This is the registry fix to avoid the computer account of the virtual machine becoming locked.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
“DisablePasswordChange”=dword:00000001
Lab Core | The Lab of MrNetTek
A blog about IT, technical solutions, and code.
Occasionally, Windows will create a secondary profile with the naming convention Username.Computername (sometimes it has to do with user temp profiles; other times, workgroup/domain issues that either corrupt the original profile or make it appear corrupted to Windows). Error: User Profile Service failed the logon
Let’s say you don’t want that, how do you fix it? Assuming your regular user profile works, you can just change the user profile path specified in the registry under the ProfileList key. By doing this, you’re telling Windows to not use the newly created profile, and go back to the original one. In theory, you could also just rename the Username.Computer profile to just Username (logged is as Administrator)…and make the ProfileList redirect to C:\Users\Username.
@ECHO OFF
setlocal enableextensions enabledelayedexpansion
set UN=%username%
for /f “delims= ” %%i in (‘”wmic path win32_useraccount where name=’%UN%’ get sid”‘) do (
if not “%%i”==”SID” (
set mySID=%%i
goto :SID_END
)
)
:SID_END
:: SETS THE REG KEY TO SCAN
set REGKEY=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\%mySID%
:: CHECKS REG KEY TO SEE IF USER TEMP PROFILE EXISTS – SINGLE PASS
FOR /F “tokens=3” %%j IN (‘C:\Windows\System32\REG.EXE QUERY “%REGKEY%” /v ProfileImagePath’) DO (
IF %%j EQU C:\Users\%UN%.%computername% (
C:\Windows\System32\REG.EXE ADD “%REGKEY%” /v ProfileImagePath /d C:\Users\%UN% /f
)
)
PAUSE
For a better, more usable routine, I will work on adding code to scan for .BAK in the registry – if .BAK exists, delete that whole key.
Update
If you continue to still have problems, ie. a temp profile continues to load, use robocopy to mirror the contents of the username.computername profile (or a simple copy/paste), change the path in the registry under ProfileList to the original profile, and reboot. Note, this has to be done under the Administrator profile.
Reference
https://support.microsoft.com/en-us/kb/947215
http://windows.microsoft.com/en-us/windows/fix-corrupted-user-profile#1TC=windows-7
This returns the SID of the specified username. Note, this could be either the currently logged on user, or a specific user. This used in tandem with a script that cycles through a list of usernames, could be used to dynamically access the HKEY_USERS registry hive. For me specifically, I was using it for the ProfileList key in the registry.
@echo off
for /f “delims= ” %%a in (‘”wmic path win32_useraccount where name=’%UserName%’ get sid”‘) do (
if not “%%a”==”SID” (
set mySID=%%a
goto :SID_END
)
)
:SID_END
echo %mySID%
pause
Run with cscript.exe
cscript script.vbs
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2") Set colItems = objWMIService.ExecQuery("Select * From SoftwareLicensingProduct") Coltest = int(0) bWinActivated = False For Each objitem In colItems WScript.Echo objItem.Description WScript.Echo "License Status: "& objitem.LicenseStatus WScript.Echo objitem.GracePeriodRemaining WScript.Echo "KeyManagementServiceProductKeyID: "&objitem.KeyManagementServiceProductKeyID IF int(objitem.LicenseStatus) = 0 Then bWinActivated = True strActivationType = objItem.Description strKey = "ProductKey:" & objItem.ProductKeyID End if Next If bWinActivated = False Then MsgBox("Windows is not activated") If bWinActivated = True Then MsgBox("Windows is activated using "&strActivationType& " key." & strKey) End if
Notes
slmgr /dli
Begin by finding Command Prompt (type cmd into your Window Search field) then open it as Administrator (right-click the Command Prompt shortcut and choose “Run As Administrator” if UAC is turned on), and then type in the following command and hit enter:
C:\Windows\System32\cscript slmgr.vbs -skms your.kms.server:1688
You only need to run this command once since it saves the server you point to. Windows waits about 3 days after you install it before it will even try to activate.
You can force it to attempt an immediate activation by opening an Administrator command prompt again and entering:
C:\Windows\System32\cscript slmgr.vbs -rearm
After rearm, restart your computer. Now open an Administrator Command Prompt again and enter:
C:\Windows\System32\cscript slmgr.vbs -ato
One can also find out the current activation status by entering:
C:\Windows\System32\cscript slmgr.vbs -dli
If Method #1 does not work, please try the following. Begin by finding Command Prompt (type cmd into your Window Search field) then open it as Administrator (right-click the Command Prompt shortcut and choose “Run As Administrator” if UAC is turned on), and then type in the following command and hit enter:
slmgr -rearm
After rearm, restart your computer. Now open an Administrator Command Prompt again and enter:
slmgr -ato
If Method #1 or #2 doesn’t work, just register using the volume license key.
cscript //b c:\windows\system32\slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX
cscript //b c:\windows\system32\slmgr.vbs /ato
The process of configuring and save Windows 7 TPM and BitLocker passwords to Active Directory (2008 R2 and above) is multi-stepped. First, Active Directory and Group Policy need to be configured, then the clients needs to be setup, and then you need to know how recover the passwords from Active Directory.
Active Directory & Group Policy Setup
The Add-TPMSelfWriteACE.vbs script needs to be modified to reflect the correct GUIDs listed in the “TPM and FVE scheme object GUID’s” mid-way through the script. You can locate the GUIDs by using ADSIEdit and change the Action –> Settings –> Select a well known Naming Context: Schema. From here, you can look at the properties for the particular items to find the objectGUID.
BitLocker via Line Command
BitLocker via GUI
Control Panel > System and Security > BitLocker Drive Encyrption
BitLocker and Updates to BIOS, Hardware, or Startup Files (e.g. OS Upgrades)
Recovery
TPM (reference: technet blog)
<?xml version=”1.0″ encoding=”UTF-8″?> <ownerAuth>…..</ownerAuth>
BitLocker
To turn off the TPM
1.Click Start, click All Programs, click Accessories, and then click Run.
2.Type tpm.msc in the Open box, and then press ENTER. The TPM Management console is displayed.
3.If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. For more information, see Additional resources at the end of this document.
4.In the Actions pane, click Turn TPM Off.
Okay, there are multiple ways to activate Office. But when it comes to automating the process, a layered approach may be your best bet.
Method 1 – VBS
C:\Windows\System32\cscript.exe “C:\Program Files (x86)\Microsoft Office\Office14\OSPP.VBS” /inpkey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
C:\Windows\System32\cscript.exe “C:\Program Files (x86)\Microsoft Office\Office14\OSPP.VBS” /act
Method 2 – XML
Add the following to a setup.xml file
Method 3 – OCT
Using the Microsoft Configuration Tool
(1) Select Modify Setup properties in the left pane and then click the Add… button in the right pane.
(2) In the Add/Modify Property Value dialog and type AUTO_ACTIVATE in the Name field. Note that property names are case sensitive.
(3) In Value field, type 1, and then click OK.
@echo off
for /f “delims=” %%a in (‘dir /b C:\Users\Temp*’) do (
echo Profile %%a will be deleted.
rd /q /s “C:\Users\%%a”
)
pause
Notes
I created this to remove LANDesk ALS profiles
@echo off
setlocal enabledelayedexpansion
cls
echo Removing LANDesk ALS profiles…
for /f “tokens=1,2 delims==” %%s IN (‘WMIC path win32_useraccount where name^=’administrator’ get sid /value ^| find /i “SID”‘) do set SID=%%t
set RootSID=%SID:~0,-5%
set RegPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
set /a counter=3
:loop1
if %counter% lss 10 (
reg delete “%regPath%\%RootSID%-100%counter%” /f /reg:64
set /a counter+=1
goto :loop1
)
set /a counter=10
:loop2
if %counter% lss 100 (
reg delete “%regPath%\%RootSID%-10%counter%” /f /reg:64
set /a counter+=1
goto :loop2
)
set /a counter=100
:loop3
if %counter% lss 999 (
reg delete “%regPath%\%RootSID%-1%counter%” /f /reg:64
set /a counter+=1
goto :loop3
)
This is how you would wait for multiple processes to be completed before continuing.
:WAIT
cls
echo Waiting for applications to finish installing…
:: adds timing to the app installs
ping -n 30 127.0.0.1>nul
start /b /wait /LOW c:\windows\system32\TASKLIST.exe /FI “IMAGENAME eq app1.exe” | find /i “app1.exe” && (goto :WAIT)
start /b /wait /LOW c:\windows\system32\TASKLIST.exe /FI “IMAGENAME eq setup1.exe” | find /i “setup1.exe” && (goto :WAIT)
start /b /wait /LOW c:\windows\system32\TASKLIST.exe /FI “IMAGENAME eq cmd.exe” | find /i “cmd.exe” && (goto :WAIT)
start /b /wait /LOW c:\windows\system32\TASKLIST.exe /FI “IMAGENAME eq install.exe” | find /i “install.exe” && (goto :WAIT)
goto :NEXT
:NEXT
echo Do other stuff here
pause