For some odd reason Microsoft decided to leave this feature disabled by default, and place it within a optional feature set called “Desktop Experience“.

If your hard drive is getting full and you wish to do a disk cleanup, there are two ways to enable the Disk Cleanup tool. We recommend using option #2 below for several reasons:

– Installing the Desktop Experience feature will not only intall Disk Cleanup, but a lot of other utilities you likey don’t need on a server (sound recorder, desktop themes, etc).

– Installing the Desktop Experience feature will require a server reboot

How to enable the Disk Cleanup tool:

1) Go to Programs & Features, and in the Features section, enable/install “Desktop Experience”.   The downside to this is that you will need to reboot your server after installating this and it installs other components you do not need on a server.

2) [RECOMMENDED] –  All you really need to do is copy some files that are already located on your server into specific system folders, as described at http://technet.microsoft.com/en-us/library/ff630161(WS.10).aspx

The location of the files you need to copy depend on your version of Windows:

Once you’ve located the files move them to the following locations:

1. Copy Cleanmgr.exe to %systemroot%\System32.
2. Copy Cleanmgr.exe.mui to %systemroot%\System32\en-US.

You can now launch the Disk cleanup tool by running Cleanmgr.exe from the command prompt.

You can use Powershell to achieve this:

get-aduser -Filter * -SearchBase "OU=Users,DC=example,DC=com" | set-aduser -ChangePasswordAtLogon $True

First I’ll give my own answer

You should go with PCL 6. Here’s why: You don’t need PostScript. If you did need it you would know it and you wouldn’t be asking this question. PostScript is more problematic than is PCL, so if you don’t need it it’s better avoided. It’s more problematic in these ways and more: harder to find drivers (for a Win ME computer for example), more resource hungry (both on the printer, the workstation, and the network), HP’s PostScript drivers are going to be much buggier than their PCL drivers, the quality of HP’s PostScript emulation (that is, a third-party clone of Adobe’s PostScript program) is highly questionable whereas the PCL is an HP product and therefore a better risk, PostScript tends to throw obscure errors when printing and requires obscure expertise to troubleshoot (very frustrating)-PCL does this less, PostScript tends to run the printer out of memory easier, PostScript drivers offer lots of obscure settings that are useful only to industry pros (like color separations, e.g.) and will only confuse normal people and give them more ways to cause themselves problems, and on difficult prints PostScript will often be slower. All that off the top of my head.

PCL6 is a powerful page description language and will do anything you ever need to do. Quality is not an issue, PCL works fine and can print the same vector graphics and vector fonts as can PostScript. Photos and other bit mapped graphics are outside the realm of PostScript’s power and thus the two languages will print them the same, except that PostScript will render the photo in text and blow up its binary size, thus taking longer to download it to the printer (it has to do this because PostScript is a language of text, there is nothing binary there. Everything is rendered into text characters).

PostScript offers many advantages, but mostly to printing industry pros. An example is that if you want to print something on a super-high resolution image setter at some local high end printing shop they will likely accept the file only in Adobe Photoshop or PostScript formats, thus if you are using the PostScript driver you have a way to make such a file. However, PDF format can be used now in many situations where PostScript was formerly required. PostScript drivers do tend to offer more features than the PCL driver and some may be useful to you (like Booklet printing e.g.) but at this late date and age it’s more likely that the PCL driver offers everything you would ever need, and the PostScript driver may not offer much at all extra that you could use.

When mounting a SQL database as the default user and get an error user not found, use the following accounts:

Service/Database Accounts –

I started getting this error on the Guest OS.
* Source: Disk
* Event Log: System
* Type: Warning Event
* Event ID: 51
* An error was detected on device \Device\Harddisk0\DR0 during a paging operation.

The HyperV host does not show any errors in any event logs.

Windows guest operating systems that are using virtual disks on non-local datastores might experience unexpected blue screens.

This problem occurs when the responses from the storage array take longer than the guest operating system expects to wait. The default disk timeout period in Windows is too short to handle the longer delays that can occur in a SAN, NFS, or iSCSI environment, and a blue screen error is the result of exceeding this timeout.

Increase the disk timeout to 60 seconds in the Windows virtual machines by editing the Windows registry as described below:

1. In the registry, go to HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Disk.
2. Click Edit/Add value.
3. Set the value name to TimeOutValue.
4. Set the data type to REG_DWORD.
5. Set the data to 0x03c hex (or 60 decimal).
6. Reboot the virtual machine.

Note:

* Contact your Storage vendor to confirm whether a specific TimeOutValue setting has been identified for your particular environment.
* Increasing this disk timeout setting does not affect the performance of the guest operating system or virtual machine under normal operating conditions, but you must verify how the applications you are running in the guest operating system handle disk access delays.

I installed Adobe Reader XI on our Windows Server 2012 R2 RDS servers, and we start to get this error when we started Adobe Reader.

After some time on Google i found out that disabling Adobe Reader XI sandbox protection mode fixed the error.

go to the registry and find this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown

Create a new REG_DWORD

Value Name
bProtectedMode

Value Data
0

I have found this issue may not be due to a problem with the Remote Desktop tool but an issue with windows 8.1.

This is with the Windows 8.1 release from MSDN/Technet

• Configure Network Level Authentication
1. Open Regedit.
2. In the navigation pane, locate and then click the following registry
subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. In the details pane, right-click Security Packages, and then click Modify.
4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
I was left with “” and tspkg
5. In the navigation pane, locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
6. In the details pane, right-click SecurityProviders, and then click Modify.
7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK. (This was already in my config so I didn’t change it)
8. Exit Registry Editor.
9. Restart the computer.

Once done, ASG RD worked fine for all my connections again.

Remote Desktop Connection (RDC) has a Group Policy setting that determines which publishers are to be considered trusted when launching connections (typically .rdp files served in various ways).

The publisher is identified by the SHA1 thumbprint of the certificate of the publisher (the certificate used to sign the .rdp file). You get the thumbprint from the certificate:

The setting is located under:
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client

Setting:
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers

Description:
This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.

If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.

If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher.

Notes:

You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.

This policy setting overrides the behavior of the “Allow .rdp files from valid publishers and user’s default .rdp settings” policy setting.

If the list contains a string that is not a certificate thumbprint, it is ignored.

As you can see; no mention of how the thumbprint is to be entered!

I found out the hard way that you have to remove all spaces and convert all letters to uppercase for the thumbprint to be valid. You are not informed if the format you enter is incorrect, it is just silently ignored if not recognized as a valid thumbprint.

This quick PowerShell command will do these two operations:

(“<your thumbprint here>”).ToUpper().Replace(” “,””)

If this Group Policy setting is not in effect, either because you have not set it or the thumbprint is incorrect/invalid, your users will get a warning when connecting, even if the certificate used to sign the .rdp file is trusted:

Error: A website wants to run a RemoteApp program. Make sure that you trust the publisher before you connect to run the program.

It is interesting to note that the rdpsign.exe command line utility that is used to sign .rdp files manually, requires that the thumbprint of the certificate must be provided in just this way: http://technet.microsoft.com/en-us/library/cc753982(WS.10).aspx

More info:

• About Digitally Signing RemoteApp Programs:
  http://technet.microsoft.com/en-us/library/cc754499.aspx

A note on copying the thumbprint

If you look at the highlighted/selected thumbprint in the image above you will see what looks like a leading whitespace. If you select the whole string (not as above), you will get a strange leading character in your thumbprint. Have a look at this zoomed image:

I do not know what character this is, but it invalidates the thumbprint string if you paste it into the SHA1 thumbprint field in your GPO. Even stranger is that it does not show up in the pasted text in the GPO object; it just “looks” right. As I said, I have no explanation, but remember to skip the leading whitespace when you copy your thumbprint.

This is how it should look:

Get rid of pesky Google Update services on your PC/Server after installing Chrome or several other Google type apps:

@echo off
sc stop gupdate
sc delete gupdate
sc stop gupdatem
sc delete gupdatem

This should remove the Google Update services.

System Requirements:

• Windows Server 2012
• Windows Server 2012 R2

The Problem:

This article outlines a few tips to be mindful of when performing an in-place upgrade from Windows Server 2012 to Windows Server 2012 R2.

More Info

Without wishing to be verbose on this one, the simple answer is that it appears to be a bug / limitation / “feature” of the iSCSI Target component of Server 2012. It was not a client issue.

Operating System Features

The following core features will not be available after upgrading from 2012 to 2012 R2

• Servermanagercmd.exe
• Slmgr.vbs
• System Image Backup
• Windows Server Resource Manager

Network

The network profiles for non-domain adapters will drop back to Public after the upgrade, altering the active firewall configuration.

iSCSI / SAN

After the upgrade install, the Windows Firewall will inherit most firewall configuration settings from the previous configuration, however the port configurations for the iSCSI Target services will be in a disabled state, preventing your iSCSI Initiators from connecting to the service.

The upgrade process will fully de-install your NIC’s, although in general most of the main configuration settings are retained and re-applied after the upgrade (IP, Net mask etc), the advanced adapter settings are not applied. In particular, and Jumbo Frame settings designed to support extended MTU’s on your SAN NIC’s will have been reset to the standard 1500 bytes. This will have a performance hit on SAN access and Hyper-V live migration performance. You should manually re-enable the Jumbo frame settings (9014 or 9000 bytes) but be aware that it will cause the NIC to drop and re-initialise when you hit apply.

SysInternals

A number of the SysInternals apps, for example BGInfo, that work fine under 2012 have small issues under 2012 R2. BGInfo has a recent update that makes it aware of 2012 R2 and IE 11 rather than reporting that the OS is Windows 6.2 running MSIE 9.0.11.

WSUS 3.0 SP3

Ensure that any legacy WSUS 3.0 servers are patched to SP2 with KB2828185 installed. After re-synchronising, changing the product configuration and synchronising a second time that you server can update from your existing WSUS infrastructure. Be prepared for any 2012 R2 Data Center servers to report in WSUS as Windows 2000 Data Centre however!

Removing the Windows.old uninstall cache without installing Desktop Experience

Unfortunately you can no longer copy/paste the two cleanmgr.exe files out of WinSxS like you used to be able to do with 2008 (the store is compressed). I found that a few loops of the following will eventually remove the Windows.old upgrade cache from the root of the OS drive.

  :: This is very slow as it is disk intensive: run out of hours!!
  takeown /F C:\windows.old /R /D Y
  takeown /F c:\Windows.old\* /R /A /D Y
  takeown /F C:\windows.old /R /D Y
  takeown /F c:\Windows.old\* /R /A /D Y
  cacls C:\windows.old /T /G Administrators:F
  rd /s /q C:\windows.old

p.s. run each line manually, the above is not setup as a batch script and will ask for yes / no input. Several runs may be required.

General

Your desktop wallpaper will be reset to the default grey Windows Server logo, re-create as necessary

Don’t forget to activate against your KMS or enter your key.

Dell iDRAC 7 is now completely inaccessible to any of the 2012 R2 servers because IE11 is not yet supported. To run it, disable Protected mode and add the IP address of the DRAC server to the Compatibility Mode view