Backtrack:  
Blog
 
Enable RDP access to Windows Server (or client) via GPO
by lunarg on June 12th 2025, at 16:38
By default, RDP access to a server or client is always disabled and needs to be turned on manually. In a domain, you can use a group policy to enable it via GPO but there are several settings to be configured before it works. If one is missed, you may end up with the Enable Remote Desktop slider set to off and grayed out:



Configure the following items in a group policy to properly enable Remote Desktop access:

Computer Configuration → Policies → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → ConnectionsAllow users to connect remotely by using Remote Desktop Services = Enabled

Computer Configuration &r  ...
 
Seizing FSMO roles in a Windows-domain
edited by lunarg on June 11th 2025, at 12:39
If for some reason, the PDC dies horribly, you are left with a semi-working domain. While the basic functionality will still be operational, certain aspects of the domain can no longer be reconfigured. If the broken DC can no longer be rescued, you need to transfer the five FSMO roles to a working DC as soon as possible as to ensure your domain will remain healthy.

If FSMO roles are not transferred time, it can have implications on the following items, depending on the roles that are located on the offline DC:

FSMO roleImplications of lossSchemaThe schema cannot be extended or reconfigured. This is not a problem unless you wish to perform a schema upgrade during the outage.Domain NamingPro  ...
 
Recommended placement of FSMO roles on 2 domain controllers
edited by lunarg on June 11th 2025, at 12:34

Based on recommendations and best practices from Microsoft, and information I found here, I compiled a FSMO placement scenario for 2 domain controllers:

DC1DC2
PDC Emulator
RID Master
Infrastructure Master		Schema Master
Domain Naming Master
Global Catalog

Also, if your domain is top-level in the AD forest, configure DC1 to sync with external time sources.

To transfer roles, it is recommended to use Powershell's Move-ADDirectoryServerOperationMasterRole.

 
Transfer or seize FSMO roles using Powershell
by lunarg on June 11th 2025, at 12:30
Powershell also allows you to easily transfer or seize FSMO roles in an Windows Active Directory. It is now the preferred method and is far more efficient than using the GUI or ntdsutil.

The cmdlet to use is Move-ADDirectoryServerOperationMasterRole and can be used to instantly transfer one, several or all FSMO roles to the designated domain controller.

To transfer all FSMO roles to a DC called NewDC:

Move-ADDirectoryServerOperationMasterRole -Identity NewDC -OperationMasterRole PDCEmulator,RIDMaster, InfrastructureMaster,SchemaMaster,DomainNamingMaster

Note that you can also use numeric values for the FSMO roles to be transferred:

0PDCEmulator1RIDMaster2InfrastructureMaster3SchemaMaste  ...
 
Disable Windows Recall via registry
by lunarg on June 6th 2025, at 14:36

To disable Windows Recall via registry, you can add the registry keys below. They are the GPO-equivalent (for those that want to disable it this way or are unable to use group policies).

Computer policy:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsAI]
"DisableAIDataAnalysis"=dword:00000001

User policy:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsAI]
"DisableAIDataAnalysis"=dword:00000001
 
Removing Azure Arc and Windows Admin Center setup from Windows Server 2025
by lunarg on June 4th 2025, at 15:03
While Microsoft is basically trying to force everyone to move to (paying) Azure for management of local servers by forcefully implementing tools like Azure Arc, many may not want to have this functionality forced on their on-premise servers. Although it has been made increasingly difficult, with Windows Server 2025, it is still possible to remove Azure Arc and other "cloud" functions.

In Windows Server 2025, Azure Arc has been changes to a "Windows capability" but it can be removed via Powershell just the same:

Remove-WindowsCapability -Online -Name AzureArcSetup~~~~

While Windows Admin Center can be useful from a management perspective, if you are using other (third p  ...
 
Bypass Windows 11 24H2 internet connection requirement
by lunarg on May 12th 2025, at 17:05
Windows 11 24H2 requires a working internet connection and Microsoft account during installation, which can no longer be bypassed by clicking the appropiate button. This could be annoying if you don't have a working internet connection or if you don't want to use a Microsoft account. Fortunately, you can still get the "bypass" functionality back if you know how.

During installation, you'll enter the Out-Of-Box-Experience or OOBE. This is the part where you select your country and keyboard layout, and eventually, where you need to log in with a Microsoft account. Instead of continuing the wizard, press Shift + F10 on your keyboard, which will open a command prompt. Type in the comm  ...
 
Stop Chrome from asking to be default browser on Mac
by lunarg on May 8th 2025, at 11:45
At regular intervals, Google Chrome will prompt to make it the default browser if it is not. This can be annoying if you are using Chrome but do not want it to be the default browser. Unfortunately, this behaviour cannot be turned off via the settings, but fortunately, it can be turned off via a manual edit of a configuration file.

Open Finder, from the menu select Go → Go to folder, and past the following path:~/Library/Application Support/Google/Chrome/Default

Find and open the Preferences file with your favourite editor (such as TextEdit).

In the file, search for the text:"browser":{Replace it with:"browser":{"check_default_browser":false,Don't forget  ...
 
 
 
« June 2025»
SunMonTueWedThuFriSat
1234567
891011121314
15161718192021
22232425262728
2930     
 
Links
 
Quote
« Most people tend to avoid true conflict. Ironically this breeds more conflict. »