Every admin has made an error while creating a group policy and blew up an important machine. Murphy’s law states that you will then be unable to get the policy to repeal itself on the machine. Well this handy little tip will save the day. delete the following file while you are logged in a […]
Can’t Use apt-get i.e. /boot is 100% full NOTE: this is only if you can’t use apt to clean up due to a 100% full /boot 1. Get the list of kernel images Get the list of kernel images and determine what you can do without. This command will show installed kernels except the currently […]
The 2960G is a great gig switch that is being pulled from corporations and flooding the grey market. The switch is great for home lab use etc. Most people do not know that if you are running a later version of IOS on it it will also do layer 3 routing! this is how you […]
if you spend any time working on networks you are going to come across the need to identify a device connected to a port on a switch. I use primarily cisco equipment and finding the IPs can be quite a pain in the neck if you are searching the mac on the interface then looking […]
On newer generation computers you may have noticed that the windows key sticker is no longer on the bottom or side of the unit. This can make for some frustration when trying to do a clean rebuild. Well chances are the key is stored int he BIOS of the machine and if you are in […]
If you work with Cisco gear then you need to keep your code updated to stay ahead of security pugs with IOS etc. I always forget a command or 2 so I figured I would write it down for myself as well as others. I am going to go over tftp updating using cli as […]
HOWTO: Configure Windows DHCP for Nortel IP telephones In this example we will configure Windows DHCP for Nortel IP telephones. In addition to your standard Option 003 Router you will also need a custom scope option in order for an Nortel IP phone to boot properly using DHCP. 1. Open the DHCP MMC under Control Panel>Administrative Tools>DHCP […]
As many have heard over the past year older versions of SSL have been compromised and should no longer be used by servers to negotiate communications. however disabling these deprecated SSL versions can be a bit of a headache. I would strongly suggest anyone with public facing servers test them to be safe. I personally […]
This applies for Exchange 2010 as well as Exchange 2013. I just tested this out on both and they both work. Essentially we had a problem, users were not smart enough to go to https://owa.domain.com or https://mail.domain.com/owa (Mostly the HTTPS:// part). With this, users can go to “owa.domain.com” or “mail.domain.com/owa” and it will automatically forward […]
How to Disable Driver Signature Verification on 64-Bit Windows 8.1 or 10 (So That You Can Install Unsigned Drivers) 64-Bit editions of Windows require digitally signed drivers. The problem is that many devices ship with unsigned drivers. Today, we’ll show you how to install them regardless. Digitally signed drivers include an electronic fingerprint that indicates […]
Windows 10 has hit and it is a fast stable operating system. however MS has given us some features that we should be disabling immediately. For example windows updates delivery optimization uses your computer to send windows updates to other folks on the internet. You can disable it by knowing where to go to disable […]
I came across this startling info on a blog and had to share the original information is located at http://lauren.vortex.com/archive/001116.html most importantly it not only tells you about the issue but also tells you how to correct it! very good info Lauren Weinstein! A couple of days ago I discussed a number of privacy and other […]
Every network admin has had to remove a print server from their environment and set up a new one. While installing a print server can be tedious job. the worst part for me has always been updating the installed printers on all of my clients. well with this little vbscript it is no problem at […]
Great info from tech republic – never even knew about this neat little trick! Control panel settings and configurations are typically scattered all over in Windows 8, unless you know about god mode. For the record, I like Microsoft Windows 8. However, just like any operating system, it is not perfect – there are always annoyances. […]
Recently I needed to disable proxy settings on windows machines in a network. I was trying to remove an old proxy based web content filter (eeewww). I know it is only a few clicks but I am all about not using the sneaker net if i can avoid it. Plus it is always nice to […]
I am sure you have installed a GBIC in a Cisco switch that was not manufactured by Cisco. and your switch no doubt shut down the SFP port and gave the following error %PHY-4-UNSUPPORTED_TRANSCEIVER: Unsupported transceiver found in Gi1/0/0 %GBIC_SECURITY_CRYPT-4-VN_DATA_CRC_ERROR: GBIC in port 65538 has bad crc well here is how we fix that […]
I have had many people ask me about commands on switches and I was going to make a cheat sheet but Erik Rodriguez did such a nice job I am going to share his work Great job Erik Cisco IOS Cheat Sheet By Erik Rodriguez These commands are used on all Cisco devices running the […]
