Some Notes on the Machines

If you get PsTools, and do this:

psexec -i -s CMD.exe

you’ll get another CMD box, where the username is SYSTEM, that is to say, the hostname of the machine with a dollar sign on the right end. If the machine is on a domain, it is DOMAIN\hostname$, have not tested it on a non-domain machine yet.

One software installer recently, required that the folder containing its installer package be TAKEOWNed and ICACLSed, as that system user, before it would run to completion, it must have some odd permissions bug in it.

There are likely to be quite a few circumstances in which this special CMD can be useful.

These steps change quite often, fair warning!

Steps below are as of 2021-01-04. Please note this has to be done in Internet Explorer or Edge.

First, set permissions.

1. Browse to protection.office.com/homepage , log in as tenant administrator
2. Click eDiscovery Manager.
3. Open eDiscovery Administrator, and add your current admin user.

It takes one hour (as of Microsoft support 2021-01-04) for the permissions to take effect. Used to be up to 24. Afterwards, perform the export.

4. Browse to protection.office.com/homepage , log in as tenant administrator
5. In left pane, click Search, then click Content Search
6. Click New Search
7. At bottom, item Specific locations, click Modify
8. At top left, Exchange email, click “Choose users, groups, or teams”
9. Click “Choose users, groups, or teams” in the new window
10. Enter mailbox email address, wait until the search results come
11. Check the mailbox, and click Choose, then Done
12. Click Save
13. Click Save & run
14. Name the query (and PST), click Save. The query will run. Don’t continue until it’s done. It will say “Status: completed” at the lower left.
15. Click on the word “More” at the top, just to the left of the word “Sort”.
16. Click on “Export results”. Choose options appropriately. Click Export.
17. Click on “Exports” above that area, to the right of “Searches”. If the export does not appear, click on Refresh.
18. Click on the export item.
19. Click on “Download results”. A download applet will start, requiring an export key which can be copied from the browser. Paste it in, choose your download destination, and go! It can take a very long time to start, there is a long preparation phase.

To see if there is cleanup to be done:

DISM /Online /Cleanup-Image /AnalyzeComponentStore

To remove obsolete and unused system files:

DISM /Online /Cleanup-Image /StartComponentCleanup

To remove obsolete and unused system files and also service pack uninstallation files:

dism /online /Cleanup-Image /SPSuperseded

To remove obsolete and unused system files and everything prior, making it impossible to reverse any patches:

dism /online /Cleanup-Image /StartComponentCleanup /ResetBase

This:

wmic product where "name like 'Java%%'" call uninstall /nointeractive

appears to work very well for products whose names start with “Java” which are installed in Windows standard fashion.

In Windows Server 2012 R1/2, 2008 R1/2, 7, Vista, and 2003 SP2 and later, whenever time is out of sync, it’s good to run the following two commands in an administrative command prompt (an ordinary command prompt for 2003SP2+):

w32tm /config "/manualpeerlist:north-america.pool.ntp.org 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org 2.north-america.pool.ntp.org" /syncfromflags:MANUAL /reliable:YES /update 
w32tm /resync

If the service has not been registered, the whole canole is:

w32tm /register
net start w32time
w32tm /config "/manualpeerlist:north-america.pool.ntp.org 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org 2.north-america.pool.ntp.org" /syncfromflags:MANUAL /reliable:YES /update 
w32tm /resync

In Server 2003 SP1 and before, and XP, we use this, because /reliable doesn’t exist:

w32tm /config "/manualpeerlist:north-america.pool.ntp.org 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org 2.north-america.pool.ntp.org" /syncfromflags:MANUAL /update
w32tm /resync

Under Windows 2000, we need to go a bit more archaic:

net time /setsntp:north-america.pool.ntp.org
net time /querysntp

Two addenda:

• We used to recommend just pool.ntp.org , but geoblocking has become quite common, so a more geographically appropriate setup is now the rule.
• Do the above for domain controllers, standalone PCs, and mobile laptops. Add the domain controller’s IP to “Time Server” in DHCP, to reach desktops.

If MMC for any Windows administrative tool gets stuck, delete everything here:

C:\Users\USERNAME\AppData\Roaming\Microsoft\MMC

Solves issues with updating Windows 10.

https://support.microsoft.com/en-us/help/4023057/update-reliability

“just-install”:

https://just-install.github.io/

Looks very good, e.g. for Java (!), testing.

If (when) Outlook bogs down, especially when dealing with multiple accounts in a single profile, disable the existing Send/Receive Group and create a new one, make sure all accounts are included, then set that one to be checked every 30 minutes.

There are links on this page:

https://www.itechtics.com/windows-10-1909/