Page 1
Standard

Rejoin computers in domain without restart

Method 1:

The trust relationship between this workstation and the primary domain failed.

trust1

Due to this error you cannot login into server or computer with domain credentials. In old days I had to disjoin this server or computer from domain, reboot and rejoin again. This was big headache for Mission Critical servers. If you like using Powershell for system management it is very easy to rejoin computer account to domain without restarting server. You must have at least Powershell version 3 to use this command which is by default there in windows 2012 server version and windows 8.
Once powershell is fired up you have to just run below command to rejoin computer into domain without restart.
 trust2
It will simply repair broken computer account password on your computer. and will give message True. Once this is done and you can logoff and test logging with your Domain account.
Method 2:
Reset-ComputerMachinePassword -Credential (Get-Credential)

Once you execute it will ask for your domain admin username and password.

trust3

 

Standard

Sharepoint 2010: Search DB Crawl Store is to large

What’s in Search Crawl SQL database anyway?

Inside are information about status, time etc. found by crawling.

average size for crawl = 0,046 * (content SQL DB)

How to reduce size of Crawl Search SQL DB?

From SharePoint 2010 we can use Health Analyzer for reducing big sized Crawl Search DB. If you for any reason stop crawling scheduled job or remove crawled content then sometimes indexing generates too big search database.

Or it might be fragmented indices. In this case just found rule Search in Health Analyzer and set the rule, that will automatically defrag if many fragmented indices are found.

Search Crawl database often have plenty of empty space. If with defragmentation we didn’t get wanted result, than you can restore crawl db in 2 different ways.

In SharePoint admin console:

Central Administration found Search Administration
Stop All Crawl in content Sources
In Index reset undo Deactivate search alerts during reset in click on Reset Now

In SQL server:

Found Search DB Crawl and open All Tasks – Shrink – Database: undo Reorganize files before releasing unused space
Again for All Tasks – Shrink – Files: undo Release unused space files before releasing unused space

Standard

Create KMS SRV records in DNS

This post’s goal is to show you how you can configure the DNS SRV records in order for clients to be able to automatically detect the KMS server in the environment.

  1. Open the DNS mmc.
  2. Expand the DNS Zone to the domain required.
  3. Right-click on the “_tcp folder”, select “Other New Records”.
  4. As new record type, pick Service Location (SRV).
  5. Fill in the following information for the new record:
  • Service: “_VLMCS” (Not in the drop down list, type it in and be sure to include the underscore.
    Protocol: _tcp
    Port: 1688
    Priority: # (Can be left at 0 or changed according to your needs)
    Host offering the service: your_servers’_FQDN. (IMPORTANT: Be sure to include the dot at the end of the FQDN.

This procedure is also for a second KMS host. Let’s say you have dynamic updates in your DNS, and your first KMS host actually created the records automatically and everything in the environment is working.

In case you would like to add a seconday KMS host for redundancy, you will have to create the second KMS host manually.

Standard

How to open the firewall port for SQL Server

This script opens the firewall ports for SQL Server.

To create the script, follow these steps:

Start Notepad.
Copy and paste the following code into Notepad:

netsh advfirewall firewall add rule name=”Open Port 80″ dir=in action=allow protocol=TCP localport=80

@echo ========= SQL Server Ports ===================
@echo Enabling SQLServer default instance port 1433
netsh advfirewall firewall add rule name=”SQL Server” dir=in action=allow protocol=TCP localport=1433
@echo Enabling Dedicated Admin Connection port 1434
netsh advfirewall firewall add rule name=”SQL Admin Connection” dir=in action=allow protocol=TCP localport=1434
@echo Enabling Conventional SQL Server Service Broker port 4022
netsh advfirewall firewall add rule name=”SQL Service Broker” dir=in action=allow protocol=TCP localport=4022
@echo Enabling Transact SQL/RPC port 135
netsh advfirewall firewall add rule name=”SQL Debugger/RPC” dir=in action=allow protocol=TCP localport=135
@echo ========= Analysis Services Ports ==============
@echo Enabling SSAS Default Instance port 2383
netsh advfirewall firewall add rule name=”Analysis Services” dir=in action=allow protocol=TCP localport=2383
@echo Enabling SQL Server Browser Service port 2382
netsh advfirewall firewall add rule name=”SQL Browser” dir=in action=allow protocol=TCP localport=2382

Save the file as a .bat file by using the following name: OpenSqlServerPort.bat

Standard

How to enable Remote Desktop remotely using Powershell

In Windows Server 2012, remote management is enabled by default but not Remote Desktop. To enable RDP on the server, add the target server to the Server Manager and run remote Powershell console.

On the remote Powershell console, enable remote desktop and firewall using the following cmdlets:

1) Enable Remote Desktop
set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server’-name “fDenyTSConnections” -Value 0

2) Allow incoming RDP on firewall
Enable-NetFirewallRule -DisplayGroup “Remote Desktop”

3) Enable secure RDP authentication
set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “UserAuthentication” -Value 1

Standard

Configuring Domain Controller and Standalone Server To NTP Server

What Was doing is that to point the PDC Emulator to NTP Time Server. In some large environment, by identifying the Server that hold PDC Emulator of domain controller is vital.

To point the domain controller to NTP Time Server is either to edit the Registry or using Command.

By Using Command is simple,

w32tm /config /syncfromflags:manual /manualpeerlist:192.168.1.10

However, I prefer to edit Registry. Before I modify the registry, I backup the servers and export the registry. This is to restore back if something failure.

1. Run Regedit

2. Expand the tree and find the registry key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type

Change from NT5DS to NTP

3. change the Announce Flags at the registry key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\AnnounceFlags

Edit the DWORD Value to 5. notice that the default value is “a”

4. Enable the NTP Server at the registry key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProvides\NTPServer\Enabled

Change the value from 0 to 1

5. Change the NTPServer IP at the registry key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\NtpServer

Change from time.windows.com,0x1 to the IP address of NTP time Server. For example,  192.168.1.1,0×1

6. Stop and Start the Service

Net Stop W32time

Net Start W32time

Here is the result below:

NTP1

For synchronizing the time on the domain members and other domain controller / child domain controller, you need to wait 15-30 minutes to update or you can manually sync using command below:

w32tm /resync

For Standalone Workgroup Server, There are 2 option: 1. Point Directly to NTP Time Server or 2.Point and Synchronize to the PDC domain controller. So,  I just need to point not directly to NTP Time Server because in my environment, it has the domain controller.

how and I going to do it?

1. Edit and Modify the Registry at

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\NtpServer

Change from time.windows.com,0x1 to the IP address of NTP time Server. For example,  my domain contrller is 192.168.1.10, so therefore I just put as 192.168.1.10,0×9

Here is the result I get,

NTP2

I wasn’t expected this output above. The source should be 192.168.1.10,0×9

I got so many tested this thing where I also tried to change from “0x9″ to “0x8″ and suddenly it works. and when I reverted back to 0x9, it did not work.

The funny thing also I put FQDN of the domain controller (192.168.1.10 dcexc.netoverme.info) in to the host file (c:\windows\system32\drivers\etc\hosts) and it works.

then I remove the FQDN dcexc.netoverme.info from the Hosts File and it did not work. well, that’s funny. I suspect is that connectivity problem and having delay updating and synchronise to the domain controller, after I kept repeating running the

“w32tm /query /status ” and then it works..

the output should be like below:

NTP3

Also check the Event viewer (Event ID 37) where it validates the time synchronization.

NTP4

 

Standard

Seize the Operations Master Role

You can use the Ntdsutil.exe command-line tool to transfer and seize any operations master (also known as flexible single master operations or FSMO) role. You must use Ntdsutil.exe to seize the schema operations master, domain naming operations master, and relative ID (RID) operations master roles. When you use Ntdsutil.exe to seize an operations master role, the tool first attempts a transfer from the current role owner. If the current role owner is not available, the tool seizes the role.