Most domain admins these days are following the very smart practice of using a normal user account for their day to day work and another for their domain admin tasks. Usually it is the same username with da at the end, beginning or something similar. The trouble comes in when a admin wants to use […]
I have run into several SB installs with very high memory utilization issues lately. I started poking around and noticed it was MS SQL chewing up all the memory. I thought this was odd so I hit good old google and sure enough it is a very common issue for WSUS to go a bit […]
As most everyone has heard SSL 2.0 has been compromised. Most PCI certification authorities are requiring SSL 2.0 to be disabled. I am sure with poodle SSL 3.0 is not far behind but that is for another article. I have written the following batch file to make all the needed changes and save some legwork. […]
These are notes I’ve compiled after many years of supporting Northern Telecom/Nortel Networks SL1, Meridian 1 and NCS 1000 phone systems. While graphical tools exist, many times it’s easier to connect via serial terminal or a telnet session and use the command line for common tasks. ADD AN AREA CODE > LD 90 REQ NEW […]
Many times I came across one issue… how to grant access to CLI (Command Line Interface) on Cisco devices without creating separate username and password for each user on each device? In order to resolve that I did use AAA features of Cisco IOS and built-in Windows Server 2008 R2 component – NPS (Network Policy […]
Many windows admins these days are very busy upgrading/replacing windows XP. I am not going to go into how very important to remove windows XP machines from our environments since it is now EOL and no patches will be released any longer. What I am going to show you is how to find all those […]
We just recently begun building an Exchange 2013 DAG to support out email environment. This is part of an internal shift to Lync 2013 and Exchange 2013 for unified communications. We followed Microsoft instructions on building my first 2013 machine, migrated a single test mailbox and started testing. We found no mail flow between […]
VMWare Converter uses a protocol called NFC for the cloning process. To increase security, encryption was introduced with Converter 5.0 for the data transfer. Unfortunately this comes at the expense of performance. If you do not need this security feature, it is possible to improve the speed and performance of your conversions dramatically. To achieve […]
If you have a career in technology then you know how important certifications are to obtain a good position. I have been taking exams for quite some time and along the way I have found that practice exams are the best way to prepare. You can enroll in boot camps and they are great however […]
I have been pulling my hair out for a couple days trying to figure to get the EFA spam filter tagged messages to automatically go to my exchange outlook users junk mail folders. I finally figured it out and I would like to share it. First what are we trying to accomplish with this. the […]
That’s right, you can pull all of your email users into E.F.A. and authenticate against AD (probably any LDAP server)! I plan on making this a configuration option in a later release of E.F.A. For now, follow these steps. 1) Create a user and password (proxy service account) in AD to allow username lookups 2) […]
EFA Project works great out of the box. However I did run across one issue. By default it only scans messages that are 200k and smaller. This worked great in the past when bandwidth was expensive and spammers were using plain text. however these days they are sending pictures to get by spam filters etc. […]
If you are like me spam and virus filtering for email servers is a very costly and time consuming task. There are many great retail solutions that do a excellent job of filtering. But they are costly and generally licensed on a per mailbox basis. Some would say that most newer mail servers such as […]
Exchange 2013 451 4.7.0 Temporary server error. Please try again later. PRX5 In Exchange 2013 RTM and Exchange 2013 CU1 you may occasionally receive the following errors in your Outlook clients as seen below. <strong>451 4.7.0 Temporary server error. Please try again later. PRX5</strong> And in the connectivity logs you may see NS server […]
I have run into the max message size limit alot lately especially in sbs 2011 installs. most people need the limit increased to at least 20 meg. you can follow this documentation to do so. this can also be done with the gui however the exchange powershell makes these changes much faster. Size limits […]
The issue and solution described here is by design, but not known by every customer so here’s my short write-up on this subject. Recently, I was at a customer reporting issues with several users not being able to synchronize their mobile devices using ActiveSync. The customer was running Exchange 2013 SP1 and used various […]
Hi Windows Lovers!? (Looking to install Windows Server? The same steps apply, but for a server specific guide, go here Create a bootable Windows Server 2012 R2 installation USB flash drive) This time I’ll help you find a way to install Windows 8.1 quick and easy, from a simple USB flash drive. It’s a piece of […]
Show Exchange Message Size Limits in SBS 2008/2011 It seems like every month I get a call about someone not being able to send or receive an email due to size limits. If you know where all the limits are in the Exchange Management Console (and if you’re aware of the 30% bloating that happens […]
You get “Iashlpr initialization failed” error after installing DHCP on Windows 2008R2 After installing DHCP server on windows 2008 R2, you notice that your system event log will be filled with Errors Event ID: 1070 “Iashlpr initialization failed: The DHCP service was unable to access path specified for the audit log. So DHCP server cannot […]
Enable Remote Management You may receive the following, somewhat misleading, error panel when attempting to remotely manage a Core machine. The panel correctly tells you that you have to enable the windows firewall rules. It tells you the wrong rule sets when the machine you are trying to manage is a server 2012 instance, probably […]
Activating Server Core Depending on the output of the command you entered to check the status you can activate your Server Core installation in a couple of ways: Activating with a pre-entered product key When you entered a product key when you installed Windows Server 2008 but didn’t select the option to activate automatically you […]
With working on my MCSE for server 2012 I needed to learn how to use windows server 2012 core. unfortunately configuring basic settings from the power shell is a whole lot different than the gui. You can configure everything and then uninstall the GUI but that is not really the correct way to do it. […]
Upon deploying my first windows 2012 r2 essentials box with anywhere access enabled. I was surprised that I could only access the servers dashboard remotely. That is obviously a problem for working on the server remotely. Oddly enough it is not a very well known fix to change it. First thing log in to the […]
new wireless lan controller keeps failing rdius authentication with errors like this RADIUS server 10.x.x.x:1645 deactivated in global list RADIUS server 10.x.x.x:1645 failed to respond to request (ID 65) for client 00:0b:6b:87:54:d2 /user ‘unknown’ the problem is 2 fold the cisco wireless lan controller radius configuration defaults to a time out of 2 seconds. you […]
Tutorial: 802.1X Authentication via WiFi – Active Directory Network Policy Server Cisco WLAN Group Policy Here is how to implement 802.1X authentication in a Windows Server 2008 R2 domain environment using Protected-EAP authentication. I have designed the tutorial to be worked on in the specific order to prevent downtime if deployed during the day. By […]
Issue “Please insert overwritable media into the robotic library using the import command is displayed and the job status Queued during a backup job and overwritable media is available in the library and media sets. Error Alert:: Please insert overwritable media into the robotic library using the import command Cause Even after Basic troubleshooting […]
Had a puzzler last week. Client called up to say one of his contacts couldn’t email him. It was being rejected. Message Rejections will be a common problem for many people, and the best thing to do is get a copy of the rejection message or what i call NDR (Non Delivery Receipt (or Report) […]
If you need to export a list of user mailboxes (because your boss is making you or you simply have nothing better to do), it is quite an easy task if you have Exchange 2007 and up because of PowerShell snapins. You can just fire up PowerShell and import the Exchange 2010 Module. Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 Then: […]
Iperf is a neat little tool with the simple goal of helping administrators measure the performance of their network. Worthy of mention is the fact that it can measure both TCP and UDP performance on a network. Iperf is cross platform software and open source. You can download Iperf.exe from: Iperf.exe Linhost.info or Iperf.exe Ucf.edu We will […]
HOWTO: Configure Windows DHCP for Avaya IP telephones In this example we will configure Windows DHCP for Avaya IP telephones. In addition to your standard Option 003 Router you will also need a custom scope option in order for an Avaya IP phone to boot properly using DHCP. While I do reference the IP Office […]
Steps to take if your web application does not support the new Internet Explorer version 10. Find the recommended browser for your particular web application, by searching the KnowledgeBase for “recommended browser” for your application. You can test if Internet Explorer 10 will work by clicking the Compatibility View icon on the IE address […]
I was an early adopter of windows 8. And I do admit it is a very fast stable OS but MS really blundered in my opinion when it took away windows basic functionality we have used for the past 25 years. Yup I mean the trusty start button! I can understand getting away from that older technology […]
