GPO does not apply when using custom user groups

The simplest method to using a custom user group is to remove the “Authenticated Users” group and add the custom user group created.   This is what everyone says including Microsoft.  The problem is that now the GPO does not apply anywhere.    There are a lot of things attached to “Authenticated Users” like computers and special permissions that you lose when you remove it entirely.  So if you keep it there and just remove the apply privilege the custom groups will work correctly without needing to figure out what needs to be added.

The simple method is to not remove but modify the “Authenticated Users group.   Go ahead and add the custom user group either before or after this modification.

Go to the Delegation tab and hit Advanced.   Then select “Authenticated Users” and remove the check from “Apply group policy” and apply.   After doing this you can go back to Scope and “Authenticated Users” will not be there.  The group policy is now ready for use.

The Power of Ctrl+Shift+Esc

This powerful combination can be used to quickly open the task manager, allowing you to manage running programs on your computer.

How to Use the Ctrl+Shift+Esc Key Combination

for Easier Access and Control Are you looking for an easier way to access and control your system? Do you want to learn how to quickly manage common tasks? Look no further than the Ctrl+Shift+Esc key combination

Maximize Efficiency The Benefits of Leveraging Task Manager On Windows

Introduction to Task Manager on Windows

Task Manager is an essential Windows Tool

Task Manager is a powerful and critical tool for users of the Microsoft Windows operating system It allows them to view, manage and control system processes, applications, services as well as hardware resources such as memory usage, active ports and CPU utilization The Task Manager interface provides easy-to-understand visual feedback about the status of your computer’s performance including any applications that are currently running on it Additionally, you can use Task Manager to monitor system errors or find out which programs or files might be causing performance problems with your PC

Task Manager gives you information about how much memory each application is using and how many tasks are currently running on your machine so you can take action if needed – this could include disabling unneeded background processes – in order to improve system performance and reduce resource consumption This helps ensure that only important tasks will remain active while nonessential components don’t unnecessarily consume precious RAM or processor cycles Furthermore, letting Task Manager terminate troublesome programs instead of manually closing them by force ensures that all associated data associated with those apps remains secure until they’re restarted properly at another time

The TaskManager also includes functionality for managing startup items; these allow users to adjust which applications load automatically when their OS boots up from cold start ups — thereby saving time during everyday use — as well as sift through additional settings like disk drives’ read/write speed optimization settings inside different types of storage devices connected to a computer (e,g, hard disks In addition ,the task manager windows version offers basic maintenance options such as creating restore points in case something goes wrong after tinkering deeply around with certain tech features within their PC’s core software stack or settings parameters related directly towards its installed antivirus programs must also leverage the task manager for tracking activity accurately

Aside from these uses on PCs—where it has been available since —Microsoft changed tack more recently by introducing yet another implementation called “Windows Runtime Profiling” into current versions of Windows Phones It works by breaking down specific activities into condensed charts showing percentages regarding various factors ranging from battery life usage overviews between built in utilities like OneDrive cloud backup all the way up towards realtime visibility metrics concerning third party apps market shares amongst other elements spread across user’s phones environment interfaces — leading people who desire more insight beyond default overview details viewable via mobile device’s app stores themselves should look no further than what new profiler entry offers here because its instrumentation feature next generation technology packed abound under hood supplied!

Task Manager is a great way to maximize your efficiency while working on Windows By leveraging Task Manager, you can easily manage applications, view detailed performance information, monitor system resources and better control how Windows runs on your computer These are just a few of the benefits that come with using Task Manager, so start taking advantage of it today and find out how much more productive you can be!

Mapped network drive not showing up in application open / save window

When certain programs will not show a mapped drive in the open and save windows of various programs it may be an indication that Windows is stopping the communication between that program and the network.   By turning off the UAC (User Account Control) you can eliminate any device between your program and mapped network drives. However, while reducing the UAC enforcement may look like an easy solution it is something you should only use as a last resort.  The UAC does a number of other functions that help reduce malware and other nefarious programs from ruining your system so it is usually something you want to keep in place.  

Under normal conditions Windows should have already implemented this solution, however, depending on installation and other factors Windows sometime misses this valuable registry entry and you need to put it in yourself.   The value is “EnableLinkedConnections” and is found in the Registry   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.  If Windows missed this then the key is usually missing but it could be shut off as well.  The value you want to put there is 1 to turn this on.

Directly from Microsoft:

Caution: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes.  

