Microsoft Windows Management Tips
This article contains some useful Microsoft Windows Management Tips that I have found while working with Operating Systems such as Windows 10, Windows 11 and of course Windows Server 2012, Windows Server 2016 and Windows Server 2019, at work and at home while testing. I hope that these tips can help you too! Here is a list of the ones I've recorded:
- Set Windows Photo Viewer as default
- Change registered owner of the system
- Install .NET Framework 3.5 in Windows 10. The following feature couldn't be installed (error code 0x800F081F)
- Windows Server 2012 R2 - Windows Update fails
- Create personal users area and implement folder redirection
- Open Task Manager as a admin
- Setup a logo in the Windows logon screen
- Install Windows 10 Pro N edition instead of Home edition
- Install Windows Media Player on Windows 10
- Configure NTP service on a Domain Controller
- Can't delete the "Thumbs.db" file because it is open by Windows Explorer
- Convert a physical desktop to Hyper-V Virtual Machine
- Install Windows 11 without signing with a Microsoft Account
- Upgrade Windows 11 Home to Windows 11 Pro
- Enable Firewall rules on headless Windows Server
1. Set Windows Photo Viewer as default
Really hate the new photo default viewer of Windows 10, and hate the most the fact that we have to do some fiddling to get the old viewer back, aargh. At present, when I try to view *.jpg files on my Windows 10 I get this error message:
To fix this issue, create an import a .reg file with this data:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Applications\photoviewer.dll]
[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell]
[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open]
"MuiVerb"="@photoviewer.dll,-3043"
[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00
[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print]
[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00
[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print\DropTarget]
"Clsid"="{60fd46de-f830-4894-a628-6fa81bc0190d}"
After you have imported the *.reg file, you can right-click the affected picture and choose Open with > browse to Windows Photo Viewer and choose to open it as default :) sweet
2. Change registered owner of the system
Another Windows 10 management tip or hack is to edit this register key: HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion and create these two entries if they are not there. Create them using the "String Value" data format
- RegisteredOwner
- RegisteredOrganization
That will show to Management Systems like Desktop Central who is the boss of that machine
3. Install .NET Framework 3.5 in Windows 10. The following feature couldn't be installed (error code 0x800F081F)
It may happens that, after the installation/upgrade of Windows 10, you got an application (app, as it is called nowadays in Microsoft language) that needs .NET Framework 3.5. Right, the best way to install this is by going to appwiz.cpl > Turn Windows Features on and off > and tick the NET 3.5, but eventually you'd be given this error message: "The following feature couldn't be installed"
To fix this nasty error, I've done as follows:
- Search Duck Duck for "Windows 10 iso" and download the Windows 10 installation media from here: https://www.microsoft.com/en-gb/software-download/windows10
- Choose "Create installation media for another PC". choose the *.iso format and save it at the root of the C:\ drive
- Once the *.iso download is completed, right-click to it and mount it, note the drive letter being assigned (on my example the letter E:\)
- Finally, open cmd in privilege mode and run this command:
dism /online /enable-feature /featurename:netfx3 /all /source:E:\sources\sxs /limitaccess
4. Windows Server 2012 R2 - Windows Update fails
If you can't run Windows Update on your windows box, execute this command under admin rights:
DISM.exe /Online /Cleanup-image /Restorehealth
5. Create personal users area and implement folder redirection
Roaming profile copies data and systems data, a bit messy if your ask me. Folder redicrection, on the other hand, it just deals with user's data and put in on a location where you can backup.To make this change on your domain, you do as follows:
- On your file server create a folder called "Home", and don't share it at all
- Here comes the tricky part, inside the Home folder create a folder for every single user: account1, account2, account3
- Edit the Advanced Security Setting of each of the user's folder and set them as below, where you:
- Give Full Control to Domain Admins, this is for us to see the contents
- Give Full Control to Backup Operations (if you have that group on your domain), this is for the system to do a backup of that folder
- Give Full Control to the user to manage the content of his/her data, and also ensure you set him/her as the owner of the files
- Once you've done all of all for each one of the folders of your users, click on the Run command and open fsmgmt.msc
- Using the Shared Folders console, connect to your File Server if needed, then right-click on Shares and select "New Share"
- Follow the Wizard and ensure you share the folder with the dollar sign, this is so that is hidden on the network. You'll need to later on map that folder to the user's workstation either by GPO or by running: net use H: \\FileServer\username$
- At the time of reaching the Share Permission, set the "Everyone" group with Full Access. Don't worry, NTFS permissions always take precedence over Network permissions, so your shared folders will be hidden and accessible only the defined individual users
Finally, to ensure users get access to the same Documents folder, create a new GPO called "Folder redirection", then set User Configuration > Windows Setting > Folder Redirection
6. Open Task Manager as a admin
One of the best Windows 10 Management Tips that I can give you is to know how to open task manager while you're logon as a regular user. Right-click on the Windows button Menu and choose to open "Windows Powershell (admin)". Enter your admin password, then type "taskmgr" and you're on!
