[SOLVED]GPP “Apply once and do not reapply” not working.

January 21st, 2017 by Andrea Matesi 85 Views



or How-to forcefully RE-APPLY GPPs (and "do not reapply").

Someday I was playing with Group Policy Preferences (GPPs) and I noticed that my policy didn’t literally apply more than once (ie. after updating one of the policy preferences with the "new settings", that is)!

To reproduce the issue, I followed these steps:

1. Created a new GPP with gpmc.msc and (most importantly), selected “Apply once and do not reapply” in Item Level targeting.
(Let's say you created a folder named C:\New-Folder-Name on your target computer).

2. I then ran “gpupdate /force” from within my target computer.

3. Verified the changes –> Changes successfully applied (C:\New-Folder-Name popped up as expected - all good ‘till here!).



“Apply once and do not reapply” not working-ISSUE.

What if, say, you changed your mind and wanted to update your “Apply once and do not reapply”-preferences with some extra changes (such as renaming the folder to something else).


  • Open GPP with gpmc.msc.
  • Change/Update the above preference with your new changes.
    (Let's say you wanted to rename the folder to your target computer, From C:\New-Folder-Name To C:\Renamed-Folder-Name).

After forcing a Group Policy update (ie. “gpupdate /force” and/or by simply restarting the destination computer), curiously enough, the above policy updates wouldn't even show up (ie. new changes totally ignored!).



Techies description.

While I experienced the issue, I didn’t even bother to fix it (or get on a long, stressful & perhaps fruitless research).

Today ‘though, I casually ended up reading the Microsoft Knowledge Base article 2284538, which precisely described the issue I experienced before:


Briefly, when you select any of your GPP settings to “Apply once and do not reapply”, the Specific Preference’s UID (ie. “Create Folder at C:\New-Folder-Name”) ends up into your registry, at the following location:

  • (Computer GPP): HKLM\SOFTWARE\Microsoft\Group Policy\Client\RunOnce
  • (User GPP): HKCU\Software\Microsoft\Group Policy\Client\RunOnce

When you update the GPP with your new or updated settings (ie. when you change anything into your pre-existing preference already configured as “apply once and do not reapply”), the preference’s UID is compared to the UID recorded into your Registry (at the locations specified by the two bullet points above).

  • IF the Preference’s UID checks positive vs the same UID on your Registry then your setting won’t be updated.
  • IF the Preference’s UID do not exist on your Registry then your Settings will be “applied once and not reapplied”.

With the above knowledge, I will now show you how to force the re-application of your changes.



Plumbers’ FIX.

To Manually fix the Apply once and do not reapply issue:


  • Locate your Policy’s GUID (on gpmc.msc).



  • Right Click on the <ITEM.XML>-File and Open it with a Text Editor (ie. Notepad).
    (In my example I Opened “Folder.xml”).

Now Open “regedit” and browse to the Registry locations shown in the below screenshot.


  • MATCH the ITEM ID (From the XML-File) with the ID listed on your Target Computer’s Registry.
    In the example above, you will notice that id="{17D135B2-6758-45DB-A715-4A8126AD54A0} appears both on the XML File and on the Computer’s Registry.
  • Now Delete the Registry Value that applies to you.
    (I deleted id="{17D135B2-6758-45DB-A715-4A8126AD54A0}).
  • Finally Run “gpupdate /force” (or Restart your computer).

Now your “Apply once and do not reapply”-Policy will magically get re-applied!

To stick to my example above, the renamed Folder was created!


Collateral Damage”-FIX.

  • IF you reckon it's safe to skip all the hassle documented above, then you might simply clean-up (ie. Delete) *ALL* the (above) Registry Values (on your Target Computer) and all your “Apply once and do not reapply”-Settings will be forcefully reapplied again at once!


Clever Microsoft features.

Posted in Microsoft, System Administration | No Comments »

MySQL crash course in 10 easy steps.

December 17th, 2016 by Andrea Matesi 160 Views



If you ever had to deal with MySQL in the past, I'm sure you had to spend lots of time searching on Google (as I did..).

To save you some searching, I'll post some commands I "learned while doing".

  • I'll assume all you know about MySQL is "mysql -u root -p"

The above means:

  1. You are logged-in to a MySQL Box as "root".
  2. You know the MySQL root's password (which might be different from the root local user...).
  3. There is at least 1 database with a couple of tables you can safely play with.

