Windows Folder Redirection

KB ID 0000467 

Problem

Q: What is Folder Redirection?

A: Essentially you can take folders that hold things like your “My documents” or your “Favorites” folder, and put them out on a network server, which is great if you want to back that sort of information up for disaster recovery.

Q: What’s the difference between this and a roaming / roving profile?

A: Folder redirection keeps information on a server and you access it remotely, Roaming profiles are designed to sync that information (and your WHOLE user profile) backwards and forwards to a network share as your users logon and log off.

Q: What folders can be redirected?

A: From Server 2008 onwards, and with Windows 7 clients and above, the following can be redirected.

  • AppData(Roaming)
  • Desktop
  • Start Menu
  • Documents
  • Pictures
  • Music
  • Videos
  • Favorites
  • Contacts
  • Downloads
  • Links
  • Searches
  • Saved Games

Solution

1. On a server create a folder to hold the redirected data, In this case you will notice I’ve called my share Redir$ (The dollar sign just means it’s a hidden share, and can’t be seen if people are network browsing).

Folder Redirection: Permissions for the Root Folder

2. Set the share permissions to Everyone: Full Control (Don’t worry we will secure it with NTFS permissions).

3. On the security tab of the folder click advanced.

4. For Server 2012 / 2016 you should see something like this;

For Server 2008 and older it should look more like this;

5. For server 2012 / 2016 Disable Inheritance and select ‘Convert’.

For 2008 and older, untick “Include Inheritable permissions from this objects parent” > At the warning click “Add”.

6. Select each User in turn (You will need to add the Everyone group) > Then Edit the permissions so that they are as follows.

  • CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only).
  • System – Full Control (Apply onto: This Folder, Subfolders and Files).
  • Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files).
  • Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only).
  • Everyone – List Folder/Read Data (Apply onto: This Folder Only).
  • Everyone – Read Attributes (Apply onto: This Folder Only).
  • Everyone – Create Folder/Append Data (Apply onto: This Folder Only).

2012 / 2016

‘Show Advanced Permissions’

2008 and older.

7. Now REMOVE BOTH the entries for USERS > Apply  > OK.

7. On your domain controller open the Group Policy Management Console, (Under Administrative Tools) and either create a new USER policy of edit one that already linked to the users you want to enforce this policy upon.

8. I prefer to create a new policy and call it something sensible so if there’s a problem it’s easy to find in the future.

9. Navigate to:

[box]User Configuration > Policies > Windows Settings > Folder Redirection[/box]

Locate the folder you want to redirect (In this case its just the documents folder) > Right click > Properties.

10. I’m going to redirect all my users documents to the one folder I created earlier, so I will choose basic.

Note: You can choose “Advanced” and redirect different groups folders to different locations.

Enter the path to the root folder AS A UNC PATH, DONT click the browse button and browse to it.

11. I’m going to accept the defaults on the settings tab, the option I’ve highlighted creates the folders with exclusive rights on the folders for the user in question and SYSTEM, so the domain admin had no access (this is OK, it’s the same way user profiles work, you can still back them up).

12. Now as your users log on their folders will be redirected to the share you setup.

Backing up Redirected Folders

13. Even with exclusive rights you can still back this data up:

Related Articles, References, Credits, or External Links

Original Article written 22/06/11

XBMC Icefilms Add-on ‘Failed to import Metahandlers’

KB ID 0000895 

Problem

XBMC was running quite happily, but whenever I tried to use Icefilms or navigate though the menus I was getting the following error.

Icefilms Import Failure
Failed to import Metahandlers
A component needed by Icefilms is missing on your system
Please visit www.xbmcchub.com for support

Solution

I did a complete remove and reinstall but the problem persisted. There are a couple of extra steps needed.

1. To uninstall, navigate to;

[box]
C:Program Files(x86)XBMC
[/box]

Run the Uninstall.exe file > Once complete, delete the entire XBMC directory (if it remains).

2. Then delete the XBMC folder from;

[box]
C:Users{Your-Username}AppDataRoamingXBMC[/box]

3. Perform a fresh install and the problem should cease.

 

Related Articles, References, Credits, or External Links

NA

VMware – This Virtual Machine Appears To Be In Use

KB ID 0000959 

Problem

I wanted to give a copy of a VM to a colleague, so I removed all the snapshots, and cloned one of my test VM’s. When I went to power on the original this happened;

The virtual machine appears to be in use.