When you use Ntdsutil.exe to seize an operations master role, the procedure is nearly identical for all roles. For more information about using Ntdsutil.exe, type ? at the ntdsutil: command prompt.

To seize an operations master role

  1. Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. At the command prompt, type ntdsutil, and then press ENTER.
  3. At the ntdsutil: prompt, type roles, and then press ENTER.
  4. At the fsmo maintenance: prompt, type connections, and then press ENTER.
  5. At the server connections: prompt, type connect to server <servername> (where <servername> is the name of the domain controller that will assume the operations master role), and then press ENTER.
  6. After you receive confirmation of the connection, type quit, and then press ENTER.
  7. Depending on the role that you want to seize, at the fsmo maintenance: prompt, type the appropriate command, and then press ENTER.

    Role Credentials Command
    Domain naming master Enterprise Admins Seize naming master
    Schema master Enterprise Admins Seize schema master
    Infrastructure master Domain Admins Seize infrastructure master
    Primary domain controller (PDC) emulator Domain Admins Seize pdc
    RID master Domain Admins Seize rid master

    The system asks for confirmation. It then attempts to transfer the role. When the transfer fails, some error information appears and the system proceeds with the seizure of the role. After the seizure of the role is complete, a list of the roles and the Lightweight Directory Access Protocol (LDAP) name of the server that currently holds each role appears.

    During seizure of the relative ID (RID) operations master role, the current role holder attempts to synchronize with its replication partners. If it cannot establish a connection with a replication partner during the seizure operation, it displays a warning and asks for confirmation that you want the seizure of the role to proceed. Click Yes to proceed.

  8. Type quit, and then press ENTER. Type quit again, and then press ENTER to exit Ntdsutil.exe.
Standard

Local Domain groups, Global groups and Universal groups.

Types of Groups

Security groups are used to control access to resources.
Security groups can also be used as email distribution lists.Distribution groups can be used only for email distribution lists, or simple administrative groupings.
Distribution groups cannot be used for access control because they are not “security enabled.”

Group Scope

Universal groups
Provide a simple ‘does everything’ group suitable mainly for small networks. Typically, organizations using WANs should use Universal groups only for relatively static groups in which memberships change rarely. Changes in membership will impose global catalog replication throughout an entire enterprise.

Global groups
Provide domain-centric membership, place all user accounts into Global groups. Global groups can be nested within other Global groups, this may be particularly useful when delegating OU administrative functionality.

It can be useful to give each Global group a name that is meaningful to the staff involved, i.e. matching the name of a Team or a Project, particularly if the group is also to be used as an email distribution list.

Domain Local groups
Used for the direct assignment of access permissions on files, printer queues, and other such resources.

It can be useful to give each Domain Local group a name that is meaningful to the IT Operations team e.g. if a group assigns rights to a shared folder on a specific server then the group name might include a prefix or suffix indicating the server name.

Local groups
Stored on the local SAM (Local Computer) use for security settings that apply just to this one machine.
Local groups will work even if the network becomes unavailable, e.g. during a disaster recovery exercise.

 

Best Practice

Place users in Global groups, nest those inside Domain Local groups which in turn are used to apply permissions, as shown below. This will also maximise performance in a multi-domain forest.

syntax-groups

Group membership is evaluated when a user logs on to a domain. To be sure that any membership changes have taken effect, ask the users to log-off. In contrast ACL changes or permissions applied directly to User accounts will take place immediately.
Granting permissions using a group from a different domain is only possible where a trust relationship exists between the domains.

 

Nesting one Group within another with a different scope

Rules that govern when a group may be added to another group (same domain):

– Global groups can be nested within Domain Local groups, Universal groups and within other Global groups in the same domain.

– Universal groups can be nested within Domain Local groups and within other Universal groups in any domain.