Let's get dirty, let's say you have one MySQL table as follows:

  • Table name "login" - Table Structure (aka schema) as follows:
Field Type Null Key Default Extra
id tinyint(3) NO PRI NULL auto_increment
password varchar(150) YES NULL
username varchar(150) YES NULL
  • Table name "login" - Table Content as follows:
id password username
1 pantera phil



select * from TABLE-NAME;

Select lists a table content.

On a MySQL prompt, type:

mysql> select * from login;


delete from TABLE-NAME where id=1;

delete wipes rows based on some condition (always pay attention b/c there's no such thing as a "Recycle Bin").


mysql> delete from login where id=1;


insert into TABLE-NAME (id, password, username) VALUES (1, "usr", "pwd");

insert adds data into rows.


mysql> insert into login (id, password, username) VALUES (1, "metallica", "lars");


describe TABLE-NAME;

describe shows you the schema (the columns definitions).


mysql> describe login;


Field Type Null Key Default Extra
id tinyint(3) NO PRI NULL auto_increment
password varchar(150) YES NULL
username varchar(150) YES NULL



Alter allows you to add (& remove) new column(s):


mysql> ALTER TABLE login ADD COLUMN status bool;


select * from mysql.user;

When you run a select against the mysql.user, you will get a list of all the authorised MySQL Users.


select * from mysql.user;



show grants ;-)

not THAT Grant's...

Show GRANTS reports your [logged-in] user's permissions.




| Grants for root@localhost|
1 row in set (0.00 sec)



When you wish to know a PARTICULAR User Permissions.

mysql> SHOW GRANTS FOR phil;
| Grants for phil@%|
1 row in set (0.00 sec)


GRANT ALTER ON  `db2\_db`.* TO 'lars'@'%';

Grant can also be used by itself To assign (additional) permissions to a particular user.


mysql> GRANT ALTER ON  `db2\_db`.* TO 'lars'@'%';
Query OK, 0 rows affected (0.03 sec)


REVOKE ALTER ON  `db2\_db`.* TO 'lars'@'%';

Revoke is the opposite of Grant and it is used to deny permissions to a user.


mysql> REVOKE ALTER ON  `db2\_db`.* TO 'lars'@'%';
Query OK, 0 rows affected (0.00 sec)

Posted in DBs, DEV | No Comments »

Linux Environment Variables primer.

November 17th, 2016 by Andrea Matesi 231 Views



What Linux Environment Variables are.

Linux environment variables are "containers of data of some sort".

They're especially useful when playing with scripts.

By default, your Linux system declares many environment variables at boot.

To find out your default environment variables, type "export" on a terminal:

Standard Linux Environment Variables.

  • Export command output example.

The "export" command will provide you a list of all your default (System+User-declared) environment variables (similarly to the ones shown on the above screenshot).

If you need to set an environment variable, you'll have two (2) ways to go about it (either/or):

  • Declare the variable inside a file or a script.


  • Declare variables on your bash prompt.



How to declare environment variables.

When you declare an environment variable (var from now on) on bash, you'll have to use the "export" command before the var name, as follows:

export VARNAME="stuff"


When you declare a var inside a script, you'll have to declare it as such:




Please Note - the export command is not needed while scripting.


How to use environment variables.

The previous 2 commands, basically, do the same thing: they declare a container for the "stuff"-string.

Please note that ONLY when you're using your vars (ie. either inside your script(s) or from a very long command), you'll have to refer to the var with a $-symbol in front of the var name.


"echo $VARNAME" command example.


Save your environment variables before rebooting!

If you wish to reinitialise your vars (and content) between reboots, there are two (2) other ways to do it: either declare your vars as:

  1. System-wide vars.
  2. User vars.

System-wide vars are loaded as soon as the system boots up (ie. no user interaction required - they belong to the system without having you to login first).

On the contrary, User vars are loaded only after a user logs in (ie. as part of your login process).

  • System-wide vars are usually declared inside /etc/profile.
  • User vars are usually declared within /home/jack/.profile.

So, depending on your vars content, you'll have to decide first how you'd like your vars to get loaded.

Namely, to declare a var inside a file, simply open one up one of the two files (as per above bullet points) with your fav editor, enter the var name and its content (as described at the beginning of my post - just remember to omit the $ symbol), save and off you go.



Unset environment variables.

Lastly, there's also a command to remove vars:

unset var example

unset $VARNAME command example.

  • Simply type "unset $VARNAME" to get rid of your undesired vars.

Of course, if your var has been declared as part of one of those files, just comment it out (with a hash-character) or yank the declarative code line.

Hopefully this is easy enough to get you started on the wonderful world of Linux environment variables.

Posted in LINUX, System Administration | No Comments »

[Solved] Fedora/CentOS emergency prompt after boot.

October 11th, 2016 by Andrea Matesi 254 Views

Recently, one of my backup servers started complaining - during its latest reboot, I ended up with an emergency boot prompt loop!

The server was a Fedora (but the workaround should also apply to almost every CentOS, Ubuntu and maybe to other distros too!).

Why no regular boot up?

Here's a 'shot of what I got:

I'll paste the error for the search engines:

*** An error occurred during the file system check.
*** Dropping you to a shell; the system will reboot
*** when you leave the shell.
Give root password for maintenance
(or type control-D to continue):

By interpreting the above error, it seems there's an issue while checking the filesystems.

The md arrays looks alright ("clean"), although there's a problem with /dev/sdc1 ("No such file or directory while opening /dev/sdc1").

IMHO, it's a good practice to keep an external HDD plugged (and maybe also rsync'ed).

As I discovered with my work-mates, that was the case, 'though (for reasons unknown), it seems the external HDD had been removed.

I also discovered the external HDD automount was (manually) hardcoded in fstab.

In conclusion, to fix the issue, I had to patch fstab.

'Thoug I couldn't edit fstab since the "slash" was mounted Read-Only.

After searching through endless posts and forums (OK, I may have used the wrong terms...), I just found what I needed:

mount -n -o remount,rw /

The above command mounted the ROOT (aka slash), as a READ-WRITE filesystem.

After mounting slash in RW-mode, I was able to manually patch fstab, namely, by commenting out the offending drive.

MOUNT-command details.

The "-n" parameter prevents the mount command to populate the mtab lines (while mounting devices).

The "-o" parameter is a switch to specify additional, comma-separated options (similar to the options used inside fstab - ie. 'defaults', 'sync', 'noatime', etc.).

The "remount" option tries to remount the fs as-is (since it is already mounted RO).

Finally, the "rw" option enables read & write mode for the desired filesystem.

Once done, I rebooted the backup box and ta-daaa! (Windows 3.1 welcome sound): onsite backup server back online.

Posted in LINUX, System Administration | No Comments »

Convert From maildir To outlook eml

September 10th, 2016 by Andrea Matesi 559 Views



To successfully import a "maildir"-type of mailbox into Outlook, you first need an intermediate step.

The intermediate step involves the conversion of the "maildir" mailbox into the "mbox" format first.

Once you have the single mbox-file, you can then extract the *.eml messages (& subsequently open them with Outlook).


1) "maildir" To "mbox" conversion.

Login to your Cpanel server and locate the user's maildir mailbox.

cd into the ~/user.name/cur-folder.

Create/Launch the "mdir2mbox.sh" script on the "cur" folder:

root@www-wa-01 [~/user.name/cur]# cat mdir2mbox.sh
set -x
for file in `find ./ -type f`
cat $file | formail >> mbox

The above script will create a single “mbox”-file whithin which you will find all the original e-mails.


2) "mbox" To "eml" conversion.

Now transfer the single mbox file into a Windows PC, then Download the free tool MBOX Email Extractor and Run it.

MBOX Email Extractor is a freeware utility made by those guys: http://www.outlookimport.com

IF you Open the mbox file thru MBOX Email Extractor, you'll then be able to extract all the eml messages, ready to import into Outlook (or any other app that supports the eml format)!


You end result should be similar to as follows:

Posted in Tips and Tricks. | No Comments »

Hyper-V V2V: Passthrough Disk to VHD Image.

June 14th, 2016 by Andrea Matesi 595 Views


Someday I had a VM installed on a passthrough Hard Disk Drive.

Some weekend, instead of going out, I decided I required that bloody drive to experiment "some more" ('though, a compassionate hoarder feeling inside of me didn't want to bork that OS).

My solution was to migrate my Virtual Machine into a VHD image (so I could finally reclaim that unused hdd space back!).

The virtualised OS was an instance of Microsoft Windows Server 2008 R2 SP1 (but your flavour may vary).

Win2k8R2SP1 was installed within a 111GB Passthrough Hard Disk Drive.

