• Category Archives Windows
  • RDP (Remote Desktop) to Windows 10 with Microsoft Account Not Working

    I recently re-installed the OS on my Laptop and immediately had an issue connecting to it remotely using my Microsoft Account credentials. I knew this worked before and I was not getting any intelligent errors regarding the failure to connect.

    After doing the normal google search and reading over multiple articles and ways others have tried to fix this I stumbled across an obscure post that told me to login into Windows at least once with your MS Account password instead of the standard PIN or Windows Hello authentication that Windows 10 uses as default.

    After logging in one time with my MS Account password, voila, the RDP connection started working. Hopefully this helps anyone else out there that is having this issue.


  • Remotely managing Hyper-V server not on domain

    So I decided to downsize my environment and got rid of my desktop, server and multiple other devices. So all I have now is my Alienware laptop and an old desktop I built with Server 1709 to play around with. Well since i no longer have a Domain, I was having major problems connecting to it remotely from my laptop.

    Luckily I stumbled on to this post that walked me through the security setup and I’m now good to go.

    Quick and Dirty commands but keep in mind this adds ALL to the trustedhosts. If you want to lock it down, change * to “FQDN-HyperV-Server”

    On Hyper-V Server:

    • Open Powershell session as Admin
    • Enable-PSRemoting
    • Enable-WSManCredSSP -Role server

    On Computer you want to manager Hyper-V Server from:

    • Start Windows Remote Management Service and set to automatic
    • Open Powershell session as Admin
    • Set-Item WSMan:\localhost\Client\TrustedHosts -Value *
    • Enable-WSManCredSSP -Role client -DelegateComputer *
    • You might also need to configure the following group policy:
      • Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow delegating fresh credentials with NTLM-only server authentication
      • Click Enable and add wsman/fqdn-of-hyper-v-host.

  • Unable to connect to Admin$ shares with local accounts

    When trying to access the admin shares on my systems, after removing them from the domain, I found that only the local administrator account was able to access them. It seems this is by design and you need to turn off Remote UAC from the registry.

    Here is the article: https://support.microsoft.com/en-us/help/951016/description-of-user-account-control-and-remote-restrictions-in-windows

     


  • Server 2008 profile deletion

    I know we’ve all done this before.. Playing around with GPO’s, scripts or what have you and want to start out fresh so we delete the user profile directory under C:\Documents and Settings\<user name> to force the creation of a new profile directory. My colleague went to do that exact same thing on a Windows Server 2008 and that’s when I found out it’s not that easy on Server 2008.

    After doing some searching I found this blog entry by Helge Klein.

    It looks like Microsoft has now added a registry key that keeps track of the user profiles and their paths, among other things, and by deleting the directory alone you only solve half the issue and will get profile errors every time that user tries to log in. You will get the unable to load profile error and a new directory, usually C:\USERS\TEMP, will be created for that user.

    If you have done this, the easiest way to do this is go to this reg key, 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    highlight each sub key until you find the "ProfileImagePath" that matches the one your deleted and then delete that key. I also found that you would have to reboot the server in order to complete this fix.

    In future the best way to delete the profile is to go My Computer –> Properties –> Advanced System Settings –> User Profiles Settings and then delete the profile from there.


  • Convert accountExpires attribute in AD to date

    If you’ve ever exported the accountExpires attribute from AD you’ll notice that it’s an 64-bit number. It represents the number of 100-nanosecond intervals since 12:00 AM January 1, 1601 in UTC. What this means is that it’s practically impossible to read unless your a math genius. 😉

    Here is a quick VBS script that will take that number and convert it to a real date:

    Dim WshShell, oExec, objArgs, exe, work
    Set WshShell = CreateObject("WScript.Shell")
    Set objArgs = Wscript.Arguments
    if objArgs.count = 0 Then
    Wscript.Echo "FileTime argument required"
    Wscript.Quit
    end If
    exe = "w32tm.exe /ntte " & objArgs(0)
    set oExec = WshShell.Exec(exe)
    Do While oExec.Status = 0
    WScript.Sleep 100
    Loop
    work = Split(oExec.StdOut.Read(60))
    Wscript.Echo work(3) & " " & work(4)

    Just copy and paste this into notepad and save as finddate.vbs. Then just run "finddate.vbs <accountExpires value>"

    Finddate.vbs 128674944000000000

    Would result in this pop up:

    date.jpg


  • Replace Notepad with Notepad2

    I find that Notepad2 from www.flos-freeware.ch is a vast improvment on the notepad that ships with Windows.

    But as usual MS has made it very difficult to replace any system file so here’s a quick and easy way to replace your regular notepad with notepad2.

    1. First download Notepad2 and extract it.
    2. Rename notepad2.exe to notepad.exe
    3. Open Explorer and navigate to %systemroot%\ServicePackFiles\I386
    4. Rename notepad.exe in that folder to notepad.exe.old and copy the new notepad.exe
    5. Do the same for %systemroot%\system32\dllcache and %systemroot%\system32

    You will need to ensure that you have "Display contents of system folders" and "Show hidden files and folders" checked and "Hide protected operating ssytem files" unchecked.

    When you make the switch you may get a pop up warning you that some system files maybe be changed, just cancel and and your good to go.


  • Easy way to get Display name from list of UserID’s from AD

    This is a quick one line command that I created to return a list of Display names when all I had was UserID’s.

    It’s a simple DSQUERY command piped into a DSGET to return the Display Name and SAMID of the user. Just have a look of at the DSGET command you can see all the different attributes that i can return for you.

    First you need a text file with UserID’s one per line. Then just open a command prompt in the same directory where you have the text files and run this command, don’t forget to change the USERID.TXT to the name of your text file:
     

    FOR /F %i in (userid.txt) DO DSQUERY user -samid %i | DSGET user -display -samid >> displayname.txt

    You’ll now find a text file in that directory named displayname.txt with all your Display Names.