Remove cached passwords on Windows

Windows caches your user names and passwords entered for network shares, drives etc. That’s fine until there’s an incorrect password or username in the cache, and you want to remove it.

The utility to delete cached credentials is hard to find. It stores both certificate data and also user passwords.

Open a command prompt, or enter the following in the run command:

rundll32.exe keymgr.dll, KRShowKeyMgr

~Pouyan

Configuration Manager requires a dedicated SQL Server instance

In my lab environment I’m doing quite a lot of ConfigMgr testing. Recently, I was doing some testing on System Center Configuration Manager and Endpoint Protection (current branch – version 1511) and I broke the ConfigMgr primary site server and decided to re install the primary site.

In my lab I am using a dedicated SQL 2014 server to host the database and a dedicated server for the ConfigMgr installation. So I uninstalled the site server VM using the uninstall wizard, I deleted the database file in SQL and started a new installation wizard.
During the installation, the prerequisite checker gave me the following error. The error message stated that the SQL instance chosen already has a site database.

Configuration Manager requires a dedicated SQL Server instance to host its site database. You selected a SQL Server instance that hosts the site database for another Configuration Manager site. Select a different SQL Server instance for this new site to use, or resolve the conflict by uninstalling the other site or moving its database to a different SQL Server instance.

To solve this problem, I logged on the SQL Server and started the registry editor, there I found the following registry key with information about the ConfigMgr site:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS]

After removing the registry key and restarting the SQL server I was able to continue the new ConfigMgr installation.

Kind regards,

Pouyan

Disable windows 10 non enterprise store tab’s

With the new Windows Store for Business, organizations can make volume purchases of Windows apps. The Store for Business provides app purchases based on organizational identity, flexible distribution options, and the ability to reclaim or re-use licenses. Organizations can also use the Store for Business to create a private store for their employees that includes apps from the Store, as well private Line-of-Business (LOB) apps.

For a Windows 10 project that I am currently  working on we wanted to disable the non enterprise store tabs in the windows Store app and only use the Windows store for business!

Current situation, logged in with an business user account:

currentStore

According to Microsoft, The only way to disable the non enterprise store tabs right now is a mobile CSP. Supposedly, a GPO for this is forthcoming, but not available yet. If you disable the store with the GPO, the private store goes with it!

Well this is not completely true because I managed to find the right registry key to accomplish this. see below for the result:

resultStore

To fix this the only thing you need to change is one registry setting, assuming you already configured Azure AD and Business store of course!

Using Registry Editor
Run regedit and hit Enter to open the Registry Editor. Navigate to the following registry key:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftPolicyManagerdefaultApplicationManagementRequirePrivateStoreOnly

Change the DWORD VALUE in the RequirePrivateStoreOnly key  from 0 to 1.

Restart you windows Store app and you should now only see the business store! If you arent’t logged in with an business account then you only see a grey window!

I hope this was informative for you!

This setting is tested on a Windows 10 enterprise (Build 10586.164).

Kind regards,

Pouyan

Import thumbnailphoto in AD from jpg

The script below will import JPG file as a thumbnailphoto in ActiveDirectory

$username = "p01001"
$jpgfile = "C:\PICTURE.jpg"
 

$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$root = $dom.GetDirectoryEntry()
$search = [System.DirectoryServices.DirectorySearcher]$root
$search.Filter = "(&(objectclass=user)(objectcategory=person)(samAccountName=$username))"
$result = $search.FindOne()
 
if ($result -ne $null)
{
 $user = $result.GetDirectoryEntry()
 [byte[]]$jpg = Get-Content $jpgfile -encoding byte
 $user.put("thumbnailPhoto",  $jpg )
 $user.setinfo()
 Write-Host $user.displayname "updated"
}
else {Write-Host $user "Does not exist"}

~Pouyan

Windows 10 mobile device locked?

So today my Lumia 950 phone with Windows 10.0.10586.36 (Fast ring)crashed a few times and after starting it back, I saw the message below on my phone after unlocking it using the PIN:

"This device has been locked for security reasons. Connect your device to the power source for at least two hours, and then try again"

However the phone is now stuck at this screen but I’m receiving the messages, calls and other notifications but I can’t go beyond that screen and use my phone.

To solve this problem, try the following steps:

  1. Go to https://account.microsoft.com/devices on a browser
  2. Select your phone then lock it it will ask you to use a 6 digit code. The phone will lock and write goodbye.
  3. Restart it and use the code to unlock it and the message will be gone and you will be at your start screen.
    Ensure ur phone is connected to the internet during this process

Creating and using Password Hashes and Secure Strings with Powershell

This is how you can generate a Secure String with powershell and use it in your scripts

$secureString = Read-Host -AsSecureString
ConvertFrom-SecureString $secureString | out-file c:tmpencrypted.txt
$newString = gc C:tmpencrypted.txt | ConvertTo-SecureString

Load the Secure string from file and use it in your script:

$securePassword = Get-Content "c:tmpencrypted.txt" | ConvertTo-SecureString

How to Enable or Disable Remote Desktop via Group Policy

There are two ways to enable or disable Remote Desktop on a Machine

You can use Group Policy setting to (enable or disable) Remote Desktop
  1. Click Start – All programs – Administrative Tools – Group Policy Management.
  2. Create or Edit Group Policy Objects.
  3. Expand Computer Configuration – Administrative Templates – Windows Components – Remote Desktop Services – Remote Desktop Session Host – Connections.
  4. Allow users to connect remotely using Remote Desktosample-0p Services (enable or disable)

 

 

 

 

Continue reading How to Enable or Disable Remote Desktop via Group Policy

SQL Server version

All SQLServer service packs are cumulative, meaning that each new service pack contains all the fixes that are included with previous service packs and any new fixes.

Quick summary:

RTM (no SP) SP1 SP2 SP3 SP4
 SQL Server 2016 CTP2.4
 SQL Server 2014 12.0.2000.8 12.0.4100.1
 SQL Server 2012 11.0.2100.60 11.0.3000.0 11.0.5058.0
 SQL Server 2008 R2 10.50.1600.1 10.50.2500.0 10.50.4000.0 10.50.6000.34
 SQL Server 2008 10.0.1600.22 10.0.2531.0 10.0.4000.0 10.0.5500.0 10.0.6000.29
 SQL Server 2005 9.0.1399.06 9.0.2047 9.0.3042 9.0.4035 9.0.5000
 SQL Server 2000 8.0.194 8.0.384 8.0.532 8.0.760 8.0.2039
 SQL Server 7.0 7.0.623 7.0.699 7.0.842 7.0.961 7.0.1063

Just another WordPress site