Categories
it

Printer deployment with Group Policy Preferences and error 0x80070bcb

TL;DR

If you get the error 0x80070bcb when deploying your printers follow the instructions below.
Enable and configure these two GPO’s for all clients you want to deploy the printers to:

Computer Configuration > Policies > Administrative Templates > Printers > Package Point and print - Approved servers

Computer Configuration > Policies > Administrative Templates > Printers > Point and Print Restrictions

Configure them as follows:

In the Policy Package Point and print - Approved servers I had to add the FQDN of the print server.

For the Policy Point and Print Restrictions I had to check the checkbox Users can only point and print to these servers and add the FQDN of the print server. The security prompts I configured as follow:

When installing drivers for a new connection: Do not show warning or elevation prompt

When updating drivers for an existing connection: Show warning only


This week we migrated an old print server from Windows Server 2008 R2 to Windows Server 2019. And we changed the way we deployed printers. Before the change, the user had to select the printer by himself, and there was no automatic deployment. So every employee who wanted a printer gad to go to the printer settings and added the printer. This implementation resulted in many calls to the IT office because the user doesn’t know the nearest printer’s name. So to avoid this situation, we decided to deploy printers using Group Policy Preferences (GPP). GPP’s are like regular Group Policy Objects (GPO), and you can configure the same way. To learn more about the differences, I recommend this article

After configuring the deployment for all printers, most deployed successfully, but a few printers seem to have difficulties. When I wanted to see the GPO result with the command gpresult, I saw the error 0x80070bcb with all printers that didn’t successfully deploy.  This problem seems to be a Windows 10 User Account Control (UAC) problem that exists since Windows Vista.
To resolve this error, I had to enable and configure the two following GPO’s for all Computers that I wanted to deploy the printers too.

Computer Configuration > Policies > Administrative Templates > Printers > Package Point and print - Approved servers

Computer Configuration > Policies > Administrative Templates > Printers > Point and Print Restrictions

In the Policy Package Point and print - Approved servers I had to add the FQDN of the print server.

For the Policy Point and Print Restrictions I had to check the checkbox Users can only point and print to these servers and add the FQDN of the print server. The security prompts I configured as follow:

When installing drivers for a new connection: Do not show warning or elevation prompt

When updating drivers for an existing connection: Show warning only

After having configured these two GPO’s, I forced a GPO update with gpupdate /force, and the printers that didn’t appear before appeared now with no errors.

Acknowledgment:

Thanks a lot to this article that directed me in the right direction:
https://www.adamfowlerit.com/2017/07/deploying-printers-windows-10

About the Author

Hello my name is Loris Scandurra and I am an engineer and project manager based in Switzerland. I write about issues I encounter during my work and other stuff that would be useful or entertaining to document. If you want to write me an E-Mail do so at ls@lorisscandurra.com

Categories
it

Exchange 2016 Hybrid setup false password/username

TL:DR

Don’t copy and paste the credentials. Type them in manually, and the setup will proceed normally.


I am currently doing a general infrastructure update for a customer. During this process, we migrated all Users from Exchange 2010 to Office 365 Mailboxes. But due to how Microsoft (sadly) designed their Office 365 with an On-premise Active Directory environment, you still need a local Exchange Server to manage the Exchange attributes in your On-Prem Active Directory [read the doc]. And because we didn’t want to leave an old Exchange Server with Windows 2008 R2 running in the network, we decided to install a new Exchange Server.
You don’t need to pay for a new Exchange License for this, because the new Exchange Server will only be a Hybrid Server that doesn’t contain any mailboxes itself. So for this, Microsoft provides a Hybrid License for an Exchange Server 2016. After setting up a VM with Windows Server 2016, I started the Exchange installation. The Exchange installation detected a Hybrid setup and asked me to insert the user credentials of an Office 365 Admin. So I did just that, I copied the credentials and pasted them into the setup screen, but it told me that the credentials were wrong. And I knew that couldn’t be because I just copied them like I always do. And I also couldn’t move forward with the installation without providing the credentials.
After some research on the Internet, I found the error [read the forum post]. The problem was that I copy/pasted the credentials. If you do this, the installer will tell you that your credentials are wrong. So I had to copy them manually. After that, the installation proceeded successfully.

About the Author

Hello my name is Loris Scandurra and I am an engineer and project manager based in Switzerland. I write about issues I encounter during my work and other stuff that would be useful or entertaining to document. If you want to write me an E-Mail do so at ls@lorisscandurra.com

Categories
it

Essential tools for engineers

In this post, I will list some tools I use daily, explain why I use them, and provide a link to download/use them. I will regularly update this post if I find new tools or when they get discontinued.

