Email clients running on Windows 7 may fail if TLS 1.2 isn’t enabled.  To get this going, add/change the following under:

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

Add new key under Protocols: TLS 1.2
Add new key under TLS 1.2: Client

Add new Dword in Client: DisabledByDefault = 0
Add new Dword in Client: Enabled = 1

Reboot the computer for this to take effect.

The typical ports for POP/IMAP email now are:

POP port: 995 SSL
IMAP port: 993 SSL
SMTP port: 587 TLS

On a new Windows 11 build, the OneDrive program/app wouldn’t start.

HKLM\Software\Policies\Microsoft\Windows\OneDrive

Change the key DisableFileSyncNGSC to 0

This error was happening when the preview pane in Windows Explorer was on and a .MSG file was selected. There is no 64-bit handler for .MSG messages in Windows, only 32-bit. So a 64-bit set of handler files needs to be added.

We found this fix at https://www.brandsict.nl/msgpreviewer_en.php:

You need .NET 4.5 or higher. This is native to newer versions of Windows or can be activated via Add/Remove features.

1. Download and run this file: MSgPreviewer64_installer. This will create the folder C:\MSGPreviewer64 and place the files there.
2. Open an elevated command window and navigate to
   C:\Windows\Microsoft.NET\Framework64\v4.0.30319
3. Execute these commands:
   regasm /tlb C:\MSGPreviewer64\SharpShell.dll
   regasm /codebase C:\MSGPreviewer64\msgpreview.dll

Windows 10/11 option “Users must enter a user name and password to use this computer” is missing in the ‘User Accounts’ options (this is used to bypass the login screen and to sign-in directly to Windows.)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Passwordless\Device

Change the value for DevicePasswordLessBuildVersion from 2 to 0

Now netplwiz will display the option.

While Windows Server does this automatically, usually twice a day, Windows 10 does not. Here’s how to mimic Windows Server’s operation:

1. In Settings, open “create a restore point”
2. Make sure the desired drive has Protection turned On
3. Open Task Scheduler
4. General tab
   Create Task…
   Name the task as desired
   Select “Run whether user is logged on or not” and “Run with highest privileges”
5. Triggers tab
   New…
   Set timing as desired (often Daily but do as desired) and Enabled should be checked
6.  Actions tab
   New…
   Start a program
   Program/script = wmic
   Add arguments = shadowcopy call create Volume=C:\  (or desired drive)
7. When saving the task, enter the computer’s login password

For multiple times or drives, add additional tasks as necessary.

HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet

Change or add the following keys as indicated:

ActiveDnsProbeContent = 8.8.4.4
ActiveDnsProbeContentV6 = 2001:4860:4860::8844
ActiveDnsProbeHost = dns.google
ActiveDnsProbeHostV6 = dns.google
ActiveWebProbeHostV6 = www.msftconnecttest.com
EnableActiveProbing = 1

Then either restart the computer or disable/enable the network adapter.

We experienced this on a machine that had just installed some updates. The cause was the dependent Base Filtering Engine service hanging when trying to start.

1. Fix the BFE Service Registry Keys:
   Windows 7  |  Windows 8  |  Windows 10  | Windows 11
   
2. HKLM\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy
   Change the permissions on the Policy key
   Add NT SERVICE\BFE
   Advanced permissions – Allow:
   - Query Value
   - Set Value
   - Create Subkey
   - Enumerate Subkeys
   - Notify
3. Select Replace all child object permissions with inheritable permissions from this object
4. Restarting Windows may be required

If still not good, try resetting the BFE service permissions / security descriptors in an elevated command prompt.

When a client attempts to connect to a VPN host, it fails with “A connection to the remote computer could not be established. You might need to change the network settings for this connection.”

In Device Manager:

1. Uninstall all adapters starting with “WAN Miniport” by right-clicking each > Uninstall
2. At the top of the Device Manager tree, right-click the computer name > Scan for Hardware Changes. The adapters removed in step 1 will reinstall automatically without restarting

When recovering data from a failing drive that is slow to read, you will get the occasional “You don’t currently have permission to access this folder. Click Continue to permanently get access to this folder” block that may never (or take forever to) finish.

You can avoid this by using an elevated instance of Explorer. However, the only option in Task Manager is to restart the Windows Explorer process so it’s impossible from a command prompt.

The solution is to perform the following commands from within an elevated session of PowerShell:

taskkill /f /FI "USERNAME eq $env:UserName"/im explorer.exe
c:\windows\explorer.exe /nouaccheck

A client RDP machine running Windows 11 may get stuck on “Estimating connection Quality” when connecting to some servers that are not up to date. To fix, add:

HKLM\Software\Policies\Microsoft\Windows NT\Terminal Service\Client

Add DWORD (32bit)

fClientDisableUDP  = 1

No need to restart the computer but kill stuck background Remote Desktop processes before trying it again. The previously-stuck sessions continue to run even if you close the RDP when it’s stuck on “Estimating connection Quality.”