Category Archives: Microsoft

Windows 10 | Stubborn Account Lockouts

Issue: User account is constantly getting locked out, Credential Manager shows no cached passwords. There are situations where the NT LOCAL SYSTEM context stores passwords that are not visible in Credential Manager view

Resolution (Requires PSExec Tool): 

  1. Run: 
    psexec -i -s -d cmd.exe
  2. Run:
    rundll32 keymgr.dll,KRShowKeyMgr
  3. Different Credential Manager view is displayed (Running under SYSTEM context)
  4. Remove any entry that is present on this list.

Syntax: 

-i = Run the program so that it interacts with the desktop of the specified session on the remote system.

-s = Run remote process in the System account.

-d = Don’t wait for application to terminate. Only use this option for non-interactive applications.

Gmail POP3 Setup in Outlook Desktop using Google “App Password”

In order to use the old school method of POP3 (Yes there are some crazy systems still using this) you need to use a different one time password which bypasses the two factor authentication… The tricky part is where to find this setting!

  1. Google Security
  2. “2-Step Verfication” (Scroll to the bottom)
  3. “App Passwords” (Generate a specific password for POP3 (Or any other service needed)

Screenshot showing where to locate the App Password settings for POP3 configuration in Outlook

Saving Windows Disk Space | Windows System Cleanup

Although nowadays HDD space is a cheap commodity there is always a Windows C:\ running somewhere with a partition that is busting at the seams and ready to explode. I’ve seen it too many times…

As there are a number of common culprits for these space eating monsters I’m going to post the fixes here in one sweet spot, the “Windows System Cleanup” post.

Windows “Hiberfil.sys”

Hibernate mode uses the hiberfil.sys file to store the current state (memory) of the PC on the hard drive and the file is used when Windows is turned back on.
Always a cause of taking up C:\ the easiest option is to switch it off. Use the following command line to disable:

Enter "powercfg.exe -h off"

Pagefile.sys is a windows system file used as a swap file and was designed to improve performance. Windows uses it as memory location in case the application you’re running ends up needing more RAM than you actually have. This file is stored on the C:\ root but can take up space. Best option is to move it or reduce it (Reducing isn’t really a recommended option)

  1. Right click on ‘PC’.
  2. Left click on ‘Properties’.
  3. Left click on ‘Advanced system configuration’.
  4. If needed, left click on ‘OK’.
  5. Select ‘Advanced options’ tab.
  6. Left click on ‘Configuration’ inside ‘Throughput’.
  7. Select ‘Advanced options’ tab.
  8. Left click on ‘Change’ inside ‘Virtual memory’.
  9. Edit your preferences.
  10. Close all the opened windows by accepting.

Windows “Search” Folder

?

Windows “WINSXS” Folder

Reference this post: Saving Windows Disk Space | Reducing Size of WINSXS folder | Server 2008 R2

Windows Shadow Copies

Shadow copies take up space in C:\System Volume Information (Hidden Folder) They can be reduced or completely deleted using VSSAdmin

Shows Shadow Copy Versions:

vssadmin list shadowstorage

Deletes all Shadow Copies:

vssadmin delete shadows /all

BranchCache “PeerDistRepub” folder

BranchCache is basically a cached version of updates from Microsoft. Folder can be flushed/cleared using netsh
Check Cache

netsh branchcache show status all

Flush Cache

netsh branchcache flush

Uninstall BranchCache Feature (PowerShell)

Uninstall-WindowsFeature Branchcache

Windows Spotlight Background | Image not rotating/changing

Windows Spotlight Background/Image not rotating correctly? My Windows 10 background image was stuck on the same photo. Windows’ Content Delivery Manager should change the image every 1-2 days.

Delete Spotlight Assets

Delete all files in the image location:

“%USERPROFILE%/AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets”

Reset Windows Spotlight Settings

Delete the settings.dat and roaming.lock files in the setting location:

“%USERPROFILE%/AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings”

After removing the files spotlight should appear blank until after a reboot.

