After you finished your remote session
and if want console remained open and not a locked screen.
This little trick works on Windows Vista ~ Windows 10
tscon 1 /dest:consoleTag: Windows
Chrome's pac file not working after upgraded to 1703
Thanks to info from below link, I'm able to troubleshoot my proxy problem with Chrome.
https://www.chromium.org/developers/design-documents/network-stack/debugging-net-proxy
To troubleshoot, in chrome, chrome://net-internals/#events
It gives you all sorts of information.
The pac file works in IE and Firefox but not in chrome after I upgraded to 1703.
The fix for now is start Chrome with command-line flag:
--winhttp-proxy-resolver
Get Parent Folder by Batch
To get folder from 1 level up:
@echo off
SET CurrentDirectory=%~dp0
echo %CurrentDirectory%
for %%B in (%CurrentDirectory%.) do set ParentFolder=%%~dpB
echo %ParentFolder%
AD account Locked out
Filter Security event, look for these two event id:
4740 - for locked out.
4767 - for unlocked.
4776 - for Credential Validation, then use Find (ex: Source Workstation) to narrow down the search.
Inject Drivers to Boot.wim
There are sometimes after PE Boot, and you need the right drivers for nic or whatever.
This is how you inject the required drivers to a boot.wim
DISM TO MOUNT AN IMAGE:
Dism /mount-wim /wimfile:C:\new\Win10Boot.wim /index:2 /mountdir:C:\tmp
INJECT DRIVER
dism /image:"C:\tmp" /add-driver /driver:"C:\drv\folder" /Recurse
COMMIT AND DISMOUNT
Dism /unmount-wim /mountdir:C:\tmp /commit
Useful Commands
Dism /Image:C:\tmp /get-drivers
Dism /get-wiminfo /wimfile:C:\new\Win10Boot.wim
* Make sure you inject drivers to the right index.
smbiosbiosversion
in CMD, type:
wmic bios get smbiosbiosversionto get serial number:
wmic bios get serialnumberReplace DC with new hardware and keeping old servername/ip
This was the project that completed during this break.
The old infrastucture has 1 PDC (2008R2, standalone) and 1 BDC (2012R2, hyperv)
The aim was to replace the PDC with a new hardware due to its age (about 6 years old and out of warranty)
At the end of the project, We have 1 new PDC (2012R2, standalone) and 1 BDC (2012R2, hyperv)
The whole process turned out pretty straightforward and completed smoothly.
As a summary, here are the main steps taken:
1. Install 2012R2 on the new server, Windows updates 2. Add Roles, ADDS 3. Promote the new server to a Domain Controller 4. Wait for it to replicated across all DCs 5. Transfer FSMO from old server to new server 6. Robocopy, files and folders from old server to new server keeping the same permissions and file structures (because we had file shared from the old server) 7. Install Files and Storage Services on new server 8. Tested Files/Shares and permissions and are working as expected 9. change old server's name to something else using "netdom computername" 10. change old server's ip to something else 11. change new server's name to old server's name 12. change new server's ip to old server's ip 13. Configure DNS Upstream Forwarder on the new server 14. Install/Configure DHCP on new server 15. run dcpromo on the old server to demote from the AD, and decommissioned.
Here are some websites that I reference to complete this project:
1. http://jackstromberg.com/2013/10/migrating-domain-controllers-from-server-2008-r2-to-server-2012-r2/
2. https://www.experts-exchange.com/questions/27872748/Replacing-a-Primary-Domain-Controller-with-new-hardware.html
3. https://www.experts-exchange.com/questions/28233238/robocopy-copy-files-from-one-server-to-another.html
4. http://support.microsoft.com/?kbid=125996 (Import/Export file shares)
5. https://technet.microsoft.com/en-us/library/cc835082(v=ws.11).aspx (Rename Domain Controller)
Notes:
Useful commands: (used in this project)
netdom query fsmo, nltest, dcdiag, ntdsutil, etc
robocopy.exe W:\ D:\ *.* /e /copyall /r:3 /w:2 /nfl /ndl /mt /tee /np /log:"C:\robocopy_20170119.log"
Steps to change Domain Controller name:
1. netdom computername /add (add althernative name)
2. netdom computername /makeprimary (restart server after this)
3. netdom computername /remove (remove old name)
How to reset/add user/password in Windows 10 without login
What happen when you forgot your password to log into Windows 10 and there is no other account that you could log into?
Turn out Windows 10 has a hidden feature which can be very handy in this situation!
Boot the computer with a Windows 10 Installation CD or Win10PE
Once in the command prompt:
move C:\Windows\System32\utilman.exe C:\Windows\System32\utilman.exe.bat
copy C:\Windows\System32\cmd.exe C:\Windows\System32\utilman.exeReboot the computer normally.
When you get to the login screen, normally under bottom right corner, there is this Ease Of Access button 
. Which is now replaced with CMD.
Open the command prompt:
net user <username> <password> /add
net localgroup administrators <username> /addThat's it. You could now login with that newly created administrator account and reset your forgotten password for that accout!
Reference from here
How to Enable Remote Administrative Share in Windows 10
run regedit, browse to:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
Create a new key (DWORD 32bit), LocalAccountTokenFilterPolicy, value = 1
Reboot computer, done.
Reference here.
Enable/Disable Windows 10 Startup programs in Registry
Beside those well known registry location such as HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Not sure this registry exist since Windows 8 or not, but it took me a while to find it out in Windows 10 that there is this registry location to Enable/Disable programs to run during startup.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32
If you need to add this to GPO through GPP, and the key value is type REG_Binary.
You may want to import this registry item, and then browse to it (I added them manually, which didn't work). Or lookup on the internet on how to convert the binary data first.
* this is same as using msconfig to enable/disable startup item.