ComputerComments Off on Show All Users on Windows 10/11 Sign-in Screen
By default, modern versions of Windows (tested on Windows 11 21H2 and Windows 10 21H1) always show the list of enabled local users in the bottom left corner of the login screen. Only hidden (see below) or disabled users are not displayed.
To log in to the computer, the user just needs to click on the required user account and specify its password. This only works on computers that are not joined to the Active Directory domain.
If no password is set for the user account, this user will be automatically logged on, even if autologon is not enabled.
If the list of local users is not displayed on the computer logon screen, check the settings of the following local Group Policy options (use the gpedit.msc):
Interactive Logon: Do not display last signed-in = Disabled (Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options);
Enumerate local users on domain-joined computers = Enabled (Computer Configuration -> Administrative Templates -> System -> Logon)
Do not enumerate connected users on domain-joined computer = Disabled/Not Configured (in the same GPO section)
ComputerComments Off on PowerShell Script Sample – Microsoft Teams deployment clean up
This PowerShell script can be leveraged for the cleanup of Microsoft Teams from target machines or users. It should be executed for every user on a targeted machine.
<#
.SYNOPSIS
This script allows you to uninstall the Microsoft Teams app and remove Teams directory for a user.
.DESCRIPTION
Use this script to clear the installed Microsoft Teams application. Run this PowerShell script for each user profile for which the Teams App was installed on a machine. After the PowerShell has executed on all user profiles, Teams can be redeployed.
#>
$TeamsPath = [System.IO.Path]::Combine($env:LOCALAPPDATA, 'Microsoft', 'Teams')
$TeamsUpdateExePath = [System.IO.Path]::Combine($env:LOCALAPPDATA, 'Microsoft', 'Teams', 'Update.exe')
try
{
if (Test-Path -Path $TeamsUpdateExePath) {
Write-Host "Uninstalling Teams process"
# Uninstall app
$proc = Start-Process -FilePath $TeamsUpdateExePath -ArgumentList "-uninstall -s" -PassThru
$proc.WaitForExit()
}
if (Test-Path -Path $TeamsPath) {
Write-Host "Deleting Teams directory"
Remove-Item -Path $TeamsPath -Recurse
}
}
catch
{
Write-Error -ErrorRecord $_
exit /b 1
}
ComputerComments Off on Windows 10 RDP CredSSP Encryption Oracle Remediation Error Fix
For those of you who may have recently installed security updates on Windows 10 workstations in the past few days, you may notice that you receive a peculiar error when trying to establish a remote desktop connection to a server that worked prior to installing the updates. The initial March 13, 2018, release updates the CredSSP authentication protocol and the Remote Desktop clients for all affected platforms. The CVE-2018-0886 consists of installing the update on all eligible client and server operating systems and then using Group Policy or registry settings to configure the options on both clients and servers. Let’s take a look at Windows 10 RDP CredSSP encryption oracle remediation error fix.
Windows 10 RDP CredSSP Encryption Oracle Remediation Error Fix
Just a couple of days ago, the cumulative updates were released below for Windows 10 and Server 2016, etc. These cumulative updates include the fix for the CredSSP encryption vulnerability.
May 8, 2018 – KB4103721 (OS Build 1803) May 8, 2018 – KB4103727 (OS Build 1709) May 8, 2018 – KB4103731 (OS Build 1703) May 8, 2018 – KB4103723 (OS Build 1609 & Server 2016)
Once you have installed the patch on a “vulnerable” workstation and attempt to connect to an unpatched server, you will see the following error message that happens after you type in your password to authenticate to the RDP session.
CredSSP authentication error after installing May 8 2018 patch Windows 10
There is a local policy setting that is added with the installed security updates. You can find this at Computer Configuration >> Administrative Templates >> System >> Credentials Delegation >> Encryption Oracle Remediation. By default this is set to Not configured.
Windows 10 RDP CredSSP encryption oracle remediation error Fix
To Fix the issue as a workaround, set the policy to Enabled and set the Protection Level to Vulnerable. ***Note*** – This is not recommended by Microsoft, as making sure both the client and server is patched is best practice. However, setting the policy to Vulnerable allows your workstation to now connect to the remote desktop session that was previously blocked by the mitigation.
Settings contained in the Encryption Oracle Remediation Fix
There are three settings contained in the policy setting that can be enabled.
Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. Note: this setting should not be deployed until all remote hosts support the newest version.
Mitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients.
Vulnerable: Client applications which use CredSSP will expose the remote servers to attacks by supporting fall back to the insecure versions and services using CredSSP will accept unpatched clients.
Patching is becoming ever more important with security vulnerabilities that are present today. Security is on the minds of everyone and it should be. Compromised systems can lead to data loss and data leak. Keeping up with Microsoft patches and having a routine schedule of patch application is essential for enterprise datacenters running Microsoft server operating systems. By mitigating known vulnerabilities the attack surface is drastically reduced and attacks become more difficult for the would be attacker.
ComputerComments Off on Reset Office 365 ProPlus activation state
1. Remove Office 365 license for Subscription based installs (not Shared Computer Licensing scenarios):
To remove the Office 365 license, you must run two cscript command lines. The command lines are:
A. Run C:\program files (x86)\Microsoft office\office16>cscript ospp.vbs /dstatus
The above command line will generate a report of the currently installed/activated license. (See Below)
NOTE: You might see multiple licenses in the /dstatus report.
