I’m getting closer to installing Windows 10 fresh on a new drive, and I want to achieve what you see in the screenshot again. Only, I forgot how I did it. Can you help?

I get this when I press WinKey+R. I had to do something to make it be this way, but I don’t remember what it was. I want this for my new installation of Windows, whenever I start doing that.

Edit: I don’t want some alternative way to do what this does. I want this. I want my Run dialog box to look like this every time I access it.


I figured it out. I had a feeling that I would figure it out after asking. Isn’t that how it goes sometimes?

In the Registry, you go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System and change EnableLUA to 0. The default is 1. Reboot, and it’s done.

I wasn’t figuring it out before because I kept asking Google various kinds of questions that I thought would lead me to the answer. I never just simply Googled “This task will be created with administrative privileges”. Once I did that, I found the answer.



Configure OneDrive for SharePoint Server Subscription Edition or 2019

To set up OneDrive with SharePoint Server Subscription Edition or 2019, you can either use Group Policy or set the registry keys directly.


For settings that require an organization ID, if you sync a single domain, you can use OP1. Do not use this if you sync multiple domains.

The Known Folder Move settings don’t work for SharePoint Server.

Using Group Policy

Configure the following two Group Policy objects to configure OneDrive to be used with SharePoint Server Subscription Edition or 2019:

Specify SharePoint Server URL and organization name

The URL (SharePointOnPremFrontDoorUrl) is used by the sync app to authenticate the user and to set up syncing of the user’s SharePoint Server hosted personal OneDrive site. The organization name (SharePointOnPremTenantName) lets you specify the name of the root folder that will be created in File Explorer. If you don’t supply an organization name, the sync app will use the first segment of the URL as the name. For example, would create the folder “office”.

Specify the OneDrive location in a hybrid environment

This setting (SharePointOnPremPrioritization) lets you specify if the sync app should first set up a sync relationship with SharePoint in Microsoft 365 (the default) or the SharePoint on-premises server if the user identity exists in both identity providers. The sync application’s Settings dialog can be used to “Add Account” the same identity for the other SharePoint realm after the first has been configured (if the user identity exists in both).

You should be able to find these Group Policy objects using the Group Policy Editor (gpedit.msc) when navigating to Computer Configuration\Administrative Templates\OneDrive. If the OneDrive folder is not present, you can add the OneDrive Group Policy template by copying the following two files from the OneDrive installation folder after you have installed the latest OneDrive sync app on that computer:

  • C:\Users\username\AppData\Local\Microsoft\OneDrive\onedrivesyncclientversion\adm\OneDrive.admx to C:\Windows\PolicyDefinitions\OneDrive.admx
  • C:\Users\username\AppData\Local\Microsoft\OneDrive\onedrivesyncclientversion\adm\OneDrive.adml to C:\Windows\PolicyDefinitions\en-US\OneDrive.adml

To automate this copying using PowerShell, use: PowerShell

Get-ChildItem -Recurse -Path "$env:LOCALAPPDATA\Microsoft\OneDrive" -Filter "OneDrive.admx" | ? FullName -like "*\adm\OneDrive.admx" | Copy-Item -Destination "$env:WINDIR\PolicyDefinitions" -Force
Get-ChildItem -Recurse -Path "$env:LOCALAPPDATA\Microsoft\OneDrive" -Filter "OneDrive.adml" | ? FullName -like "*\adm\OneDrive.adml" | Copy-Item -Destination "$env:WINDIR\PolicyDefinitions\en-US" -Force

More information: Learn how to manage OneDrive using Group Policy

By setting the registry keys

Alternatively, you can also directly configure the following underlying registry keys:

HKLM:\Software\Policies\Microsoft\OneDrive\SharePointOnPremPrioritizationDWORD (32-bit)1optional

Mac configuration

To configure sync with SharePoint Server in a Mac environment, you can use the SharePointOnPremFrontDoorUrl, SharePointOnPremPrioritizationPolicy, and SharePointOnPremTenantName settings. For more information, see Deploy and configure the new OneDrive sync app for Mac.


利用Windows Server DNS服务封禁域名

You can use this topic to learn how to configure DNS policy in Windows Server® 2016 to create query filters that are based on criteria that you supply.

Query filters in DNS policy allow you to configure the DNS server to respond in a custom manner based on the DNS query and DNS client that sends the DNS query.

For example, you can configure DNS policy with query filter Block List that blocks DNS queries from known malicious domains, which prevents DNS from responding to queries from these domains. Because no response is sent from the DNS server, the malicious domain member’s DNS query times out.