If this virtual machine is not in use press the “Take Ownership” button to obtain ownership of it. Otherwise press the “Cancel” button to avoid damaging it.

Configuration file: {path-to-vmx-file}

And when I attempted to ‘Take Ownership’ of the machine, that failed also;

Could not open virtual machine: {path-to-vmx-file}
Taking ownership of this virtual machine failed.
The virtual machine is in use by an application on your host computer.
Configuration file: {path-to-vmx-file}

Solution

I knew it was not in use, as there was only me using my laptop. So I figured VMware had some files ‘locked’. Navigate to the folder that holds the VM’s files, (Note: The path is on the error message above).

.

Locate any folders that have a .lck extension appended to their name (as above), and move them to another folder. Then attempt to power on your VM.

Related Articles, References, Credits, or External Links

NA

VMware vCenter Install ‘Error 26002’

KB ID 0000941 

Problem

While attempting to install vCenter 5.5, I got the following error.

Error 26002. Setup failed to register vCenter Server. This might indicate a problem with the SSL certificates for vCenter Server. Search the VMware Knowledge Base (http://kb.vmware.com) for “Error 26006” for more information.

Earlier on in the install it had asked me if I wanted to overwrite the certs, and I just clicked OK, this probably was not such a good idea!

Solution

1. Navigate to C:Program DataVMwareVMware Virtual Center >Locate the SSL folder and rename it to SSL-OLD.

2. Navigate to C:Program DataVMwareInfrastructureInventory Service > Locate the SSL folder take a copy of it.

3. Paste that folder back in the C:Program DataVMwareVMware Virtual Center location to replace the folder you renamed earlier.

4. This is what the folder should now look like.

5. Now attempt the install, and it should complete without error.

Related Articles, References, Credits, or External Links

NA

Malwarebytes – Manually Update Database/Definitions

KB ID 0000629

Problem

I was called to a 2003 Server yesterday, that was riddled with malware, whatever was on there was generating a lot of network traffic, so the first thing I did was disconnect it from the network.

That’s fine, but if I wanted to use my usual ‘weapon of choice’ Malwarebytes, how was I going to get the latest database installed?

Solution

WARNING: There is a note on the Malwarebytes website that discourages this procedure, as it breaks the incremental update mechanism of Malwarebytes. They recommend that you use this utility to do the job, and that it should be updated every week (though the page currently has December 2011 as the update date!) . In my case once the machine is clean, I’ll remove Malwarebytes and install Trend Worry Free on it anyway. Either way, I prefer to know for a fact I’m using the latest database.

1. Install and update Malwarebytes on a nice clean machine (In this case, my Windows 7 laptop).

2. Find out what version of Malwarebytes you are running (on the about tab).

3. Navigate to the following location, and take a copy of the rules.ref file, i.e. put a copy on a USB thumb drive.

Windows 7 / Vista / 2008 / 2008 R2

[box]C:ProgramDataMalwarebytesMalwarebytes’ Anti-Malware[/box]

Windows XP / 2000 / 2003 / 2003 R2

[box]C:Documents and SettingsAll UsersApplication DataMalwarebytesMalwarebytes’ Anti-Malware[/box]

4. If your version is 1.60 or newer you also need to take a copy of the database.conf file that’s in the same folder, but in the configuration folder.

5. Copy the file(s) to the corresponding folder(s) on the affected machine, and paste them over the copies that exist there.

6. Then launch Malwarebytes on the affected machine, and scan with the updated database.

 

Related Articles, References, Credits, or External Links

Spyware / Malware Rogue AV and Rogue Antispyware “Scareware”

Cannot Install Malwarebytes (Already Infected) – Deploy Chameleon

Windows – Printing Folder Listings

KB ID 0000222

Problem

You might simply want a record of your .mp3 collection, or a print out of all your users home drives. Whatever the reason sometimes you just want what’s on the screen on paper, yes you could screen shot and print it, but if you want the text to put in a report that’s not going to help.

Solution

In my example I have a folder on my C: drive called “PetesFolder”

1. To open a command Window, Click Start > In the Search/Run box type cmd {enter}

2. Change to the directory we want, with a “cd c:petesfolder” command.

3. Issue the following command “dir | clip” Note:That’s a pipe symbol, on a UK keyboard its above the backslash.

4. Now Open Notepad and select Edit > Paste.

Click for Larger

Note: If there’s to much info try “dir /b | clip” instead.

Printing Folder Structures.

To do the same for printing folders within folders and their hierarchy use the “tree” command instead of the dir command, e.g.

