Backtrack:  
 
showing posts tagged with 'windows'
 
by lunarg on January 19th 2017, at 14:49
ADMT stands for Active Directory Migration Tool and is used to migrate AD objects (such as users, groups, computers, etc.) from one AD forest or domain to another, supporting complex scenarios in the process.

Why Microsoft hides their most useful tools is a mystery though. So here are the download links. You will need to accept some EULAs and have a Microsoft Account if you wish to download it though.

Navigate to https://connect.microsoft.com/site1164/program8540.

If you have not done so, you will have to log on with a Microsoft Account and join the program and accept its EULA things.

Then, you will be able to click through to the download page and download ADMT version 3.2, and, if req  ...
by lunarg on November 7th 2016, at 16:40
If your Windows 7 happens to be stuck in Startup Repair, where allowing it to repair your computer still results in going back to Startup Repair, and restoring a restore point doesn't help either, you could try to manually restore the Windows Registry to the last known good configuration.

Allow your computer to boot into Startup Repair, but rather than letting it perform the automatic repairs, click to go to the System Recovery Options menu. From there, you can open a command prompt.

Locate the system drive: this is usually the C: drive, but if not, navigate to other drivers and look for folders like Program Files, Users and Windows.

Once you've found the correct drive, navigate to the fo  ...
by lunarg on August 2nd 2016, at 09:54

Sometimes, being an Administrator just isn't enough. In that case, try being the SYSTEM account... You can run processes as the local SYSTEM account quite easily with PsExec (64-bit).

Use it as follows:

psexec -i -s cmd.exe

The command above would run a command prompt as the SYSTEM account. You can replace cmd.exe with something else, although from a command prompt, you can basically run anything else, all as the SYSTEM account.

Use with caution
Running processes as the SYSTEM account can be potentially dangerous as you will bypass several built-in security restrictions. But I guess that's the reason why you want to use the SYSTEM account...
by lunarg on August 1st 2016, at 16:36
QNSM stands for Quick Network Share Mounter and is a sort of bookmark and session management tool for network mapped drives. It was specifically designed for the ICT Administrator who visits a lof of different clients and thus, visiting a lot of different network setups. This tool works regardless of remembered passwords and to which domain you belong, and there are many advantages to this "crude" tool.

NOTICE: before reporting bugs, make sure you have the latest version installed.

Flavours

Advantages and disadvantages

System requirements

License

Version history

There are two flavours of this tool available:

The installable edition, which is the recommended version for most  ...
by lunarg on June 27th 2016, at 09:42
If you're looking to uninstall a specific update, you'll find that it's quite tedicious to do this via the GUI. It shows an endless list of updates and it's very difficult to find the right one through its KB number. Fortunately, you can also uninstall updates from the command line, by specifying only its KB number, which is veeerry useful indeed.

Open an elevated command prompt and run the following command to uninstall an update by its KB number:

wusa /uninstall /kb:3035583

Replace the number with the number of the KB you wish to uninstall (the line above would uninstall the Windows 10 Upgrade prompt).

You can also add additional parameters:

wusa /uninstall /kb:3035583 /quiet /noresta  ...
by lunarg on June 6th 2016, at 16:24
While not recommended, it is possible to use one RDS gateway for multiple RDS farms, each with their own broker. In this case, the RDG must use the same FQDN in all deployments, and you should only make changes to its configuration from only one of the deployments.

In 2012, it is not possible to use one RDS WebAccess to service multiple brokers. It can only be used on a single deployment. Attempting to add the WebAccess server to another deployment will overwrite the configuration of the first deployment.

A better approach would be to create a single deployment with an RDS WebAccess, RDG and broker (single or HA), and add your "different deployments" as collections to the broker.  ...
by lunarg on May 23rd 2016, at 15:27
Internet Explorer 8 is the last version for Windows XP and 2003, but with them no longer being supported, the download links have been removed as well, making it difficult to download and install it. Although XP and 2003 are quite outdated, certain scenarios still require the use of XP and/or 2003.

A default install of XP/2003 contains Internet Explorer 6, so not being able to download IE8 would result in those systems running an even more outdated and unsecure browser. While IE8 isn't that much better, I consider it a tiny bit more secure, hence this article...

For the moment, the standalone installation files still exist on the Microsoft servers, but they are no longer linked to from the  ...
by lunarg on April 26th 2016, at 16:56
If you have an encrypted DMG on Mac and you need to access the contents on a Windows machine, you can use HFSExplorer!

Similar to Microsoft's Bitlocker, you can also encrypt entire drives/partitions with a high-grade security algorithm. And just like Bitlocker can encrypt virtual harddisks (VHD), Mac can encrypt volumes stored in a DMG. Out of the box, the two technologies are not at all compatible. But there are some third-party tools out there which allow you to access encrypted DMGs from Windows.

HFSExplorer is an open-source utility on Windows which can open any type of DMG and also supports opening encrypted DMGs. To install the software, you will need to have 32-bit Java installed (d  ...
by lunarg on April 22nd 2016, at 11:09

You may encounter the problem with Windows Update to take an extreme amount of time to search for updates. Additionally, the Windows Update process (part of svchost.exe) runs at 100% CPU time and uses a large amount of memory.

You can resolve this by installing the optional KB3102810.

If you are installing a fresh copy of Windows 7 / 2008R2, it is also highly recommended to install KB3112343 before searching for other updates. This considerably speeds up the search for updates.

by lunarg on April 21st 2016, at 16:43
During the installation of ADMT PES (Password Export Server), the installer reports the encryption key password is wrong, even though you're absolutely sure it's the correct password. Although KB2004090 states this is for 3.1, the problem also exists on 3.2.