Windows | Increase System Partition Size Remotely PS

After increasing a virtual machine VMDK size you need to also resize this partition in Windows.

This can be completed remotely using PowerShell. There are various methods to run this but I prefer to use “Server Management” and admin the machines from here. you can run “PowerShell” on a remote session to run the script below.

This process will increase the C:\ partition to use all space that has been allocated by VMware. (Replace -DriveLetter with the required drive)

There are various methods (this is just one of them) 


Update-HostStorageCache
$size = Get-PartitionSupportedSize -DriveLetter C
Write-Output $size
Resize-Partition -DriveLetter C -Size $size.SizeMax -Verbose
Write-Output "Drive Extension Complete!"

Exit-PSSession

Windows | 3 Methods to “Unauthorised” DHCP server

There’s a couple of ways to “unauthorised” a DHCP server in Active Directory. Sometimes AD can get in a twist and says “the DHCP can’t be authorised” as it’s already been authorised. This could be potentially related to replication time but the steps below will help you check.

Via the DHCP MMC GUI -> Right click -> “Manage Authorised Servers”

Via CLI

Show authorised list (basically what you see in the GUI)

Netsh DHCP show server

Remove entry: (Netsh DHCP delete server ServerFQDN ServerIP address)

Netsh DHCP delete server 2003-dc1.contoso.com 10.1.192.92

Via ASDIedit MMC

Adding DNS Alias | Replacing File Server

When replacing a file server with new server and new name you probably want to keep the old name and add a redirect. Originally, I thought this was a simple “change the DNS IP” and job done but there’s a little bit more to it than just that!

1) Locate OLDSERVER entry in DNS and delete it.

2) If the OLDSERVER server AD object still exists, you need to delete it. Failing to remove the old computer object will result in this error:

Unable to add NEWSERVER.
as an alternate name for the computer.
The error is: Cannot create a file when that file already exists.
The command failed to complete successfully.

3) Run this command to add the server alias:

netdom computername NEWSERVER /add:OLDSERVER

Note: if you have subdomains in use (sub.domain.com) then you need to specifically define this overwise the object will add “oldserver.domain.com” rather than “oldserver.sub.domain.com”

4) Register the machine in DNS

IPConfig /RegisterDNS

5) Run this command to check the aliases are shown on the machine

netdom computername NEWSERVER /enum

6) Final check to show what SPF entries have been created:

setspn -l NEWSERVER

Ref: https://support.microsoft.com/en-gb/help/3181029/smb-file-server-share-access-is-unsuccessful-through-dns-cname-alias

Netdom: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc835082(v=ws.10)

Original Post: https://blogs.technet.microsoft.com/askpfeplat/2017/06/19/using-computer-name-aliases-in-place-of-dns-cname-records/

Windows | DHCP PowerShell Options (Cheatsheet)

Managing DHCP on DHCP server:

Add-WindowsFeature -Name DHCP –IncludeManagementTools

Managing DHCP on remote host:

Add-WindowsFeature RSAT-DHCP

Powershell DHCP Module:

Import-Module DhcpServer

Get all DHCP servers in AD

Get-DhcpServerInDC

Get DHCP scope configuration

Get-DhcpServerv4Scope –ComputerName <DHCPServerName>

Get DHCP reservations on scope:

Get-DhcpServerv4Reservation -ComputerName <DHCPServerName> -ScopeId <ScopeID>

Import/Export DHCP Scopes

netsh dhcp server export C:\temp\DHCP.txt all
netsh dhcp server import C:\temp\DHCP.txt all

Note: The temp folder needs to be created

Check DHCP Replication Failover Status

Get-DhcpServerv4Failover -ComputerName <DHCPServerName>

Reference:
https://technet.microsoft.com/en-us/library/jj590708(v=wps.630).aspx

Windows | Remote Management “Could not start Virtual Disk Service (VDS)”

To avoid this error when you remotely managing another servers virtual disks (From “Server Management” you need to follow some steps

Disk Management could not start Virtual Disk Service (VDS) on SERVER-NAME. This can happen if the remote computer does not support VDS, or if a connection cannot be established because it was blocked by Windows Firewall.