Another example is to create a query filter Allow List that allows only a specific set of clients to resolve certain names.

Query filter criteria

You can create query filters with any logical combination (AND/OR/NOT) of the following criteria.

Client SubnetName of a predefined client subnet. Used to verify the subnet from which the query was sent.
Transport ProtocolTransport protocol used in the query. Possible values are UDP and TCP.
Internet ProtocolNetwork protocol used in the query. Possible values are IPv4 and IPv6.
Server Interface IP addressIP address of the network interface of the DNS server that received the DNS request.
FQDNFully Qualified Domain Name of record in the query, with the possibility of using a wild card.
Query TypeType of record being queried (A, SRV, TXT, etc.).
Time of DayTime of day the query is received.

The following examples show you how to create filters for DNS policy that either block or allow DNS name resolution queries.


The example commands in this topic use the Windows PowerShell command Add-DnsServerQueryResolutionPolicy. For more information, see Add-DnsServerQueryResolutionPolicy.

Block queries from a domain

In some circumstances you might want to block DNS name resolution for domains that you have identified as malicious, or for domains that do not comply with the usage guidelines of your organization. You can accomplish blocking queries for domains by using DNS policy.

The policy that you configure in this example is not created on any particular zone – instead you create a Server Level Policy that is applied to all zones configured on the DNS server. Server Level Policies are the first to be evaluated and thus first to be matched when a query is received by the DNS server.

The following example command configures a Server Level Policy to block any queries with the domain suffix

Add-DnsServerQueryResolutionPolicy -Name "BlockListPolicy" -Action IGNORE -FQDN "EQ,*" -PassThru


When you configure the Action parameter with the value IGNORE, the DNS server is configured to drop queries with no response at all. This causes the DNS client in the malicious domain to time out.




I have a file that Security Essentials quarantined “on sight” that I want to restore to perform some further analysis on.

However, the file was stored on my NAS server. This means I had accessed the server by entering \\ into my Run box, entering the credentials and browsing to the folder. Security Essentials removed the item and stored it in quarantine. I am unable to restore the item from quarantine, with the error code 0x80508014.

My research shows that this error indicates that SE can’t access the path the original file was in, and suggests recreating the path. The problem is that I haven’t removed any folders so the path already exists. Further digging seems to indicate that the issue is that SE cannot access the network share because the share is connected to my user account session and not to SYSTEM or Administrator. SE lists the path of the original file in the details as file:\\\storage\research\file.exe, so it appears SE is trying to directly restore the file to this location and is unable to do so because the SE process does not have access to the share connection.

I tried opening an Administrator command prompt and manually connecting the network share to Admin’s session using net use but this did not help.

Is there a way to direct SE to restore a quarantined file to a different location than it was originally found in? I do not see a way for me to be able to give the SE process access to the network share so it can restore the file.


I hit a similar problem when Windows 10 Defender quarantined some files from my NAS box.

In a Command Prompt (opened as administrator) I was able to use the command line tool to list the quarantined files:

c:\Program Files\Windows Defender>MpCmdRun.exe -restore -listall

The following items are quarantined:


Then I used the -restore option along with -Path to restore to a local path:

c:\Program Files\Windows Defender>MpCmdRun.exe -restore -All -Path C:\Path\To\Restore

After that I was able to copy the files back to my network drive (which is now on the exclusion list!).



In this article we will show you how to enable the ‘Web Server’ certificate template option on a Windows Certification Authority (Windows CA) Server.  The Web Server option is usually not present in a fresh Windows CA server installation which can introduce difficulties for users or administrators who need the option to get their web server certificates signed:

windows ca web server certificate template missing

Recommended Article: How to install and configure a Windows CA Server

Enabling the Web Server certificate template is a simple and non-disruptive process. From the Administrative Tools, open the Certification Authority tool. Next, right-click on the Certificate Templates folder and select Manage:

windows ca certificate templates

This will open the Certificate Templates Console as shown below.  Double-click on the Web Server template:

windows ca certificate templates console

The Web Server Properties window will now appear. Click on the Security tab and select the Authenticated Users from the Group or user names section.  In the Permissions for Authenticated Users section tick the Allow action for the Enroll permission. When ready, click on OK:

windows ca web server properties

Congratulations – you’ve now successfully enabled the Web Server certificate template option. Your Windows CA server should now present the previously mission option as shown below:

windows ca web server certificate template enabled


This article explained how to enable the Web Server certificate template option on your Windows Certification Authority (Windows CA) Server. We included step-by-step screenshots to ensure its a detailed and yet simple process to follow.