How to Make Windows Installer Work In Safe Mode.

KB ID 0000177 

Problem

Quite why Microsoft have it disabled I don’t know.

But to enable it you need to do the following.

Solution

Option 1 (If you are in “Safe Mode”).

1. Click Start > in the Search/Run box type cmd {enter} then type the following,

[box]REG ADD “HKLMSYSTEMCurrentControlSetControlSafeBootMinimal MSIServer”/VE/T REG_SZ /F/D”Service” {enter} [/box]

2. Then type in the following,

[box]net start msiserver {enter} [/box]

Option 2 (If you are in “Safe Mode”).

I had a problem doing this with a Windows 7 machine the other week. So instead I simply ran the following .reg file.

Allow install in safe mode.

Which if you want to take a look does this:

[box]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMSIServer] @=”Service”

[/box]

Then manually started the installer service:

[box] net start msiserver [/box]

Option 3 (If you are in “Safe mode with Networking”).

1. Click Start > in the Search/Run box type cmd {enter} then type the following,

[box]REG ADD “HKLMSYSTEMCurrentControlSetControlSafeBootNetwork MSIServer”/VE/T REG_SZ/F/D”Service” {enter} [/box]

2. Then type in the following,

[box]net start msiserver {enter}[/box]

Related Articles, References, Credits, or External Links

NA

Unable to Contact, Connect to, or Manage, a DNS Server from DNS Management Console

KB ID 0000559 

Problem

If you open the DNS Management console on a server running an older OS than 2008 R2, then attempt to connect to a 2008 R2 DNS Server you will see this error.

You will also see this error on a 2012 Server, whilst attempting to add another DNS Server

Error:
Dnsmgmt
Cannot Contact the DNS Server

The specified DNS server cannot be contacted. Some possible reasons include; the DNS server may not be running, there may be network problems, or the computer associated with the specified name or IP address could not be found.

To retry connection, either press F5. or on the Action menu, click refresh.

For more information about troubleshooting a DNS server, see help.

Why this happens

This is normal, 2008 R2 introduced a more secure DNS Management authentication system to prevent “Man in the middle DNS attacks” that had been exploited in earlier versions of Windows.

Solution

The correct way to approach this problem is to accept it, your 2008 R2 Servers are more secure, if you need to manage them do so from the DNS management console on the 2008 R2 server itself. Or install the RSAT tools on a client machine.

You can also change the way it works so you can see and manage it from an older version of Windows. (Note: Be advised Microsoft recommend you do not do this, they turned this on for a reason).

1. Launch a command window (Right click and select run as administrator, or select the cmd icon and press CTRL+SHIFT+ENTER).

2. Execute the following four commands.

[box]dnscmd.exe /Config /RpcProtocol 7

dnscmd.exe /Config /RpcAuthLevel 0

net stop “DNS Server”

net start “DNS Server”[/box]

Note: If you see an Access Denied error, you are probably NOT running the command window as an administrator.

3. You should now be able to connect to and manage the 2008 R2 DNS Server from an older Windows OS DNS Management console.

To Do the same by Directly Editing the Registry

Run the following .reg file

[box]Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesDNSParameters]
“RpcAuthLevel”=dword:00000000

“RpcProtocol”=dword:00000007[/box]

Related Articles, References, Credits, or External Links

Thanks to Noel Reynolds for his patience, and for putting up with my terrible typing 🙂

Original Article Written 20/01/12

Windows Crashes and Reboots when Unlocked

KB ID 0000145 

Problem

This is seen on Windows 7 Clients, when logged onto a domain, after unlocking the machine. If you inspect the Event Log you will see Event ID 1015

“A critical system process, C:Windowssystem32lsass.exe, failed with status code 255. The machine must now be restarted.”

 

Solution

I put up with this for a while, and did a lot of Internet searching, some people suggested power settings and a host of other stuff, nothing worked, The final solution was found on “Technet”, it involves changing the authentication method to the domain, and needs a registry change.

1. Start > In the Start Search box type type regedit > {enter}
2. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaKerberosParameters
3. Create a New DWORD entry called DefaultEncryptionType
4. Set its value to (decimal) 23 or (Hexadecimal) 0x17
5. Reboot the machine.

Or If you are feeling lazy just download this, extract and run it, then click “Yes” to add it to the registry, and reboot.

