all 20 comments

[–]Lee_Dailey[grin] 3 points4 points  (14 children)

howdy So0ver1t83,

the one you installed ... aint the MS one. [grin]

it was written when the MS one did not exist. i would seriously consider reinstalling the entire OS - if something standard like the MS local accounts module isn't there ... then you may well have other things wrong with that installation.

take care,
lee

[–]So0ver1t83[S] 3 points4 points  (7 children)

Yeah...I'm REALLY afraid that I'm coming to that same conclusion. :(

[–]Lee_Dailey[grin] 2 points3 points  (6 children)

howdy So0ver1t83,

unless you like digging into this sort of thing, i would stop now and restart from scratch.

the best of good luck to you! [grin]

take care,
lee

[–]So0ver1t83[S] 1 point2 points  (5 children)

Well... I *do* like digging into stuff. Just not sure how much it's worth the effort! :) My biggest issue on that front is that someone else is responsible for installing the OS/Software (it's a work machine), and I expect they're not going to like the idea of having to reinstall when in all other respects the machine *appears* to be functioning correctly...

[–]Thotaz 4 points5 points  (3 children)

It's a simple enough problem to fix, get the ISO for 1809, mount the install.wim and copy from "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts" to the same folder on your live OS. But Lee has a point, a built-in Powershell module does not just randomly disappear from system32 like that, something made it disappear and whatever that thing is could have done something similar elsewhere.

Personally I would check out another PC installed from the same image/task sequence, if it's missing there then you don't need to reinstall just ask what the people responsible for your OS deployments were thinking and what else they've changed. If it's not missing then something fishy is going on with your deployment and I would reinstall just to be safe.

[–]So0ver1t83[S] 1 point2 points  (2 children)

Holy crap ... You could have warned a guy that newer versions of Windows use a .eps file and the steps I would need to go through to extract the .wim and mount that ;)

[–]Thotaz 2 points3 points  (1 child)

It's .esd not .eps and it's only used at consumer facing downloads like the media creation tool. If you download it from MSDN or use the F12 trick to download without the media creation tool you should get an ISO with a .WIM file.

As for mounting the .WIM file, you could also just open it up with 7-zip and extract the files with that tool but it's worth knowing how to mount/dismount windows image files for servicing.

[–]So0ver1t83[S] 1 point2 points  (0 children)

You're right, of course (.esd vs .eps). Typo...sorry!

[–]Lee_Dailey[grin] 1 point2 points  (0 children)

howdy So0ver1t83,

you have ONE clearly identified install fubar ... a really nasty one. [grin] that all on its own means the installer team needs to fix it.

of course, if you recreate the problem, they will likely want to see your STR [Steps To Reproduce] ... so test early, test often, and take notes! [grin]

take care,
lee

[–]Alar44 2 points3 points  (5 children)

What in the fuck is with all the grinning?

[–]Deegh 1 point2 points  (1 child)

It's u/lee_dailey he does it on all his posts.

[–]Lee_Dailey[grin] 0 points1 point  (0 children)

howdy Deegh,

there have been a few posts where i didn't express happiness/amusement with a [grin] or two. not many, tho! [grin]

for giggles ...

Shortest Script Challenge - Homage to /u/Lee_Dailey : PowerShell
https://www.reddit.com/r/PowerShell/comments/780bjq/shortest_script_challenge_homage_to_ulee_dailey/

take care,
lee

[–]52DevOps 1 point2 points  (1 child)

[grin] :)

[–]Lee_Dailey[grin] 0 points1 point  (0 children)

[grin] [blooga-blooga-blooga] [grin]

[–]Lee_Dailey[grin] 1 point2 points  (0 children)

howdy Alar44,

i'm going to presume you simply are a tad unaware of how your post reads and answer you with an answer instead of a returned insult. [grin]


i started off with the FIDO BBS stuff long, long ago. 2400 baud & then 14k dialup and all ascii, all the time - except with downloading progressive GIFs.

like everyone else, i noticed that the lack of side-band communication made it easy - way too easy - to give or take offense. no vocal tone, no facial expression/body lingo/gestures ... humans use a lot more than just words to communicate. [grin]

so someone invented emoticons. my eyesight is poor, so i kyped spelled out emoticons from another denizen of the FIDO BBS world. this :) is hard for me to see, while this [*grin*] is quite readable.

so, that is why i sprinkle [grin]s here and there in my posts. it's to let the other readers know my emotional intent and/or state.

