Home » Computers
Category Archives: Computers
Sometimes, especially after a Domain migration, old GPOs remain cached on a client computer.
To remove those cached GPO files follow these steps: (more…)
Windows Server Update Services fails to start with a fairly generic error message.
- Run elevated Command Prompt and issue the following command:
"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing
- Restart “WSUS Service”
This is the registry key path to a Windows computer’s network profiles:
The network profiles are for both wired and wireless connections.
Category value sets type of connection:
0 = Public (sharing disabled)
1 = Private (home, sharing enabled)
2 = Domain (AD, sharing enabled)
The Domain connection type also needs the DWORD
Managed value set to 1 and the the DWORD
NameType set to 6.
FYI: The biggest impact and usage for these three network types is to control the Windows Firewall (
To change the network Category using PowerShell see this article:
If a Windows 8.x/10 computer is joined to an Active Directory domain then the User Account “PIN sign-in” option is disabled (not Configured) by default. You can set it in either a domain or local Group Policy Object (GPO). It can also enabled on a local computer via a registry key setting.
For Local Group Policy run [Win+R] gpedit.msc and under
Local Computer Policy expand the tree to:
Computer Configuration\Administrative Templates\System\Logon
Change the Turn on convenience PIN sign-in setting to Enabled.
Advanced Query Syntax
Desktop Search Syntax
A search query can include one or more keywords, with Boolean operators and optional criteria. These optional criteria can narrow a search based on the following:
- Scope or data store in which files reside
- Kinds of files
- Managed properties of files
The optional criteria, described in greater detail following, use the following syntax:
Suppose a user wants to search for a document containing the phase “last quarter,” created by John or Joanne, and that the user saved to the folder mydocuments. The query may look like this:
"last quarter" author:(john OR joanne) foldername:mydocuments (more…)
Create the “KDS Root Key” for use with Managed Service Account (MSA) and Group Managed Service Accounts (gMSA). Use the New-KdsRootKey PowerShell cmdlet for set up and initialize the KDS root key.
- On the Windows Server 2012 domain controller, run the Windows PowerShell from the Taskbar. (I normally run it as Administrator.)
- At the Windows PowerShell, type the following command, and then press ENTER:
The domain controllers will wait up to 10 hours from time of creation to allow all domain controllers to converge their AD replication before allowing the creation of a gMSA. The 10 hours is a safety measure to prevent password generation from occurring before all DCs in the environment are capable of answering gMSA requests. If you try to use a gMSA too soon the key might not have been replicated to all Windows Server 2012 DCs and therefore password retrieval might fail when the gMSA host attempts to retrieve the password. gMSA password retrieval failures can also occur when using DCs with limited replication schedules or if there is a replication issue.
Even if there is only one DC you still have to wait the 10 hours. If you don’t want to wait you can refer to the Microsoft TechNet article this information was taken from: https://technet.microsoft.com/en-us/library/jj128430.aspx
If you want to use Microsoft Hyper-V or Oracle VirtualBox on a Dell OptiPlex 755 system you will need to make/confirm four (4) specific BIOS setttings.
In the BIOS Setup [F2] change or confirm the following settings if you are receiving errors that the computer does not support virtualization.
- Performance -> Virtualization = On
- Performance -> VT for Direct I/O Access = On
- Performance -> Trusted Execution = Off
- Security -> Execute Disable = On
Starting with Windows 8 Microsoft has a replacement/alternative “start menu” that is accessible via the Windows+X key.
If the Windows+X, or right-click Start, does not work then check path to these files/folders/apps menu items at: %LOCALAPPDATA%\Microsoft\Windows\WinX
If that folder does not exist try copying it from another user’s home/profile path.
To restore the “Start” button and menu options you can try this one liner from an “Administrator Command Prompt”:
dism.exe /online /Cleanup-Image /StartComponentCleanup & dism /online /cleanup-image /restorehealth & sfc /scannow & pause
You can work around the Firefox browser security warning “SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)” by referring to this Mozilla Q&A post:
The short version:
Workaround for Firefox 39 and above:
- In FireFox, enter “about:config” in the URL field and press enter
- Accept the “This might void your warranty!” warning
- In the search field at the top, enter “security.ssl3.dhe_rsa_aes“
- Double click each result (128 and 256) to toggle the Value to “false“
Now retry your site – it should work now. Remember to change these settings back when you’re done.
Cisco Unity Connection doc pages:
Cisco Unity Connection Products Maintenance Guides List
Stack Overflow post about 301 Redirects
The Cisco Network Simulator, Router Simulator & Switch Simulator
The Boson NetSim Network Simulator is an application that simulates Cisco Systems’ networking hardware and software and is designed to aid the user in learning the Cisco IOS command structure.
DirSync does not replicate Dynamic Distribution Groups between the cloud and the on premise servers.
See this article: Integrating Cisco devices CLI access with Microsoft NPS/RADIUS
Should be cheaper than Cisco’s ACS or ISE systems for small to medium 50-1000 user/computer organizations.
Think about PCI/DSS (3.0) when analyzing cost/risk/liability/brand reputation.
# Remote Desktop Service (RDS) certificate for Windows VERSION 6.2 and 6.3
# This works on Windows 7, 8, and 8.1 Professional and Enterprise Editions, for both 32-bit and x64 CPUs.
# All of this required Administrator level “elevated” privileges. If you don’t know what that means or how to get an “Administrator:Command Prompt” then stop and find a different guide.
# 1) Add SHA1RSA certificate to “Run”
-> certlm.msc -> Certificates Local Computer -> Personal -> Certificates
# 1.1) Windows 7 does not have
certlm.msc. Use mmc.exe and the Certificates snap-in for the “local computer” and then continue on to step 2).
# 2) Get the cert hash(sha1) “thumbprint”
certutil.exe –store my example.com | findstr /r "Subject: Cert.Hash"
# Subject: CN=*.example.com, OU=Domain Control Validated
# Cert Hash(sha1): ff 65 98 ff d0 a9 ff f1 70 ff 53 2b ff dd 3d ff eb 22 ff 0a
# 3) Verify the subject line is the correct certificate and then cleanup the “thumbprint” hash by removing all space characters
# 4) The networkdriver has the right to read the sha1 thumbprint of the certificate from a BINARY registry key:
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SSLCertificateSHA1Hash = <thumbprint>
# Example reg hack
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v "SSLCertificateSHA1Hash" /t REG_BINARY /d ff6598ffd0a9fff170ff532bffdd3dffeb22ff0a
# Only change this only as a last resort!
# 5) The revocation-list may need to be constrained to the local list with DWORD key if no CRL is available.
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors = 1
# Example reg hack
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Credssp" /v "UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors"/t REG_DWORD /d 1