Category Archives: Windows 10

Windows 10 | Stubborn Account Lockouts

Issue: User account is constantly getting locked out, Credential Manager shows no cached passwords. There are situations where the NT LOCAL SYSTEM context stores passwords that are not visible in Credential Manager view

Resolution (Requires PSExec Tool): 

  1. Run: 
    psexec -i -s -d cmd.exe
  2. Run:
    rundll32 keymgr.dll,KRShowKeyMgr
  3. Different Credential Manager view is displayed (Running under SYSTEM context)
  4. Remove any entry that is present on this list.

Syntax: 

-i = Run the program so that it interacts with the desktop of the specified session on the remote system.

-s = Run remote process in the System account.

-d = Don’t wait for application to terminate. Only use this option for non-interactive applications.

Windows Spotlight Background | Image not rotating/changing

Windows Spotlight Background/Image not rotating correctly? My Windows 10 background image was stuck on the same photo. Windows’ Content Delivery Manager should change the image every 1-2 days.

Delete Spotlight Assets

Delete all files in the image location:

“%USERPROFILE%/AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets”

Reset Windows Spotlight Settings

Delete the settings.dat and roaming.lock files in the setting location:

“%USERPROFILE%/AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings”

After removing the files spotlight should appear blank until after a reboot.

Windows | System “Recovery Partition” After Upgrade

After a Windows 10 or Windows Server (2016/2019) upgrade a new system “recovery partition” gets created at the tailend of the C:\ this isn’t usually a problem for physical machines but for VM it can cause some issues if you wish to “extend” the VDMK/Partition size.

You can quickly remove the partition using “diskpart” and continue your extend. From what I’ve seen this shouldn’t cause any major issues. To be honest we rarely use any of the Windows features for restores as snapshot and backup usually fix them.

diskpart
list disk 
select disk X
list partition 
select partition X
delete partition override

Before:

After:

Windows 7/10 | Remotely logoff user (Instantly)

Useful in the event of having to log someone off remotely. (i.e. if a users AD account has been disabled and you want to prevent them from using the system urgently)

You must have local administrator access to complete this. This process will logoff the user instantly.

Run CMD (As Administrator)
Obtain the session ID:

quser /server:COMPUTERNAMEHERE

Logoff session ID:

logoff ID /server:COMPUTERNAMEHERE

Example

Enable ICMP (Ping) & WMI | CMD Line

Without enabling ICMP ping requests will not get a reply from the server.

Enable ICMP using “netsh firewall” (Old Method):

netsh firewall set icmpsetting 8

Enable ICMP using “netsh advfirewall” (New Method):

netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow

Enable WMI using “netsh advfirewall” (New Method):

netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes