If you get PsTools, and do this:
psexec -i -s CMD.exe
you’ll get another CMD box, where the username is SYSTEM, that is to say, the hostname of the machine with a dollar sign on the right end. If the machine is on a domain, it is DOMAIN\hostname$
, have not tested it on a non-domain machine yet.
One software installer recently, required that the folder containing its installer package be TAKEOWNed and ICACLSed, as that system user, before it would run to completion, it must have some odd permissions bug in it.
There are likely to be quite a few circumstances in which this special CMD can be useful.
Categories:
Windows Installer, Updates, Patching
Windows OS-Level Issues

These steps change quite often, fair warning!
Steps below are as of 2021-01-04. Please note this has to be done in Internet Explorer or Edge.
First, set permissions.
- Browse to protection.office.com/homepage , log in as tenant administrator
- Click eDiscovery Manager.
- Open eDiscovery Administrator, and add your current admin user.
It takes one hour (as of Microsoft support 2021-01-04) for the permissions to take effect. Used to be up to 24. Afterwards, perform the export.
- Browse to protection.office.com/homepage , log in as tenant administrator
- In left pane, click Search, then click Content Search
- Click New Search
- At bottom, item Specific locations, click Modify
- At top left, Exchange email, click “Choose users, groups, or teams”
- Click “Choose users, groups, or teams” in the new window
- Enter mailbox email address, wait until the search results come
- Check the mailbox, and click Choose, then Done
- Click Save
- Click Save & run
- Name the query (and PST), click Save. The query will run. Don’t continue until it’s done. It will say “Status: completed” at the lower left.
- Click on the word “More” at the top, just to the left of the word “Sort”.
- Click on “Export results”. Choose options appropriately. Click Export.
- Click on “Exports” above that area, to the right of “Searches”. If the export does not appear, click on Refresh.
- Click on the export item.
- Click on “Download results”. A download applet will start, requiring an export key which can be copied from the browser. Paste it in, choose your download destination, and go! It can take a very long time to start, there is a long preparation phase.
Categories:
Exchange and Exchange Online
To see if there is cleanup to be done:
DISM /Online /Cleanup-Image /AnalyzeComponentStore
To remove obsolete and unused system files:
DISM /Online /Cleanup-Image /StartComponentCleanup
To remove obsolete and unused system files and also service pack uninstallation files:
dism /online /Cleanup-Image /SPSuperseded
To remove obsolete and unused system files and everything prior, making it impossible to reverse any patches:
dism /online /Cleanup-Image /StartComponentCleanup /ResetBase
Categories:
Windows Installer, Updates, Patching
Windows OS-Level Issues
This:
wmic product where "name like 'Java%%'" call uninstall /nointeractive
appears to work very well for products whose names start with “Java” which are installed in Windows standard fashion.
Categories:
Windows Installer, Updates, Patching

In Windows Server 2012 R1/2, 2008 R1/2, 7, Vista, and 2003 SP2 and later, whenever time is out of sync, it’s good to run the following two commands in an administrative command prompt (an ordinary command prompt for 2003SP2+):
w32tm /config "/manualpeerlist:north-america.pool.ntp.org 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org 2.north-america.pool.ntp.org" /syncfromflags:MANUAL /reliable:YES /update
w32tm /resync
If the service has not been registered, the whole canole is:
w32tm /register
net start w32time
w32tm /config "/manualpeerlist:north-america.pool.ntp.org 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org 2.north-america.pool.ntp.org" /syncfromflags:MANUAL /reliable:YES /update
w32tm /resync
In Server 2003 SP1 and before, and XP, we use this, because /reliable doesn’t exist:
w32tm /config "/manualpeerlist:north-america.pool.ntp.org 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org 2.north-america.pool.ntp.org" /syncfromflags:MANUAL /update
w32tm /resync
Under Windows 2000, we need to go a bit more archaic:
net time /setsntp:north-america.pool.ntp.org
net time /querysntp
Two addenda:
- We used to recommend just pool.ntp.org , but geoblocking has become quite common, so a more geographically appropriate setup is now the rule.
- Do the above for domain controllers, standalone PCs, and mobile laptops. Add the domain controller’s IP to “Time Server” in DHCP, to reach desktops.
Categories:
Internet Networking
LAN Networking
If MMC for any Windows administrative tool gets stuck, delete everything here:
C:\Users\USERNAME\AppData\Roaming\Microsoft\MMC
Categories:
Windows OS-Level Issues
Categories:
Windows Installer, Updates, Patching
“just-install”:
https://just-install.github.io/
Looks very good, e.g. for Java (!), testing.
Categories:
Tools
If (when) Outlook bogs down, especially when dealing with multiple accounts in a single profile, disable the existing Send/Receive Group and create a new one, make sure all accounts are included, then set that one to be checked every 30 minutes.
Categories:
Outlook
Categories:
Windows Installer, Updates, Patching