Rapid Networks Technotes blog



How to set configure time sync on Windows AD Server.
     Friday, January 19, 2024

Annoyingly, there is no GUI method for this, but you can use Powershell:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\w32time\Parameters" -Name "NtpServer" -Value "time.google.com,0x8"

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\w32time\Parameters" -Name "Type" -Value "NTP"

Restart-Service w32Time

w32tm /resync

w32tm /query /source

w32tm /query /status


How to set interface IP on Cisco CBS350 switches.
     Friday, January 19, 2024

Annoyingly, it's not possible to set the management IP address using the GUI. Instructions to set it using SSH are on Cisco's website, here.


How to reset local account passwords Windows 10/11.
     Friday, January 5, 2024

If you can access the Windows System32 folder, you can rename the utilman.exe then copy the cmd.exe as utilman.exe. Then boot, click the "acessibility" icon, which will launch the command prompt, from which you can simply reset the account passwords. Details here.


Emergency shut down for Windows
     Wednesday, December 27, 2023

Today, I had to shut down a whole bunch of servers due to a power outage. The UPSes to which they were connected were already significantly drained. I was able to get some of the servers shut down, but a couple (naturally) thought this would be a terrific time to install a whole bunch of updates, and so they crashed while in the middle of updating. I researched emergency shutdown options that will enable us to shut down servers and override the option to install updates. Apparently it can be done with the following command-line command:

shutdown -s -t 0 -f


Cisco CBS switches: How to set management interface IP
     Sunday, December 16, 2023

For some reason, Cisco still hasn't fixed the problem in these switches that does not allow the management IP address to be set with the GUI. First you have to go in under security, TCP/IP Services, and enable SSH. Then you have to SSH in and use these commands to set the IP address.


M365 in 2023: How to whitelist, enable/disable MFA and enable forwarding to external addresses
     Saturday, July 22, 2023

MS keeps changing how to accomplish tasks in the M365 Admin tools. For all three of these tasks, you need to be signed in to the tenant directly (delegated admin won't work).

How to whitelist in 2023
- Exchange admin center
- mail flow --> rules --> add transport rule
- in rule settings, specify domain name, "do the following" modify the message properties to set the spam confidence level to -1
- be sure to enable the rule

How to enable/disable MFA
- Azure/Entra admin center
- users --> all users  --> per-user MFA (on top toolbar, which may be under  . . . if the toolbar isn't long enough to display it)
- that will bring up the old familiar page listing all user accounts, showing their MFA status, and allowing you - to change that status

How to enable forwarding to external email addresses
- Security (aka Defender) admin center
- Email & collaboration > Policies & rules > Threat policies > Anti-spam policies
- click on Anti-spam outbound policy (Default), click button "edit protection settings"
- under Forwarding rules, Automatic forwarding rules, set to On - Forwarding is enabled
- click save, close


How to decrypt drive with Bitlocker using Powershell, or obtain recovery key
     Saturday, July 22, 2023

Many computers running Windows 11 Home now come from the factory with Bitlocker enabled, and the drives encrypted. This is exceptionally annoying, because the Home version of 11 doesn't officially support Bitlocker, which means there are no GUI tools to manage it. If you need to do anything with the drive (clone it, etc) you have to decrypt the drive and disable Bitlocker using Powershell. Here's how it's done:

- open Powershell as admin
- (verify status) manage-bde -status
- (decrypt and disable for specific drive letter) manage-bde -off C:
- (verify status) manage-bde -status
- once encryption reaches 0%, exit

To obtain the Bitlocker recovery key:
- in Powershell, type:  manage-bde -protectors -get C:


How to enable and use Microsoft 365 Online Archive
     Thursday, May 25, 2023

It's pretty easy to enable Online Archive, if the user has a subscription that enables it. Instructions can be found here, along with helpful info about Online Archives. The instructions boil down to, open up the settings for the user account in the Exchange web admin, go to the "Others" tab, click on "Manage mailbox archive" and enable the Online Archive.

If you need more space than the 50GB that comes with Business Standard license, or 100GB that comes with the E3 license, you can enable the "auto-expanding online archive" which is only available with E3 or higher, which automatically allows the online archive to grow up to 1500GB. Instructions on how to enable that (Powershell only) are here.

Simply enabling it doesn't make the archive policy take effect immediately, however. Apparently the archive process only runs once every seven days. If you need it to run immediately, this web page has instructions for connecting to the tenant using Powershell, and starting the "ManagedFolderAssistant," which will kick the process off immediately.


How to turn off SIP ALG on a Fortinet Fortigate firewall
     Monday, May 8, 2023

1.  Log on to your FortiGate’s console
2.  Type ‘config system session-helper’ and press enter
3.  Type ‘show’
4.  Find the entry which shows ‘set name sip’ and note the ID (it’s usually 13)
5.  Type ‘delete 13’ (or the number shown on your firewall) and then ‘end’
6.  Type ‘config system settings’
7.  Type ‘set default-voip-alg-mode kernel-helper-based’ and then ‘end’
8.  Type ‘config voip profile’ then ‘edit default’
9.  Type ‘config sip’ then ‘set status disable’
10.  Type ‘end’ then ‘end’
11.  Reboot the firewall


Enable DKIM in M365
     Friday, February 3, 2023

Sign in to M365 Defender (aka Security) portal using an account in the tenant (our delegated admin account will not work). Go to Email & Collaboration > Policies & Rules > Threat Policies > Email Authentication then double click on DKIM.



Fix LogMeIn problem with screen blanking when in remote session.
     Monday, December 26, 2022

This seems to be a frequent problem with LMI installs. The user connects to the computer remotely, clicks the button to blank the screens of the host PC, and it doesn't work. The problem seems to be related to the DPMS driver that LMI installs. I found this page from LogMeIn support, and this much better one from a user.

It boils down to executing the following command in an admin-priviliged PowerShell window:

Get-CimInstance Win32_SystemDriver -Filter "name='radpms'" | Invoke-CimMethod -MethodName Delete -Verbose

After that, reboot, try the screen blanking again, and it should work.


Fix Windows Defender Security Dashboard on upgraded Windows 11 PCs.
     Saturday, May 14, 2022

Most of the PCs I've upgraded from Windows 10 to 11 recently have all had this problem. When I have tried to open the Windows Defender Security Dashboard, I've gotten this strange little pop-up that says: "You'll need a new app to open this Windowsdefender link." Of course, the message is incorrect, becasue the Defender app is installed and running perfectly normally, but it's unable to open because something is glitched. Luckily - there's an easy fix. Run PowerShell as admin, and enter this command: Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage


Microsoft remote server administration tools
     Monday, April 4, 2022

This is the tools package required to allow users to run AD U&C directly on their own PCs, without needing to remote in to the AD server.


How to use a local account during initial setup of Windows 11 Home
** also, how to complete initial setup without an Internet connection
     Thursday, November 11, 2021

This is annoying as shit, but here goes - I got this from this web page.

- Go through inital setup until you get to the "Let's connect you to a network" screen.
- Press Shift + F10 to open command prompt window
- Type taskmgr, hit enter

- Go through list of running tasks until you find "Network Connection Flow"
- End that task


That will skip you right past the "Let's connect you to a network" screen, and you can complete the setup normally, without the onerous requirement of signing in to a Microsoft account!

**Alternate option** As of 08-2023, the procedure listed above no longer works, as best I can determine, because there's no longer a process called "Network Connection Flow." So instead, follow these steps:

- Go through inital setup until you get to the "Let's connect you to a network" screen.
- Press Shift + F10 to open command prompt window
- type oobe \bypassnro
- the computer is supposed to restart, and as you go through the setup process next time, you will now have the option for "I don't have Internet"



How to connect Synology NAS to Azure Active Directory
     Thursday, August 12, 2021

Here's a link to instructions on Synology's website.


Definitions of some DHCP options
     Thursday, August 12, 2021

DHCP Option 66 is provisioning server IP address (as for VOIP phone)
DHCP Option 132 is VLAN number (used for VOIP phones, especially Yealink)


How to configure SSIDs for Fortinet FortiAPs.
     Sunday, August 1, 2021

For whatever reason, I find this process incredibly non-intuitive! So here are the key steps:

- You must first create the SSID(s) using traffic mode "Bridge"
- Then edit the default FortiAP profile, change the SSIDs of both radios to manual and then add the SSIDs you want them to use.
- Also, in the SSID settingm you may want to disable broadcast suppression, if the Fortigate is not the DHCP server.



How to configure OpenVPN server on Cisco RV160, using self-signed certificate.
     Thursday, July 1, 2021

Cisco RV160 and 160w routers have the ability to act as OpenVPN endpoints, which is great, but it's not at all obvious how to configure them without purchasing an SSL certificate. This set of instructions from Cisco shows how to do that. By the way, one thing the instructions don't mention is that when you're looking for the new self-signed CA in the list, it'll be at the very bottom.


