I had a bunch of old user profile folders I needed to delete today, When setup properly even the domain administrator can’t get in there and delete them;
You need permission to perform this action.
You don’t currently have persmission to access this folder
If it’s just one folder then simply take ownership, grant yourself rights and delete it! But I had a lot of folders so I needed a more robust (read less work) solution.
Solution: Take Ownership
Take Ownership of all Folders/Sub-Folders, and Files
Open an administrative command window, and execute the following command;
[box]
takeown /a /r /d Y /f C:\"Path-To-Folder"
[/box]
Grant ‘Full Control’ Rights to all Folders/Sub-Folders, and Files
Just because you are the owner, that does not mean you have any rights to the folders and files, to grant full control to the administrators group.
Stop! Why do you want to disable IPv6? I see this regularly in forums, with other unusual statements like “If you’re not using it disabling it” or “It’s just another attack vector, disable it.“
Well unless you’re running Windows XP and Server 2012 you’re using IPv6. If something does not work and disabling IPv6 fixes it, then it’s usually because your network is not configured correctly, (usually your routers are doing something called IPv6 Address Allocation*)
“From Microsoft’s perspective, IPv6 is a mandatory part of the Windows operating system, and it is enabled and included in standard Windows service and application testing during the operating system development process. Because Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6”
Microsoft said that in 2016, and still there’s people routinely disabling IPv6?
*Note: You can disable SLAAC (Stateless Address Autoconfiguration) on a Cisco router with the interface command “no ipv6 address autoconfig“
Disabling IPv6 Alternative Solution
Before people accuse me of ‘not living in the real world’ If you have legacy equipment or ages old applications – you may need to consider ‘doing something about IPv6’. but your first action should be to prefer IPv4 over IPv6.
Seen on versions of Windows built from ‘older’ versions of the install media, when attempting to check for updates you may see.
Error(s) food:
Code 80072EFE Windows update ran into a problem
80072EFE Update Error Resolution
At first (because it was a newly build machine.) I thought the problem was incorrect Time zone, Time, or Locale.
But thats NOT the problem, you’re stuck in a ‘catch 22′, where the update components need to update, but they can’t update, because the update components are too old! So to fix the problem you need to manually update them. Search for and install KB2937636.
Then reboot the server, and attempt updating again.
Related Articles, References, Credits, or External Links
Both SSL and TLS are cryptographic protocols designed to secure communications over a network (remember the internet is just a network). Originally we had SSL version 1 and version 2. But they were, (to be honest) ‘a bit bobbins’ and full of security holes, so never really took off. Version 3 however did and was widely supported. The problem with version 3 was, (again) that was also ‘bobbins’. All this came to a head with the Poodle exploit and people started getting rid of SSLv3.
So, what about TLS? Well TLS v1.0 was largely based on, (but not compatible with) SSLv3. TLS 1.1 replaced v1.0 (circa 2006). Problems with it prompted TLS 1.2 (circa 2008). Then that was the standard until TLS v1.3 (circa 2018).
However: Just because you use the newest protocols does not necessarily mean you are more secure: Most documentation you read says TLS 1.2 ‘Should’ be secure (that’s reassuring eh!) This is because these protocols are built on cryptographic ciphers and they are only as secure as those ciphers. You can corrupt a strong protocol with a weak cipher and render it less secure. In some cases, you may need to do this, or you might simply enable a web cipher to fix a ‘problem’ without understanding the consequences.
You are ‘Probably’ Reading this Because…
If you’ve had a security audit, or a company had scanned your network and produced a report that says you are running insecure protocols and you need to do something about it.
THINK: Security is a good thing, (I’m all for it,) BUT just rushing to turn things off, can cause you problems, where possible test any remediation in a test environment, many old legacy (for legacy read ‘applications that are business critical, and you can no longer update or get support on’) may still be using these old protocols. Simply disabling SSLv3.0, TLS v1.0,1.1, and/or 1.2 can have some negative effects, either on YOUR applications or in the browsers of your clients. Remember if you provide a web based service it will also need testing with any browser that your staff, or even the public may be using to access your web based platforms.
TLS 1.0 and TLS 1.1 might be ‘depreciated’ but it’s still widely used, disabling them will probably cause you more problems than the older SSL protocols, so test, test, and test.
