Home » Computers

Category Archives: Computers

Clear “local cached” GPO settings

Sometimes, especially after a Domain migration, old GPOs remain cached on a client computer.
To remove those cached GPO files follow these steps: (more…)

WSUS Fails Initialization

Windows Server Update Services fails to start with a fairly generic error message.

  • Run elevated Command Prompt and issue the following command:

"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing

  • Restart “WSUS Service”

Windows Network Profile Registry Keys

This is the registry key path to a Windows computer’s network profiles:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
The network profiles are for both wired and wireless connections.
The DWORD Category value sets type of connection:
0 = Public (sharing disabled)
1 = Private (home, sharing enabled)
2 = Domain (AD, sharing enabled)

The Domain connection type also needs the DWORD Managed value set to 1 and the the DWORD NameType set to 6.

FYI: The biggest impact and usage for these three network types is to control the Windows Firewall (wf.msc) rules.

To change the network Category using PowerShell see this article:
http://windowsitpro.com/powershell/how-force-network-type-windows-using-powershell

Enable Windows PIN Sign-In

If a Windows 8.x/10 computer is joined to an Active Directory domain then the User Account “PIN sign-in” option is disabled (not Configured) by default. You can set it in either a domain or local Group Policy Object (GPO). It can also enabled on a local computer via a registry key setting.

For Local Group Policy run [Win+R] gpedit.msc and under Local Computer Policy expand the tree to:
Computer Configuration\Administrative Templates\System\Logon
Change the Turn on convenience PIN sign-in setting to Enabled.
(more…)

Windows Search

Advanced Query Syntax

Desktop Search Syntax

A search query can include one or more keywords, with Boolean operators and optional criteria. These optional criteria can narrow a search based on the following:

  • Scope or data store in which files reside
  • Kinds of files
  • Managed properties of files

The optional criteria, described in greater detail following, use the following syntax:

<scope name>:<value>

<file kind>:<value>

<property name>:<value>

Suppose a user wants to search for a document containing the phase “last quarter,” created by John or Joanne, and that the user saved to the folder mydocuments. The query may look like this:

"last quarter" author:(john OR joanne) foldername:mydocuments (more…)

Create the Key Distribution Services KDS Root Key

Create the “KDS Root Key” for use with Managed Service Account (MSA) and Group Managed Service Accounts (gMSA). Use the New-KdsRootKey PowerShell cmdlet for set up and initialize the KDS root key.

  1. On the Windows Server 2012 domain controller, run the Windows PowerShell from the Taskbar. (I normally run it as Administrator.)
  2. At the Windows PowerShell, type the following command, and then press ENTER:
    Add-KdsRootKey –EffectiveImmediately

The domain controllers will wait up to 10 hours from time of creation to allow all domain controllers to converge their AD replication before allowing the creation of a gMSA. The 10 hours is a safety measure to prevent password generation from occurring before all DCs in the environment are capable of answering gMSA requests. If you try to use a gMSA too soon the key might not have been replicated to all Windows Server 2012 DCs and therefore password retrieval might fail when the gMSA host attempts to retrieve the password. gMSA password retrieval failures can also occur when using DCs with limited replication schedules or if there is a replication issue.

Even if there is only one DC you still have to wait the 10 hours.  If you don’t want to wait you can refer to the Microsoft TechNet article this information was taken from: https://technet.microsoft.com/en-us/library/jj128430.aspx

Enable Virtualization on Dell Optiplex 755

If you want to use Microsoft Hyper-V or Oracle VirtualBox on a Dell OptiPlex 755 system you will need to make/confirm  four (4) specific BIOS setttings.

In the BIOS Setup [F2] change or confirm the following settings if you are receiving errors that the computer does not support virtualization.

  1. Performance -> Virtualization = On
  2. Performance -> VT for Direct I/O Access = On
  3. Performance -> Trusted Execution = Off
  4. Security -> Execute Disable = On

SQL MSA and gMSA info

“Managed Service Account” (MSA) and “Group Managed Service Account” (gMSA) articles:
   and

WinX Menu

Starting with Windows 8 Microsoft has a replacement/alternative “start menu” that is accessible via the Windows+X key.
If the Windows+X, or right-click Start, does not work then check path to these files/folders/apps menu items at: %LOCALAPPDATA%\Microsoft\Windows\WinX
If that folder does not exist try copying it from another user’s home/profile path.