Bluetooth mouse going to sleep any time it stops moving.
     Tuesday, May 25, 2021

I got a new laptop, and I got a new Microsoft Bluetooth mouse for it. It connected easily enough, but when I started using it, I noticed that after any slight pause, the mouse (or the Bt radio, or something) seemed to fall asleep whenever I wasn't actively moving the mouse cursor. So there would be a brief delay where I first had to move the mouse to wake everything up, and only then could I resume normal mousing. It was INCREDIBLY annoying. I finally found a setting that would fix it. Under the "Power Plan" in the Control Panel, you click on "Change Advanced Power settings." That dialog box has an option called "USB Settings" and beneath it, "USB selective suspend setting." Disabling that option fixes this annoying behavior.

But naturally, there was a problem. When I looked in the Advanced power settings, there was no "USB Settings." I had to take the advice of this web page to edit the registry to force Windows 10 to show me the missing settings.



FortiAPs not coming back online after upgrading firewalls to OS 7.
     Monday, April 19, 2021

FortiOS 7 by default will disable support for older devices using less secure encryption methods. This means that some APs, including the 221Es that we commonly use, won't be allowed to come back online after an upgrade. To re-enable them, follow the steps laid out in this support document.


How to view/clear status for users flagged as "risky" by Azure AD.
     Friday, April 16, 2021

This is new to me, but Azure AD evidently has some reasons for which it will flag certain user accounts as "risky." The only bad effect of this I have seen so far is one user not being allowed to access SharePoint hosted on another companies tenant account. To find the list of "risky" users, sign in to Azure, then go to Security, and see "Risky Users" in the list of options on the left. It also lists "Risky sign-ins, and Risk detections. When you view the list of risky users, you can confirm that flag, or clear it.


How to deactivate MFA method on M365.
     Friday, April 16, 2021

If a user can no longer use a specific phone number to authenticate, or if for any other reason, you need to deactivate a MFA method, you need to log in with an authorized account to access Azure AD, and follow the steps in this document, which will also prep the Azure AD account to configure a new MFA method.


Several fixes for Outlook repeatedly asking for M365 credentials; also for Outlook not asking at all.
     Sunday, October 4, 2020

These types of problems just keep cropping up. So here are some suggested methods for troubleshooting.

- Run Credential Manager (inWindows Control Panel), and if your account is listed ensure that it's correct.
        If not correct, fix it.
        If correct, try deleting it, reboot and log into Outlook.

- Logging-in into Web Outlook might sometimes show an existing problem such as the need to change the password.

- Start Outlook in safe mode by running Outlook.exe /safe and enter the ids if asked.

- Unlink the Microsoft Account from Outlook

- Disable Modern Authentication in regedit: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity, create a DWORD item named EnableADAL and set it to zero.
Under the same registry key, create a DWORD item named DisableADALatopWAMOverride and set it to 1.

See Microsoft article.


How to access Microsoft 365 App passwords.
     Wednesday, August 19, 2020

For some reason, Microsoft keeps moving this arround, and they will probably continue to do so, but at least for today, here is how you can access M365 app passwords:

- sign in to M365
- click your initials in the top right of the page
- select My Account
- click on Settings & Privacy on the left
- click on Privacy on the right side of that page
- click on the new option, "Office Apps" that now shows up on the left side
- click on Security & Privacy on the left
- click on Additional Security Verification on the right
- click on "create and manage app passwords"

It's completely ridiculous that it takes this many steps to get to something so basic!

Alternatively, here is the web page directly.


Instructions for configuring Fortinet firewalls for dual-WAN failover.
     Tuesday, June 16, 2020

The old-style help article is here, and the new "cookbook recipe" is here.


Fortinet SSL-VPNs have 8-hour timeouts by default. It's easy to change that to either up to 3 days, or zero, which disables the timeout entirely.
     Tuesday, June 16, 2020

The brief article is here, but the command and syntax is:

In config vpn ssl settings

set auth-timeout <auth_seconds>


The default time setting is 28,800 (8 hours).  The value can be set in the range 10 to 259,200 seconds (3 days).

A value of 0 can be used to indicate no timeout.



How to enable Fortinet SSL-VPN users to access subnets on the other side of IPSEC site-to-site VPN tunnels.
     Friday, May 1, 2020

There's a great "cookbook" article here, explaining exactly how to accomplish this.


Fortinet Virtual Domains.
     Saturday, April 18, 2020

For some reason, Fortinet firewalls are unable to add more than 27 VPN users unless you enable virtual Domains on that firewall. Here's an article with an overview of what Virtual Domains are. Here's one that shows how to enable them, and another that shows how to update the maximum allowed number of VPN users. The thing that I don't understand is taht you don't need to split the users between virtual domains - once you have enabled virtual domains, you can simply increase the total number of users to whatever number you like.


Windows Group Policy help.
     Saturday, April 18, 2020

Seems like I can never remember where inside the ginormous Group Policy Editor to find Drive Mappings, so here's a link for that.

Also, the command to force a PC to update the Group Policy is GPUPDATE /FORCE



How to enable MFA for Office 365 tenant.
     Wednesday, March 4, 2020

There's a couple of steps involved in enabling MFA for O365, and it's not always easy to find the relevent documentation. So here they are:

Step 1: Connect powershell to your O365 tenant.
Step 2: Enable Modern Authentication.
Step 3: Enable MFA.

And then if users need guidance for how to use the Microsoft Authenticator app with O365, there's a helpful page here that explains.


Trick to get Fujitsu scanner working with ScandAll Pro and Windows 10.
     Tuesday, February 11, 2020

The Fujitsu fi-series of sheet-fed scanners are great, but their website and documentation leave a lot to be desired. For Windows 10, they have a new TWAIN driver, called PaperStream IP. It isn't even listed on the drivers page with the scanners, you have to go here to get it. Then, if you are using their ScandAll Pro software (which must be version 2.0 or higher to function with Windows 10), you MUST use the 32-bit version of the PaperStream IP TWAIN driver, regardless of the bitness of the OS. Also, you can't just download the ScandAll Pro software - you have to have the original CD that shipped with the scanner, and install that and then upgrade it to the latest version.


Steps required to remove an offline file sync partnership that can't be removed.
     Monday, February 10, 2020

The little built-in Windows utility "offline files" and sync center can come in handy, but if the server share you are syncing goes away (as with a file server upgrade, for example), there's no easy way to remove that sync partnership. Luckily, someone posted these steps that get the job done.


Handy web page from Dell, helping to determine what Dell soundbars are compatible with what Dell monitors.
     Tuesday, January 28, 2020

Web page here.


Stop adware pop-ups originating from Chrome that are not extensions.
     Monday, January 20, 2020

I've seen this a few times in the past, but I just came across the fix for it. I had a client's PC that was generating troubleshome adware pop-ups, but I was unable to find the source. It turned out to be not an executable that was running, nor an installed malicious extension, but a simple "notification" that the user had been tricked into accepting. The problem is, there is no easy way to find the list of accepted or allowed notifications within Chrome. You have to simply know the correct URL to enter, which is chrome://settings/content/notifications  Once there, simply block or remove the malicious notifications from the list.


Fix eternal "device setup in progress" status on printers in Windows 10.
     Thursday, November 7, 2019

Over the past two weeks I have come across several PCs that weren't able to print or have new printers installed on them. All of them showed "device setup in progress" as the status of the new printer object. Finally today I found this website that explains the cause, and provides a fix.

The problem is caused when Windows tries to download a custom printer icon from some Microsoft server. If that server is not available, the printer install process just stops forever. You would think Microsoft would have built in a simple time-out, so that if the OS isn't able to download the icon in a reasonable amount of time, it would simply complete installing the printer without the icon, which is functionally utterly supurfluous. But no, Microsoft simply assumed that their server would avways be available, that the process would always work flawlessly, and didn't bother to create a timeout.

Luckily, there's a simple registry entry that can fix the problem:

Go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata

And edit the key named: PreventDeviceMetadataFromNetwork

Set the value to 1, reboot the PC, and the problem will vanish!


How to determine the version of Windows 10 on a USB install disk.
     Tuesday, November 5, 2019

With all of the different versions of Windows 10, it's tough to keep track of what version is on a USB installer disk. Here's how you find out.

1. Mount the USB drive on your computer, note the drive letter
2. Open an elevated command prompt
3. Enter this command string (and substitute your drive letter for the K):
 
dism /Get-WimInfo /WimFile:K:\sources\Boot.wim /index:1
4. Note the version (example: 10.0.17763)
5. Go to this web page, which lists all of the versions by name and number.

Problem with very large mailboxes in Outlook 2019 & 365.
     Monday, September 16, 2019

I just encountered this problem with a user with a 73 GB mailbox. We had previously increased the size his mailbox was allowed to grow to, by changing his Office 365 subscription. But Outlook 2019 & 365 still have a default (and possibly hard-coded) limit of 50 GB. Even worse - Outlook doesn't throw any errors  or warnings when the OST file hits this size - it just stops downloading emails.
I found this aticle that claims to have a registry key that overrides the limit, but when I looked in the registry, the OST key where it says to create the new entries didn't exist. I created it, but I have yet to discover if the setings actually took effect.
My interim solution was to limit the OST file size by only syncing three years of emails, rather than everything. 


