Tuesday, June 28, 2022

How to get the SQL Express Offline Installer

When working in a test environment you don't exactly want something to have internet access; so you need to be able to download files in an offline setting.  I had this need when I was working on a SQL numbering issue where SQL server added 1000 to the item count.  Not particularly helpful and annoying to fix.  The SQL version I was working with was 12 (or 2014) for those at home keeping track by year.  At any rate I needed to fix this 1000 item count but part of the issue was that the count is a primary key.

To get the offline install of SQL Server in this case we are going to use Express 2019, we need to go to https://www.microsoft.com/en-ca/sql-server/sql-server-downloads


When you download the Express download you will get a Application download called SQL2019-SSEI-Expr.  

Run the application.  When the application runs you get three options.  Basic, Custom and Download media which we are going to do.

When you select download media you get a few more options.  For the purposes of what I want I am selecting Express Advanced.

After pressing download; it will download to the directory where you have specified it to download.  In my case C:\Users\Trevor Tye\Downloads

Here I have it in my download directory.

Tuesday, June 07, 2022

How to find the Windows Product Key using Powershell

I have had the need recently to get the product keys from some new windows laptops.  Now automated ticketing systems such as Lansweeper and Solarwinds can scan for these keys and there are 
free tools to save these keys to txt files such as MagicJellyBean Keyfinder.  However what I eventually want this to do is put the data into a Microsoft 365 or google workspaces spreadsheet. This is because I have to inventory some non-domain connected systems and there is not ticketing/inventory system on the network.

So I made a powershell script which will eventually save the information to a Microsoft or Google Workspaces spreadsheet but for now just saves it to a text file.  I have some work to do on the CD Key detection in powershell to remove the vbscript as the powershell script doesn't seem to find the right key.  I am using a vbscript from 
techspot that finds and saves the CD Key properly.  After the VBScript has been exicuted the powershell script finds they other key entries and adds them to the outputted file.  Windows has a couple different places where you can find different product keys such as the OEM key from vendors such as Dell, Lenovo, etc; and the BackupProductKeyDefault in the registry.  To find the OEM Key you can find your key using this powershell command.

wmic path SoftwareLicensingService get OA3xOriginalProductKey 
powershell "(Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey"

To find the backup Windows Key in the registry it is located using the regedit path below.

HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform BackupProductKeyDefault

The way I have the scripts working together is I have a bat file which runs the powershell script.  The first thing the powershell script does is runs the CDKey.vbs script.  Then the powershell script appends the rest of the key data to the text file generated by CDKey.vbs.  You can see the code for the 3 scripts below.


Option Explicit
Dim objshell,path,DigitalID, Result
Set objshell = CreateObject("WScript.Shell")
'Set registry key path
Path = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\"
'Registry key value
DigitalID = objshell.RegRead(Path & "DigitalProductId")
Dim ProductName,ProductID,ProductKey,ProductData
'Get ProductName, ProductID, ProductKey
ProductName = "Product Name: " & objshell.RegRead(Path & "ProductName")
ProductID = "Product ID: " & objshell.RegRead(Path & "ProductID")
ProductKey = "Installed Key: " & ConvertToKey(DigitalID)
ProductData = ProductName & vbNewLine & ProductID & vbNewLine & ProductKey
'Save Data to a file
Save ProductData
'Convert binary to chars
Function ConvertToKey(Key)
Const KeyOffset = 52
Dim isWin8, Maps, i, j, Current, KeyOutput, Last, keypart1, insert
'Check if OS is Windows 8
isWin8 = (Key(66) \ 6) And 1
Key(66) = (Key(66) And &HF7) Or ((isWin8 And 2) * 4)
i = 24
Current= 0
j = 14
Current = Current* 256
Current = Key(j + KeyOffset) + Current
Key(j + KeyOffset) = (Current \ 24)
Current=Current Mod 24
j = j -1
Loop While j >= 0
i = i -1
KeyOutput = Mid(Maps,Current+ 1, 1) & KeyOutput
Last = Current
Loop While i >= 0

