I do laptop provisioning at home and something I use at the end is the DJOIN.exe command so the laptops will be ready for use when connecting on our offices' network.
Typically if I want to do an offline domain join, I will use:
DJOIN /REQUESTODJ /LOADFILE .\[filename] /WINDOWSPATH C:\windows /LOCALOS
On most laptop models this will execute fine and allow users to login to their Windows accounts once they're on the office network. I'm working with a new model today (thanks supply chain issues!) and even though it is also running Windows 10, I am getting the error message:
/LOCALOS specified but the current OS does not support domain join functionality.
The request is not supported.
Doing a google search for that exact message shows there are no results and most of the other results aren't for offline joining specifically as they include steps on the DC side of things -- which don't apply here since it's an offline join. I tried it without the /LOCALOS flag just to see what happens and it gave me:
/REQUESTODJ only operates on an offline (not running) Windows image
by default. The path supplied [C:\windows] is the current running Windows
installation. To override the default behavior and target the currently
running local operating system also specify /LOCALOS.
The parameter is incorrect.
Has anyone else encountered this and know why/how this happens and how to get past it? I didn't see any hints generated in Event Viewer; hoping to avoid a bunch of tickets down the line asking for domain joins once they've reached the office 😅
MAJOR facepalm here.
Just posting this so there's a reference for others, but this batch of laptops have Windows HOME installed on them, not Pro. Per this page with Home vs Pro features, Active Directory / Domain Joining is not supported on Windows Home. Either install Pro on the laptops or return them and purchase a batch with Pro on them.
Related
first I want to state that I am a novice when it comes to code/programming. Also, I have a Mac (that runs Catalina, if that matters).
This is my first time posting to this forum, so please forgive any missteps in protocol...
Here's some background info to my question:
I have Microsoft 365 for Business and I use Teams. I'm a small business and I'm the owner and administrator. I need to be able to share externally with anyone. I have changed the settings in SharePoint admin and OneDrive admin to be able to share externally. Look here to see an example of what I have done, and the problem: https://techcommunity.microsoft.com/t5/onedrive-for-business/share-with-anyone-with-the-link-setting-is-grey-out-why/m-p/810390
Even after allowing for external sharing, the sharing options are still greyed-out. But this is not my question. I know how to fix it; as it says in the above link, I need to enable sharing in Powershell via set-sposite "siteurl" -sharingcapability ExternalUserAndGuestSharing
After some research, I found that there is a Microsoft Pwsh for Mac. I downloaded Homebrew, Microsoft PowerShell and Azure. (I also have Node.js, if that matters.) Here is a screenshot of my terminal (I hid any identifying information...):
terminal screenshot
As you can see, I get this error: Connect-SPOService -Url https://<organization name here>admin.sharepoint.com Connect-SPOService: The term 'Connect-SPOService' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
I contacted Microsoft and had a technician with me on the phone trying to troubleshoot their way into my SPOService on my Mac using Homebrew in order to fix the greyed-out "share with anyone" option. We were unsuccessful. At the moment, I do have access to a Windows computer, and I was able to enter my SPOService on that Windows computer and resolve the problem. However, for each new SharePoint site I create and want to share externally, I will need to repeat this process (at least, this is what the technician told me). I will not always have access to a Windows computer, therefore I need to be able to enter my SPOService on my Macbook.
Are there any workarounds? Is there an SPOService powershell for Mac? If I have the pswh for Microsoft, why won't it let me into sharepoint?
Thank you in advance for any assistance
First, I can still not rename the domain, but I can help you with a general SharePoint update. It does not work either in Azure or on Mac OX X.
If you like to check, repeat the following steps on your computer setup, assuming you don't use a Windows Computer.
Check the availability of SharePoint
Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version
Install the module if missing
On a mac with the name of your user directory
Import-Module /Users/username/.local/share/powershell/Modules Microsoft.Online.SharePoint.PowerShell -Verbose
On Azure Powershell
Import-Module Microsoft.Online.SharePoint.PowerShell -Verbose
You get a PowerShell via a one-month Test-Subscription.
Prepare your Admin URL
$AdminCenterURL="https://name_you_used_during_first_setup-admin.sharepoint.com"
Make sure you add "-admin" at the end of your domain name. You received this when you signed up. It is not the domain name you can use for your subscription later; it's, unfortunately, how Microsoft decided to implement it. Therefore, changing from Mac or Azure is not possible.
Connect to your side
Connect-SPOService -Url $AdminCenterURL -Credential (Get-Credential)
And now it will fail with
Connect-SPOService: The type initializer for 'Microsoft.Win32.Registry' threw an exception.
Unfortunately, after exchanging many emails with Microsoft, I could not resolve this with the Support desk. However, the error seems to be known.
I wrote this note to allow others to save valuable time so that somebody would not waste his time if they tried to resolve it as I tried.
If like me, you are stuck with renaming the initial SharePoint subdomain, you currently have the following options.
Buy a Windows PC with a License or install a VM with a MS Windows trial license
Buy an Enterprise License, and use the Beta functionality.
Delete your subscription, but then you might lose the active licenses and the work you have put in already. But you can re-register, and this time put the name into the subscription, which you like to see as a subdomain of SharePoint. But you lose all work put in, in the first place.
I have a problem that i have a difficult time explaining, which makes any online search very hard. Here is my dilema.
I'm migrating a VM. The purpose of this machine is to compile send out daily/weekly/monthly reports. I know there are other ways (like Power BI) but this is the situation we are in right now. The older machine has win10 pro and office 365 installed while the new has win10 enterprise version and office 2016 installed. This machine runs 24/7 in the background running specific tasks (via system scheduler app) at given times, that is it's a Virtual machine and has done so without issues since it was created. The reason for the migration is because we need to domain change and bring the machine under a new corporate policy and we don't want to do this on a live server.
We've set it the VM's the same way, same programs and same settings. Everything seams to be running smooth expect for this one thing, and here is the problem i have a hard time to explain or figure out:
MS Access will update the tables and the computer will run the tasks as set but it will not export the data to pdf unless i have a remote desktop connection open. Will not export the pdf's otherwise. MS Access uses a autoexec macro where the pdf export is set with ExportWithFormatting. This works without issues on the old server.
We thought this to be a permission or user specific issue at first but even re-creating the tasks did not work and changing paths. Otherwise also i expect we would have problems with tables updating, specially since it works when you have an active remote desktop conn running.
I'm lost and therefore hoping this community will be able to help or guide me to a solution.
I believe that we found the reason for this. It was caused by windows easy print and the printer drivers of the machine. It worked for some reason differently between the servers. after reinstalling the printer drivers and a few restarts it started working. It exports now from access again.
This is at least solved.
Summary
I'm developing firmware and a PC test application for a custom USB device, using the STM32F072 Discovery board. The device includes Microsoft Windows Compatible IDs (WCIDs) to enable automatic installation of the WinUSB driver on the PC.
The device is enumerated correctly on other Windows 10 hosts, but not on my Windows 10 development PC. My development PC had previously tried to enumerate the device when it had the same VID/PID combo, but with different descriptors/metadata. If I change the PID to some other number (new to my development PC), it does enumerate correctly.
Questions
How can I get this to work with my desired VID/PID combo on my development PC?
Is Windows caching USB metadata the cause of the failed enumeration on this one PC?
What are best practices on the (Windows) PC-side for testing/development of USB device firmware, during the stage when device descriptors and metadata are in flux? Is it possible to avoid chewing up PIDs just to avoid the Windows caching?
Details
Because of the way Windows caches USB descriptors and the like from previous enumerations, during firmware development, I was incrementing the device Product ID (PID) in the firmware after each time I made other changes, to ensure that Windows wasn't caching things from previous iterations of the descriptors, and messing up stuff that would otherwise work.
Now I've gotten the device to enumerate successfully on Windows 7, 8, and 10 PCs as a WinUSB device, and I've established communication. But when I change the firmware back to using the VID/PID that I started with, and then connect the device to my development PC, it shows up in Device Manager under "Other devices" with an error icon. I think this is because my (Windows 10) development PC previously had seen this VID/PID combo as having different descriptors, so it's getting confused by some bad cached stuff.
I've tried using regedit to delete the device's registry keys under HKLM\SYSTEM\CurrentControlSet\Enum\USB\VID_xxxx&PID_yyyy, but the problem persists. (Also, I get an error, because it can't delete the VID_xxxx&PID_yyyy\zzzzzzzzzzzzz\Properties subfolders.) I also tried using USBDeview to uninstall old iterations of the device, but that hasn't made a difference either.
Also of note is that I can no longer pass the device through to Virtual Box virtual machines. I'm not sure what happened there.
Try removing any relevant registry keys of the form:
HLKM\SYSTEM\CurrentControlSet\Control\UsbFlags\vvvvpppprrrrr
The MSDN article Microsoft OS Descriptors for USB Devices says:
The operating system creates a registry entry, named osvc, under this registry key that indicates whether the device supports Microsoft OS Descriptors. If the device does not provide a valid response the first time that the operating system queries it for a Microsoft OS String Descriptor, the operating system will make no further requests for that descriptor.
I know the OP has resolved his issues, but for future reference for anyone else having this problem: I had similar issues while developing a USB device with a vendor-specific class. Specifically, (similar to your experience) I was unable to delete the keys from:
HKLM\SYSTEM\CurrentControlSet\Enum\USB\VID_xxxx&PID_yyyy,
so I had to increment the PID every time I modified my device code.
The reason why these keys can't be deleted is that the Properties registry subfolder is owned by the System user, so even running as Administrator you can't delete this subfolder nor change its permissions.
Running Regedit via PsExec (which is part of the SysInternals suite from Mark Russinovich) from an elevated command prompt with: psexec -s -i regedit.exe runs regedit as System user, which means you can delete that pesky Properties subfolder and the parent VID_xxxx&PID_yyyy keys.
I'm confronted with the same issue and uninstalling the device did not help.
Messing around with the registry makes me feel uneasy.
I still don't see a real answer to question #3.
What worked in my case: open device manager, select the non-working device and do "update driver". Select the driver manually from the list of locally available (Microsoft) drivers.
This did not solve all my problems but at least Windows does not ignore my device anymore and I can continue developing.
EDIT: I found a very helpful description on a github project named WCID Devices by Pete Batard. I strongly recommend reading the section Implementation and the following on this page WCID Devices
there are tools for removing hidden traces of USB devices like USBOblivion http://www.thewindowsclub.com/usboblivion-remove-usb-traces-windows , USBDeview,...
sources of USBOblivion are here: https://sourceforge.net/projects/usboblivion/ (https://www.openhub.net/p/usboblivion)
http://www.techerator.com/2010/05/how-to-remove-hidden-duplicate-copies-of-usb-device-drivers-in-windows/
To Remove TrustedInstaller Owned Registry Keys
Unfortunately the old PsExec trick of running RegEdit doesn't always work. In that case try to use:
ExecTI - Run as TrustedInstaller
Run it to open the ExecTI GUI and enter: C:\Windows\regedit.exe
To repair file and registry permissions
You can also try using the very old tool: subinacl.exe
Example:
subinacl.exe /subkeyreg HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Enum\USB\VID_0000&PID_0002\
Further described here. And has been shown to still work on Win10.
Before I start, another post for something similar to this request for help is located at Running a process at the Windows 7 Welcome Screen, but the responses were not quite what I believe I am looking for, and the post is over a year old so I thought it best to start a new thread for my needs.
In Windows 7 Ultimate, I am trying to create a script or task scheduler event that will run a Windows "rundll32.exe" process with arguments at the logon, lock, and switch user screens (basically any screen that is waiting for user to log into the machine).
I have tried using the startup script controls in group policy editor as well as creating a task scheduler event, but so far I am unable to get the process to display on the logon screens.
The command line I am using does work while logged into any account at any user level via the "Run.." dialog as well as via CMD prompt, and is only creating a popup that already exists in the Windows OEM Environment.