The reason for this is that the MSI installer does not elevate the session. If you are not logged on with the Administrator-account, the elevation does not occur automatically and the error mentioned above will appear, without any mention of elevation requirements.

To work around the issue, you can follow the steps below. This will ensure the MSI installer runs in an elevated session and the installation will continue as normal. Altern  ...
by lunarg on April 20th 2016, at 15:47
A few steps to enable management of your Office 365 subscription using Powershell. One uses Powershell because not all configuration is available through the Office 365 Portal, and it's also useful for automation.

UPDATE (2016-04-20): updated links and information.

Download and install the Microsoft Online Services Sign-In Assistant.This is required in order to be able to sign in to Office 365.

Download and install Azure Active Directory Module for Windows PowerShell (64-bit version).Note: 32-bit users, see below.

Optionally, you can also download and install modules to manage Sharepoint Online and Skype for Business Online.

32-bit Azure AD Module
From October 20, 2014, the Azure Ac  ...
by lunarg on April 8th 2016, at 16:16

Windows checks its access to the internet by performing an HTTP GET to the following URL:

http://www.msftncsi.com/ncsi.txt

If the request succeeds, Windows determines that the connection to the internet is up. The mechanism uses whatever has been set up as an internet connection and will also use any configured proxy.

by lunarg on March 17th 2016, at 13:30
There are a variety of methods to enable Remote Desktop and Remote Management from a script. This is particularly useful if you have many Core Servers and no SCCM or some other deployment system.

Powershell:

(Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\terminalservices).SetAllowTsConnections(1,1)Set-ExecutionPolicy Unrestricted -ForceEnable-PSRemoting -Force

This enables Remote Desktop with NLA (first param), adjust the required firewall rules (second param), and finally, enables Remote Management.

Batch:

cscript %windir%\system32\scregedit.wsf /ar 0cscript %windir%\system32\scregedit.wsf /cs 1

Like the PS variant, this enables Remote Desktop while the second line   ...
by lunarg on March 14th 2016, at 09:51

It is currently not possible to directly map a drive letter to a redirected folder when connecting to a server using Microsoft RDP. Most programs do not require a drive letter but in case you do need a "local path", you can create a symlink in order to achieve this.

MKLINK /D C:\MyFolder \\tsclient\MyFolder

This will create a "symlinked" folder on your C-drive, which you can then use to work with files and folders of the redirected folder. The symlink is persistent across reboots.

by lunarg on February 18th 2016, at 14:55

You may get the following error when trying to uninstall HP Client Security:

Error 1325: Hewlett-Packard is not a valid short file name.

The solution, albeit a very odd one, is to disable all CD/DVD drives on your HP system through Device Manager (Start → Run → devmgmt.msc).

After the uninstallation, you can re-enable the device.

by lunarg on February 11th 2016, at 15:08

You can turn off the highlighting of new and recently installed programs in Start menu/Start Screen. There's no direct group policy but you can use a GPP to insert a registry value that does the same thing:

  • Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • Name: Start_NotifyNewApps
  • Type: DWORD (32-bit)
  • Value: set to 0 to turn off highlighting, set to 1 to turn it back on.
by lunarg on February 11th 2016, at 12:42
Windows XP SP3 and the latest supported Remote Desktop client update should support Network Level Authentication (NLA). But, when connecting to an RDS server with NLA enabled, you may still get the following error:

Remote Desktop Connection
The remote computer requires Network Level Authentication, which your computer does not support. For assistance, contact your system administrator or technical support.

NLA support requires the following on your computer:

Windows XP Service Pack 3

The latest version of the RDC: Remote Desktop client v7.0, although the 6.1 update will also work.

The component which takes care of NLA, called Credential Security Support Provider (CredSSP) is not enabled  ...
by lunarg on January 22nd 2016, at 11:53

After uninstalling Malwarebytes Anti-Malware from a domain-joined computer, you may get the following error each time the computer reboots:

BusinessMessaging.exe - System Error
The program can't start because Qt5Widgets.dll is missing from your computer. Try reinstalling the program to fix this problem.

To resolve the issue, you need to manually remove a registry key using regedit:

  • On 32-bit, navigate to the key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • On 64-bit, navigate to the key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

Remove the value with name Malwarebytes Anti-Malware.

by lunarg on January 12th 2016, at 10:22
When updating the ADMX Central Store from Windows 10 to Windows 10 v1511, you may encounter the following error when attempting to view or edit group policies:

Administrative Templates
Namespace ‘Microsoft.Policies.WindowsStore’ is already defined as the target namespace for another file in the store.

File \\domain.fqdn\SysVol\domain.fqdn\Policies\PolicyDefinitions\WinStoreUI.admx, line 4, column 80

A similar problem is referenced in KB 3077013 but basically also applies to this issue:

On a domain controller, using Explorer, navigate to the ADMX Central Store:...\SYSVOL\domain\Policies\PolicyDefinitions

Delete the file WinStoreUI.admx and all occurances of WinStoreUI.adml (under each la  ...
by lunarg on January 12th 2016, at 10:20
When updating the ADMX Central Store from Windows 10 to Windows 10 v1511, you may encounter the following error when attempting to view or edit group policies:

Administrative Templates
Namespace ‘Microsoft.Policies.WindowsStore’ is already defined as the target namespace for another file in the store.

File \\domain.fqdn\SysVol\domain.fqdn\Policies\PolicyDefinitions\WinStoreUI.admx, line 4, column 80

A similar problem is referenced in KB 3077013 but basically also applies to this issue:

On a domain controller, using Explorer, navigate to the ADMX Central Store:folder containing SYSVOL\SYSVOL\domain\Policies\PolicyDefinitions

Delete the file WinStoreUI.admx and all occurances of WinStoreU  ...
 
showing posts tagged with 'windows'