If (isWin8 = 1) Then
keypart1 = Mid(KeyOutput, 2, Last)
insert = "N"
KeyOutput = Replace(KeyOutput, keypart1, keypart1 & insert, 2, 1, 0)
If Last = 0 Then KeyOutput = insert & KeyOutput
End If
ConvertToKey = Mid(KeyOutput, 1, 5) & "-" & Mid(KeyOutput, 6, 5) & "-" & Mid(KeyOutput, 11, 5) & "-" & Mid(KeyOutput, 16, 5) & "-" & Mid(KeyOutput, 21, 5)
End Function
'Save data to a file
Function Save(Data)
Dim fso, fName, txt,objshell,UserName
Set objshell = CreateObject("wscript.shell")
fName = ".\ProductKey.txt"
Set fso = CreateObject("Scripting.FileSystemObject")
Set txt = fso.CreateTextFile(fName)
txt.Writeline Data
End Function
This is run from the powershell script; which I have listed below. Then the powershell script finds the reset of the keys I want to find such as the OEM Key and the registry BackupProductKeyDefault then appends it to the text file.


start-process -FilePath "CDKey.vbs" -Wait -Passthru 
$SLS = wmic path SoftwareLicensingService get OA3xOriginalProductKey
$RLS = Get-ItemPropertyValue 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
$SLSKey = $SLS.Split(" ",[System.StringSplitOptions]::RemoveEmptyEntries)
$DPID = Get-ItemPropertyValue 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DefaultProductKey2' -Name DigitalProductId
$EditionID = Get-ItemPropertyValue 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DefaultProductKey2' -Name EditionId

function ConvertTo-ProductKey {
param (
[parameter(Mandatory = $True, Position = 0)]
begin {
process {
$ProductKey = ""
$prodkey = $Registry[0x34 .. 0x42]
for ($i = 24; $i -ge 0; $i--) {
$r = 0
for ($j = 14; $j -ge 0; $j--) {
$r = ($r * 256) -bxor $prodkey[$j]
$prodkey[$j] = [math]::Floor([double]($r/24))
$r = $r % 24
$ProductKey = $map[$r] + $ProductKey
if (($i % 5) -eq 0 -and $i -ne 0) {
$ProductKey = "-" + $ProductKey

$x = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -name DigitalProductId
$key = ConvertTo-ProductKey $x.DigitalProductId

$prodKey = "Windows Backup Product Key Default: $RLS `nOEM Software Licensing Service Key: $SLSKey `nDigital Product ID Windows Key: $key"

Add-Content .\ProductKey.txt $prodKey
The powershell script is run from a bat file which sets the Powershell script bypass for running the powershell script.

Powershell.exe -executionpolicy remotesigned -File  ./Get-ProductKey.ps1

The resulting file output looks like this

It has worked well on the half dozen machines I tried it on and I will update this post once I get the Microsoft 365 and Google Workspaces integration working.  I have the 3 files running from a directory you can place anywhere on the machine you are wanting to inventory.  In this case I have it in a folder called "Find Product Key" which is on my desktop.  If you download the zipped files listed below all you have to do is run the "RunProdKey.bat" file and it will put the generated file in the same folder and it is called ProductKey.txt

Wednesday, May 18, 2022

How to download old versions of Mac OS X

I have a 27" sandybridge iMac; which is a perfectly capable machine; I could load and run the latest version of Windows, Linux just fine.  Apple however has decided to drop support for these machines; they are more then 10 years old but for 99% of what they are used for it is fine; I don't really see why apple hasn't included these in their code base besides wanting people to buy new vendor locked in hardware.  I digress; things are what they are.

On a computer with a browser you will want to copy the links and paste them in your URL bar.  It is highly recommended to be using some sort of mac for this.  The OS will download as InstallMacOSX.dmg or MacOS.dmg  I personally rename it to the version I have downloaded and adjust my script for making the USB boot disk.  I was the kind of guy to buy EVERY release of OS X and I do have from OS 9 to Snow Leopard (my favorite version).

The following links below require the apple apps store to download the DMG images for Mac OS 10.  The OS images affected are Mac OS High Sierra to Big Sur require the safari browser to accesses the Apple App Store on MacOS.  Safari finds the old installers in the App Store and allows you to download them. After you download the installer from the App Store, the installer opens automatically.

  • macOS Big Sur can upgrade Catalina, Mojave, High Sierra, Sierra, El Capitan, Yosemite, Mavericks
  • macOS Catalina can upgrade Mojave, High Sierra, Sierra, El Capitan, Yosemite, Mavericks
  • macOS Mojave can upgrade High Sierra, Sierra, El Capitan, Yosemite, Mavericks, Mountain Lion
  • macOS High Sierra can upgrade Sierra, El Capitan, Yosemite, Mavericks, Mountain Lion

Pre-High Sierra can be downloaded on any computer but you have to copy and paste the full link which I have below the bulleted version.  

