SYPAK #32: Windows 11 – OOBE Allow Local Account

So fun! Testing Win11 Don’t care about any of the cloud, online, blah blah blah. Don’t have network access. Don’t want network access. So here I am again. Hence, my reminder to myself that this is the current (As of Sept 2023) to get to a local account on Win11 22H2 fresh install.

TLDR; oobe\ is a path. bypassnro.cmd is a batch file. Use shift+f10 to open a command prompt at the network configuration step and run oobe\bypassnro (no space).

Thank you, NavyLCDR for this post.

When installing Windows 11, if you want to get around having to connect to the internet and login with a MS account, you can enter the command prompt and run:
oobe\bypassnro

I always thought oobe was the command and \bypassnro was an option switch, and I found it completely odd there was no space in there. I was wrong. The command prompt opens in C:\Windows\System32. In \Windows\System32, is a folder called oobe. And inside the oobe folder is bypassnro.cmd. So, that is what you are running with the command oobe\bypassnro.

The bypassnro.cmd is a script which contains:
@echo off
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f
shutdown /r /t 0

So, it is really a registry key that causes oobe to not require a network, and then subsequently allow you to create a local account on a clean install.

SYPAK #31: Windows – Command Line Access to Mapped RDP Disks

I have sniffed around this solution for quite some time, but just last week came up against an immovable need and finally got serious about making it work. Specifically, I was looking to copy some files from an old server to my local disk for “safe keeping” (until I figure out what to do with the junk utilities I’d amassed), and simple file copy was failing (annoyingly, as it does, For Shame! Windows, that in 202x we STILL just get a failure instead of “continue & log for remediation” report!). For the first time in my career, I didn’t have another server to move “it” to, so…

This is where I found this information: https://itworldjd.wordpress.com/2015/08/03/how-to-access-the-disks-mapped-through-rdp/

Thank you, Jacques Dalbera!

Not quite a reproduction of Jacques’ post, but here ’tis.

Since Windows XP, support for drive mapping to the client during a Microsoft Terminal Services Connection (aka Remote Desktop) session, allowing file copy from the server to the client and vice versa via the file system.

To my knowledge, this is supported only in the Microsoft Remote Desktop Connection (aka MSTSC, RDP) application, and is not supported in the Microsoft Universal Remote Desktop App. I hope to find I’m wrong one day and correct this post, but meantime…

In the Microsoft Remote Desktop Connection (MSTSC) interface, “Local Resources” tab, “Local devices and resources” section, hit “more” to see options for “Drives”. Each volume (removable, fixed, or network) available on the client workstation is enumerated, and can be selected to be connected to the server during the RDP session. Each will show in the server’s Windows Explorer as “volume on computer name”, (e.g. “C on Computer1” for C: drive, or “F on Computer1” for F: drive). This makes for reasonably useful GUI browsing and file manipulation, but what about command prompt access?

I’m so glad you asked.
Drives can also be addressed much like network shares via Universal Naming Convention (UNC), and/or mapped in a similar fashion if that suites the purpose. Volumes on the client are accessible to the server as \\TSCLIENT (note the client workstation’s machine name is not used, but is always referenced with the generic name “TSCLIENT”) followed by the volume’s drive letter, so using the same example as before “C on Computer1” could be connected through \\TSCLIENT\C or “F on Computer1” could be connected through \\TSCLIENT\F. We can display the content of C: drive on Computer 1 via UNC:
DIR \\TSCLIENT\C
and/or map a drive letter to it:
NET USE Y: \\TSCLIENT\C
We can also perform other command prompt actions, like copying files:
COPY \\TSCLIENT\C\USERS\ME\DESKTOP\*.XLS D:\DATA\EXCEL
or what I needed, Robocopying files:
ROBOCOPY \\TSCLIENT\C\ME\DESKTOP D:\DATA\EXCEL *.XLS /Z /ETA
ROBOCOPY Y:\ME\DESKTOP D:\DATA\EXCEL *.XLS /Z /ETA

Note from Jacques’ post, as I have not investigated this: the remote Terminal Services session inherits the user’s permission. So if you are logged on to the workstation as user A and you log in to the Terminal Services server as user B, the session will have access to the drives according to A’s permissions.

I hope this helps future me, and, with a little bit of luck, others out there seeking.

