dsregcmd /status
Checks if machine is AADJoined etc
Thursday, November 14, 2024
Thursday, October 24, 2024
Delete stored wifi networks from command line
Delete stored wifi networks from command line:
netsh wlan delete profile name=* i=*
quickie command to return the serial number
wmic bios get serialnumber
Thursday, September 21, 2023
Unexpected Domain Account lockouts
Domain Accounts can get locked out if the account password is changed but a previous logon to a box somewhere remains.
To locate the box which still has a logon, logon to a domain controller and filter the security log for events IDs 4740. Account lockout events will reveal which computer has a logon which is causing the lockout.
Wednesday, August 30, 2023
Custom Event Log Queries
XML can be edited in Event Log queries to apply filters and narrow down the relevant entries. Below are examples of custom Event Log queries
Example 1
<Select
Path="System">*[System[(EventID=7036)]]and*[EventData[Data and
(Data='The Optimize drives service entered the stopped state.')]]
Example 2 ! means not
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">
*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and (EventID=4634)]]
and
*[EventData[Data[@Name='TargetUserName'] !='ServiceAccountName1'
and
Data[@Name='TargetUserName'] !='ServiceAccountName2'
and
Data[@Name='TargetUserName'] !='MACHINENAME$'
and
Data[@Name='TargetUserName'] !='ServiceAccountName3'
and
Data[@Name='TargetUserName'] !='SYSTEM'
and
Data[@Name='TargetUserName'] !='UserName'
]]
Edge Unstable in IE Mode
System platform Windows 11 22H2 AAD joined.
There were multiple reports of Edge being unstable. Randomly when accessing IE mode sites the following would appear at the top of the page in Edge:
To open this page in Internet Explorer mode, try restarting Microsoft Edge
Restarting Edge would only temporarily solve the problem and this would severely impact the users' workflow.
The Application Event Log would show
[14872:14876:0629/082826.066:WARNING:web_contents_internet_explorer_tab_host_observer_win.cc(208)]
Creation of Internet Explorer mode tab failed: 17
It was noticed that this was accompanied by another Event Log entry (System or Applocker I can't remember which) that show that CMD.EXE was being blocked or not working somehow. At the time Applocker was being used to prevent users running the CMD.EXE. When Applocker was turned off the problem did not occur.
As an experiment the CMD.EXE block was removed from Applocker and instead was blocked using a registry key
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
DisableCMD=1 (REG_DWORD)
After a reboot this made things a lot worse. Edge became extremely unstable with all sites and would reliably crash after only a few tabs were opened.
Event Logs and Edge memory dumps were supplied to Microsoft support who identified an Edge Extension called Forcepoint OneEndpoint (FOEDLP) as the cause of the problem. FOEDLP is data leak protection software that monitors data streams for restricted data.
Forcepoint support were then supplied with the information and reproduced the issue.
Forcepoint suggested switching to "Inline Proxy" mode and disabling the Edge extension.
This enabled the DLP functionality to remain while Edge could remain stable.
Allowing CMD.EXE to be run by users was also an option.
Thursday, August 3, 2023
Monday, June 5, 2023
Remote Help no UNC button
Problem: You use Remote Help but do not get the UNC button to control elevated windows.
Assuming Remote help has been configured correctly and the helper has the elevated role required, UNC will not be available where the user already has a login capable of administrative elevation.
For the helper to get the UNC option the top left hand corner must say:
User is not in administrator mode
If the user is in administator mode the UNC button will not be available to the helper.
keywords Unable to UNC
Subscribe to:
Posts (Atom)