A Virtual Machine hosted within a Windows Server Standard 2008 R2 SP1 with the Hyper-V Role enabled was booting off the passthrough Hard Disk Drive.


Endless possibilities.

There are 2 ways (that I know of...), to accomplish the Passthrough to VHD migration:

  1. With Disk2vhd from sysinternals.
  2. With "New Disk Wizard" from Hyper-V (no additional software required).

I found not using additional software was more convenient (but this shall not influence you decision, since I reckon it is just a matter of personal preference).



To migrate a physical Passthrough hard disk drive to a VHD image with disk2vhd, you simply:

  1. Assess the amount of data to be transferred (ie. From & To).
  2. Shutdown the VM to be migrated (make sure you Shut it Down - ie. do not Turn it Off!).
  3. Open "Disk Management" (diskmgmt.msc) on your Hyper-V Host.
  4. Locate the Hard Disk Drive to be migrated.
  5. Update the disk (to be imaged) status to "online" (so the Hyper-V Host can see it).
  6. Win + E Then Paste: "http://live.sysinternals.com/" On your Windows Explorer Address Bar (courtesy of WebDAV!).


Disk2vhd will list all your (hdds') partitions.

  1. Locate your disk's partitions from the "Volumes to include"-list and select the partiotions by putting a checkmark on them.
  2. Click on the "..."-Button to Browse for the location where to save the VHD image of your passthrough hdd (make sure - again - there's plenty of space!).
  3. Click on the "Create"-Button to generate the VHD image of your VM.

Now get some of your favourite nuts while waiting & you're done!


Hyper-V Method.

Here I'll show a step-by-step howto migrate a physical Passthrough hard disk drive to a VHD image with my favourite Hyper-V Method.

Open Hyper-V Manager & Launch the "New Hard Disk Wizard".

yep, even if you wish to "copy" a passthrough...

Click on "New..." and Select Hard Disk (that's right - just as if you wanted to create a "new" Hard Disk).

The "New Virtual Hard Disk Wizard" will start.

Proceed as follows...
Always "as-if"!

On disk type, Select "Dynamically Expanding" (to create a space-"optimized" image - ie. one which takes less space).

Feel free to choose "Fixed" if you want a FULL image (because, you know, you have more than "plenty of space").

Click Next to proceed to "Specify Name & Location".



Make sure you have plenty of space.

Specify the VHD Image Name and Location.

My VHD image has been named famx11 (same as the parent VM). What's your naming convention? Good, stick with it!


Below is the crucial part: when you choose to create a new VHD, you are can either "Create a new blank virtual hard disk" or "Copy the contents of [a pre-existing] physical disk" (even 'though Disk Management reports the disk as OFFLINE!).

There it is!!!

Select your Passthrough Hard Disk Drive you wish to migrate to a VHD.

Here I selected my 111GB "PHYSICALDRIVE2".


Prepare for a nice quarter...

Click on Finish to start the Image creation process.

A new dialog window will show you another meaningless progress bar which I suggest you don't stare at - just grab some chips!

Grab a cuppa!

Once the image creation process has finished, I strongly recommend you to test the image (ie. Before moving it to, say, your NAS).


Always trust but always verify...

To Test you VHD Image, on Hyper-V Manager.

  • Open the VM Settings to which the passthrough hdd is attached to.
  • Remove (but don't delete yet), the passthrough hdd from your VM.
  • Attach the VHD image (ie. replace the passthrough disk with the VHD Image).
  • Start the VM and check that your VM boots as expected.

Did I already tell you that the above is incredibly easy?

Posted in Microsoft, System Administration | No Comments »

How to migrate your Profile From Local User Account To Domain User Account.

May 14th, 2016 by Andrea Matesi 1597 Views


If you want to join your system to an Active Directory Domain, BUT you don't wanna lose your data & restart from scratch (ie. your Desktop, files, settings, shortcuts, you-name-it), here's how.


Gimme fuel.

Before actually doing your real Local User Account to Domain User Account "profile migration", make yourself a favour — do a "test" run first (ie. by creating a new Local "test" User Account) & check for yourself that it works!

For your "test"-scenario:

  • Create a new "test" User Account (BOTH on your local system & your Active Directory Domain Controller).
  • Now login to the Local System w/the "test" Local User Account.
    This way, a new "C:\Users\test" is created on your PC.
  • While logged in as the "test" User, feel free to replicate some of your "REAL" Local User Profile settings (ie. things you wish to migrate to the new Domain-enabled Account, like your "Google Drive"-setup, your Libraries, etc.).