– A Domain Local group cannot be nested within a Global or a Universal group.

syntax-groupnesting

Rules that govern when a group may be added to another group (different domain):

– Domain Local groups can grant access to resources on the same domain. For example a Domain Local group named Sales on the raylin.local domain can only grant access to resources on that domain, and not on raylin.com– Domain Local groups can accept anything, except for Domain Local groups from another domain. Domain Local groups accept user accounts from any domain.- Global groups can grant access to anything, including files/folders in any domain.- Global groups cannot be nested across domains. You cannot take a Global group from raylin.local, and nest it within another Global group in raylin.com.- A user or computer account from one domain cannot be nested within a Global group in another domain- Universal groups accept user/computer accounts from any domain. A Global group can also be nested within a Universal group (from any domain).
A Universal group can be nested within another Universal group or Domain Local group in any domain.

 

Members – who can join a group:

Group Scope Location Local Users can join? Domain Users can join? User accounts from another domain? Local Computer accounts Domain Computer accounts Computer accounts from another domain Machine Local groups Domain Local groups Global groups Universal groups
Machine Local Stored in local sam database Yes Yes No No No Yes Yes Yes
Domain Local Stored in AD No Yes Yes No Yes Yes No Yes
(same domain)
Yes Yes
Global Stored in AD No Yes No No Yes No No No Yes
(same domain)
No
Universal Stored in AD No Yes Yes No Yes Yes No No Yes Yes

Resources that a group may grant access to:

Group Scope Location Can act as distribution list? File Permissions (local machine) File Permissions Domain Fileserver File/Printer SHARE permissions Can be Mail enabled Can use to assign Mailbox permissions Permissions on Active Directory objects
Machine Local Stored in local sam database No Yes No Yes
(same machine only)
No No No
Domain Local Stored in AD Yes Yes Yes Yes Yes Yes Yes*
Global Stored in AD Yes Yes Yes* Yes* Yes Yes Yes
Universal Stored in AD Yes Yes Yes* Yes* Yes Yes Yes

* Possible but not recommended by Microsoft.

Admin rights

To modify groups in AD, you must be a member of the Account Operators group, the Domain Admins group, or the Enterprise Admins group, or you must have been delegated the appropriate authority.

Standard

Command-line Powercfg

The following command-line options are available for powercfg.

powercfg [-l ] [-q ] [-x ] [-changename ] [-duplicatescheme ] [-d ] [-deletesetting ] [-setactive ] [-getactivescheme ] [-setacvalueindex ] [-setdcvalueindex ] [-h ] [-a ] [-devicequery ] [-deviceenablewake ] [-devicedisablewake ] [-import ] [-export ] [-lastwake ] [-?] [-aliases ] [-setsecuritydescriptor ] [-getsecuritydescriptor ]

So having delved into this utility a little more – here are my top commands for powercfg ready to use in your scripts:

sets the power configuration to High Performance
powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c

tweaks the basic power settings
powercfg -change -hibernate-timeout-ac 0
powercfg -change -hibernate-timeout-dc 0

turns hibernation off
powercfg -hibernate OFF

require password when console wakes up (0=false, 1=true)
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c fea3413e-7e05-4911-9a71-700331f1c294 0e796bdb-100d-47d6-a2d5-f7d2daa51f51 0
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c fea3413e-7e05-4911-9a71-700331f1c294 0e796bdb-100d-47d6-a2d5-f7d2daa51f51 0

also needed to show up on Power Menus…
powercfg -setacvalueindex 381b4222-f694-41f0-9685-ff5bb260df2e fea3413e-7e05-4911-9a71-700331f1c294 0e796bdb-100d-47d6-a2d5-f7d2daa51f51 0
powercfg -setdcvalueindex 381b4222-f694-41f0-9685-ff5bb260df2e fea3413e-7e05-4911-9a71-700331f1c294 0e796bdb-100d-47d6-a2d5-f7d2daa51f51 0

power plan type (0=power saver, 1=high performance, 2=balanced)
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c fea3413e-7e05-4911-9a71-700331f1c294 245d8541-3943-4422-b025-13a784f679b7 1
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c fea3413e-7e05-4911-9a71-700331f1c294 245d8541-3943-4422-b025-13a784f679b7 1

hard disk timeout
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 0012ee47-9041-4b5d-9b77-535fba8b1442 6738e2c4-e8a5-4a42-b16a-e040e769756e 0
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 0012ee47-9041-4b5d-9b77-535fba8b1442 6738e2c4-e8a5-4a42-b16a-e040e769756e 0

wireless adapter power (0=max perf, 1=low power saving, 2=med power saving, 3=max power saving)
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0

sleep timeout
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 238c9fa8-0aad-41ed-83f4-97be242c8f20 29f6c1db-86da-48c5-9fdb-f2b67b1f44da 0
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 238c9fa8-0aad-41ed-83f4-97be242c8f20 29f6c1db-86da-48c5-9fdb-f2b67b1f44da 0

close action (0=do nothing, 1=sleep, 2=hibernate, 3=shutdown)
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 0
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 0

also needed to show up on Power Menus…
powercfg -setacvalueindex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 0
powercfg -setdcvalueindex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 0

processor power cstate (0,1=power saver, 2,3=balanced, 4,5=high perf)
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 54533251-82be-4824-96c1-47b60b740d00 68f262a7-f621-4069-b9a5-4874169be23c 4
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 54533251-82be-4824-96c1-47b60b740d00 68f262a7-f621-4069-b9a5-4874169be23c 4

minimum processor state
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 54533251-82be-4824-96c1-47b60b740d00 893dee8e-2bef-41e0-89c6-b55d0929964c 100
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 54533251-82be-4824-96c1-47b60b740d00 893dee8e-2bef-41e0-89c6-b55d0929964c 100

processor power perfstate settings
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 54533251-82be-4824-96c1-47b60b740d00 bbdc3814-18e9-4463-8a55-d197327c45c0 4
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 54533251-82be-4824-96c1-47b60b740d00 bbdc3814-18e9-4463-8a55-d197327c45c0 4

monitor timeout
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 7516b95f-f776-4464-8c53-06167f40cc99 3c0bc021-c8a8-4e07-a973-6b14cbcb2b7e 0
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 7516b95f-f776-4464-8c53-06167f40cc99 3c0bc021-c8a8-4e07-a973-6b14cbcb2b7e 0

multimedia settings (0=take no action, 1=prevent computer from sleeping, 2=enable away mode)
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 9596fb26-9850-41fd-ac3e-f7c3c00afd4b 03680956-93bc-4294-bba6-4e0f09bb717f 2
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 9596fb26-9850-41fd-ac3e-f7c3c00afd4b 03680956-93bc-4294-bba6-4e0f09bb717f 2

set the absentia power scheme (the scheme used when no one is logged in)
powercfg -setabsentia 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c

Standard

Control Panel Applets and Command Line Launch

Here is a list of Control Panel command line syntax for Windows 8 and Windows Server 2012.

Control Panel Applet Command
Action Center control /name Microsoft.ActionCentercontrol wscui.cpl
Add Features to Windows 8 control /name Microsoft.WindowsAnytimeUpgrade
Administrative Tools control /name Microsoft.AdministrativeToolscontrol admintools
AutoPlay control /name Microsoft.AutoPlay
Biometric Devices control /name Microsoft.BiometricDevices
BitLocker Drive Encryption control /name Microsoft.BitLockerDriveEncryption
Bluetooth Devices control bthprops.cpl
Color Management control /name Microsoft.ColorManagement
Credential Manager control /name Microsoft.CredentialManager
Date and Time control /name Microsoft.DateAndTimecontrol timedate.cplcontrol date/time
Default Programs control /name Microsoft.DefaultPrograms
Device Manager control /name Microsoft.DeviceManagercontrol hdwwiz.cpldevmgmt.msc
Devices and Printers control /name Microsoft.DevicesAndPrinterscontrol printers
Display control /name Microsoft.Display
Ease of Access Center control /name Microsoft.EaseOfAccessCentercontrol access.cpl
Family Safety control /name Microsoft.ParentalControls
File History control /name Microsoft.FileHistory
Flash Player Settings Manager control flashplayercplapp.cpl
Folder Options control /name Microsoft.FolderOptionscontrol folders
Fonts control /name Microsoft.Fontscontrol fonts
Game Controllers control /name Microsoft.GameControllerscontrol joy.cpl
Get Programs control /name Microsoft.GetPrograms
Home Group control /name Microsoft.HomeGroup
Indexing Options control /name Microsoft.IndexingOptions
Infrared control /name Microsoft.Infraredcontrol irprops.cplcontrol /name Microsoft.InfraredOptions
Internet Options control /name Microsoft.InternetOptionscontrol inetcpl.cpl
iSCSI Initiator control /name Microsoft.iSCSIInitiator
Keyboard control /name Microsoft.Keyboardcontrol keyboard
Language control /name Microsoft.Language
Location Settings control /name Microsoft.LocationSettings
Mail control mlcfg32.cpl
Mouse control /name Microsoft.Mousecontrol main.cplcontrol mouse
Network and Sharing Center control /name Microsoft.NetworkAndSharingCenter
Network Connections control ncpa.cplcontrol netconnections
Network Setup Wizard control netsetup.cpl
Notification Area Icons control /name Microsoft.NotificationAreaIcons
Offline Files control /name Microsoft.OfflineFiles
Pen and Touch control /name Microsoft.PenAndTouchcontrol tabletpc.cpl
Performance Information and Tools control /name Microsoft.PerformanceInformationAndTools
Personalization control /name Microsoft.Personalizationcontrol desktop
Phone and Modem control /name Microsoft.PhoneAndModemcontrol telephon.cpl
Power Options control /name Microsoft.PowerOptionscontrol powercfg.cpl
Printers and Faxes control printers
Programs and Features control /name Microsoft.ProgramsAndFeaturescontrol appwiz.cpl
Recovery control /name Microsoft.Recovery
Region control /name Microsoft.RegionAndLanguagecontrol intl.cplcontrol international
RemoteApp and Desktop Connections control /name Microsoft.RemoteAppAndDesktopConnections
Scanners and Cameras control /name Microsoft.ScannersAndCameras
Screen Resolution control desk.cpl
Sound control /name Microsoft.Soundcontrol mmsys.cpl
Speech Recognition control /name Microsoft.SpeechRecognition
Storage Spaces control /name Microsoft.StorageSpaces
Sync Center control /name Microsoft.SyncCenter
System control /name Microsoft.System
System Properties control sysdm.cpl
Tablet PC Settings control /name Microsoft.TabletPCSettings
Task Scheduler control schedtasks
Taskbar control /name Microsoft.Taskbarrundll32.exe shell32.dll,Options_RunDLL
Taskbar and Start Menu control /name Microsoft.TaskbarAndStartMenurundll32.exe shell32.dll,Options_RunDLL
Text to Speech control /name Microsoft.TextToSpeech
Troubleshooting control /name Microsoft.Troubleshooting
User Accounts control /name Microsoft.UserAccountscontrol userpasswords
Windows 7 File Recovery control /name Microsoft.BackupAndRestore
Windows Anytime Upgrade control /name Microsoft.WindowsAnytimeUpgrade
Windows CardSpace control /name Microsoft.CardSpacecontrol infocardcpl.cpl
Windows Defender control /name Microsoft.WindowsDefender
Windows Firewall control /name Microsoft.WindowsFirewallcontrol firewall.cpl
Windows Mobility Center control /name Microsoft.MobilityCenter
Windows Sidebar Properties control /name Microsoft.WindowsSidebarProperties
Windows SideShow control /name Microsoft.WindowsSideShow
Windows Update control /name Microsoft.WindowsUpdate