Fix Windows corruption errors by using the DISM or System Update Readiness tool

Windows corruption errors prevent Windows updates and service packs from installing. For example, an update might not install if a system file is damaged. If the error you see is in the following list, try the solution in this article.0x80070002 | 0x8007000D | 0x800F081F | 0x80073712 | 0x800736CC | 0x800705B9 | 0x80070246 | 0x8007370D | 0x8007370B | 0x8007370A | 0x80070057 | 0x800B0100 | 0x80092003 | 0x800B0101 | 0x8007371B | 0x80070490

If your error is not listed or if you are running Windows XP, try Solutions for common Windows Update errors.


Windows 8.1, Windows 8, Windows Server 2012 R2 or Windows Server 2012

To resolve this problem, use the inbox Deployment Image Servicing and Management (DISM) tool. Then, install the Windows update or service pack again.

  1. Open an elevated command prompt. To do this, swipe in from the right edge of the screen, and then tap Search. Or, if you are using a mouse, point to the lower-right corner of the screen, and then click Search. Type Command Prompt in the Search box, right-clickCommand Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  2. Type the following command, and then press Enter.
    It may take several minutes for the command operation to be completed.

    DISM.exe /Online /Cleanup-image /Restorehealth

    Important When you run this command, DISM uses Windows Update to provide the files that are required to fix corruptions. However, if your Windows Update client is already broken, use a running Windows installation as the repair source, or use a Windows side-by-side folder from a network share or from a removable media, such as the Windows DVD, as the source of the files. To do this, run the following command instead:

    DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccess

    Note Replace the C:\RepairSource\Windows placeholder with the location of your repair source. For more information about using the DISM tool to repair Windows, reference Repair a Windows Image.

  3. Close the command prompt, and then run Windows Update again.

DISM creates a log file (%windir%/Logs/CBS/CBS.log) that captures any issues that the tool found or fixed. %windir% is the folder in which Windows is installed. For example, the %windir% folder is C:\Windows.

Windows 7, Windows Vista, Windows Server 2008 R2 or Windows Server 2008

To resolve this problem, use the System Update Readiness tool. Then, install the Windows update or service pack again.

  1. Download the System Update Readiness tool.
    Click the download link in the following table that corresponds to the version of Windows that is running on your computer.
    Find out if your computer is running the 32 or 64-bit version of WindowsThis tool is updated regularly, we recommend that you always download the latest version.

    Operating system Download link
    x86-based (32-bit) versions of Windows 7 SP1 and Windows 7


    Download the package now.

    x64-based (64-bit) versions of Windows 7 SP1 and Windows 7


    Download the package now.

    x64-based (64-bit) versions of Windows Server 2008 R2 SP1


    Download the package now.

    Itanium-based versions of Windows Server 2008 R2 SP1


    Download the package now.

    x86-based (32-bit) versions of Windows Vista SP2 and Windows Vista SP1


    Download the package now.

    x64-based (64-bit) versions of Windows Vista SP2 and Windows Vista SP1


    Download the package now.

    x86-based (32-bit) versions of Windows Server 2008 SP2


    Download the package now.

    x64-based (64-bit) versions of Windows Server 2008 SP2


    Download the package now.

    Itanium-based versions of Windows Server 2008 SP2


    Download the package now.

  2. Install and run the tool.
    1. Click Download on the Download Center webpage, then do one of the following:
      • To install the tool immediately, click Open or Run, and then follow the instructions on your screen.
      • To install the tool later, click Save, and then download the installation file to your computer. When you’re ready to install the tool, double-click the file.
    2. In the Windows Update Standalone Installer dialog box, click Yes.


    3. When the tool is being installed, it automatically runs. Although it typically takes less than 15 minutes to run, it might take much longer on some computers. Even if the progress bar seems to stop, the scan is still running, so don’t click Cancel.


    4. When you see Installation complete, click Close.


    5. Reinstall the update or service pack you were trying to install previously.

To manually fix corruption errors that the tool detects but can’t fixed, see How to fix errors that are found in the CheckSUR.log.