To configure the EnableLinkedConnections registry value, follow these steps:

  1. Click Start, type regedit in the Start Search box, and then press ENTER.
  2. Locate and then right-click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  3. Point to New, and then click DWORD Value.
  4. Type EnableLinkedConnections, and then press ENTER.
  5. Right-click EnableLinkedConnections, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Exit Registry Editor, and then restart the computer.  

I have included a file that you can just run which will insert this value in the registry for you. 

It will give a warning about modifying the registry fist but it will just write over the value if it is already there and create it if it isn’t so either way it will work.

How to block third party / junk installations

 

There are a lot of “Free” software solutions to solve your problems out there.   Ranging from Anti-Virus to Uninstallers and even productivity tools like office suites.  These can be very useful but sometimes come with a catch. They install additional software which you do not want or need.  This is not uncommon for free stuff to have a gotcha in the form of advertising for other people.  But it can be annoying and sometime even dangerous in the case of malware.

Microsoft has a solution that can help curb this practice and it is built into Windows 10.  While not perfect, it will stop most third party junk-ware from installing.

You will need to manually activate it with Power Shell (built into Windows also).  To do this you will need to open Power Shell as an administrator.  Once it is open you will need to type in the following:

Set-MpPreference -PUAProtection 1

After that you can exit Power Shell and that’s it!

This is not a 100% solution so, as always, be careful when installing freeware or any software for that matter. 

Repairing Windows System Files

There are some base systems files that Windows must have to operate and to do so efficiently.   For some time now there has been a utility to check these files and report on their well-being.  This System File Check utility will check for damaged or corrupted files and repair what it can.   You only need to run it from an elevated command prompt with the command “SFC /scannow”.  The will initiate a complete of all the essential protected system files that would compromise your computer.

SFC /scannow

It, however, cannot always fix the problems on your system.  Sometimes this due to Windows updates and sometimes it is due to other issues.  When System File Checker cannot fix the system files there is a utility for Windows 8 and up called DISM.   The utility will check the files not only with internal checksums but with checksums over the internet from Microsoft.   There is a scan only option and a restore option.  You can use the restore blindly without scanning but if you want to see if there is anything first you should use the /scanhealth option.  You can run them back to back or use a single command line that will do if for you.

Back to Back would be:

DISM /Online /Cleanup-image /Scanhealth

DISM /Online /Cleanup-image /Restorehealth

Or both together:

DISM /Online /Cleanup-image /Scanhealth && DISM /Online /Cleanup-image /Restorehealth

(there is a space both before and after the &&)

 DISM takes care of matching and fixing files based on what’s current on the Microsoft cloud but SFC is still the go to file checker.  I would recommend running SFC then DISM then SFC once more to check that there are no more errors.  Running SFC first will probably fix most of (if any) errors on your system but if it gives and error you then use DISM as a backup.  Once finished with DISM you run SFC again to see if there are any unresolved errors left.

Both SFC and DISM can take some time to run depending on errors found and corrected.  So, I would recommend doing them when you have down time that you wouldn’t need your computer.

 

Extremely long file names and directory paths.

File Name too long?  Or perhaps along with the directory path it’s too long?

 When copying files for backup from long directory paths you have probably come across an error, every so often, that says something like “directory path too long would you like to skip this file?”.  The reason for this is that you are usually only allowed a maximum of 244 characters in the file name so copying a path which has over 244 characters in the name fails.  This does not happen often but sometimes with networks and programs that tend to nest subdirectories names can become too long for this rule.   With the introduction of Windows 10 (starting at revision 1607) Microsoft removed this limitation. However, this is not enabled by default to maintain compatibility.  You must opt-in for this feature to work.   There are two ways to do this, from the Registry or from the Group Policy editor (Not included in Windows Home).

For those of you that have Windows 10 Pro or above you can open the Group Policy Editor and navigate to Computer Configuration > Administrative Templates > System > Filesystem > Enable NTFS long paths and set it to Enabled.

For any version of Windows 10 (including Home) you can make a Registry change.  Always remember that registry changes can damage your computer to the point of completely ruining it.  Do not make these changes unless you are comfortable with it.

You will need to navigate to:  HKLM\SYSTEM\CurrentControlSet\Control\FileSystem and look for the DWORD: LongPathsEnabled if it is not there, create it as a REG_DWORD 32 Bit. The default value is 0 which is compatibility.  If you change its value to 1 then you will have enabled unlimited File/Path lengths.