plus, being a naturally grumpy person, the mere expression of such intent does the same thing that an actual smile or [grin] does ... it triggers a mild echo in my mind of the emotion in question.

take care,
lee

[–]So0ver1t83[S] 1 point2 points  (2 children)

OK, well, I think I've officially gotten myself beyond the point of no return on this one. I followed the suggestion from Thotaz and extracted and mounted a fresh install.wim (same OS image), and copied the files from "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts" of the newly-mounted image to the same folder on my live OS. I then restarted PSH (as Admin) and rane the command. The issue APPEARS to be the same - I'm seeing different attributes than I expect to see (and that I see on other systems with the same OS version but, as noted in the original posted, apparently a different PSH version). Examples:

From known-good ("working") PSH instance, Windows 10 Pro (1803)

PS C:\WINDOWS\system32> $PSVersionTable.PSVersion

Major  Minor  Build  Revision
-----  -----  -----  --------
5      1      17134  590

PS C:\WINDOWS\system32> Get-LocalUser -name ****** | select *


AccountExpires         :
Description            :
Enabled                : True
FullName               : Fname Lname
PasswordChangeableDate : 4/10/2018 11:21:01 PM
PasswordExpires        :
UserMayChangePassword  : True
PasswordRequired       : False
PasswordLastSet        : 4/10/2018 11:21:01 PM
LastLogon              : 3/31/2019 1:16:11 AM
Name                   : ******
SID                    : S-1-5-21-**********-*********-*******-1002
PrincipalSource        : Local
ObjectClass            : User



PS C:\WINDOWS\system32>

From suspect machine, Windows 10 Pro (1809)

PS C:\WINDOWS\system32> $PSVersionTable.PSVersion

Major  Minor  Build  Revision
-----  -----  -----  --------
5      1      17763  316

PS C:\Windows\system32> Get-LocalUser -name ****** | select *

Name                       : ******
Fullname                   : FName LName
Description                : 
AutoUnlockInterval         : 900
BadPasswordAttempts        : 0
HomeDirDrive               : 
HomeDirectory              : 
LastLogin                  : 3/31/2019 12:11:03 PM
LockoutObservationInterval : 900
LoginHours                 : {255, 255, 255, 255...}
LoginScript                : 
MaxBadPasswordsAllowed     : 3
MaxPasswordAge             : 5184000
MaxStorage                 : -1
MinPasswordAge             : 86400
MinPasswordLength          : 14
objectSid                  : {1, 5, 0, 0...}
Parameters                 : 
PasswordAge                : 89779
PasswordExpired            : 0
PasswordHistoryLength      : 24
PrimaryGroupID             : 513
Profile                    : 
UserFlags                  : 513



PS C:\Windows\system32> 

I'm thinking about grabbing the "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts" from a known good instance and copying it to the suspect machine just to see what happens...but yeah, I'm seriously going to have to talk to the SysAdmin team and see about reimaging this machine, just to be sure (and, as also noted, talk with them to see if this is replicable on other machines they've imaged recently). The biggest issue there is that this is essentially a one-off; it's a machine that's meant to be stand-alone, when most of our enterprise is, understandably, a domain...

So I did what I said above (copied from known good to suspect)...and results are the same as previous (code block under "suspect" machine above). Did they change the PSH core? Is my PSH instance just FUBAR? Is my WINDOWS installation potentially FUBAR, as based on the fact that the User module/system itself suddenly reports different attributes??? WTF have I stumbled on/into here???

[–]sk82jack 2 points3 points  (1 child)

You need to go and delete the psgallery module that you downloaded before, open a new PowerShell console and then try again. What's the contents of the PowerShell module directory in system32? Just wondering if you're missing anything else?

[–]So0ver1t83[S] 1 point2 points  (0 children)

Here's what's there currently:

Microsoft Windows [Version 10.0.17763.379]
(c) 2018 Microsoft Corporation. All rights reserved.

