Reset RDS Grace Period – Terminal Service

Steps to reset Remote Desktop Services

Licensing notification

Open Regedit and go to the ‘GracePeriod’ key shown below.

GracePeriod key

Give the local Administrators group ‘Full Control’ of the ‘GracePeriod’ key. It’s assumed you are a member of the local Administrators group.

Permissions for the GracePeriod key

Delete the binary data highlighted in the second image.

Reset Grace Period

Reboot the server or restart the Terminal Service.

Using PowerShell to create local user accounts

I wanted to find a simple PowerShell script to create local user accounts on unmanaged laptops.

The script needed to use the laptop serial as part of the username.

Also, the accounts shouldn’t expiry or require the user to change their password on the first login attempt.

The first test command created the account but didn’t insert the laptop serial as part of the username.

New-LocalUser -Name "test-account" -NoPassword -AccountNeverExpires -UserMayNotChangePassword -Description "test account" | Set-LocalUser -PasswordNeverExpires $true

The second script did everything required successfully, including added the laptop serial.

$Error.clear() 
$startupVariables=””
$SN = gwmi win32_bios | Select-Object -Expandproperty SerialNumber
net user student$SN /add /passwordchg:no
wmic useraccount where "name='student$SN'" set passwordexpires=false

The third script includes the user password and adds the user to the local administrators group.

$Error.clear() 
$startupVariables=””
$SN = gwmi win32_bios | Select-Object -Expandproperty SerialNumber
net user admin$SN MyPa55W0rd /add /passwordchg:no
wmic useraccount where "name='admin$SN'" set passwordexpires=false
net localgroup administrators admin$SN /add

To process the commands in one line add semicolons after each command.

$Error.clear();
$startupVariables=””;
$SN = gwmi win32_bios | Select-Object -Expandproperty SerialNumber;
net user student$SN /add /passwordchg:no;
wmic useraccount where "name='student$SN'" set passwordexpires=false

Blocking Malware & Adult Content using 1.1.1.1 for Families

Cloudflare provides ‘1.1.1.1 for Families’ as an extra layer of protection against malware and adult content.  This is an alternative to the 1.1.1.1 DNS resolver which also filters content.

This service can be used on Android, Linux, Windows, iOS, macOS and Routers.

The below guide is taken from Cloudflare Developers Docs.

Windows limited users will be unable to change these settings when devices are configured by an administrator account.

Block malware and adult content
​IPv4
Click the Start menu > Settings.

Select Network and Internet > Change Adapter Settings.

Right-click on the WiFi network you are connected to and click Properties.

Select Internet Protocol Version 4

Click Properties.

Click Use The Following DNS Server Addresses and add:

1.1.1.3
1.0.0.3

Click OK.

​IPv6
Click the Start menu > Settings.

Click Network and Internet > Change Adapter Settings.

Right-click on the Wi-Fi network you are connected to and click Properties.

Select Internet Protocol Version 6.

Click Properties > Use The Following DNS Server Addresses and add:

2606:4700:4700::1113
2606:4700:4700::1003

Click OK.

Using Command Prompt to apply DNS setting

For Windows Vista and higher (requires Admin rights).

To join multiple commands in Command Prompt use two ‘&’ signs – &&

netsh int ipv4 set dns name="Wi-Fi" static 1.1.1.3 primary validate=no
netsh int ipv4 add dns name="Wi-Fi" 1.0.0.3 index=2 validate=no

netsh int ipv6 set dns name="Wi-Fi" static 2606:4700:4700::1113 primary validate=no
netsh int ipv6 add dns name="Wi-Fi" 2606:4700:4700::1003 index=2 validate=no

Using PowerShell to apply DNS setting – both IPv4 & IPv6

Set-DNSClientServerAddress "Wi-Fi" –ServerAddresses ("1.1.1.3","1.0.0.3","2606:4700:4700::1113","2606:4700:4700::1003")

Microsoft Office LTSC Pro Plus 2021 sample student installation xml

The configuration file is suitable for organisations with an internal KMS server. Importation of the Office LTSC Professional Plus 2021 KMS key would be required.

This configuration excludes OneNote, Skype for Business & Onedrive for Business.

The Generic Volume License Key (GVLK) used is only for Office LTSC Professional Plus 2021.

Some configuration settings included don’t apply to Office LTSC 2021, such as SharedComputerLicensing and SCLCacheOverride.

The only issue I experienced with this configuration was the language ID. The installation failed when trying to use en-gb, this was the same issue as Office 2019.

<Configuration>
<Add OfficeClientEdition="64" Channel="PerpetualVL2021">
<Product ID="ProPlus2021Volume" PIDKEY="FXYTK-NJJ8C-GB6DW-3DYQT-6F7TH">
<Language ID="MatchOS" Fallback="en-us" />
<ExcludeApp ID="Groove"/>
<ExcludeApp ID="Lync"/>
<ExcludeApp ID="OneDrive"/>
<ExcludeApp ID="OneNote"/>
<ExcludeApp ID="Teams"/>
</Product>
</Add>
<Property Name="SharedComputerLicensing" Value="0" />
<Property Name="FORCEAPPSHUTDOWN" Value="FALSE" />
<Property Name="DeviceBasedLicensing" Value="0" />
<Property Name="SCLCacheOverride" Value="0" />
<Property Name="AUTOACTIVATE" Value="1" />
<Updates Enabled="TRUE" />
<RemoveMSI />
<Remove All="TRUE" />
<AppSettings>
<Setup Name="Company" Value="My School or Business Name" />
</AppSettings>
<Display Level="None" AcceptEULA="TRUE" />
</Configuration>

Schedule automatic client shutdown with Group Policy

To schedule automatic client shutdown create a new group policy or edit an existing group policy

Start editing the policy and navigate to: Computer Configuration > Preferences > Control Panel Settings >Scheduled Task

Right click on ‘Scheduled Tasks’ and select ‘New’ > ‘Scheduled Task (At least Windows 7)’

New Scheduled Task

On the General tab give the task a name. Use the account ‘NT AUTHORITY\System’ to run the task, and run the task whether the user is logged on or not.

Edit General tab

On the Triggers tab create a new trigger setting required frequency and times.

Edit new trigger

On the Actions tab create a new action. Browse to the shutdown.exe and add the arguments /f /s /t 60

Action to be carried out by scheduled task

Add conditions if you want to avoid shutting down a computer while it’s still in use by a user.

Disable Airplane Mode / WiFi Keyboard Button on Laptops using Group Policy

To disable Airplane Mode first create a new group policy or edit an existing group policy.

Start editing the policy and navigate to: Computer Configuration > Policies > Windows Settings > Security Settings > System Services

Open the ‘Radio Management Service’ properties, tick ‘Define this policy’ and select ‘Disabled’ from the select service startup mode.

Disable Radio Management Service