Repair a Windows Image

Applies To: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2

If a Windows image becomes unserviceable, you can use the Deployment Imaging and Servicing Management (DISM) tool to update the files and correct the problem. You can use DISM to repair an offline Windows image in a WIM or VHD file, or an online Windows image. An online Windows image will also attempt to repair itself if it becomes unserviceable. The repair source for this operation is the same source that is used for Features on Demand and is determined by Group Policy settings. For more information, see Configure a Windows Repair Source. When you use the DISM tool to repair an online or offline image, you can use the /Source argument with the /RestoreHealth argument to specify additional repair source locations to use to search for the required files.

The DISM /ScanHealth, /CheckHealth, and /RestoreHealth arguments can only be used when servicing Windows® 8 or Windows Server® 2012 images.

  1. Scan the image to check for corruption. This operation will take several minutes. For example, at a command prompt, type the following command:
    Dism /Online /Cleanup-Image /ScanHealth
  2. Check the image to see whether any corruption has been detected. For example, at a command prompt, type:
    Dism /Online /Cleanup-Image /CheckHealth

When you use the /CheckHealth argument, the DISM tool will report whether the image is healthy, repairable, or non-repairable. If the image is non-repairable, you should discard the image and start again. If the image is repairable, you can use the /RestoreHealthargument to repair the image.

To repair an image

  1. Use the /RestoreHealth argument to repair the image. For example, to repair an offline image using a mounted image as a repair source, at a command prompt, type the following command:
    Dism /Image:C:\offline /Cleanup-Image /RestoreHealth /Source:c:\test\mount\windows

    Or to repair an online image using some of your own sources instead of Windows Update, type:

    Dism /Online /Cleanup-Image /RestoreHealth /Source:c:\test\mount\windows /LimitAccess

    If you do not specify a /Source for the repair files, the default location for Features on Demand is used. For more information, see Configure a Windows Repair Source. If you specify more than one /Source, the files are copied from the first location where they are found and the rest of the locations are ignored. You can use /LimitAccess to prevent the DISM tool from using Windows Update as a repair source or as a backup repair source for online images.

Windows Server 2012 – Convert Full GUI server to CORE to increase security and performance


Windows Server 2008 introduced the concept of Windows Server Core. The ability to install a server with minimal gui and basically only the necessary administrative tools.

One of the more interesting new features in Windows Server 2012 is the ability to switch between a Full (GUI enabled installation) and a Core (Minimal GUI installation). What’s so special about that? Well now you can installa server with Full GUI and set it up the way you want and later remove the GUI part to increase the servers performance and security. If need be you can always activate the GUI again. This was not possible in Server 2008 and Server 2008 R2.

The way this switching back and forth is done is by removing or adding the feature labeld: User Interfaces and Infrastructure > Server Graphical Shell.

Connect to your Windows Server 2012 server.

  1. Open Server Manager.
  2. In the top right corner select Manage > Remove Roles and Features.
  3. The Remove Roles and Features wizard pops up. Click next on the Before you begin page.
  4. Select the server that this applies to.
  5. Click next on the Roles step.
  6. On the features step, scroll down to User Interfaces and Infrastructure and expand it to display the 3 sub choices.
  7. Now if you uncheck the first one “Graphical Management Tools and Infrastructure” it will automatically remove the last one “Server Graphical Shell”. This will leave you with a server with only a command prompt upon reboot.7587.ServerManager02_thumb_45816A11
  8. If you wish to have a server manager as well as a command prompt simply uncheck the last choice “Server Graphical Shell”.
  9. Click Next.
  10. Check the checkbox for “Restart the destination server automatically if required” and click Remove.
  11. Once done the server will restart and you will be left with a command prompt and a server manager.4265.ServerManager01_thumb_3183C37C
  12. If you want to be even more extreme, you remove both and will be left with a powershell command prompt ONLY upon reboot.
  13. If you removed it all and what to return to full GUI setup you simply add it back with the following command: Add-WindowsFeature Server-Gui-Shell and reboot the server.
  14. Once rebooted you will have a full GUI server again. Notice that this does not format the server or anything You can easily switch between modes when you need to.

