It has always been a bit tedious to manage and customize Internet Explorer through group policies, especially when your network has different versions of Windows and/or different versions of Internet Explorer.
To reduce complexity of maintaining Internet Explorer in a network, since long, Microsoft has made available the Internet Explorer Administration Kit. This tool allows you to exert more control over Internet Explorer, its settings and its behaviour.
More information and downloading the IEAK: https://technet.microsoft.com/en-us/ie/bb219517.aspx
A bit of a hidden feature in Windows 8: you can actually "quit" Windows Explorer.
Right-click the (empty) taskbar while holding down Ctrl+Shift to reveal Exit Explorer as an additional menu item. Clicking it will then end Windows Explorer, leaving you with a blank screen, same as ending explorer.exe from the task manager.
You can then call up task manager (Ctrl+Shift+Esc), and start Windows Explorer again (File > Run > explorer.exe).
When attempting to log on with a domain account on a computer joined to a domain that has both 2012R2 and 2003 domain controllers, you may encounter the following error:
Additionally, an Event ID 4 on Source: Kerberos is logged. You can only log on using local accounts.
Mixed 2012R2 and 2003 AD environments require hotfix 2989971 to be installed on every 2012R2 DC. See the KB for a full explanation.
By default, it is not possible to specify passwords (the SecureString type) directly as a plain-text cmdlet parameter because it is unsecure to do so (and they are right). But sometimes, there's no other way to run a cmdlet without specifying the password as plain text as a cmdlet parameter. Luckily, there's an easy workaround by performing a conversion from plain text and store the password in a SecureString object.
$pw = ConvertTo-SecureString -String "your-pw" -AsPlainText -Force
You can then use the $pw object to specify the password in a cmdlet.
For example: resetting the password of an AD account:
Set-ADAccountPassword -Identity my-account -NewPassword $pw
You can hide user accounts from the Windows Welcome (log on) screen through the registry. This works with Vista and all later versions.
If you accidentally have misplaced or forgotten your Bitlocker Recovery key, but still have access to the system (with an elevated account), you can retrieve the recovery key quite easily through the command line:
Open an elevated command prompt and type:
manage-bde -protectors -get C:
Replace C: with any drive that has Bitlocker enabled. Note that if it's not the system volume but some other drive that's encrypted, you need to unlock it first before you can retrieve the recovery key.