I have quite a few things going on at work at the moment. We are retiring an old Windows 2003 domain controller and bringing in a fresh new Server 2008 R2 DC as its replacement. This old server had many things on it which needed to be migrated off. Microsoft Certificate Authority was one of […]
As many folk have probably run into the domain admin from time to time is asked to obtain emails etc. from users mailboxes for whatever reason. You could reset the users password and login that way but what if you do not want to do that? well you can give a user access to all […]
There may come a time when you want to move a SharePoint content database from one disk on your SQL Server to another. Perhaps you installed SharePoint in standalone mode and don’t like the location it chose or you just need to move some stuff around. The following assumes you are moving the database from one disk […]
I am sure many of you have tried to open a document that has been emailed to you only to have word give you the ambiguous nondescript error about not being able to open the document. well here is how to get rid of it. BTW it is also easily remedied via group policy which is how […]
With the release of Windows Server 2008 and IIS 7, Microsoft has included PHP5 FASTCGI support. ISAPI is still faster in my opinion, and if used correctly, very stable. PHP uses a 32-bit DLL so it will not work with an x64 system. There are several ports of PHP to x64, but all have proved […]
I was cleaning up orphaned roaming profiles on one of my citrix boxes and ran across a profile I could not delete. in the past a quick reboot of the server solved the issue but not this time. every time I tried to delete the folder I got the “unable to delete directory: Access denied” […]
If you are administering a large domain I am sure you have the headache of trying to keep user accounts current. people come and people go and the network admin is usually the last person any one tells. Unfortunately that leaves a serious security vulnerability for you to deal with. possible high level accounts just hanging out in limbo. […]
10. Run Automatic Maintenance on a Schedule Windows 8 has a new feature that runs automatic maintenance tasks like software updates, security scanning, and other diagnostic tests daily. By default, it runs them at 3AM, of if you’re using your computer, the next time your computer becomes idle. You can change this time in the […]
Windows 8 is provoking a Marmite-like reaction among users, but that doesn’t mean you’ll fall directly into the love or hate camps. It’s more likely you’ll find certain new features useful and others unnecessary. If you’re pining for features no longer present, this article is for you.In this how-to guide, I’ll reveal how to water […]
Ok so you took the plunge and are running some version of VMware. Now you want to squeeze every bit of performance out of your hardware possible. In a previous post we went over changing your scsi controller to a para virtual adaptor fit hat is optimized for vm performance. Next up your network adaptor! […]
Why would I want to do this? well para virtual scsi controllers do not require as much system resources from the host to run and therefore give you better performance. woohoo how do we do this? http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1002149 1. While the VM is running, add a new disk with SCSI ID 1:0 (or 2:0 if 1:x already exists) […]
If you are using a tape library with Symantec Backup Exec you have probably been annoyed hen you went to the library to remove a tape to see the library is locked message. I know it has caused me to use a couple not so work friendly words. Well here is a easy way to […]
Well everyone has shelled out their hard earned cash on a antivirus product at some time or another. Well no need to do that any longer there are many free options out there these days avg for instance http://free.avg.com/us-en/homepage and MS security essentials http://windows.microsoft.com/en-US/windows/products/security-essentials I personally use and recommend MS security essentials for simple reasoning. MS makes […]
So you have exchange server and a webserver on your network with only one server. So what do y0u to get the folks that forget to put the https on the beginning of your webmail url to the right spot. If you had multiple ips it would be easy just redirecting all ssl traffic to a […]
Most drivers these days are signed by manufacturers for security reasons as well as monetary for MS but that’s another discussion all together. But if you are like me and need to use legacy or obscure hardware than windows 8 poses a particular issue out of the box. I personally use a USB to serial adaptor for […]
An often asked question is how to reclaim space after a service pack installation. We’ve talked about VSP1CLN and COMPCLN for Windows Vista and 2008. Now that SP1 is out, it’s time to talk about how to do this on Win7/R2. It’s a DISM command now: DISM.exe /Image:C:\test\offline /Cleanup-Image /spsuperseded /hidesp NOTE: This command is […]
HOWTO: Configure Windows DHCP for Nortel IP telephones
In this example we will configure Windows DHCP for Nortel IP telephones. In addition to your standard Option 003 Router you will also need a custom scope option in order for an Nortel IP phone to boot properly using DHCP.
