Quickly find AD user password expiration date

Knowing when a password should expire is sometimes useful information.
To find out all users password expiration date, open up powershell on the DC and run:

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties “DisplayName”, “msDS-UserPasswordExpiryTimeComputed” | Select-Object -Property “Displayname”,@{Name=”ExpiryDate”;Expression={[datetime]::FromFileTime($_.”msDS-UserPasswordExpiryTimeComputed”)}}

It will output for you a human readable list such as in the above post screenshot.
I have tested and can confirm that the above script is working on Server 2008, 2008 R2, 2012, 2012 R2, 2016 & 2019.

Adobe reader on Server 2016

Adobe have been rather silent recently when it comes to running reader on server 2016

Adobe reader is used by many professions, and in many capacities. It used to be one of the most commonly installed applications on business PC’s by anyone in any sector. However, Server 2016 is not supported.

https://helpx.adobe.com/reader/system-requirements.html

This makes it a nightmare for modern portable apps, RDS servers(Terminal servers) or even just file servers.

So there is a work around, however it is not recommended. The best fix for this is to scrap Adobe, and move to one off the other large PDF Vendors out there to cater to your PDF viewing needs.

Three that i have personally verified as working and are supported on server 2016 are:

  • Nitro Pro
  • Abby PDF reader
  • TinyPDF

There will however be a small percentage of us admins or superusers, that have to get this Adobe based software working.

Workaround to get Adobe reader on Server 2016

Start by using the latest installer for Windows 10,
Once installed, you may find that it will work for a while, but eventually as it updates you will no longer be able to open PDF documents using it.
To get around this you have to unfortunately turn off protected mode.

Now, i shouldn’t really need to preface this, but i will. This is not supported, nor recommended – Reader has a protected mode for a reason, disabling it is opening you to all sorts of vulnerabilities.

If you do wish to continue, open up Adobe Reader – go into Edit –> Preferences –> Security (enhanced) –>

Turn Protected mode off, and untick ‘ Enable protected mode at startup’

If you like I could not even get to the preferences panel in order to change these settings then all you need to do is open adobe reader by accessing via compatibility mode. Set this as XP (which itself does not support protected mode) – then change settings, and then change compatibility mode back off.

Let me know in the comments if this has helped you.

Get rid of the “Updates are available” pop-up

The Updates are available popup is the source of much irritation for anyone remotely administering windows 10, Server 2012 and server 2016

To get around this popup – which lets face it, is just downright inconvenient; we need to stop the exe file that produces this window from running. Code below, with comments preceded by a #

Run command prompt as administrator (elevated) and enter these commands:

#change directory to system32
cd /d "%Windir%\System32"

#Take over permissions owner to current admin
takeown /f musnotification.exe

#Change permissions to deny anyone/system running from it
icacls musnotification.exe /deny Everyone:(X)

#Take over permissions owner to current admin
takeown /f musnotificationux.exe

#Change permissions to deny anyone/system running from it
icacls musnotificationux.exe /deny Everyone:(X)

You will see form the above, that there are two processes ‘musnotificationux.exe’ and ‘musnotification.exe’ that are responsible for querying updates and notifying the end user. The great part of this fix, is that it will not interfere with any update processes themselves, just the notifications. So have no fear – updates will still continue to function as normal, just now without this troublesome pop-up.