Run CMD as SYSTEM to get around lots of different installer bugs etcetera
article #1408, updated 10 days ago

If you get PsTools, and do this:

psexec -i -s CMD.exe

you’ll get another CMD box, where the username is SYSTEM, that is to say, the hostname of the machine with a dollar sign on the right end. If the machine is on a domain, it is DOMAIN\hostname$, have not tested it on a non-domain machine yet.

One software installer recently, required that the folder containing its installer package be TAKEOWNed and ICACLSed, as that system user, before it would run to completion, it must have some odd permissions bug in it.

There are likely to be quite a few circumstances in which this special CMD can be useful.



Export Office 365 Mailboxes to PST using eDiscovery
article #1052, updated 12 days ago

These steps change quite often, fair warning!

Steps below are as of 2021-01-04. Please note this has to be done in Internet Explorer or Edge.

First, set permissions.

  1. Browse to , log in as tenant administrator
  2. Click eDiscovery Manager.
  3. Open eDiscovery Administrator, and add your current admin user.

It takes one hour (as of Microsoft support 2021-01-04) for the permissions to take effect. Used to be up to 24. Afterwards, perform the export.

  1. Browse to , log in as tenant administrator
  2. In left pane, click Search, then click Content Search
  3. Click New Search
  4. At bottom, item Specific locations, click Modify
  5. At top left, Exchange email, click “Choose users, groups, or teams”
  6. Click “Choose users, groups, or teams” in the new window
  7. Enter mailbox email address, wait until the search results come
  8. Check the mailbox, and click Choose, then Done
  9. Click Save
  10. Click Save & run
  11. Name the query (and PST), click Save. The query will run. Don’t continue until it’s done. It will say “Status: completed” at the lower left.
  12. Click on the word “More” at the top, just to the left of the word “Sort”.
  13. Click on “Export results”. Choose options appropriately. Click Export.
  14. Click on “Exports” above that area, to the right of “Searches”. If the export does not appear, click on Refresh.
  15. Click on the export item.
  16. Click on “Download results”. A download applet will start, requiring an export key which can be copied from the browser. Paste it in, choose your download destination, and go! It can take a very long time to start, there is a long preparation phase.



DISM Cleans Up Windows Updates and Cache
article #1158, updated 18 days ago

To see if there is cleanup to be done:

DISM /Online /Cleanup-Image /AnalyzeComponentStore

To remove obsolete and unused system files:

DISM /Online /Cleanup-Image /StartComponentCleanup

To remove obsolete and unused system files and also service pack uninstallation files:

dism /online /Cleanup-Image /SPSuperseded

To remove obsolete and unused system files and everything prior, making it impossible to reverse any patches:

dism /online /Cleanup-Image /StartComponentCleanup /ResetBase



Remove All Oracle Java Products Silently
article #1407, updated 18 days ago


wmic product where "name like 'Java%%'" call uninstall /nointeractive

appears to work very well for products whose names start with “Java” which are installed in Windows standard fashion.



Time synchronization (NTP, SNTP) setup
article #37, updated 25 days ago

In Windows Server 2012 R1/2, 2008 R1/2, 7, Vista, and 2003 SP2 and later, whenever time is out of sync, it’s good to run the following two commands in an administrative command prompt (an ordinary command prompt for 2003SP2+):

w32tm /config "/" /syncfromflags:MANUAL /reliable:YES /update 
w32tm /resync

If the service has not been registered, the whole canole is:

w32tm /register
net start w32time
w32tm /config "/" /syncfromflags:MANUAL /reliable:YES /update 
w32tm /resync

In Server 2003 SP1 and before, and XP, we use this, because /reliable doesn’t exist:

w32tm /config "/" /syncfromflags:MANUAL /update
w32tm /resync

Under Windows 2000, we need to go a bit more archaic:

net time /
net time /querysntp

Two addenda:

  • We used to recommend just , but geoblocking has become quite common, so a more geographically appropriate setup is now the rule.
  • Do the above for domain controllers, standalone PCs, and mobile laptops. Add the domain controller’s IP to “Time Server” in DHCP, to reach desktops.



When MMC gets stuck
article #1406, updated 30 days ago

If MMC for any Windows administrative tool gets stuck, delete everything here:




Microsoft Update Health Tools
article #1405, updated 30 days ago

Solves issues with updating Windows 10.



New Auto-Installer for Windows
article #1404, updated 32 days ago


Looks very good, e.g. for Java (!), testing.



If (When) Outlook Bogs Down
article #1403, updated 32 days ago

If (when) Outlook bogs down, especially when dealing with multiple accounts in a single profile, disable the existing Send/Receive Group and create a new one, make sure all accounts are included, then set that one to be checked every 30 minutes.



Download Windows 10 Build 1909 ISO
article #1402, updated 37 days ago

There are links on this page: