A Passionated System Admin's Blog
Powershell, Windows Servers, VMware and Scriptings
Winget is available on Windows 10 version 1809 (October 2018 Update) or later. It’s included by default in Windows 10 May 2020 Update (version 2004) and later versions. Upgrading to a supported version is necessary if you have an older Windows 10.
Sometimes, if the winget installation is corrupted due to some reason, you can the latest winget package from the github for installation. Here is how:
Continue reading “How to Install Winget on Windows 10 and 11”You might sometimes see the error like this when trying to connect to Remote Desktop Session Host server
The remote session was disconnected because there are no Remote Desktop License Servers available to provide a license.
Continue reading “Workaround to connect the server with RDP Licenses not available Error”Although winget exists on your system, but when you try to run the winget with system account (or using the scheduled task with the system account) and you see this error.
winget : The term ‘winget’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Continue reading “Resolving winget not recognized error when running with the System Account”If you encounter Windows update error codes, you can check the System log in the Event Viewer, typically under the event source “WindowsUpdateClient” (though it doesn’t provide much info as always 😂). Another place to look is in the “C:\Windows\Logs\WindowsUpdate.log” file for Server 2012R2 / Windows 8.1 and below. For the later Windows version, you will need to use Event Tracing for Windows (ETW) to generate diagnostic logs.
Continue reading “Most Common WSUS Errors Codes”In this post, I’ve outlined the steps for installing specific versions of Python on WSL in an easy-to-follow manner.
Continue reading “Install Python on Windows WSL”You might have defined the root certificate validity period of Microsoft internal CA as 5 years at initial installation, and what if you want to change the validity period to a longer duration like 10 or 20 years later ? For this, we will need to create a CaPolicy.inf file under windows installation directory (typically C:\Windows) and put some settings and start the renewal process.
Continue reading “How to Renew Root Certificate of Microsoft CA with a longer validity period”The Internet explorer is a bit outdated life-long browser for now. And in this post, I’d like to show some registry tweaks that you can make a bulk computers deployment of page size and font related settings. Below are the topics I cover in this blog.
Some windows updates require a system restart after installation because it needs to change some system files which are currently used by running processes, or changes in registry. You’ll be prompted with the yellow icon shield like in fig-1.
Service related operations such as start/stop/restart windows services are usually assigned to Administrators. Sometimes, you might need to delegate these tasks to non-admin users. In this article, I will show the 4 methods to set the service’s permission to any user account/service account. I will use SQL service (MSSQLSERVER) in domain environment.
Method-1: Using Powershell Module (from TechNet Script Repository, easiest but modules are not trusted by Microsoft)
Method-2: Using subinacl.exe (from Official Microsoft Download, need to install executable locally on computer, an easy method)
Method-3: Using built-in security configuration template in MMC console (do not need to install executable, easy with GUI but more steps are needed)
Method-4: Using built-in service control manager command line (difficult, prone-to-errors if manually configured)
Method-1: Using Powershell Module
Edit: As of Aug,2021, I found that PowershellAccessControl module is no longer available on microsoft gallery. So, alternatively you can download it from github. Extract the zip file and rename the folder name PowerShellAccessControl-master to PowerShellAccessControl and move it to C:\Program Files\WindowsPowerShell\Modules. Before we start, let’s see the SQL service restart option is gray-out for ‘myuser’. See Fig-1.
Open the powershell and check the current service permission for ‘myuser’. To do this, make Get-service and pipeline into Get-EffectiveAccess. Type the following command.
Get-Service MSSQLSERVER | Get-EffectiveAccess -Principal contosomyuser
You can also check the service permission for domain admin account.
Get-Service MSSQLSERVER | Get-EffectiveAccess -Principal contosoadministrator
See Fig-2.
Now, give the user start/stop permission of MSSQLSERVER. See Fig-3.
Get-Service MSSQLSERVER | Add-AccessControlEntry -ServiceAccessRights Start,Stop -Principal contosomyuser
You can see that the ‘myuser’ now has the start/stop/restart permission on SQL service. See Fig-4.
|
Alias
|
Description
|
|
F
|
Full Control
|
|
R
|
Generic Read
|
|
W
|
Generic Write
|
|
X
|
Generic eXecute
|
|
L
|
Read controL
|
|
Q
|
Query Service Configuration
|
|
S
|
Query Service Status
|
|
E
|
Enumerate Dependent Services
|
|
C
|
Service Change Configuration
|
|
T
|
Start Service
|
|
O
|
Stop Service
|
|
P
|
Pause/Continue Service
|
|
I
|
Interrogate Service
|
|
U
|
Service User-Defined Control Commands
|
Now, you can start/stop the SQL service with our normal user account.
So, we will check the current permission of SQL service by the following command.
The command completes successfully. And user now has start/stop permission on SQL service. See Fig-27.
Recently I installed windows 8.1 along with existing windows 10 on my free partition. After reboot, the dual boot option gives me 30 second time-out with the default to windows 8.1 as seen in Fig-1. As I worked with Win-10 most of the time, I need my computer boot directly into windows 10 with less time-out. Since Windows Vista and later, windows shipped with bcdedit.exe which gives enhanced user option to edit the BCD Store (Boot Configuration Data, formerly called boot loader) before calling the windows kernel.You can read a complete windows boot process from the following articles.
https://social.technet.microsoft.com/wiki/contents/articles/11341.the-windows-7-boot-process-sbsl.aspx
https://technet.microsoft.com/en-us/library/ee221031(v=ws.10).aspx
Note: There are many third-party tools if you prefer GUI for this task. EASYBCD has a free (also has a paid version), one of the popular BCD editor tools to work with dual boot systems.
bcdedit.exe has a good many parameters for boot configuration tasks. Check a full list of bcdedit.exe commands with:
bcdedit.exe /?
bcdedit.exe <parameter> /?
1) Backup before you do anything
Like editing registry, you will need to backup the current configuration to avoid unexpected failures. First, create the backup directory under C: and run bcdedit with /export. See Fig-2.
bcdedit.exe /export c:bcdbackup
2) Check the Current BCD setting
You can check the current bcd setting with /enum and /v parameters. As, you can see the default id is {d22d3d4f-c6d9-11e6-bf59-d680d7abcd65} which is Windows 8.1. We need to change this id to the windows 10’s id in the next step. See Fig-3 for all OS lists in the boot menu.
bcdedit.exe /enum /v
3) Change the Default OS and Time-Out Settings
As talked, we need to change the default OS Identifier to {6aea34be-2dec-11e6-9221-9292a8212aa0} which is Windows 10. Also, we want to decrease time-out to 5 sec. Type the following commands one-by-one (replace xxxxx with your own OS id).
** Note that you may see different id for your OS, not the same one here. So, do not copy & paste these commands **
bcdedit.exe /default {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
bcdedit.exe /timeout 5
So, for my case, my Windows 10’s id is {6aea34be-2dec-11e6-9221-9292a8212aa0} (check Fig-3). So, I need to type:
bcdedit /default {6aea34be-2dec-11e6-9221-9292a8212aa0}
bcdedit /timeout 5
4) Check your settings & Reboot (optional)
Now, you can check your setting with the same command. See Fig-5.
bcdedit.exe /enum /v
You can reboot now (or later) to see the results. See Fig-6.
