Home / user-114899

Dave Cousineau's questions

Martin Hope
Dave Cousineau
Asked: 2022-04-09 12:50:21 +0800 CST
  • 0

I had a workstation afflicted with the issue described here:

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/dpapi-masterkey-backup-failures

Basically, in older versions of Windows on first login if an RWDC (Read/Write Domain Controller) is not able to be contacted then a local backup of the master key is made. Whereas in newer versions of Windows, apparently it will just fail to backup the master key (or something) and encryption will then not work.

We fixed it by performing the registry edit listed in the article, which is found in various places on the web as a fix to many of the symptoms of this problem.

What I wonder:

  • Why did this workstation have this problem? Its DC is both writable and available, but it would not correct the issue even after reboot/relogging-in.

  • What is the consequence of the registry edit? MS provides this ominous sounding warning:

Warning

Don't use this registry key if domain users log on to more than one computer! Because the keys are backed up locally, any non-local password change may trigger a situation in which all DPAPI master keys are wrapped using the old password, and then domain recovery is not possible. This registry key should be set only in an environment in which data loss is acceptable.

But it sounds like this used to be the default behaviour anyway?

  • What could I have done/do to correct this problem without the registry edit? The article says to put the PC in a location where there is an available RWDC, but it already should have been. I'm not sure if the DC was available on the very first Windows login as someone else installed Windows. But it would seem unlikely that an RWDC being unavailable one time would result in this issue being permanent. Maybe I should have rejoined the domain?

  • I guess another question would be: can I revert the registry edit or is the local master key backup permanent?

windows domain-controller
Martin Hope
Dave Cousineau
Asked: 2022-03-03 14:44:55 +0800 CST
  • 1

Reading documentation about SPF records, I can't quite seem to disambiguate the meaning of "sender". It could mean "the IP where the mail client sent the message" or it could mean "the IP of the mail server that the mail client is contacting".

So, it could be my home/business IP address (where my mail client is), or it could be just the address of valid mail servers.

email email-server spf
Martin Hope
Dave Cousineau
Asked: 2014-08-12 19:03:20 +0800 CST
  • 1

I understand SMTP, and to a lesser degree POP3, but I feel like I'm missing a large chunk inbetween.

I see this image on a Microsoft page:

image
(source: microsoft.com)

and I feel like what I'm missing is the "Internet" part. Basically: does the SMTP server directly contact the end POP3 server and transmit the message directly to the target server as you send it? As far as I know, the message will actually "bounce around" a lot and travel through many different servers before reaching its final destination. Or am I wrong, and it's really just a single transmission from one server to another? How does delivery work? Is it a part of SMTP or POP3, or is it a different protocol altogether?

Does sending mail to [email protected] just translate to "find the server at example.com, and send a message through its POP3 port"?

email
Martin Hope
Dave Cousineau
Asked: 2014-05-15 13:38:38 +0800 CST
  • 0

Often when I install a fresh copy of Windows (in the most recent case, Windows 7 Pro 64; also this computer is a member of a domain), I make the mistake of planning to simply delete the "initial" user that windows asks you to create. The most recent time, I've actually named the user "KILLME". Unfortunately, Windows basically seems to "register" the computer to this user, and uses the information from this user all over the place, and the name still shows up regularly even though I did delete the user.

Is there any way to change this information? I have searched through the registry, and I see "KILLME" in many different places, but I don't think it would be a good idea to just go around changing that phrase everywhere I see it.

Update: there are a lot of keys like the following: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\002F6F3CB7D697849BEE07C0C01ECFAD\InstallProperties\RegOwner

A lot of keys have references to the path C:\Users\KILLME\... even though that path no longer exists.

This one in particular looks important and may be the one I would change to correct this: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner

windows