Category Archives: Windows 7

Windows 7 Networking Issues – cannot access shares after Update KB4480970 January Cumulative Update

I ran into an issue with some Windows 7 PCs at a client’s site. The PCs could not access network shares. Further investigation showed that PCs were online, and connected to the network. They all had internet access and could ping each other and the gateway.

However, when trying to access a share on these PCs, we received a “Handle is Invalid”, or “the network resource is not available”. Access the share via “\\computername” or “\\IPaddress” would not work.

The issue appears to be caused by KB4480970 – Monthly Cumulative Security Quality Update 2019-01. Various threads on Reddit indicated that there were issues.

Apart from a rollback and uninstalling the patch, a workaround for this issue appears to work. This involves adding the following registry entry.

  • Browse to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  • Add DWORD LocalAccountTokenFilterPolicy = 1
  • Reboot the PC

Come on Microsoft! Test your patches more thoroughly!

Remote Desktop Issue: “An authentication error occurred” “This could be due to CredSSP encryption oracle remediation”

You may get this error when trying to connect to a Terminal Server from Windows 10 or Windows 7.

1475272411_CredSSPissue.png.edcaf3deca9f340128ef49dc5c3849f5.png

The workaround is to add the following Registry key on the affected client PC.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
“AllowEncryptionOracle”=dword:00000002
This is NOT a fix. Doing this will bypass the fix for the security vulnerability. But it will get your users going while Microsoft readies a fix.

References:

Windows previous versions documentation

This is the archive for older Windows 7, 8, Server 2012, 2008, 2003, R2 information that was previously on TechNet.

https://docs.microsoft.com/en-us/previous-versions/windows/

Meltdown and Spectre

 

Happy New Year … Not!

With the New Year comes a new class of malicious attack that can impact IT systems. This time, the attack is hardware based, affecting mostly Intel based systems, and to some extent, AMD systems as well.

Here is a list of resources that highlight what it is all about and how to mitigate against this new threat. In the words of Microsoft, “Don’t panic.”

Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and WIndows Server 2012R2 Update Rollup all in a single package

Today, MIcrosoft announced the availability of a single update rollup package for Windows 7 SP1 and Windows Server 2008 R2. Some details for the rollup are as follows:

  • All security and non-security fixes since the release up to April 2016.
  • One installation package.
  • Optional install – not offered via Windows Update.
  • Monthly rollups after April 2016.
  • Security bulletins will continue to link to a direct update.
  • For Windows 8.1, Windows Server 2012, and WIndows Server 2012 R2, there will be monthly rollup updates.

Thanks, Microsoft, for listening!

To get the rollups, you need Internet Explorer 6 or higher (not Edge – since this is not an update package for Windows 10). Get the updates here – http://catalog.update.microsoft.com/v7/site/Search.aspx?q=3125574

At this stage, other browsers are not supported, although Microsoft have hinted that the site will be updated in the next few months.

 

Windows 7, 8.1, 10, SBS and Essentials Client Conntector – What works, and what doesn’t

The Essentials Server team have just published a blog post which gives you an at-a-glance look at what features are supported and not supported with the six current (and recently past) SBS and Essentials SKUs.

Read the blog post here – http://blogs.technet.com/b/sbs/archive/2015/07/23/client-connector-availability-with-windows-home-server-small-business-server-and-windows-server-essentials-for-supported-client-os.aspx

How to rapidly create a Virtual Machine from WIM or ISO (WIM2VHD)

If you have DVD media or and ISO of your Operating System, you can quickly and easily create a sysprepped VHD or VHDX image. With this Virtual Hard Disk file, you can set up a Virtual Machine and boot it directly to the Out of Box Experience, thus saving about half an hour to an hour of installation time.

The process for doing this and PowerShell script called Convert-WindowsImage.ps1 is documented in the Technet Script Repository here – http://gallery.technet.microsoft.com/scriptcenter/Convert-WindowsImageps1-0fe23a8f

Note: This latest release (v6.3) now supports the creation on Generation 2 VMs.

The trust relationship between this workstation and the primary domain failed

Every few months, this situation comes up somewhere amongst the plethora of Windows 7 workstations that are managed by my helpdesk. The standard fix is normally to remove the workstation from the domain, and rejoin it again.

I came across a blog post here – http://www.implbits.com/about/blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/default.aspx – which suggested that this problem was caused by a machine password being corrupted or lost.

A suggested fix for this was to use NETDOM.EXE to reset the machine password. You will need to install the Remote Server Administration Tools from http://go.microsoft.com/fwlink/?LinkID=153874. Once it has been installed, turn the following feature on (from the Turn Windows features on or off applet in the control panel. (you might find some other useful server administrative tools there too!)

RSAT-AD

From an administrative command prompt, type the following command.

NETDOM resetpwd /s:[domain controller] /ud:[domain admin] /pd:*
[domain controller] = a domain controller in the joined domain
[domain admin] = a domain administrator with administrative rights to the machine

You will be prompted to enter in the password for the domain admin account specified.

Once the command is completed, restart the computer to log in.

NOTE: I did notice that some other settings on the workstation appeared to be corrupted or reset after the reboot. One of these itemms was the Outlook profile, which had to be reset and resynchronized.

Optimise Windows 7 with SSD drives

Jakub at www.klaslo.com has posted a blog on how to optimise Windows 7 when installed on SSD drives. He lists 9 tweaks that should be done to ensure maximum performance when using SSD drives here – http://www.klaslo.com/installing-windows-7-on-ssd-tips-and-tweeks/

  • Enable TRIM (Should be enabled by default)
  • Disable Prefetch
  • Disable Superfetch
  • Disable Indexing
  • Disable Write Caching
  • Disable System restore
  • Disable Hibernate
  • Disable Page file (only if you have a lot of RAM)
  • Disable De-fragmentation

Windows 7 SP1 and Windows Server 2008 R2 SP1 Enterprise Hotfix Rollup (KB 2775511) is released

It appears that Microsoft are now moving towards a new way of deploying service packs. KB 2775511 is a hotfix rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1. This hotfix rollup contains 90 hotfixes that were released since service pack 1 and are noted to greatly improve performance and system reliability.

The main areas of improvement are in the Remote File System and Networking components, namely Offline Files, Folder Redirection, SMB and TCP Protocol services.

The hotfix rollup is described here – http://support.microsoft.com/kb/2775511/en-us and can be downloaded from the Microsoft Update Catalog here – http://catalog.update.microsoft.com/v7/site/Search.aspx?q=2775511

The documentation also lists two Registry fixes that must be manually applied after the hotfix is installed.

  • To enable update 2581608, configure a REG_DWORD Value named RunLogonScriptsNormally under the following path, and set the value to a decimal value of 1:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
  • To enable update 2752259, configure a REG_DWORD Value named BrmDisableOpc under the following path, and set the value to a decimal value of 0:
    HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Control\Print