Sunday, July 16, 2017

Cannot see all users on the domain in Active Directory Import Wizard

Issue: When you use a user to run the Active Directory Import Wizard in Microsoft Dynamics AX, you cannot see all users on the domain. This problem occurs if the user that you use is not domain administrator.
Cause: This problem occurs because some settings on the network domain are required for non-domain administrators to view all users on the domain within the Active Directory Import Wizard in Microsoft Dynamics AX.
To see all users on the domain when you use a non-domain administrator user to run the Active Directory Import Wizard within Microsoft Dynamics AX, follow these steps:
  • Make sure that the user who you use is a part of the “Authenticated Users” security group on the domain. To do this, follow these steps:
  1. In Active Directory Users and Computers, make sure that Advanced Features is selected under the View menu option.
  2. Right-click the user that you cannot see when you run the import wizard. Then, select Properties.
  3. Click the Member Of tab. The user should appear under Domain Users.

  4. Then Click the Security tab, select Authenticated Users Group, and then make sure that the Read Permission for Authenticated Users property is set to Allow.

  • Set up the “Authenticated Users” to have “Read” permissions to all objects. This enables authenticated users to see the complete list of Active Directory users during the import process in Microsoft Dynamics AX. To do this, follow these steps:
  1. In Active Directory Users and Computers, make sure that Advanced Features is selected under the View menu option.
  2. Right-click the user that you cannot see when you run the import wizard. Then, select Properties.
  3. Click the Security tab.
  4. Click Authenticated Users group.
  5. Click the Advanced button.

  6. Select Authenticated Users name, and then click Edit.

  7. Make sure that the Type is set to Allow and that the Applies to: box is set to This object and all descendant objects.
  8. Make sure Read all
    properties check box in Properties section is checked.

After you complete these steps, the Read permission is selected by default when you create a new user.

How to resolve AAD Connect performance counters error (Event 6313)

During a recent upgrade of Azure AD Connect I encountered the following error in the Application event log:
Log Name:      ApplicationSource:        ADSyncDate:          05-12-2016 11:28:21Event ID:      6313Task Category: ServerLevel:         InformationKeywords:      ClassicUser:          N/AComputer:
Description:The server encountered an unexpected error creating performance counters for management agent “”.Performance counters will not be available for this management agent.

After analyzing the issue in details I found that this occur when AAD Connect installation lack permissions to write performance counter information correctly in the local Registry.
To avoid this issue in the first place, always start Azure AD Connect installation or upgrade from an elevated command prompt or an elevated PowerShell prompt.
Fixing the issue after Azure AD Connect is installed, require either that AAD Connect is first un-installed and then properly re-installed (from an elevated command prompt), or that the following changes are done to re-register the ADSync performance counters.
To perform re-registration of the ADSync performance counters, first open an elevated PowerShell prompt and stop the three Azure AD Connect services:
Stop-Service AzureADConnectHealthSyncInsightsStop-Service AzureADConnectHealthSyncMonitorStop-Service ADSync
Next, we need to make a change in the local Registry, but before this ensure that you have a backup of the Registry key.
Open the local Registry and right-click on the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADSync\Performance key
Select Export and save the key to a .REG file
Right-click the following registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADSync\Performance and select Delete
Before proceeding, create a new Performance key in the Registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADSync\
Switch back to the elevated PowerShell prompt and two commands to unload and create the performance counters.
Run the first command to remove performance counters name and explain text for the ADSync performance counters:
unlodctr.exe ADSync
Run the second command to register name and explain text of the ADSync performance counters, based on the information in the mmsperf.ini file:
lodctr.exe “C:\Program Files\Microsoft Azure AD Sync\Bin\mmsperf.ini”
Start the Azure AD Connect service from the elevated PowerShell prompt:
Start-Service AzureADConnectHealthSyncInsightsStart-Service AzureADConnectHealthSyncMonitorStart-Service ADSync
Review the Application log for the event ID 1000 for confirmation that the performance counters are successfully loaded:
Log Name:      ApplicationSource:        Microsoft-Windows-LoadPerfDate:          05-12-2016 11:43:41Event ID:      1000Task Category: NoneLevel:         InformationKeywords:User:          N/AComputer:
Description:Performance counters for the ADSync (Microsoft Azure AD Sync) service were loaded successfully.The Record Data in the data section contains the new index values assigned to this service.

Thursday, July 13, 2017

How to Reset Windows 7 Password

In this tutorial, I will show you how to reset Windows 7 user password
You will need the Windows 7 installation DVD
I am running Windows 7 as a Virtual Machine for demo purpose

Step 1: Boot Into Windows 7 Installation DVD

Boot Into Windows 7 Installation DVD
Click 'Next'

Step 2: Take Note of Windows 7 Drive Letter

Take Note of Windows 7 Drive Letter
In this example is drive E

Step 3: Click 'Command Prompt'

Click 'Command Prompt'
To access COMMAND PROMPT window

Step 4: Replace UTILMAN.exe With CMD.exe

Replace UTILMAN.exe With CMD.exe
-Replace drive letter E with your Windows 7 drive letter
To backup utilman.exe, run command:
copy e:\windows\system32\utilman.exe e:\
-Replace utilman.exe with cmd.exe
copy e:\windows\system32\cmd.exe e:\windows\system32\utilman.exe
-Click 'Restart' to reboot Windows

Step 5: Click 'Easy Access' Icon

Click 'Easy Access' Icon
It will execute cmd.exe which open up command prompt window

Step 6: Reset User Password

Reset User Password
-To reset user password (ex: administrator), run command:
net user administrator 1234
-Replace 1234 with your own password
-Login Windows with that user and the new password

Step 7: Restore Utilman.exe

Restore Utilman.exe
-You will need boot back into Windows 7 installation DVD
-Choose 'Next', then 'Repair your computer'
-Take note of Windows 7 drive letter where it's being install
-Select 'Command Prompt'
-To replace current utilman.exe with the backup in earlier step, run command:
copy e:\utilman.exe e:\windows\system32\utilman.exe
-Click 'Restart' to reboot Windows

Step 8: Check Ease Access

Check Ease Access
-Click on Ease Access to make sure it's the version we just restore
-Login Windows

Step 9: Delete Backup Utilman.exe

Delete Backup Utilman.exe
In Windows, delete e:\utilman.exe (backup copy of utilman.exe we copy earlier to root drive)

Bypass Windows Logons with the Utilman.exe

Utilman.exe is a built in Windows application that is designed to allow the user to configure Accessibility options such as the Magnifier, High Contrast Theme, Narrator and On Screen Keyboard before they log onto the system.
This was designed to help people who are hard of sight, hearing or mobility to log onto Windows themselves without the need of outside help. Its a great feature for disabled people but it opens up a security hole that we can take advantage of to bypass Windows logons.
Bypassing the Windows logon comes in handy if our clients have forgotten their logon password, their user profiles were corrupted or malware was interfering with the system before login.
This works because the user can trigger Utilman by pressing Windows Key + U before Windows logon. This will load up the Utilman.exe executable which resides in the Windows\System32 directory. If you swap the Utilman.exe file with something else like cmd.exe, you have access to the command prompt running SYSTEM privileges. SYSTEM is an account with the highest possible privileges on Windows which similar to the root account on Unix systems.
Here are the step by step instruction on how to do this.
You can do a lot of damage to a system if you dont know what you are doing. Technibble accepts no responsibility if something goes wrong.
First of all, we will need a way to access the file system to swap out Utilman.exe with something else like cmd.exe. There are a few ways to achieve this:
  • Remove the operating system hard drive from the target system and slave it into another system with a working operating system. From there you can swap out the files on the slave drive
  • Use a Boot CD like UBCD4Win and use the file management software there
  • Use the Windows Vista or 7 DVD
In this example we will be using the Windows 7 DVD. To begin, boot from your Windows 7 DVD and when you reach the first screen asking about the language, currency and keyboard format, Click Next.
On the next page, down in the lower left hand side, click on the “Repair your computer” link.

Next, select the “Use recovery tools that can help fix problems starting Windows. Select an operating system to repair” option, choose an operating system from the list and Click Next.

You will now have an option to “Choose a recovery tool”. Select Command Prompt.
You should now have a Command Prompt Window open. Type in the following commands:
cd windows\system32
ren utilman.exe utilman.exe.bak
copy cmd.exe utilman.exe
This will navigate to the system32 directory, rename utilman.exe to utilman.exe.bak, make a copy of cmd.exe and name it utilman.exe.
Remove the DVD and reboot the system.
Once the computer boots up normally, press the key combination Windows Key + U and you should get a Command Prompt. If the Command Prompt doesnt appear, press Alt+Tab as the Command Prompt may appear behind the Logon screen. From here, you can run many (if not all) of the commands you can normally use in Command Prompt.

Resetting an Existing Users Password

If you reset a users account password. This will permanently lose access to the users encrypted files. Be sure to back these up.
To reset an existing users password, we need type the text below. In this example, we will be changing JohnDoe’s password to “hunter2”.
net user JohnDoe hunter2
You should be able to log in with this new password straight away.
If you dont know what the username on the system actually is, you can see a list of the users by typing:
net user

Creating a New User Account

To create a new user account in the Command Prompt (Username: NewGuy. Password: abc123), and add them to the Administrators usergroup type:
net user NewGuy abc123 /add
net localgroup Administrators NewGuy /add

Again, you should be able to login straight away with this new account.

Reverting Changes

To restore utilman.exe, in the Command Prompt type in:
cd windows\system32
del utilman.exe
ren utilman.exe.bak utilman.exe

Then reboot the system.
To remove the new user account you just created earlier, type in:
net user NewGuy /delete
That's it

How to boot from USB drive on an Asus s200e laptop

In order to boot from USB on the Asus s200e laptop, the following steps need to be done in the BIOS:
  1. Power on the Asus S200e laptop
  2. Press and hold F2 key when powering on the Asus S200e laptop to enter the bios.
  3. Switch to the “Boot” tab and set “Lunch CSM” to Enabled.
  4. Switch to the “Security” tab and set “Secure Boot Control” to Disabled.
  5. Press F10 to save and exit.
  6. Press and hold ESC key to launch the boot menu while the Asus S200e laptop is powering up.

Saturday, July 8, 2017

How to Add a Control Panel Shortcut to the Right Click Menu in Windows 10

To add the Control Panel to the Windows 10 right-click menu, we’ll need to edit the Windows Registry. The Registry is an important component of Windows and deleting or modifying the wrong parts of it could corrupt your Windows installation and result in data loss. So, before you make any changes to the Registry, make sure you have a recent backup of your data and refrain from making any unnecessary changes.

Launch the Registry Editor

First, launch the Windows Registry Editor by searching for regedit in the Start Menu. The Registry Editor will appear in the search results as illustrated in the screenshot below.
regedit start menu windows 10

Edit the Windows Registry

With the Registry Editor open, use the hierarchy on the left to navigate to the following location:
From there, right-click on the shell key and select New > Key. Name the key Control Panel.
regedit new key
Next, right-click on the new Control Panel key you just created and choose New > Key again. This time, name the new key command.
regedit control panel new key
Left-click the new command key to select it and then double-click on the (Default) string listed in the left panel of the window. In the Edit String window that appears, enter the following text in the Value data box:
rundll32.exe shell32.dll,Control_RunDLL
regedit control panel rundll32
Click OK to close the window and save your changes.

Access Control Panel from the Right-Click Menu

Once you’ve made the changes above, you can close the Registry Editor. The changes you made will take effect immediately so there’s no need to reboot or log out. To test your new Control Panel shortcut, head to your desktop (or anywhere else in File Explorer) and simply right-click. You’ll see the familiar right-click menu appear, but now it will include a Control Panel entry. Just left-click on it and you’ll jump directly to the Windows Control Panel.
right click control panel windows 10
Having quick right-click access to the Control Panel is certainly handy, but if you ever decide that you’d like to remove the right-click shortcut, just head back to the Registry path discussed above and delete the the Control Panel key you created.

Wednesday, July 5, 2017

Deploy Printers With Group Policy - Windows 2012 R2

Steps (21 total)



Start by planning out your site. Take a piece of paper and list all your printers that will need to be deployed and who will need them.
Create group names for the printer groups by floor or side of building / purpose.
In this example I will only be deploying one printer but you can get the feel of what to do and just repeat the steps for other printers and groups.

Install Printer On LAN

Setup and Install your printer on the LAN if you have not already done so. Record the IP address you assigned (preferably static) and the model number so we can download the drivers.

Install Print and Document Service

Login to the server that will host the printers and install the Print and Document Service by using Add Roles and Features from Server Manager. Check the box next to Print and Document Service and hit next

Print Features

Be sure that Print Server is checked and if you are going to need Mac / Unix printing support then check the box for LPD. I have never really used the Scan Server bit but feel free to explore.

Open Print Management

Once the install is finished go to Server Manager and choose tools then Print Management

Print Management Overview

Print Management control panel overview:
Start by expanding Print Servers and you should see the local server listed that you just installed Print Services on. You can also add other print servers in your environment as long as they have Print and Document Services installed. Just right click and Add Server to control everything from one place.
Under the print server then computer name you will find the Drivers management function. This is where you will control drivers and update them as new ones are released.
Forms is where you control the default forms assigned to the printers in your environment. This is a powerful feature and helps with deployment of forms and maintains a consistent standard across everyone that uses this print server. Explore this one in depth I will make you look like a champ to the end users.
Ports is all the ports TCP/IP, LPT, COM and File that are available to the local machine. As you add printers to the server and share them out you will get a TCP/IP port listed with the IP address of the printer. This is the same as right clicking the printer and choosing Properties then the Port tab.
Printers is the same as Devices and Printers from Control Panel

Download 32bit and 64bit drivers

Open your browser and search/download both the 32bit and 64bit drivers for the specific printer you are setting up. Try not to get the bundle but rather choose the basic driver for just printing. Get the driver for the version of Windows loaded on the Print Server. In this instance I am using 2012 R2 which is a Windows 8 kernel, so I got both the Windows 8 64bit and 32bit drivers

Extract Drivers

Lots of times the drivers will come as .exe or some installer file that immediately wants to install the driver. I prefer to extract these files before hand and manually add the drivers. You can use the installer if it is a straight extraction but if it tries to install then I would cancel and use WinRAR to extract the .exe.

Load the drivers

Back in Print Management right click on Drivers and choose Add Drivers
Check both 32 and 64 bit boxes.

Driver Selection

On the Driver Selection screen hit Have Disk and browse to the extracted drivers. Start with the 64 bit drivers on a 64bit local OS. Otherwise start with the 32 bit(Rare).
Once you find the .inf file for the 64bit drivers then you will hit ok and it should prompt you for the 32 bit driver file on the next Install Print drivers (x86) screen.
Browse to the 32 bit driver extract and hit ok.
It is rare but you might also be prompted for the 32 bit ntprint.inf file. You have a few choices to get this file. One is to find a 32bit machine in your environment and copy the file from the system32 folder or you can download a copy from the internet.
ntprint.inf link

Add and Share The Printer

Now we have the drivers in place we can add the printer and share it out. This is the same as you have always done so don't get it complicated.
Right click on the Printers folder under Print Servers and choose Add Printer
Choose the option for Add a TCP/IP or web services printer by IP or hostname and hit next
Key in the printer IP address on the LAN and hit next to let it autodetect.
On the next screen it should have the printer name - Change this to something very simple but descriptive of either the printer function or printer type. Something Like HP-ColorLaser or LabelPrinter-Front. This is what the end user will know it best by so make it easy for them.
Check the box for Share this Printer and change the Share Name to the same as the Printer Name. Please set the location and the comment so people can get this info.

Finish Installing Printer

Check the box next to Print Test Page and hit Finish.
Check that the test page printed correctly, remedy any printer issues at this time

List Printer In Active Directory

In the printers section of Print Management you should now have a new printer listed with queue status = Ready.
We are now going to list the printer in AD and get it ready for GPO deployment.
Right click on the Printer and you will see a nice list of options. (see screen shot)
Choose the option to List In Directory - it is just a switch so it does not look like it does anything until you right click again and it should now read Remove from Directory

Deploy with GPO

Now the fun stuff begins we can deploy this to workstations via Group Policy so everyone gets the printers they need wherever they happen to be.
Right click on the printer and choose the option for Deploy with Group Policy

Deploy with GPO - Create Object

Click the browse option and you will be presented with all your Group Policy Objects and templates. Do yourself a big favor and create new GPO objects for each group or grouping of printers. This makes it way easier to find and update later than having to dig through all the GPO's looking for printers.
After clicking browse you will choose the option next to the drop down for create new Group Policy Object.
Name the object something specific like Printers-Site1 or Printers-Floor2
Hit Ok and you will be returned to the Deploy Group Policy Screen and you should see the GPO name is now updated to the new GPO object you just created.

Deploy with GPO - Per Machine

I always try to deploy printers on a per machine basis so that everyone that uses that machine gets the same printers. The only time I ever deploy per user is for accounting or shipping where they had to have access to the check printer or the label printer. I would create a new GPO object for just the per user deployments and let the others be on a per machine basis. This also helps with login loading times as it does not have to enumerate all the printers each time for the users.
Check the box next The Computers that this GPO applies to (per Machine) and Hit ADD.
You will then see the printer name and GPO / connection type listed. Hit OK at the bottom when you are happy with the results.

Create the Printer Security Group In AD

Open AD users and computers and locate your groups folder so we can create a new printer security group.
Create a new Universal security group called Printers-Floor1 or Printers-Site1 to match the name of the GPO you created in the previous step.
Add the computers that you want to have this printer installed into the group at this time. Feel free to nest another computer security group if you have one already created.

Scope GP Object

Open Group Policy and drill down to Group Policy Objects and click on the new Printer-Floor1 object you created. On the right pane you will see Security Filtering. Remove the Authenticated Users and Add the new Security Group Printers-Floor1 you created in the previous step.

Link GPO Object to your Computers OU

In Group Policy Managment drill down to your Computer OU and right click then choose Link an Existing GPO. Find the Printer Object and hit ok.
You should now see the object linked to the OU.

Restart the workstations

Printers only seem to load on startup so you will need to reboot the assigned workstations to get the GPO to apply correctly. I would also take this time to delete any old printers from the end users workstations. I had a ton of old printers pointing to another print server and ended up creating a login script that removed any old connections and then my current printers would apply correctly. You do not have to worry about this on a fresh printer install.

Windows XP and 2003

If you need to push printers out to XP machines then follow the deploy doc to add the Pushprinterconnections.exe logon script to the XP machines.