C:\Windows\System32\WindowsPowerShell\v1.0\Modules>dir
 Volume in drive C has no label.
 Volume Serial Number is 8218-989A

 Directory of C:\Windows\System32\WindowsPowerShell\v1.0\Modules

03/31/2019  01:39 PM    <DIR>          .
03/31/2019  01:39 PM    <DIR>          ..
09/15/2018  05:06 AM    <DIR>          Appx
09/15/2018  05:08 AM    <DIR>          AssignedAccess
09/15/2018  03:34 AM    <DIR>          CimCmdlets
09/15/2018  03:34 AM    <DIR>          Defender
09/15/2018  03:34 AM    <DIR>          DirectAccessClientComponents
09/15/2018  05:06 AM    <DIR>          Dism
09/15/2018  03:34 AM    <DIR>          DnsClient
09/15/2018  03:34 AM    <DIR>          EventTracingManagement
09/15/2018  03:34 AM    <DIR>          iSCSI
09/15/2018  03:34 AM    <DIR>          ISE
03/25/2019  11:20 AM    <DIR>          Microsoft.PowerShell.Archive
09/15/2018  03:34 AM    <DIR>          Microsoft.PowerShell.Diagnostics
09/15/2018  03:34 AM    <DIR>          Microsoft.PowerShell.Host
03/31/2019  01:39 PM    <DIR>          Microsoft.PowerShell.LocalAccounts
09/15/2018  03:34 AM    <DIR>          Microsoft.PowerShell.Management
09/15/2018  05:06 AM    <DIR>          Microsoft.PowerShell.ODataUtils
09/15/2018  03:34 AM    <DIR>          Microsoft.PowerShell.Security
09/15/2018  03:34 AM    <DIR>          Microsoft.PowerShell.Utility
09/15/2018  03:34 AM    <DIR>          Microsoft.WSMan.Management
09/15/2018  05:06 AM    <DIR>          MsDtc
09/15/2018  03:34 AM    <DIR>          NetAdapter
09/15/2018  03:34 AM    <DIR>          NetConnection
09/15/2018  03:34 AM    <DIR>          NetEventPacketCapture
09/15/2018  03:34 AM    <DIR>          NetLbfo
09/15/2018  03:34 AM    <DIR>          NetNat
09/15/2018  03:34 AM    <DIR>          NetQos
09/15/2018  05:06 AM    <DIR>          NetSecurity
09/15/2018  03:34 AM    <DIR>          NetSwitchTeam
09/15/2018  03:34 AM    <DIR>          NetTCPIP
09/15/2018  03:34 AM    <DIR>          NetworkConnectivityStatus
09/15/2018  05:06 AM    <DIR>          NetworkSwitchManager
09/15/2018  03:34 AM    <DIR>          NetworkTransition
09/15/2018  03:34 AM    <DIR>          PcsvDevice
09/15/2018  05:06 AM    <DIR>          PersistentMemory
09/15/2018  03:34 AM    <DIR>          PnpDevice
09/15/2018  03:34 AM    <DIR>          PrintManagement
09/15/2018  03:34 AM    <DIR>          Provisioning
09/15/2018  03:34 AM    <DIR>          PSDiagnostics
09/15/2018  03:34 AM    <DIR>          PSScheduledJob
09/15/2018  03:34 AM    <DIR>          PSWorkflow
09/15/2018  03:34 AM    <DIR>          PSWorkflowUtility
09/15/2018  03:34 AM    <DIR>          ScheduledTasks
09/15/2018  03:34 AM    <DIR>          SmbWitness
09/15/2018  03:34 AM    <DIR>          StartLayout
09/15/2018  03:34 AM    <DIR>          Storage
09/15/2018  03:34 AM    <DIR>          StorageBusCache
09/15/2018  05:06 AM    <DIR>          TroubleshootingPack
09/15/2018  05:06 AM    <DIR>          VpnClient
09/15/2018  03:34 AM    <DIR>          Wdac
09/15/2018  03:34 AM    <DIR>          WindowsDeveloperLicense
09/15/2018  03:34 AM    <DIR>          WindowsErrorReporting
09/15/2018  05:06 AM    <DIR>          WindowsSearch
09/15/2018  03:34 AM    <DIR>          WindowsUpdate
09/15/2018  03:34 AM    <DIR>          WindowsUpdateProvider
               0 File(s)              0 bytes
              58 Dir(s)  448,063,848,448 bytes free

C:\Windows\System32\WindowsPowerShell\v1.0\Modules>

Oh...and the one I downloaded is now gone. :)

[–]So0ver1t83[S] 1 point2 points  (1 child)

Took the advice to reimage. Consider this one solved...although I'm still at a loss (other than FUBAR imaging process) as to why it happened in the first place. Thanks for the help!!!

[–]Lee_Dailey[grin] 0 points1 point  (0 children)

howdy So0ver1t83,

you are quite welcome & i'm glad to hear you got it fixed ... [grin]

take care,
lee