B. Make note of value for “Last 5 characters of installed product key”
C. Run C:\program files (x86)\Microsoft office\office16>cscript ospp.vbs /unpkey:“Last 5 of installed product key” For example: C:\program files (x86)\Microsoft office\office16>cscript ospp.vbs /unpkey:WB222 (See Below) Repeat the step above if necessary until all keys are removed.
After running the /unpkey: command line you will see a “Product Key uninstall successful” message. You can now close the Command Prompt and move onto Step 2.
2. Remove cached identities in HKCU registry:
A. In the Registry Editor navigate to HKCU\Software\Microsoft\Office\15.0 or 16.0\Common\Identity\Identities and remove all of the identities under \Identities.
NOTE: If using Shared Computer Licensing remove the above Identities from HKEYUsers\SID.
3. Remove the stored Credentials in the Credential Manager:
A. Open Control Panel > Credential Manager. Remove all Windows credentials listed for Office15 or Office16.
B. To remove the Credential Click on the Drop down arrow and choose Remove from Vault.(See Below)
Shared Computer Licensing scenarios you must remove the Token and identities listed below. File Location Appdata\local\Microsoft\Office\15.0 or 16.0\Licensing
4. Persisted locations that must be cleared
Credential Manager:
Appdata\Roaming\Microsoft\Credentials Appdata\Local\Microsoft\Credentials Appdata\Roaming\Microsoft\Protect HKCU\Software\Microsoft\Protected Storage System Provider
Office 365 activation Tokens and Identity
Appdata\local\Microsoft\Office\15.0 or 16.0\Licensing HKCU\Software\Microsoft\Office\15.0 or 16.0\Common\Identity HKEYU\(The Users SID)\Software\Microsoft\Office\15.0 or 16.0\Common\Identity
The above steps will reset the activation state for Office 365(2013/2016). The activation flow after the locations are cleared will represent an initial activation.
Without any apparent reason my Internet Explorer 8 running under WinXP SP3 started
to improperly show various pages. I quickly discovered that Javascript did not work.
Reinstalling IE8 did not help though, in my opinion, it should!
Long and extensive searching on the web did not help either. All tips how to (re)activate
Java Script [by changing security level in Internet Options and activating scripts]
did not work.
I went for total removal of IE8 and reinstalling it from scratch.
I failed:
– IE8 was not visible on Add/Remove Programs screen
– Directory Windows\IE8 where ‘spuninst.exe’ uninstaller is located was not present.
– Microsoft ‘fix it’ tool MicrosoftFixit50238.msi refused to remove IE8 because
it was blocked by some updates.
What I had to do?
1. Create a restore point
2. Try to carefully remove IE8 manually. I would probably mess up the system.
Creating restore point did not work either! I got a blank screen.
Back to Google search… and BINGO! There was an answer:
ComputerComments Off on Reset Mac Password – without a CD
Using a pretty nifty trick you can reset a forgotten Mac password without a Mac OS X installer CD/DVD. The steps may seem a little intimidating at first but I assure you it’s easy if you follow them exactly, here is exactly how to do this in three stages:
Stage 1) Boot into Single User Mode and remove a setup file
Restart the Mac holding down the Command+S keys, this will take you into Single User Mode and it’s Terminal interface
You’ll need to check the filesystem first: fsck -fy
Next, you must mount the root drive as writeable so that changes will save: mount -uw /
Now, type the following command exactly, followed by the enter key: rm /var/db/.applesetupdone
After removing the applesetupdone file, you need to reboot, type ‘reboot’ and hit enter
Stage 2) Create a New User Account upon System Boot
You aren’t finished, but the hard part is now over – no more command lines, you’ll now be in the familiar Mac OS X GUI to finish the password reset process. In this step we just create a new user account as if you just got a new Mac:
Upon reboot, you will be presented with the traditional “Welcome Wizard” startup screen just like when you first get a Mac
Follow the welcome wizard and create a new user account – making the account name different from the account whose password you want to recover
Continue on and boot into Mac OS X with this newly created user account, this new user account is an Administrator and has administrative access
Stage 3) Reset the Forgot Password via System Preferences
You are almost done, now you just need to reset the forgotten user account password using the Accounts control panel:
Once you are booted into Mac OS X, click on the Apple logo and then navigate down to “System Preferences”
Click on the “Accounts” icon in System Preferences
Click on the Lock icon in the lower left corner of the “Accounts” preference window and enter the newly created user credentials, this enables you to change other user accounts and reset other users passwords
On the left side user panel, select the user account containing the forgotten password
With the user of the forgotten password account selected, click on the “Reset Password” button
Enter a new password for that user, be sure to include a meaningful hint so you don’t forget it again!
Close System Preferences and reboot the Mac
You can now login to the previously inaccessible user account using the newly reset password! All user files and settings are maintained as before the password was forgotten
Optional: If you’d like, you can delete the temporary account you created to reset the users password. This is wise for security purposes.
Here’s how this works: by deleting the .applesetupdone file, you are telling Mac OS X to re-run the setup wizard, which by default creates a new user account with Administrative abilities, which can then reset the forgotten password of any other user on the Mac. This is a great trick and excellent troubleshooting technique if you don’t have a Mac OS X installer CD/DVD laying around, which is pretty much the norm as many people tend to lose or misplace the installer disks that come with their computers. I have used this exact method multiple times to restore various Macs with forgotten/lost passwords.
