My notes, things I have learned, and documentation I have created.

I was trying to change the home page policy and the proxy settings for Internet Explorer 11. I had looked at this a couple times but did not resolve the issue. I even started looking toward a registry option when I knew that this had to work. It turns out that is something really stupid, and has been the case for a long time. I just needed to hit the F6 key while the cursor was still on the changed setting. Then, you will see the red line under the setting go from red to green. It turns out that there are few function keys are important so I will note them here.

F5: This will configure and update of the settings.
F6: This will update only the setting you are currently positioned on.
F7: This will ignore only the setting you are currently positioned on.
F8: This will ignore all changes.

I changed my CD/DVD drive letter after I installed Windows Server 2012 R2 and a couple other features. Then, I wanted to install the .NET Framework 3.5 feature. It kept complaining out not being able to find the source. I had to set the new source location for it to install correctly.

From Server Manager, you add the role as you normally would until you get to the “Confirm installation selections” window:

Click the “Specify an alertnate source path” link and for the path enter the location with the correct directory of your 2012 R2 installation source. Since I changed my drive letter to the Z drive, mine was as follows.

Z:\Sources\sxs

From here, it installed as it normally would.

Note: I also discovered that if you apply some updates and then need to add the .NET 3.5 Framework feature, you might need to uninstall one or two of the updates. In my case, I had to remove update 2966828. I used the method specified here: http://jim-zimmerman.com/?p=1381.

Sometimes you need to make a change to a lot of desktops, and you need to use an account with administrator level privilege. The best way I found to do this other running a script that would make the changes remotely was to add it to the startup script option in the a Group Policy.

I wrote the script (and tested it, obviously), and saved it with the logon scripts so it would replicate to all the domain controllers.

Then, I identified a current policy and edited it. This is a Computer Configuration policy that causes the script to be run upon reboot. You want to change the properties (add your script/command) for:

Computer Configuration/Policies/Windows Settings/Scripts/Startup
Click Add…
Browse…
You can run the script from anywhere, but I chose the logon script directory for redundancy and efficiency.

This is where I stored the script and referenced:
\\DOMAIN.LOCAL\SysVol\DOMAIN.LOCAL\Scripts\MyScript.cmd

Another option is store the script with the policy which might even be a better choice:
\\DOMAIN.LOCAL\SysVol\DOMAIN.LOCAL\Policies\{12345678-ABCD-1234-ABCD-123456789012}\Machine\Scripts\Startup

Once you’ve added the script, click Ok and close the Group Policy Management Editor.

To setup a network printer that is created and shared on SERVERNAME:

RUNDLL32.EXE printui.dll,PrintUIEntry /in /n\\SERVERNAME\PRINTERSHARENAME

To set that printer as the default printer:

RUNDLL32.EXE printui.dll,PrintUIEntry /y /n\\SERVERNAME\PRINTERSHARENAME

This can be useful to help somebody get a printer connected easily using a script.

More info: https://technet.microsoft.com/en-us/library/ee624057.aspx

Ever need to kill a process on a remote Windows computer that you can’t login to and the user is not there? Taskkill can help. I am not sure when this utility was introduced, but I would think it is on Windows 7. I did this from a Windows 8.1 machine.

You can do it by PID:

taskkill /S computernameORipaddress /u username /PID pidnumber

Or executable image name:

taskkill /S computernameORipaddress /u username /FI “IMAGENAME eq imagename”

Here is an example. This kills Outlook on a computer with an IP address of 10.10.10.10 using the Administrator account:

C:\>taskkill /S 10.10.10.10 /u Administrator /FI “IMAGENAME eq outlook.exe”
Type the password for administrator:********

SUCCESS: The process with PID 2576 has been terminated.

I was getting the following error in the “File Replication Service” event log in a Windows 2003 ADS environment, and replication was not working at all.

The File Replication Service has detected that the replica set “DOMAIN SYSTEM VOLUME (SYSVOL SHARE)” is in JRNL_WRAP_ERROR.

WARNING: It is possible that you can lose some data (policies and scripts). This assumes that the PDC is the machine from where all changes are made, and contains the master copies from which everything will be replicated.

I am not exactly sure this was the correct way to resolve this issue, but I do know that the Event ID 13568 and others have stopped and my policies and scripts are now replicating fine.

This is what I did to resolve the issue:

Stop the “File Replication Service” on the server that is holding your FSMO roles (PDC) and that is your master from which all of your changes are made.

Modify this following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup:

Change the value of “BurFlags” to D2 (non-authoritative restore).

Start the “File Replication Service”

Restart Netlogon

On each of the DCs:

Stop the “File Replication Service”

Modify this following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup:

Change the value of “BurFlags” to D4 (authoritative restore).

Start the “File Replication Service”

Restart Netlogon

Here is a good link for more information from Microsoft, and for how to handle other such event IDs:

http://support.microsoft.com/kb/290762

This is just a matter of knowing where the image is stored and getting on that it correct size to replace it.

The default picture, the orange flower, is stored in:

C:\ProgramData\Microsoft\User Account Pictures\

Rename the original user.bmp to something like user.bmp.orig.

Then, create or resize or find the 128×128 pixel image you want to replace it with and convert it to a bmp if it is not already. When you have the image, simply paste it in the “C:\ProgramData\Microsoft\User Account Pictures\” directory and rename it to user.bmp.

OS: Windows 2012 R2

For years, I used to get upset when I knew that a simple network trace would give me the answer to an issue only to find that netmon or an equivalent was not installed on the server. Well, with the later versions of Windows, the “netsh trace” command is there to help. Netsh is a very powerful command that I continue to turn to for help.

Just a few of the “netsh trace” options:
report: Creates an HTML report file that I found pretty useless. However, this also creates a CAB file that contains potentially a lot of useful information.
scenario: You can choose different scenarios. To determine the list of possible scenarios, you can look at the following registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetTrace\Scenarios]

Or you can do:
netsh trace show scenarios

I chose NetConnection, but I just wanted to capture the traffic.
persistent: If yes, the trace will restart when the server is rebooted. Would almost never want that on, which is the default.
maxsize: To specify the maximum size of the trace file. the default is 250MB.
correlation: The will try to group related packets together.
tracefile: The name and location of where you want the file(s) to be saved.

Start a trace:

C:\>netsh trace start scenario=NetConnection capture=yes report=yes persistent=no maxsize=1024 correlation=yes tracefile=trace.etl

Trace configuration:
——————————————————————-
Status: Running
Trace File: trace
Append: Off
Circular: On
Max Size: 1024 MB
Report: On

Stop a trace:

C:\>netsh trace stop
Correlating traces … done
Merging traces … done
Generating data collection and report … done
The trace file and additional troubleshooting information have been compiled as
“C:\trace.cab”.
Tracing session was successfully stopped.

If you open up the etl file using NetMon and see the following messages in the description:

MicrosoftWindowsTCPIP: Windows stub parser: Requires full Common parsers. See the “How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)” help topic for tips on loading these parser sets.

Then, you need to enable to Windows Parser under Parser Profiles in Network Monitor. In version 3.4, it is in the top right corner of the window. In the Options, you can set it to be the default parser profile.

I don’t really like to do this, but sometimes you are left with no choice. Here is how to have a Windows server automatically login to the Administrator account:

Run regedit.

Navigate to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

Right mouse click on Winlogon and add the following String Values with the following settings:

“AutoAdminLogon”=”1”
“DefaultUsername”=”mydomain\Administrator”
“DefaultPassword”=”mypassword”

Then, reboot.

The Windows key has become much more important now that Windows 8 has been released. For someone who primarily uses Windows via RDP, it can make things a bit more difficult if you don’t know the some key combinations. I have listed a few that I commonly use below.

Windows Key: Alt-Home

Ctrl-Alt-Del: Ctrl-Alt-End

Alt-Tab: Alt+Page Up

Another interesting thing I found that has annoyed me in Windows 8 when using RDP is how to close metro applications. You can do this using a mouse. When in the metro application, move the mouse to the very top of the screen until the mouse pointer turns into a hand. Then, click and pull the window down to the bottom of the screen. This definitely beats what I was going before. I using Task Manager to kill the application.