Take Ownership and Grant ‘Full Control’ Recursively

Take Ownership KB ID 0001200 

Problem

I had a bunch of old user profile folders I needed to delete today, When setup properly even the domain administrator can’t get in there and delete them;

You need permission to perform this action.

You don’t currently have persmission to access this folder

If it’s just one folder then simply take ownership, grant yourself rights and delete it! But I had a lot of folders so I needed a more robust (read less work) solution.

Solution: Take Ownership

Take Ownership of all Folders/Sub-Folders, and Files

Open an administrative command window, and execute the following command;

[box]

takeown /a /r /d Y /f C:\"Path-To-Folder"

[/box]

Grant ‘Full Control’ Rights to all Folders/Sub-Folders, and Files

Just because you are the owner, that does not mean you have any rights to the folders and files, to grant full control to the administrators group.

[box]

icacls C:\"Path-To-Folder" /grant administrators:F /t

[/box]

You can then delete the folder and its contents recursively with the following command.

[box]

Remove-Item -Path "Path-To-Folder" -Force -Recurse

[/box]

Related Articles, References, Credits, or External Links

Can’t Delete a File or Folder or Take Ownership

Microsoft Blue Screen of Death (BSOD)

BSOD KB ID 0001882

Problem

Recovering from a Microsoft Blue Screen of Death (BSOD) involves several steps to diagnose and resolve the issue. Here is a systematic approach to help you recover from a BSOD.

Solution : BSOD Resolution.

 

Note: If using Crowdstrike (18th Jul 2024) or you’re Stuck at the recovery screen. The problem is being worked on Ref:

TEMPORARY WORK AROUND

 

  1. Boot Windows into Safe Mode or WRE.
  2. Go to C:\Windows\System32\drivers\CrowdStrike
  3. Locate and delete file matching “C-00000291*.sys”
  4. Boot normally.

Alternative Crowdstrike Fix (from the recovery screen)

If you’re stuck at the recovery screen, try these steps:

  1. Click on ‘See advanced repair options’ on the Recovery screen.
  2. In the Advanced Repair Options menu, select ‘Troubleshoot’.
  3. Next, choose ‘Advanced options’.
  4. Select ‘Startup Settings’.
  5. Click on ‘Restart’.
  6. After your PC restarts, you will see a list of options. Press 4 or F4 to start your PC in Safe Mode.
  7. Open Command Prompt in Safe Mode.
  8. In the Command Prompt, navigate to the drivers directory: cd \windows\system32\drivers
  9. To rename the CrowdStrike folder, use ren CrowdStrike CrowdStrike_old

Alternative Crowdstrike Fix (For Virtual Machines)

  1. Attach an the system disk of the affected machine asunmanaged disk to another VM for offline repair (Note:Disks that are encrypted may need these additional instructions: Unlocking an encrypted disk for offline repair
  2. Once the disk is attached, customers can attempt to delete the following file. “Windows/System/System32/Drivers/CrowdStrike/C00000291*.sys
  3. The disk can then be detached and re-attached to the original VM.

 

1. Note the BSOD Error Code

When a BSOD occurs, an error code is displayed on the screen. This code can be crucial in diagnosing the problem. Write down the error code and any associated information.

2. Restart Your Computer

Sometimes, a simple restart can resolve the issue. However, if the BSOD persists, proceed to the next steps.

3. Boot into Safe Mode

Safe Mode loads a minimal set of drivers and services. Booting into Safe Mode can help you determine if a default setting or basic device driver is causing the issue.

  • Windows 10/11:
    1. Restart your computer.
    2. As soon as your computer starts, press the F8 key repeatedly until the Advanced Boot Options menu appears.
    3. Select “Safe Mode” or “Safe Mode with Networking.”

4. Check for Hardware Issues causing BSOD

  • Disconnect External Devices: Unplug all external devices (USB drives, printers, etc.) and restart your computer to see if the BSOD persists.
  • Run a Memory Check: Use Windows Memory Diagnostic tool to check for memory issues.
    • Press Windows + R, type mdsched.exe, and press Enter.
    • Choose “Restart now and check for problems.”

