I had a bunch of old user profile folders I needed to delete today, When setup properly even the domain administrator can’t get in there and delete them;
You need permission to perform this action.
You don’t currently have persmission to access this folder
If it’s just one folder then simply take ownership, grant yourself rights and delete it! But I had a lot of folders so I needed a more robust (read less work) solution.
Solution: Take Ownership
Take Ownership of all Folders/Sub-Folders, and Files
Open an administrative command window, and execute the following command;
[box]
takeown /a /r /d Y /f C:\"Path-To-Folder"
[/box]
Grant ‘Full Control’ Rights to all Folders/Sub-Folders, and Files
Just because you are the owner, that does not mean you have any rights to the folders and files, to grant full control to the administrators group.
Recovering from a Microsoft Blue Screen of Death (BSOD) involves several steps to diagnose and resolve the issue. Here is a systematic approach to help you recover from a BSOD.
Solution : BSOD Resolution.
Note: If using Crowdstrike (18th Jul 2024) or you’re Stuck at the recovery screen. The problem is being worked on Ref:
TEMPORARY WORK AROUND
Boot Windows into Safe Mode or WRE.
Go to C:\Windows\System32\drivers\CrowdStrike
Locate and delete file matching “C-00000291*.sys”
Boot normally.
Alternative Crowdstrike Fix (from the recovery screen)
If you’re stuck at the recovery screen, try these steps:
Click on ‘See advanced repair options’ on the Recovery screen.
In the Advanced Repair Options menu, select ‘Troubleshoot’.
Next, choose ‘Advanced options’.
Select ‘Startup Settings’.
Click on ‘Restart’.
After your PC restarts, you will see a list of options. Press 4 or F4 to start your PC in Safe Mode.
Open Command Prompt in Safe Mode.
In the Command Prompt, navigate to the drivers directory: cd \windows\system32\drivers
To rename the CrowdStrike folder, use ren CrowdStrike CrowdStrike_old
Alternative Crowdstrike Fix (For Virtual Machines)
Attach an the system disk of the affected machine asunmanaged disk to another VM for offline repair (Note:Disks that are encrypted may need these additional instructions: Unlocking an encrypted disk for offline repair
Once the disk is attached, customers can attempt to delete the following file. “Windows/System/System32/Drivers/CrowdStrike/C00000291*.sys“
The disk can then be detached and re-attached to the original VM.
1. Note the BSOD Error Code
When a BSOD occurs, an error code is displayed on the screen. This code can be crucial in diagnosing the problem. Write down the error code and any associated information.
2. Restart Your Computer
Sometimes, a simple restart can resolve the issue. However, if the BSOD persists, proceed to the next steps.
3. Boot into Safe Mode
Safe Mode loads a minimal set of drivers and services. Booting into Safe Mode can help you determine if a default setting or basic device driver is causing the issue.
Windows 10/11:
Restart your computer.
As soon as your computer starts, press the F8 key repeatedly until the Advanced Boot Options menu appears.
Select “Safe Mode” or “Safe Mode with Networking.”
4. Check for Hardware Issues causing BSOD
Disconnect External Devices: Unplug all external devices (USB drives, printers, etc.) and restart your computer to see if the BSOD persists.
Run a Memory Check: Use Windows Memory Diagnostic tool to check for memory issues.
Press Windows + R, type mdsched.exe, and press Enter.
Choose “Restart now and check for problems.”
5. Update or Roll Back Drivers
Update Drivers:
Open Device Manager (Windows + X > Device Manager).
Expand categories and update any drivers with a yellow exclamation mark.
Roll Back Drivers:
In Device Manager, right-click the driver causing the issue, select “Properties,” go to the “Driver” tab, and select “Roll Back Driver.”
6. Check for Software Issues
Uninstall Recent Software: Uninstall any software or updates installed recently.
Go to Settings > Apps > Apps & features and uninstall the problematic software.
Run System File Checker (SFC):
Open Command Prompt as Administrator.
Type sfc /scannow and press Enter.
7. Perform a System Restore
If the BSOD started after a recent change, performing a System Restore can revert your computer to a previous state.
Go to Control Panel > System and Security > System > System Protection > System Restore.
Follow the prompts to choose a restore point.
8. Check Disk for Errors
Open Command Prompt as Administrator.
Type chkdsk /f /r and press Enter.
Restart your computer to allow the check to run.
9. Update Windows
Ensure your Windows operating system is up to date.
Go to Settings > Update & Security > Windows Update and check for updates.
10. Perform a Clean Boot
A clean boot helps eliminate software conflicts.
Press Windows + R, type msconfig, and press Enter.
Go to the “Services” tab, check “Hide all Microsoft services,” and click “Disable all.”
Go to the “Startup” tab, open Task Manager, and disable all startup items.
Restart your computer.
11. Reset or Reinstall Windows
If none of the above steps work, you may need to reset or reinstall Windows.