1. Open the DHCP MMC under Control Panel>Administrative Tools>DHCP
2. Right click on the DHCP server name at the top of the tree on the left side of the screen immediately under “DHCP” and select “Set Predefined Options”.
3. Click on the [Add] button.
4. Under Name enter “Call Server Information” and select a Data type of “String” and a Code of “128” then click [OK].
5. Repeat step 4 above to add option 191. Under Name enter “VOIP-VLAN” and select a Data Type of “String” and a Code of “242” then click [OK].
From this point on things will change if you are using a single VLAN for both Voice and Data or two separate VLANs. I will cover both.
We will assume your Call Server is using the default IP address of 192.168.42.1 (modify to match your actual IP address).
********** If using only a single VLAN for both Voice and Data ********** 1. Expand our your DHCP scope and right click “Scope Options” and select “Configure Options”
2. Scroll down and locate option 128. Under “String value” enter the following:
********** If using a separate VLAN for Voice and Data (we will use “4” for the Voice VLAN tag in this example) ********** 1. Expand out your DATA DHCP Scope and right click on “Scope Options” and select “Configure Options”
2. Scroll down and locate option(s) 191. Under “String value” enter the following:
3. Expand out your VOICE DHCP Scope and right click on “Scope Options” select “Configure Options”
2. Scroll down and locate option(s) 128. Under “String value” enter the following:
(NOTE: There are many other values that can be entered under your option 128 )
As many have heard over the past year older versions of SSL have been compromised and should no longer be used by servers to negotiate communications. however disabling these deprecated SSL versions can be a bit of a headache.
I would strongly suggest anyone with public facing servers test them to be safe. I personally use this site to test my web servers as it is the most comprehensive security test I have found.
I have used reg scripts and such to do it but they sometimes did not work out perfectly luckily I came across a freely available utility that allows you to enable and disable these features as needed.
I would suggest Clicking the best practices button as that will select all of the appropriateSSL methods for you.
This applies for Exchange 2010 as well as Exchange 2013. I just tested this out on both and they both work.
Essentially we had a problem, users were not smart enough to go to https://owa.domain.com or https://mail.domain.com/owa (Mostly the HTTPS:// part). With this, users can go to “owa.domain.com” or “mail.domain.com/owa” and it will automatically forward to the HTTPS site.
NOTE** We have UCC SSL certs for both these servers. I’m not saying it will NOT work without them, I’m saying I have not tested such an environment.
Steps (7 total)
1Rename Web.Config File
Go to the Windows Server on which Exchange is on. Go to the directory C:\inetpub\wwwroot and look for the web.config file. Rename this file “web.config.old”. **KEEP THIS FOLDER OPEN, YOU WILL COME BACK TO VERIFY SOMETHING LATER***
Next, open up Admin CMD.
Enter the following lines one at a time.
Verify that it starts again. If it does not, reboot the server.
Go back to the directory of C:\inetpub\wwwroot. Make sure,at this time, there is NO web.config file and the web.config.old file is still there.
3Open IIS Manager
Open up IIS Manager, expand local computer, expand site and click on “Default Web Site”
Make sure you are viewing “Default Web Site” in “Feature View” (It is clickable at the bottom). Then in the middle pane, double-click on HTTP Redirect.
Type the absolute path of the /owa virtual directory. For example, type https://mail.domain.com/owa.
– Do NOT type in what you want the website to be, you need to type in the actual virtual directory.-
Next, make sure the box is checked for ” Only redirect requests to content in this directory (not subdirectories)” – Leave the other box unchecked.
!!!!! Do not do this for the ECP directory leave it unchecked or it will break the web managment aspect of exchange. !!!!!
In Status Code, click and choose Found (302)
NOTE: This should be like this by default.
Click Apply in the top right
On the left pane, click on “Default Web Site”. Then in the middle pane double-click on SSL Settings. At the Default Web Site, UN-CHECK “Require SSL” ONLY for this level.