5. Update or Roll Back Drivers

  • Update Drivers:
    • Open Device Manager (Windows + X > Device Manager).
    • Expand categories and update any drivers with a yellow exclamation mark.
  • Roll Back Drivers:
    • In Device Manager, right-click the driver causing the issue, select “Properties,” go to the “Driver” tab, and select “Roll Back Driver.”

6. Check for Software Issues

  • Uninstall Recent Software: Uninstall any software or updates installed recently.
    • Go to Settings > Apps > Apps & features and uninstall the problematic software.
  • Run System File Checker (SFC):
    • Open Command Prompt as Administrator.
    • Type sfc /scannow and press Enter.

7. Perform a System Restore

If the BSOD started after a recent change, performing a System Restore can revert your computer to a previous state.

  • Go to Control Panel > System and Security > System > System Protection > System Restore.
  • Follow the prompts to choose a restore point.

8. Check Disk for Errors

  • Open Command Prompt as Administrator.
  • Type chkdsk /f /r and press Enter.
  • Restart your computer to allow the check to run.

9. Update Windows

Ensure your Windows operating system is up to date.

  • Go to Settings > Update & Security > Windows Update and check for updates.

10. Perform a Clean Boot

A clean boot helps eliminate software conflicts.

  • Press Windows + R, type msconfig, and press Enter.
  • Go to the “Services” tab, check “Hide all Microsoft services,” and click “Disable all.”
  • Go to the “Startup” tab, open Task Manager, and disable all startup items.
  • Restart your computer.

11. Reset or Reinstall Windows

If none of the above steps work, you may need to reset or reinstall Windows.

  • Reset This PC:
    • Go to Settings > Update & Security > Recovery > Reset this PC.
    • Choose whether to keep your files or remove everything.
  • Reinstall Windows: Backup your data and perform a clean installation using a bootable USB drive with the Windows installation media.

Additional Tools and Resources

  • BlueScreenView: A utility to view minidump files created during BSODs.
  • WhoCrashed: Analyzes crash dumps to determine the cause of the crash.

Related Articles, References, Credits, or External Links

NA

Install RSAT (Remote Server Administration Tools)

 RSAT KB ID 0000099

Problem

Windows RSAT (Remote Server Administration Tools) is a suite of tools from Microsoft that allows IT administrators to remotely manage and administer Windows Servers and other Microsoft services from a Windows client machine. These tools are essential for system administrators to perform various tasks without needing to log directly into the server.

Here is a list of some of the primary tools included in RSAT:

  • Active Directory Administrative Center (ADAC): A graphical interface for managing Active Directory.
  • Active Directory Users and Computers (ADUC): A tool to manage users, groups, computers, and organizational units in Active Directory.
  • Active Directory Sites and Services: Used to manage the configuration of Active Directory sites, subnets, and services.
  • Active Directory Domains and Trusts: Manages domain trusts and functional levels.
  • Active Directory Module for Windows PowerShell: Provides a set of cmdlets for administering Active Directory.
  • DHCP Server Tools: Includes the DHCP Management Console, DHCP Server cmdlets for Windows PowerShell, and the Netsh command-line tool.
  • DNS Server Tools: Includes the DNS Manager snap-in and the DNS Server cmdlets for Windows PowerShell.
  • Group Policy Management Tools: Includes the Group Policy Management Console (GPMC) and the Group Policy Object Editor.
  • Hyper-V Tools: Provides the Hyper-V Manager snap-in and the Hyper-V Module for Windows PowerShell for managing Hyper-V servers.
  • File Services Tools: Includes the File Server Resource Manager (FSRM) snap-in and command-line tools, and the Distributed File System (DFS) Management snap-in.
  • Network Policy and Access Services Tools: Includes the Network Policy Server (NPS) console and the Routing and Remote Access Service (RRAS) console.
  • Remote Desktop Services Tools: Includes the Remote Desktop Licensing Diagnoser Tool, the Remote Desktop Services Manager, and the Remote Desktop Connection Manager.
  • Server Manager: A tool for managing roles and features on Windows servers.
  • Windows Server Update Services (WSUS) Tools: Includes the WSUS console and PowerShell cmdlets for managing Windows updates.
  • Failover Clustering Tools: Includes the Failover Cluster Manager snap-in and PowerShell cmdlets for managing failover clusters.
  • Storage Explorer Tools: For managing storage area networks (SANs).
  • IP Address Management (IPAM) Tools: Includes the IPAM client console and PowerShell cmdlets for IP address management.
  • Best Practices Analyzer (BPA): Tools that help administrators ensure their servers are configured according to best practices.