7. Setup a logo in the Windows logon screen
Another great Windows 10 Management Tips that you can use in domain environment is to setup your company logo in the logon Windows screen, so it looks like this, where I have put the logo of the famous company "HELLO! Magazine" as a picture on the computer login screen:
To achieve this using GPO (Group Policy Object) do as follows:
1) Using Group Policy Management in your Forest Root Domain Controller, visit Group Policy Objects and create a new policy called "User Logo"
2) Edit the newly created GPO and visit Computer Configuration >> Policies >> Control Panel >> User Accounts >> and set at "Enabled" the option 'Apply the default account picture to all users'. That way, everybody will get the same logo
3) Visit the folder "C:\ProgramData\Microsoft\User Account Pictures" and copy all the pictures in there into a different folder, something like on My Documents or something, somewhere where you can edit them safely
4) Use Microsoft Paint or similar to edit each one of those pictures, and place your desired logo on them. Once you have done that, use the setting in the GPO Computer Configuration >> Preferences >> Windows Settings > Files >> to push the files to the computer in the domain with the action "Replace"
8. Install Windows 10 Pro N edition instead of Home edition
I have a lovely HP Envy laptop which I wanted to use Bitlocker on, but unfortunately it already came pre-installed with Windows 10 Home edition using a digital license. To install the Windows Pro edition, which includes support for Bitlocker, create a file called "ei.cfg" in the folders "sources" with this entry:
[EditionID]
Professional
[Channel]
Retail
After that, you'll ask to chose a Windows 10 instalation edition during install. About how to license that Windows 10 Pro with a key...that probably is a mission for pirate bay, lol
9. Install Windows Media Player on Windows 10
Visit this link to install Windows Media Player on Windows 10:
10. Configure NTP service on a Domain Controller
This is a problem that normally happens right after you install a Domain Controller, with the time the clients attached to it will start going behind in the internal clocks because the NTP server is properly configure on the Forest Root Domain Controller, acting as the legacy PDC for the domain. To fix this, do as follows:
1) Visit the Group Policy Management Console and create a new GPO called "Server Time" in the Domain Controllers OU
2) Visit the Computer Configuration > Policies > Administrative Templates > System > Windows Time Service > Time Providers and configure the options there as below:
Set these two to enable:
- Enable Windows NTP Client
- Enable Windows NT Server
Then run gpupdate /force and the time on the DC should be updated, if not run "time" on cmd and update it manually, can also run "w32tm /query /configuration" to check or "w32tm /query /peers"
w32tm /config /manualpeerlist:8.8.8.8 /syncfromflags:manual /reliable:yes /update
11. Can't delete the "Thumbs.db" file because it is open by Windows Explorer
When deleting folders, you may come across this error message, so annoying!!
The best solution to solve this is just to rename the file, then delete the whole folder as you originally wanted
12. Convert a physical desktop to Hyper-V Virtual Machine
Sometimes I've come across companies where they have, as a legacy from an old distant past, desktop computer that run critical services and are just connected to the network, without any keyboard, monitor, etc attached, and are in use just for users to RDP on them and access critical software installed on those machines.
