2 May 2022

Search GPO Settings

So if you know anything about managing Windows systems then you know about GPOs. In my honest opinion, GPOs are one of the greatest tools available in Windows. GPOs let you administratively manage all aspects of your computers. You can literally set about 99.9999% of any settings you ever wanted to configure on a computer.

One of the things that make GPOs so great is that it is expandable in that you can add new administrative templates as you add new software to your workstations in your domain. So not only can you manage just about any Microsoft or Windows setting, but you can also add in templates for third-party software from most of the big software venders and enterprise applications, as well as add new templates when new Microsoft releases new OSes and software.

The biggest downside of GPOs is that they can feel like a daunting wall when you first get started implementing them simply because there are sooo many settings that you can potentially configure – where to begin!?! And how do you figure out where to set some of those really odd settings. Well don’t worry, I don’t know anyone that remembers exactly where each setting is. For me, there are two resources that I regularly use to help me find the settings that I want to configure.

1 – https://gpsearch.azurewebsites.net/

This is an official Microsoft tool that lets you search all of the various settings that are available to you in all Microsoft products. It’s a great resource to find where things are set just by using a keyword. Think of it as “Bing” (or “Google”) for GPOs. Out of these two links, this site is the easiest to navigate when looking specifically for Microsoft and Windows settings.

2 – https://admx.help/

This site includes all of the Microsoft settings, but where it really shines is all of the third-party software settings it has indexed for you. If need to figure out where to set something in Chrome or Adobe or any other software, this site has you covered.

3 – https://reg2ps.azurewebsites.net/

So this last site is just a bonus as it is not exactly a GPO site, but it comes in handy. It’s a way to convert registry settings into powershell commands that you can run. Paste your reg key into it and it will spit out the corresponding PS command for it.

Category: Microsoft, Windows 10, Windows 2012/2012R2, Windows 2016, Windows 2019 | LEAVE A COMMENT
24 February 2022

Changing Your Password from an RDP Session

So here’s the scenario, you’ve RDP-ed into a server and you want to change your password. You try to hit CRTL+ATL+DEL but instead of it getting sent to the remote computer, it opens on your local machine. Blah! That is not what we want… How do we get to a place where we can change the password for the account that was used in the RDP session?

One way to send it within the RDP session is to launch the on-screen keyboard. To launch it, simply click on the ‘Start Menu’ and type “osk”, then click on the result to open the keyboard. With the OSK on screen, press and hold “CTRL+ALT” on your physical keyboard, and click “DEL” on the virtual keyboard button.

The easiest way to bring up the menu from where you can change your password is to press CRTL+ALT+END in the RDP window. Now if you are RDP-ed from a mac, you’ll need to do a CRTL+ALT+Fn+Backspace or CRTL+ALT+Fn+Right-Arrow to bring up the menu.

Category: Microsoft, Windows 10, Windows 2016, Windows 2019 | LEAVE A COMMENT
30 December 2021

Open and Extract .tar files on Windows

What I’m about to say might be a surprise to you… But you don’t need to install any sort of 3rd party software (like 7zip or WinZip) to extract tarball files on WIndows. Windows 10 actually has the functionality built-in. I know, I was just as surprised to learn about it as you are. From the command line, you can use the “Tar” command to easily extract .tar, .gz, or tar.gz files.

For folks out there that don’t know;

  • A tarball file, ‘.tar’, is just a type of archived file. They are basically, a collection of files that have been merged into one single file.
  • Gzip files, ‘.gz’, are a type of compressed file and it is used to save on the amount of space that a file uses on the hard drive.
  • If you’re following along, then you’ll already have realized that a ‘.tar.gz’ file means that it is just a compressed archive file.

Here’s how to extract your tarball file in Windows 10.

Open the ‘Start Menu’ and search for “cmd”. Right-click on “Command Prompt” and select “Run as administrator“.

Enter the following command inside the window.

tar -xvzf "Path to file" -C "Path to destination"

Example:

tar -xvzf C:\Source\file.tar.gz -C C:\Destination\

This example will extract the contents of the ‘file.tar.gz’ file from the “C:\Source\” folder to the “C:\Destination\” folder. 
Note: Make sure the ‘-C’ parameter before the path to the destination is an uppercase.