Security

1Password
Great tool for iOS and macOS users to save passwords (it’s also available for other platforms). I would strongly suggest using a good password manager and not reuse passwords because the reuse of passwords is a serious security issue! 1Password is a paid tool, but there are also free options on the market like KeePass.
Link: 1password.com

KeePass
KeePass is another password manager. The big advantage of KeePass is that it’s opensource and therefore free. It’s a great tool that supports all major platforms, but if you want to have your password synchronized between different devices, you have to synchronize the password file yourself (for example, with Google Drive or Dropbox).
Link: keepass.info

ProtonVPN
This is an excellent VPN service. It’s based in Switzerland (which has robust privacy laws), but it has servers worldwide. Also, it has a clean interface and some excellent features to protect your privacy. ProtonVPN was created from the makers of ProtonMail, which is a privacy-focused mail service. I don’t use ProtonMail, but if I wanted to be sure that my mails are stored and transmitted safely, I would use it.
Link: protonvpn.com

Have I been pwned
Or “Have I been owned” is a website to check if your password/data has been leaked. You can type in your email address on the site, and the website will tell you if your email address was found in any known data leak in their database. If the website tells you that you have been affected, it’s recommended to change your password for the affected service, and everywhere you use the same password (I strongly recommend using a password manager and to never reuse passwords).
Link: haveibeenpwned.com

Hasso-Platner-Institut
Another website to check if your password/data has been leaked. It’s basically the same as “Have I been pwned”, you type in your email and get a report if your data has been leaked from a known data breach. I found that this tool has a more up to date data breach database, then “Have I been pwned”. Nonetheless, I recommend using both tools to check if your data has been leaked.
If your data has been leaked, you should change your password for the affected service, and everywhere you use the same password (I strongly recommend using a password manager and never reuse passwords).
Link: sec.hpi.de/ilc/

Coding & Engineering

VisualStudio Code 
I have to hand it to Microsoft, they managed to create an excellent tool for developers. It is easily expandable through its many plugins, which makes it a superb all-rounder for many developers. I use it mainly for web development, but you can use it for a lot more. It has some great features and a well build IntelliSense that can make you a productive developer.
Link: code.visualstudio.com

PgAdmin
A tool for engineers that work with PostgreSQL database servers. It’s a tool you can install on your computer and use it to manage PostgreSQL databases. It gives you a graphical interface instead of a CLI to manage your database, which can be convenient sometimes (especially if you have to look up all CLI/SQL commands, which wastes your time).
Link: pgadmin.org

Sourcetree
Sourcetree is a visual Git client. It’s convenient to keep track of all your repositories. Not all Git features are available through the GUI, but it supports more than enough to replace the Git CLI for my daily use.
Link: sourcetreeapp.com

Postman
This tool is useful to quickly test APIs. You can make a different API request and display the returning data in various ways. I like this tool to quickly get the hang of an API, besides using official documentation, I think trial and error is the fastest way to get to know a new API. You can also use it to document your API, but I never tried this feature before.
Link: postman.com

StarWind V2V Converter
The StarWind V2V Converter is a great tool to migrate virtual machines or virtual machine disks. You can convert from Hyper-V Disk to VMware compatible disks. Or migrate a virtual machine from Azure direct to VMware. It’s a great and easy tool to migrate VM’s between different environments. And it’s also free to use.
Link: starwindsoftware.com

Webservices

Cloudflare
Cloudflare is basically an industry-standard CDN and DDoS protection service. And it also features a free tier, which is great for small websites that don’t need the more advanced features. There are other CDN and DDoS protection tools on the market, but Cloudflare is definitely leading it. It is also reasonably easy to use and gives you meaningful insights about the traffic you get on your website or service.
Link: cloudflare.com

iloveimg
This is a great tool for images, it’s ideal for small changes. If you are too lazy to open up an image editor like Photoshop that takes ages to open, just go to iloveimg.com and make the quick change you wish to make.
Link: iloveimg.com

ilovepdf
If you need to make any kind of changes to a PDF, do not look further. This tool can do almost anything with your PDF: merge, split, compress, convert, edit, watermark, and many more things.
Link: ilovepdf.com

forwardemail
If you need to forward emails from one address to another without installing a mail server yourself or paying for one, you can use forwardemail. Some DNS nameserver hoster provide this feature out of the box, but there are some (Cloudflare, for example) that don’t have this feature. With this web service, you can add this feature at zero cost. There are also more advanced features and paid plans available, but I currently don’t use them.
Link: forwardemail.net

pdfgeneratorapi
It’s an API that gives you the ability to create different PDF templates and send data to its interface, which then gives you back a filled-out PDF. It’s a great tool for people that need many different templates, which change often. It gives you a visual template designer, which makes it possible for your end-users to create their templates themself. Which is a great way to make the developer’s workload lighter so that they can focus on more important things than creating PDF templates.
Link: pdfgeneratorapi.com

waymark.io
A simple tool to create Roadmaps and Timelines. It’s a great tool to create those Roadmaps you see on every startup’s website and presentation.
Link: waymark.io

MXToolBox
If you need to do any troubleshooting regarding E-Mail DNS configuration, I would suggest to checkout MXToolBox. MXToolBox offers a wide variety of tools to check E-Mail related DNS entries from MX, SPF, DMARC, and much more. It also provides tools to check if you got on an E-Mail Blacklist and other useful tools like WHOIS lockups.
Link: mxtoolbox.com