- Download DiskGenius (https://www.diskgenius.com/manual/create-virtualbox-virtual-disk-file.php) in your physical desktop, and select Tools >> Virtualise System into Virtual Machine >> VirtualBox
- Choose to save the .vbi file into a share drive
- Next, download VirtualBox from here in your physical desktop: https://www.virtualbox.org/wiki/Downloads and select File >> Tools >> Virtual Media Manager
- Right-click on the .vdi file >> Copy >> and select *.vhd and the output format
- Visit your Hyper-V host, chose "Edit disk", and select to convert the .vhd to a vhdx disk; obviously save it on a shared storage, something like C:\ClusterStorage\Vol1
- Visit your Hyper-V host, choose to create a Virtual Machine as a Generation 2 (otherwise Windows10 or later won't boot!) and pick your nearly .vhdx converted file as the hard drive for the VM
If for some reason the machine fails to boot, which is what normally will happen, boot from a Windows 10 iso, and do as follows:
- C:\ chkdsk /r /f =
- bootrec /fixmbr = no difference
- bootrec /rebuildbcd = no difference
- bootrec /fixboot = access denied, tried
- bcdboot
- sfc/scannow
- bootsec /nt60 all
13. Install Windows 11 without signing with a Microsoft Account
In the "Let's connect you to a network" page
1-Press Shift+F10 to open the Command Prompt
2-Type this command and press Enter:
OOBE\BYPASSNRO
3-Your computer will reboot automatically, and you may need to start the out-of-box experience again
4-In the "Let's connect you to a network" page, click on "I don't have internet" at the bottom of the page
5-Then click on "Continue with limited setup"
6-Then follow the instructions to create a local account and finish the Out-of-box experience
14. Upgrade Windows 11 Home to Windows 11 Pro
Run the following commands:
- slmgr.vbs /upk
- slmgr.vbs /cpky
- slmgr.vbs /ckms
- DISM /online /Get-TargetEditions
- slui.exe /upk
- changepk.exe /ProductKey VK7JG-NPHTM-C97JM-9MPGT-3V66T
- slmgr /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX
- slmgr /skms kms8.msguides.com
- slmgr /ato
15. Setup custom images for logon window using Microsoft Spotlight
Create a new GPO and set the following:
Computer Configuration >> Windows Settings >> Files >> Create the new 1600x900 image lock screen
16. Enable Firewall rules on headless Windows Server
Run these commands on a headless Windows Server 2019 to enable the basic firewall rules
- netsh advfirewall set allprofiles state off
- netsh firewall set service type=remoteadmin mode=enable
- netsh advfirewall firewall set rule group="Remote Administration" new enable=yes
- netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=allow protocol=icmpv4
- netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
- Netsh advfirewall firewall set rule group="Remote Volume Management" new enable=yes
- netsh advfirewall set allprofiles state on
References
- https://blogs.msdn.microsoft.com/mattlind/2010/01/13/delegation-tab-in-aduc-not-available-until-a-spn-is-set/
- https://www.howtogeek.com/howto/windows-vista/fixing-annoyances-stop-windows-from-copying-files-accidentally-when-ctrl-click-selecting/
- https://docs.microsoft.com/en-us/sysinternals/downloads/
- https://www.maketecheasier.com/change-default-user-account-picture-windows10/
- https://www.intowindows.com/how-to-select-pro-edition-while-installing-windows-10/
- https://metalop.com/2015/12/07/converting-virtualbox-vdi-diskfiles-to-hyper-v-vhd-files/
- https://learn.microsoft.com/en-us/windows/configuration/windows-spotlight/?pivots=windows-11
- https://learn.microsoft.com/en-us/microsoft-365/admin/misc/organizational-messages-microsoft-365?view=o365-worldwide
- https://www.sccm.ie/how-to/107-learn-the-basic-netsh-advfirewall-firewall-commands-for-cmd-and-powershell
Comments powered by CComment