Windows: How to change the network from Public to Private?

On my Windows 10, I found the network is set to Public network. That means you can’t share anything to/from other computers. When you connect to a new network, Windows gives you an option to share files with another computer on the network. If you check that box, the network is flagged as Private. If you missed it, the network is flagged as Public. It looks like this:


I tried to change that network back to the Private network. For some reason, Windows 10 didn’t give me any to option to change the network type anywhere in GUI settings.

But I found how to do it in PowerShell. If you want to change the network type, open the PowerShell with Administrative Privileges (Right click on PowerShell, Run as Administrator) and run these commands:

Run this command and note down “InterfaceAlias” of the network you want to change.


Store the Network connection profile of the network to a variable (enter the interface alias you noted down from the previous command) :

$netprofile = Get-NetConnectionProfile -InterfaceAlias <Interface Alias name>

Change the Network Category to “Private” or “Public” in the object stored in $netprofile:

$netprofile.NetworkCategory = "Private"

Set the network profile with the modified object:

Set-NetConnectionProfile -InputObject $netprofile

You can close the PowerShell now. Check your network, it should be changed now.


Group Policy is failed to update on Windows 10 computer

On my Windows 10 computer, I found Group Policy is not being applied anymore. If I ran group policy update on a administrative command shell, I get this:

PS C:\WINDOWS\system32> gpupdate /force
Updating policy…
Computer Policy update has completed successfully.
User Policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

So after some research I found the issue and fixed it. The solution is

Make the freaking NETLOGON service to start automatically and start the service.

Did this solution helped you? leave me a reply here.

IIS: Publish Windows Share to WebDAV site

Publishing local folders as WebDAV site is very easy with IIS. There is plenty of help available that.

BUT there is not much help on publishing a Windows share via WebDAV. So I decided to publish one after we successfully published it at my work. It works beautifully.

One Liner: The trick is to replace ApplicationPoolIdentity (by default it is IIS_IUSRS local group on the server) and use different Application Pool.

More info about IIS_IUSRS local group is here:

Step by Step instructions: (for Windows Server 2012 R2)

1. Create or find an service account in your Active Directory domain. (e.g., Contoso\svc-webdav )
2. Give the service account at least read permissions for the whole Windows Share. My case I gave modify permissions for my NetApp CIFS share.
3. Logon to the Web server and open IIS Administration Console.
4. Go to Application Pools section and create a new application pool by clicking Add Application Pool… on the Actions pane.
5. Open Basic Settings of the newly created Application Pool. Change the Managed pipeline mode to Classic.


6. Open Advanced Settings of the same new Application Pool. Find Identity under Process Model. Change ApplicationPoolIdentity with the chosen service account (e.g., CONTOSO\svc-webdav)


7. Create a new Virtual Site and Open Basic settings of the virtual site. Type the Windows Share path in Physical path text box. click Test Settings… button. Click OK to close the dialog box.


8. If you are hosting HTTPS site, select Basic authentication. If you are not using HTTPS, select Windows Authentication for the HTTP site.


9. Enable WebDAV at Root of the site (e.g., Default Site) at WebDAV Authoring Rules. (click on Enable WebDAV on the action pane)


10. Enable Directory Browsing on the Virtual Site settings.


That’s all. Try accessing your WebDAV folder from the client. You may have to enter your user name/password to enter to the site. Enjoy and leave me a reply if it helped you.

RDS 2012R2/Profile Disk: Adobe Reader X says “There was an error opening this document. Access Denied”

PDF attachments from application is not opening correctly. Adobe Reader spits this error message.


We use RDS 2012 R2 and Profile Disks for the users. Somehow PDF files on the profile disk is having same issue with Adobe Reader.

Solution: It turn out to be new Adobe Reader software has Protected Mode feature. This feature has issues with Profile Disks and Roaming profiles. Just disable Protected Mode under Security (Enhanced) section in Preferences.


Hope this helped you. Leave me a reply. Smile

WebDAV: Increasing Maximum File Size Limit in Windows Server

Windows (IIS) server based WebDAV server has “laughable” file size limit for download or uploads to/from the server. It turn out to be the restriction is on the client side (Windows). Microsoft says the reason for this restriction is,


This issue occurs because a security change that was introduced in
Windows XP SP2 affects the Web Distributed Authoring and Versioning
(WebDAV) redirector. This security change makes sure that an
unauthorized server cannot force a client computer into a denial of
service attack. If you try to download a file that is larger than
50000000 bytes, the client computer interprets this download as a denial
of service attack. Therefore, the download process stops.

Also it’s fixable. Too bad we have to fix this for every client machine that needs to use WebDAV with huge files. It is documented at

The fix is also described in above KB article. You can also see fix below as per in the KB article.  

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
  3. In the right pane, right-click the FileSizeLimitInBytes value, and then click Modify.
    If you cannot see the FileSizeLimitInBytes value, right-click the blank space in the right pane, click New, click DWORD Value, type FileSizeLimitInBytes, and then click OK.
  4. In the Edit DWORD Value box, click to select the Decimal option. In the box under Value data, type a value that is larger than the size of the file that you want to download. Click OK.
    Note The default value for the file size limit is 50000000 bytes.
  5. Quit Registry Editor. Restart the computer.

Unfortunately I didn’t find any server side solution, since Windows clients are set to restriction.

Citrix/RDS: Publish Internet Explorer without Address Bar

Publishing IE for a web application without address bar is easier than you think. Simply publish the following VBScript or PowerShell script to launch IE without address bar and go to specific intranet website.

Copy either one of the script into Notepad and save as LaunchIE.vbs for vbscript OR LaunchIE.PS1 for PowerShell. Change the website address in the script. Run the script to make sure it works as you expected. Publish the script in Citrix or RDS.

Here is the VBScript Code. You can download this script from here:

‘ Script: LaunchIE.vbs
‘ Purpose: Launch IE without Address bar with the given website
‘ Written by: Anand Venkatachalapathy

‘ Note: Replace your own webstie below in 12th line

Dim objIE
Set objIE = WScript.CreateObject (“InternetExplorer.Application”)
objIE.Toolbar = false    ‘Turning off the tool/address bar
objIE.Navigate “”
objIE.Visible = true

‘ End of Script

Here is the PowerShell Code. Download the script from here:

#    __                           __       __________
#   / /   ____ ___  ______  _____/ /_     /  _/ ____/
#  / /   / __ `/ / / / __ \/ ___/ __ \    / // __/
# / /___/ /_/ / /_/ / / / / /__/ / / /  _/ // /___
#/_____/\__,_/\__,_/_/ /_/\___/_/ /_/  /___/_____/
# Launch IE without Tool bar and Address bar
# Written by: Anand the Awesome Venkatachalapathy
# Replace your website on next line
$site = “”

#Get IE Application object
$ie = New-Object -ComObject “InternetExplorer.Application”

#Hide Address Bar and Tool Bar
$ie.AddressBar = $false
$ie.ToolBar = $false

#Launch the IE with the specified website address

#-*-*-*-*-*-*-*-*-*-*- The End *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

RDS: Trusting the certificate used for publishing by GPO

When you run a published RDS RemoteApp and you are getting this following warning dialog box, that means the certificate used to publish the RemoteApp is not in trusted by the local computer.

“A website wants to run a RemoteApp program. Make sure that you trust the publisher before you connect to run the program.”


There is a easy fix, but not very well documented anywhere. Technet document says simply add the RDS Certificate thumbprint into credentials delegation section in GPO. It’s all well and good, but they forgot to mention thumbprint have to in UPPERCASE and no spaces. I have mentioned step by step instructions below to add the certificate thumbprint in to GPO. GPO needs to apply to all domain computers that used to access RDS RemoteApp.

1. Open your RDS Certificate like below and go to Details and find Thumbprint. (below is yahoo’s SSL certificate used as example)


2. Select and Copy the Thumbprint into clipboard. (e.g., ‎e9 c0 09 f9 4e f5 e9 92 e2 fa 56 5d 13 f5 a2 56 76 da 6e 7b)

3. Convert all characters to Uppercase and remove the spaces. You could use the following PowerShell commands to do just that. Replace your cert thumbprint with mine below.