System Administration

mRemoteNG
Great tool for system administrators. You can do all in one tool instead of having a lot of different tools to connect to different types of servers. With this tool, you can connect to Linux servers, Windows servers, vCenter servers, and many more. It’s also customizable, so you can connect to pretty much anything you wish. It keeps all your saved connection in a list, so you don’t have to type out the server’s names or IP addresses, and to connect, you just double-click the server. It’s a great tool if you have new employees, so they don’t have to always look for the server names and can just quickly connect on to the servers.
Link: mremoteng.org

Collaboration

Discord
I really like discord to keep up with friends. And given the current Coronavirus pandemic situation, this tool was handy to work together in teams. It gives you all the necessary features to work together, it may lack behind Zoom with its features, but I didn’t really miss any of its features. It may not be well integrated with other apps like Zoom, but that’s because the target audience differs a lot between the two tools.
Link: discord.com

MacOS

Caffeinated
A simple tool that prevents your Mac from going into sleep mode. You can control the app through the menu bar. I like its simplicity because it just does the right thing, nothing more, nothing less.
Link: Caffeinated

Pock
Don’t you know what the touch bar on your MacBook is good for? Well, me neither, but this tool makes it a lot more useful. It gives you more personalization possibilities for your touch bar, like shortcuts for the apps in your dock or controlling your music app. And it doesn’t switch its layout based on the app you are using, which is a big plus for me.
Link: pock.dev

If I missed any tools you think are useful, write me a comment or send me directly a message, so I can check them out too!


About the Author

Hello my name is Loris Scandurra and I am an engineer and project manager based in Switzerland. I write about issues I encounter during my work and other stuff that would be useful or entertaining to document. If you want to write me an E-Mail do so at ls@lorisscandurra.com

Categories
General

My first blog post

Welcome to lorisscandurra.com! This is the first blog post on my new website. This blog is here to document the everyday issues I encounter during my work. This blog should help engineers solve some of their problems and help me remember the solutions I found in the past. I might also post some posts that are out of context about stuff I find interesting or entertaining.

I wanted to use this blog post to introduce myself better. My name is Loris Scandurra, but you can just call me Loris. I am an engineer and project manager. For the past 10 years, I worked in the IT sector, where I solved problems ranging from client/server engineering to front-end/back-end development. But my interest in technology and science began a lot earlier than that. In elementary school, I would enjoy math and physics classes. As soon as I started reading, my favorite books were history and science-related.

After elementary school and high school, I started an apprenticeship as a system engineer. It took me some time to find a position as a system engineer. There were only a few openings and a lot of people interested. But I managed to land an apprenticeship position that opened the gates to the IT world for me. In the beginning, I was overwhelmed by it and even thought that I wasn’t adequate for the job. But after the first year, I managed to wrap my head around it and enjoyed my work. In the third year of apprenticeship, I excelled as a student. I got the highest grade consistently for the entire year. I also participated in the national championship for engineers called SwissSkills, where I got in 5th place (not really what I was aiming at). I competed the following year again and got in 1st place (finally reached my initial goal).

I successfully finished my apprenticeship and started university, where I pursued a Bachelor of Science in Business Information Technology for four years. During my studies, I was working almost full-time as a system engineer. I switched the company I was working for after the first year of university to a more customer-facing company away from an internal IT department. At the new company, I made a lot of experience regarding customer interaction and system engineering for a wide variety of stakeholders with different backgrounds and expectations. In the last year of my studies, I changed the company again to a small consulting company where I worked as a project manager.

Taken on my trip to San Francisco

Two years later, I quit my job as a project manager and went a month to California to experience the west coast lifestyle. I really enjoyed California, I visited Los Angeles, San Francisco, and San Diego. I really liked it there and their way of living (maybe I am doing a blog post on that in the future). After returning to Switzerland, I was a little lost and didn’t know what to next, I didn’t want to do the same thing I did before, I wanted to learn and experience new things. So I applied to the Apple Developer Academy in Naples. While the application process was running, I worked as a front-end engineer at a small developer office in Zurich. I was simultaneously working for a digital retailer where I helped with infrastructure issues and updating old infrastructure.

In August, I received the confirmation that I was accepted at the Apple Developer Academy in Naples and that it would start at the end of September. So mid-September, I went off to Naples to search for an apartment for the next nine months. I found a room in the center of Naples, which was well connected with public transport there. At the academy, I learned a lot about working in a diverse team with developers and designers (a more detailed look behind the scenes of the academy coming soon). I am still attending the academy until the end of June. Still, due to the Coronavirus pandemic, I am back in Switzerland.

And now we reached the present from here on I can’t narrate in detail what’s going to happen. But my ambition to learn and collect more experience in the IT sector is still hungry for more. My plans for the future are to start my own startup and try new things with customers who are willing to take risks and be innovative.

If you want to contact me for any inquiries, do not hesitate, below my contact details:


About the Author

Hello my name is Loris Scandurra and I am an engineer and project manager based in Switzerland. I write about issues I encounter during my work and other stuff that would be useful or entertaining to document. If you want to write me an E-Mail do so at ls@lorisscandurra.com