iDRAC 6: Drive Error Either Virtual Media is detached

I was working on one of these old iDRACs and once I added a new ISO, I was not able to mount it because of the error below.

iDRAC 6: Drive Error Either Virtual Media is detached or Virtual Media redirection for the selected virtual disk drive is already in use.

In order to fix this issue, connect to iDRAC with an admin account and go to System > Console/Media, then on Configuration.

idrac6-system-console_media-configuration

Under “Virtual Media” change it to Attach (or Auto Attach if you like).

idrac6-system-console_media-configuration_attach

Apply the changes and you’re good to go!

Read More

Set Permissions for a Print Server with Powershell

You cannot set permissions for a print server with Powershell alone. At least you can’t right now (4th of May 2017). There’s a way though 🙂

I spent a few hours researching this and I noticed I wasn’t the only one that wanted to set up a security group on a Print Server level in a scripted manner, however everybody was stuck with the same issue. Just to be clear, this is what I want to achieve:

print-management_print-server-security

My idea is to get a security group to be able to fully manage the print server, without being Server Admins. And I want to achieve this before adding any printer so that permissions will eventually get applied on new printers. In theory this step will help me with automating a print server installation/configuration.

SetPrinter

I was losing any hope until I came across a technet forum’s thread where there was a discussion over “setprinter.exe“, a tool contained in the Windows Server 2003 Resource Kit. However the one that comes with it, doesn’t really work. After some more time, I was able to obtain the updated MS version of the tool which you can download from here: SetPrinter.Zip.
Note that I only have the 64bit version of it, so this won’t work on a 32bit system.

I will try and explain how we’re going to use this application before showing you a basic powershell script that will assign the permissions. The cool thing of this tool is that it can work remotely as well.

First of all, we will work with the pSecurityDescriptor. This contains the access type and depending on how we use setprinter.exe, we can grab and/or set the pSecurityDescriptor for the Print Server itself or for one of its printers; the last option would be useless as Powershell nowadays allows you to change printer’s security settings easily.

So, let’s run the following to get the current pSecurityDescriptor:

Note that right after the print server you need to add a backslash and you need a space and the number 3 right after.

This is what you’ll get (these are the default permissions):

setprinter_show_1

During the process when I was trying to understand this, I added a security group to the permissions of the server (manually, through the GUI) and gave it Full Control (this is the level of permissions I need for the group). After doing that, I re-ran the command above and I got this:

This might seem confusing, but ultimately it’s simple: Anything within ( ) contains the permissions and the user/group identification and for the group I just added, that’s its SID!
When I was testing this, I ended up adding an extra group manually (again, Full permissions) and re-ran the setprinter.exe command so that I could compare the 3 outputs and have a better understanding of what was happening.

Eventually I figured out that in order to assign full permissions to a user or a group, I need to add the following to the pSecurityDescriptor:

Obviously, replace MYSIDHERE with the SID of the User or Group. That wasn’t so bad after all 🙂

Powershell

Time to have powershell to do some work now! See the script below:

I’ve added a lot of comments to make sure everything is explained. Remember that the AD Powershell module is required for getting the SID (you could use psgetsid if you don’t want to use the AD Module) and also that you can run this remotely from your own machine as setprinter.exe will be able to grab/apply permissions remotely.

Let’s go quickly through it: (more…)

Read More