Will give you..

Click for Larger

Related Articles, References, Credits, or External Links

NA

Windows Server – Setup Home Folders and Profile Folders

KB ID 0000739 

Problem

A while back I got an email,

Message: Hallo Pete,

Can you make a tutorial for me for sharing a Home Folder or Profile Path folder for every user?
It’s hard to get one.

Thanks in advance.

Sincerely,
Matthew Wittenberg
</br

Well it’s taken me a while (sorry!) But here you go,

Solution

Creating and Allocating Home Folders to Users

1. Create a folder that is on a drive or volume with plenty of room.

2. I’ve simply used ‘Home’ as the folder name, open the folder’s properties.

3. Sharing Tab > Advanced Sharing.

4. Tick to share > put a dollar ‘$’ symbol onto the end of the share name (this just stops the folder being visible to someone browsing the network) > Permissions.

5. Grant Everyone ‘Full Control’, Don’t worry we will lock it down with NTFS permissions (Remember permissions are cumulative, and most restrictive apply) > Apply > OK.

6. Security tab > Advanced.

7. Change Permissions.

8. Untick ‘Include inheritable permissions……’ > Add.

9. Select CREATOR OWNER > Edit > Permissions should apply to ‘Subfolders and files only’ > Full control.

10. Select SYSTEM > Edit > Permissions should apply to ‘This Folder, subfolders and files only’ > Full control.

11. Select DOMAINNAMEAdministrators > Edit > Permissions should apply to ‘This Folder, subfolders and files only’ > Full control.

12. Remove the Users (the one with Read & Execute).

13. Remove the Users (the one with Special).

14. Add.

15. Everyone > check Name (make sure it underlines Everyone) > OK

16. Sett Apply to = This folder only > Allow the following.

Traverse Folder / execute file
List Folder / read data
Read attributes
Create Folders / append data

Allocate the Home Folder to the Domain Users

1. From within Active Directory Users and Computers locate your users, (you can press Windows Key+A to select them all).

2. Open their properties.

3. Profile tab > You can connect a drive letter (I usually use H:) and connect that to the users home drive. Set the path like so;

[box]

\\Server-name\Folder-name\%username%
e.g.
\\PNL-DC\Home$\%username%

[/box]

4. This is what the users will see.

5. On the server the folders are all created straight away.

Creating and Allocating Roaming Profile Folders to Users

The process for setting up the folder is identical to the one above for the home folders.

1. Create a folder that is on a drive or volume with plenty of room.

2. I’ve simply used ‘Profile’ as the folder name, open the folder’s properties > Sharing Tab > Advanced Sharing > Tick to share > put a dollar ‘$’ symbol onto the end of the share name (this just stops the folder being visible to someone browsing the network) > Permissions.

3.  Grant Everyone ‘Full Control’, Don’t worry we will lock it down with NTFS permissions (Remember permissions are cumulative, and most restrictive apply) > Apply > OK.

4. Security tab > Advanced.

5. Change Permissions > Untick ‘Include inheritable permissions..’ > Add.

6. Remove the Users (the one with Read & Execute).

7. Remove the Users (the one with Special).

8. Add.

9. Everyone > check Name (make sure it underlines Everyone) > OK.

10. Set Apply to = This folder only > Allow the following.

Traverse Folder / execute file
List Folder / read data
Read attributes
Create Folders / append data

Allocate the Roaming Profile Folder to the Domain Users

1. From within Active Directory Users and Computers locate your users, (you can press Windows Key+A to select them all).

2. Open their properties > Profile Tab > Tick ‘Profile path’ > Set the path as follows;

[box]

\\Server-name\Folder-name\%username%
e.g.
\\PNL-DC\Profiles$\%username%

[/box]

3. Unlike home folders, profile folders are only created when the users log onto the network, here you can see this profile has a V2 on the end of it (a version 2 profile means it has come from a Windows Vista or newer machine). For this reason if your users use Windows XP (or older) clients, AND Windows Vista (or newer) clients they will get TWO DIFFERENT profiles.

Related Articles, References, Credits, or External Links

NA

Windows – Users Home Drives Renamed to ‘My Documents’

KB ID 0000783 

Problem

This problem was originally identified by Microsoft here. But none of the fixes recommended by them were really practical in my clients situation.

I did read one promising post that said, if you disable offline file caching by GPO this problem would cease. However this particular client HAD TO have that feature enabled (for Ranger Offline).