I am adding a link to a zip file which has two Registry file modifiers which will do this automatically for you.  Just unzip the files and run the ExtendedFileNames_on to switch it to on and ExtendedFileNames_off to turn it back off.

Extended path / file length registry entry

 

Error “Trust Relationship between Workstation and Primary Domain failed”

The Error “Trust Relationship between Workstation and Primary Domain failed” does not come up often but it is scary when it does.   The quick explanation for this error is that the Active Directory stores a password for the computers connecting to it and the machine that has this error somehow did not sync correctly while using that password.  Microsoft knows about this problem and made these tools specifically to fix it.

Most sites tell you to un-register the computer with the domain, then re-register it.  This, in most cases, will create a new user profile. You will then need to rebuild and copy files and configurations from the old user directories to the new. Fortunately, there is a simpler and easier way of doing this.

Both the above method and the one I am about to describe require you to login to the local machines’ admin account.   Here is a good time to point out that you should retain the username and password for all of your workstations administrator type account just for this purpose.

Up to Windows 2012

Up to Windows Server 2012, you can use the Netdom command from either an elevated PowerShell or command prompt.  In windows 10 and Server 2016 they dropped this command and instead use the Reset-ComputerMachinePassword in PowerShell to accomplish this.  Windows Server 2012 can use either method.

To use the Netdom command you will need to first login as a local administrative user.   If you forgot the password there are methods of recovering it but I won’t discuss them in this article.   After logging in you will need to open the command prompt with Administrator privileges.  Then run the command as follows:

netdom resetpwd /server:DC_NAME /userd:USERNAME /password:PASSWORD

You will want to change the following to match your system:

  1. DC NAME to the name of your Domain Controller.
  2. USERNAME to a domain user that has rights to join new computers to the Domain.
  3. PASSWORD to either the above USERNAME’s password or use an * to have the computer prompt you for it.

After this completes you can just reboot your computer and login again under your Domain.  Everything should work as normal.

Windows 2012 to current

For Windows 2012 and beyond the same method is accomplished in PowerShell using the Reset- ComputerMachinePassword commandlet

Again, you will need to login with a local Administrator privileged account.  Then Open PowerShell with Administrator Privileges.  Once PowerShell is open you will use the following commandlet :

Reset-ComputerMachinePassword -Server “DC01” -Credential Domain01\Admin01

You will want to change the following to match your system:

DC01 to the name of your Domain Controller.

Domain01\Admin01 to your domain before the \ and a user that has rights to join new computers to the Domain after the \.

This will then prompt you for the Password for the user you specified.

Afterwards exit PowerShell and reboot your computer and login in again under your Domain.  Everything should work as normal.

 

Disable video auto-play in Firefox

If you do not want all those videos auto-playing in Mozilla Firefox then you can just turn them off.

From a tab in Firefox enter the following:

about:config

Search for the option “media.autoplay.enabled”  the value should be true click on it to change it to false.  You can now close the tab and you are done.

NOTE (10/10/2017): It would appear the the newest revision of FireFox broke this when they added a new value.  You will also need to change.  “media.autoplay.default”  this is by default 0 change it to 1.

Disable video auto-play in Chrome

If you do not want all those videos auto-playing in Google Chrome then you can just turn them off.

From a tab in Chrome enter the following:

chrome://flags/#autoplay-policy

change the first option to “Document user activation is required.”  then update/restart Chrome.

MSI installation fail

When you get:

“The feature you are trying to use is on a network resource that is unavailable”

During and installation of a MSI file you may just be dealing with a registry error.  MSI installations sometimes get messed up and won’t install.   One of the causes of this is prior installation attempts or removals that didn’t quite finish the job. 

Then this is likely the situation.   Along with the error above it will tell you it cannot find the file and ask you to search for it.  You probably won’t be able to find this file but there is a solution.   It involves using the registry so if you are uncomfortable with this I would advise having someone knowledgeable do this.  My usual advice would be not to attempt this yourself.

First open the registry editor and make sure you are at the root.  Once there, search for the file your program is requesting (program.msi).  It will be associated with a key that will look something like (example only not actual key) {ACDA0F20-94F0-449E-B81F-F8179E3DE605} You will need to delete the entire key that is associated with that MSI file.   There should only be one key in the registry so to make sure you may want to continue the search before deleting this key then start from the beginning to find it again before deleting it.

 

Contact us