Install KMS Host License Pack for Office 2010 on Windows Server 2016

Currently when you try to install the KMS Host License Pack for Office 2010 on a Windows Server 2016 or Windows 10 you receive the following error message:

The cause of this problem relies in the VBS script that is being triggered at the end of the installation. In order to install the KMS Pack on newer operating systems than Windows server 2008R2 you need to perform the following steps:

  • Run KeyManagementServiceHost_en-us.exe until the error message appears. Don’t click OK.
  • Go to the folder “C:\Program Files (x86)\MSECache\OfficeKMS” and copy the folder to somewhere like (C:\Temp\OfficeKMS)
  • Click OK on the error message and press ENTER to close the program.
  • Open the folder with the copy (C:\Temp\OfficeKMS) and edit the file kms_host.vbs:
  1. Search for the line:

        If (Ver(0) = “6” And Ver(1) >= “2”) Or (Ver(0) >= “7”) Then 

    And replace it with the line below, this line just says that Windows Server 2016 and Windows 10 (both having version number 10) are also supported:

    If (Ver(0) = “6” And Ver(1) >= “2”) Or (Ver(0) >= “7”) Or (Ver(0) = “10”) Then

  • Start Command prompt with administrative permissions, run the command below and follow the wizard.

cd C:\Temp\OfficeKMS
cscript.exe kms_host.vbs


Office 2016 Customization

Disable Office 2016 – First things first Prompt

When you first launch Office Click to Run or Office 2016, you will get a First things first dialog box come up like below. Users will always click accept, what other choice do they have?


You can  disable this by configuring the below Registry key:


Disable Office 2016 Default File Types Dialog

Another thing I disable on my desktop builds is the Office 2016 Default File Types prompt as shown below. Normal users will not understand what it means. All they will do is ask questions.


Use the registry key below to stop it appearing :



Disable F12 confirmation at PXE boot into WinPE

When you are performing a PXE boot, most of the time you need to press F12 to trigger the PXE boot action. Then after connection is initiated with the PXE server, the boot rom image asks for the F12 key to be pressed again. If the key is not pressed, the machine will continue to boot normally into the installed OS (if available). This can be confusing for some Admins because they except the client to boot through to the Boot image, or maybe they want to create a fully automated OSD Deployment.


Configuration Manager 1610 on Windows server 2016

So to disable the secondary F12 key, we need to take a look at our Distributions volume and browse to: RemoteInstall\SMSBoot\x86 and x64

Here we see multiple files that will be used trough the boot time, but there are only two files that we need to change to achieve our goal:

  • – this is the default file that is loaded by the client through the PXE boot process
  • pxeboot.n12 – this file is the same as, but is not loaded in the boot process now

To configure all clients to boot without pressing F12, rename the startup boot files in x86 and x64 folder:

  • Change to pxeboot.bak
  • Change pxeboot.n12 to

Restart the WDS service:

Restart-Service -Name “WDSServer” -Force

That’s it, now you should be able to PXE boot without pressing F12 twice to confirm booting to the WDS server. I hope this was useful, in case you have any questions, please contact me.


Distribute Office Click-To-Run via Microsoft Intune (MDM) – Part 2

You might have tried following guide in order to deploy Office Pro Plus (Click-to-Run) via Intune, resulting in the MSI being deployed but the Office bits not being streamed.  Please read our solution on Microsoft Blog:

Distribute Office Click-To-Run via Microsoft Intune (MDM) – Part 2

Remove cached passwords on Windows

Windows caches your user names and passwords entered for network shares, drives etc. That’s fine until there’s an incorrect password or username in the cache, and you want to remove it.

The utility to delete cached credentials is hard to find. It stores both certificate data and also user passwords.

Open a command prompt, or enter the following in the run command:

rundll32.exe keymgr.dll, KRShowKeyMgr


Configuration Manager requires a dedicated SQL Server instance

In my lab environment I’m doing quite a lot of ConfigMgr testing. Recently, I was doing some testing on System Center Configuration Manager and Endpoint Protection (current branch – version 1511) and I broke the ConfigMgr primary site server and decided to re install the primary site.