The older installers allows other browsers to download them as a disk image named InstallOS.dmg or InstallMacOSX.dmg respectively. On a Mac the Open the disk image, then open the .pkg installer inside the disk image. It installs an app named Install [Version Name]. Open that app from your Applications folder to begin installing the operating system.

You can also get this info from Apple's Website here https://support.apple.com/en-us/HT211683

Powershell Script To Download and Convert Images to JPG

The following powershell script is for downloading and converting images from PNG and TIFF format to JPG.  The CSV file looks something like this.

The script is pretty simple, download files then convert them from TIF to PNG then to JPG

Here is the script

#This script downloads all the images converts them to JPG files for a website.

#first import the CSV File

$CSVFILE = Import-CSV -Path downloadImgs.csv

#Get the length of the url

$CSVFILE | ForEach-Object {$_.'Image'.length}

#Get the length of the url

$CSVFILE | ForEach-Object {$img = $_.'Image'.substring($_.'Image'.length, 5)}

#Get the file Ext

$CSVFILE | ForEach-Object {$_.'Image'.Substring(($_.'Image'.length-9), 4) }

#Save Image File List Replace the website URL with the URL you want to point to.  You can use this for having a list of items downloaded or if your importing them in a bulk process

$CSVFILE | ForEach-Object { "https://yourwebsite.com/images/$location"+,-join ($_.'Image')+,".jpg"} | Out-File imageURLs.txt

#Download Image and rename the image to the Name in the CSV file

$CSVFILE | ForEach-Object { Invoke-WebRequest -Uri $_.'Image' -OutFile (-join ($_.'Name'+, $_.'Image'.Substring(($_.'Image'.length-9), 4))) }

#Download if just a JPG image hosted on a website.  Name it by Name value and add jpg extension.

$CSVFILE | ForEach-Object { Invoke-WebRequest -Uri $_.'Image' -OutFile (-join ($_.'Name'+,".jpg")) }

  function ConvertTIF-To-PNG



    param([Parameter(Mandatory=$true, ValueFromPipeline = $true)] $Path)


        if ($Path -is [string])

        { $Path = get-childitem $Path }

        $Path | foreach {

            $image = [System.Drawing.Image]::FromFile($($_.FullName));

            $FilePath = [IO.Path]::ChangeExtension($_.FullName, '.png');

            $image.Save($FilePath, [System.Drawing.Imaging.ImageFormat]::PNG);





 #Use function:

 #Cd to directory w/ TIF files

 cd .\

 #Run ConvertTIF-To-JPG function

 Get-ChildItem *.tif | ConvertTIF-To-PNG

 #Remove TIF Files once converted

 Remove-Item * -Include *.tif

#once all the tiff files are converted convert PNG to JPG

  function ConvertTo-Jpg



    param([Parameter(Mandatory=$true, ValueFromPipeline = $true)] $Path)


        if ($Path -is [string])

        { $Path = get-childitem $Path }

        $Path | foreach {

            $image = [System.Drawing.Image]::FromFile($($_.FullName));

            $FilePath = [IO.Path]::ChangeExtension($_.FullName, '.jpg');

            $image.Save($FilePath, [System.Drawing.Imaging.ImageFormat]::JPEG);





 #Use function:

 #Cd to directory w/ png files

 cd .\

 #Run ConvertTo-JPG function

 Get-ChildItem *.png | ConvertTo-JPG


 Remove-Item * -Include *.png

Tuesday, May 03, 2022

How to logout of windows desktop from command line - (tsdiscon)

 How to logout of windows desktop from command line - (tsdiscon)

Background:  I had setup a windows machine that I setup to be used as a papercut print terminal.  I had removed all logout options on windows as you can see below on the start menu.

So for making changes such as adding things like scheduled tasks you have to login to the admin account, and to do that you use the tsdiscon command from a powershell or cmd window.

Which will then log you out of windows and you can login as any account you have active on the machine, in this case the admin account as shown below.


Thursday, April 28, 2022

Google EMM Update Causes Organization Email Issues on Android

Before looking into the google admin issue I thought it was a problem with my device and wiped it clean, after that didn't work I looked into google admin for google workspaces.  

Here is some background on how the EMM provider was being used before today.  The EMM provider was setup to use with organization purchased devices, and the organization did not want to associate personal devices with the EMM provider (meraki in this case) and the changes google has made to their policy won't allow you to use Google for Staff (personal) devices and the EMM provider for organizational devices.  It seems that google now throws everything to the EMM provider if you have your domain associated with one.