 

Related Articles, References, Credits, or External Links

NA

Windows: How To Remove the ‘Shortcut Arrow’

KB ID 0000178 

Problem

Whenever I build a new machine, one of the first things I do, is open Regedit > Go to HKEY_CLASSES_ROOT > lnkfile and remove the “IsShortcut” Value, and voila! the annoying shortcut arrows are gone.

DONT DO THAT!

If you do, you will notice that you can no longer add shortcuts to the “Windows Explorer Favorites” (well you can but you can’t see them), also it disables (Grays Out) the Expand option for Favorites. It took me ages to find out that my registry hacking had caused the problem. so I put the registry key back again (restore it with this).

I even tried to use FxVisor to remove the shortcut arrows, and that didn’t work either.

Solution

1. Download this ZIP File.

2. Extract contents of the ZIP file to C:Icons

3. Navigate to C:Icons and run the RemoveArrow.reg file.

4. Accept the Warning.

5. Click OK.

6. Reboot – Arrows are gone.

Update 08/03/12 (Received Email form Steve Stroud)

Hi Pete,

Tried your method to remove the Shortcut Arrow from the desktop icons in Windows 8, using RemoveArrow.reg but how have a blank white document image on top of each icon, which look worse an the arrow! How do I change them Back. Looking forward to your reply. Regards Steve.

– Well I dont’t want to be the guy who breaks stuff! So I tested the procedure again an a fresh Windows 8 Box.

And it still worked fine, (that’s not helping Steve though), so to revert back simply run the following command (thats one line if it wraps), and reboot;

[box] reg delete “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShell Icons” [/box]

Related Articles, References, Credits, or External Links

NA

IE9 – Stop “Speed up browsing by disabling add-ons”

KB ID 0000466 

Problem

This morning my boss asked me “Why every time I open Internet Explorer does it ask me this?”

To which I replied, “I use Chrome so I don’t know, But I’ll find out.”

Solution

A brief internet search returned, just set the “Ask me later to a nice long time”. But that’s still not disabling it. If truth be known its a good thing, i.e. is trying to be helpful and improve your browsing experience. But if you want to kill it all together heres how.

On a single machine

1. When you installed/Updated to IE9 it added some new policy templates, the one controlling IE9 is called inetres.admx 

2. That means we can control what IE9 does with a policy, Click Start and in the search/run box type gpedit.msc {enter}. The group Policy Management Window will appear.

3. Navigate to:

[box] Computer Configuration > Administrative Templates > Windows Components > Internet Explorer [/box]

Locate “Disable add-on performance notifications” and open it.

4. Enable the policy > Apply > OK > Exit the Policy Editor.

In a Windows Domain Environment

Note: On older domains (Server 2003 for example) you will need to download and import the administrative templates to manage these settings via group policy, you can download the template from Microsoft.

1.  On your domain controller , Start > Administrative Tools > Group Policy Management Console > Either create a new policy and link it to your targeted COMPUTERS or edit an existing one, then navigate to:

[box] Computer Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer [/box]

Locate the setting “Disable add-on performance notifications” and open it.

2. Enable the policy > Apply > OK > Exit the Policy Editor.

3. Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them.

Remove “Speed up browsing by disabling add-ons” via Registry

I got an mailed a question this weekend;

I too want to get rid of the IE9 – Stop “Speed up browsing by disabling add-ons” dialog but only having Vista Home Premium, your solution (using gpedit.msc) is not available.  Also, I cannot add a Local Users and Groups snap-in to the Microsoft management Console.

How can I get rid of this bloody annoying feature in IE9?

Kind regards

Brian

Answer

1. No Problem, essentially the group policy editor is just changing registry entries anyway, on your machine Start > In the Search/Run box type > Regedit {enter}

2. Navigate to;

[box] HKEY_LOCAL_MACHINE>SOFTWARE > Microsoft > Windows > CurrentVersion > Policies [/box]

3. Create a NEW KEY called Ext > Within that key create a new DWORD (32 bit) value called DisableAddonLoadTimePerformanceNotifications and set its value to 1.

 

4. If your machine is 32 bit then you have finished.

How to Tell if Windows is 32 or 64 bit

6. for x64 bit machines, you need to also do the same as above with the following registry key:

[box] HKEY_LOCAL_MACHINE > SOFTWARE > Wow6432Node > Microsoft > Windows > CurrentVersion > Policies [/box]

Note: If that’s to much hassle, download and run one of these reg files (32bit or 64bit).

 

Related Articles, References, Credits, or External Links

Original article Written 20/06/11

Thanks to Brian Jones