The receiving party needed details to enable TLS enforcement 

Mimecast TLS CA 

CN = DigiCert TLS RSA SHA256 2020 CA1
O = DigiCert Inc
C = US

Cipher Strength : 256

Certificate Key Size : 2048

TLS Version : 1.2

GD Star Rating
GD Star Rating
  1. Create a system repair disc (  ). You can skip this step if you have a Windows installation media. Is a good measure to reboot and verify you can start your system from this disc.
  2. Identify which disk you want to convert (usually is #0). This can be done by looking at the number in the Windows Disk Management.
  3. Download gptgen from here  . (You could use the Windows Disk Management Tool for this too. (diskmgmt.msc)) This tool will allow you to convert your MBR disc to GPT with the data included. 
  4. ATTENTION: After this step, your computer CANNOT BOOT until the whole process is completed. DO NOT Shut Down Unless Instructed to! 

    Unzip gptgen and then run CMD with elevated privileges. (replace the 0 with the identified disk number).

    This *will* result in a BSOD shortly after and it’s to be expected:

    gptgen.exe -w \\.\physicaldrive0

  5. Boot using your Windows installation or previously generated system repair disc.
  6. Choose language and preferences, and then select Repair Your Computer -> Troubleshoot -> Advanced options -> Command Prompt
  7. We will need the disk partitioning tool. With this, we will recreate the boot partitions. Type:


  8. Identify the boot disk where Windows is located, typing:

    list disk 

     Something like this should appear:


          Disk ###  Status         Size     Free     Dyn  Gpt

          --------  -------------  -------  -------  ---  ---

        * Disk 0    Online          128 GB      0 B        *

  9. Once identified, select the disk (replace with the correct number):

    select disk 0

  10. Verify the partitions:

    list partition

  11. Something similar at the info below should appear.

           Partition ###  Type              Size     Offset

           -------------  ----------------  -------  -------

           Partition 1    Primary            350 MB  1024 KB

           Partition 2    Primary            126 GB   350 MB

  12. Delete the previous system partition:

      select partition 1

      delete partition

  13. Create the new boot partition, Microsoft reserved partition:

      create partition EFI size=100 offset=1

      format quick fs=fat32 label="System"

      assign letter=S

      create partition msr size=128 offset=103424

  14. If you list the partitions again, you should have ended up with something like this:

           Partition ###  Type              Size     Offset

           -------------  ----------------  -------  -------

           Partition 1    System             100 MB  1024 KB

           Partition 2    Reserved           128 MB   101 MB

           Partition 3    Primary            126 GB   229 MB

  15. Ensure that your Windows installation is mounted, replacing 3 with the volume number of the Windows installation (usually 1):

      list volume

      select volume 3

      assign letter=C

  16. Exit diskpart:


  17. Generate boot partition data, replacing C: with the letter of the Windows installation (usually C:):

      bcdboot c:\windows /s s: /f UEFI

  18. Cross your fingers and then restart your computer!


GD Star Rating
GD Star Rating
Recently needed to create an NFS share to hosts some ISO's for Xen server

New-NfsShare -Name "NFSshare01" -Path "C:\NFSshare" -EnableUnmappedAccess $True -Authentication Sys 

Grant-NfsSharePermission -Name "NFSshare01" -ClientName "" -ClientType "host" -Permission "readwrite" -AllowRootAccess $True 


GD Star Rating
GD Star Rating

When you can’t shutdown or power off a VM , this is how to force kill it

Open this directory in File Explorer and find the folder with the same name as your virtual machine has. Copy the GUID that is specified in the name of the VM configuration file with the *.vmcx extension.

Run the Task Manager and go to the Details tab. All virtual machines are running in their own instance of vmwp.exe. To determine which process is responsible for your VM, you need the GUID of the hung-up VM you obtained earlier. Locate the process vmwp.exe that has the GUID of your VM in the User name column. Kill this process (End Task).


GD Star Rating
GD Star Rating

365 DKIM

Add the DNS Records below
Host name:                  selector1._domainkey
TTL:                        3600
Host name:                  selector2._domainkey
TTL:                        3600

Once created , powershell

New-DkimSigningConfig -DomainName “” -Enabled $true
If keys have already been created , run the below
Set-DkimSigningConfig -Identity “” -Enabled $true

Disable the DKIM and enable on all of the customers domain
GD Star Rating
GD Star Rating

Any existing CSV Shared Storage Disk was trying to be added to a new host on a different cluster however came up as RAW

What needed to run was the below ( for Disk 0 ) and I could see the CSNTFS permissions again

clear-clusterdiskreservation -disk 0

GD Star Rating
GD Star Rating
	Displays list of accounts that have been locked out in AD since the last time each DC's Event Log has rolled over.