Go to Each other level “aspnet_client” “Autodiscover” “ecp” “EWS” “mapi” “Microsoft-Server-ActiveSync” “OAB” ‘owa” “PowerShell” “Rpc” and make sure that “Require SSL” is CHECKED
To do this, at each level you much click on the level, and then double-click on “SSL Settings”, after your changes, apply them and then move onto the next level.
**You do not need to touch Exchange Back End”**
Go back to the directory of C:\inetpub\wwwroot and verify that a new web.config file has been created. If it has not, a server reboot is needed.
7DNS (May or may not be required)
This next step is for if you have an older environment that you are upgrading or have upgraded. Because Microsoft now says that best practices to ONLY use .COM in everything internal and external, it creates complications for networks that have been upgraded from a 2003 environment. A DNS entry will need to be manually created for the users internally to access OWA this way.
**This will vary from site to site. Your company may do it different from us, but I am only giving examples of what we did. Essentially it will be similar no matter what**
Go to your DNS server, and open up DNS management.
If you do not all ready have an A-Record for your mail server at the .COM level, you should put one in at this time
mail.domain.com points to 192.168.100.xxx
Next you will need to create a CNAME record. You want to do this at the same level, the .COM level.
Following the Example before, you want to point this to your previous A-Record, so in this case: “mail.domain.com”
**NOTE: it is best to browse to it using the browse feature to ensure any spacing or typos**
Once this is done, it should work internally and externally on the old systems originally running 2003 environments with .Local.
This will work on Exchange 2010 working on Server 2008R2. The server I showed here is a Server 2012R2. I hope this works for all of you as it has worked for me.
This information was taken from http://community.Spiceworks.com in a post by Johnny Lambert great information
How to Disable Driver Signature Verification on 64-Bit Windows 8.1 or 10 (So That You Can Install Unsigned Drivers)
64-Bit editions of Windows require digitally signed drivers. The problem is that many devices ship with unsigned drivers. Today, we’ll show you how to install them regardless.
Digitally signed drivers include an electronic fingerprint that indicates which company the driver was produced by as well as an indication as to whether the driver has been modified since the company released it. This increases security, as a signed driver that has been modified will no longer have an intact signature. Drivers are signed using code signing certificates.
How to Disable Driver Signature Verification on 64-Bit Windows 8.1 or 10
To disable driver signature verification, we’re going to need to get into the Troubleshooting options from the boot manager. The easiest way to bring this screen up is using a secret trick.
Simply select Restart from the power options menu (on Windows 8 that’s under Charms or on the login screen, and in Windows 10 it’s on the Start Menu).
Hold down the SHIFT key while you click Restart.
(Again, you can use this trick on any of the power menus in Windows 8 or 10, whether on the login screen, Charms bar, Start Menu, or Start Screen)
Once your computer has rebooted you will be able to choose the Troubleshoot option.
Then head into Advanced options.
Then Startup Settings.
Since we are modifying boot time configuration settings, you will need to restart your Computer one last time.
Finally, you will be given a list of startup settings that you can change. The one we are looking for is “Disable driver signature enforcement”. To choose the setting, you will need to press the F7 key.
That’s all there is to it. Your PC will then reboot and you will be able to install unsigned drivers without any error message
Thanks to the folks over at How to geek a direct link to their post is
Windows 10 has hit and it is a fast stable operating system. however MS has given us some features that we should be disabling immediately. For example windows updates delivery optimization uses your computer to send windows updates to other folks on the internet. You can disable it by knowing where to go to disable the radio buttons etc. However I receive calls from people on how to address this and it is much easier for me to script it and send the file to them and correct all their issues with a simple double click of the mouse.