To restore the “Start” button and menu options you can try this one liner from an “Administrator Command Prompt”:

dism.exe /online /Cleanup-Image /StartComponentCleanup & dism /online /cleanup-image /restorehealth & sfc /scannow & pause

Firefox and weak ephemeral Diffie-Hellman key

You can work around the Firefox browser security warning “SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)” by referring to this Mozilla Q&A post:

https://support.mozilla.org/en-US/questions/1066238

The short version:

Workaround for Firefox 39 and above:

  1. In FireFox, enter “about:config” in the URL field and press enter
  2. Accept the “This might void your warranty!” warning
  3. In the search field at the top, enter “security.ssl3.dhe_rsa_aes
  4. Double click each result (128 and 256) to toggle the Value to “false

Now retry your site – it should work now. Remember to change these settings back when you’re done.

Cisco Unified Communications Documentation

Cisco Unity Connection doc pages:
Cisco Unity Connection Products Maintenance Guides List

Azure Website 301 Redirect

Stack Overflow post about 301 Redirects

Link: stackoverflow.com questions: azure website 301 redirect

Cisco Simulator

The Cisco Network Simulator, Router Simulator & Switch Simulator

The Boson NetSim Network Simulator is an application that simulates Cisco Systems’ networking hardware and software and is designed to aid the user in learning the Cisco IOS command structure.
http://www.boson.com/

Scan Directly to Web Application

SerialMagic How To: Scan data directly to Web applications

Active Directory Federation Services Farm

When to Create a Federation Server Farm

CUCM and CCX – Change IP Address

Changing the IP Address and Hostname for Cisco Unified Communications Manager, Release 9.1(1)

Changing the IP Address and Hostname for Cisco Unified Communications Manager, Release 9.0(1)

Settings for Cisco Unified CCX Release 9.0(1)

Dynamic Distribution Groups and Exchange Hybrid Problems

DirSync does not replicate Dynamic Distribution Groups between the cloud and the on premise servers.

dynamic distribution groups not showing on Office 365 users GAL

How to Find a Lost, Missing, Hidden or Removed Network Card

How to Find a Lost, Missing, Hidden or Removed Network Card (NIC) or Other Device and Even Remove it

Microsoft NPS with Cisco Equipment Using RADIUS

See this article: Integrating Cisco devices CLI access with Microsoft NPS/RADIUS

Should be cheaper than Cisco’s ACS or ISE systems for small to medium 50-1000 user/computer  organizations.

Think about PCI/DSS (3.0) when analyzing cost/risk/liability/brand reputation.

TLS Certificate for Windows 8/8.1 Remote Desktop Service

# —————————————
# Remote Desktop Service (RDS) certificate for Windows VERSION 6.2 and 6.3
# This works on Windows 7, 8, and 8.1 Professional and Enterprise Editions, for both 32-bit and x64 CPUs.
# —————————————

# All of this required Administrator level “elevated” privileges. If you don’t know what that means or how to get an “Administrator:Command Prompt” then stop and find a different guide.

# 1) Add SHA1RSA certificate to “Run” -> certlm.msc -> Certificates Local Computer -> Personal -> Certificates
# 1.1) Windows 7 does not have certlm.msc. Use mmc.exe and the Certificates snap-in for the “local computer” and then continue on to step 2).

# 2) Get the cert hash(sha1) “thumbprint”
# Example:
certutil.exe –store my example.com | findstr /r "Subject: Cert.Hash"
# Subject: CN=*.example.com, OU=Domain Control Validated
# Cert Hash(sha1): ff 65 98 ff d0 a9 ff f1 70 ff 53 2b ff dd 3d ff eb 22 ff 0a

# 3) Verify the subject line is the correct certificate and then cleanup the “thumbprint” hash by removing all space characters

# 4) The networkdriver has the right to read the sha1 thumbprint of the certificate from a BINARY registry key:
# HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SSLCertificateSHA1Hash = <thumbprint>
# Example reg hack
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v "SSLCertificateSHA1Hash" /t REG_BINARY /d ff6598ffd0a9fff170ff532bffdd3dffeb22ff0a

# Only change this only as a last resort!
# 5) The revocation-list may need to be constrained to the local list with DWORD key if no CRL is available.
# HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors = 1
# Example reg hack
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Credssp" /v "UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors"/t REG_DWORD /d 1