Tuesday, July 16, 2019

How to Master Key a Schlage Knob

Insert the key into the business end of the knob and turn it one way or the other, doesn’t matter which way.


Use something hard like a flat head screw driver (or assuming you have a kit, use the included tool) to push this pin in.


Once pressed, remove the knob.


This next part can be kind of tricky. The cylinder in there has a clip that retains all of the springs for the pins. (Skip ahead to see what it looks like.) In order to slide it out of the knob, these springs must be compressed so you have to simultaneously compress them while you slide the entire assembly out.


Now it’s time to remove the Jesus clip.


Slide in your key that unlocks it.


Line your cylinder up with your follower bar and slide your cylinder over and onto it. Be careful not to lose any of those springs or top pins in there because if you do this wrong, they will go flying everywhere.


Dump those old pins like you’re leaving for college.


Now we need to setup your keying. Below I’ve written down the two keys I’m keying this lock to. There’s a master key and an tenant key. In this case, our lock doesn’t know the difference between the two. They are just two different keys that need to work with one lock. Noticed I’ve lined up the numbers for each.


The first pin to be dropped into each hole will bethe smaller of the two numbers in each stack. I underlined those in red.


The second pin to be dropped in will be the master pin. This will be the pin that makes up the difference of the two numbers in each stack. I wroteeach of these numbers on the very bottom.


My cylinder with the bottom pins installed.


Here I test one of the keys to make sure the correct pins are lining up flush with the top. In this case, 1, 2, 4 & 5 are flush.


Here I add a master pin #2 to hole 3 to make that flush as well.


Now I’m testing with the tenant key. Hole 3 is flush (and has a master pin #2 on top) but holes 1, 2, 4 & 5 will need their master pins to make them flush as well.


Here I’m adding pins #4, #3, #0 (nada) and #2 toholes 1, 2, 4 & 5.


After testing both of those keys, I’m ready to putmy springs back on. Be careful with this part because if you didn’t properly test that your keys work, you will lock yourself out of opening this again so unless you know how to pick, you’ll be screwed. You might also notice I’m sliding it on from the side. If you don’t do this, your springs will start falling into the holes prematurely and you will have another mess on your hands.


Turn the cylinder back into place and make sure all of the springs and top pins properly fall into their holes.


Put your Jesus clip back on. Test with both sets of keys.


Find the spot in the knob where you can slide the assembly back in.


Compress the springs and slide it in.


Line it up with the retaining pin and slide it back on.


Get it on there as far as you can. Finally, insert the key and turn it to lock it into place.


Friday, April 12, 2019

How to enable WinRM via Group Policy

In order to remotely manage computers via Powershell, you must enable Windows Remote Management.

Open Group Policy management.

Create a new GPO.



Right-click your newly created GPO and click Edit...


First we need to allow it on each computer's firewall. Open Computer Configuration --> Policies --> Windows Settings --> Security Settings --> Windows Firewall with Advanced Security --> Windows Firewall with Advanced Security --> Inbound Rules


Create a New Rule


Microsoft was nice enough to include it as a predefined Rule


I unchecked Public as I will be doing connecting locally.


Click Allow the connection


The new rule should now be listed. 


That's it for the firewall. Now you need to go to Computer Configuration --> Policies --> Administrative Templates --> Windows Components --> Windows Remote Management (WinRM) --> WinRM Service --> Allow remote server management through WinRM



Type "*" to allow messages from any IP address, or leave the field empty to listen on no IP address. You can specify one or more ranges of IP addresses.


Link your newly created GPO. This is going to be a computer policy so connect it to an OU of the computers you would like to enable this for.  


It's also necessary to make sure the WinRM service starts on startup. To do this via GPO, go to Computer Configuration --> Preferences --> Control Panel Settings --> Services


Right-click and click New --> Service

Choose Automatic (Delayed Start) as the startup type, pick WinRM as the Service name, set Start service as the Service action.


Once all of your domain computers have updated their policies and had a chance to start that system service, you should be able to remotely manage them using Powershell.

Tuesday, June 26, 2018

The remote desktop session was disconnected because there are no Remote Desktop License Servers available to provide a license. Server 2012 R2

You must be able to access the server in another way in order to do this. Mine was a VM so I was able to get into a console session through VMware vSphere. 

Open your Registry Editor and navigate to 
HKLM\System\CurrentControlSet\Control\Terminal Server\RCM 
and select  GracePeriod.

Right-click this key and back it up by choosing export and putting it in a safe place.

Now you won't be able to delete it without taking ownership first. Right-click the key and choose Permissions... 

Then go to Advanced

Change the owner to your user name.

For good measure, choose Replace owner on subcontainers and objects under your name and Replace all child object permission entries with inheritable permission entries from this object

Now you can delete the key. After a restart you should be able to access your server via remote desktop again.

Friday, March 23, 2018

Shadowing RDS 2012 R2 Sessions

With Windows Server 2012 R2, Remote Desktop Services allows you to shadow users remoted into the server.

When shadowing, you can either view or view and control a user's session. You can choose the option for "No Consent" allowing you to bypass user permission when connecting to their session.

This can be done through the command line or through the Server Manager.

Command Line

Mstsc.exe [/shadow:sessionID [/v:Servername] [/u:[Username]] [/control] [/noConsentPrompt]]

/shadow:ID Starts shadow with the specified sessionID.

/v:servername If not specified, will use the current server as the default.

/u:username If not specified, the currently logged on user is used.

/control If not specified, will only view the session.

/noConsentPrompt Attempts to shadow without prompting the shadowee to grant permission.

Below are the steps to do it through server manager.

Open the Server Manager and click on the icon for Remote Desktop Services. Here you should see your deployed remote environments. In my example, we have a remote app deployed to domain users.

One you have selected your remote environment, on the right hand side you will see CONNECTIONS listing all of the users connected to it. Right-click on one of the active users and slick Shadow.

Next it will prompt you to ask how you would like to shadow the users. Choose View or Control and whether or not to Prompt for user consent.

This is the message the user will see. It will say Remote Monitoring Request: domain\user is requesting to view/control your session remotely. Do you accept the request? prompting them to select Yes or No. If the user selects Yes, you will be able to view or view and control their session.

In the previous step, had I chosen not to Prompt for user consent, I likely would have received this error message stating The Group Policy setting is configured to require the user's consent. Verify the configuration of the policy setting. This is by default. 

If you would like to be able to view or view and control a remote session without their consent, you must change the following Group Policy Setting and apply it to the preferred User Group.

Create a new group policy or change an existing policy and go to User Configuration --> Policies --> Administrative Templates -->  Windows Components --> Remote Desktop Services --> Remote Desktop Session Host --> Connections

The only available setting to change here is Set rules for remote control of Remote Desktop Services user sessions

Right-click the setting and choose Edit. A new window will open allow you to select Enabled and the option for how you would like to allow administrators to interact without user consent.

Assuming you changed the setting correctly and applied it to the correct user group, wait for a group policy refresh or force a gpupdate on the Remote Desktop server and you should now be able to do this.

Featured Post

How to Master Key a Schlage Knob

Insert the key into the business end of the knob and turn it one way or the other, doesn’t matter which way. Use something hard like a flat ...

Popular Tutorials