Update: added VB script version
what issues does this script address
- windows update optimization
- sync info to cloud account
- data collection by MS
- Ad personalization by MS
- windows error reporting
Now that you know what you are looking to correct here is how you can get things set. Just copy and paste the following into a txt file and save it with a .bat or .cmd extension and double click it. the settings will be changed without you having to hunt through all the hidden menus. Or you can just download it already to go from here. windows10scripts
REM disable using your machine for sending windows updates to others
reg add “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config” /v DownloadMode /t REG_DWORD /d 0 /f
REM disable sending settings to cloud
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync” /v DisableSettingSync /t REG_DWORD /d 2 /f
REM disable synchronizing files to cloud
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync” /v DisableSettingSyncUserOverride /t REG_DWORD /d 1 /f
REM disable ad customization
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo” /v DisabledByGroupPolicy /t REG_DWORD /d 1 /f
REM disable data collection and sending to MS
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection” /v AllowTelemetry /t REG_DWORD /d 0 /f
REM disable sending files to encrypted drives
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices” /v TCGSecurityActivationDisabled /t REG_DWORD /d 0 /f
REM disable sync files to one drive
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive” /v DisableFileSyncNGSC /t REG_DWORD /d 1 /f
REM disable certificate revocation check
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers” /v authenticodeenabled /t REG_DWORD /d 0 /f
REM disable send additional info with error reports
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting” /v DontSendAdditionalData /t REG_DWORD /d 1 /f
REM disable cortana in windows search
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search” /v AllowCortana /t REG_DWORD /d 0 /f
REM disable web search in search bar
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search” /v DisableWebSearch /t REG_DWORD /d 1 /f
REM disable search web when searching pc
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search” /v ConnectedSearchUseWeb /t REG_DWORD /d 0 /f
REM disable search indexing
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search” /v AllowIndexingEncryptedStoresOrItems /t REG_DWORD /d 0 /f
REM disable location based info in searches
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search” /v AllowSearchToUseLocation /t REG_DWORD /d 0 /f
REM disable language detection
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search” /v AlwaysUseAutoLangDetection /t REG_DWORD /d 0 /f
For those of you who prefer to work with VB scripting You can use the following code.
Set WSHShell = CreateObject(“Wscript.Shell”)
On Error Resume Next
#This script will remove and create new registry entries on your windows 10 PC it is intended only for windows 10
#Ths script is provided for informational use only please use at your own risk
#Len McGeary http://www.mcgearytech.com
#these commands delete all currently created keys for settings we want to change we do this so we can re create the keys as we want them cleanly
#delete key disable using your machine for sending windows updates to others
#delete disable sending settings to cloud
#delete disable syncronizing files to cloud
#delete disable ad customization
#delete disable data collection and sending to MS
#delete disable sending files to encrypted drives
#delete disable sync files to one drive
#delete disable certificate revocation check
#delete disable send additional info with error reports
WSHShell.RegDelete “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData”
#delete disable cortana in windows search
WSHShell.RegDelete “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowCortana”
#delete disable web search in search bar
WSHShell.RegDelete “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DisableWebSearch”
#delete disable seach web when searching pc
WSHShell.RegDelete “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\ConnectedSearchUseWeb”
#delete disable search indexing
WSHShell.RegDelete “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems”
#delete disable location based info in searches
WSHShell.RegDelete “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowSearchToUseLocation”
#delete disable language detection
WSHShell.RegDelete “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AlwaysUseAutoLangDetection”
#Now We will write our new registry entries
#write disable using your machine for sending windows updates to others
WSHShell.RegWrite “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\DownloadMode”, 0,”REG_DWORD”
#write disable sending settings to cloud
WSHShell.RegWrite “HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync\DisableSettingSync”, 2,”REG_DWORD”
#write disable syncronizing files to cloud
WSHShell.RegWrite “HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync\DisableSettingSyncUserOverride”, 1,”REG_DWORD”
#write disable ad customization
WSHShell.RegWrite “HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo\DisabledByGroupPolicy”, 1,”REG_DWORD”
#write disable data collection and sending to MS
WSHShell.RegWrite “HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection”, 0,”REG_DWORD”
#write disable sending files to encrypted drives
WSHShell.RegWrite “HKLM\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices\TCGSecurityActivationDisabled”, 0,”REG_DWORD”
#write disable sync files to one drive
WSHShell.RegWrite “HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive\DisableFileSyncNGSC”, 1,”REG_DWORD”
#write disable certificate revocation check
WSHShell.RegWrite “HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\authenticodeenabled”, 0,”REG_DWORD”
#write disable send additional info with error reports
WSHShell.RegWrite “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData”, 1,”REG_DWORD”
#write disable cortana in windows search
WSHShell.RegWrite “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowCortana”, 0,”REG_DWORD”
#write disable web search in search bar
WSHShell.RegWrite “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DisableWebSearch”, 1,”REG_DWORD”
#write disable seach web when searching pc
WSHShell.RegWrite “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\ConnectedSearchUseWeb”, 0,”REG_DWORD”
#write disable search indexing
WSHShell.RegWrite “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems”, 0,”REG_DWORD”
#write disable location based info in searches
WSHShell.RegWrite “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowSearchToUseLocation”, 0,”REG_DWORD”
#write disable language detection
WSHShell.RegWrite “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AlwaysUseAutoLangDetection”, 0,”REG_DWORD”
#Thats it you are all done
Set WSHShell = Nothing
I came across this startling info on a blog and had to share the original information is located at http://lauren.vortex.com/archive/001116.html
most importantly it not only tells you about the issue but also tells you how to correct it! very good info Lauren Weinstein!
A couple of days ago I discussed a number of privacy and other concerns with Microsoft’s new Windows 10, made available as a free upgrade for many existing MS users:
Windows 10: A Potential Privacy Mess, and Worse:
The situation has only been getting worse since then. For example, it’s been noted that the Win10 setup sequence is rigged to try fool users into switching to an MS browser, irrespective of their browser settings before they started the upgrade:
Mozilla isn’t happy with Microsoft for changing how users change the default web browser in Windows 10:
Pretty bad. But we have even lower to go, as we’ve seen that by default, Windows 10 actually steals bandwidth from your ISP connection so that Microsoft can use your computer, and your connection, to send MS updates to their other customers.
Huh? Say what?
Yep. It’s a devious little feature called Windows Update Delivery Optimization. It’s enabled by default. For Enterprise and Education users, it operates over the local LAN. For ordinary Home type users, Microsoft can send their data update goodies to potentially any PC on the global Internet — from your PC, over your Internet connection. On your dime.
We could get into the pros and cons of local updates being staged between local machines on a LAN as opposed to the outside Internet.
But as soon as MS decided that it’s A-OK for them to use my Internet connection to cut down on their bandwidth costs serving their other customers — without asking me for my specific permission first — the situation blows into the red zone immediately.
Microsoft makes the predictable excuses about this high-tech thievery.
There’s a way you can turn it off. Yeah, buried down deep in the settings, assuming you even know about it in the first place. MS claims they only use your connection when it’s “idle” by their definitions. Thanks a bunch.
Oh yes, and (how generous of them!) Microsoft notes that they won’t steal bandwidth this way from “metered” connections.
But here’s the catch — in many common configurations you have to manually indicate that a connection shouldn’t be used for MS’ update delivery scheme, otherwise Microsoft would have no way to know if (for example) you’re paying by the gigabyte or have a low bandwidth cap.
Above all, the sheer arrogance of Microsoft to enable this bandwidth theft by default is stunning.
I don’t care if they want to move 1K or 1gig to their other happy users, I want to damn well be asked permission first!
Obviously, this general category of peer-to-peer data transfer is used on the Net in other contexts, such as torrents for example — but that’s something you do voluntarily, of your own volition. Comcast uses the bandwidth of many Comcast users to turn modems in people’s homes into public Wi-Fi access points. This has been highly controversial, but at least Comcast is typically doing it over modems they supplied, and has claimed that they over-provision the connection speeds to take this into account — and don’t apply that public usage against home users’ bandwidth caps.
But Microsoft didn’t even bother with such rationalizations. They simply said in essence: “Hey, you’ve got bandwidth, so we’re gonna use it however we please unless you tell us differently. Suckers!”
If you’re running Windows 10, you may want to terminate this travesty.
The settings you need are buried down in:
START->Settings->Update & Security->Windows Update->Advanced options, under: Choose how updates are delivered.
It’s worth noting at this point that if Google had tried a stupid stunt like this, there would likely already be EU commissioners running through the streets of Brussels hoisting pitchforks and flaming torches, all yelling for Google’s blood.
For a while there, it was starting to look like there indeed was a new kind of Microsoft coming into view, one that had evolved beyond the hubris that had so long been Microsoft’s single most defining characteristic.
As we can see, any such hopes are now … Gone with the Win10.