Reset This PC:
Go to Settings > Update & Security > Recovery > Reset this PC.
Choose whether to keep your files or remove everything.
Reinstall Windows: Backup your data and perform a clean installation using a bootable USB drive with the Windows installation media.
Additional Tools and Resources
BlueScreenView: A utility to view minidump files created during BSODs.
WhoCrashed: Analyzes crash dumps to determine the cause of the crash.
Related Articles, References, Credits, or External Links
Windows RSAT (Remote Server Administration Tools) is a suite of tools from Microsoft that allows IT administrators to remotely manage and administer Windows Servers and other Microsoft services from a Windows client machine. These tools are essential for system administrators to perform various tasks without needing to log directly into the server.
Here is a list of some of the primary tools included in RSAT:
Active Directory Administrative Center (ADAC): A graphical interface for managing Active Directory.
Active Directory Users and Computers (ADUC): A tool to manage users, groups, computers, and organizational units in Active Directory.
Active Directory Sites and Services: Used to manage the configuration of Active Directory sites, subnets, and services.
Active Directory Domains and Trusts: Manages domain trusts and functional levels.
Active Directory Module for Windows PowerShell: Provides a set of cmdlets for administering Active Directory.
DHCP Server Tools: Includes the DHCP Management Console, DHCP Server cmdlets for Windows PowerShell, and the Netsh command-line tool.
DNS Server Tools: Includes the DNS Manager snap-in and the DNS Server cmdlets for Windows PowerShell.
Group Policy Management Tools: Includes the Group Policy Management Console (GPMC) and the Group Policy Object Editor.
Hyper-V Tools: Provides the Hyper-V Manager snap-in and the Hyper-V Module for Windows PowerShell for managing Hyper-V servers.
File Services Tools: Includes the File Server Resource Manager (FSRM) snap-in and command-line tools, and the Distributed File System (DFS) Management snap-in.
Network Policy and Access Services Tools: Includes the Network Policy Server (NPS) console and the Routing and Remote Access Service (RRAS) console.
Remote Desktop Services Tools: Includes the Remote Desktop Licensing Diagnoser Tool, the Remote Desktop Services Manager, and the Remote Desktop Connection Manager.
Server Manager: A tool for managing roles and features on Windows servers.
Windows Server Update Services (WSUS) Tools: Includes the WSUS console and PowerShell cmdlets for managing Windows updates.
Failover Clustering Tools: Includes the Failover Cluster Manager snap-in and PowerShell cmdlets for managing failover clusters.
Storage Explorer Tools: For managing storage area networks (SANs).
IP Address Management (IPAM) Tools: Includes the IPAM client console and PowerShell cmdlets for IP address management.
Best Practices Analyzer (BPA): Tools that help administrators ensure their servers are configured according to best practices.
Below I’m checking to see if the RSAT tool I want (the Group Policy Management Tool) is already installed – as it returned State: Not Present I then installed it
When attempting to deploy a Windows VM, in this case Server 2022, you do not see the local storage.
Solution
I’ve been in this situation a hundred times in the past, (usually on physical servers). The problem is simply Windows does not have the driver for the storage controller. There two ways you can approach the problem,
Option 1: Proxmox Windows Drive Missing
The simplest ‘fix’ is simply to redeploy the VM with a bus device type of IDE.
Option 2 : Proxmox Windows Drive Missing
The second option is to have an iso with the VirtIO driver on it, and Proxmox will present it for you is you use the following option. This will require you to have downloaded the drivers on an ISO file and have that file ready to present to the VM (in addition to the Windows setup .ISO).
Then at the problem screen select ‘Load Drivers‘.
Browse.
Next > Follow the rest of the install procedure.
NOTE: Before I start getting emails! Yes you can also add the drivers to the Windows install media, this is a straight forward procedure using DISM and you can find instructions here.
Related Articles, References, Credits, or External Links
C0090016 Error usually seen after a motherboard has been changed. when attempting to open an office 365 application, or something that requires Entra ID authentication.
Something went wrong.
Your computers Trusted Platform Module has malfunctioned. If this error persists, contact your system administrator with the error code C0090016.
Error Code: C0090016
Server Message: Unknown Error Code 0xC0090016
Whilst attempting to get a certificate from a Windows server running certificate services, I got the following error:
The request contains no certificate template information. 0x80094801 (-2146875391 CERTSRV_E_NO_CERT_TYPE) Denied by policy module 0x80094801, The request does not contain a certificate template extension or the Certificate Template request attribute.
Solution 0x800094801 Error
Well that’s a descriptive error, as this is a certificate request I’ve created on third party piece of hardware, I’m not surprised there’s no template information. The only way to specify which template you want to use for the certificate issued is to resubmit the command via command line.
This problem has jumped up through various iterations of Windows operating systems. You attempt to RDP to a machine; it connects but you simply get a black screen.