In my lab I am using a dedicated SQL 2014 server to host the database and a dedicated server for the ConfigMgr installation. So I uninstalled the site server VM using the uninstall wizard, I deleted the database file in SQL and started a new installation wizard.
During the installation, the prerequisite checker gave me the following error. The error message stated that the SQL instance chosen already has a site database.

Configuration Manager requires a dedicated SQL Server instance to host its site database. You selected a SQL Server instance that hosts the site database for another Configuration Manager site. Select a different SQL Server instance for this new site to use, or resolve the conflict by uninstalling the other site or moving its database to a different SQL Server instance.

To solve this problem, I logged on the SQL Server and started the registry editor, there I found the following registry key with information about the ConfigMgr site:


After removing the registry key and restarting the SQL server I was able to continue the new ConfigMgr installation.

Kind regards,


Disable windows 10 non enterprise store tab’s

With the new Windows Store for Business, organizations can make volume purchases of Windows apps. The Store for Business provides app purchases based on organizational identity, flexible distribution options, and the ability to reclaim or re-use licenses. Organizations can also use the Store for Business to create a private store for their employees that includes apps from the Store, as well private Line-of-Business (LOB) apps.

For a Windows 10 project that I am currently  working on we wanted to disable the non enterprise store tabs in the windows Store app and only use the Windows store for business!

Current situation, logged in with an business user account:


According to Microsoft, The only way to disable the non enterprise store tabs right now is a mobile CSP. Supposedly, a GPO for this is forthcoming, but not available yet. If you disable the store with the GPO, the private store goes with it!

Well this is not completely true because I managed to find the right registry key to accomplish this. see below for the result:


To fix this the only thing you need to change is one registry setting, assuming you already configured Azure AD and Business store of course!

Using Registry Editor
Run regedit and hit Enter to open the Registry Editor. Navigate to the following registry key:


Change the DWORD VALUE in the RequirePrivateStoreOnly key  from 0 to 1.

Restart you windows Store app and you should now only see the business store! If you arent’t logged in with an business account then you only see a grey window!

I hope this was informative for you!

This setting is tested on a Windows 10 enterprise (Build 10586.164).

Kind regards,


Import thumbnailphoto in AD from jpg

The script below will import JPG file as a thumbnailphoto in ActiveDirectory

$username = "p01001"
$jpgfile = "C:\PICTURE.jpg"

$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$root = $dom.GetDirectoryEntry()
$search = [System.DirectoryServices.DirectorySearcher]$root
$search.Filter = "(&(objectclass=user)(objectcategory=person)(samAccountName=$username))"
$result = $search.FindOne()
if ($result -ne $null)
 $user = $result.GetDirectoryEntry()
 [byte[]]$jpg = Get-Content $jpgfile -encoding byte
 $user.put("thumbnailPhoto",  $jpg )
 Write-Host $user.displayname "updated"
else {Write-Host $user "Does not exist"}


Windows 10 mobile device locked?

So today my Lumia 950 phone with Windows 10.0.10586.36 (Fast ring)crashed a few times and after starting it back, I saw the message below on my phone after unlocking it using the PIN:

"This device has been locked for security reasons. Connect your device to the power source for at least two hours, and then try again"

However the phone is now stuck at this screen but I’m receiving the messages, calls and other notifications but I can’t go beyond that screen and use my phone.

To solve this problem, try the following steps:

  1. Go to on a browser
  2. Select your phone then lock it it will ask you to use a 6 digit code. The phone will lock and write goodbye.
  3. Restart it and use the code to unlock it and the message will be gone and you will be at your start screen.
    Ensure ur phone is connected to the internet during this process

Creating and using Password Hashes and Secure Strings with Powershell

This is how you can generate a Secure String with powershell and use it in your scripts

$secureString = Read-Host -AsSecureString
ConvertFrom-SecureString $secureString | out-file c:tmpencrypted.txt
$newString = gc C:tmpencrypted.txt | ConvertTo-SecureString

Load the Secure string from file and use it in your script:

$securePassword = Get-Content "c:tmpencrypted.txt" | ConvertTo-SecureString