Wednesday, December 21, 2016

Setting Up Two Factor Authentication in Office365

This post will go over the steps a person will need to take in setting up two factor authentication for Office365.  As of 2016, two factor authentication is the the most common option for secure access to cloud based systems.

Step 1: Ask your administrator to enable two factor authentication (can only be enabled by an administrator)

Step 2: Go to https://account.activedirectory.windowsazure.com/profile/

Step 3: Log in with your email address















Step 4: Click Set up now















Step 5: Set up the second authentication method.  For 99% of people, this will be a text message to your cell phone
















Step 6: Click Contact me.  You'll a code sent to your cell phone.  Enter that code on the next page to verify successful receipt of the code.  Click Verify after entering the code.
















Step 7: Click Done (you can ignore the other text in the window)

















Step 8: Click Additional Security Verification




















Step 9: Confirm that the settings look right (they should look right if you've gotten this far)






















Step 10: Click on "app passwords"






















Step 11: Click Create






















Click 12: Give the name to the app password you're creating.  With near certainty, the first one you'll want to create will be for Outlook.  You'll be creating an app password for *each* non-web based program/device you use.  You cannot reuse app passwords.  Let's say you've got a tablet, a phone, two different Outlook installations (on two different computers), and a Skype for Business installation.  That's five different programs and you'll need five separate app passwords.  I recommend naming each app password for the program you'll be using.  For example, you might call them Outlook laptop, Outlook desktop, iphone 7, Galaxy S7, iPad, Skype for Business, or something similar.





Step 13: Use the app password the system gives you and track it.  Within the next two hours, your devices (Outlook or phone or tablet etc) will prompt you for a password for your email account.  Instead of using your regular password, you'll use the app password.  You *cannot* reuse app passwords, so you should be sure to 1) make as many passwords as you need and 2) track them until you first use them (the app passwords are useless after you first use them).



Thursday, December 15, 2016

Windows 10 Upgrade tips when the upgrade process fails

My last two Windows 7 to Windows 10 upgrades have not gone smoothly.  In each case, I was running the Windows 10 upgrade for users who use the accessibility features of Windows located here:
https://www.microsoft.com/en-us/accessibility/windows10upgrade

Here are the steps I take if the computer is stuck at 0% installing Windows 10 or stops anywhere before finishing.


  1. Create a batch file with the content below and run the file as administrator
  2. Update all drivers on the machine - particularly the video card driver
  3. Make sure the C drive has at least 40 GB free
  4. run "sfc /scannow" from an elevated DOS prompt
  5. Remove any third party antivirus
  6. Log in as a user with a minimal profile
  7. Go to msconfig and under services, hide all Microsoft services and then disable all services (which will leave all MS servers enabled)
  8. Remove the computer from the domain and log in with a brand new profile with admin privileges,  

Batch file contents:


net stop wuauserv
net stop bits
net stop cryptsvc
net stop trustedinstaller
sc config cryptsvc start= auto obj= "NT Authority\NetworkService" password= a
sc config wuauserv start= auto obj= LocalSystem
sc config bits start= delayed-auto obj= LocalSystem
Sc config trustedinstaller start= demand obj= LocalSystem
Sc config eventlog start= auto
reg add HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "%systemroot%\system32\wuaueng.dll" /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\bits\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "%systemroot%\system32\qmgr.dll" /f
reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f
reg delete HKLM\COMPONENTS\PendingXmlIdentifier /f
reg delete HKLM\COMPONENTS\NextQueueEntryIndex /f
reg delete HKLM\COMPONENTS\AdvancedInstallersNeedResolving /f
sc sdset wuauserv D:(A;;CCLCSWRPLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD)
sc sdset bits D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;SAFA;WDWO;;;BA)
sc sdset cryptsvc D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
sc sdset trustedinstaller D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRRC;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;SAFA;WDWO;;;BA)
sc sdset eventlog D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;SA;DCRPWPDTCRSDWDWO;;;WD)(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
takeown /f %systemroot%\winsxs\pending.xml
icacls %systemroot%\winsxs\pending.xml /grant Administrators:(F)
icacls %systemroot%\winsxs\pending.xml /grant Administratörer:(F)
del /q %systemroot%\winsxs\pending.xml
ren %systemroot%\System32\Catroot2 oldcatroot2
ren %systemroot%\SoftwareDistribution SoftwareDistribution.old
rename \ProgramData\Microsoft\Network\Downloader Downloader.old
cd /d %windir%\system32
regsvr32.exe atl.dll /s
regsvr32.exe urlmon.dll /s
regsvr32.exe jscript.dll /s
regsvr32.exe vbscript.dll /s
regsvr32.exe scrrun.dll /s
regsvr32.exe msxml3.dll /s
regsvr32.exe msxml6.dll /s
regsvr32.exe actxprxy.dll /s
regsvr32.exe softpub.dll /s
regsvr32.exe wintrust.dll /s
regsvr32.exe dssenh.dll /s
regsvr32.exe rsaenh.dll /s
regsvr32.exe cryptdlg.dll /s
regsvr32.exe oleaut32.dll /s
regsvr32.exe ole32.dll /s
regsvr32.exe shell32.dll /s
regsvr32.exe wuapi.dll /s
regsvr32.exe wuaueng.dll /s
regsvr32.exe wups.dll /s
regsvr32.exe wups2.dll /s
regsvr32.exe qmgrprxy.dll /s
regsvr32.exe wucltux.dll /s
regsvr32.exe wuwebv.dll /s
net start eventlog
net start cryptsvc
net start bits
net start wuauserv
fsutil resource setautoreset true c:\
netsh winhttp reset proxy
bitsadmin /reset /allusers
wuauclt.exe /resetauthorization /detectnow
:MESSAGE
echo+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
echo===========================================================
echo     The commands has been succesfully executed. Hit enter to continue
echo===========================================================
echo+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Pause > Null
:end