The parameters explained:

  • x — instructs tar to extract the archived content.
  • v — verbose mode. This is optional to display the extraction process. Otherwise, you will only see a blinking cursor until the process is complete.
  • z — instructs tar to uncompress the content with gzip.
  • f — provides tar the name of the file you’re about to extract.
  • C — uppercase and with a hypen, this tells tar to change folders to the specified folder

Category: Microsoft, Windows 10 | 3 Comments on Open and Extract .tar files on Windows
23 April 2021

Cannot open the Outlook window. Invalid XML

Microsoft Outlook has got to be one of the most common business applications that just about everyone uses. So when it fails to open, it can feel like the start of a bad day. One error message that I have encountered a few times now is the “Invalid XML” message when trying to launch Outlook. The most common reason for this error is that the XML file that contains the settings for Outlook’s navigation pane has become corrupted. The navigation pane is the one that is on the left side of Outlook and lets you change between your mailbox, folders, calendar, contacts, tasks, etc.

So how do we fix the error? The first thing to try is to simply reset the navigation pane.

  1. Hit ‘Windows+R‘ on your keyboard to open the ‘Run‘ window.
  2. Type in the following command: Outlook.exe /resetnavpane
  3. Hit the ‘OK‘ button.
  4. Then re-launch Outlook to verify that everything is working.

If the above action did not resolve your Outlook issue, then the next course of action would be to delete the actual XML file and force Outlook to generate a new/fresh file the next time it opens. Here’s how we can do that.

  1. Hit ‘Windows+R‘ on your keyboard to open the ‘Run‘ window.
  2. Type in the following command: %AppData%\Microsoft\Outlook
  3. Hit the ‘OK‘ button.
  4. It will open ‘File Explorer’ and take you to the directory that the XML file resides in. Look for a file named ‘Outlook.xml
  5. Delete the XML file.
  6. Then re-launch Outlook to check that it is working now.

That is how to fix the Outlook ‘Invalid XML’ error. I hope one of these methods worked for you so you can get back to your emails.

Category: Microsoft, Office, Windows 10 | LEAVE A COMMENT
1 January 2021

VMware PVSCSI on a new Windows install

If you haven’t already upgraded your Windows servers to Windows 2019, then you will probably be doing so soon enough. That means that it’s time to review the steps you take in building out your virtual machines (VMs). Are you running your VMs from a SAN? Then during this refresh, you should really take the time to consider using the VMware Paravirtual SCSI (PVSCSI) driver.

VMware Paravirtual (PVSCSI) adapters are high-performance storage adapters that can provide greater throughput and lower CPU utilization. They are best suited for environments where hardware or applications drive a very high amount of I/O throughput, such as SAN environments. PVSCSI adapters are not suited for DAS environments.

VMware, https://kb.vmware.com/s/article/1010398

When building new VMs there are four options you can choose from for their SCSI controller. The default LSI Logic SAS driver that is automatically selected for you will work just fine in most environments. That said, when you want to guarantee maximum performance from your VMs you will need to use the PVSCSI. Why wouldn’t you want to allow your VMs their max performance? It’s simple enough to do. Heck, do it and make a “golden image” template so you can easily redeploy it if you don’t want to repeat the steps on each VM everytime. It’s just a couple of clicks now for better performance later. Here we go…

  1. Launch the vSphere Client and log in to an ESXi host or vCenter Server.
  2. Select create a new virtual machine.
  3. In the vSphere Client, right-click on the virtual machine and click Edit Settings.
  4. Click the Hardware tab.
  5. Click Add.
  6. Select Hard Disk.
  7. Click Next.
  8. Choose any one of the available options.
  9. Click Next.
  10. Specify the options you require. Options vary depending on which type of disk you chose.
  11. Choose a Virtual Device Node and specify whether you want to use Independent mode. For data disks, choose a Virtual Device Node between SCSI (1:0)to SCSI (3:15). For a boot disk, choose Virtual Device Node SCSI (0:0) or choose the Virtual Device Node that boots in the order you require.