$thumbprint = “‎e9 c0 09 f9 4e f5 e9 92 e2 fa 56 5d 13 f5 a2 56 76 da 6e 7b”

($thumbprint).ToUpper().Replace(” “,””)

Copy the Result to clipboard. Note: leave the first character.

My thumbprint converted to E9C009F94EF5E992E2FA565D13F5A25676DA6E7B.

4. Open GPMC (Group Policy Management Console). Create a new Policy or edit an existing policy that applies to all computers. E.g., Default Domain Policy.

5. Right click on GPO and select Edit the Policy.

6. Go to User Configuration ==>Policies ==>Administrative Templates ==> Windows Components ==> Remote Desktop Services ==>Remote Desktop Connection Client


7. Double click the setting: Specify SHA1 thumbprints of certificates representing trusted .rdp publishers. Enable this policy. Under Options, paste the converted thumbprint into the text box. Click OK.

8. Double click on the setting: Allow .rdp files from valid publishers and user’s default .rdp settings.

You can close the Group Policy Management Editor and apply the setting to the users. But you can do more. You can specify the servers to which the user’s default credentials can be delegated (default credentials are those that you use when first logging on to Windows). Edit the same GPO as below.

1. Go to Computer Configuration ==> Policies ==> Administrative Templates ==> System ==> Credentials Delegation


2. Double click on Allow delegating default credentials. Click Show button in Options next to “Add servers to the list”.


3. Add your Connection Broker, RDS Gateway and common name FQDN as following format.


4. Do the same for Apply delegating saved credentials.

That’s all. Enjoy.

RDS 2012: Profile Disks and Temp Profiles

The huge pain with using Profile Disks in Windows Server 2012 RDS is to dealing with TEMP profiles. When the user’s profile corrupts and started creating TEMP user profiles, Admins has to deal with fixing the issue and it’s NOT easy. But if you want to know how to fix it, here it is.

1. Delete User’s profile disk (.VHDX). To find the user’s correct profile disk, you have to check the NTFS security tab in properties of the xxxxx.vhdx file.


2. Check all Remote Desktop Session Host servers C:\Users folder to check which server has the corrupt user profile. (hint: check \\sessionhost\c$\users from your computer)

3. Once you find the server, Remote desktop to that server. You will see the following event log message on that server in System Logs.

Remote Desktop Services could not apply a user desktop for a user account with a SID of <GUID>. A temporary profile was enforced for the user. Verify that the user profile disk settings are correct. The error code is 0x800700AA.0

4. Open REGEDIT and expand to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

5. Click each sub key section and watch ProfileImagePath value. This value will say username in the path.

6. Once you find the correct key, Delete it.

7. Have user logon again to the RemoteApp or VDI. RDS will create new profile disk.

Hope that fixed your issue. If so, please leave me a thanks note.

Windows Installer: The feature you are trying to use…

If you are stuck on Windows Installer error dialog box saying:

The feature you are trying to use is on a network resource that is unavailable.


No worries. This is related to Cached Installers issue. Microsoft support got your back. They have an handy dandy Microsoft Fix It program to fix the Windows Installer issues. You can use either to Install or Uninstall a software from your computer using this Fix It program.

Download the Fix It program and run it on the troubled computer. Get it from

Windows 2008 R2–RDS: “RemoteApp program is not in the list of authorized programs”

On Microsoft Windows Server 2008 R2 RDS platform, you published a in-built programs like Notepad or Wordpad. You tried to access/run the published program using Remote Desktop Web Access, you end up seeing this message:


When this happened to me, I found no real answers on the Internet.  But the resolution I figured out myself was so simple and made me think how we sometimes miss the obvious stuff.


If you are publishing an Windows in-built programs, you shouldn’t be publishing manually (meaning – typing the path name of the program). If you publish anything under C:\Windows, you would get the above message.

Instead use the listed programs in application publishing wizard. If you still don’t know what I am talking about, follow the steps below.

1. Open RemoteApp Manager and connect to desired RDS Session Host server.

2. On Action Pane click on image

3. Click Next on RemoteApp Wizard Welcome page.

4. Select one of these listed programs if you want to publish in-built program. Do not click Browse button.



5. Click Next and Finish button to complete the wizard.

Now you can access this published application without any errors. Hope this explanation helped you.