Some Notes on the Machines

Here is Group Policy:

Computer Configuration / Administrative Templates / Windows Components / News and interests

This tool does the job, it uses Crowdstrike and other major-player tools:

www.hybrid-analysis.com

If you want to prevent non-M365 login to Teams:

answers.microsoft.com/en-us/msteams/forum/all/how-to-disable-the-access-to-team-for-personal-use/79c67ef8-e58f-4ebb-9f82-8e5937348c57

This just worked well, reportedly also works on Dell:

Get-WmiObject Win32_BIOS | Select-Object SerialNumber

OK, so it started as DirSync, is still being called on some pages “Azure AD Connect”, including the download page as of this writing:

www.microsoft.com/en-us/download/details.aspx?id=47594

but it is, apparently, officially renamed Microsoft Entra Connect:

learn.microsoft.com/en-us/entra/identity/hybrid/connect/whatis-azure-ad-connect-v2

except within the URL itself :-)

Please note that this is NOT the same as Microsoft Entra Cloud Sync. The above does LDAP, Cloud Sync does not.

The overall cause of buildup of orphan shadows in “System Volume Information” folders, is physical storage not being able to keep up with demand.

The best first steps I have, are to run what I sometimes call general cleanup. After that, I run PrivaZer without checking traces in free space, which saves time and does not affect performance results. PrivaZer cleans up an amazing variety of NTFS issues, even new installs often benefit.

And after that, three registry entries. Here’s Powershell code to get them in and engaged.

$NewMaxShadowCopies = 8
$NewMinDiffAreaFileSize = 128

# http://www.tomsitpro.com/articles/powershell_registry-powershell_command_line,2-152.html

function setupDWORD {
    param( [string]$regPath, [string]$nameForDWORD, [long]$valueForDWORD )

    ##############
    # Error out if cannot touch the registry area at all
    If ( !(Test-Path $regPath) ) {
        Try {
            New-Item $regPath -Force -ErrorAction SilentlyContinue
            }
        Catch {
            Write-Error ("Could not visit or create registry path " + $regPath)
            Return
            }
        }

    #############
    # If an existing registry entry exists, store its value to report later
    Try {
        $oldValueProperty = Get-ItemProperty -Path $regPath -Name $nameForDWORD -ErrorAction SilentlyContinue
        $oldValue = $oldValueProperty.$nameforDWORD
        }
    Catch {
        $oldValue = ""
        }

    #############
    # Report the changes to make
    Write-Output ("DWORD to write: " + $nameForDWORD)
    Write-Output ("at registry path " + $regPath)
    If ($oldValue -ne "") {
        Write-Output ("Original value is " + $oldValue)
        }
    else {
        Write-Output "No original present."
        }
    Write-Output ("New value is " + $valueforDWORD)

    ############
    # Report no changes to make, set new registry entry, or error out
	If ($oldValue -eq $valueforDWORD) {
		Write-Output "No change to make."
		""
		Return
		}
    Try {
        New-ItemProperty -Path $regPath -Name $nameForDWORD -Value $valueForDWORD -PropertyType DWORD -Force -ErrorAction SilentlyContinue > $null
        }
    Catch {
        Write-Error "Failed!"
        ""
        Return
        }

    "Succeeded!"
    ""
    }

setupDWORD "HKLM:\System\CurrentControlSet\Services\VSS\Settings" "MaxShadowCopies" $NewMaxShadowCopies

setupDWORD "HKLM:\System\CurrentControlSet\Services\VolSnap" "MinDiffAreaFileSize" $NewMinDiffAreaFileSize

setupDWORD 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows' 'DeleteStaleTaskCache' 1

""

"Restarting VSS..."

Restart-Service -Force -Name "VSS"

""

"Complete!"
""

Recently, one site has been blocked from multiple web-based services. All of the services were using Amazon CloudFront as backend. One by one, when the vendors were contacted, they all found that CloudFront was blocking their site’s external Internet IP. This was happening despite the fact that a large number of blacklist checks were coming up green. Eventually, I found these:

talosintelligence.com/reputation_center

www.ipqualityscore.com

www.apivoid.com/tools/ip-reputation-check/

which do a lot more. Not sure how timely some of the reporting is. And they still did not explain the CloudFront issues.

If you can get to an administrative or system shell:

Reset-ComputerMachinePassword -Server DC.domain.local -Credential (Get-Credential)

This can be very useful; apparently Watchguard is documenting some CLI data publicly:

techsearch.watchguard.com/KB/WGKnowledgeBase?lang=en_US&SFDCID=kA10H000000g2wFSAQ&type=Article

This works rather well with the .EXE installer:

installer.exe --dont_fail_on_config_preserving_failures -t "site-token-in-quotes" /qn

Do make sure the site token is in quotes.