Syed Jahanzaib Personal Blog to Share Knowledge !

January 15, 2016

[Personnel Reference] Windows General Admin Tips

Filed under: Microsoft Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 11:31 AM


Windows General Administration Tips  for day to day task. These are commands I use in day to day operation to get quick info and control our domain users. Most of commands may work in domain environment, but you can modify it to work with work-group environment if you know the remote PC id password.

Also I am using PSTOOLS to accompany the tasks. You should download pstools and extract them in c:\pstools folder.


Most of pstools commands require remote registry on remote PC must be running. you can start that service on remote PC by using following command.

TIP: When the Utilities Won’t Connect Because of Remote Registry

psservice \\remotepc start RemoteRegistry


Inquire Remote PC Hardware Info like Board / serial and OS Architecture 32bit/64bit.

– To get Board number of local pc

wmic baseboard get product,Manufacturer,version,serialnumber

– To get  Board number of remote pc

wmic /node:"remotepc" baseboard get product,Manufacturer,version,serialnumber

– To get remote PC Architecture like 32bit or 64bit

wmic /node:"remotepc" os get osarchitecture

2- hardware



To check which user is logged on remote PC,

psloggedon \\remotepc


– To execute any command on remote PC like

psexec \\remtotepc ipconfig

– To open COMMAND prompt of remote user

psexec \\remotepc cmd

-Interacting with the Logged On User on the Remote PC

psexec \\remotepc -d -i notepad


Getting general info of OS, uptime etc with disk info as well

psinfo -d \\remotepc

1- psinfo



To get running process list from remote PC.

pslist \\remotepc


– Kill any running program on remote PC.

pskill \\remotepc notepad


– To shutdown remote PC

psshutdown \\remotepc -d


Its recommended to use windows builtin shutdown utility/tool

– To Shutdown local PC in 30 seconds with popup message.

shutdown /s /t 30 /c "Shutdown by Admin"

– To restart Local PC in 30 seconds

shutdown /r /t 30 /c "Restart by Admin"

– To shutdown REMOTE PC in 30 seconds with a message

shutdown /m \\remotepc /s /t 30 /c "Shutdown by Admin"

– To restart REMOTE PC in 30 seconds

shutdown /m \\remotepc /r /t 30 /c "Shutdown by Admin"


# WINDOWS BUILTIN TASK LIST TOOL (to view remote pc running process task)

tasklist /S REMOTEPC


– To kill remote PC task by name

taskkill /S REMOTEPCNAME /F /IM notepad.exe


– to kill local task by name with force

taskkill /IM /F notepad.exe

– to kill local running task by PID

taskkill /PID 1234 /T


More will be added later.

Some more reference for using PSTOOLS in some automated ways are


Syed Jahanzaib


November 5, 2015

Adding External NTP Server in Domain Controller / Short Notes

Filed under: Microsoft Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 12:56 PM


Command to check time on remote Windows PC.

all commands should be executed using administrative privileged account.

net time \\REMOTEPC


Adding external NTP server on DC

# Set NTP on DC / on server

w32tm /config /manualpeerlist:",0x1,0x1 "

w32tm /config /reliable:yes

net stop w32time && net start w32time


Command for client side windows , to force update time from DC

I added this file in GP so that every computer on reboot is forced to update time via server

# For client
net time \\DC_SERVER /set /y


Using PSTOOLS to execute command on remote PC.

# run command on remote computer.
PsExec.exe \\$1 -u DOMAIN\ADMIN -p PASS cmd "/c net time \\DC_SERVER /set /y"


Force client update from your admin PC forcefully.

I sued following script / batch file [named setrtime.bat] to manually update time on remote pc via remote, and show before/after time.

@echo off
echo Current time of %1
echo -------------------------
net time \\%1
echo -------------------------
PsExec.exe \\%1 -u DOMAIN\ADMIN -p PASS cmd "/c net time \\DC_SERVER /set /y"
echo -------------------------
echo Current time of %1 AFTER CHANGING
net time \\%1

now use it like

netrtime.bat REMOTEPCNAME

September 15, 2015

Event ID 7000 The Diagnostic Service Host service failed to start !

Filed under: Microsoft Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 11:22 AM

7000 diagnostic service host error

The Diagnostic Service Host service failed to start due to the following error:
A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.

Today at my company, every domain user was receiving above error in  there Event logs / SYSTEM section.

To sort this issue i did following

  1. Login to Domain Controller PC
  2. Open Group policy editor (or run gpedit.msc from RUN) and edit default domain policy (or any other custom policy you may have other then default)
  3. Goto Computer or USER  Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Profile system performance

There you may see only ADMINISTRATOR user added by default, now add following users

NT Service\WdiServiceHost

Now open CMD and issue following command to force GPUDPATE.

gpupdate /force



At client end, clear the logs, and reboot system. After rebooting check Event Viewer and you wont see the error again. [I waited about 15 minutes before rebooting client]


Syed Jahanzaib

September 7, 2015

Resolving “Trust Relation between this workstation and the PDC”

Filed under: Microsoft Related — Tags: — Syed Jahanzaib / Pinochio~:) @ 9:18 AM

Yesterday I converted one of our Physical Windows 2008 base SAP QAS server to ESXI 5.x Virtual Guest for some R&D purposes. It took around 30+ hours for the conversion using vconverter 6 [as old converters have no support UEFI BIOS. When I powered on the newly converted vm guest machine I received the following error upon login



[I also received same error in year 2014 when our lotus domino server was migrated to new IBM Xseries 3650 M4 series and after every thing got settled i received this error upon final login, what a terrible time that was]

As a quick remedy I tried to RESET the computer account of this PC via AD management but no use.
Finally I used old NETDOM method and it worked instantly.

This is how I solved this problem.

Login with local computer admin account

Open COMMAND prompt

and Issue following command

netdom resetpwd /s:server /ud:domain\User /pd:*


Example if you have following setup

AD Server Name : SERVER1
Domain Name : mydomain.local
User Name : jahanzaib

then use following

netdom resetpwd /s:server1 /ud:mydomain.local\jahanzaib /pd:*

It will ask you to enter new password, simply enter password and enter. [prompt will not let u see the typing so careful when typing password]

After then simply log off and login with your domain id and it will work Insha Allah.


Syed Jahanzaib

March 16, 2015

Windows 7 WEATHER GADGET ‘not working’ workaround!

Filed under: Microsoft Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 12:40 PM

UPDATE: May, 2015

The method defined in this post is now not working any more. [at the beginning it was working but not anymore] , I will see if alternate methods may work and will update this post in coming week, to see if its working … Insha Allah,  




From past few days, clients reported that Weather gadget stopped working with error “cannot connect to service …






After doing some googling, it was revealed that dueto some security concerns Microsoft have discontinued it.  BUT  you can still Enable by following simple steps.

  1. Go to “C:\Users\USERNAME\AppData\Local\Microsoft\Windows Live\Services\Cache”
  2. Edit “Config.xml” by Right Click / EDIT
  3. Now donot change any thing & simply save it (CTRL+S or FILE -> Save) [without doing any modification]
  4. After 1-2 MINUTES, Restart the Gadget!



It will work Insha Allah !!!!





Syed Jahanzaib

February 15, 2015

Windows Server 2008 R2 Active Directory Reference Guide.

Howto enable RECYCLE BIN in Widnows 2008 Active Directory Server.

Pre requisite to enable Recycle Bin in Windows 2008 Active Directory.

1- Domain controller must be Windows 2008 R2 or later.
2- Forest and domain functional levels must be Windows Server 2008 R2, If not , then first raise functional level to windows 2008 R2 using ADUC
3- Enable Recycle Bin using Power Shell. Follow the below to do so
> Open powershell by using CMD and type powershell
> Load AD module by using following command.

Import-Module ActiveDirectory

Now activate Recycle BIN using following command

Enable-ADOptionalFeature -Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=zaib,DC=com’ -Scope ForestOrConfigurationSet -Target ‘’

Note: Change the zaib , com and to match your local domain name

Delete any single user from AD for test purpose

> Now delete any user for test purpose via AD or net command

> From Powershell , Search for deleted items using following commands (TIP: To execute commands related to AD, always load module ActiveDirectory after you launch PowerShell)

Get-ADObject -Filter {name -like “*test*” -and deleted -eq $true} -IncludeDeletedObjects

Note: Change the *test to match the name or portion of delete user name

Restore Deleted User

To restore the deleted account, use following command

Get-ADObject -Filter {name -like “*test*” -and deleted -eq $true} -IncludeDeletedObjects | Restore-ADObject

If you want to use GUI for easy access, then you can try ADRecycleBin.exe (Active Directory Recycle Bin) which allows administrators to quickly restore deleted Active Directory objects via an easy to use GUI (Graphical User Interface). This is a free Active Directory Recycle Bin tool. You can download it from


Backup and restore system state in windows 2008

Following is an small howto of ‘Backup and restore system state in windows 2008


1- First install the backup features from the Server Manager.
2- Open command prompt and type

wbadmin start systemstatebackup -backuptarget:d:

and press enter. It will ask for confirmation, Type Y to continue

Note: You can use a different backup target of your choosing, it must be a local drive of your server.

When the backup finishes running, you should get a message that the backup completed successfully. Goto your backup drive and you will find folder name WindowsImageBackup with backup data.

RESTORE (Authoritative)

– To restore backup, Boot Windows 2008 in Directory Services Restore Mode (DSRM)

– Open command prompt , First you need to get backup version number so that you may restore correct version of backup, use the followign command to get the version number

wbadmin get versions

– Write down the version you need to use.

– To restore AD in AUTHORITATIVE mode (Usually used for DC), use the following command

wbadmin start systemstaterecovery -version:04/04/2013-15:00 –authsysvol

Note: Change the -version: to match your backup number that noted from wbadmin get version command

– To restore AD in non-authoritative mode, remove the –authsysvol syntax at the end of the command (Usually used at ADC)

To get mroe info, please visit for more detailed step by step guide with snapshots

Syed Jahanzaib

July 18, 2014

Odd Results with Scheduled Batch Files in Windows Server 2008 R2

Filed under: Microsoft Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 8:44 AM

MS DOS BATCH FILE VIA 2008 R2 Scheduled Task / zaib

MS DOS BATCH FILE VIA 2008 R2 Scheduled Task / zaib

Recently I upgraded one of our old File server previously running Windows 2003 with Windows 2008 R2 64bit. this server was a member of AD and was logging with domain admin account.  Everything went smooth, but after few days I faced an strange issue that few scheduled BATCH files were not running properly at given time. If I try to execute batch file manual, they give proper result, but from schedule they dont, even by right click on the task and selecting RUN dont actually execute the batch file. To resolve this issue I added the admin account in Domain Group Policy and every thign now running fine as expected.

  • Edit Group Policy at Domain Controller
  • Goto “Computer ConfigurationPolicies > Windows Settings > Security Settings > Local Policies > Users Rights Assignment
  • Now on Right side menu, Double click on  “Log on as a batch job” to take its properties,
  • then click button “Add user or Group
  • then click button “Browse”
  • then click button “Advanced”
  • then button “Find now
  • Add your required user ID / Account here like “administrator” or likewise
  • and then “OK
  • Force by gpupdate /force at DC and Client as well.
  • (Or if pc is stand alone, then goto “Start” > Administrative tools > local security policy”)


This solved my problem of BATCH files not running via Scheduled Task,



June 19, 2014

SAN attached windows 2008 hangs on boot

Filed under: IBM Related, Microsoft Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 9:37 AM

Just for reference purpose:

Recently I was testing some disaster recovery scenario of restoring Server A to Server B with identical hardware using Symantec Backup EXEC 2014 Simplified Disaster Recovery [SDR]CD. The hardware specs were as follows …

IBM Xseries 3650 M4, with RAID1
Dual Q.Logic Fiber Channel cards Mode: QLE2560 connected with two FC switches for multi path and failover
32 GB RAM,
IBM v3700 storewize SAN Storage

The restore went fine , system boot fine for the first time with everything intact, but when I rebooted it again , it failed to boot and shows only cursor blinking,  As showed in the image below …


I tried to boot it several times but with no results. I then removed the FC cables from the server’s Qlogic FC cards, and this time windows booted fine.


