CAT6 Ethernet Wiring Job

This was a wiring job I did for a new office at Home Tops in Whitewater. When I opened this closet, that large phone system PBX (big gray box) was humming along but hadn’t been used in many years so who knows how much electricity that wasted. I also worked with AT&T to bring in fiber internet and phone and wired that into their current phone system. It was especially satisfying to hall out all of the unused electronics, pull down that old plywood mounting board and mount a nice mini rack in it’s place.

How to force close an application that is not responding in Windows.

If you see this, it means the application you’re working in has crashed. Sometimes you can try the “Wait for the program to respond” button and it may come back. Clicking on “Close the program” often doesn’t do much.

To fix this, right-click anywhere on the taskbar along the bottom and then click “Task Manager”

Highlight the problem application and click “End Task” in the bottom right-hand corner of the Task Manager.

Alternatively, you can right-click on the problem application and choose “End task”

How to fix “You’ve been logged in with a temporary profile” error.

This can sometimes be caused by an improper shutdown or Windows updates that didn’t install properly.

Click Start and type in regedit. Choose “Run as administrator” either by clicking it on the right hand side or by simple right-clicking the icon and choosing it.

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Each one of these keys represents a Windows profile. Find yours by clicking through and paying attention to the ProfileImagePath value. Look for your username.

When one becomes corrupted, Windows adds .bak to the corrupted registry key and creates a duplicate registry key that points to C:\Users\Temp.

First delete the temporary key (without .bak) and then rename the original one by removing .bak at the end.

Reboot the computer and it should be back to normal when you log back in. (I’ve attempted just signing out and signing back in but the problem persisted. I believe the reboot is necessary.)

How to set up Port Forwarding on a Sophos UTM9.

I’m creating this because I didn’t find a good guide online and the way Sophos does this was confusing to me at first.

For demo purposes, my custom port will be 54321 (don’t use this number)

The server I’m trying to connect to is

Open Network Protection –> NAT

Click the NAT tab –> New NAT Rule…

Group: Up to you
Position: Up to you (choose Bottom)
Rule Type: DNAT
For traffic from: Any IPV4 (alternatively if you would like to add an outside Network or Host IP that you would want to trust exclusively, you can here.)Using service: In this spot, you can choose Microsoft Remote Desktop or if you have changed the port on your server, click the green Plus Button.

Follow these steps to create a custom port:
Name: Up to you
Type of definition: TCP
Destination port: 54321 (again, don’t use this number)
Source Port: 1024:65535 (this is a range of ports that you will accept connections on)
Comment: Explain what you did for the next poor schmuck.
Going to: External WAN Address
Change the destination to: Click the green Plus Button and add your server.
Name: You choose
Type: Host
IPV4 address:
DNS Settings: Sure why not
And the service to: Use the same service that you created earlier with port 54321.
Automatic Firewall Rule: Tick the box. Later you can customize the automatically created rule when you go to Firewall Rules, All Rules, Display All
Comment: Explain what you did for the next poor schmuck.
Lastly, Enable It

Below is the automatically created Firewall rule.


How to Master Rekey a Schlage Knob

Insert the key into the business end of the knob and turn it one way or the other, doesn’t matter which way.

Use something hard like a flat head screw driver (or assuming you have a kit, use the included tool) to push this pin in.

Once pressed, slide off the knob housing.

This next part can be kind of tricky. The cylinder in there has a clip that retains all of the springs for the pins. In order to slide it out of the knob housing, these springs must be compressed. You have to simultaneously compress them while you slide the entire cylinder assembly out.

Now it’s time to remove the Jesus clip. This is hard to do without the right tool. Notice how my tool catches each end of the clip. I roll the tool around it to pry it.

Slide in your key that works to unlocks it.

Line the cylinder up with the follower bar and slide your the spring housing over and onto it. Be careful not to lose any of those springs or top pins in there because if you do this wrong, they will go flying everywhere.

Dump those old pins like you’re going off to college.

Now we need to setup your keying. Below I’ve written down the two keys I’m keying this lock to. There’s a master key and an tenant key. Our lock doesn’t know the difference between the two, they are just two different keys that need to work with one lock. Noticed I’ve stacked up the numbers for each.

The first pin to be dropped into each hole will be the smaller of the two numbers in each stack. I underlined those in red.

The second pin to be dropped in will be the master pin. This will be the pin that makes up the difference of the two numbers in each stack. I wrote each of these numbers on the very bottom.

My cylinder with the bottom pins installed.

Slide in one of your keys (I chose the master key here) and test to make sure the correct pins are lining up flush with the top. In this case, pins 1, 2, 4 & 5 are flush.

Here I add a master pin size #2 to hole 3 to make that flush as well.  

Now that you’ve added master pin(s), be careful when you slide the key back out. If you go too fast, the master pins will pop out and onto the floor to never be seen again.

Slide in your second key (mine being the tenant key) Hole 3 is still flush (and has a master pin #2 on top) but holes 1, 2, 4 & 5 will need their master pins to make them flush as well. You’ll need to be careful here again as any master pins will just be resting up there.

Here I’m adding pins #4, #3, #0 (nada) and #2 to holes 1, 2, 4 & 5.

I’ve tested both of those keys and I’m ready to put the spring housing back on. Be careful with this part because if you didn’t properly test that your keys work, you will lock yourself out of opening this again so unless you know how to pick a lock, you’ll be screwed.

Make sure that you slide it on sideways. If you don’t do this, your springs will start falling into the holes prematurely and you will have a big mess on your hands.

Spin the cylinder back into place and listen to the satisfying sound of all of the springs and top pins properly falling into their holes.

Put your Jesus clip back on. Test with both sets of keys again.

Find the spot in the knob housing where you can slide the assembly back into.

Compress the springs and slide it in.

Line it up with the retaining pin and slide your knob housing back on.

Get it on there as far as you can. Finally, insert the key and turn it to lock it into place.

That’s it! Test everything once more and you’ll be all set.

How to enable WinRM via Group Policy

In order to remotely manage computers via Powershell, you must enable Windows Remote Management.
Open Group Policy management.
Create a new GPO.
Right-click your newly created GPO and click Edit…
First we need to allow it on each computer’s firewall. Open Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Windows Firewall with Advanced Security –> Windows Firewall with Advanced Security –> Inbound Rules
Create a New Rule
Microsoft was nice enough to include it as a predefined Rule
I unchecked Public as I will be doing connecting locally.
Click Allow the connection
The new rule should now be listed.
That’s it for the firewall. Now you need to go to Computer Configuration –> Policies –> Administrative Templates –> Windows Components –> Windows Remote Management (WinRM) –> WinRM Service –> Allow remote server management through WinRM
Type “*” to allow messages from any IP address, or leave the field empty to listen on no IP address. You can specify one or more ranges of IP addresses.
Link your newly created GPO. This is going to be a computer policy so connect it to an OU of the computers you would like to enable this for.
It’s also necessary to make sure the WinRM service starts on startup. To do this via GPO, go to Computer Configuration –> Preferences –> Control Panel Settings –> Services
Right-click and click New –> Service
Choose Automatic (Delayed Start) as the startup type, pick WinRM as the Service name, set Start service as the Service action.
Once all of your domain computers have updated their policies and had a chance to start that system service, you should be able to remotely manage them using Powershell.

How to fix “The remote desktop session was disconnected because there are no Remote Desktop License Servers available to provide a license.” (Server 2012R2)

You must be able to access the server in another way in order to do this. Mine was a VM so I was able to get into a console session through VMware vSphere.

Open your Registry Editor and navigate to: HKLM/System/CurrentControlSet/Control/Terminal ServerRCM and select GracePeriod.
Right-click this key and back it up by choosing export and putting it in a safe place.
You won’t be able to delete it without taking ownership first. Right-click the key and choose Permissions…
Then go to Advanced

Change the owner to your user name.


For good measure, choose Replace owner on subcontainers and objects under your name and Replace all child object permission entries with inheritable permission entries from this object

Now you can delete the key. After a restart you should be able to access your server via remote desktop again.

How to shadow Remote Desktop Sessions on Windows Server 2012R2.

With Windows Server 2012 R2, Remote Desktop Services allows you to “shadow” users that are remoted into the server.
When shadowing, you can either view or view and control a user’s session. You can choose the option for “No Consent” allowing you to bypass user permission when connecting to their session.
This can be done through the command line or through the Server Manager.
Command Line
Mstsc.exe [/shadow:sessionID [/v:Servername] [/u:[Username]] [/control] [/noConsentPrompt]]
/shadow:ID Starts shadow with the specified sessionID.
/v:servername If not specified, will use the current server as the default.
/u:username If not specified, the currently logged on user is used.
/control If not specified, will only view the session.
/noConsentPrompt Attempts to shadow without prompting the shadowee to grant permission.
Below are the steps to do it through server manager.
Open the Server Manager and click on the icon for Remote Desktop Services. Here you should see your deployed remote environments. In my example, we have a remote app deployed to domain users.
One you have selected your remote environment, on the right hand side you will see CONNECTIONS listing all of the users connected to it. Right-click on one of the active users and slick Shadow.
Next it will prompt you to ask how you would like to shadow the users. Choose View or Control and whether or not to Prompt for user consent.

This is the message the user will see. It will say Remote Monitoring Request: domainuser is requesting to view/control your session remotely. Do you accept the request? prompting them to select Yes or No. If the user selects Yes, you will be able to view or view and control their session.

In the previous step, had I chosen not to Prompt for user consent, I likely would have received this error message stating The Group Policy setting is configured to require the user’s consent. Verify the configuration of the policy setting. This is by default. 
If you would like to be able to view or view and control a remote session without their consent, you must change the following Group Policy Setting and apply it to the preferred User Group.
Create a new group policy or change an existing policy and go to User Configuration –> Policies –> Administrative Templates –>  Windows Components –> Remote Desktop Services –> Remote Desktop Session Host –> Connections
The only available setting to change here is Set rules for remote control of Remote Desktop Services user sessions

Right-click the setting and choose Edit. A new window will open allow you to select Enabled and the option for how you would like to allow administrators to interact without user consent.
Assuming you changed the setting correctly and applied it to the correct user group, wait for a group policy refresh or force a gpupdate on the Remote Desktop server and you should now be able to do this.

How to fix RD Connection Broker, Web Access and Gateway certificates expired.

Open your Server Manager and go to Remote Desktop Services.
Click on Tasks, Edit Deployment Properties.

Click on Certificates.

If any of these are expired, I am going to show you how to get them up to date.
Now we need to get into the certificate store. If you haven’t already created an MMC for your certificates, it’s a good idea to do that now. Otherwise you can go to Run and type certlm.msc and hit enter.
Otherwise, start a new MMC (Start —> Type MMC) or add it to your existing one. 
File, Add/Remove Snap In

Highlight Certificates and click Add.
Next I chose Computer Account
Select Local Computer.

Now hit Finish and OK.

Expand Personal, select Certificates.

Right-click the certificate you would like to use, choose All Tasks, Export.

Click Next

Choose Yes, export the private key. Click Next.

You can leave this as is. Click Next.
This next step is up to you. You can protect it with your own unique password or choose Group or user names and assuming you’re logged in, it should populate your username below.
By default it wants to save your newly created certificate to System32. I elected to click Browse, created a new folder on the C: drive and put my newly created PFX file in there.
Once that’s all done. You can now go back to the Deployment Properties window that we had open earlier. Highlight the Role Service with the expired status and click Select existing certificate…
Click Choose a different certificate and Browse for the one we just exported earlier.
Select Allow the certificate to be added to the Trusted Root Certificate Authorities certificate store on the destination computers and click OK
Now it should say Ready to apply and click Apply. These all have to be done one at a time. If you did everything correctly, the Status should change to OK.
Click OK and you’re done.

How to set Remote Desktop Licensing Mode (Server 2012R2)

Open your Server Manager.
Click Remote Desktop Services on the left hand side.
Select the Overview branch.
In Deployment Overview area, select Edit Deployment Properties from the Tasks menu.
Select RD Licensing.
Choose the licensing mode and enter the name of the license server, click Add and then click OK.

Scroll to top