    Note: To set a disk to use Independent mode there must be no snapshots associated to the virtual disk, if there are existing snapshots commit them before changing the disk type.
     
  12. Click Next.
  13. Click Finish to complete the process and exit the Add Hardware wizard. A new disk and controller are created.
  14. Select the newly created controller and click Change Type.
  15. Click VMware Paravirtual and click OK.
  16. Click OK to exit the Virtual Machine Properties dialog.
  17. Power on the virtual machine.
  18. Install VMware Tools. VMware Tools includes the PVSCSI driver.
  19. If it is a new virtual disk, scan and format the hard disk within the guest operating system.
Category: ESXi, VMWare, Windows 10, Windows 2012/2012R2, Windows 2016, Windows 2019 | LEAVE A COMMENT
8 May 2020

Export/Import Putty Sessions

If you’re like me you probably use one machine heavily. You have all of the hosts and devices which you connect to regularly, saved in Putty. but what if you want to conveniently share all of those saved settings with a coworker, or back them up so you can restore them in the future to a new PC.

Putty saves all of those ‘saved’ sessions in the Windows registry. While you’re not able to export them directly from Putty, you can use the command line to export either just the sessions, or all settings, from putty.

Note: These instructions only work with the ‘regular’ installed version of Putty on Windows. They will not work with the portable version.

Export

Open a Command Prompt (or PowerShell) as an Administrator.

Export only sessions with this command:

regedit /e "%USERPROFILE%\Desktop\putty-sessions.reg" HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions

Export all settings with this command

regedit /e "%USERPROFILE%\Desktop\putty.reg" HKEY_CURRENT_USER\Software\SimonTatham

This will create a “reg” file on the desktop of the current user. It will not export SSH keys. Do not replace “SimonTathom” with your username, Simon is the author of Putty and that is the name that particular folder inside the registry where the settings are saved.

Import

Copy the reg file to the machine which you want to import the putty settings on.

Double-click on the .reg file and accept the import.

Category: Microsoft, Windows 10 | LEAVE A COMMENT
9 April 2020

Setup BGInfo on Windows

BGinfo is a great utility/tool that I really like and I literally have on every server I deploy. It is totally customize-able and able to display whatever system information that you feel is important to you, right on the desktop background making it easy to see at a glance. It could be used to display anything from the server’s name, IP addresses, hard drive usage, memory usage, OS version, or even the user that you are currently logged in as.

Download BgInfo – https://docs.microsoft.com/en-us/sysinternals/downloads/bginfo

Create a folder, c:\utilities\, and make sure that all users have read and write access to it.

Move the BGInfo utility into the c:\utilities\ folder.
I also like to place any other Sysinternals utilities that I am using into this c:\utilities\ folder.

Run the BGinfo utility and take a few minutes to configure what information you wish to be displayed on your background.
Then save your configuration to the c:\utilities\ folder.

Create a shortcut to either Bginfo.exe (if you are on a 32-bit machine) or Bginfo64.exe (if are on a 64-bit machine).

Edit the target of that shortcut to include the name of your BGinfo configuration file.
In the picture below I’ve named mine “c:\utilities\mybgconfig.bgi”.

A few more handy suggestions to include in your shortcut’s target are:

  • /timer:0 – to avoid the typical UI popup
  • /nolicprompt – to make sure new users are not prompted with the EULA
  • /silent – to silence and errors

Which would result with the target field looking like:

c:\utilities\Bginfo64.exe c:\utilities\mybgconfig.bgi /timer:0 /nolicprompt /silent

Follow my article about finding the startup folder in Windows, and make a copy of your shortcut into that startup folder.
I prefer to copy the shortcut to the “Common Startup” folder, that way it will launch for any user that logs into the machine… But it’s up to you if you want to put it in the “User Startup” or “Common Startup” folder.

Now it’s time to test it out! Try logging out and then logging back in.

Category: Windows 10, Windows 2012/2012R2, Windows 2016, Windows 2019 | LEAVE A COMMENT
9 April 2020

Finding the Startup Folder on Windows

In recent years Microsoft has moved around where they “hide” the startup folder. That’s the folder that gets used to launch applications that start automatically when the user logs in. It’s not necessary hard to find, but it is well hidden.