Windows Server 2012 – Activate Active Directory Recycle Bin via GUI


The Active Directory Recycle Bin allows us to bring back deleted objects from Active Directory without loosing any object properties. (Such as SIN’s)

In past versions of Windows Server activating the Active Directory Recycle Bin on domain controllers has been a rather complicated task for your average systems manager. Basically in Server 2008 R2 you had to use Powershell to get the job done and it could be very confusing for those who aren’t to familiar with Powershell.

Thankfully in Windows Server 2012 activating the Active Directory Recycle Bin has been reduced to a 3-4 click operation that any admin MUST use on their Domain Controllers. I will describe the procedure below and if followed correctly you will have a feature on your domain controller that could potentially save your butt one day if you accidentally delete an important AD object.

Lets do it!

Connect to your Windows Server 2012 Domain Controller.

  1. Place the mouse in bottom left corner to reveal the start button.
  2. Right click on the Start icon and select Control Panel.
  3. Double-click Administrative Tools.
  4. Select Active Directory Administrative Center.
  5. Right-click on your domain in the left hand side.
  6. Select Enable Recycle Bin.
  7. If you get an error or it refuses to turn on, check your forest functional level and domain functional level as they MUST be a minimum of Server 2008 R2

Deploy printers via Group Policy

Windows GPOs

Anyone responsible for managing a Windows domain based network should be familiar with the basics of Group Policy Management, and the granular control it allows over virtually every setting available within the Windows client systems. Although quite impressive results can be achieved with old style login scripts (especially if you know vbscript), Group Policy Objects can do much more without requiring you to become a scripting expert. This particular printer challenge is a good example of how apparently complicated solutions can be achieved with a few simple GPO settings and some planning:

Deploying Printers by Using Group Policy on Windows Server 2008


To use Group Policy for printer deployment you will need to have a Windows Active Directory domain, and this article assumes that your Domain Controller is a Windows 2008 R2 Server. You will also need the Print Services role installed on a server (can be on your DC), and you will be using the Print Management and Group Policy Management consoles to configure the various settings. Its assumed that you have already followed Part One and have one or more printers shared on your server with the necessary drivers, ready to deploy to your client computers.


Planning Your Printer Deployment

The first thing you need to do is to establish your printer deployment requirements – which users or computers need access to which printers. Ideally to avoid confusion for users you don’t want to give them access to printers they will never use, especially if your network is spread over a large building or multiple sites. If you havent done so already then now would be a good time to check that the descriptions and location details of each shared printer are correctly filled out, see Part One for details of how to do this.

Group Policy Objects need to be linked to Organisational Units in your Active Directory, so in order to effectively manage your printer deployments you will need your users and computers divided into suitable OUs. This is particularly important if you want to deploy your printers according to location, so for example if you have an OU containing all the computers in the Accounts department you can then create an “Accounts printers” GPO linked to it. For larger multi-site networks its also worth noting that you can assign printer deployments GPOs to AD Sites, so that laptop users moving between sites will automatically get local printers installed for them.

Printer deployment can be applied as part of either the Computer or the User Configuration section of the GPO, or even both, so there is plenty of flexibility as to how you can set it up. There is also no requirement to create separate GPOs for the printer deployment, so if you already have them set up to configure other features on your client systems you may find it easier just to add the printer settings to your existing GPOs. However for the purposes of this guide we will create a new GPO just for our printer deployment.

GPO Network Printing

In this article we will be using a small network as our example; it has a Windows 2008 R2 Domain Controller with 20 client PCs running a mixture of Windows XP and Vista, split between two offices which each have their own printers in. One office is “Sales”, the other is “Accounts”, and because their IT requirements are quite different there are two OUs setup in the AD, not surprisingly named “Sales” and “Accounts”.