ISOLATE: If you have old legacy applications and you need to retain them for compliance or financial reasons, then consider simply MITIGATING the risk by taking them off the local network, and running them in isolation.
DOCUMENT: If you need TLS 1.1 then that’s fine just because a scan picked it up, does not mean that you HAVE TO run to the server room and disable it. Most compliance standards are fine with you not fixing something, providing you document what it is and why it’s still enabled.
Windows TLS 1.2 Support: Clients from Windows Vista, and Servers from Server 2008 support TLS 1.2. but all the way to Windows 8.1 and Server 2012 R2 it requires an update, so make sure you are fully up to date before attempting to use TLS 1.2.
Exchange: Support for TLS 1.1 and 1.2 wasn’t added until Exchange 2013 (CU8) and Exchange 2010 (SP3 RU9). Beware Some (Older) Microsoft Outlook clients will only work with TLS 1.0
Windows Client (Internet Explorer) Disabling SSL3 and TLS 1.0, TLS 1.1
Before disabling protocols on the server, it’s good practice to disable those protocols on the clients, some time beforehand, the easiest way to do this is via Group Policy.
Windows Server Disabling SSL3 and TLS 1.0, TLS 1.1
There are lots of reasons you might want to know your PC/Servers uptime, to make sure a client has rebooted a server (like you asked them to), or to see if a server has had a BSOD and rebooted overnight, etc.
Check Uptime with Task Manager
You can get your uptime from the Task Manager’s “Performance” tab.
To launch Task Manger
Start > Run > Taskmgr.exe {enter}. or Press CTRL+SHIFT+ESC, or Right click the Task bar > Select Task Manager. > Options
From command line execute the Systeminfo | find /I “boot” command;
Option 3 -Use Net Statistics to find Uptime
You can get uptime information by either querying the workstation service, or the server service, issue either, the following command;
[box]
net statistics workstation
[/box]
Or the following command;
[box]
net statistics server
[/box]
Option 4 – Use Uptime.exe to find Uptime
Download uptime and put a copy in your “System32” Directory, you can then use the uptime command.
Option 5 – Use WMI (Windows Management Instrumentation) to find Uptime
Issue the following command;
[box]
wmic os get lastbootuptime
[/box]
As you can see the result is not pretty, it is presented in UTC format.
20120109081112.925800+000 = Year 2010, Month 01, Day 09, Time 08:11:12
Option 6 – Check the Event Log to find Uptime
Launch the Event Viewer (eventvr.msc) > Windows Logs > System Log > Find > Search for Event ID 6005, (Note: This event gets logged each time the server boots, as the event log service starts). Event ID 6006 will be labeled as “The event log service was stopped.” This is synonymous with system shutdown.
Note: Event 6013 is periodically logged this shows the machines uptime at that point.
Note: In the event of an abnormal shutdown look for Event ID 6009 indicates the processor information detected during boot time. Event ID 6008 will let you know that the system started after it was not shut down properly.
Option 1 – Use Uptime.exe to get a Remote Machines Uptime
Already mentioned above download uptime and extract it to your system32 directory. Then to get a remote machines uptime, use the following command;
There was a question on Experts Exchange this morning, the asker wanted to be able to add a ‘Trusted’ network range to their Windows Server Firewall settings as a ‘allow all ports’ rule.
Solution
You can of course add this manually in the GUI, normally I’d simply Add a Firewall Rule with a Group Policy. but the problem with that is, that’s fine if you want to open a particular TCP/UDP/ICMP port, but NOT if you want to open ALL ports. But you CAN use PowerShell like so;
“Have you got one of those programs that gets the Windows key?”, My colleague asked me the other week. I said “Just download a key finder application?”, “Yeah I’ve tried that and is showing the code as all B’s”.
You may also just see ‘Product key was not found‘ on some software.
I sent him some more links and got back to what I was doing. He was having no joy with any other software, so I wandered over to have a look.
Solution
Let me save you some time: If you are trying to recover a Volume Licence Key (MAK, Multiple Activation Key) YOU CAN’T, they are deleted from the machine when the machine is activated (apart from the last five characters.)
How To Check If You are Running a Windows Volume Licensed Version;
Run the following command;
[box]
slmgr /dlv
[/box]
Volume Licenced.