PS here’s another article I found while researching this, complete with some pictures. Thank you, Brandon Lee, even if your commenters feel that you did not write about what the title states. The pictures & process still helped me.

SYPAK #30: Windows 10 – Enable .NET Framework 3.5 Without Internet Connection

tl:dnr;

using your source (I chose to use a Windows 10 .iso file I had recently created using the Windows Media Creator Tool for another project…) and using an elevated command prompt, point dism at the “online” image and feed in the source (in my case, D drive housed my mounted .iso, so D:\Sources\SXS), thusly: dism /online /enable-feature /featurename:netfx3 /source:D:\Sources\SXS /limitaccess

===

The Longer Explanation

Many reasons, actually, might make a person wish to install/enable .NET Framework 3.5; so much so, this is now a “feature enable” option on Windows 10. However, nearly every “how to” do this demonstrates downloading the full (aka “offline”) installer from Microsoft’s download page and then just run the installation. Problem with this is that this kicks off the feature enable, and tries to download a package from Windows Updates to enable the feature. Which means you wasted your time downloading the offline, full installer anyway, but if that works, YAY you! If not… 😦

Usually we get some error, like “Error code 0x800F0954” which never seems to exist when researched but largely boils down to “unable to download/unzip/whatever the package”. In my case, with that error, it was traceable back to my WSUS server not caching the confounded package. No idea why it’s trying to do this, when I’ve downloaded the (full, offline) installer, but whatevs, yo! GRR!

So what to do about it?
As noted at the beginning, we can simply use a cached .iso (or other source) for our installation set and dism. We just need to assemble the correct series of options/parameters, and wham-oh! In like Flynn.

Thank you to Matt Brown for posting this how-to on Spiceworks!

SYPAK #29: Query Windows 7, 10 Install Set for Supported Versions

This starts out pretty simple. Find your .iso or .wim. Mount it (double-clicking will suffice for .iso; dism must be used for .wim files). From there, most of the tutorials online only mention querying a specific .esd or .wim index, using a command like dism /Get-WimInfo /WimFile:F:\sources\install.esd /index:1 . The problem with this is it uses the index switch to tell dism which installer to check, and only (in my experience) returns THAT ONE in the case of multi-version images (which all of those downloaded for Windows Media Creator are, to my knowledge). Instead, one needs to ask dism what indices are available using a command more like dism /Get-WimInfo /WimFile:F:\sources\install.esd

I know they look very similar, because they are. But the big key difference is that the latter will show ALL indices, instead of just the ONE you’ve told it to look at. The difference can be astounding.

These are some of the sites I looked to when attempting to re-learn this little tidbit:

winaero

winhelponline

I was unable to find the ONE site I dug up once upon a time that laid this all out crystal clear, but thank you, anonymous blogger. Thanks to you, I know everyone else only gets it partially right.

SYPAK #25: Repair Windows With DISM and Installer “Disk”

Copied from https://answers.microsoft.com/en-us/windows/forum/all/how-to-repair-corrupt-system-files-from-a/329649e1-112f-44b9-bfd4-d1be00a77fc1

and placed here are those steps which served me well.

BleckfieldReplied on November 11, 2015

In reply to Geezanansato’s post on September 2, 2015

Using DISM to repair windows from the install disc:

Assuming d: drive is where the cd/dvd is

launch cmd prompt as administrator

mkdir c:\mount

DISM.exe /mount-Image /ImageFile:d:\sources\install.wim /index:1 /mountdir:C:\mount\ /readonly

( server 2008, R2, without SP1 (because that is what I was trying to get installed) had to use DISM.exe /mount-wim /wimfile:d:\sources\install.wim /index:1 /mountdir:c:\mount\ /readonly )

make sure this results in:

Mounting image
[==========================100.0%==========================]
The operation completed successfully.then you can run

DISM.exe /Online /Cleanup-image /Restorehealth /Source:c:\mount\windows /LimitAccess

---

LoftyUIReplied on December 12, 2016

In reply to aaronfranke’s post on September 28, 2016

Not claiming to be an expert here but i’ve been dealing with the same issue.

Win pe is preinstall environment, since you are not running windows technically the os image is not online so /online wont work.

Use diskpart, then “list vol” to find what letter your OS partition is and what letter the installation media is then modify the command as such.