There is also one large copier/printer device which we will want to give all users access to, so our Printer Deployment GPO planning is therefore quite simple; we can have one GPO linked to the “Users” OU for the large copier/printer, and then we will have a GPO each for the “Accounts” and “Sales” OUs that deploy their respective office printers.

Creating a GPO

Once you have established your printer deployment requirements the next step will be to create the GPO that will apply the settings to the clients for us. To do this you will need to open the Group Policy Management Console (GPMC), which you should find listed underPrograms – Administrative Tools on your Domain Controller server. Expand the tree down through your domain until you can see the OU where you have decided you need to create your GPO, then right-click on it and select “Create a GPO in this domain, and Link it here….”:

GPO Network Printing

Using the example from above we will create a GPO to deploy our large printer for all users, so having right-clicked on the “Users” OU and chosen to “Create a GPO…” we will name it “Large Printer Deployment” when prompted so our GPMC now looks like this:

GPO Network Printing

Supporting Windows XP Clients

If you are fortunate enough to only have Windows Vista and later versions on your network then you can happily skip this step and proceed to the next section, as they already include support for GPO printer deployment. However if you have any Windows XP client systems, or Windows 2003 Servers (e.g. a Terminal Server) that the GPO will apply to then you need to configure your GPO to install the “pushprinterconnections.exe” utility onto them. Rather pointlessly, Windows 2008 Server only includes the 64bit version of this utility, and its highly likely that your Windows XP clients are of the 32bit variety, in which case you need to download the pushprinerconnections.exe  utility from here and extract it on your server. It’s a zip file containing the .exe why this isn’t included in server 2008 r2 is beyond me.

Now you have the vital 32bit version of the utility, right-click on your new GPO and select“Edit”, and a new window will open containing the options for your GPO. Depending on whether this is a Computer or User based policy (in our example we are applying it to Users) expand down to “Windows Settings” and then select “Scripts” and then in the righthand pane right-click on “Logon” (or “Startup” if it is a Computer policy) and select “Properties”:

Group Policy Management Editor

This will open the “Logon Properties” window (or “Startup Properties” for Computer configuration):

Group Policy Management Editor

First of all click the “Show Files” button, which will open a Windows Explorer window showing the “Logon” folder – this is in fact one of the default system shared folders on a Windows Domain Controller that clients can access during the logon process. Unless you have previously configured logon scripts or other utilities to deploy via GPO it will be empty though – you now need to copy the “pushprinterconnections.exe” file you downloaded earlier into this folder.

You can now close that folder window and return to the “Logon Properties” one, and this time click the “Add” button, which will open another window asking you for the script name and parameters. Just click the “Browse” button in that window and it should open the“Logon” folder again, this time with the “pushprinterconnections.exe” file in there. Double-click on the file to select it, leave the “Parameters” field empty and then click “Ok” to close the window. You should now see “pushprinterconnections.exe” listed in the “Scripts” section of the “Logon Properties” window and can click “Ok” to close that.

Note that for any additional printer deployment GPOs you create you should repeat this step to add the pushprinterconnections utility, it doesnt cause any problems if it ends up running twice.

Adding a printer to your deployment GPO

If you have had to edit your GPO you can now close that window and the GPMC, and instead open your Print Management console which you should be familiar with from part one of this guide. Expand the “Print Servers” section and select “Printers” to view the list of printers that you have shared in the righthand pane, then right-click the printer you wish to deploy and select “Deploy with GPO”. You should then see this window:

Add printer to Group Policy Object

Now click the “Browse” button to select the GPO you have just created, in the window that opens you may find it easier to just click the “All” tab to view all the GPOs on your domain and scroll down to the appropriate one, then select it and click “Ok”. You will then see you have two options available, to deploy the printer connection per user or per machine – check whichever your policy applies to and finally click “Ok” to close the window. It is possible to have a printer deployed via multiple GPOs if your setup requires it, as you can see the“Deploy with Group Policy” window lists them and you can also remove them from here if necessary. You may also select the “Deployed Printers” option in the Print Management console to see the complete list of printers that you have deployed via GPO.

Final Steps

You should now have successfully deployed your first printer via GPO, and if you logon to an applicable computer or as a suitable user you should see that the shared printer is available for use. If it isn’t then check the Event Logs as any error with the GPO deployment should cause an event to be logged that will indicate the source of the problem. Should you not see any printer or any warning in the Event Log then you may want to use Group Policy Modelling or the “gpresult” tool to check that the GPO is being correctly applied.

Group Policy Preferences and Setting the Default Printer

On a final note, you may encounter some guides that recommend the use of Group Policy Preferences for printer deployment instead, and in some scenarios that method does have advantages. However it is more complicated to manage and does not integrate with the Print Management console, hence why I prefer the standard Group Policy. There is one particular situation where they can be particularly useful though, which is when you need to set users’ default printer, but that is something to be covered in a separate article.

Source: Petri (Yes i don’t feel the need to reinvent the wheel just spreading the knowledge)

Microsoft Windows Server 2008 R2 Folder Redirection via Group Policy


You have a Microsoft network with Server 2008 R2 servers and Windows 7 Clients.


Users tend to login on different computers and wish to have their desktop, my documents, favorites, you name it show up on every computer.




Folder Redirection allows you as an administrator to point a number of special folders, such as Documents, Music and Downloads, to locations of your choice. The most common use of this is to locate folders such as My Documents on a network share so that it can be centrally backed up.

As of Windows Server 2008 R2, the folders you can redirect are as follows

  • AppData (Roaming)
  • Desktop
  • Start Menu
  • Documents
  • Pictues
  • Music
  • Video
  • Favourites
  • Contacts
  • Downloads
  • Links
  • Searches
  • Saved Games

There are two main methods of redirecting a folder. Firstly, you can configure a policy to redirect all users’ folders to the same place. Alternatively, you can redirect folders based on group membership of the logged on user.

Redirected Folder Interface
Redirected Folders Interface

You can redirect each of the above folders to the following places

  • A subfolder named after a username, created in a folder you specify
  • A specifically specified folder.
  • The default location (in the local user profile)

In addition, for the Documents folder, you can choose to redirect the folder to the user’s home folder, as specified in the Active Directory account.

How to redirect folders

One of the most useful things you can do is redirecting the Documents folder (or My Documents for Windows XP and earlier). This allows you to store a user’s files on a network share, rather than in their local user profile. This has a number of advantages, including allowing you to back up these files centrally, and giving users access to their files even if they log on to a number of different computers. You can couple Folder Redirection with Offline Files to ensure that people can continue to work on their files even when they are not connected to your network.

To redirect the Documents folder, open the appropriate Group Policy Object (GPO) and navigate to User Configuration\ Policies\Windows Settings\Folder Redirection, then right click on Documents and choose Properties.

Redirecting Documents
Redirecting Documents

The image above shows the most basic combination of settings. The options for Setting are:

  • Basic – Redirect everyone’s folder to the same location
    This will redirect the Documents folder to the location you specify next, for every user the policy applies to.
  • Advanced – Specify locations for various user groups
    This redirects the Documents folder to a different place depending on a particular user’s group membership.
  • Not configured
    The folder will not be redirected.

Basic Setting

When the Basic setting is selected from the options above, you must then configure a target folder location. You have three or four options in this case:

  • Redirect to the user’s home directory
    Only available if you are redirecting the Documents folder. This redirects the Documents folder to the user’s home directory, specified in their Active Directory account information.
  • Create a folder for each user under the root path
    With this option, you enter the path to a folder, and Group Policy creates a subfolder for each user, and redirects the appropriate folder there.
  • Redirect to the following location
    This option allows you to redirect a folder to a specific folder, which is the same for all users. This can be useful if you are redirecting the Desktop folder, for example, and want common items to appear on every user’s desktop.
  • Redirect to the local userprofile location
    The default option.

Advanced Setting

If you choose the Advanced setting, the options available change to the resemble the following image.

Redirecting Documents - Advanced
Redirecting Documents – Advanced

This mode allows you to specify a number of Active Directory security groups, and how to redirect folders based on a user’s membership of that group.

Redirecting Documents - Advanced - Adding a group
Redirecting Documents – Advanced – Adding a group

The options available in this dialog are the same as the options available in Basic mode.


The Settings tab allows you to configure how the folder redirection will be handled.

Redirection Settings
Redirection Settings

Grand the user exclusive rights

This setting grants the relevant user access rights to the redirected folder exclusively, removing administrators and all other users from the access control list. This option cannot be used when redirecting the Documents folder to a user’s home directory.

Move the contents of [Folder] to the new location

This option applies when the folder redirection is first applied, and moves files and folders from the default location (the user profile location) to the new redirected location. This will obviously increase logon times if there is a lot of data in whatever folder is being redirected, but is a helpful option if you are imposing folder redirection on existing users who have existing data.

Be warned, however, that if you are using this option, any files and folders in the target folder will be deleted.

Also apply redirection policy to older operating systems.

This option allows the redirection to apply to older Windows operating systems as well as Windows Vista and Windows 7. This only applies if the older operating system contains the folder you are redirecting, namely: Application data, Desktop, My Documents, My Pictures and Start Menu.

Policy Removal

This defines what should happen when the policy is removed – you can either choose to revert to the standard Windows setting of locating the relevant folder in the user’s profile, or you can choose to leave the redirection in place. Removal of the policy in this case means if policy no longer applies for any reason. This includes moving a user account to a different OU, or applying security filtering to a GPO.

The following image shows folder redirection in action on a user’s PC, having redirected Documents to a subfolder under the folder \\WIN-AR6G020D3N3\Home\

Folder Redirection in Action
I could have written all this by myself but im simply reposting from as they did a great job of explaining folder redirection.
Source: Click Here

Microsoft Windows Server 2008 R2 Allow SQL Server access through windows firewall


You have a Microsoft Windows Server 2008 R2 Server that is running a SQL Server 2008 r2 express database.


You have a branch office connected through an ipsec VPN tunnel users on that network are complaining about access to their database application returning the following error:

“The database was not found or access denied”




This usually revolves windows firewall disallowing traffic to the database. If you turn the windows firewall off on the database server you will see that users can once again access the application.

The script that is discussed in this section opens the firewall ports for SQL Server.

To create the script, follow these steps:

  1. Start Notepad.
  2. Copy and paste the following code into Notepad:
    netsh advfirewall firewall add rule name="Open Port 80" dir=in action=allow protocol=TCP localport=80
    @echo =========  SQL Server Ports  ===================
    @echo Enabling SQLServer default instance port 1433
    netsh advfirewall firewall add rule name="SQL Server" dir=in action=allow protocol=TCP localport=1433
    @echo Enabling Dedicated Admin Connection port 1434
    netsh advfirewall firewall add rule name="SQL Admin Connection" dir=in action=allow protocol=TCP localport=1434
    @echo Enabling Conventional SQL Server Service Broker port 4022
    netsh advfirewall firewall add rule name="SQL Service Broker" dir=in action=allow protocol=TCP localport=4022
    @echo Enabling Transact SQL/RPC port 135
    netsh advfirewall firewall add rule name="SQL Debugger/RPC" dir=in action=allow protocol=TCP localport=135
    @echo =========  Analysis Services Ports  ==============
    @echo Enabling SSAS Default Instance port 2383
    netsh advfirewall firewall add rule name="Analysis Services" dir=in action=allow protocol=TCP localport=2383
    @echo Enabling SQL Server Browser Service port 2382
    netsh advfirewall firewall add rule name="SQL Browser" dir=in action=allow protocol=TCP localport=2382
    @echo =========  Misc Applications  ==============
    @echo Enabling HTTP port 80
    netsh advfirewall firewall add rule name="HTTP" dir=in action=allow protocol=TCP localport=80
    @echo Enabling SSL port 443
    netsh advfirewall firewall add rule name="SSL" dir=in action=allow protocol=TCP localport=443
    @echo Enabling port for SQL Server Browser Service's 'Browse' Button
    netsh advfirewall firewall add rule name="SQL Browser" dir=in action=allow protocol=UDP localport=1434
    @echo Allowing multicast broadcast response on UDP (Browser Service Enumerations OK)
    netsh firewall set multicastbroadcastresponse ENABLE
  3. Save the file as a .txt file by using the following name: OpenSqlServerPort.txt
  4. Rename the OpenSqlServerPort.txt file to the following: OpenSqlServerPort.bat

Before you run the OpenSqlServerPort.bat script, you must copy the script to the computer that has the firewall and then run the script on that computer. To run the script, follow these steps:

  1. Click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, use the cd command to move to the folder in which you saved the OpenSqlServerPort.bat file.
  3. To run the OpenSqlServerPort.bat script, type OpenSqlServerPort.bat at the command prompt, and then press Enter.
Or simply download and run this fix it:
To fix this problem automatically, click the Fix this problem link. Click Run in the File Download dialog box, and then follow the steps in this wizard.

Fix this problem 
Microsoft Fix it 50169

Note This wizard may be in English only, but the automatic fix also works for other language versions of Windows.

Note If you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem.


Add administrators to Windows Server 2008 R2 Read Only Domain Controllers


You work for a company that has expanded to a branch office and you have a deployed a Windows Server 2008 R2 RODC (Read Only Domain Controller). You now want to add a local administrator to be able to assist in local administrative tasks. You are chocked to find that the local user and groups part of the server is missing. How to proceed?



The solution to this relies upon the command shell and i take for granted that you have some experience in using it.

On the Windows Server 2008 R2 RODC:

  1. Open up the Command Prompt by going to Start > Command Prompt.
  2. Type dsmgmt and hit enter.
  3. Now we want to add a user so we type Local Roles and hit enter. (Type ? for other options)
  4. Type add “USER TO ADD” administrators and hit enter. Replace “USER TO ADD” with your users name. (In my labb environment it would look like add ladmin administrators)
  5. Close the command prompt.

Now you have successfully added a user to the local administrators group for the RODC.

Microsoft Windows 8 Professional x64 Windows Update Error 80246003


You have a Microsoft Windows 8 Professional x64 computer and when you run Windows update your computer returns the following Error 80246003 and refuses to install updates.



The solution to this error is fairly simple and you won’t need to make changes in the system registry.

On the Windows 8 Professional x64 computer:

  1. Open up Explorer
  2. In the top-left corner select File > Open CMD > Run as Administrator.
  3. Type Net stop wuauserv and hit enter.
  4. Type cd %systemroot% and hit enter.
  5. Type Ren SoftwareDistribution SoftwareDistribution.old and hit enter.
  6. Type Net start wuauserv and hit enter.

Now go ahead and run Windows Update again on your computer and it should work properly again.

Microsoft Windows Server 2008 R2 Redirect User and Computer Default OU


You have a Microsoft Windows Server 2008 R2 DC and you want to redirect the default User and Computer OU since you usually dont prestage AD.



For this solution I’m using a Clients OU and a People OU located in the root of AD. The domain name im using as an example is the Contoso.Com domain. Depending on where your OU’s are your command vill look a tad different due to the CN.

On the Server 2008 R2 DC Machine:

  1. Click Start and in the search field type CMD
  2. Right click on CMD and choose Run as Administrator.
  3. Browse to the system32 folder by using this command: cd %systemroot%\system32
  4. Type the following to redirect the default User OU to your People OU:
    redirusr ou=People,DC=contoso,dc=com
  5. Type the following to redirect the default Computer OU to your Clients OU:
    redircmp ou=Clients,DC=contoso,dc=com
  6. After this is done go ahead and close the command prompt.

Now every user account and computer account that isn’t prestaged will wind up in the Clients and People OU. Go ahead and try joining a new pc to the domain to see for yourself.