Sometimes, especially after a Domain migration, old GPOs remain cached on a client computer.
To remove those cached GPO files follow these steps: (more…)
Windows Server Update Services fails to start with a fairly generic error message.
- Run elevated Command Prompt and issue the following command:
"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing
- Restart “WSUS Service”
This is the registry key path to a Windows computer’s network profiles:
The network profiles are for both wired and wireless connections.
Category value sets type of connection:
0 = Public (sharing disabled)
1 = Private (home, sharing enabled)
2 = Domain (AD, sharing enabled)
The Domain connection type also needs the DWORD
Managed value set to 1 and the the DWORD
NameType set to 6.
FYI: The biggest impact and usage for these three network types is to control the Windows Firewall (
To change the network Category using PowerShell see this article:
If a Windows 8.x/10 computer is joined to an Active Directory domain then the User Account “PIN sign-in” option is disabled (not Configured) by default. You can set it in either a domain or local Group Policy Object (GPO). It can also enabled on a local computer via a registry key setting.
For Local Group Policy run [Win+R] gpedit.msc and under
Local Computer Policy expand the tree to:
Computer Configuration\Administrative Templates\System\Logon
Change the Turn on convenience PIN sign-in setting to Enabled.
Advanced Query Syntax
Desktop Search Syntax
A search query can include one or more keywords, with Boolean operators and optional criteria. These optional criteria can narrow a search based on the following:
- Scope or data store in which files reside
- Kinds of files
- Managed properties of files
The optional criteria, described in greater detail following, use the following syntax:
Suppose a user wants to search for a document containing the phase “last quarter,” created by John or Joanne, and that the user saved to the folder mydocuments. The query may look like this:
"last quarter" author:(john OR joanne) foldername:mydocuments (more…)
Create the “KDS Root Key” for use with Managed Service Account (MSA) and Group Managed Service Accounts (gMSA). Use the New-KdsRootKey PowerShell cmdlet for set up and initialize the KDS root key.
- On the Windows Server 2012 domain controller, run the Windows PowerShell from the Taskbar. (I normally run it as Administrator.)
- At the Windows PowerShell, type the following command, and then press ENTER:
The domain controllers will wait up to 10 hours from time of creation to allow all domain controllers to converge their AD replication before allowing the creation of a gMSA. The 10 hours is a safety measure to prevent password generation from occurring before all DCs in the environment are capable of answering gMSA requests. If you try to use a gMSA too soon the key might not have been replicated to all Windows Server 2012 DCs and therefore password retrieval might fail when the gMSA host attempts to retrieve the password. gMSA password retrieval failures can also occur when using DCs with limited replication schedules or if there is a replication issue.
Even if there is only one DC you still have to wait the 10 hours. If you don’t want to wait you can refer to the Microsoft TechNet article this information was taken from: https://technet.microsoft.com/en-us/library/jj128430.aspx
If you want to use Microsoft Hyper-V or Oracle VirtualBox on a Dell OptiPlex 755 system you will need to make/confirm four (4) specific BIOS setttings.
In the BIOS Setup [F2] change or confirm the following settings if you are receiving errors that the computer does not support virtualization.
- Performance -> Virtualization = On
- Performance -> VT for Direct I/O Access = On
- Performance -> Trusted Execution = Off
- Security -> Execute Disable = On
Starting with Windows 8 Microsoft has a replacement/alternative “start menu” that is accessible via the Windows+X key.
If the Windows+X, or right-click Start, does not work then check path to these files/folders/apps menu items at: %LOCALAPPDATA%\Microsoft\Windows\WinX
If that folder does not exist try copying it from another user’s home/profile path.
To restore the “Start” button and menu options you can try this one liner from an “Administrator Command Prompt”:
dism.exe /online /Cleanup-Image /StartComponentCleanup & dism /online /cleanup-image /restorehealth & sfc /scannow & pause
DirSync does not replicate Dynamic Distribution Groups between the cloud and the on premise servers.
See this article: Integrating Cisco devices CLI access with Microsoft NPS/RADIUS
Should be cheaper than Cisco’s ACS or ISE systems for small to medium 50-1000 user/computer organizations.
Think about PCI/DSS (3.0) when analyzing cost/risk/liability/brand reputation.
These are some old and new link for managing business/enterprise Windows system deployment.
I hope to maintain and expand this list/page.
Error in DPM:
“DPM could not enumerate SQL Server instances using Windows Management Instrumentation on the protected computer”
In order to fix the error:
- Login to your database server
- Open Command Prompt and browse to C:\\Program Files (x86)\\Microsoft SQL Server\\100\\Shared
- Run the command: mofcomp sqlmgmproviderxpsp2up.mof
mofcomp C:\\Program Files (x86)\Microsoft SQL Server\\100\Shared\\sqlmgmproviderxpsp2up.mof
The Microsoft CertMgr.exe tool is included in few SDKs like the Windows SDK, Drivers SDK, and with Visual Studios. As of this writing it is a standalone executable and can simply be copied to other computers with requiring installation or other support files. (more…)
To add an IP address to the IP inclusion list
- Click Start, and then click Run.
- Type cmd, and then click OK to open a command prompt.
- Type the following, where xxx.xxx.x.x is the IP address you want to add:
httpcfg set iplisten -i xxx.xxx.x.x
When this succeeds, Httpcfg returns the following:
HttpSetServiceConfiguration completed with 0
To view additional status codes, see the Httpcfg help.
- After the IP address is added, use the following command to list it:
httpcfg query iplisten
Httpcfg returns the following:
- From the command prompt, stop the HTTP service and its dependent services. To do this, type the following string at the command prompt:
net stop http /y
- From the command prompt, restart the HTTP service and it dependent services. To do this, type the following string at the command prompt:
net start w3svc
Note When you start w3svc, all services that were stopped when HTTP was stopped will start.
To uninstall an update, run the following command:
Note The <RTMProductCodeGuid> placeholder represents one of the following GUIDs:
There has been a change to the Named Pipe path of the Window Internal Database (WID) on Windows Servers 2012. The new path uses “tsql” instead of “sql” that has been in all previous versions.
Use this string in the “Server name” field of the “Connect to Server” dialog of the Microsoft SQL Server Management Studio program: