Situation – TrueNAS (or FreeNAS, or other Samba servers) serving a SMB share with NTLMv1 authentication disabled. A standalone Windows 10 system can connect to it, but a domain joined Win 10 system constantly claims wrong password.
The culprit here was a old group policy setting in the domain:
Network Security: LAN Manager authentication level
(found in Computer Configuration - Windows Settings - Security Settings - Local Policies - Security Options)
This was set to Send LM & NTLM - use NTLMv2 session security if negotiated, for backwards compatibility reasons with Win 2000 boxes and the like. This affects the registry key lmcompatibilitylevel (setting it to 1) under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.
Unfortunately this is a bit misleading. According to this article:
From Windows 8 Microsoft snuck in a refinement to the format command. It is now possible to get it to do multi-pass random-number disk wipes. From the help (Win 10 20H2):
/P:count Zero every sector on the volume. After that, the volume
will be overwritten "count" times using a different
random number each time. If "count" is zero, no additional
overwrites are made after zeroing every sector. This switch
is ignored when /Q is specified.
So to do a single-pass random wipe:
Repartition disk with one partition (if desired) and give it a drive letter (let’s say F for this example). Probably a good idea to remove any OEM, EFI, recovery partitions like this. A quick way to do this is to use the clean command in diskpart.
Run format F: /P:1
If you feel like it finish up with a clean command in diskpart.
This should do a pass with all zeros, and then a random-number pass.
Note this isn’t a full ‘write random data to every block in the drive’ erase, but should still be secure enough for most purposes.
Had an issue where a Windows Server 2012 R2 system could not be accessed by RDP or remote management, as the network type had changed to Private (and thus the firewall wasn’t letting these connections through). File sharing was still working.
Found solution via SpiceWorks forum. Restart the Network Location Awareness service (needed to log on to system locally to do this). This triggered a redetection and the type wend back to Domain. RDP etc then worked again.
Dell Latitude 7490 with existing SATA m.2 SSD. We want to upgrade to larger NVMe drive (Crucial 1Tb).
First tried new drive in Startech NVMe USB enclosure (M2E1BMU31C). Downloaded Crucial cloning software (locked version of Acronis). Problem – not recognised as Crucial drive so Acronis won’t run.
Posts suggest that the new drive should be installed in the laptop first and the system booted via USB. So take current drive out and put it in a SATA USB m.2 enclosure. Attach this to USB-C port and reboot.
This doesn’t work. What does work is attaching it to a USB-A port instead. Then it boots with no intervention.
After that the disk was clones (with no reboot necessary!), the old dive disconnected and the system booted happily from the new drive.
There are a couple of GUI routes for setting the system web proxy for Windows 10 – the old control panel page (via Network and Internet – Network Options):
And the new settings style:
Note that the new style does not warn you that you may not be allowed to set the proxy – you can change the settings, but if you select another panel and then go back to Proxy your settings will be gone.
The reason for this is often that the system is configured to set the proxy at the machine level, not per-user. On domain systems this can be changed using Group policy. On standalone systems this can be changed using a registry key, located under
Windows driver – IJ Network tool does allow you to input IP address eventually (Mac version does not). Conveniently our print server was on the same subnet as the printer, so it found it straight away. Driver can be installed on Server 2012 and shared, but cannot be shared as a LPD queue (as Canon don’t use a standard IP port).
Printer does function as an IPP printer, and LPD (if enabled).
On the Mac, use the IP address of the printer – it doesn’t communicate properly with the DNS name.
Note to self – when trying to stop the continued requests for reboots to install pending updates in Windows Update, one of the go-to things to check is the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired
Remember, don’t just delete the contents of this key, delete the actual key itself!
Had an issue where OneDrive for Business (installed with Office 365) was constantly using one CPU core. None if the fixes involving the cache or resetting the client worked. The problem seems to have started with recent (possibly after Office 365 1712 8827.2148) updates. What did work was the solution in this thread:
In Windows Server 2016 the usual trick of just setting a proxy server in IE doesn’t seem to work. The proxy can be set from the command line, but there is some contradictory advice out there. What worked for me was:
netsh winhttp set proxy proxy-server="your.proxy.server:port" bypass-list="*.your.local.domain"
This should result in:
Current WinHTTP proxy settings:
Proxy Server(s) : your.proxy.server:port
Bypass List : *.your.local.domain
You can also check this with
netsh winhttp show proxy
You are meant to be able to import this from IE, but that gave me a syntax error.
You may need to restart the update service after this to kick it into life.
Problem – I had a system (HP Spectre) with Windows 10 Home edition which I wanted to upgrade to Enterprise (to get BitLocker). The trouble is, even when using the Windows 10 Enterprise install ISO and a clean install it installed Home. This is because it detects a Home key embedded in the BIOS and automatically installs it without giving you a choice.
You can apparently force it to install the version you want by including EI.cfg and PID.txt files in the install ISO (or USB key). I had a look at our ISO, which does include EI.cfg. The contents are:
Interestingly, according to the Microsoft documentation this is wrong – [Channel] should be either Retail or OEM…
There is no PID.txt file. According to some people this is also required. I was going to try this, but then found a simpler solution. You can run setup.exe from the DVD (assuming you have a functioning install already, like I had here) and include command line switches. Including specifying the product key.
Hey presto, this time the upgrade wizard only gives you the option of a clean(ish) install (as Win 10 Home to Enterprise is not a supported in-place upgrade for some reason), and the summary explicitly confirms you are upgrading to Enterprise.
And then you wait ages…
Note that if you have a system with Pro, then in theory you can change the product key (there are several ways to do this) to get to Enterprise. On the other hand, Pro can join domains and has BitLocker anyway.