Nazaudy, a spark in your curious mind

Microsoft Windows Management Tips

This article contains some useful Microsoft Windows Management Tips that I have found while working with Operating Systems such as Windows 10, Windows 11 and of course Windows Server 2012, Windows Server 2016 and Windows Server 2019, at work and at home while testing. I hope that these tips can help you too! Here is a list of the ones I've recorded:

  1. Set Windows Photo Viewer as default
  2. Change registered owner of the system
  3. Install .NET Framework 3.5 in Windows 10. The following feature couldn't be installed (error code 0x800F081F)
  4. Windows Server 2012 R2 - Windows Update fails
  5. Create personal users area and implement folder redirection
  6. Open Task Manager as a admin
  7. Setup a logo in the Windows logon screen
  8. Install Windows 10 Pro N edition instead of Home edition
  9. Install Windows Media Player on Windows 10
  10. Configure NTP service on a Domain Controller
  11. Can't delete the "Thumbs.db" file because it is open by Windows Explorer
  12. Convert a physical desktop to Hyper-V Virtual Machine
  13. Install Windows 11 without signing with a Microsoft Account
  14. Upgrade Windows 11 Home to Windows 11 Pro
  15. Enable Firewall rules on headless Windows Server

 

1. Set Windows Photo Viewer as default

Really hate the new photo default viewer of Windows 10, and hate the most the fact that we have to do some fiddling to get the old viewer back, aargh. At present, when I try to view *.jpg files on my Windows 10 I get this error message:

Windows 10 error message This app can't open

 

To fix this issue, create an import a .reg file with this data:

 

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll]

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell]

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open]
"MuiVerb"="@photoviewer.dll,-3043"

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print]

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print\DropTarget]
"Clsid"="{60fd46de-f830-4894-a628-6fa81bc0190d}"

 

 

After you have imported the *.reg file, you can right-click the affected picture and choose Open with > browse to Windows Photo Viewer and choose to open it as default :) sweet

 

2. Change registered owner of the system

Another Windows 10 management tip or hack is to edit this register key: HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion and create these two entries if they are not there. Create them using the "String Value" data format

  • RegisteredOwner
  • RegisteredOrganization

That will show to Management Systems like Desktop Central who is the boss of that machine

 

3. Install .NET Framework 3.5 in Windows 10. The following feature couldn't be installed (error code 0x800F081F)

It may happens that, after the installation/upgrade of Windows 10, you got an application (app, as it is called nowadays in Microsoft language) that needs .NET Framework 3.5. Right, the best way to install this is by going to appwiz.cpl >  Turn Windows Features on and off > and tick the NET 3.5, but eventually you'd be given this error message: "The following feature couldn't be installed"

 

Microsoft .NET Framework 3.5 error message this feature couldn't be installed

To fix this nasty error, I've done as follows:

  1. Search Duck Duck for "Windows 10 iso" and download the Windows 10 installation media from here: https://www.microsoft.com/en-gb/software-download/windows10
  2. Choose "Create installation media for another PC". choose the *.iso format and save it at the root of the C:\ drive
  3. Once the *.iso download is completed, right-click to it and mount it, note the drive letter being assigned (on my example the letter E:\)
  4. Finally, open cmd in privilege mode and run this command:

dism /online /enable-feature /featurename:netfx3 /all /source:E:\sources\sxs /limitaccess

 

4. Windows Server 2012 R2 - Windows Update fails

If you can't run Windows Update on your windows box, execute this command under admin rights:

DISM.exe /Online /Cleanup-image /Restorehealth

 

5. Create personal users area and implement folder redirection

Roaming profile copies data and systems data, a bit messy if your ask me. Folder redicrection, on the other hand, it just deals with user's data and put in on a location where you can backup.To make this change on your domain, you do as follows:

  • On your file server create a folder called "Home", and don't share it at all
  • Here comes the tricky part, inside the Home folder create a folder for every single user: account1, account2, account3
  • Edit the Advanced Security Setting of each of the user's folder and set them as below, where you:
    • Give Full Control to Domain Admins, this is for us to see the contents
    • Give Full Control to Backup Operations (if you have that group on your domain), this is for the system to do a backup of that folder
    • Give Full Control to the user to manage the content of his/her data, and also ensure you set him/her as the owner of the files

Windows 10 Management Tip regarding permissions

 

  • Once you've done all of all for each one of the folders of your users, click on the Run command and open fsmgmt.msc
  • Using the Shared Folders console, connect to your File Server if needed, then right-click on Shares and select "New Share"

Creating a New Share

  • Follow the Wizard and ensure you share the folder with the dollar sign, this is so that is hidden on the network. You'll need to later on map that folder to the user's workstation either by GPO or by running: net use H: \\FileServer\username$

Follow the Create a Share Folder Wizard

  • At the time of reaching the Share Permission, set the "Everyone" group with Full Access. Don't worry, NTFS permissions always take precedence over Network permissions, so your shared folders will be hidden and accessible only the defined individual users

Give Full Control permissions to Everyone

Finally, to ensure users get access to the same Documents folder, create a new GPO called "Folder redirection", then set User Configuration > Windows Setting > Folder Redirection

 

6. Open Task Manager as a admin

One of the best Windows 10 Management Tips that I can give you is to know how to open task manager while you're logon as a regular user. Right-click on the Windows button Menu and choose to open "Windows Powershell (admin)". Enter your admin password, then type "taskmgr" and you're on!

 

7. Setup a logo in the Windows logon screen

Another great Windows 10 Management Tips that you can use in domain environment is to setup your company logo in the logon Windows screen, so it looks like this, where I have put the logo of the famous company "HELLO! Magazine" as a picture on the computer login screen:

 

A great Windows Managemetn tips is to put a company logo in the Microsfot Logon window of the computer

 

To achieve this using GPO (Group Policy Object) do as follows:

1) Using Group Policy Management in your Forest Root Domain Controller, visit Group Policy Objects and create a new policy called "User Logo"

User Logo Group Policy Object

 

2) Edit the newly created GPO and visit Computer Configuration >> Policies >> Control Panel >> User Accounts >> and set at "Enabled" the option 'Apply the default account picture to all users'. That way, everybody will get the same logo

 Apply the default account pictures to all users

 

3) Visit the folder "C:\ProgramData\Microsoft\User Account Pictures"  and copy all the pictures in there into a different folder, something like on My Documents or something, somewhere where you can edit them safely

 Location of User Account Pictures

4) Use Microsoft Paint or similar to edit each one of those pictures, and place your desired logo on them. Once you have done that, use the setting in the GPO Computer Configuration >> Preferences >> Windows Settings > Files >> to push the files to the computer in the domain with the action "Replace"

 

8. Install Windows 10 Pro N edition instead of Home edition

I have a lovely HP Envy laptop which I wanted to use Bitlocker on, but unfortunately it already came pre-installed with Windows 10 Home edition using a digital license. To install the Windows Pro edition, which includes support for Bitlocker, create a file called "ei.cfg" in the folders "sources" with this entry:

[EditionID]
Professional
[Channel]
Retail

After that, you'll ask to chose a Windows 10 instalation edition during install. About how to license that Windows 10 Pro with a key...that probably is a mission for pirate bay, lol

 

9. Install Windows Media Player on Windows 10

Visit this link to install Windows Media Player on Windows 10:

 

10. Configure NTP service on a Domain Controller

This is a problem that normally happens right after you install a Domain Controller, with the time the clients attached to it will start going behind in the internal clocks because the NTP server is properly configure on the Forest Root Domain Controller, acting as the legacy PDC for the domain. To fix this, do as follows:

1) Visit the Group Policy Management Console and create a new GPO called "Server Time" in the Domain Controllers OU

Server Time GPO for NTP

2) Visit the Computer Configuration > Policies > Administrative Templates > System > Windows Time Service > Time Providers and configure the options there as below:

Configure Windows NTP Client

Set these two to enable:

  1. Enable Windows NTP Client
  2. Enable Windows NT Server

Then run gpupdate /force and the time on the DC should be updated, if not run "time" on cmd and update it manually, can also run "w32tm /query /configuration" to check or "w32tm /query /peers"

w32tm /config /manualpeerlist:8.8.8.8 /syncfromflags:manual /reliable:yes /update

 

 

11. Can't delete the "Thumbs.db" file because it is open by Windows Explorer

When deleting folders, you may come across this error message, so annoying!!

The action cannot be completed because the file is open in Windows Explorer

The best solution to solve this is just to rename the file, then delete the whole folder as you originally wanted

 

 

12. Convert a physical desktop to Hyper-V Virtual Machine

Sometimes I've come across companies where they have, as a legacy from an old distant past, desktop computer that run critical services and are just connected to the network, without any keyboard, monitor, etc attached, and are in use just for users to RDP on them and access critical software installed on those machines. 

  1. Download DiskGenius (https://www.diskgenius.com/manual/create-virtualbox-virtual-disk-file.php) in your physical desktop, and select Tools >> Virtualise System into Virtual Machine >> VirtualBox
  2. Choose to save the .vbi file into a share drive
  3. Next, download VirtualBox from here in your physical desktop: https://www.virtualbox.org/wiki/Downloads and select File >> Tools >> Virtual Media Manager
  4. Right-click on the .vdi file >> Copy >> and select *.vhd and the output format
  5. Visit your Hyper-V host, chose "Edit disk", and select to convert the .vhd to a vhdx disk; obviously save it on a shared storage, something like C:\ClusterStorage\Vol1 
  6. Visit your Hyper-V host, choose to create a Virtual Machine as a Generation 2 (otherwise Windows10 or later won't boot!)  and pick your nearly .vhdx converted file as the hard drive for the VM

If for some reason the machine fails to boot, which is what normally will happen, boot from a Windows 10 iso, and do as follows:

  • C:\ chkdsk /r /f = 
  • bootrec /fixmbr = no difference
  • bootrec /rebuildbcd = no difference
  • bootrec /fixboot = access denied, tried 
  • bcdboot
  • sfc/scannow
  • bootsec /nt60 all

 

13. Install Windows 11 without signing with a Microsoft Account

In the "Let's connect you to a network" page
1-Press Shift+F10 to open the Command Prompt
2-Type this command and press Enter:
OOBE\BYPASSNRO
3-Your computer will reboot automatically, and you may need to start the out-of-box experience again
4-In the "Let's connect you to a network" page, click on "I don't have internet" at the bottom of the page
5-Then click on "Continue with limited setup"
6-Then follow the instructions to create a local account and finish the Out-of-box experience

 

 

14. Upgrade Windows 11 Home to Windows 11 Pro

Run the following commands:

  • slmgr.vbs /upk
  • slmgr.vbs /cpky
  • slmgr.vbs /ckms 
  • DISM /online /Get-TargetEditions 
  • slui.exe /upk
  • changepk.exe /ProductKey VK7JG-NPHTM-C97JM-9MPGT-3V66T

 

  • slmgr /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX
  • slmgr /skms kms8.msguides.com
  • slmgr /ato

15. Setup custom images for logon window using Microsoft Spotlight

Create a new GPO and set the following:

Computer Configuration >> Windows Settings >> Files >> Create the new 1600x900 image lock screen

 

16. Enable Firewall rules on headless Windows Server

Run these commands on a headless Windows Server 2019 to enable the basic firewall rules

  • netsh advfirewall set allprofiles state off
  • netsh firewall set service type=remoteadmin mode=enable
  • netsh advfirewall firewall set rule group="Remote Administration" new enable=yes
  • netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=allow protocol=icmpv4
  • netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
  • Netsh advfirewall firewall set rule group="Remote Volume Management" new enable=yes
  • netsh advfirewall set allprofiles state on

 

 

References

 

Comments powered by CComment