Error “Trust Relationship between Workstation and Primary Domain failed”

The Error “Trust Relationship between Workstation and Primary Domain failed” does not come up often but it is scary when it does.   The quick explanation for this error is that the Active Directory stores a password for the computers connecting to it and the machine that has this error somehow did not sync correctly while using that password.  Microsoft knows about this problem and made these tools specifically to fix it.

Most sites tell you to un-register the computer with the domain, then re-register it.  This, in most cases, will create a new user profile. You will then need to rebuild and copy files and configurations from the old user directories to the new. Fortunately, there is a simpler and easier way of doing this.

Both the above method and the one I am about to describe require you to login to the local machines’ admin account.   Here is a good time to point out that you should retain the username and password for all of your workstations administrator type account just for this purpose.

Up to Windows 2012

Up to Windows Server 2012, you can use the Netdom command from either an elevated PowerShell or command prompt.  In windows 10 and Server 2016 they dropped this command and instead use the Reset-ComputerMachinePassword in PowerShell to accomplish this.  Windows Server 2012 can use either method.

To use the Netdom command you will need to first login as a local administrative user.   If you forgot the password there are methods of recovering it but I won’t discuss them in this article.   After logging in you will need to open the command prompt with Administrator privileges.  Then run the command as follows:

netdom resetpwd /server:DC_NAME /userd:USERNAME /password:PASSWORD

You will want to change the following to match your system:

  1. DC NAME to the name of your Domain Controller.
  2. USERNAME to a domain user that has rights to join new computers to the Domain.
  3. PASSWORD to either the above USERNAME’s password or use an * to have the computer prompt you for it.

After this completes you can just reboot your computer and login again under your Domain.  Everything should work as normal.

Windows 2012 to current

For Windows 2012 and beyond the same method is accomplished in PowerShell using the Reset- ComputerMachinePassword commandlet

Again, you will need to login with a local Administrator privileged account.  Then Open PowerShell with Administrator Privileges.  Once PowerShell is open you will use the following commandlet :

Reset-ComputerMachinePassword -Server “DC01” -Credential Domain01\Admin01

You will want to change the following to match your system:

DC01 to the name of your Domain Controller.

Domain01\Admin01 to your domain before the \ and a user that has rights to join new computers to the Domain after the \.

This will then prompt you for the Password for the user you specified.

Afterwards exit PowerShell and reboot your computer and login in again under your Domain.  Everything should work as normal.

 

Disable video auto-play in Firefox

If you do not want all those videos auto-playing in Mozilla Firefox then you can just turn them off.

From a tab in Firefox enter the following:

about:config

Search for the option “media.autoplay”  the value should be true click on it to change it to false.  You can now close the tab and you are done.

Disable AutoPlay settings
Disable AutoPlay settings

 

MSI installation fail

When you get:

“The feature you are trying to use is on a network resource that is unavailable”

During and installation of a MSI file you may just be dealing with a registry error.  MSI installations sometimes get messed up and won’t install.   One of the causes of this is prior installation attempts or removals that didn’t quite finish the job. 

Then this is likely the situation.   Along with the error above it will tell you it cannot find the file and ask you to search for it.  You probably won’t be able to find this file but there is a solution.   It involves using the registry so if you are uncomfortable with this I would advise having someone knowledgeable do this.  My usual advice would be not to attempt this yourself.

First open the registry editor and make sure you are at the root.  Once there, search for the file your program is requesting (program.msi).  It will be associated with a key that will look something like (example only not actual key) {ACDA0F20-94F0-449E-B81F-F8179E3DE605} You will need to delete the entire key that is associated with that MSI file.   There should only be one key in the registry so to make sure you may want to continue the search before deleting this key then start from the beginning to find it again before deleting it.

 

Disable automatic reboots for Windows Update version 7, 8 and 10

There are two ways of doing this without disabling automatic updates.  The first way will work on Home, Pro, and Enterprise editions.  The second method involves the Group Policy Editor and will only work in Pro and Enterprise editions.

The first solution involves making a registry modification.  I do not suggest this method since it involves modifying the registry and anything involving modifying the registry is not the best practice, since you can wreck your computer this way.

 

Open the registry editor.
Navigate to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
(If the key doesn’t exist you will need to create it)
Create a new DWORD value called AUOptions and enter a value of either 2 or 3.
(2 = Notify before download)
(3 = Automatically download and notify of installation)

Restart your PC

 

The cleaner solution is to use the group policy editor as follows:

 

Open the Group Policy Editor (gpedit.msc)
Navigate to
Computer Configuration \ Administrative Templates \ Windows Components \ Windows Update
Open
Configure Automatic Updates
Enable the policy and make any changes here you want.

Optionally you may want to also enable
Re-prompt for restart with scheduled installations
and set the interval to the largest possible value (1440 which is 24 hours) just so you don’t keep getting the pop up every 10 minutes after it actually does an update.

Restart your PC

Note: Restarting or shutting down from the start menu doesn’t seem to trigger the install process after this.

 

Dead Laptop Battery

If you have a laptop battery that won’t hold a charge usually it is a good idea to just replace it. But if you want to try a homebrew method to restore it there is some hope.

Put your dead battery in a zip lock back and freeze it for 12 hours. Afterwards, dry it off with a towel and put it in your laptop and charge it fully. Leave your laptop on until it is sufficiently drained and repeat this two more times.

This should help your battery memory so that it will hold a decent charge for awhile.

WoL (Wake on Lan)

WoL is useful for remote computers that perform specific tasks that do not require users. It can also be used for remote maintenance: if you shut down your computer and the technician needs access to it with WoL they can start it up, do their maintenance, then shut it down.

There is the problem of getting it to work, however. With the introduction of Windows 8, Microsoft added a “Fast User Switching” feature. With this introduction came a system to completely shut down your computer without any monitoring. Imagine you turn off your TV then the remote will not turn it back on because it turned off even the circuit that monitors that. With “Fast User Switching” Windows does exactly that. You will need to go the power settings under “what the computer does when you press the power button” to turn off this feature.

Another problem with some computers that is not Windows related, but essentially does the same thing, is in the BIOS you can tell the computer to go into a very deep sleep. This effectively does the same thing but at the machine level. You will need to go into the BIOS and turn this off or to a less deep sleep. While you are there you will also need to turn on the network adaptors WoL feature.

You can find several good programs on the internet that will wake up a computer and some with timers that will turn them on and off on a schedule.

Viruses, Trojans and Malware, oh my!

There are a lot of rumors about ransom-ware out there that many of you may not believe.  Something like it won’t happen to me.  Well, it is out there and it can happen, even to you.    There are many ways of distributing ransomware and other threats to your computer that you will not even see until it’s too late.  Ransomware is delivered through Viruses, Trojans, and Malware.  Yes, all of these are delivery methods.  The most common form of delivery is self-inflicted.  

Self-inflicted delivery is not new. You have probably seen it on websites and in your email (mostly as spam).  As an email, it is usually an attachment and can be opened by easily clicking on it.  On web pages, it is in the form of a click-through ad or article which by coincidence is also easily clickable.   When you click on this email or ad or whatever else is lurking out there you are inviting it to install itself and/or activate it.  This, unfortunately, bypasses the base defenses of most all anti-virus programs protecting you from just this sort of thing happening in the first place.

The unfortunate part is that because you load initiate the loading of the program your virus program does not do as thorough a job of checking out its validity.  This often causes the evil/insidious program to be able to install itself when it would normally be blocked.

I have found that the most common delivery is through email.   This is because with the right wording most people will open anything.  Don’t be most people!  Email can be spoofed to make it look like it came from someone or someplace you think you know.  The best rule here is if you are not expecting an attachment from an email you know, don’t open it even if it looks ok.   Treat ALL attachments like they will destroy your computer.  If necessary, email or call the person sending the attachment and ask if it’s legitimate.

With websites, you need to be cautious too.  Don’t click on banners or other ads.  There are more and more every day that is coming up as malicious software installers.   If you are downloading something make sure you download the right object.  A lot of free software sites make it difficult to tell which button is the actual download button.  Try avoiding free stuff as much as possible.  And if you do download something run it through your virus program before you do anything.  This is usually as simple as right-clicking on the file and choosing the virus program from the pop-up menu.

Remember, only YOU can prevent cyber fires.

Mapping a network drive

There are several different ways to map a network drive in Windows. Each way is, although different, basically the same. They all achieve the same end result and can be used interchangeably.

1. Use Windows Explorer
2. Use command prompt “Net Use”
3. Use Group Policy Editor

In Windows Explorer there are actually two ways of doing this. The easiest is to expand the network and then choose the computer which has the directory you want mapped. Then just left click on the directory and choose map network drive. All that is left after that is to assign the drive letter. The second method is in the Explorer header there is an option to Map Network Drive. This option will open a similar window without a drive mapping already filled in. You can now either browse for the folder or can type it in directly using the UNC of the folder.

If you want to use the command prompt you can use a command “Net Use”. With this command you can map drive letters and printer shares. You just need to know what the share name is.

Ex: net use x: \\mysharedcomputer\sharename

There are more options with net use that you can use to enter login credentials and such you can get a list by typing “net use /?”.

The last option is with group policy manager. This option is great for a server side configuration. There are a lot of things you can do the group policy manager but for now let us concentrate that you can map network drives. The best reason for doing it this way is for multiple people that need to share the same resource. It transcends changing of both computers and people. Setup correctly the only thing you need to do with group policies enabled is to attach the computer to the network and everything else is done for you. You can map network drives, printers, establish login policies, create defaults for internet explorer, assign local privileges, basically almost anything can be tweaked to your desire here and automatically update when the user logs on. All of these things can managed down to granular settings either by user, computer or even operating system. Any one all three or any combination thereof.

On your server based Group Policy Management Editor under “User Configuration” go to “Preferences” / “Windows Settings” then use “Drive Maps”. You can also setup login scripts and use the “net use” command from within these scripts.

HOW TO MAKE SYMBOLS WITH KEYBOARD

HOW TO MAKE SYMBOLS WITH KEYBOARD

If you would like to insert symbols to something you are typing you can do it with one simple method.  Use the Alt key like a shift key and hold it down while you type any of the following number combinations.  When you release the Alt key you will see the corresponding symbol in your text.

 Alt + 0153….. ™… trademark symbol

 Alt + 0169…. ©…. copyright symbol

 Alt + 0174….. ®….registered ­ trademark symbol

 Alt + 0176 …°……degree symbol

 Alt + 0177 …±….plus-or ­-minus sign

 Alt + 0182 …¶…..paragr­aph mark

 Alt + 0190 …¾….fractio­n, three-fourths

 Alt + 0215 ….×…..multi­plication sign

 Alt + 0162…¢….the ­ cent sign

 Alt + 0161…..¡….. ­.upside down exclamation point

 Alt + 0191…..¿….. ­upside down question mark

 Alt + 1…….….smiley face

 Alt + 2 ………..black smiley face   

 Alt + 15…..…..sun

 Alt + 12………..female sign

 Alt + 11…..……m­ale sign

 Alt + 6…….…..spade

 Alt + 5…….…… ­Club

 Alt + 3…….…… ­Heart

 Alt + 4…….…… ­Diamond

 Alt + 13………..e­ighth note

 Alt + 14………… ­beamed eighth note

 Alt + 8721…. …. N-ary summation (auto sum)

 Alt + 251…..…..square root check mark

 Alt + 8236…..….. ­infinity

 Alt + 24…….….. ­up arrow

 Alt + 25………… ­down arrow

 Alt + 26…..…..r­ght arrow

 Alt + 27………..l­eft arrow

 Alt + 18…..……u­p/down arrow

 Alt + 29………lef­t right arrow

For a comprehensive list you could go here:
Facebook Symbols