The hardest part is this: My friend just bought a new laptop. The new laptop came with this specific feature already enabled, but I have no idea what is making it happen and do not have access to the computer to check out gpedit.msc and task scheduler for possible solutions.
There are two reasons why I need this info: 1) I want the feature to work on my own laptop, and 2) my friend would like help disabling it on his as he doesn't like it.
I have been all over Google, posted at Microsoft Answers, and also posted on the laptop manufacturer's user forums. I have found very few pages that refer to the same question as I have, but none have answers that work, and since I have seen and know that this is possible, I am compelled to continue looking.
The laptop that this is currently working on was purchased with a fresh install of Win 7 Ultimate and no manufacturer bloatware/additional software added, so we know that the feature was made to happen by whomever it was that installed the OS and configured it for sale. Therefore I am certain it is just a matter of the right task or script in Windows itself before I see the results I need and then know how to direct my friend to disable his via phone.
The specific call is "rundll32.exe van.dll,RunVAN". In task scheduler I have set this to run as "SYSTEM" and set the triggers for startup, workstation lock, and local disconnect. I have tried using full path to rundll32.exe as well as the bare command. In gpedit startup scripts I have tried full path and bare command. Neither of which for either case is making this popup show on the logon screens.
Any and all help and/or advice on this would be greatly appreciated by both myself and my friend.
dynamic display of images for the credential provider
The title says it. I'm looking for a way to determine exactly which file/registry key this executable is attempting to access. I have attempted to use Windows auditing capabilities and Process Monitor to determine where the failure is happening but, this failure does not produce audit failure events or show as access denial in Process Monitor.
Of course, If someone has experienced this and can provide a solution to resolve the error directly that would be almost as nice.
Background:
I am using moveuser.exe which is part of the Windows Server 2003 Resource Kit Tools to convert the security of local user profiles on a number Windows XP workstations.
Symptom:
Occasionally, moveuser.exe will fail to convert the security of a profile with the error "Error: 5 access denied". I have not been able to determine any commonality among the failing accounts or the computers they reside upon. A given computer may have host 6 profiles, 5 of which convert without issue and 1 which produces the error.
There are a few factors that I'm as sure as I can be about:
-The account I'm using to run moveuser.exe with has full Administrator rights to the local machine and the domain to which the profile security is being converted.
-The failure is not related to file permissions within the profile directory (the entire directory can be moved, renamed, deleted, or successfully converted via a workaround).
I've developed a reliable workaround for these cases but, it is fairly involved and I would much rather understand the root cause of this error and correct it pre-emptively.
My workaround (glad to share it, left out for brevity) seems to indicate that the failure is related to HKEY_LOCAL_MACHINE \ SOFTWARE\ Microsoft\ Windows NT \ CurrentVersion \ ProfileList registry keys but, I cannot determine exactly how/why.
Did you try to use the "regini" command line tool to grab registry permissions for the administrator account?
Use FileMon and RegMon (now Microsoft, formerly SysInternals, still free) to monitor what exactly is being accessed, how, and what rights/access are being requested.
I don't have a URL handy, but a Google search should be able to hook you up with these tools.
A couple items I would try. First, could it be that the user was logged in and the computer hasn't been rebooted. Microsoft has a product called UPHClent which helps in unloading unneeded user hives.
Next thing I wanted to know, is if you try rebooting before running the moveuser executable. This Conversation seems to indicate this would help with this kind of error.
Two days after posting this I got to the bottom of the problem. It turned out, just as Rob Haupt suggested to be related to a stuck user hive. The program I was running, moveuser, was reading the Refcount key found under HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ ProfileList\ <SID>\ and ending immediately.
Setting Refcount to 0 solved the problem immediately
Pushing out UPHClean to all the target machines pre-emptively has all but elimated the problem and we were able to successfully convert profiles on several hundred machines over the last week.
An important note about UPHClean:
I'd tried installing it previously but, it didn't appear to help. I was too impatient, the UPHClean ReadMe revealed that the service just takes time to do its job.