Archives for 2013

Incorrectly ordered NTFS ACEs?

I got a question today about a strange permissions problem one of their users was having. Even more strange when the checked the permissions on the folder they got the following:

The permissions on Sub_Directory are incorrectly ordered, which may cause some entries to be ineffective.

Well what is this? Microsoft has a few articles about things like this.

But since this was a users homedirectory we decided just to reset all the permissions on the users folder. [Read more…]

Remove Linkedin post using Iphone

I needed to remove a status update on LinkedIn. Well since I have the LinkedIn app I thought that would be easy. Boy was I wrong. I might be missing something here, but this is the way I found works.

So lets start by opening the post and see what we can do.


So I see 3 possibilities:

  • Green – If I click there I get my profile
  • Red – Nothing happens, unless the post is a link and then you are off.
  • Blue –  Allows me share but not delete it.

So lets surf into and be done:


But wait, I asked for and but got the touch site.

I couldn’t find a way to delete the post there either.

Getting the real website


Click on the LinkedIn logo in the top left corner.

Pull the list down and select Full site

Now just delete it…. [Read more…]

Setting up alternative names for a computer

So a friend of mine had a problem with them not being able to access a windows server using a CName they had created for the computer.

So what is wrong with this picture. Well using a Cname is as bad as using an IP, the AD does not know about this name. There are so many more things that you need to fix.

There are a few simple and simpler solutions.

Using netdom

Reboot the computer to make it all work.

OptionalNames for Server service [SMB]

By altering OptionalNames (You might need to create it) under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters, you can make the Server service allow other names for the machine. Remember that type of OptionalNames needs to be Multi-String Value.

SPNs (Service Principal Name)

You can also manually edit the SPNs for a server to allow Kerberos to IIS and other services.

Keys for Windows and Office

I was trying to find the Office 2013 Keys and all I found was the Windows ones. So here are the links to the key pages at Microsoft.

The keys I use the most at the moment

[table “” not found /]




[table “” not found /]

Remote Desktop IP Virtualization networking adapter

So I was setting up Remote Desktop IP Virtualization for a customer. Since Microsoft removed the TS configuration console (TSConfig.msc) with Windows 2012. How do I do the configuration now. Well one way that you could have used before to is a GPO, this also gives the benefit of that all servers will be configured the same.

So when I was configuring the GPO setting I noticed this small gotcha:

This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addresses. The IP address and network mask should be entered in Classless Inter-Domain Routing notation; for example,

So what is strange with this. Well not really strange, but could I really be forced to enter the IP of the server? No, as long as the network ID / subnet match it will work. So for the example that Microsoft provided I would have used instead.

Select the network adapter to be used for Remote Desktop IP Virtualization

The insensitive hash table

So we needed analyze a case-sensitive text. We decided to store hold each word in a hashtable. That is simple enough.

Name Value
The 2
ice 1
over 1
flew 1
little 1
fox 1

But what the.. We needed it case-sensitive but the hashtable thought The and the was the same.. So what now. By using changing @{} to the full form New-Object System.Collections.Hashtable we switch it to the case-sensitive form. Lets try again.

Name Value
the 1
fox 1
ice 1
The 1
flew 1
little 1
over 1

How to demote a Domain Controller

So you might have a system hardcoded to talk with that domain controller. Now you need to find which servers are talking to the domain controller.

  1. Disable dynamic DNS
  2. So now clean up the DNS of that domain controller so no more clients will talk to the server by DNS queries.
  3. Wait a couple of days.
  4. Then use Network monitor to check if any and which clients are still talking to the server.
  5. For DNS you can use my script from the blog post about DNS logging.
  6. Continue to remove systems that are still using the Domain Controller.
  7. When you give up or is done. You can now remove the domain controller.
  8. Depending on which Windows version you have you have the option of dcpromo or the Server Manager.

How to Prevent Domain Controllers from Dynamically Registering DNS Names

Update: Since I wrote this Pierre Audonnet has written about this too given the following suggestions.

Playing with NTFS permissions

So if you need to see what the different parts mean look at my earlier post about icacls rights.

What is needed for

Allow users to create folders but not see all if Access Based Enumeration is enabled. Good for home folders.

Remove all rights for the SID for Authenticated users below and on all files / Folders below.

Grant the Creator fullcontrol of new folders

Icacls rights

These are the simple rights

[table “” not found /]

These are the specific rights

[table “” not found /]


[table “” not found /]

So when you do simple rights in explorer it will select both OI and CI. Which means all files and folders and the current folder.


Remove unwilling B2D device in Backup Exec

So you are using Backup Exec 2012 and are having problems with a ghost B2D folder.. You can’t seem to be able to remove it. You get an error like:

Remove-BEDiskStorageDevice : Unable to delete the disk storage. The device (or Backup Exec server) cannot be deleted because existing jobs or selection lists remain.  You must select another target for these jobs or selection lists before you can delete the device or Backup Exec server.

[Read more…]