Someone else had written a PowerShell script that ran through and changed the permissions on the offending file (see below), but what about new users?

Solution

I’ve got three options either, setup an FSRM screen and set it to remove the offending file, use a group policy preference, or add the following to the users login script (or run as a script with GPO);

[box]%windir%system32icacls.exe %homedrive%Desktop.ini /deny “Domain Admins”:r[/box]

Option 1 – Remove Desktop.ini with Group Policy Preference

1. This is the file in question ‘desktop.ini’, it changes the icon and display-name of the folder (on Windows Vista and newer). You will notice the actual name of the folder does not change (see the example I posted above), which you can see by turning on the filename column in Windows Explorer.

Note: desktop.ini is a system and a hidden file.

2. I’m creating a GPP to remove the desktop.ini file. On a domain controller Start > Administrative Tools > Group Policy Management Console > Navigate to where you want to create your policy, or edit an existing one > Navigate to;

[box]
User Configuration > Preferences > Windows Settings > Files[/box]

Select New > File > Action = Delete > Source Files N:desktop.ini > Tick ‘Suppress errors on individual file actions’ > Common Tab > Tick ‘Run in logged-on-users’s security context (user policy option)’ > Apply > OK.

3. It should now look like this.

Option 2 – Use a File Screen

1. You need to have the ‘file services’ role installed, open the ‘Server and Storage Management’ Snap-in > File Group > Create File Group > Give it a name > Add in desktop.ini > OK.

2. Right click ‘File System Templates’ > Create File Screen Template > Give it a name > Select Active Scanning > Tick desktop.ini > OK.

3. Right click ‘File Screen’ > Create File Screen > Browse to the volume or Folder > Select your file screen template > Create.

Locate and Remove ALL instances of Desktop.ini

Download and run this PowerShell Script to remove all instances of Desktop.ini from a folder and subfolders.

Related Articles, References, Credits, or External Links

Original Article Written 11/03/13

Windows – Export / Recover WEP and WPA Wireless Keys

KB ID 0001015 

Problem

If you need to connect to your wireless network with a new machine and have forgotten the key, you can view the WEP or WPA key in cleartext using the following procedure on a machine that has connected before.

Solution

1. First launch PowerShell, ensure you ‘Run as administrator‘.

2. To show all the wireless profiles stored on this machine, issue the following command;

[box]

netsh wlan show profiles

[/box]

3. From the output above, the wireless profile I want the key for, is called SMOGGYNINJA-N. Note: This is the same as the Wireless networks SSID. To view the wireless key in clear text use the following command;

[box]netsh wlan show profiles name=”SMOGGYNINJA-N” key=clear[/box]

You can also export the profile from one PC to another one, (so you don’t have to enter the key on the new PC), with the following two commands.

To Export a Wireless Profile

[box]md c:WiFi
netsh wlan export profile “SMOGGYNINJA-N” folder=c:Wifi [/box]

To Import a Wireless Profile

Copy the WiFi folder you created in the step above, to the new PC/Laptop. Then execute the following command. Note: Change the section in red to match the path to your XML file.

[box]netsh wlan add profile filename=”c:WiFiWi-Fi-SMOGGYNINJA-N.xml” user=current[/box]

Related Articles, References, Credits, or External Links

Hacking Wireless WEP Keys with BackTrack and Aircrack-ng

Windows – Map a Drive to OneDrive

KB ID 0000659 

Problem

You could do this with Windows 7, but as you can log into Windows 8 with your Microsoft Live ID (formally Microsoft Passport), the process is a lot simpler.

Solution

1. Whist logged into Windows 8 with your Microsoft Live ID, open your web browser and go to https://onedrive.live.com/about/en-gb/ Log in > Files > Create > Folder.

2. For simplicity I’ve just called the folder SkyDrive.

3. Open a Microsoft Office application > File > Save and Send > Save to Web > Sign In > Provide your credentials if prompted.

4. Select the folder you created earlier.

5. In a short while the ‘Save As” Window will open > Right click the ‘path” and copy the address. At this point I’d post it into notepad to make sure you have a copy of the URL. You can close all the office windows down without saving anything, we just need the URL.

6. Open Windows Explorer (Windows Key+E) > Computer > Map network drive > Select a spare drive letter > Paste in the SkyDrive URL > Tick ‘Reconnect at sign-in’ > Finish.

7. Now you have a 25GB ‘Cloud Drive’.

Related Articles, References, Credits, or External Links

NA