I started the server without FC cables attached, then I removed the Windows MPIO features from ADD REMOVE FEATURES, and rebooted again with FC cables attached, and this time it works fine but showed duplicate SAN partitions. Then I applied IBM’s SSDM MPIO driver (MPIO_Win2008_x64_SDDDSM_64_2434-4_130816 for v3700 storewize)  and everything went fine 🙂

You may also want to read the IBM’s article.



Syed Jahanzaib

March 14, 2014

WSUS Clients Getting Error Code 800b0001

Filed under: Microsoft Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 10:00 AM

In our company, we have a Windows 2003 base WSUS 3.0 with SP2 (Windows Update) server which is responsible to update all local clients and server base windows including 2000 / 2003 / 2008 / XP / W7  versions.

Recently we added four new IBM base servers with Windows 2008 R2 but unable to update, showing following error …



After doing few hours R&D, I found out that this is usually due to the WSUS Update Agent on the client being updated, but the WSUS server itself also needs to be upgraded to then allow communication with the newer agent. After installing SP2, you *MUST* also apply a later update “Update for Windows Server Update Services 3.0 SP2 (KB2720211

There was no need to reboot the server last time I ran this process, and the clients were able to communicate and obtain updates correctly.


Syed Jahanzaib

October 8, 2013

PPPoE Dialer via DOS Batch File

Filed under: Microsoft Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 1:53 PM


8th Oct , 2013 9:30pm : Entry added  to create network profile folder if not already there (usually on fresh win7)
9th Oct , 2013 01:45pm : Entry added  to create new phonbook profile, it will not overwrite or delete previous one 🙂

Following is a simple and quickest method to create pppoe dialer using MSDOS batch file made for Windows 7, which create a new rasphone profile for PPPoE Dialer. Usually this sort of work is done using VB , or VB/VC# .NET with Dotras type programming languages which does the job nicely with lots of options and fancy look menus etc, but due to my limited knowledge towards programming, I decided to go with my traditional CLI method. I created this batch program in a very short time without much googling.

Phonebook Location to store profiles (new and old)


This is just an example, you can modify at as per your requirements , The issue i faced while adding multiple lines was white space at the end, and if there are additional white spaces in the file , rasphone will not detect the new entry. therefore I later used algorithm to remove white spaces.

Any suggestion to improve the method will be highly appreciable . . . Please psot your comment if this batch file is working ok for you . . .

Let’s Start.

Create a new batch file like

notepad c:\dialer.bat

Paste following data and save.

@echo off
rem #########################################
rem ### PPPoE Dialer Script for Windows 7
rem ### Syed Jahanzaib /
rem ###
rem #########################################