Once you're done playing, it is now time to migrate ("map") your "test" Local User Account to your "test" Domain User Account.

That will retain all your settings and customisations as-is (including your Desktop icons location).

To do that, we'll rely on a wonderful application named User Profile Wizard ("Profwiz.exe" for friends) from ForensIT.


Spark-plug magic.

Proceed as follows:

Once on the Domain:

  • Login to the PC with your "test" Domain Account.

By so doing, you'll get a new (default, empty) "C:\Users\test.domain"-folder on your local system.

  • Now Logout & login as (Local) Administrator Account.
  • Run Profwiz.exe from your Desktop and follow the wizard prompts according to your requirements.
    Namely, make sure to map the Local "test" User to the Domain "test" User.
  • Logout when finished.


Gimme fire.

  • Login to the System w/the "test" Domain Account.

You will notice the "test" Domain Account has all its previous Local "test" User Profile settings untouched!

  • IF the Local "test" User Profile previously had "Local Administrator" privileges, you will notice some apps might not work.

You can grant the test User Profile Local Administrator permissions by providing him Membershit to the (Local) "Administrators" group.

Proceed as follows:

  1. Open Control Panel.
  2. Click on Manage User Accounts.
  3. Browse for the "test" Domain Account -> "Properties" and grant it membership to (Local) "Administrators"-Group.

Or perhaps you might wish to read one of my previous guides on this subject:

  1. 3 ways to grant "Local Admin" permissions to Domain Users.
  2. Secure Restricted Groups to grant Local Admin Credentials to Domain Users.
  3. How to setup Per-Computer “Local Admins” on a Domain.


Gimme that which I desire.

Alright, now that "Fuel is pumping engines" (cit. Metallica), repeat the above with you real user.


Posted in Microsoft, System Administration, Tips and Tricks. | No Comments »

[SOLVED] Warning - The IO operation at logical block address for Disk was retried.

April 16th, 2016 by Andrea Matesi 6972 Views


Someday my Event Viewer started throwing me warnings as follows:


The IO operation at logical block address 3b9e1628 for Disk 1 was retried.

The above error seems due to a timeout while reading (or writing) data to "Disk 1".

Since then, my Event Viewer –> Windows Logs –> System, got flooded!

Broken disk?! Nope...


How to match Disk No. to "System" Event Viewer.

BTW, which hdd is “Disk 1”?

After a fast search, technet pointed me to the following post:


The technet poster says that you can match “Disk 1” by browsing to the following key (on “regedit”):


In my case I found a list of REG_SZ as follows:


As I said, the Warning seems due to a timeout.

I discovered 2 possible solutions to fix the issue.


1.“bcdedit /set disabledynamicktick yes”-Solution.

First, I tried what documented at the following address:


  1. Running the command prompt as admin
  2. bcdedit /set disabledynamictick yes
  3. Reboot the computer.
  • In my case, setting “bcdedit /set disabledynamicktick yes” solved my issue.



If bcdedit didn't solve your error, then you may wish to increase the “TimeOutValue” from the registry, as documented at the following address:”http://support.microsoft.com/kb/2806730”:

To set the disk.sys TimeOutValue value, follow these steps:

  1. Start Registry Editor. To do this, click Start, type regedit in the Start Search box, and then press Enter.
  2. Locate and then click the following registry subkey: HKLM\System\CurrentControlSet\Services\Disk
  3. Locate TimeOutValue.
  4. On the Edit menu, click Modify.
  5. In the Value data box, type the desired number of seconds.
  6. Exit Registry Editor.

The Microsoft Support article suggests to set the TimeOutValue:”no greater than 20 to 30 seconds”.

You are welcome to share what worked for you!

Posted in Microsoft, System Administration | 2 Comments »

11 exim cpanel golden checks for quick mail troubleshooting.

March 19th, 2016 by Andrea Matesi 604 Views


The following is just some random advice derived from my experience on dealing with email-related issues.

More specifically, here I'll be referring to exim (a very popular mail daemon), Cpanel/WHM & CentOS.

  1. Check if the user & password combination is correct.
  2. Check if the SMTP Authentication is enabled.
  3. Check if the User's mailbox is full.
  4. Perform an nslookup of the domain thru a public DNS Server.
  5. Perform an nslookup of the MX RRs thru a public DNS Server.
  6. Verify that the SPF RR is applied to the domain.
  7. Telnet (or putty with the telnet option enabled) to the destination server address to see if it answers.
  8. Check if the domain name is present inside /etc/localdomains.
  9. Check the logs with exigrep /var/log/exim_mainlog.
  10. Check with vi /etc/userdomains
    Look for some blank spaces or broken lines near the domain that is having incorrect authentication data issue error 535
  11. Check whether the folder "etc" within /home/"cpanel-username"/etc/ is owned by cpanel-username:mail
    If it is not then change it with:
    chown username:mail /home/username/etc/ -R

Hope you might find those useful & feel free to share your own special/unique checks on the comments section.


Posted in LINUX, System Administration, Tips and Tricks. | No Comments »

Remove & Reset Folder Redirection from a Profile.

February 20th, 2016 by Andrea Matesi 1983 Views


In case you’ve been Folder Redirecting any User’s Home Folders and along the way you've decided it’s not you cake, to restore your User's profile to its original shape, there are some things you can do.

Since Folder Redirection is a complex (and sometimes convoluted) topic, I don’t mean to be 100% exhaustive (but I'll try).


How to Reset Folder Redirection.

To disable Folder Redirection for (any) User Profile,

  • Make sure you first save an additional copy of the profiles' files into a Fat32 External USB Hdd.

Then, assess the nature of the redirected folders:

  • Which Folders have been redirected?
  • Where have they been redirected to?

Once you have an idea of which folders were redirected, on the DC (or on your RSAT Console):

  1. Run gpmc.msc & Locate/Edit the FR GPO.
  2. Make sure your GPO has “Revert files to the original location”-option flagged.
  3. Revert the Group Policy setting for 1 User.
  4. gpupdate /force
  5. Restart the affected workstation.

Provided your GPO has “Revert files to the original location” set to Enabled, the above steps will restore your User's Redirected Folders to their original location.

Do not rush and disable FR for ALL/everyone.

Start small, remove FR from only one User and adjust the procedure for your unique scenario.

If it works then no need to manually restore the profiles from the Fat32 External USB Hdd.

Go on, disable FR for all your Users and you should be done!


What if...

If “Revert files to the original location” is set to Disabled (as per SBS-default - including Windows Server Essentials 2012), then undoing FR won’t revert your User's Folders.

Said in other words, your User's Folders won't be "moved" off the File Server and back into their original location(!).

This is why I’ve urged you to create a copy of your User Profile to a FAT32 Filesystem (so the User's folders permissions get "sanitised").


Manual Restoration :)

Now, IF FR has been applied to the usual (I’d say safe) candidates (let's assume "Documents", "Pictures" & "Downloads"), then the manual restoration process should be easier and shouldn't involve regedit.

Proceed as follows:

  • Disable FR for that specific profile (as described above).
  • gpupdate
  • Reboot the computer.
  • (On the workstation) verify the location of Documents, Pictures & Downloads.

To verify the location of Documents, Pictures & Downloads, on a User Workstation:

  • Win + E & Go to "C:\Users\%username%"
  1. Right Click on each of the redirected folders (ie. Documents, Pictures, Downloads, etc.).
  2. Click on Properties.
  3. Click on the "Location"-Tab to verify the folder location.

Repet Steps 1..3 for each redirected folder to verify the Folders location.

  • IF the Location is not correct (ie. it points to a file server...), Then Click on the "Restore Default"-Button.

That will restore your Redirected Folders to their default locations (ie. "C:\Users\%username%\Documents", "C:\Users\%username%\Downloads", etc.).


My User Profile is a total mess!

If your Favorites and Libraries are broken/missing too, you may restore them as follows:

  • (On Windows Explorer)
  • Right Click on "Libraries" & Click on “Restore default libraries”.
  • Right Click on "Favorites" & Click on “Restore favorite links”.


Still reading?

Now your last step should involve a restore of your offline backup copy.

At the beginning I suggested you to copy the User's Folders into a Fat32 Filesystem.

  • It is now time to restore those files to the Local User's Home.


AppData Roaming AppData Roaming AppData Roaming.

In case Appdata has also been redirected you’re fckued :P, you will have to perform additional steps:

While performing a backup copy, make sure you also copied over the \Appdata\Roaming folder (ie. “C:\Users\%username%\AppData”), please refer to the beginning of the post - "How to reset Folder Redirection".

Assuming you successfully restored \Appdata\Roaming.

  • Run "regedit"
  • Search for all the locations referring to the remote File UNC (ie. \\dc02\home).
  • Manually (and carefully) adjust all the locations accordingly (ie. change each "\\dc02\home"-entry To "C:\Users\%username%\AppData\Roaming").

For reference, you'll find within the following regkeys the User's Paths.

  • [HKCU\Software\Microsoft\Windows\
    CurrentVersion\Explorer\Shell Folders]
  • [HKCU\Software\Microsoft\Windows\
    CurrentVersion\Explorer\User Shell Folders]

Please remember that From Windows XP to Vista+, the default location of some folders have changed (for the better):

Folder Windows XP Path Windows Vista/7/8/8.1 Path
AppData %USERPROFILE%\Application Data %USERPROFILE%\AppData\Roaming
Cookies %USERPROFILE%\Cookies %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies
History %USERPROFILE%\History %USERPROFILE%\AppData\Local\Microsoft\Windows\History
Local Settings %USERPROFILE%\Local Settings %USERPROFILE%\AppData\Local
Documents %USERPROFILE%\My Documents %USERPROFILE%\Documents
NetHoos %USERPROFILE%\NetHood %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
PrintHood %USERPROFILE%\PrintHood %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Recent %USERPROFILE%\Recent %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
SendTo %USERPROFILE%\SendTo %USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
Start Menu (FWIW...) %USERPROFILE%\Start Menu %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
Templates %USERPROFILE%\Templates %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
Temporary Internet Files %USERPROFILE%\Temporary Internet Files %USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files

Happy reg-editing and don't break stuff.

Remember - for every step you take, make sure you can always undo.

As always, expert input welcome.


Shell Folders VS User Shell Folders: https://goo.gl/FFC5nX


Posted in Microsoft, System Administration | No Comments »

[Solved] Macbook Pro erratic behaviour with bottom cover IN.

January 9th, 2016 by Andrea Matesi 507 Views


I successfully replaced a liquid-spilled Macbook Pro Logic Board, specifically an A1278, which is the Mid-2010 model.

After replacing the Logic Board (and re-connecting all the connectors), I turned the laptop ON and it behaved perfectly.

  • The problems appeared once I screwed the bottom cover to the case!

After I turned the Macbook with the bottom cover ON, I experienced the following problems:

  • The fan was blowing at full speed.
  • The Cursor moved slowly (ie. scattered).
  • While Shutting the System down, it turned back ON automatically!
  • It was bloody slow!

The previous issues disappeared as soon as I removed the back cover, so I thought it should've been something related to it.

I searched on Google and after some time I found this magnificent Apple Support post by "averagedude" (or should I say awesomedude): https://discussions.apple.com/message/12340188#12340188

So, armed with some good old black electrician duct tape, I covered all the unprotected MB connectors.

On my specific case, I reckon the problem was related to the power connector: because of the liquid spill, the power connector "sponge" absorbed all the liquid and it reduced in size (and so it didn't protect the power connector anymore).

By screwing the bottom cover to the case, somehow, the metal from the back cover touched the power connector (this should also explain the erratic shutdown...).

Can I say problem solved?!

Next please!

Posted in dirty hacks | No Comments »

5,000 free Star Citizen credits.

December 20th, 2015 by Andrea Matesi 746 Views



Become a Star Citizen by using my referral link and get 5,000 free in-game Credits.

  • https://robertsspaceindustries.com/enlist?referral=STAR-26K6-PTP4


To get 5,000 free UEC in-game credits, please refer me by joining Star Citizen with the following link:

  • https://robertsspaceindustries.com/enlist?referral=STAR-26K6-PTP4


What will you get?

  • 5,000 UEC in-game credits.
  • The Best Damn PC Game/Space Sim ever.
  • Premium "CRYSIS"-engine-based FPS experience.


What will Andrea get?

  • In-game perks (ie. no in-game credits) - see here for full list of perks: https://robertsspaceindustries.com/referral-program


Hope you won't miss this opportunity - https://robertsspaceindustries.com/enlist?referral=STAR-26K6-PTP4

See you "in the 'verse"!

Posted in Games | No Comments »

How to setup Per-Computer “Local Admins” on a Domain.

December 19th, 2015 by Andrea Matesi 903 Views


This post is a humble summary of Alan Burchill's brilliant post published at the following address in 2010:


Alan is the überhero (& self-declared genius...), so please thank him for his precious time and effort.

Alan's methods reconnects to one of my previous articles were I talked about granting Local Admins credentials to Domain Users.

Here: http://www.pwrusr.com/?p=1534 AND here: http://www.pwrusr.com/?p=1681

Despite the method I discussed above are still valid as of today, IMHO, Secure Local Administrators a-la Alan-way is still the Best method.

Withoud further ado, I'll just summarise what he's explained on his post(s).

I’ll also assume you’ve designed a “proper” (best practice) Active Directory structure, namely by creating some OUs to organise “Groups of Computers” (ie.: "Laptops"-OU, "Servers"-OU, etc.).


Red Meat.

The whole point of Alan's article allows you to granularly grant "Local Administrator"-Permissions to select Users, by mapping one to one relationships.

In other words, inside an Active Directory Domain, one designated User should be also "Local Administrator" of his [designated…] Computer - this way all y'all pwrusrs out there can enjoy a certain degree of privileged of freedom :).

Not only that, you can also designate more than 1 User as Local Administrator of the same Computer.


How to setup Per-Computer “Local Admins” on a Domain.

  • The very first step involves creating some Groups inside any of your designated OUs (say "Laptop01_Administrators", "Laptop02_Administrators", etc.).

Inside each of those Groups, you will place the Users capable of Locally Administering their Computer.

The idea here is:

  1. To use as less GPOs as possible.
  2. To avoid the "Restricted Groups" feature offered by Group Policy.
  • Run gpmc.msc, create a new Group Policy Object and link it to your DOMAIN (refer to p.2).
  • "Edit..." your new Group Policy as follows…


1. Browse the “Computer” –> “Preferences” –> “Control Panel Settings” –> “Local Users and Groups” tree.



2. On “Local Users and Groups”, Right Click on the white area and select “New” –> “Local Group”.

By so doing, you will update the “Administrators” Local Group Members (which by default is built in into each computer - including Domain-Joined ones).



3. On the “Group Name"-dropdown, Select “Administrators (built-in)”.


Now “Add…” the built in Administrator Account to the Local Group:


Flag the “Delete all member users” & “Delete all member groups” checkmarks (ie. tick them), then click on the “Add…”-Button, copy/paste “BUILTIN\Administrator” (without quotes) and Press the “OK”-Button twice to confirm your selections and Close the “New Local Group Properties”-dialog.



Next you will specify who will be the Local Administrator for any of your Computers.

Please refer to Alan’s post for a detailed explanation about the settings I’m about to use:



Repeat Steps 1..3 and Add a New Local Group as follows:


Again, Select “Administrators (built-in)” from the "Group Name" dropdown.


This time DO NOT Check the “Delete all member users” & “Delete all member groups” Checkboxes (ie. leave them unchecked).


Click on the “Add”-Button and this time specify the Groups to which you wish to grant “Local Administrators” permissions.


Now, provided your Computer Groups were named as I suggested earlier (at the beginning of this post), you will Add something similar to the following:


“%DomainName%\%ComputerName%_LocalAdmins” (without quotes).

Please note: the previous entry encompasses ALL your Computers Groups (unless you wish to manually specify them, that is).

  • %DomainName% represents your Domain Name.
  • %ComputerName%_LocalAdmins includes all your Computer Groups.

Now you may wish to repeat the previous steps by including the Domain Admins.

While your next step could be to grant your desired Users membership to the “%ComputerName%_LocalAdmins”-Groups (ie. “Laptop01_Administrators”, “Laptop02_Administrators”, etc.).

[BONUS} wash, rinse & repeat for Remote Desktop Users ;-)

[BONUS No.2] Say you wanna be pesky about whom to grant Local Admin Permissions.

In this case, you might choose to designate an additional AD User (“JohnAdmin”), which would have the same rights as the Standard AD User (say “John"), but - in addition, he’d also get membership to the “PC01_LocalAdmins”-Group.

This way, whenever John is prompted by UAC (say b/c he’s trying to setup 7zip or run stuff “As Administrator”), he may just simply type “JohnAdmin” as User (w/related password), without opening a new Support request!

Kudos to Alan Burchill and feel free to comment below.

Posted in Microsoft, System Administration | No Comments »

« Previous Entries