil -delreg chain\MinRsaPubKeyBitLength
EnableWeakSignatureFlags
The EnableWeakSignatureFlags DWORD value has three potential values: 2, 4, 6, and 8. These settings change the behavior of how the keys under 1024 bits detection and blocking works. The settings are described in the following table:

Decimal value Description
2 When enabled, the root certificate (during chain building) is allowed to have an RSA certificate with a key length of less than 1024 bits. Blocking of RSA certificates lower in the chain (if they have less than 1024 bit keys) is still in effect. The flag enabled when this value is set is as CERT_CHAIN_ENABLE_WEAK_RSA_ROOT_FLAG.
4 Enables logging, but still enforces blocking of RSA certificates with keys less than 1024 bits. When it is enabled, the WeakSignatureLogDir is required. All keys with less than 1024 bit length encountered are copied to the physical WeakSignatureLogDir folder. The flag enabled when this value is set as CERT_CHAIN_ENABLE_WEAK_LOGGING_FLAG.
6 When it is enabled, the root certificate is allowed to have an RSA certificate with a key less than 1024 bits and the WeakSignatureLogDir is required. All keys below the root certificate that have keys of less than 1024 bits are blocked and logged to the folder that is specified as the WeakSignatureLogDir.
8 Enables logging and does not enforce blocking of keys that have a length of less than 1024 bits. When it is enabled, the WeakSignatureLogDir is required. All keys encountered that have a length of less than 1024 bits are copied to the physical WeakSignatureLogDir folder. The flag enabled when this value is set is as CERT_CHAIN_ENABLE_ONLY_WEAK_LOGGING_FLAG.

Examples
To enable an RSA root certificate that has a key length of less than 1024 bits, use the following certutil command:

certutil -setreg chain\EnableWeakSignatureFlags 2

To enable logging while still blocking certificates that use a key length of less than 1024 bits, use the following certutil command:

certutil -setreg chain\EnableWeakSignatureFlags 4

To enable logging of only RSA certificates below the root certificate that have a key length of less than 1024 bits, use the following certutil command:

certutil -setreg chain\EnableWeakSignatureFlags 6

To enable logging only and not blocking key lengths of less than 1024 bits, use the following certutil command:

certutil -setreg chain\EnableWeakSignatureFlags 8