Solution : Install RSAT

Installing RSAT with PowerShell

To see what can be installed open an administrative PowerShell Window and execute the following command.

[box]

Get-WindowsCapability -Name RSAT* -Online | Format-List Displayname

[/box]

To install them ALL use the following command.

[box]

Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online

[/box]

Installing RSAT with DISM

To see what can be installed open an administrative Command Window and execute the following command.

[box]

DISM.exe /Online /Get-Capabilities | find "Rsat"

[/box]

Below I’m checking to see if the RSAT tool I want (the Group Policy Management Tool) is already installed  – as it returned State: Not Present I then installed it

[box]

DISM.exe /Online /Get-CapabilityInfo /CapabilityName:Rsat.GroupPolicy.Management.Tools~~~~0.0.1.0

DISM /Online /Add-Capability /CapabilityName:Rsat.GroupPolicy.Management.Tools~~~~0.0.1.0

[/box]

Installing RSAT Graphically

You can of course install the RSAT tools without issuing a command! Settings > System > Optional Features.

View Features > Type RSAT in the search option > Select the tools required  > Next.

Add > Go and have a coffee it can take a while!

 

Related Articles, References, Credits, or External Links

Windows 8 – RSAT Tools Will Not Install?

Proxmox Windows Drive Missing

Proxmox Windows Drive Missing  KB ID 0001871

Problem

When attempting to deploy a Windows VM, in this case Server 2022, you do not see the local storage.

     

Solution

I’ve been in this situation a hundred times in the past, (usually on physical servers). The problem is simply Windows does not have the driver for the storage controller. There two ways you can approach the problem,

Option 1: Proxmox Windows Drive Missing

The simplest ‘fix’ is simply to redeploy the VM with a bus device type of IDE.

Option 2 : Proxmox Windows Drive Missing

The second option is to have an iso with the VirtIO driver on it, and Proxmox will present it for you is you use the following option. This will require you to have downloaded the drivers on an ISO file and have that file ready to present to the VM (in addition  to the Windows setup .ISO).

Then at the problem screen select ‘Load Drivers‘.

Browse.

Next > Follow the rest of the install procedure.

NOTE: Before I start getting emails! Yes you can also add the drivers to the Windows install media, this is a straight forward procedure using DISM and you can find instructions here.

Related Articles, References, Credits, or External Links

NA

C0090016 Error

C0090016 Error KB ID 0001848

Problem

C0090016 Error usually seen after a motherboard has been changed. when attempting to open an office 365 application, or something that requires Entra ID authentication.

Something went wrong.
Your computers Trusted Platform Module has malfunctioned. If this error persists, contact your system administrator with the error code C0090016.

Error Code: C0090016
Server Message: Unknown Error Code 0xC0090016

Solution: C0090016 Error

Settings > Privacy and Security > Device Security > Security Processor Details.

Security Processor Troubleshooting > Select  > “I am responding to this error 80090016.” > Follow the instructions.

Windows 10 Note: You can find these settings in Windows Defender Security App.

Related Articles, References, Credits, or External Links

NA

0x800094801 Certificate Issue Error

0x800094801 KB ID 0001843

Problem

Whilst attempting to get a certificate from a Windows server running certificate services, I got the following error:

The request contains no certificate template information. 0x80094801 (-2146875391 CERTSRV_E_NO_CERT_TYPE) Denied by policy module 0x80094801, The request does not contain a certificate template extension or the Certificate Template request attribute.

Solution 0x800094801 Error

Well that’s a descriptive error, as this is a certificate request I’ve created on third party piece of hardware, I’m not surprised there’s no template information. The only way to specify which template you want to use for the certificate issued is to resubmit the command via command line.

[box]

certreq -submit -attrib "CertificateTemplate:TEMPLATE-NAME" "C:\Folder\Request-file.csr"

[/box]

You will be prompted to select a certificate services server, then you will be asked where you want to save the certificate.

You can now use the issued certificate.

Related Articles, References, Credits, or External Links

Microsoft PKI Planning and Deploying Certificate Services

Moving Certificate Services To Another Server

Certificate Services – Migrate from SHA1 to SHA2 (SHA256)

RDP Black Screen

RDP Black Screen KB ID 0001840

Problem

This problem has jumped up through various iterations of Windows operating systems. You attempt to RDP to a machine; it connects but you simply get a black screen.

 

RDP Black Screen Solution

Over the years various ‘hotfixes’ were known to cause this, but before proceeding make sure both the machine you are connecting FROM and the machine you are connected TO are fully patched and updated.

Common troubleshooting dictates that your first step is to see if you can replicate the same problem from another machine, and if possible, from a different OS. below I’m attempting the same from my MacBook and getting the same result.

 

If something is happening on the target that is simply preventing the desktop from showing press CTRL+ALT+END, or CTRL+ALF+Fn+END (depending on your keyboard). Hopefully you should be able to now launch Task Manager > New > Run New Task > Explorer.exe > OK.

You can also try disabling ‘Persistent Bitmap caching’. On the Experience tab of you rdp dialog.

In the same dialog on the Display tab also try some low resolutions in case the target machine is confused about what to display on your remote session.

If it’s still not working the next most likely culprit is a display driver, Either update it or roll it back to a known good one, try this n the source and target machines. Note: if you see something like this – then the target machine may just need its VMware tools updating.

Finally try using a different RDP client for windows there’s the Remote Desktop Connection Manager, and on a mac theres the Microsoft Remote Desktop app.

Did none of these work for you? or if you have a better solution post it below and Ill update the post accordingly.

Related Articles, References, Credits, or External Links

Remote Desktop Services – Connection Errors

Windows – Black Screen Of Death

 

Disabling IPv6

Disabling IPv6 KB ID 0001832

Problem

Stop! Why do you want to disable IPv6? I see this regularly in forums, with other unusual statements like “If you’re not using it disabling it” or “It’s just another attack vector, disable it.

Well unless you’re running Windows XP and Server 2012 you’re using IPv6. If something does not work and disabling IPv6 fixes it, then it’s usually because your network is not configured correctly, (usually your routers are doing something called IPv6 Address Allocation*)

“From Microsoft’s perspective, IPv6 is a mandatory part of the Windows operating system, and it is enabled and included in standard Windows service and application testing during the operating system development process. Because Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6”

Reference.

Microsoft said that in 2016, and still there’s people routinely disabling IPv6?

*Note: You can disable SLAAC (Stateless Address Autoconfiguration) on a Cisco router with the  interface command “no ipv6 address autoconfig

Disabling IPv6 Alternative Solution

Before people accuse me of ‘not living in the real world’ If you have legacy equipment or ages old applications – you may need to consider ‘doing something about IPv6’. but your first action should be to prefer IPv4 over IPv6.

Prefer IPv4 over IPv6

Navigate to the following registry key.

[box]

HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > Tcpip6 > Parameters

[/box]

Create (or edit) a REG_DWORD (32 bit) value called DisabledComponents and to prefer IPv4 over IPv6 set it to Hexadecimal 20

Or simply execute the following command from an administrative command window.

[box]

REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d 32 /f

[/box]

Disabling IPv6

I MUST STRESS: Only do this for troubleshooting, having IPv6 enabled is the preferred state.

