Category: Operating System

This was a fun one to track down.  When we did in-place upgrades on Windows 8.1 to Windows 10 1703, we never got this “Choose privacy settings for your device” screen.  However, going from 8.1 to 1803, this screen will appear once for the first user who logs in with local administrative rights (even though we define certain privacy settings through GPO):

Trying to track this down was hard, but I was inspired by this post on Reddit.

The first stab I tried was logging in as a regular user, running ProcMon and then trying to filter on the registry write operations, but even then, it was too much noise (60K+ events).  I then tried another approach.  When you click the Accept button, there’s a UAC prompt that comes up with a title of “User settings: OOBE”.  I made note of the word “OOBE” and cancelled it making changes. I ran Process Explorer as admin logged in as a regular user, then switched over to logging in as an administrator until I got the privacy screen, switched back to the regular user and then did a search for “OOBE” in the process list.  One of the processes that came up was svchost.exe and it had the following key open:

HKLM\Software\Microsoft\Windows\CurrentVersion\OOBE\Stats

I drilled around in this parent key and found this setting:

HKLM\Software\Microsoft\Windows\CurrentVersion\OOBE\PrivacyConsentStatus

Ah ha!  It was set to REG_DWORD 2, so I set it to 1 and tried logging in again as an administrator.  No prompt to set privacy settings!  I deleted the whole PrivacyConsentStatus key and the prompt still did not show up.  I went back and set PrivacyConsentStatus to 2, logged off and back on, privacy settings page showed back up, I clicked the Accept button on the privacy page and then went back to this registry key to see the results.  PrivacyConsentStatus was set back to 1 and a new entry called PrivacyConsentSID was created with a REG_SZ value with my user account SID.  I deleted PrivacyConsentSID and it seemed to have no effect on the system.

The fix is simple: copy the following into a REG file and then fire it towards the end of OSD

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE]
"PrivacyConsentStatus"=dword:00000001

• Soli Deo Gloria

Case of the unexplained: Windows troubleshooting with Mark Russinovich https://youtu.be/qouxznNC2XU 

-Soli Deo Gloria

This was an interesting one.  I was converting some computers over from an older domain to a new one and was getting this logged in as a non-admin user when trying to change the domain membership:

Attempts to do a runas on Command Prompt ended up with this even more bizarre error message:

At first I thought it was the OS being corrupted on the computer, but I encountered this error on more and more computers.  If I logged in as a user with administrator rights, everything worked fine.

After digging for a while, I figured this had to be a UAC policy as we don’t use AppLocker.

The issue: https://msdn.microsoft.com/en-us/library/cc232762.aspx

ConsentPromptBehaviorUser

Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value: “ConsentPromptBehaviorUser”

0x00000000
This option SHOULD be set to ensure that any operation that requires elevation of privilege will fail as a standard user.

0x00000001
This option SHOULD be set to ensure that a standard user that needs to perform an operation that requires elevation of privilege will be prompted for an administrative user name and password. If the user enters valid credentials, the operation will continue with the applicable privilege.

The previous IT staff (who are no longer here) had set a policy disabling UAC elevation.  Doing so causes all kinds of crazy error messages like this one.  Why would they do that?  Well, the one guess I can come up with is that they didn’t want help desk calls from people encountering a UAC prompt. Of course, this also interferes with any IT staff attempting to do any work as all attempts to elevate to admin are blocked.

Some users had admin rights and some didn’t…the ones that didn’t were the ones where this issue was popping up on.  Thankfully, this policy isn’t set in the new domain.

• Soli Deo Gloria

This was unique one.  Had a user that kept running out of disk space.  Plan was to image her drive to a bigger drive (150GB SATA to 500GB SATA).  Problem? She works past 5PM, no upcoming vacation.

DISK2VHD to the rescue!  We can use this program to dump a copy of the disk to a VHD file to a network location after hours.  Imaging 109GB over a 1 Gigabit network took about 2 hours.  Note that Windows 7 can mount VHDs, but not VHDXs.  If you are an idiot like me: you can convert a VHDX file back to a VHD file using the command Convert-VHD within PowerShell on Windows 10.

Now we mount the VHD as a drive in Windows using the disk management snap-in (diskmgmt.msc).  Then I used AOMEI’s Backupper to do a disk to disk clone. The resulting copy needed a partition resize to use all available space on the new disk, so I had to blow away the 300MB Bitlocker partition at the end to expand it in disk management (we don’t use Bitlocker on desktops).

Pop in it and boom: works!

This also works for P2P conversions.  I took a guy from an Optiplex 745 to Optiplex 3020 using the same method.  Upon booting Windows, I got the the famous 7B BSOD.  I used the P2P adjust feature from Paragon’s Hard Drive Manager 15 Professional and was up and running after adding the correct drivers.

-Soli Deo Gloria

 

Got to love Group Policy sometimes.  We wanted to disable the setting “Access data sources across domains” under Internet Explorer>Security>Local intranet>Custom Level.  So of course we set the GPO “Access data sources across domains” to disabled and …it doesn’t work!  Users can still toggle the setting and we are still getting pop-ups in Internet Explorer.  The solution?  Enable the policy so you can disable it.  Yup!  Set it to enabled, then click the dropdown box and pick disabled.

Is this some voodoo Vulcan logic being used here?

– Soli Deo Gloria

Nice 10 part series on how to use the Sysinternals tools: http://www.howtogeek.com/school/sysinternals-pro/

• Soli Deo Gloria