Quickly Enable AutoFailback for Several Clustered Roles

Using PowerShell to enable AutoFailback on clustered roles (or VMs in this case) was a procedure I couldn’t find online recently, so I figured I’d fiddle with it until I got it working myself.

First define the names of the roles you want to adjust.  In my case, I wanted to configure this for all VMFleet VMs that I’d created for stress-testing, but I wanted to ensure they failed back if or when I rebooted a node, otherwise I’d have to initiate the moves manually should I want to run another post-tweak test.

For each cluster group in that list, set the autofailbacktype to 1

That’s it.  You can check that it worked by running:

or by opening the role properties in Failover Cluster Manager and looking at the Failover tab:


Disable NLA for RDP remotely

Useful when RDP won’t connect because NLA is an issue, or domain trust issues are present.  If the remote OS is still accessible via PowerShell and your current user is also an administrator on the remote OS, try:

Change the 0 to a 1 to re-enable.

Using DPM to backup data on a Cluster Shared Volme

I was having difficulty recently backing up data stored on a shared VHD, presented to two load balanced web-servers as a CSV (VMs configured as a guest fail-over cluster atop a standard failover cluster).  DPM couldn’t expand the 'C:\Cluster Storage\Volume1'  directory to back up the data therein.  Selecting the parent folder in DPM resulted in an empty backup set, so clearly DPM wasn’t able to recursively enumerate the files and folders I needed.  Information for this scenario online was severely lacking.  Questions were asked on usual forums but no workable answers were given.  So what were my options?

I could change the way the web servers are clustered, from a load-balanced active/active arrangement, to a clustered VM maybe.  This wasn’t ideal and effectively involved a complete redesign as to how the web services were presented on the network layer, i.e. removing the load balancer and instead hosting it as a single HA VM, not the intended design and not 100% ideal.

I attempted to create a symlink between 'C:\datadir'  and 'C:\Clustered Storage\Volume1\datadir' , and while Windows could use this path without issue, and I could browse and select the sub-folders when configuring the backup in the DPM management console, I discovered that this specific backup set was still empty, despite a lovely green tick appearing in DPM.  Notably, the allocated storage figure didn’t reflect the content selected either.

So I spent some time looking for ways around this.  After all, this was sensitive data that needed to be backed up.  I didn’t want to cluster the VMs just to achieve this.  They were also intentionally deployed with a numeric affiliation with their respective hosts, e.g. web1 was on hv1, web2 was on hv2, etc.  I know I could have configured anti-affinity rules, but that was just too much of a headache for something that should be simple.

Eventually, I discovered that if I selected one (or more) child-folder of the symlinked folder, it would backup correctly; some good news at last.  However, selecting the parent folder broke the backup again.  That was key.  I needed to be able to select the parent folder so that newly created sub-folders would be backed up without manually adding them to DPM.  So I tried creating a second symlink this time between 'C:\datadir2'  and 'C:\Clustered Storage\Volume1' .  Now in DPM if I added 'C:\datadir2\datadir'  to the protection group it would backup recursively.

Adding non-privileged users as Hyper-V Administrators

These three commands will allow you to grant Hyper-V VM management permissions to non-privileged or quasi-privileged users, i.e. users who won’t inherit these particular rights automatically.

This is useful for Hyper-V Server where you wont have a GUI to perform user/group changes, and if you can’t use Group Policy to achieve the same results. This will allow the specified users to connect from a remote Hyper-V Manager console. 

On the HV to be managed, run:

Scheduling a task from command line

Very useful one-liner.  Run from CMD, rather than PS:

Schedule once:

Schedule daily:


Enable/Disable Duo for console sessions

To change which logon connections are required to use Duo after installation, use the Registry Editor (regedit.exe) with administrator privileges to create or update the following registry value in


Registry Value
Set to 1 to protect RDP logons only or 0 to protect both RDP and local console logons.

When modifying the RdpOnly registry value on a Windows 2003 or XP system a reboot may be required to make the change effective.

List users with UPN’s that don’t match their email address.

List users with UPN’s that don’t match their email address.

Consistency saves confusion when performing migrations, ADFS password resets, logging in to O365, etc.