From the same Registry key above set the DisabledComponents value to Hexadecimal FF

Or simply execute the following command from an administrative command window.

[box]

REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d 255 /f

[/box]

Related Articles, References, Credits, or External Links

NA

Windows Remote VPN no DNS

VPN no DNS KB ID 0001402

Problem

I’ve been setting up a VPN solution on the test bench as I’m looking at Always On VPN. When I noticed that I had a problem with my remote VPN connections on Windows. They would connect fine but I could not resolve any FQDNs for my domain?

VPN no DNS Solution

By default, all (Windows) VPN connections are ‘Force Tunnel’ (this means they have the option ‘Use default gateway on remote network’ selected). This also means that, (unless your RAS server is the default Gateway for your network,) you usually don’t have internet access when connected to the VPN. 

Now I connected fine, and I could ping IP addresses on my corporate network, but I could not ping my servers by their domain name, in fact Windows was trying to resolve my domain name to a public IP?

Google this problem and you’re simply told to ‘Disable IPv6 on your network card, and this works, (if you want to keep your remote users Force-Tunnelled). But disabling IPv6 is hardly a fix is it?

Also If you want internet access for your remote clients, (Commonly referred to as ‘Split Tunnel’), then even with IPv6 disabled, the problem comes back!

Why is this happening? Well even with Force Tunnel enabled, you can still use your local LAN (Connect to your VPN, and ping your home gateway, or printer or wireless access point if you don’t believe me!) This connection takes precedence over your remote VPN connection, to prove it run a netstat -rn command. 

From the above you can see my Ethernet Adaptor has a metric of 6, and my VPN connector, (in this case called Connection Template) has metric of 23. AND THE LOWEST ONE WINS, so your DNS queries are going out of your local internet connection NOT down the VPN tunnel!

How Do I Fix this VPN no DNS?

Well until Microsoft fixes this in Windows 10, (it’s fine on Windows 8 and earlier), you have to manipulate the metrics yourself, like so;

VPN no DNS On Your Physical Adapter;

Start > ncpa.cpl {enter}  > Right click your NIC > Properties > Internet Protocol Version 4 > Properties.

Advanced > Untick ‘Automatic Metric’ > Set the Interface Metric to 20 > OK > OK >OK.

On Your VPN Connector;

Start > ncpa.cpl {enter}  > Right click your VPN Connector > Properties > Internet Protocol Version 4 > Properties.

Advanced > Untick ‘Automatic Metric’ > Set the Interface Metric to 10 > OK > OK >OK. 

Now your DNS look-ups should behave!

Related Articles, References, Credits, or External Links

NA

Manually Update Windows Trusted Root Certificates

Manually Update Windows Trusted Root Certificates KB ID 0001831

Problem

These days your trusted root certificates are simply updated with Windows Update, but what if your servers have no internet access? In this example I will manually update the root certs by downloading them on a machine WITH internet access then importing on another machine that has not.

Bear in mind: If none of your machines have internet access they cannot check certificate revocation lists etc – so you may still get some errors. You may want to consider deploying you own internal PKI.

Microsoft PKI Planning and Deploying Certificate Services

Solution: Update Windows Trusted Root Certificates

On a machine that HAS INTERNET ACCESS open an administrative command window and use the following commands.

[box]

mkdir c:\trusted-root-certs
cd c:\trusted-root-certs
Certutil.exe -generateSSTFromWU roots.sst

[/box]

You can (if you wish) then double click the SST file you’ve just created and (once you expand the folders on the left.) It should look like this.

Now copy that SST file to a machine THAT DOES NOT HAVE INTERNET ACCESS.

Note: I’ve created the same folder (c:\trusted-root-certs) and open an administrative PowerShell window, then issue the following commands.

[box]

$sstStore = ( Get-ChildItem -Path c:\trusted-root-certs\roots.sst )
$sstStore | Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root

[/box]

Of course you may wish to script this if you have many machines to update, and host roots.sst in a central location so you can periodically update it.

Related Articles, References, Credits, or External Links

NA