“DISM.exe /Image:*letter here*:\ /Cleanup-image /Restorehealth /Source:c:\mount\windows /LimitAccess”

To save having to mount the image beforehand change source to

“DISM.exe /Image:C:\ /Cleanup-image /Restorehealth /Source:WIM:*Install media letter*:\x64\sources\install.wim:1 /LimitAccess”

Depending on the install media you are using if it is only 64 bit install with no option for 32

“DISM.exe /Image:C:\ /Cleanup-image /Restorehealth /Source:WIM:*Install media letter*:\sources\install.wim:1 /LimitAccess”

Some installers use ESD instead of WIM so.

“DISM.exe /Image:C:\ /Cleanup-image /Restorehealth /Source:ESD:*Install media letter*:\x64\sources\install.ESD:1 /LimitAccess”

Still sometimes this fails and thats how i found myself here….

Anyone have any ideas as to why sometimes with a specified offline image /cleanup-image is not recognised as a command? or can someone please further correct my syntax if there are any errors? Thanks

---

I’m just placing this here, where I can find it again.

I’ll be doing this again, soon, and expect I’ll update here when I have a friendly reminder of what actually works. Funny thing, that, once something we do every 2 years or so works, we just move on. Til the next time…

update 8/5/2020. None of this worked for me on the Server 2008 R2 that I needed to get SP1 onto. But the “System Update Readiness” tool, surprisingly, DID fix the whole thing. Weird thing to note: you simply run the “update” (kb 947821) and it “fixes” stuff, logs it, etc. Here’s a link: https://support.microsoft.com/en-us/help/947821/fix-windows-update-errors-by-using-the-dism-or-system-update-readiness#!en-us%2Fhelp%2F947821%2Ffix-windows-update-errors-by-using-the-dism-or-system-update-readiness

It just looks like a standard KM updater, runs like one, but works more like DISM or other toosl when used for repair.

SYPAK #21: Tricking SCCM 2012 R2 Into Re-Running a Deployment

I have yet to find any solid sources on HOW this is ACTUALLY supposed to work, so I’m popping my (re)discovery into the ether in hopes it will help me remember this in the future.

To TRICK SCCM into re-running a deployment (because, for example, you’d like it to try to push to new members of the collection) change the schedule to some point in the future. It will then try to do the deployment then. If you are impatient, and working with a small collection, try changing it (back) to “as soon as possible” (or whatever the exact phrasing is).

 

You, future me, looking for this, are welcome.

SYPAK #14: Re-encode CamStudio’s .avi File to MP4

I admit to being a complete idiot when it comes to video. I just don’t care that much. And I know, “get a Mac, everything just works because rainbows and ponies and unicorns…” But I should not have to use a Mac to get video. Especially for Microsoft Office 365 Video portal, which is the major reason for my  looking into this now. Some background:

I usually record a lecture using a USB microphone (technically a Logitech mic sold for use with Karaoke Revolution, but that’s kind of another story) and CamStudio to capture the slides and any demos I run. It records to whatever kind of .avi file CamStudio outputs. I then upload to YouTube. It works a treat. Now my place of employ wants to move to Office 365 Video portal instead of using Youtube. Mind, I’m fully in favor of this as I hate putting corporate “stuff” onto “we actually now own all your intellectual property; didn’t you read the EULA when you signed-up for it?” sites like YouTube. However, now my process “is broken”. That’s weird. When I do exactly what I’ve always done, it STILL works fine to YouTube, but not to Office 365 Video. Right. It must be that my process is broken. Phffft.

No matter. I am a techie (of sorts). I should be able to figure this out. Right? Well, after hours of wasting time trying to:

1. discover “what kind” of AVI CamStudio outputs
2. convert that to one of the “supported formats” for Office 365 (notice how .avi is listed?)
3. change what CamStudio outputs (oh, wait, .swv and .swf are NOT supported!?!)
4. GRRRRR!
5. using VLC to convert to some other format (any, other format. seriously. None of them worked for me. At all! I can PLAY all the video I want, but I can’t re-format squat!)
6. finally stumbling upon AN answer.