Bug in Cisco SGx50 switches - unable to use GUI to set static IP of switch.
     Wednesday, September 11, 2019

Just came across this while trying to set a static IP on a brand new SG250 for management purposes. Highly annoying, but luckily I found this article on the Cisco website explaining the problem and providing a work-around.


Interesting & annoying VPN glitch with Windows 10 ver 1903.
     Thursday, August 29, 2019

Some users began reporting that they are unable to connect to a RRAS VPN. It happened simultaneously for a bunch of users, and we happened to notice that all of their laptops had recently upgraded to 1903. It turned out not to be a networkng issue, but simply that the VPN client is unable to raise a dialog box asking for credentials when invoked from the system tray. If the users go into setting, then to Networking, then to VPN, and click conenct on the VPN listed there, it works fine.

But that is a lot of clicks to ask someone to do every time they want to connect/disconnect their VPN. I discovered a better way. If you create a desktop shortcut to rasphone.exe, it brings up a nice simple window that enables the user to connect/disconnect VPNs. Beautiful solution - problem solved!



Cool method to confirm what user account a PC is using to attach to a nework device (server, NAS).
     Sunday, August 24, 2019

C:> wmic netuse where localname="Z:" get username /value

I've also been using this command to get the serial number of a PC:

C:> wmic bios get serialnumber


Excellent article from the WSJ, pointing out that most people don't need Internet conenctions faster than 100 Mbps.
     Friday, August 23, 2019

Article Link


New Wifi numerical designations.
     Friday, May 10, 2019




Nifty free tool to tweak security settings in IIS.
     Sunday, January 27, 2019

Nartac Software provides a free tool called IIS Crypto that enables easy setting of a host of security features on IIS.


Problem with HPE servers erroneously reporting "overheated" hard drives.
     Thursday, September 6, 2018

I ran into this with a Proliant ML110 Gen10 server, with a SFF drive bay. I used Seagate "Firecuda" 2.5" 2 TB hybrid drives. They functioned just fine, but the HPE BIOS sees two of them (why only two, rather than all three?) as reporting overheated status. So it runs the case fan at full blast, all the time. I searched everywhere looking for an explanation or a fix, until I found this web page that explains the problem, and tracks the affected drives. There's no fix, but at least I understand the problem clearly, and know that there is nothing to be done - either accept the loud fans, or buy much more expensive drives.


Enable Windows Hello on Domain-joined PCs.
     Thursday, August 2, 2018

For some reason, the option to enable Windows Hello is greyed-out and unavailable on domain-joined PCs. To re-enable it, go to the following location in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

and add the following key: AllowDomainPINLogon DWORD 00000001


How to remove User Profiles in Windows 10.
     Thursday, April 19, 2018

Run sysdm.cpl, go to the Advanced tab, click Settings in the User Profiles section.


Rebuild malfunctioning Start Menu in Windows 10.
     Thursday, April 12, 2018

There are several different ways the Start Menu can get messed up in Widows 10. One fix is to reload all of the Windows 10 Apps. Open a PowerShell window with elevated priviliges, and enter this command:

Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} 


SMB1 disabled in Windows 10 Fall Creators Update/Build 1709.
     Monday, December 18, 2017

If a copier or printer is unable to send scanned files to a network share on a Windows 10 PC, it could be that it is using SMB1, which is no longer available. This change is discussed in this document from Microsoft. The change also afects Windows Server 2016. Luckily, it's fairly easy to re-enable SMB1. Just follow the instructions here. Skip over the first part of the article, which explains how to disable SMB2 and SMB3.

Fix for Outlook not displaying images in emails.
     Wednesday, November 15, 2017

The first thing to try, obviously, is to go into Trust Center Settings and uncheck "Don't download pictures automatically . . ." in the Automatic Download section.
But if that doesn't work, the next thing to try is moving the Internet Explorer Temporary Internet Files folder. Open Internet Options from Control Panel or IE, and on the General tab, Browsing History section, click the settings button, and then the Move Folder . . . button. You'll have to log out and back in, and that should fix the problem.

 Reset a password in Windows 10 using a flash boot disk.
     Friday, May 5, 2017

Just follow the steps here. Alternatively, spend about $30 for either PC Unlocker, or Windows Password Unlocker.

  How to set a reliable time source on a Windows 2016 Server.
     Monday, May 1, 2017

W32tm /config /update /manualpeerlist:pool.ntp.org /syncfromflags:manual
then
W32tm /resync

If you want to, you can create a batch script with that second command, and set it to run every 4 hours or so, indefinitely. That will keep the server in sync forever (or until someone changes the password for the account you are using to run the scheduled task).


 How to repair Windows 10 broken start menu and missing Edge.
     Monday, March 7, 2016

I recently had a user whose Start menu broke in Windows 10. Every time she clicked it, she got a dialog box that stated "Critical Error - Your Start menu isn't working. We'll try to fix it the next time you sign in." The only option on the dialog box  was a button to sign out. But signing out or restarting never fixed it. Some people online reported that starting in Safe Mode, shutting down then going back into regular mode fixed it, but not for this particular user. Here are a couple of other methods to try. Eventually we discovered that uninstalling the Dropbox application fixed the problem. But then we noticed that her Edge browser was missing. So we had to follow the steps on this web page to reinstall it.

 How to repair Windows 8 boot process for installs using UEFI BIOS.
     Tuesday, February 16, 2016

For machines that somehow have their boot files damaged, there are plenty of instructions online explaining how to repair them. But they all refer to a c:\boot folder. I ran into a laptop which didn't have that folder at all. Turns out that is a sign that the OS is booting from a UEFI BIOS, and there is a separate (very similar, but a bit longer) list of steps for how to repair those types of Windows installs. The best one I found here. The steps go like this - after booting using Windows 8 boot media, and getting into a command prompt:

  • diskpart (opens Disk Partitioning tool)
  • select disk 0
  • list volume (please note the number of the volume that has no drive letter assigned and has FAT32 listed in Fs column, usually the only FAT32 volume/partition)
  • select volume <the number of 100-500 MB FAT32 volume with no drive letter, or with label ESP, EFI or SYSTEM>
  • assign letter=Z: (gives drive letter Z: to EFI System Partition)
  • exit (closes Disk Partitioning tool)
  • cd /d Z:\EFI\Microsoft\Boot\ (changes current folder in Command Prompt window)
  • attrib Z:\EFI\Microsoft\Boot\BCD -h -r -s (removes hidden, read-only and system attributes from BCD folder)
  • ren Z:\EFI\Microsoft\Boot\BCD BCD.old (renames BCD folder to BCD.old)
  • bootrec /rebuildbcd (retries the rebuild)

Now, in the Add installation to boot list line, type A and press ENTER. The new BCD is ready, close Command Prompt and restart your computer.

 How to Activate Windows 10, when it doesn't do so automatically after an upgrade.
     Monday, February 1, 2016

For some reason, I had an upgraded copy of Windows 10 fail to activate. The fix was to run SLUI 3from the Run box, which allowed me to re-enter the Windows 7 product key. Once entered Windows 10 was able to activate itself successfully.

 Effective method for deleting and removing pesky files and folders that refuse to be deleted.
     Sunday, January 31, 2016

This is a great one.
First, open a Command window, and go to the directory containing the file or folder that won't delete.
Next, use dir/x to display the file or folder's 8.3/DOS style name.
Finally, delete it using del or rd and the 8.3 file/folder name.

Extremely simple, but it has worked for me every time I have tried it.

 Simplest method yet for configuring Autodiscover with Exchange 2010/2013.
     Saturday, January 16, 2016

This is by far the easiest method I have yet found for configuring Autodiscover. Not only is it incredibly easy, it also avoids having to use SAN (Subject Alternate Name) SSL certificates. Basically, just create a SRV record for the domain, pointing to the apropriate server. Awesome article.

If you need to update a DNS server for a domain where the email is hosted on Office365, the SRV record needs to point to autodiscover.outlook.com. At least, that is the best I've been able to find.

Here is another web page that discusses multiple methods, including two that are particularly helpful.

One is a method for placing an autodiscover.xml file on a PC, and configuring the registry to tell Outlook to look at that file to enable autodiscover. This is helpful when you have no access to a domain's DNS servers, or file structure of their website.

The second is instructions for placing that same XML file into an autodiscover subdirectory of the website.

 How to fix it when users are unable to launch Windows Update because it has been disabled by the network administrator.
     Thursday, January 14, 2016

This is caused by some domain-level policies. I've mostly seen it on Windows SBS servers. Anyway, here's a great article on how to get around it.

 Enable Bitlocker in Windows 8 on a machine without a TPM.
     Thursday, January 14, 2016

Microsoft Bitlocker encryption is a terrific way to achieve whole-disk encryption, though it is only available on Professional-level operating systems. Another problem is that by default, it can only be activated on systems with a TPM chip. Luckily, there is a simple registry entry or Group Policy entry that will enable it even without the TPM. Here's the article with the details.