	By default, this script displays list of accounts that have been locked out on the current domain since the last time the Event Log rolled over. Results can be filtered by using parameters.

	.PARAMETER forest
	Queries all DCs in the current forest

	Queries only DCs within the specified domain. If no domain is listed, it will default to the current domain.
	Queries only specified DCs
	Filter by start time in 'MM/dd/yyyy HH:mm:ss' format.
	Filter by end time in 'MM/dd/yyyy HH:mm:ss' format.
	Author  : Chrissy LeMaire 
	Requires:     PowerShell Version 3.0
	DateUpdated: 2015-Feb-5
	Version: 1.1
	Gets all locked out accounts in the current domain.
	.\Get-LockoutHistory.ps1 -forest
	Gets all locked out accounts in the current forest
	.\Get-LockoutHistory.ps1 -domain ad.local -start '1/28/2015' -end '1/29/2015'
	Gets all locked out accounts in the ad.local domain, starting at 01/28/2015 00:00:00 and ending at 01/29/2015 00:00:00
#Requires -Version 3.0


if ($domain.length -ne 0) { $domain = $domain.toLower() }

if (($forest -eq $true -or $domain -ne $null) -and $dcs.length -eq 0) {
	$currentforest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
	$currentdomains = $currentforest.Domains
	if ($domain.length -ne 0) {
		$singledomain = ($currentdomains | Where-Object { $_.Name -eq $domain })
		if ($singledomain -eq $null) { throw "$domain could not be found in the forest." }
		$dcs = $ 
	} else { $dcs = $ }

if ($dcs -eq $null) {
	$currentdomain = [directoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
	$dcs = $currentdomain.FindAllDomainControllers()

$filter = @{LogName='Security';Id=4740;}

if ($start -ne $null) {
	$start = (Get-Date $start -Format 'MM/dd/yyyy HH:mm:ss')
	$filter += @{StartTime=$start;}
	Write-Host "Filter Start: $start" -ForegroundColor Yellow

if ($end -ne $null) {
	$end = (Get-Date $end -Format 'MM/dd/yyyy HH:mm:ss')
	$filter += @{EndTime=$end;}
	Write-Host "Filter End: $end" -ForegroundColor Yellow

$allevents = $null; $lockedout = @()

foreach ($dc in $dcs) {
Write-Host "Contacting $dc" -ForegroundColor Green
	try {
		$allevents = (Get-WinEvent -ComputerName $dc -FilterHashtable $filter   -ErrorAction Stop).ToXml()
		$allevents = "<root>$allevents</root>"

		foreach ($event in ([xml]$allevents).root.Event) {
			$user = ($ |  Where-Object { $_.Name -eq "TargetUserName" }).'#text'
			$from = ($ | Where-Object { $_.Name -eq "TargetDomainName" }).'#text'
			$dc = (($ | Where-Object { $_.Name -eq "SubjectUserName" }).'#text').TrimEnd("$")
			$domain = ($ | Where-Object { $_.Name -eq "SubjectDomainName" }).'#text'
			$entrytime = [datetime]$event.System.TimeCreated.SystemTime
			$status = (Get-ADUser -Identity $user  -Server $DC -Properties LockedOut).LockedOut
			$lockedout += [pscustomobject]@{User=$user; From=$from; DC=$dc; Domain=$domain; Timestamp=$entrytime; "Currently Locked Out"=$status}
	catch {
		$msg = $_.Exception.Message
		if (!$msg.StartsWith("No events were found")) {
			Write-Warning "$dc was unreachable or otherwise unparsable."
			Write-Warning "Ensure your account has Read access to the DC's Security log and the appropriate firewall ports are open."

if ($lockedout.count -eq 0) {
	Write-Host "No locked out events could be found."
} else {
	$lockedout | Out-Gridview
GD Star Rating
GD Star Rating


Start menu not working for all users

System Event log shows the following error

EventID:10001 – Source: DCOM

Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.11.6.17763_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca as Unavailable/Unavailable. The error:


Happened while starting this command:

“C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe” -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca



Backup registry key below (could take awhile 1 hr+)

In powershell

Remove-Item “HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso\FirewallRules”

New-Item “HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso\FirewallRules”


Set DWORD “DeleteUserAppContainersOnLogoff = 1
in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy


GD Star Rating
GD Star Rating