RDP Black Screen Solution
Over the years various ‘hotfixes’ were known to cause this, but before proceeding make sure both the machine you are connecting FROM and the machine you are connected TO are fully patched and updated.
Common troubleshooting dictates that your first step is to see if you can replicate the same problem from another machine, and if possible, from a different OS. below I’m attempting the same from my MacBook and getting the same result.
If something is happening on the target that is simply preventing the desktop from showing press CTRL+ALT+END, or CTRL+ALF+Fn+END (depending on your keyboard). Hopefully you should be able to now launch Task Manager > New > Run New Task > Explorer.exe > OK.
You can also try disabling ‘Persistent Bitmap caching’. On the Experience tab of you rdp dialog.
In the same dialog on the Display tab also try some low resolutions in case the target machine is confused about what to display on your remote session.
If it’s still not working the next most likely culprit is a display driver, Either update it or roll it back to a known good one, try this n the source and target machines. Note: if you see something like this – then the target machine may just need its VMware tools updating.
Finally try using a different RDP client for windows there’s the Remote Desktop Connection Manager, and on a mac theres the Microsoft Remote Desktop app.
Did none of these work for you? or if you have a better solution post it below and Ill update the post accordingly.
Related Articles, References, Credits, or External Links
Stop! Why do you want to disable IPv6? I see this regularly in forums, with other unusual statements like “If you’re not using it disabling it” or “It’s just another attack vector, disable it.“
Well unless you’re running Windows XP and Server 2012 you’re using IPv6. If something does not work and disabling IPv6 fixes it, then it’s usually because your network is not configured correctly, (usually your routers are doing something called IPv6 Address Allocation*)
“From Microsoft’s perspective, IPv6 is a mandatory part of the Windows operating system, and it is enabled and included in standard Windows service and application testing during the operating system development process. Because Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6”
Microsoft said that in 2016, and still there’s people routinely disabling IPv6?
*Note: You can disable SLAAC (Stateless Address Autoconfiguration) on a Cisco router with the interface command “no ipv6 address autoconfig“
Disabling IPv6 Alternative Solution
Before people accuse me of ‘not living in the real world’ If you have legacy equipment or ages old applications – you may need to consider ‘doing something about IPv6’. but your first action should be to prefer IPv4 over IPv6.
I’ve been setting up a VPN solution on the test bench as I’m looking at Always On VPN. When I noticed that I had a problem with my remote VPN connections on Windows. They would connect fine but I could not resolve any FQDNs for my domain?
VPN no DNS Solution
By default, all (Windows) VPN connections are ‘Force Tunnel’ (this means they have the option ‘Use default gateway on remote network’ selected). This also means that, (unless your RAS server is the default Gateway for your network,) you usually don’t have internet access when connected to the VPN.
Now I connected fine, and I could ping IP addresses on my corporate network, but I could not ping my servers by their domain name, in fact Windows was trying to resolve my domain name to a public IP?
Google this problem and you’re simply told to ‘Disable IPv6 on your network card, and this works, (if you want to keep your remote users Force-Tunnelled). But disabling IPv6 is hardly a fix is it?
Also If you want internet access for your remote clients, (Commonly referred to as ‘Split Tunnel’), then even with IPv6 disabled, the problem comes back!
Why is this happening? Well even with Force Tunnel enabled, you can still use your local LAN (Connect to your VPN, and ping your home gateway, or printer or wireless access point if you don’t believe me!) This connection takes precedence over your remote VPN connection, to prove it run a netstat -rn command.
From the above you can see my Ethernet Adaptor has a metric of 6, and my VPN connector, (in this case called Connection Template) has metric of 23. AND THE LOWEST ONE WINS, so your DNS queries are going out of your local internet connection NOT down the VPN tunnel!
How Do I Fix this VPN no DNS?
Well until Microsoft fixes this in Windows 10, (it’s fine on Windows 8 and earlier), you have to manipulate the metrics yourself, like so;
VPN no DNS On Your Physical Adapter;
Start > ncpa.cpl {enter} > Right click your NIC > Properties > Internet Protocol Version 4 > Properties.
Advanced > Untick ‘Automatic Metric’ > Set the Interface Metric to 20 > OK > OK >OK.
On Your VPN Connector;
Start > ncpa.cpl {enter} > Right click your VPN Connector > Properties > Internet Protocol Version 4 > Properties.
Advanced > Untick ‘Automatic Metric’ > Set the Interface Metric to 10 > OK > OK >OK.
Now your DNS look-ups should behave!
Related Articles, References, Credits, or External Links
Manually Update Windows Trusted Root Certificates KB ID 0001831
Problem
These days your trusted root certificates are simply updated with Windows Update, but what if your servers have no internet access? In this example I will manually update the root certs by downloading them on a machine WITH internet access then importing on another machine that has not.
Bear in mind: If none of your machines have internet access they cannot check certificate revocation lists etc – so you may still get some errors. You may want to consider deploying you own internal PKI.