Windows 10 reset forgotten local user password

  1. Download Microsoft media creation tool and create boot usb flash or dvd
  2. Boot PC with usb flash/dvd
  3. Switch to recovery mode – run with command line
  4. > cd Windows\System32
  5. > ren utilman.exe utilman.exe.bak
  6. > copy cmd.exe utilman.exe
  7. Reboot PC
  8. Wait until login screen present and click on ease of access
  9. > net user “myLogin” newpassword

10. Here you go with your “newpassword”

WMIC network, #NIC, services

Very simple but useful command wmic #wmic

Last time we’ve learnt, how to run wmic under user profile – (run cmd as different user – Admin).

Today let me show, how to run wmic on the remote machine.

Magic syntax is /node:PC_Name

easy to start/stop local/remote service (for example Themes)

wmic /node:PC001 process call create “net stop/start Themes”

enable/disable particular NIC (as different user, or remotly)

wmic (/node:PCxxx) nic get name, index

wmic /node:PC002 path win32_networkadapter where index=2 call enable/disable

(restart needed)

Zabbix Appliance 4.4.0 # VMWare

Download a .vmdk of Zabbix appliance. Create the new virtual machine. (For me was necessary to change SCSI type to LSI Logic Parallel instead SAS) 😦

1. Login as a root: appliance/zabbix

2. set static IP:

* cd /etc/network
* sudo vi interfaces (make sure to know, how to move in Vi editor)
* iface ens160 (eth0 or ensX) inet static
   set IP, mask, gateway

* sudo /etc/init.d/networking restart

Check IP:

* ifconfig -a

3. http://ipaddress/zabbix

login: Admin/zabbix

A. create host = server, PC etc. (item = service etc.)

B. add some template (ICMP Ping etc.)

C. create trriger to host or item

D. create an Action (alert e-mail or sms)

Anyway follow the offical Zabbix Documentation 4.4.





Change Active Directory Group type

Modify Active Directory Group type from Global Security do Domain Local etc.



Get-ADGroup -Filter ‘GroupCategory -eq “Security” -and GroupScope -eq “Global”‘ -SearchBase ‘OU=groups,Ou=domain,DC=domain,DC=local’ | Set-ADGroup -GroupScope Universal




Get-ADGroup -Filter ‘GroupCategory -eq “Security” -and GroupScope -eq “Universal”‘ -SearchBase ‘OU=groups,OU=domain,DC=domain,DC=local’ | Set-ADGroup -GroupScope Domainlocal




Get PC from AD which are not renamed

PowerShell Script which find PC with wrong name.  Default name MiniNT etc.


$body = Get-ADComputer -Filter “Name -like ‘minint*'” -SearchBase ‘OU=Desktop,OU=Computers,OU=company,DC=company,DC=local’
If ($body -ne $Null) {
$emailFrom = “”
$emailTo = “”
$subject = “Wrong name PC in Active Directory”
$body = $body
$smtpServer = “”
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$smtp.Send($emailFrom, $emailTo, $subject, $body)

Get all recent user permissions / network files entries / user’s permissions

$filteracl = {$_.IdentityReference -match “domain user” -and ($_.FileSystemRights -band 131241 -or $_.FileSystemRights -band 278)}
$objects = Get-ChildItem \\domain.local\dfs\department -Recurse -Force | Export-Csv c:\user.txt
foreach ($i in $objects)
$i.GetAccessControl().Access | Where $filteracl | Select `



This trojan infects pc from phishing mail attachment sent from some bank institute etc.
Fully updated Microsoft Windows 7 SP1 with real time scanning msft essential security antivirus is disarmed by this trojan!
Safety scanner detects this tojan but not purges it!
Reinstalled msft security essential tries to clean it, but unsuccessful!
Try better antvirus or completely reinstall/recover system.
Don’t open phishing mail!!!

Vulnerability of Sophos Endpoint Security and Control

VIRUSDalši hrozby zasazují rány systému Sophos Endpoint Security and Control.
Patrně ohlášená “automatická” (tomu snad nikdo nevěří) aktualizace Sophosu na v. 10.3. v avizovaném termínu 2.-9.10. má patrně spasit tento “děravý” systém?
Během poslední doby jsem zaregistroval, že plně aktualizovaný systém byl kompletně “odzbroje” hrozbou ve formě phisingu na Českou poštu a to konkrétně malwarem: Win32/Hesperbot.A.
Dále díru na lochnu (J) rozšířil “přiblblý” trojan, který v profilu nakaženého “vytapetuje na bílo”!
Kdo spoléhá na sophos, nechť radši skenuje ještě něčím jiným.

Another threat beating the Sophos Endpoint Security and Control. Probably announced “automatic” (no one believes) update of Sophos to v. 10.3 in term 2nd-9th Oct. should heal the “leaky” system? During the last time I noticed that a fully updated system was completely “disarmed” by threat in the form of phishing e-mail to Cze Mail corp. – malware: Win32/Hesperbot.A. Furthermore biger “hole” (J) expanded the “dumb” trojan that infects user profile with white screen (user can’t work)! WWho rely on the Sophos, rather scan with something else.

PXE-T01: File not found PXE:E3B: TFTP Error- File not found PXE-MOF : Exiting Intel Boot Agent

PXE-T01: File not found
PXE:E3B: TFTP Error- File not found
PXE-MOF : Exiting Intel Boot Agent

1. Remove the SMS PXE role. Look at the PXESetup.log file to verify that the uninstall is complete and successful.

2. Uninstall the WDS server.

3. Reboot the machine.

4. Reboot again.

5. Rename the folder “RemoteInstall”.

6. Rename c:\windows\temp to c:\windows\temp.old

7. Re-install the WDS server, but “do not configure it”. Do nothing at all other than installing WDS.

8. Add the SMS PXE role. Look at the PXESetup.log file to verify that the installation is complete and successful.

9. Add the boot images to the SMS PXE DP share. Look at the distmgr.log file to verify that the replication of the boot image to the DP is complete and successful.

10. Try booting a PXE client.

-=BTW: Maybe only the step 6 can solve the problem=-