I had to remove the EMM provider from the organization otherwise it was treating the device as an organizational purchased device.  When Google has made to Google Workspaces EMM Provider this caused Android devices in the organization to lose access to their Work Email. 

The organization requires data access control on devices so the only way I could get this to work was to embrace google work profiles; which isn't the best user experience but is the only way I could get this working. Google sent a notice in 2017, about the EMM Provider changes but a reminder about the coming changes would have been nice.

In an email to google about the issue, they replied with the following.

Thank you for contacting Google Workspace Support. This is ****** and I will be assisting you about how to fix the sync error you are encountering due to the old Device policy app that you are still using for your Android device. It is a pleasure assisting you. 

Before we begin I would like to set the proper expectations about our new Android Device Policy app that replaced the Google Device Policy app. There is current known issue about the new Android Device Policy app that is still being checked by our Product Engineers, about a possible limitation of some Android Devices that cannot install the new Android Device policy app. And even if the app was installed, the Android device just could not be managed or simply said, the Android Device Policy app is not compatible with the Android device.

However, in order to fix the sync issue these are the steps to follow.

Resolution: If the device is for work and personal use:
Re-register your device by removing your work profile and then adding back your Google Workspace account and work profile. 


  • Open your device settings. 
  • Tap Accounts and then Remove work profile.
  • Tap Delete to confirm.
  • Go to I’m using my own personal device and follow the steps to add your Google Workspace account and work profile.
  • Assisted how to uninstall Device Policy app and install Android Device Policy app.
  • remove Workspace Profile.
Next steps:

How do I switch to the Android Device Policy from the Google Device Policy app?
If your device is for work and personal use and it "has a work profile":
  • Remove the work profile.
  • Open the Settings app and tap Accounts.
  • Add the work account again and set up Android Device Policy.
  • (A work profile is required for Android Device Policy.)

My device is for work and personal use and "doesn’t have a work profile":
  • Open the Google Apps Device Policy app.
  • Tap Unregister.
  • The work account is removed from the device.
Open the Settings app and tap Accounts.
  • Add the work account again and set up Android Device Policy.
  • During enrollment, you must set up a work profile because it's required for Android Device Policy.

Please check this help article for reference for the above steps: 

About Android Device Policy: https://support.google.com/a/users/answer/9453213

If you have an issue on a Tablet that simply is not compatible with the Device Policy app. The only option we have is to change the Mobile management for Android Device. You currently have a Custom Mobile Device management that is set to Advanced. You can change this to Basic, the good thing about this is the Android Device Policy app is no longer needed. And this will simplify your log ins to any Device similar to your iOS devices.

To change the Mobile Device management to Basic:
From the Admin console > click Devices > Mobile &endpoints > Settings > Universal settings.
On the next page > click General > Mobile management > change Android Mobile management to Basic. Please note: Only do this, if you believe you have no real need of the Advanced Mobile management option for your Android devices.

Here are some helpful link(s) that you can use:

Set up basic mobile device management: 

We value your time and effort in contacting us. That is why, I'm keeping this case open. If our resolution does not work, kindly reply to the email and provide me your phone number and best time of call, so that I can work further with you on this. It's either we can do a screen sharing session or if you send me a video or screen shot of the error that will help me identify the issue. This case will remain active and can be reopened within 30 days.

If there are other concerns aside from what we've discussed, our main priority is to provide the best support experience, with this in mind, if you need assistance during this time feel free to reply to my email or call us or initiate a chat session for immediate help and this is the link for reference https://support.google.com/cloudidentity/answer/7668654 . We have 24/7 support and any of my colleagues will be glad to help.

Don't forget to generate a PIN should you give us a call. You can refer to this article for instructions on how to do so https://support.google.com/a/answer/60233.

Thank you for choosing Google Workspace and have a wonderful day.


Google Workspace Support

Here are some additional information linked below


To resolve the issues I removed the EMM provider so google workspaces would handle the MDM for android; as there can't really have a separation of the two anymore it seems.

So in the MDM (Meraki) I removed android enterprise from the google domain, so android devices are just managed by google workspaces.

Once that was done after a few minutes I was able to start to get my work profile working correctly from google by adding a work profile.  Here are the universal settings for how android devices are setup.

Universal Settings

You must ensure that work profile setup is enable on in your Android Settings

For users to connect their android devices they require a work profile. This will be slightly different for every android device but the steps would be relatively the same.

Remove your current work account from your device, Please note that you will only be able to have one work account associated with a device at a time (so if you need other accounts you will have to find a work around)

1 - Add the account by pressing the arrow next to your name and email.

2 - Select "Add another account".

3 - Select Google for the Account.

4 - Enter in your Email and Password

5 - Accept the Terms Of Use

6 - Install Google Device Administrator

7 - Press Install

8 - Create your google work profile. It will take about 5 to 10 minutes to create the work profile.  So Please be Patient.

Setting up google work profile

Screen after accept and continue

Almost Finished

When it is finished it should show you the added account.

Now you will have two different apps. Work Apps and Personal Apps.



Work apps are shown by the little briefcase on the app.

Work apps can be paused (turned off) which will stop notifications from reaching you which can be enabled or disabled from the apps drawer.

In your Gmail app you can switch from personal and work email easily but you have to go from the account icon in the top right to switch.

I understand why google set things up like this; putting the separation between work and personal settings, making it easier to wipe devices, and remove access, etc.  It isn't as "user friendly" as I would have liked it to be and it will be a transition for some users.

Friday, April 01, 2022

Whitelisting access to the Igloo Action Button

What is the Igloo action button?

The action button gives you access to administrative tools for each page and various features within the digital workplace. These tools allow you to edit the current page, view subscriptions, change access and much more.

Now for most users they don't need to see the action button, however if a user is given any permissions of edit and above, you get access to the action button which will allow you to customize the look of your page, add widgets, etc.

For my use case we wanted users to be able to add and edit posts but did not want them to be able to add widgets or make changes to the page.  Since Igloo lacks this kind of granular permission, the following Javascript will whitelist the action button according to who is logged in.

This is done using the Igloo.currentUser.name property you can read when using SAML

Read more about the Igloo SAML variables.

<script type="text/javascript">


switch (Igloo.currentUser.name){


document.getElementById('contentmenu').style.display = 'none';


case "Dylan Hunt":

document.getElementById('contentmenu').style.display = 'visible';


case "Beka Valentine":

document.getElementById('contentmenu').style.display = 'visible';


case "Shamus Harper":

document.getElementById('contentmenu').style.display = 'visible';


case "Trance Gemini":

document.getElementById('contentmenu').style.display = 'visible';





Thursday, March 31, 2022

How to disable Windows updates in Windows 10 Pro

Open the services app and disable the windows update service.

Then Right Click and Get the Properties of the Windows Update Service and change the startup type to Disabled.  Then apply the changes and hit ok.

Now we are going to add a registry entries to disable the Windows Update Medic Service 

Open the Registry Editor

Go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc"

Modify the "Start" DWORD Entry and change it's value to 4

This will disable the Windows Update Medic Service

Next we will go to

Right click on the Windows folder and select new Key

  1. Name the new key WindowsUpdate and press Enter.

Now make another new Key under WindowsUpdate call it AU

    Right-click the AU key, select the New, and choose the DWORD (32-bit) Value option.

    1. Name the new key NoAutoUpdate and press Enter.

    1. Double-click the NoAutoUpdate key and change its value from 0 to 1.

    Now go to "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows"

    Right-click the Windows (folder) key, select New and choose the Key option. Name the new key WindowsUpdate and press Enter.

    Right-click the newly created key, select the New submenu, and choose Key and name the new key AU and press Enter

    Right-click the AU key, select New and select the DWORD (32-bit) Value and name the new key AUOptions.

    Double-click an AUOptions and change the value to 2:

    The following are the different value for AUOptions
    • 2 — Notify for download and auto install.
    • 3 — Auto download and notify for install.
    • 4 — Auto download and schedule the install.
    • 5 — Allow local admin to choose settings.
    • 7 — Auto Download, Notify to install, Notify to Restart.
    • These options are the same as the Group Policy settings, and option 2 is the closest to disable Windows Update permanently.

    Now your computer will not be able to update Windows.

    You can leave it here but below are entries you can make to your local group policy.

    Go to "Computer Configuration -> Windows Components -> Windows Update" Open "Configure Automatic Updates"

    Change the setting to "Disabled" and apply the setting then hit ok.

    Next we will edit the "Allow Automatic Updates immediate installation"

    Set the setting to Disabled.  Apply the setting and hit ok.  

    Please note that if you edit the "Configure Automatic Updates" setting and change it to "Disabled" this setting should have NO effect.

    That is it your system should no longer receive windows updates. I will be posting a script to apply this shortly. In the mean time I have also produced a video if you want to see the full process https://youtu.be/Iyx1jkMZYKY

    How to get the SQL Express Offline Installer

    When working in a test environment you don't exactly want something to have internet access; so you need to be able to download files in...