 Outlook may suddenly start only in Safe Mode.
     Thursday, January 14, 2016

This problem started in early December, 2015, and is caused by a Microsoft Windows Update - KB3114409. You can fix it either by uninstalling the KB, or by creating a registry entry that disables Safe Mode fo Outlook entirely. Here is a very good article, explaining the registry key.

 How to uninstall LogMeIn on a Mac.
     Thursday, January 14, 2016

Regular Uninstall  -  Manual uninstall

 Outlook suddenly starts returning search results starting with the oldest emails first.
     
Thursday, January 14, 2016

One user had this problem, and then it reoccurred a few months later. Suddenly when they were searching from the search box in Outlook 2010 (on a Windows 7 Pro laptop), their search results were listed from the oldest email in their folder first. Because of this, searches were taking a very long time to complete, since the emails they were looking for were usually the most recent, not the oldest.

It took me a while to pin this down, but basically, if Windows 7 search feature is not functioing properly, Outlook reverts to its own built-in search, which has this unfortunate behavior. In this case, the Indexing Service had become disabled, and I had to go into the list of Windows Components and reactivate it. Once that was done, restarting Outlook returned it to its previous search behavior. BTW, the other component of WIndows 7 search is simply called Windows Search.

 Microsoft Office 2016 can't co-exist with 2013 products.
     
Monday, October 19, 2015

Microsoft has helpfully made everyone's life more difficult by making Office 2016 utterly unable to co-exist on the same machine as any 2013 versions of any stand-alone Office product - such as Project 2013. They are addressing this by providing free upgrades of the stand-alone products to their 2016 versions. The full explanation is here.

Basically, you need to go to the Microsoft Answer Desk website, log in, click Contact Us, then Accounts and Billing, which will open a new window where you can enter your phone number, and someone from India will call you back. After you  explain the problem to them, they will de-activate the 2013 version of the product from your account, and send you an email where you can click a link to redeem a free copy of the 2016 product.

 Cloning a disk (as from a HDD to an SDD) causes Quickbooks to fail.
     
Tuesday, August 18, 2015

For some reason, cloning a HDD will crash Quickbooks. The error it typically throws is Error 3371, status code 11118. Luckily, there is an easy fix. Just find and delete the EntitlementDataStore.ecml file, located in c:\ProgramData\Intuit\Entitlement Client\v<your version number>

Then  start QB, and it will run normally - though you will have to re-register it, so you'll need the key codes.
Thanks to this article at ComputingonDemand.com

 Why nobody uses email encryption.
     
Friday, July 3, 2015

Interesting article on How-To Geek. Boils down to "it's a difficult pain in the a**."

 "Get Windows 10" system tray icon. What is it, where does it come from, when does it not appear, and how to remove it.
     
Thursday, June 11, 2015

Excellent article discussing all aspects of the "Get Windows 10" icon on How to Geek.

 Tightening security/encryption methods for RDP on Windows Servers.
     
Tuesday, May 12, 2015

Turns out there is a fairly gaping security hole in the default security settings of RDP. It's fixable by using SSL encryption using a self-generated or purchased SSL certificate.
This helpful page explains the origins of the problem, as well as how to fix it on 2003 and 2008 servers.
2012 servers, of course, are a somewhat different story. if they are DCs, you can just use the RDS  Session Host configuration tool, but if they are not, the tool is MIA, and you  have to either edit the registry or use a Group Policy (gpedit.msc). Either way, this page explains the changes that need to be made.  That page is actually a reference for Server 2008 R2, but it seems to work for Server 2012 as well.

 How to swap between Public and Private networks in Windows 8.1.
     
Wednesday, March 18, 2015

In Windows 7, you could go into the "Network and Sharing Center," and the network type was helpfully linked. You could just click on it and choose what type of network you were actually conencted to, if it was showing the wrong thing. as much as I like Windows 8, it no longer has that link. Instead, you have to go to Change PC settings, in the Modern style control panel-ish area, and from there, choose Network, and then click on the network you are connected to. Once there, you can set "Find Devices and Content" to "On" for private networks, or "Off" for public networks.

Check out this page for more detailed instructions.

 Windows BCD-related boot errors in Windows 7 or 8.
     
Tuesday, March 10, 2015

In the Windows world, BCD does not mean Buoyancy Control Device. It means Boot Configuration Data. It replaces the venerable boot.ini file of Windows versions past. If the BCD gets corrupted, it is usually fairly easy to repair, but it requires booting from Windows installer boot media, getting into the command prompt, and running a few simple commands. This page lays out the process pretty clearly, including the exact syntax of the necessary commands. In case you need assistance navigating to the Advanced Startup Options in Windows 8 or 8.1, this page lays out that process.

 Intuit Sync Manager is NOT a backup application!
     
Tuesday, March 10, 2015

As this page clearly states, the Intuit sync program keeps a copy of the Quickbooks company file up to date on Intuit's servers. But this is only so that third-party or web-based programs can access it. It is NOT possible to restore your company file from the copy on Intuit's servers. Therefore, you cannot rely on this app for backing up your company file.

 Windows 8 install media - easy download
     
Friday, March 6, 2015

Microsoft finally has an easy downloader tool for ISO images of current versions of Windows. How convenient!

 How to export mailboxes from Exchange 2010 (ExMerge doesn't work anymore)
     
Wednesday, January 28, 2015

Good old ExMerge won't work on Exchange 2010. Instead, use the PowerShell Cmdlet New-MailboxExportRequest, as detailed on this web page.

 A tool for determining which public DNS server has the best performance
     
Thursday, January 22, 2015

The tool is called NameBench. It would only be needed in some very specific circumstances, but if you are in those circumstances, it could be just what you need.

 Windows 8/8.1 Modern apps fail to run
     
Thursday, December 11, 2014

I just encountered this - whenever I ran a Modern App, it would just appear minimized to  an icon on the taskbar in the Desktop mode. Here is the fix: (For me, the key step was C)

A.) Fixing the app store:
Open registry editor typing regedit.exe from a command line.

Browse to the registry key at HKEY_CURRENT_USER\Software\Classes\Local Settings\software\microsoft\windows\currentversion\appmodel\repository\packages.

Right click on the “packages” key and bring up the “Permissions” tab.

Click the “Advanced” button located at the bottom right corner.

Check to see the account name that shows up as the “Owner” (this is the first line of text on the “advanced security settings” dialog for the “packages” key). It should say “SYSTEM”.  (For me this showed the built-in local Administrators group)
If it is any other account, click on the “Change” button next to it.

Type SYSTEM in the “select user” dialog. If “Multiple Names Found” window comes up, select the row for “SYSTEM”.

Click OK to the dialogs and close them all.

Run from admin command prompt:     Powershell -ExecutionPolicy Unrestricted Add-AppxPackage -DisableDevelopmentMode -Register $Env:SystemRoot\WinStore\AppxManifest.xml

B.) Fixing all modern apps:
Run from admin PowerShell:
((Get-ChildItem "HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications") | Get-ItemProperty).Path | Add-AppxPackage -Register -DisableDevelopmentMode
    * When I ran this the black X persisted until after the next step and reboot.  But trying to start an app gives me a new message and a link to the store.

C.) Fixing 3rd party apps:
Delete the regkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\[UserSID] 
          You can find your SID by going to an elevated command prompt and typing
                        wmic useraccount get name,sid

D.) Restart.  After a reboot the apps still showed the black X for a minute or so, but it soon cleared up on its own and all apps seemed to be working again.  I was also able to update the apps from the app store once signing in with a Microsoft account.  Finally, I am again able to get into PC Settings.

 Windows Update fails with Error 80072EFD
     
Thursday, November 20, 2014

Apparently there are many reasons why WU might fail with this error, but one cause is that WU is configured to get its updates via WSUS. To fix that:

1. Click Start > Run > type “regedit” without the quotes, and accept the UAC prompt to continue
2. Navigate to HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate
3. Look at the keys in that folder, if they look something like this:
               “WUServer”=http://srv_name:8530
               “WUStatusServer”=http://srv_name:8530
     If those entries are listed under that folder, backup then delete the WindowsUpdate folder
          A. Right-click on the folder and select “export” to save.
          B. Delete the “WindowsUpdate” key from the registry at
              HKLM\Software\Policies\Microsoft\Windows.
4. Restart the Windows Update service. (located in Start > Run > type “services.msc” without quotes)

 Links to download all versions of Internet Explorer
     
Friday, November 14, 2014

It's downright impossible to find a simple link to IE 10 when Microsoft is flogging IE 11. Luckily, these folks made a comprehensive download page, with links to all versions of IE.

 Configuring Windows for Quickbooks multi-user
     
Wednesday, October 22, 2014

Here are some links to documentation on Intuit's website with instructions on configuring Windows for QB multi-user.

     - Configuration oveview 
     -  Firewall settings

 Exchange 2010 OWA email attachment size issues
     
Wednesday, September 24, 2014

By default, Exchange sets a size limit for emails (and so really for attachments, since emails without attachments are of negligible size) of 20 MB. That is set for all users, regardless of how they are accessing their mailboxes (Outlook, smartphone, tablet, OWA). I have always just removed the limitation entirely. But I've been puzzled for years about why servers configured like that still had persistent 5 MB limits for users accessing their mailboxes through OWA.