There’s actually two places that startup folder lives. Each user has their own startup folder that will launch programs specific to that user. And there is also a common startup folder which will launch programs for any and all users that log into that machine.

How to find the users’ individual startup folder

  • Right click on the start menu and select ‘Run’.
  • Type “shell:startup” and click ok.
  • The startup folder will open, and you can drag-and-drag and shortcuts or applications you need into.

If you need to manually dive thru folders to get to the user’s startup folder, go to, but remember to change “<USER>” to the one you’re looking for:

C:\Users\<USER>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

How to find the all users’ common startup folder

  • Right click on the start menu and select ‘Run’.
  • Type “shell:common startup” and click ok.
  • The startup folder will open, and you can drag-and-drag and shortcuts or applications you need into.

If you need to manually dive thru folders to get to the common startup folder, go to:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
Category: Microsoft, Windows 10, Windows 2012/2012R2, Windows 2016, Windows 2019 | LEAVE A COMMENT
4 April 2020

Run Application as Different User

Windows makes it incredibly easy to run an application or script as another user on your computer. I find that I most often use this to run administrative or domain tools, when I’m logged in as just a normal user.

Method 1

This is the easiest method. While it took me a little while to remember it, I now use it almost daily and without even thinking about it.

Press and hold down the ‘Shift’ key on your keyboard, while you right-click on the program you want to launch.

This will only work on executable (EXE) files or shortcuts to executable files. If you try this and don’t see the option, then it is not an executable file.

Method 2

This method will create a shortcut that “knows” to launch an application as another user.

Create a shortcut to your executable

Right-click on the shortcut and modify the “Target” to:

runas /user:DOMAIN\USERNAME "path to executable"

Click ‘OK’. Then launch your shortcut. You will get prompted for your password everytime you launch your shortcut.

If you need to store the password with your shortcut, then modify the “Target” to this instead:

runas /savecred /user:DOMAIN\USERNAME "path to executable"

Click ‘OK’. Then right-click and select “Run as Administrator” the first time you use the shortcut. You will be prompted for the user password and it will get saved. From then on, just clicking the shortcut will launch it as your desired user.

Method 2.5

Alright this is basically the same method as above, so I didn’t feel right calling it a third method.

You can take the same trick from “Method 2” and just use it to run an application from a command prompt window.

C:\> runas /user:DOMAIN\USERNAME "path to executable"

Category: Windows 10, Windows 2012/2012R2, Windows 2016, Windows 2019 | LEAVE A COMMENT
3 April 2020

Pull Certificate from Digitally Signed Application

Most companies will use a certificate to sign their applications before they release their software to the world. This helps the user know to that the software they are running actually came from the software vendor, and hasn’t been altered or changed by someone.

Certificates are based on key pairs. There is a public key, and a private key. In terms of digitally signing an application, the public key is often just referred to as the Certificate.

How it works, in simpified terms… The software vendor holds a private key, and they guard it, keeping it safe in their organization. You can also think of is their fingerprint that they’ll use when signing something as it is unique. The public key is what we can see. Using a hash in the digitally signed application, we can use their public key, to see is if the hash value can be verified. If it checks out then we know that the digital signature is valid. If it doesn’t, well then we know the signature has been altered.

The I’ll show you below how you can pull the public half of the Certificate from an application. In this example we’ll pull Adobe’s certificate from Adobe Reader DC.

Right click on the application you want the signature of and select “Properties”

Click the “Digital Signature” tab, select the signature, then click the “Details” button.

Note: If you do not see the “Digital Signature” tab, then the file is not digitally signed.

Click the “View Certificate” button.


Click the “Details” tab and then select the “Copy to File” button.

Follow the “Certificate Export Wizard”.

After completing the export wizard, you’ll have the digital signature certificate of the digitally signed application.

Here’s an article I wrote that includes how to set a software restriction GPO policy using a certificate rule.

Category: Microsoft, Windows 10, Windows 2012/2012R2, Windows 2016, Windows 2019 | LEAVE A COMMENT