rem ### Creating pppoe profile in a temporarily text file
echo. 2>  c:\rstemp.txt
echo [AA_PPPoE_Dialer] >> c:\rstemp.txt
echo Encoding=1 >> c:\rstemp.txt
echo PBVersion=1 >> c:\rstemp.txt
echo Type=5  >> c:\rstemp.txt
echo AutoLogon=0 >> c:\rstemp.txt
echo UseRasCredentials=0 >> c:\rstemp.txt
echo LowDateTime=-582619296 >> c:\rstemp.txt
echo HighDateTime=30327625 >> c:\rstemp.txt
echo DialParamsUID=6326979 >> c:\rstemp.txt
echo Guid=359A05BF4C146640949F56383A0F18F5 >> c:\rstemp.txt
echo VpnStrategy=0 >> c:\rstemp.txt
echo ExcludedProtocols=0 >> c:\rstemp.txt
echo LcpExtensions=1 >> c:\rstemp.txt
echo DataEncryption=8 >> c:\rstemp.txt
echo SwCompression=0 >> c:\rstemp.txt
echo NegotiateMultilinkAlways=0 >> c:\rstemp.txt
echo SkipDoubleDialDialog=0 >> c:\rstemp.txt
echo DialMode=0 >> c:\rstemp.txt
echo OverridePref=15 >> c:\rstemp.txt
echo RedialAttempts=3 >> c:\rstemp.txt
echo RedialSeconds=60 >> c:\rstemp.txt
echo IdleDisconnectSeconds=0 >> c:\rstemp.txt
echo RedialOnLinkFailure=1 >> c:\rstemp.txt
echo CallbackMode=0 >> c:\rstemp.txt
echo CustomDialDll= >> c:\rstemp.txt
echo CustomDialFunc= >> c:\rstemp.txt
echo CustomRasDialDll= >> c:\rstemp.txt
echo ForceSecureCompartment=0 >> c:\rstemp.txt
echo DisableIKENameEkuCheck=0 >> c:\rstemp.txt
echo AuthenticateServer=0 >> c:\rstemp.txt
echo ShareMsFilePrint=0 >> c:\rstemp.txt
echo BindMsNetClient=0 >> c:\rstemp.txt
echo SharedPhoneNumbers=0 >> c:\rstemp.txt
echo GlobalDeviceSettings=0 >> c:\rstemp.txt
echo PrerequisiteEntry= >> c:\rstemp.txt
echo PrerequisitePbk= >> c:\rstemp.txt
echo PreferredPort=PPPoE4-0 >> c:\rstemp.txt
echo PreferredDevice=WAN Miniport (PPPOE) >> c:\rstemp.txt
echo PreferredBps=0 >> c:\rstemp.txt
echo PreferredHwFlow=0 >> c:\rstemp.txt
echo PreferredProtocol=0 >> c:\rstemp.txt
echo PreferredCompression=0 >> c:\rstemp.txt
echo PreferredSpeaker=0 >> c:\rstemp.txt
echo PreferredMdmProtocol=0 >> c:\rstemp.txt
echo PreviewUserPw=1 >> c:\rstemp.txt
echo PreviewDomain=0 >> c:\rstemp.txt
echo PreviewPhoneNumber=0 >> c:\rstemp.txt
echo ShowDialingProgress=1 >> c:\rstemp.txt
echo ShowMonitorIconInTaskBar=1 >> c:\rstemp.txt
echo CustomAuthKey=0 >> c:\rstemp.txt
echo AuthRestrictions=552 >> c:\rstemp.txt
echo IpPrioritizeRemote=1 >> c:\rstemp.txt
echo IpInterfaceMetric=0 >> c:\rstemp.txt
echo IpHeaderCompression=0 >> c:\rstemp.txt
echo IpAddress= >> c:\rstemp.txt
echo IpDnsAddress= >> c:\rstemp.txt
echo IpDns2Address= >> c:\rstemp.txt
echo IpWinsAddress= >> c:\rstemp.txt
echo IpWins2Address= >> c:\rstemp.txt
echo IpAssign=1 >> c:\rstemp.txt
echo IpNameAssign=1 >> c:\rstemp.txt
echo IpDnsFlags=0 >> c:\rstemp.txt
echo IpNBTFlags=0 >> c:\rstemp.txt
echo TcpWindowSize=0 >> c:\rstemp.txt
echo UseFlags=3 >> c:\rstemp.txt
echo IpSecFlags=0 >> c:\rstemp.txt
echo IpDnsSuffix= >> c:\rstemp.txt
echo Ipv6Assign=1 >> c:\rstemp.txt
echo Ipv6Address=:: >> c:\rstemp.txt
echo Ipv6PrefixLength=0 >> c:\rstemp.txt
echo Ipv6PrioritizeRemote=1 >> c:\rstemp.txt
echo Ipv6InterfaceMetric=0 >> c:\rstemp.txt
echo Ipv6NameAssign=1 >> c:\rstemp.txt
echo Ipv6DnsAddress=:: >> c:\rstemp.txt
echo Ipv6Dns2Address=:: >> c:\rstemp.txt
echo Ipv6Prefix=0000000000000000 >> c:\rstemp.txt
echo Ipv6InterfaceId=0000000000000000 >> c:\rstemp.txt
echo DisableClassBasedDefaultRoute=0 >> c:\rstemp.txt
echo DisableMobility=0 >> c:\rstemp.txt
echo NetworkOutageTime=0 >> c:\rstemp.txt
echo ProvisionType=0 >> c:\rstemp.txt
echo PreSharedKey= >> c:\rstemp.txt

