Useful Blog

Category: PC Support

  • Windows Installer – free up disk space without losing anything

    It is possible to move the folder C:\Windows\Installer (which tends to get quite large). The process is to copy the folder to another drive, then create a link from the new location to the old location so Windows thinks nothing has changed.

    The process below does this ‘safely’ so you can reverse the change if something goes wrong. You can delete the Installer.X folder when you’re ready. x: can be any accessible drive.

    attrib -h -s C:\Windows\Installer
xcopy /s /h /o  C:\Windows\Installer x:\Windows\Installer
ren C:\Windows\Installer C:\Windows\Installer.X
mklink /D C:\Windows\Installer x:\Windows\Installer

  • Microsoft Exchange Certificates

    The problem: How to use the Server’s CA to create a certificate with all the names you need included.

    Typically, an exchange certificate should have the names for the externally visible website and the autodiscover site – which may not match the actual name of the server.

    This is what you need to do.

    Create a .cer Certificate – using Powershell

    Using Powershell, you can run a script: CreateCertificate.ps1

    Param([Parameter(Mandatory=$true)] $f)
$data = New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=GB, l=<location>, o=<organization>, cn=<website>" -includeAutoDiscover -includeAcceptedDomains -DomainName <domain-name> -privatekeyexportable $true
Set-Content -path "$f.csr" -Value $data
Certreq -submit -attrib "CertificateTemplate:WebServer" "$f.csr" "$f.cer"

    Then run the script with the parameter of the name of the certificate.

    Create a .cer Certificate Request – using a text file

    To avoid typing in all the details every time, create a file: CertificateData.inf (see http://technet.microsoft.com/en-gb/library/ff625722(v=ws.10).aspx for source):

    [Version]
Signature="$Windows NT$"

[NewRequest]
Subject = "CN=<website>" ; Remove to use an empty Subject name.
;Because SSL/TLS does not require a Subject name when a SAN extension is included, the certificate Subject name can be empty.

Exportable = FALSE   ; TRUE = Private key is exportable
KeyLength = 2048     ; Valid key sizes: 1024, 2048, 4096, 8192, 16384
KeySpec = 1          ; Key Exchange – Required for encryption
KeyUsage = 0xA0      ; Digital Signature, Key Encipherment
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"

RequestType = PKCS10 ; or CMC.

[EnhancedKeyUsageExtension]
; If you are using an enterprise CA the EnhancedKeyUsageExtension section can be omitted
OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
OID=1.3.6.1.5.5.7.3.2 ; Client Authentication

[Extensions]
; If your client operating system is Windows Server 2008, Windows Server 2008 R2, Windows Vista, or Windows 7
; SANs can be included in the Extensions section by using the following text format. Note 2.5.29.17 is the OID for a SAN extension.
2.5.29.17 = "{text}"
_continue_ = "dns=<website>&"
_continue_ = "dns=<website.autodiscover>&"
; Multiple alternative names must be separated by an ampersand (&).

CertificateTemplate = WebServer  ; This is the template name used by the Cerficiate authority.

    Then run:

    certreq -new CertificateData.inf CertificateData.req
certreq -submit CertificateData.req CertificateData.cer

    Convert .cer to .pfx and import into Exchange

    Convert .cer to .pfx by importing the .cer into a certificate store and then exporting it:

    Run mmc.exe, and Add the Certificates snap-in (Computer account, Local Computer).

    Import the certificate into the Personal\Certificates folder and then export it
    – export the private key, select PKCS#12 and include all certificates in the path and export all extended properties. You will need to provide a password.

    Next, run Exchange Management Console as Administator.

    Select Server Configuration, and under Exchange Cetrtificates, import the certificate you just exported. Then run Assign Services to Exchange and select all (except Unified Messaging).

    You may need to restart IIS for the certificate to be picked up.

  • Remove Windows 8 from a domain without the domain admin password

    There are situations where you need to break into Windows 8 (or 7, or XP).
    For example, when a domain controller has disappeared and there are no cached credentials on the computer.

    You will need:

    A windows 8 (or 7) installation disk.

    Here’s how:

    There are three steps:

    1. Break in to the computer so we have a command prompt where we can ‘do things’
    2. Create a new user with local administrator rights
    3. Remove the computer from the domain.

    Step 1: break in

    Boot the computer from the Windows 7/8 Install Disk (I’m using Window 8 for this example):

    Press any key to boot from CD or DVD

    Select the language appropriate for your computer/keyboard:

    Select Language Preferences and press Next

    If you have the Windows 8 installation disk, you can press Shift+F10 here and skip the next few screens – that brings up a command prompt immediately.
    Or click Next and then ‘Repair your computer’:
    Click 'Repair your computer'

    Then select: ‘Troubleshoot’:

    The select Advanced options:

    Finally, select Command Prompt:

    Then you need to check and select the drive letter where windows is installed (it is not always the C: you normally see within Windows). You can do this with ‘DISKPART’ and ‘LIST VOL’. The drive should be clear from what you see unless you have a complicated disk setup:

    Then we temporarily replace Utilmon.exe with cmd.exe and reboot:

    Step 2: Creating an user with administrator rights

    Then we let windows boot through to the sign-on screen. UtilMan is run by clicking on the Ease of Access button, which brings up our command line.

    If we don’t have a valid user, we can now create one:

    net user admin NewPass5 /add && net localgroup administrators admin /add

    Then close the window and log on with the newly created user: admin.

    Note: you do need to type the name of the computer in front of user name (COMPUTERNAME\admin). If you don’t know what the computer is called, just type ‘administrator’ as the username and Sign in to: will tell you the computer name.

    At this point, you can undo the ‘UtilMan.exe’ break-in by opening a command prompt (as admin) and undoing what we did before. [Windows]+X and select ‘Command Prompt (admin)’:

    Step 3: Forcefully removing the computer from the domain

    Bring up the system properties: Alt+X, System, and click on Computer name, domain and workgroup settings: Change settings:

    Then click ‘Change…’ to change the domain or workgroup:

    Set the computer to be in the Workgroup: WORKGROUP:

    Confirm that we know the local administrator password (set the admin user we created in step 2 is fine):

    You will be asked for credentials: use the credentials for the admin user we created:

    Then OK all the dialog boxes and reboot.
    Log back in as ‘admin’ and set up any users you need.