For additional information about diagnosing and correcting this problem, see Troubleshooting Disk Management in Disk Management Help.

Step1: 

Check Virtual Disk Service is started on BOTH the local and remote system

Powershell:

Start-Service -Name "vds"

CMD:

net start vds

Step2: 

Add firewall exceptions on BOTH the local and remote system. VOILA! WORKING WITHOUT ANY ERRORS 🙂

netsh advfirewall firewall set rule group="Remote Volume Management" new enable=yes

Step3: 

Use “Server Manager” to connect remotely and access the disk management properties on the remote machine.

no images were found

Windows | System “Recovery Partition” After Upgrade

After a Windows 10 or Windows Server (2016/2019) upgrade a new system “recovery partition” gets created at the tailend of the C:\ this isn’t usually a problem for physical machines but for VM it can cause some issues if you wish to “extend” the VDMK/Partition size.

You can quickly remove the partition using “diskpart” and continue your extend. From what I’ve seen this shouldn’t cause any major issues. To be honest we rarely use any of the Windows features for restores as snapshot and backup usually fix them.

diskpart
list disk 
select disk X
list partition 
select partition X
delete partition override

Before:

After:

Windows Dedup | Cheat Sheet

Get dedup status:

Get-DedupStatus

Get dedup status formatted & additional info:

Get-DedupStatus | fl

Get dedup status for specified volumes:

Get-DedupStatus -Volume "D:","F:"

Show Dedup Metadata (How deduplication is being used) on the server:

Get-Dedupmetadata

Show Dedup Metadata for specified volumes:

Get-Dedupmetadata D:

Enable Dedup Job:

Start-DedupJob D: -Type Optimization -Full

Disable Dedup Job:

Start-DedupJob -Type Unoptimization -Volume <Desired-Volume>

Ref: https://docs.microsoft.com/en-us/windows-server/storage/data-deduplication/whats-new

Windows Default Account Picture Logo Image | Server 2019 vs 2012/2016

Quickest way to customise the Windows logon logo/image/icon is to drop the images in this hidden folder. Images are in bmp and png format.

C:\ProgramData\Microsoft\User Account Pictures

Note: There are some subtle differences between Windows Server 2012 R2 & Server 2019

  1. Windows Server 2019 (doesn’t apply to 2016) has a symbolic link as the folder is actually called “Default Account Pictures” which redirects to “User Account Pictures”
  2. Windows Server 2019 appears to have some additional images with different sizes to Server 2012 & 2016
  • user-32.png
  • user-48.png
  • user-192.png
  • REMOVED user-200.png

Server 2012 R2

Server 2019

The icons can be set using “group policy preferences” and copying images over from a share.

 

Remove “Windows.old” using Cleanmgr CLI | Windows 10

PowerShell Script for removing the “Windows.old” folder using cleanmgr.exe command line

New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Setup Files' -PropertyType 'DWORD' -Force -Name 'StateFlags1337' -Value 0x2
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Previous Installations' -PropertyType 'DWORD' -Force -Name 'StateFlags1337' -Value 0x2
cleanmgr.exe /SAGERUN:1337

Great post on the syntax of “Cleanmgr.exe”

https://winaero.com/blog/cleanmgr-exe-command-line-arguments-in-windows-10/ 

Migrate Folder Shares | PowerShell

Basic objective, we’ve got a ton of shares which we need to move to a new server. The data has already been replicated but we need to re-share.
There are methods of doing this by exporting the registry but being a little scared of messing up the current shares and requiring a reboot I decided to do this manually…

Export list of shares on source server:

get-WmiObject -class Win32_Share -computer servername.fqdn.com | Export-Csv -Path "C:\Shares.csv"

Create shares on destination server:

Powershell:

Need the powershell command here

CMD Net Share

net share "ShareName"="D:\Path\FolderName" /grant:everyone,FULL

Reference:
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/export-csv?view=powershell-6
https://gallery.technet.microsoft.com/scriptcenter/Creates-New-Share-with-fb22d905
http://www.tomsitpro.com/articles/use-fileshare-powershell-cmdlets-server-2016,2-1053.html

SQL Firewall Rules | PowerShell

Add Windows Firewall exclusions for Microsoft SQL using PowerShell

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
#Enabling SQL Server Ports
New-NetFirewallRule -DisplayName “SQL Server” -Direction Inbound –Protocol TCP –LocalPort 1433 -Action allow
New-NetFirewallRule -DisplayName “SQL Admin Connection” -Direction Inbound –Protocol TCP –LocalPort 1434 -Action allow
New-NetFirewallRule -DisplayName “SQL Database Management” -Direction Inbound –Protocol UDP –LocalPort 1434 -Action allow
New-NetFirewallRule -DisplayName “SQL Service Broker” -Direction Inbound –Protocol TCP –LocalPort 4022 -Action allow
New-NetFirewallRule -DisplayName “SQL Debugger/RPC” -Direction Inbound –Protocol TCP –LocalPort 135 -Action allow
#Enabling SQL Analysis Ports
New-NetFirewallRule -DisplayName “SQL Analysis Services” -Direction Inbound –Protocol TCP –LocalPort 2383 -Action allow
New-NetFirewallRule -DisplayName “SQL Browser” -Direction Inbound –Protocol TCP –LocalPort 2382 -Action allow
#Enabling Misc. Applications
New-NetFirewallRule -DisplayName “HTTP” -Direction Inbound –Protocol TCP –LocalPort 80 -Action allow
New-NetFirewallRule -DisplayName “SSL” -Direction Inbound –Protocol TCP –LocalPort 443 -Action allow
New-NetFirewallRule -DisplayName “SQL Server Browse Button Service” -Direction Inbound –Protocol UDP –LocalPort 1433 -Action allow
#Enable Windows Firewall
Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow -NotifyOnListen True -AllowUnicastResponseToMulticast True

Windows Server 2016 | Remove WSUS (Completely)

Trying to completely remove WSUS isn’t as straight forward as uninstalling the role.
These steps are based on WSUS using the WID database (Not SQL)

In Summary:

  • Remove Windows Update Servers (WSUS) role & Windows Internal Database (WID)
  • Remove WSUS cache & Update Services directories
  • Remove WSUS website in IIS
  • Reboot

PowerShell:

Uninstall-WindowsFeature -Name UpdateServices,Windows-Internal-Database
Remove-Item –path D:\WSUS, C:\Windows\WID –recurse
Remove-Item –path C:\Users\MSSQL$MICROSOFT##WID
Remove-Item –path C:\Scripts, C:\Temp –recurse

Remove-Item –path C:\Program Files\Update Services –recurse 

Remove-WebSite -Name "WSUS Administration"
Restart-Computer

References: ServerFault

DFS | DFSR Removal of Staging Directory

After removing DFS shares on a server there may be some leftover files in the “DFSR” cache, this is a hidden location within the “System Volume Information”. This can be a tricky one to delete but can be completed using some CLI.

Take Ownership of folder

icacls "e:\system volume information" /grant Administrator:F

Remove Directory (Silent & whole directory tree)

rd "e:\system volume information\dfsr" /s /q

Windows 7/10 | Remotely logoff user (Instantly)

Useful in the event of having to log someone off remotely. (i.e. if a users AD account has been disabled and you want to prevent them from using the system urgently)

You must have local administrator access to complete this. This process will logoff the user instantly.

Run CMD (As Administrator)
Obtain the session ID:

quser /server:COMPUTERNAMEHERE

Logoff session ID:

logoff ID /server:COMPUTERNAMEHERE

Example