echo NETCOMPONENTS= >> c:\rstemp.txt
echo ms_msclient=0 >> c:\rstemp.txt
echo ms_server=0 >> c:\rstemp.txt

echo MEDIA=rastapi >> c:\rstemp.txt
echo Port=PPPoE4-0 >> c:\rstemp.txt
echo Device=WAN Miniport (PPPOE) >> c:\rstemp.txt

echo DEVICE=PPPoE >> c:\rstemp.txt
echo LastSelectedPhone=0 >> c:\rstemp.txt
echo PromoteAlternates=0 >> c:\rstemp.txt
echo TryNextAlternateOnFail=1 >> c:\rstemp.txt

rem ### Removing white spaces so that it can be readable by phone book /zaib
rem echo. 2>  c:\rscompile.bat
rem if [%1]==[] then echo File name missing & goto :EOF >>
(for /f "tokens=1" %%a in (rstemp.txt) do echo %%a) > %~n1aa-rasphone.pbk

rem ### Location for rasphone.pbk [just for reference] /zaib
rem %userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\

rem ### Creating Network Profile Folder to store dialer profile, if its not there already
mkdir %userprofile%\AppData\Roaming\Microsoft\Network
mkdir %userprofile%\AppData\Roaming\Microsoft\Network\Connections
mkdir %userprofile%\AppData\Roaming\Microsoft\Network\Connections\pbk
rem Copy new rasphone.pbk to user network profile /zaib
rem cd %userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\
rem ren rasphone.pbk rasphone.pbk.old
copy c:\aa-rasphone.pbk %userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\

rem ### Create Network Connection Center Icon on Desktop /zaib
rem ### I coulnd't found a way to create shortcut of dialer on desktop, someone please suggest
set linkName=AA-Network Connections
set linkPath=%userprofile%\desktop
set program=C:\WINDOWS\SYSTEM32\ncpa.cpl
set workDir=C:\WINDOWS\system32
set iconfile=%SystemRoot%\system32\SHELL32.dll
set icon=-18
set windowStyle=2
echo Set oWS = WScript.CreateObject("WScript.Shell") > temp.vbs
echo sLinkFile = "%linkPath%\%linkName%.LNK" >> temp.vbs
echo Set oLink = oWS.CreateShortcut(sLinkFile) >> temp.vbs
echo oLink.TargetPath = "%program%" >> temp.vbs
echo oLink.IconLocation = "%iconFile%, %icon%" >> temp.vbs
echo oLink.WindowStyle = "%windowStyle%" >> temp.vbs
echo oLink.WorkingDirectory = "%workdir%" >> temp.vbs
echo oLink.Save >> temp.vbs

WScript.exe temp.vbs
del temp.vbs

rem #
rem ### Show Popup Message box after everything completed /zaib
rem #

mshta javascript:alert("Dialer Installation Completed!!!\n\Please Restart you computern ,Thank You\n\Syed.Jahanzaib!");close();

rem # THE END #

Now execute it from c:\dialer.bat & then restart your computer. If you dont want to restart the newly created connection will not show in network connections, You have to press F5 in the network connections to display the newly created profile. After restart it will appear auto in network and sharing center.

After successful lab testing, its time to make it a distributable package. To convert it in executable package, you download BATCH to EXE converter.

extract and run Bat_To_Exe_Converter.exe

Fill up the required info as shown in teh images below and click on compile.

1- compile

and click on COMPILE , it will create .exe Package. You can also add additional info like ICON file , or product version or info

As showed in the image below . .

2- compile



End results 🙂

3- info

Syed Jahanzaib

« Newer PostsOlder Posts »

%d bloggers like this: