TechShizz | Tech Guides for everything in IT

Managed Service Accounts (For Single Machine)

PowerShell is required to create a service account. Once created it can be managed  in the GUI.

 

#Create the MSA

New-ADServiceAccount -Name MyAppSrv -RestrictToSingleComputer

#Add the Machine to be used with the account

Add-ADComputerServiceAccount -Identity SRV-01 -ServiceAccount MyAppSrv

#You can test to see if it is working (it won't... yet)

Test-ADServiceAccount -Identity MyAppSrv

#Finally, install the account and test again

Install-ADServiceAccount MyAppSrv

Test-ADServiceAccount -Identity MyAppSrv

#Next, Configure the service to use the account.

Go to your service you wish to run on a service account, on the logon tab, set the credentials for the service as a network account. Use the browse button to find your MSA. Remove the pre-populated password from the fields and save.

 

 

Unable to activate Office 365 - Activation window blank when trying to activate

Problem

Various authentication issues including:

  • Outlook wont authenticate on Office 365
  • Activation window blank when trying to activate Office 365
  • Outlook wont authenticate on Office 365 with SSO
Cause

ADAL is the new authentication method for azure cloud solutions. It over-rides the standard kerberos, basic and NTLM protocols - There seems to be an issue with this displaying (usually windows 10).

Solution

ADAL can be disabled by registry key:

To disable modern authentication on a device, set the following registry keys:

Run > Regedit > 

Registry key

    Type

       Value

HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL

    REG_DWORD

        0


Reference, Links and Imges

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook/modern-authentication-on-outlook-2016-keeps-on/98a263f4-ab9c-4d6f-b5eb-2728a8e77412 

RDP Error "CredSSP Encryption Oracle Remediation"

Problem

 Unable to RDP to Machine: CredSSP Encryption Oracle Remediation

Cause

 Windows Update: https://support.microsoft.com/en-gb/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

Solution

The fix is to open your local group policy settings and do this.

Computer Configuration -> Administrative Templates -> System -> Credentials Delegation--Encryption Oracle Remediation

enable and set to 'vulnerable'.

If Windows Home edition reg key change...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters] "AllowEncryptionOracle"=dword:00000002

I had to create the CredSSP key, then the Parameters key, then the dword value as none of them existed.

Reference, Links and Imges

 https://blogs.technet.microsoft.com/mckittrick/unable-to-rdp-to-virtual-machine-credssp-encryption-oracle-remediation/

https://support.microsoft.com/en-gb/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

Microsoft Outlook can’t start Microsoft InfoPath

Problem

When launching outlook you receive a popup saying "Microsoft Outlook can’t start Microsoft InfoPath"

Cause

Unknown

Solution

 Run Regedit & go to HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Options\Mail

If the "Mail" kay doesnt exisit, create it.

Create a new DWORD called “DisableInfopathForms” & set the value to 1

Reference, Links and Imges

 http://www.cottenhamcomputers.co.uk/microsoft-outlook-cant-start-microsoft-infopath/ 

Install ADS Server for PICs by Pellcomp

Advantage Database Server (ADS) is a low-maintenance database server that sits alongside the PICS data files, and provides a connection to the database that is quicker and more reliable than standard Windows file sharing.
Installation Instructions

These instructions should be completed on the server where the PICS data is located.

Get your serial key from Pellcomp.

First, download this install shield and start the installation process. If asked if you want to remove the previous installation you should choose yes. You can install the software in any location provided this is on the machine where the PICS database is located.

The installer will prompt you for a serial and validation code which are listed above. Do not enter your validation code into the replication box, leave this blank! Enter the Registered Owner (your company name) & Startup Type (this should be Automatic).

Once the installation is complete, you should ensure that all installation windows are closed (click “Finish”), and the Advantage Configuration Utility will appear. You should see the screen shown below:

 If the Service Up Time shows “ADS Service not started”, click the “Start Service” button (bottom of the window) to start the service. You can then click “Exit”, which will leave the service running.

If you encounter any errors please contact the Pellcomp support desk on 01603 492620.

Security Settings

By default the Advantage Database Service runs using the built-in SYSTEM user account. This account must have full read/write/delete permission to the folder containing the PICS Database files.

Client machines need to connect to the ADS service on the server using UDP port 6262. You may therefore need to open this port on any firewalls you may be running.

PICS Settings (client machine)

  • Upgrade PICS to the latest version and start a copy of PICS. From the login screen select Help -> Options -> Allowed ADS Modes -> Remote. PICS will then restart in client server mode.
  • If you have PICS installed locally on each client machine you will need to set "Remote" on each copy of PICS.
  • If PICS is communicating with the server, after logging in you will see “C/S” after “PICS” in the PICS title bar.
  • Please note that you cannot mix modes. That is if one copy of PICS is open in the traditional Local Server mode then you won’t be able to log into any of the Client Server enabled copies of PICS and vice versa.