And I finally discovered the answer. Evidently, OWA can't handle the unlimited size setting, and defaults to 5 MB. The fix is to just set an arbitrarily large file size (100 MB, 200 MB, etc), and OWA will handle it correctly.

Unfortunately, solving that problem just revealed a new one. For computers where Silverlight is installed, there is a known bug in Silverlight/OWA that prevents users from attaching files larger than 25 MB to emails. This is totally independent of any server-side settings. I have tested this, and verified the limitation. I have not tested from a PC without Silverlight, but evidently in that case, the server-side setting prevails, allowing attachments of much larger than 25 MB.

 Easy hack to reset local passwords on Win7 and Win8
     
Sunday, August 10, 2014

Story here, more explanation to follow.

 User's shortcuts to server dissappearing from desktop
     
Tuesday, August 5, 2014

I had a user who had a bunch of shortcuts leading to network drive locations. Periodically (every couple of weeks), these icons would dissappear. When I looked into it, I found that Windows 7 and 8 include something called  "System maintenance Troubleshooter" which automatically performs such unimportant tasks as:
     - deleting broken shortcuts (when there are 4 or more broken ones on the desktop)
     - frees up disk space by deleting logs older than 1 month
     - sets the system time by synchronizing with a time source
     - deletes any icons on the desktop that have been unused for 3 months
     - runs checkdisk

To stop this thing from running, open the control panel, and type trouble into the search box. Then click the Troubleshooting link.  Click the Change Settings link on the left, and set Computer Maintenance to "Off" click OK at the bottom, and good riddance!

 How to remove disconnected mailboxes from Exchange 2010
     
Monday, July 21, 2014

Microsoft thoughtfully removed the purge command from the GUI. Instructions here. Microsoft's instructions here.

 Don't forget to enable Outlook Anywhere in new Exchange installs.
     
Monday, July 21, 2014

Turns out Outlook Anywhere is different from RPC over HTTP, and it is (bizarrely), not enabled by default. It's simple to enable it, but you have to remember to do so. Instructions here.

 Problem where Outlook 2013 would not connect to Exchange server
     
Monday, July 21, 2014

Ran into this problem where Outlook 2013 suddenly refused to connect to an Exchange 2010 server. The fix I finally found was to revert office to a previous version. Since Office 2013 uses the new click-to-run, the procedure was unfamiliar. Here it is. Also, here is a list of the versions of Office 2013 click-to-run.

 I recently found this handy list of MS Exchange versions
     
Monday, July 21, 2014

Exchange Versions, Builds and Dates

 Java apps blocked from running in Internet Explorer - "Application Blocked by Security Settings"
     
Wednesday, June 18, 2014

If you ever see this prompt, it is extremely difficult to know exactly what is blocking the app from running, and where you would go to change the setting to enable it to run.

If you look in the IE settings, and add the website to the list of trusted sites, and loosen every possible restriction, the error will still come up.

As it turns out, it is coming from Java itself, and to fix the problem, you need to go into the Java control panel, to the security tab, and change the setting down to  medium. Then you will still get a lot of prompts with security warnings, but at least you will be able to choose to allow the app to run.

Here is the explanation from Java.com.

 Exchange bug enables users to continue using their email account for up to 6 hours after their password is changed to deny them access.
     
Monday, June 2, 2014

I just learned about this bug, when the network administrator at one of my clients changed the password of an employee who was being let go. Despite the password change, that user continued to have full access to her mailbox, and sent several irate emails. We were totally perplexed, until we found this article, that explains what had happened.

The upshot is that it affects all recent versions of Exchange (2003, 2007, 2010), and the best or only way to ensure that a user is disconnected is to open a command window, and run IISReset immediately after changing the user's password.

 Fascinating article about "Tech support scammers." Beware of sponsored search results that look like they are listing support numbers for well-know software companies.
     
Thursday, May 22, 2014

Inside the US government's war on tech support scammers - on Ars Technica.

 LenovoEMC Storage Manager (discovery.exe) software floods network, causes lag, dropped packets, complete network connectivity failure.
     
Wednesday, May 7, 2014

Evidently, Lenovo laptops now come preloaded with network discovery software for LenovoEMC(formerly Iomega) NAS devices – called Storage Manager. The executable is discovery.exe. Even if you don’t activate this software, it floods huge amounts of broadcast traffic whenever connected to a network. By huge amounts, I mean at least 2.5 MB/sec. Evidently, it is just horrible coding, and all it is doing is searching for NAS boxes, though evidently it is searching every possible IP address.

Here is a link to a brief, understated mention on Lenovo’s support site.
Here is a link to a much better page, with many people chiming in that this has caused problems for them, and a couple of more detailed explanations and flames.

The fix is just to uninstall the application, which won’t cause any problems for you unless you actually need to search your network for an Iomega/LenovoEMC NAS.

 When Microsoft Security Essentials (MSE) won't run properly or reinstall following a virus
     
Monday, April 7, 2014

Some of the fake "antivirus" apps that take over your computer mimic MSE, and put entries in the registry that redirect the real executables to evil executables. Even after you remove the virus, you need to go in and delete those redirects, as explained in this article.

The short version is:

  1. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Image File Execution Options
  2. Look at each subkey, they have the names of exe files. If the key contains the value Debugger, it means the particular .exe file is being redirected
  3. Delete the entire key for the .exe


 Free User Profile Migration utility
     
Sunday, April 6, 2014

Check out the free User Profile Wizards from Forensit.

 

 Windows Update Checker utility (KUC)
     
Sunday, April 6, 2014

Komm's Update Checker checks, verifies, generates reports, and installs Windows Updates.

 

 Office 365 Unlicensed Product error (red banner at top of window)
     
Monday, February 24, 2014

Office 365 has its own peculiarities, and one that I just encountered is this "Unlicensed Product error." As with most problems, the solution is laughably simple, but finding the fix is difficult.

Thanks to techwiki for this fix:

After a period of time (Sometimes a password change sets it off) Your user might get the error (Unlicensed Product) in the banner when opening an Office product like Word or Outlook.

There are two different fixes, one for Office 2010 & another for Office 2013.
You need to open a command prompt (I would elevate) and run the following.

Office 2010
32bit: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\OSAUI.exe /F
64bit: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\OSAUI.exe /F”

Office 2013:
You need to go to one of these locations first and then run the script below
32bit: C:\Program Files\Microsoft Office\Office 15\
64bit: C:\Program Files (x86)\Microsoft Office\Office15\
Now run: cscript OSPP.vbs /act

This should bring up an activation window which should show “Successful” after completing.

Also, here is a link to an MS Technet article with all the other command-line switches for the OSPP.vbs script.

 

 Set authoritative Internet time sources on Windows Server 2012
     
Tuesday, February 11, 2014

For whatever reason, Microsoft decided that with Server 2012, we can no longer use the simple NET TIME /setsntp:servername command that we used to use on Server 2003 and 2008. The manual steps are now pretty cumbersome. Luckily, Microsoft has made available a "Fix it for me" tool that you can easily download and run on Server 2012 installations that can set NTP servers to enable Internet time synchronization. I recommend pool.ntp.org or time.windows.com or tock.usno.navy.mil as time sources.

MS KB 816042 How to configure an authoritative time source for Windows Servers.

Also (for 2008 servers) you can use the W32tm command line utility. Here is the full syntax.

If all else fails, you can use this Windows time sync utility.


 
How to defeat laggy video on YouTube (also works for imdb trailers)
     
Tuesday, December 17, 2013

It's difficult to say when I started noticing it, but perhaps in 2010 or so, YouTube videos, especially high-resolution videos, stopped playing smoothly, despite my high-speed Internet connection. I finally got annoyed enough to do a little research, and found many others online complaining about the same phenomenon. Luckily, it seems that there is an easy fix. Just block out two IP ranges from your PC or network, and YouTube resumes playing smoothly. It worked like a charm for me.

The two ranges are: 173.194.55.0/24 (aka subnet mask 255.255.255.0)  and
                                   206.111.0.0/16 (aka subnet mask 255.255.0.0)
 

 How to copy autocomplete data in Outlook 2010
     
Thursday, September 5, 2013

Outlook 2010 changed how and where it stores the email autocomplete list, compared to previous versions of Outlook. I had read that it stores that data inside the PST file, but it quickly became evident that is not the case. Actually, it stores it in a file located in

 C:\Users\%username%\AppData\Local\Microsoft\Outlook\RoamCache

 the file name starts with Stream_Autocomplete and ends with .dat

In a new profile, or on a new PC, you need to send at least one email, and then close Outlook for a new autocomplete file to be created. You can then copy in the old autocomplete file, and rename it to match the new file (after renaming the new file first, of course).
 

 Group Policy and Security Policy editors
     
Monday, August 12, 2013

For some reason, I can never seem to remember the names of the Windows consoles that enable you to edit the Local Group Policy and the Local Security Policy. They are gpedit.msc and secpol.msc, respectively.