So here ’tis. I’m not saying this is the best way, or the easiest. But it worked for me, so for you, if you’re video stupid like me, using mencoder, which is part of mplayer freeware software

1. Download/install mencoder
   • For Ubuntu, as I stared out using, you can use Software Center, search for mencoder and install; or sudo apt-get install mencoder and follow prompts; or download and install from source.
   • For Windows (7) as I also used, search the web for “mencoder for windows” (here at time of this writing) and just extract mencoder.exe to somewhere handy)
2.  mencoder is a command-line tool.
   1. For Ubuntu open a terminal window. Your command string should look something like this:    mencoder -ovc x264 -ofps 30 -oac mp3lame -af volnorm=1:0.5 out.avi -o out.mp4
   2. For Windows open a cmd window. Your command string should look something like this:          mencoder.exe -ovc x264 -ofps 30 -oac mp3lame -af volnorm=1:0.5 out.avi -o out.mp4
3. et, voilà After waiting for the finish, you will have a functioning, compressed MP4 which WILL work on the Office 365 Video portal, and though untested by me, many other places, as well, I’ll bet!
   

*** Epilogue

I’m willing to bet the x264 encoder from VideoLAN (same company as VLC which I’ve used for eons) will work, but I’ve found didly online about using it. I have just discovered it has a help swtich that spits out lots of info, so that might be another way to accomplish something similar, and VLC “looks nicer” when it comes to the Windows download (plus, been using their VLC player for years).

*** Epilogue #2: 20160519

I had some trouble encoding this way on Windows. It appeared to work fine, but the quality was total crap. So I did some more playing around. I (re) discovered that mencoder is a dead project, and no longer developed. I don’t know why that would matter. If it works on Linux, it should work on Windows, right? But.. Every time I dug into it people said “just get ffmpeg, and a new version. It works better with newer OSes.” So i did. From here: https://ffmpeg.zeranoe.com/builds/

FYI, download, use 7zip (or whatever you use) to extract the program, then open a command prompt, CD into the /bin directory, and run ffmpeg.exe (with all the necessary switches, etc.)

You CAN put it in the path, but it’s not really that much easier, in my opinion…

Then I followed roughly these directions:

http://superuser.com/questions/525249/convert-avi-to-mp4-keeping-the-same-quality

and the commmand I used:

ffmpeg -i input.avi -c:v libx264 -crf 19 -preset slow -c:a libfaac -b:a 192k -ac 2 out.mp4

Worked a treat! Now have lovely output working on Windows 7 as well, with ffmpeg…

 

SYPAK #4 Fixing “The trust relationship between this workstation and the domain failed.”

Go ahead. Try it. Using any search engine, input this error message. Nearly every entry returns “just unjoin and rejoin the domain to fix.”

Yep.

Works great.

Except when you CANNOT unjoin and/or rejoin the domain.

I bumped into this recently with a domain controller. Interestingly, I could not rename the machine, unjoin the domain, or dcpromo.exe /forceremove due to other complications. So I was forced to try to understand this little gem.

It’s generally considered “well-known” that this is caused by a mismatch between the AD password for a computer object and the password the workstation THINKS is correct. As explained here  this is basically a KERBEROS issue. Of course, KERBEROS vs. “password mismatch” pretty well splitting hairs.

 

Anyway, follow the directions in that article, and voilà!

The process (for me) was on a domain controller running Server 2008 R2 and went as follows:

1. Log into affected machine (as mine was a DC, I had to use cached domain creds, as there are no “local” accounts)
2. Open elevated command prompt (right click, runas, etc.)
3. run “net stop kdc” and confirm that it is successful. This stops the “Key Distribution Center”, or the widjet that handles KERBEROS tickets.
4. Then clear the ticket cache by typing klist purge and answering “yes” for each ticket if prompted (I was not)
5. Then type this in: netdom.exe resetpwd /s:<server> /ud:<user> /pd:* where <server> is an IP or name for a “good” domain controller in your environment, <user> is a domain account (domname\user format) capable of resetting passwords, specifically those for the domain controller you’re trying to fix, and /pd:* tells the command to prompt for a password (you can put your password instead of the *, but then you’ll have a plain text password floating around…) You will get a success message back that he local workstation’s password was reset successfully.
6. restart kdc with “net start kdc“
7. Reboot your dc
8. On the affected  DC open Active Directory Sites and Services
9. Expand each node down to the servers level.
10. Select a “good” DC and right click
11. Select “Replicate configuration from the selected DC” from the menu to replicate good ADServices info onto the affected DC.
12. Reboot your DC
13. Enjoy a freshly functioning DC!

Here are some other resources I used:

Good start

Using Netdom in this way

What I was actually trying to fix