You can see that this particular machine is running on a volume licence. You will all note that further down it gives you the last five characters of the actual key “BHCH3”. This is to stop people just extracting a Volume Licence, once activated, because Windows removes the key. It takes the last five characters of the key and stores them in a file called ‘tokens.dat’, You will find it at
You will see the similar information if you run the Microsoft Genuine Advantage Diagnostic Tool;
Retail
To recover a key from a retail version of Windows is easy, most free key finders will recover keys for you.
There is another curve ball, that might set you off in the WRONG DIRECTION as well, if you trawl the forums you will find scripts that will ‘tell you’ they decode the registry keys that usually hold the windows key, like this;
You will see posts that say, “no don’t use that registry key ‘DigitalProductID’ change it to ‘DigitalProductID4’ and it will work”. Well it does work! But sadly the key you get will not.
Download the scripts to see for yourself ‘GetProductKey‘
Related Articles, References, Credits, or External Links
There are many reasons why you might want to do this, someone has managed to change a user password and that person is not available, you might simply have forgotten it. Or you might have been given a machine, or bought one from ebay that has come without a password. Also there have been a few times when a user has looked me in the eye and said “I’m typing my password in, but it’s not working”, I have never seen a password change on it’s own, so I will just put that down to the evil password gremlins.
The procedure will also work on the Windows local administrators password, just bear in mind that his account is disabled by default, (after Windows 8). This procedure will not work if the machine in question has had its hard drive encrypted using BitLocker.
You can use this procedure to blank, (or reset) a Domain Controllers DSRM (Directory Services Restore Mode) password.
You can avoid this procedure if you have access to another account on this machine that has administrative access. If you can log on as an administrator, then you can change the password of other local accounts on the affected machine without the need to do this.
2. Download ImgBurn and install, Launch the program, if it does not look like this you need to select View >EX-Mode-Picker. Select the ‘Write image file to disc’ option.
2. The file you downloaded is a zip file that contains the disk image, you will need to extract the image from the zip file (i.e. drag it to your desktop). From within ImgBurn launch the browse option and navigate to the disk image you have just extracted > Open.
3. Select the burn to disc icon (Note: This will be greyed out, until there is a blank CD in the drive). The image is very small, it will not take long to burn.
Carry Out a Windows 8 Password Reset.
This procedure uses the boot CD you have just created, for it to work you need to make sure the machine will attempt to boot to its CD/DVD Drive before it boots to its hard drive. (Or it will simply boot into Windows again). This change in ‘Boot Order’ is carried out in the machines BIOS, how you enter this varies depending on machine vendor, when you first turn on the machine watch for a message that looks like Press {key} to enter Setup. Typically Esc, Del, F1, F2, or F9. When in the BIOS locate the boot order and move the CD/DVD Drive to the top of the list.
1. Boot your machine from your freshly burned CD, when you see this screen simply press {Enter} to boot.
2. Depending on how many disks/partitions you have it will discover them and assign a number to each one, here I only have 1 so I will type ‘1 {Enter}’.
Note: You may see a small 300Mb partition, ignore that. You may also see your machines recovery partition if it has one, if that’s the case you may have to carry out some trial and error to get the right one.
3. The system is set to look for the default registry location C:WindowsSystem32Config so simply press {Enter}. If it fails at this point you selected the wrong drive/partition.
4. We want password reset so select option 1.
5. We will be editing user data and passwords, so again select option 1.
6. You will be presented with a list of the user objects that it can locate, here I want to reset the password for the ‘PeteLong’ user object so simply type in the username you want to edit.
Note: As mentioned you can see here the administrator account is disabled, if you want to work with that account, you will need to unlock and enable it on the next screen before you blank or change the password.
7. You can choose option 2 and type in a new password, but I’m going the blank the password, then change it when I get back into the machine by selecting option 1.
8. To step back you need to enter an exclamation mark.
9. Enter a ‘q’ to quit.
10. To write the changes you have made enter a ‘y’.
11. As long as you are happy, and have no other accounts that need changing, enter ‘n’.
12. Now remove the boot CD, and press Ctrl+Alt+Delete to reboot the machine.
13. As the user object we are dealing with was the last one that has logged on, it will select that account as soon as the computer boots, and now it has a blank password it will automatically log on.
14. To change the password, press Ctrl+I > Change PC settings.
15. Users > Create a password.
16. Type and confirm your new password, and enter a password hint > Next.
17. Log off the account and test the new password.
Related Articles, References, Credits, or External Links