 
Change or disable Windows 8 hideous "Log Off" screen
     
Sunday, July 21, 2013

Ah yes, yet another totally unnecessary, complicated annoyance with Windows 8.

So Win 8 has a lock screen that can be set per user in the "Modern" control panel/settings app. Unfortunately, that does not change the "Log Off" screen that is displayed when a user logs off. By default, it displays a hideous green, blue and yellow drawing of Seattle. And they simply left out any method for changing it!! Finally they issued a patch that enables admins to change the picture via the Group Policy Editor (which is an annoying way to have to change a simple setting), but - and here's the fun part - Windwos 8 (Home) doesn't include the Group Policy Editor!! So the best that can be done for Windows 8 is to disable the lock screen in the registry, which also disables the log out screen. Here's the steps:

Windows 8 (Home)

Launch REGEDIT, and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization (create the Personalization key if it doesn't exist).

Click Personalization in the left-hand pane. Right-click in the right-hand pane, select New > DWORD Value, and give it the name NoLockScreen.

Double-click your new NoLockScreen value, set it to 1, click OK, and when you next reboot it the lock screen will have gone. If you decide to restore it for some reason, set NoLockScreen to 0 or delete it entirely.

Windows 8 Pro, Ultimate or Enterprise

http://support.microsoft.com/kb/2787100/en-us

 

 If you have one Exchange server, and you are using Outlook anywhere,  Outlook will complain when the public SSL certificate doesn't match the internal server name.
     
Thursday, April 11, 2013

There's a very good article here. It is discussing the problem on an Exchange 2007 server. You don't need to execute all the same commands for a 2010 server, but the ones you do need will succeed, and the ones you don't need will harmlessly fail.

Also, reference the MS Technet article. The other link is mostly clearer, but they've got slightly garbled syntax in at least two cases.

 

 Enable opportunistic TLS encryption on Exchange 2010
     
Thursday, April 11, 2013

First, you need to have a public SSL server certificate installed on your mail server.

Then, using Exchange Management Console open and click on "Server Configuration." You will see an "Exchange Certificates" tab, listing all the SSL certificates available to that server. Assign the appropriate certificate all Exchange services (especially SMTP).

Next, click on "Hub Transport" under "Server Configuration." Go into the properties of your Internet Receive Connector, and on the "Authentication" tab, check "Transport Layer Security (TLS)"

That's it! To verify, telnet to port 25 of the server, type EHLO, and look for the line that says 250-STARTTLS. If you see that, your server will opportunistically use TLS!


 
Use netstat to list which executables are using what ports
     
Monday, April 1, 2013

Open a command window, type netstat -anob


 
Handy troubleshooting tool - view smtp server manual email submission process
     
Monday, April 1, 2013

  https://www.wormly.com/test_smtp_server


 
Generate a list of mailboxes in Exchange 2010 sorted by size, and listing the size of each
     
Monday, April 1, 2013

Exchange 2010 doesn't have a GUI view where you can see the users listed with their mailbox size. Luckily you can make your own list using the Exchange Management Shell.

Get-MailboxDatabase "<insert database name>" | Get-MailboxStatistics | Sort totalitemsize -desc | ft displayname, totalitemsize, itemcount

You can always add > somefile.txt and import it into excel if you need to make something pretty for management.


 
Hide accounts from Windows 7 login screen
     
Monday, April 1, 2013

If you have a bunch of user accounts on a Windows 7 (or Vista) PC, they all display, very annoyingly, on the login screen. To hide some, or most, follow these steps:

1. Run regedit.
2. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
3. In the left panel, right click on Winlogon and lick New and click Key.
4. Type SpecialAccounts and press Enter.
5. In the left panel, right click on SpecialAccounts and click New and click Key.
6. Type UserList and press Enter.
7. In right panel of UserList, right click on a empty area and click New then click DWORD (32bit) Value.
8. Type in the name of the user account that you want to hide and press Enter. (eg: Everyday Account)
9. In the right panel, right click on the user account name and click Modify.
10. To hide the user account – Type 0 and click OK. (number zero not the letter). If you later want to unhide the account, you can do so by changing the value to 1 instead of zero.
 

 Find license keys to installed software
     
Monday, April 1, 2013

There are many tools that will help you retrieve the license keys you used to activate software installed in Windows. But the best I have found is License Crawler.


 
Encrypt email in Outlook
     
Wednesday, March 20, 2013

By installing a personal certificate (Microsoft calls it a "Digital ID"), it is possible to encrypt emails in Outlook. After installing your personal certificate, you also have to exchange certificates with anyone you want to exchange encrypted emails with. See the full instructions here. Personal certificates range from free (Comodo) to around $25 per year from most other vendors. Microsoft's list of vendors is here.


 
Configure DNS & Exchange for Outlook autodiscover process.
     
Saturday, March 16, 2013

Outlook can "autodiscover" the mail server name it is supposed to be connecting to, without the user having to enter that info, as long as both the DNS and the Exchange and IIS servers are properly configured. This article discusses all the options and configurations needed. It boils down to having an A record for autodiscover.domainname.com.


 
Grant or remove full-access permissions to a mailbox on Office 365.
     
Saturday, March 16, 2013

See the blog entry below for details on how to connect a PowerShell session to Office 365 hosted Exchange server, then read MS KB 2646504 for details and syntax.


 
Wondering how to securely and anonymously browse the web?
     
Friday, March 1, 2013

Use the TOR (The Onion Router) network to securely route your Internet traffic in untraceable ways.


 Use Gmail, and worry about the safety of your old emails?
     
Friday, March 1, 2013

Use the old program "Gmail Backup" to back it all up locally.


 Windows 8 tips
     
Friday, March 1, 2013

Windows 8 does not have a start menu. If you'd like to restore one, I recommend Stardock's $5Start8.

If you'd just like Windows 8 to start with the "Desktop" view, rather than the "Modern" Start screen, create a scheduled task. Set it to run "at log on" and set the action to "explorer"

Finally, if you're trying to figure out how to actually close a "Modern" app, just click it near the top and drag down all the way to the bottom of the screen. This "throw away" gesture will close the app.


 
Use AirPlay to/from a PC
     
Friday, March 1, 2013

Using Reflector software, you can mirror the display of your iPad or iPhone onto the screen of a PC. Using AirParrot, you can send whatever is on the display of your PC to an AppleTV.

 

 Two methods for copying iDevice data (music, etc) from the iDevice to a PC
     
Saturday, January 26, 2013

Here are two programs that enable you to copy your music & other files from an iPhone, iPad or iPod back onto a new or different computer, which you may want to do if for example your computer dies or you buy a new one. Evidently Apple thinks people never switch PCs.

 DiskAId (free)
 CopyTrans (about $20)

 

 VMware physical to virtual converter runs agonizingly slowly
     
Saturday, November 24, 2012

Version 5 of the Standalone Converter can run ridiculously slowly. Why? Because by default the Converter uses SSL encryption to encrypt all the data between the physical machine and the ESXi server. You can change that setting by editing an XML file and restarting the Converter Worker process.

Here are the steps:
     1. Open the converter-worker.xml configuration file. On a 2008 server, it is located in  C:\ProgramData\VMware\VMware vCenter Converter Standalone folder. On a 2003 server, it is located in C:\Documents and Settings\All Users\Application Data\VMware\VMware vCenter Converter Standalone\converter-worker.xml
     2. Set the key Config/nfc/useSsl to false. Save the configuration file. You can use notepad.
     3. Restart the VMware vCenter Converter Standalone Worker service

The webpage where I originally found this great tip is here.


 
Lenovo laptops choking on Windows Updates
     
Wednesday, November 7, 2012

For whatever reason, Lenovo ThinkPads seem to be choking on Microsoft KB 2647753, which is causing many other patches to fail to install. Just install that one all by itself. That should allow it to install properly, and then all the others will install okay.


 
Clicking Windows Update to find additional printer drivers in Windows 7 returns "Windows was unable to get a list of devices from Windows Update. Please try again later."
     
Friday, November 2, 2012

Windows 7 includes a lot of printer drivers, but some, particularly older drivers, do not show up in the list. When you check on the manufacturer's websites, though, they indicate that the drivers are included in Windows 7. The solution is to click on the "Windows Update" link in the add printer driver dialog window, which should give a list of every possible driver. But sometimes, you just get a message indicating that Windows Update can't get the list." In that case, here is what you do.

- stop the Windows Update Service
- find the "Software Distribution" folder in the Windows folder
- rename or delete that folder
- start the Windows Update service
- click the "Windows Update" button in the printer driver dialog box

It may take some time (several minutes, or longer with a slow Internet connection), but that should result in the full list of printer drivers.


 
Sort Gmail emails by attachment size
     
Tuesday, October 30, 2012

Gmail provides a large mailbox, but it is not infinite, and all that space can get used up. The quickest way to free up space is to sort your emails based on attachment sizes, but there is no way to do that from within Gmail. Luckily, there is www.findbigmail.com, which provides just that service for you.
 

 Exchange 2010 new server configuration
     
Saturday, March 17, 2012 and Friday, August 31, 2012

Exchange 2010 is slick in many ways, but in many others, it feels unfinished to me. At the very least, the documentation from Microsoft either sucks, or is nearly nonexistent. Here's some help and tips:

Here are great step-by-step instructions for performing a swing migration from Exchange 2003 to 2010. http://www.petenetlive.com/KB/Article/0000234.htm

And here is a great high-level overview of upgrading from Exchange 2007 to 2010.

You can use Microsoft's Remote Connectivity Analyzer to test ActiveSync, OWA and other services.

Note that Domain Admin accounts do not work with ActiveSync!!

If you need to connect with an account that is a Domain Admin, first remove it from the Domain Admins group, then follow the instructions here to be sure that the account is properly inheriting permissions to enable it to use ActiveSync.

If inbound emails are not arriving, check the Default Receive Connector (Server Configuration, Hub Transport) and make sure that Anonymous Users is checked on the Permission Groups tab.

If you get a certificate warning message after you install a legitimate certificate with the external server name on it, you can follow the instructions in MS KB 940726 to resolve that.

If Outlook clients are prompting users to authenticate, check the following:

In Internet Information Services (IIS) Manager locate the Exchange virtual directories, if you are using Small Business Server 2008 these will be under the SBS Web Applications website, if your not using SBS then they will be under the Default Website.

The virtual Directories you are looking for are:

Autodiscover
EWS
RPC
OAB

In turn highlight each of these virtual directories and double click the Authentication icon on the right hand side. Right click on Windows Authentication and select Advanced Settings. Place a check box in the box for Enable kernel-mode authentication. Do this for each virtual directory listed above.


 
Find sneaky virii
     
Monday, February 13, 2012

If you think a PC might harbor an active virus, but you can't find it, try running the command-line tool nestat -no. That will list all of the processes with unestablished connections. The one with the largest number is the likely culprit, and you can then kill it, based on it's PID. This works best when you get a TCPIP error #4226 in the System Event Log, as described in this Microsoft TechNet note.


 
Set up shared mailboxes in Office 365
     
Thursday, January 26, 2012

I really don't understand Microsoft's logic or reasoning behind this, but increasingly they are deliberately leaving their products unfinished, with no GUI for some features. One new one that I just came across is setting up shared mailboxes on Office 365 (aka Hosted Exchange). There is no way to use the web GUI to create one, you HAVE to use PowerShell. Fortunately, a kind person over at MSDN posted a blog entry helpfully showing precisely how to accomplish this.


 
Windows 7 error "The User Profile Service failed the logon"
     
Thursday, January 19, 2012

This is some weird new glitch that happens occasionally with Windows 7. Luckily, there are several fixes. Read MS KB 947215.
 

 Use DropBox with a mapped drive
     
Wednesday, January 11, 2012

Officially, it is not possible to use DropBox with a mapped drive, but if you follow these instructions, you can do it.

1) Choose a still available drive letter you would use to map to a network path. For example, we could refer to \\SERVER\SHARE with the drive letter H. Don’t enforce the mapping yet, just choose the drive letter for now. If the network path is already assigned to a drive letter (for example, H), unmap and choose that drive letter.

2) Assign H to a local formatted partition. You probably have to add a new disk to do this. If you have a virtual machine (VM) you would simply add another hard disk, let Windows rescan the available hard disks, make the disk online, initialize the disk, create a partition and format it. Then you assign H to the drive.

3) Start Dropbox and configure the new location, for example H:\.

4) Dropbox creates the folder “Dropbox” under H:\ and moves already available content to this new location.

5) Shut down Dropbox.

6) Move the Dropbox folder to your network path. Now we have \\SERVER\SHARE\Dropbox and beneath it the Dropbox content.

7) Make the disk offline. H doesn’t exist anymore now.

8) Map H to \\SERVER\SHARE.

9) Start Dropbox. Dropbox won’t check if H is a network drive anymore.

The thing is Dropbox only checks if the location is a network drive at the moment you change the location. Now you can use Dropbox with your network path!

I found the above instructions at:
http://windoh-pedro.blogspot.com/2011/07/how-to-use-network-path-for-dropbox.html


 
Remove Outlook Add-Ins that no longer exist
     
Wednesday, January 4, 2012

If you remove or uninstall an app with an Outlook Add-In, it can leave behind the command to activate the Add-In when the user starts Outlook. Since Outlook can't find the DLL, it will throw an error. To fix this, simply delete extend.dat from the users profile. This works with Outlook 2007 on XP, but I haven't tested it with other versions.


 
Set boot-up number lock state in Windows registry
     
Wednesday, January 4, 2012

Sometimes laptops can have their numlocks set to "on" at boot, and this can cause problems for users trying to enter passwords since the integral numeric keypad will be activated. If you can't find a "numlock off at boot" setting in the BIOS, you can turn it off in the Registry.

Microsoft discusses this in their KB Article 154529, but the key info is below:

In the Registry, go to HKEY_USERS\.Default\Control Panel\Keyboard
Set InitialKeyboardIndicators from 2 to 0

 

 Windows Servers running RRAS list incorrect IP address in DNS server
     
Thursday, December 15, 2011

If a Windows Server is both an RRAS server, and an A/D DC running DNS, they can frequently list one of the IP addresses they use for RRAS in the DNS, rather than just their LAN IP. MS knowledgebase article 292822 explains how to prevent this from happening.


 Function keys on Lenovo ThinkPad & ThinkCentre Edge keyboards
     
Thursday, December 15, 2011

For whatever reason, Lenovo has chosen to have the default behavior of the function keys on their recent "Edge" computers not be function keys. The default behavior is that you have to hit a Fn button in order for them to be Function keys.

To fix this on the desktops, run the "Lenovo Slim USB keyboard" app from the start menu, and check the function keys box. If you are using that keyboard on another PC, you can download the control software from here.

To fix the problem on laptops, reboot, get into the BIOS (hit enter very quickly, as soon as you see the BIOS logo screen), and change the function keys behavior in the BIOS.
 

 Syntax to connect Macs to Windows Servers
     
Thursday, December 7, 2011

In Finder, choose "Connect to server" and use the following syntax:


smb://ServerName/ShareName
 

The full article from Apple's knowledgebase is here.

 

 Online CRM Solutions

     Saturday, October 22, 2011

   SalesForce.com
   Zoho Office
   Landslide

 

 How to determine what account is being used to relay spam through an Exchange Server 2003
     
Thursday, May 12, 2011


If mail relay occurs from an account on an Exchange computer that is not configured as an open mail relay - determine whether an account on your Exchange computer sends authenticated relayed mail. To do this, follow these steps:

  1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
  2. In Exchange System Manager, right-click Your_Exchange_Server_Name, and then click Properties.
  3. Click the Diagnostic Logging tab.
  4. In the Services list, click MSExchange Transport.
  5. In the Categories list, click SMTP Protocol, and then click Maximum in the Logging level area. (Actually, it's Authentication that you need to set to the Maximum logging level).
  6. Click Apply, click OK, and then quit Exchange System Manager.
  7. Click Start, point to Programs, point to Administrative Tools, and then click Services.
  8. Right-click Simple Mail Transport Protocol (SMTP), and then click Restart.
  9. Click Start, point to Programs, point to Administrative Tools, and then click Event Viewer.
  10. In Event Viewer, search the Application log for event 1708. Event 1708 indicates that the account authenticates with the Exchange computer to send relayed mail.

 Enterprise Activation on BlackBerry OS 6
     
Wednesday, October 20, 2010

RIM moved the location of Enterprise Activation in their new OS (thank you, RIM). It used to be in Options >  Advanced Options > Enterprise Activation.

The new location is Options > Device > Advanced System Settings > Enterprise Activation.

 

 Blackberry Enterprise Server (BES) Dispatcher service stops running
     
Friday, October 8, 2010

The BES Dispatcher service stopper running, and upon attempting to start it, it failed with "service-specific error 5613."

It turned out that the problem had been caused because another process had started using a port (5096) that the BES service requires to run properly. In my case, it was the Exchange Information Store server (store.exe). The fix is to add that port to the list of reserved ports in the Windows registry.

The Blackberry Knowledgebase article discussing the problem, and the fix is (KB04797). And the Microsoft KB article with instructions for adding an IP port exclusion is (KB812873).

 

 Copying and editing the Outlook "Nickname Cache"
     
Thursday, October 7, 2010

The Outlook nickname cache is the file that keeps all of the email addresses that have been used in Outlook. In my opinion, it is a badly misnamed feature. I have been amazed at the number of people who have few or no contacts in their Outlook contacts folder, and instead rely exclusively on the "nickname cache" feature as a list of all of their contacts emails addresses. When moving to a new PC, people always want to take this with them. It took me a very long time to track this down, because of the odd name, but I finally did.

The location of the file is in:

drive:\Documents and Settings\user name\Application Data\Microsoft\Outlook\outlook profile name.nk2

Note that the file name is based on the Outlook profile name, NOT the user profile name.

