Windows 11 automatically restarting after install security Update — With GPO and WSUS.
Hi everyone, I’m facing a strange behavior with Windows 11 devices that receive updates through WSUS and are fully managed via Group Policy. Here’s the scenario: We have a GPO configured as follows: -Configure Automatic Updates → 4 (Auto download and schedule the install) -Scheduled installation every day at 10:00 -Install during automatic maintenance → disabled -Active Hours configured -Turn off auto-restart for updates during active hours → Enabled -Update deadlines set to 0 (to avoid any forced restart) -No other restart-related policies set in the domain Even with this configuration, after updates are installed, Windows 11 shows the following message: “Your organization manages update settings. We will restart and install this update at X minutes.” And then the device automatically restarts, even when: -a user is logged in -it is outside Active Hours -deadlines are disabled -no-auto-restart is enabled This behavior does not happen on Windows 10 — only on Windows 11.
Breaking Certutil changes in WS2025
I noticed yesterday that a certutil command I thought I could always rely on no longer works in Server 2025: >certutil -cainfo xchg CertUtil: -CAInfo command FAILED: 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER) CertUtil: The parameter is incorrect. Executing certutil -cainfo xchg was a handy command which would ask the local certificate authority to output it's current CA Exchange certificate in Base64 format. If the CA didn't have a valid exchange cert at the time, it would immediately create a new one. Think of a CA Exchange certificate as a short-lived TLS cert which the CA provides clients when they need to upload private key material for archival. Anyway, looking at the help for certutil, the command still exists, however, it requires a new parameter: xchg [Index] -- CA exchange cert So, I figured [Index] had to refer to the CA certificate index. When you initially deploy an ADCS certification authority, the CA's initial certificate is at index 0. When you renew/re-key the CA, the new CA cert is at index 1. I tried using 0 for the [Index] parameter. No dice: >certutil -cainfo xchg 0 CertUtil: -CAInfo command FAILED: 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER) CertUtil: The parameter is incorrect. I can't think of what else that parameter would be. Has anyone been able to successfully used this command on WS2025? If so, please share how!LAPS: Meaning of Setting - Short words with unique prefixes
The update to LAPS for Windows 11 24H2 and Windows Server 2025 introduced new configuration options including the ability to use passphrases rather than passwords. Operationally this is add some benefits. However, the official documentation - https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-concepts-passwords-passphrases#passphrase-word-lists doesn't provide a very good explanation for the setting "Short words with unique prefixes" The examples in the documentation and observations from implementation do not align with the short description. For example, from implementation: IodineIslandNectarRagweedCivilianZillion The word phrases are not exactly short; 6+6+6+7+8+7 = 40 characters, and nor is their a unique prefix. Does anyone have a better explanation as to the meaning of passwordcomplexity setting 8 in LAPS (post 24H2)? Cheers Paul P.S. the LAPS password above is no longer valid as it has been rotated.Deploying Multiple NPS Servers
I have been working on ditching our password-based WiFi with WPA2-Enterprise. On DC1 I deployed internal CA, NPS, and group policies that auto-request certs and deploy wireless network settings. Cisco AP is pointed to DC1 as the radius server. NPS has been registered in AD and wireless network policy has been created. Test laptops get their cert and connect just fine. It's working. For redundancy, I installed NPS on DC2. This NPS instance has also been registered in AD, and I imported the NPS config from DC1 to DC2 NPS. Cisco AP has DC1 as first radius server and DC2 as second radius server. If I stop NPS on DC1 to force the Cisco AP to authenticate against DC2, test laptops won't authenticate and connect. What am I missing? They're configured exactly the same (except DC1 hosts the CA...I was under the assumption the CA is AD integrated).
Unable to download Windows 11 Client Arm64 Insider Preview Dev Channel Edition
Error We are unable to complete your request at this time. Some users, entities and locations are banned from using this service. For this reason, leveraging anonymous or location hiding technologies when connecting to this service is not generally allowed. If you believe that you encountered this problem in error, please try again. If the problem persists you may contact page for assistance. Refer to message code 715-123130 and c21934f3-66c0-43e3-9e88-c5869adeae48. I am in the US and simply want to download this. Please provide a usable link without restrictions.How to Reset Windows Server 2008 R2 Administrator Password?
I am struggling to reset the administrator password on my Windows Server 2008 R2 machine. Unfortunately, I do not remember the password and cannot access the system. I have tried use a password reset disk or access the built-in administrator account, but have been unsuccessful thus far. I am worried about losing access to critical files and applications as a result of being unable to log in. Therefore, I am seeking advice and guidance on the most effective and secure way to reset administrator password for Windows Server 2008 R2. I am hoping that other forum members who have encountered similar issues in the past can share their experiences and offer tips and solutions. Thanks.Allow to take RDP from Laptop only and not from IP
Hello Experts, We have scenario where , We want to Allow to take RDP from His Laptop only. Which mean user is allowed to take of RDP of Some Server only from his Laptop and not from any other Computers. We have already checked for Windows firewall but it is working for IP based , and We want for Machine based. as user is roaming between Offices. Please suggest if there is any GPO or Policy or Firewall Rule using which If possible to take RDP using Machine based and not IP based. Thanks