With the help of the free Nk2View utility, you can edit the list, and even export it.

To clear or reset the cache, just rename or delete the .nk2 file (with Outlook closed, of course).

Finally, if you don’t want outlook to suggest names for you, you can turn this feature off.

 In Outlook:

  • Go to Tools, then Options
  • From the Options tab, choose the E-mail options button
  • Click Advanced E-mail options
  • Uncheck “Suggest names while completing To, Cc, and Bcc fields.

In Outlook 2010, Microsoft has changed the way the "nickname cache" works. The cache is no longer stored in the .nk2 files, but instead somewhere mysterious inside Outlook 2010.

Microsoft has helpfully provided KB article #980542, which explains how to import .nk2 files into the new nickname cache in 2010.


 MS SyncToy scheduling problem
     
Tuesday, June 2, 2009

Check out this web page for the solution.

Just in case it gets taken down or moved, here is the fix:

While validating the source of the error code "0x1", I stumbled upon the solution of the problem. 
My computer is part of a computer network domain and I belong to the Network Administrators Group.

"SyncToy Help" states that you must have administrative privileges in order to install the application, specially if you don't have the Microsoft Sync Framework. Since I have administrator privileges I installed Synctoy with my user profile and on the scheduler task I had the "Run As" Field As the local Administrator.

It turns out that if you install SyncToy with a profile that is not Administrator:

1) You must use that same profile in the "Run As" Field on the Task Tab, as in "YourDomain\yourprofilename"
2) also, you have to mark the "Run only if logged on" checkbox.
3) Remember to set your password also.

The scheduler is now running the SyncToyCmd correctly.

For more information on scheduler issues see http://support.microsoft.com/default.aspx/kb/308558


 
Windows Vista anti disk-thrashing measures
     
Wednesday, December 17, 2008

On many systems, Windows Vista has the annoying tendency to access the hard drive for very long periods, at times when XP would not normally be doing so. This behavior accounts for a large portion of Vista's legendary sluggishness. Fortunately, there are some concrete steps you can take to prevent this behavior. Here are those steps, in my preferred order

- disable SuperFetch service
- disable automatic defrags
- disable indexing service
- disable shadow copy service
- disable system restore* (If possible, leave this service enabled, as it can definitely be useful.)
 

 Windows XP looses .EXE file association
     Thursday, June 26, 2008

Recently I had a PC with a strange problem. After removing some spyware/virii, it would no longer allow any .exe files to execute. Simply renaming them to .com often fixed the problem, but that wasn't a real fix. I did some web searches, and despite not finding any reference to this problem on Microsoft's website, eventually found this web site, which contains registry files that fix file associations for a variety of file extensions.



 PC Decrapifier
     Monday, June 16, 2008

No kidding - that's really the name of this nifty utility. It removes all the useless, bloated garbage that is typically preinstalled on many new PCs.

Download it here!

 

 Office 2007 causes spell-checker problems for Outlook Express
     Tuesday, March 25, 2008

Apparently, a lot of people have found that following the install of MS Office 2007, they are left with a French version of the Outlook Express spellchecker. MS has no real fix, so it looks like the simplest thing to do is to download this free spell-check ad-on.

 

 How to search for files within date ranges in Vista
     Friday, February 29, 2008

Here is a helpful Vista tip.

 

 RDP printers
     Monday, July 30, 2007

When connecting to servers, if the port name is something other than LPT, USB, or COM, the printer does not get created on the server.

A simple registry hack fixes this, as explained in MS Knowledgebase article 302361.

 
Microsoft's new Shadow Copy feature is really cool, but if you want to be able to actually see the copies, you need to install the Shadow Copy Client. To save time searching, you can download it from Microsoft using this link.


 

 Office 2007 compatibility
     Wednesday, June 13, 2007

For compatibility with Office 2007, you can download the MS Office compatibility pack for Office 20003, 2002 (aka XP) and 2000.

Also, you may want to read Microsoft's warnings and prerequisites in KB article 924074.


 

 Adobe Acrobat alternative
     Wednesday, April 18, 2007

Acrobat Reader just keeps getting bigger, slower, and more bloated with each new release.

If you are ready for a smaller, quicker, lightweight, free PDF reader, you can now use Foxit Reader from Foxit Software.
 

 

It seems like with each and every new release of Quicktime, Apple has been trying to reach new heights in user annoyance. Things like - every time the Quicktime player pops up, it asks you if you want to buy some pay version of Quicktime - like anybody actually wants to do that. And it ask you EVERY single time.

Then, more recently, it has become difficult to download just Quicktime without also downloading iTunes. Well, now there is an alternative. The folks over at free-codecs.com have an alternative. It uses all the Quicktime codecs, plus an old version of the MS Media Player.

Get it here.
 


 

Mojopac.com has an inexpensive ($49.99) program that allows you to install nearly any program onto a USB storage device (flash memory drive, hard drive, iPod, etc) and then connect that device to any computer, and run the application on that PC! How cool is that? They've got a 30-day free trial, too, so you can see if it will work with your programs.


 
Two free remote access / screen sharing apps I have recently become aware of:

Log Me In Free - similar to GoToMyPC
CrossLoop - supposedly similar to Webex, though I have yet to try it.
 
Cool IT Systems has an expensive ($199) system called the Eliminator CPU cooler that provides drop-in water cooling for your new system. Not cheap, but very cool, and quiet.
 

 

 Spyware Warrior website tracks fake anti-spyware
     Saturday, April 07, 2007

As you may know, there are loads of spyware applications out there masquerading as anti-spyware. I find it particularly distasteful when a**holes take advantage of clueless users by foisting this junky or malicious software on people.

If in doubt, check the list at www.spywarewarrior.com

 


 Disable annoying Vista User Account Control
     Monday, February 26, 2007

The Mac "Security" ad is accurate, the new User Account Control feature of Vista is poorly-conceived, and ultimately so annoying as to be completely useless.

Here's a link to the MS Technet site where they tell you how to disable it.
 
Try NetInfo, from Tsarfin Computing. It's got a network scanner, and shows all the network connections of the PC on which it is installed, as well as ping, traceroute, whois, nslookup, and other useful tools.
 

 

If you want to enable a designated user to manage Active Directory user objects, but don't want them to be logging onto a server, you need to download and install the Windows Server Administrative Tools Pack - which I thought was too damn hard to find. So here's a link to the Windows Server 2003 SP1 version of the ATP.
 

 

 Streaming video from a USB webcam
     Monday, February 19, 2007

The easiest way to make video available on the internet is by using a webcam with a built-in web server. At work, we sell Axis webcams, but for home users, or people who want to do this on the cheap, the best free solution I have found for getting video to stream accross the web from a USB-connected webcam is the VLC media player/server, available from VideoLan.org.

 

 Daylight Savings time changes and Microsoft OSs
     Friday, January 12, 2007

This year, the dates for Daylight Saving Time have changed. Of course, the dates are hard-coded into Windows. Microsoft has been kind enough to update XP and Server 2003 to account for the new dates, but they have not patched 2000 (or older OSs) similarly.

Visit the MS Daylight Savings Time Support Center, and get a 3rd party patch for Windows 2K.

Thanks to Chad for the link.

 

 Free online backup
     Monday, December 11, 2006

Recently reviewed in PC Magazine, which gave it an Editors Choice award.

Mozy Backup - free for up to 2 GB, $4.95 per month for up to 30 GB. Now that's a deal!
 
Here's the link to the original article on Macrumors.com

But here's the key info:

*Windows Server 2003 Authentication

By default Windows Server 2003 will try to encrypt everything sent to and from it. With this enabled you will not be able to log in to the share from the Mac.

To fix this there are a couple of things you need to do.
First; open up regedit (Start > Run > "regedit" {return}), and navigate to HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ LanManServer \ Parameter \ RequireSecuritySignature, and set its value to "0".

Second, if the server is also a Domain Controller; you need to open the DC's Security Policy (Administrative Tools > Domain Controller Security Policy). Navigate to Local Policies > Security Options, and disable "Microsoft network server: Digitally sign communications (always)" & "Microsoft network server: Digitally sign communications (if client agrees)".

Reboot the sever, and you should be good to go.
 

 

 Bluetie.com
     Thursday, December 07, 2006

From PC Magazine:

Bluetie.com allows up to 20 mailboxes free, including using custom domain names, calendar sharing, and file sharing. For more than 20, you have to pay, but it's still pretty hard to beat.
 

 Boot the unbootable
     Thursday, December 07, 2006

From Bill Machrone's Nov 29 article in PC Magazine:

Use the Ultimate Boot CD or Bart's Preinstalled Environment to access PCs that won't boot, are infested with viruses, or spyware. UBCD is Linux-based, while BartPE uses Windows. Both will (should) allow access to NTFS partitions, allow you to run anitvirus scans, spyware removal, direct registry editing, etc.
 

 

 WSUS for Windows Updates
     Thursday, December 07, 2006

Per Mike West of WestMark Consulting:

He recommends using Microsoft Windows Server Update Services (WSUS) for custom-windows updates, and for tracking windows update status on your PCs.