When a Scheduled task is created by another user (or SYSTEM) most of the time only that user can manually trigger the task execution.
When you try to execute the scheduled task from the user interface you can get the error message:
The user account does not have permission to run this task
This error is caused by the lack of permissions on the XML file that contains the task details. To allow all administrators to execute the scheduled task
- Remote into the Windows server
- Open the C:\Windows\System32\Tasks folder in Windows Explorer
- Right-click the file with the name of the scheduled task and select properties
- On the Security tab select Administrators and click the Edit button
- Check the Read & execute checkbox and click the OK button
- Click Yes on the Windows Security popup
Now you should be able to manually execute the scheduled task
There are many tools to copy files between Windows and Linux computers, I have found this method the simplest.
It does not require any software installation on the Windows machine, and only one package installation on the Linux machine.
Share a folder on the Windows machine
Share a folder on the Windows machine and allow access to it for a user. If the Windows computer is in the Windows domain, the domain user does not have to be a member of any security group on the Windows machine.
If you copy files from Windows to Linux, make the folder read-only for the user. If you copy files to the Windows machine, allow write access to the folder for the user.
Set up the Linux machine
- Install the cifs-utils on the Linux machine
- On Red Hat, CentOS, and Amazon Linux
sudo yum install cifs-utils
- On Ubuntu
sudo apt-get install cifs-utils
Mount the shared Windows folder on the Linux machine
- On the Linux machine create a directory to mount the Windows folder to
- Mount the Windows share
sudo mount.cifs '\\WINDOWS_SERVER_IP\attachments' /tmp/windows -o domain=MY_DOMAIN,username=MY_USERNAME,password=MY_PASSWORD,vers=1.0
First, you will be asked for the root password on the Linux machine.
If you do not specify your password in the line above, you will be also asked to enter your password on the Windows machine.
Access the Windows share
- On the Linux machine navigate to the mount directory
- List the files of the Windows share
If you get the error message when you issue the mount command
mount error(16): Device or resource busy
try to unmount (umount !) the share first and try the mount again
The user-specific settings in the Windows registry are stored under the HKEY_CURRENT_USER key. If you open the Regedit.exe application the HKEY_CURRENT_USER key contains the settings for your user account.
To access the registry keys of another user we need to
Find the Security ID of the user
- In Regedit navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
- The key lists the Security IDs and usernames
- Save the Security ID of the user.
Another Security ID list location:
The partial list of the Security IDs is also available at
Not all user profiles are listed here.
Click the Security ID folders on the left to see the username in the ProfileImagePath.
Open the user-specific registry keys
- In Regedit navigate to the HKEY_USERS key
- Select the Security ID of the user you are looking for
- The user-specific values are under that key
When you log into a Windows server via the Remote Desktop Protocol (RDP) in some cases you need to send the Alt-Control-Delete ( in other notations Alt-Ctrl-Del, Control-Alt-Delete, Ctrl-Alt-Del ) key combination to the remote server.
From a Macintosh laptop
On a Macintosh laptop press the fn+control+option+delete keys to send Alt-Control-Delete to the server.
From a Windows workstation
If the Remote Desktop window is not in full-screen mode, Alt+Control+Delete will control your own Windows workstation.
On a Windows workstation press the Alt+Control+End keys to send Alt-Control-Delete to the remote server.
This error can happen on Linux and Windows, and the cause could be the same.
On Windows Server 2012R2 I opened a command prompt. To be able to delete a directory from the Tomcat webapps folder, I have issued the shutdown command.
When I started the server with the startup command, and navigated to my local website, my Java Spring MVC web application displayed the error message
org.apache.jasper.JasperException: java.lang.IllegalStateException: No output folder
The problem was, that the Tomcat service runs under root on Linux, and SYSTEM on Windows.
When you issue the startup command, Tomcat will run under the user account you logged in with.
Stop and start the TomCat Linux or Windows service instead of issuing the shutdown and startup commands from the terminal or command prompt.
To reliably display the version of the Windows PowerShell engine
- Open a PowerShell command window,
- Execute the command,
PS C:\WINDOWS\system32> $PSVersionTable.PSVersion
Major Minor Build Revision
—– —– ——- ——-
5 1 16299 64
- If no value is displayed, the version is 1.0, as it does not have the referenced variable.
Time to time Windows servers may lose the trust of the domain. When you try to log in with your domain credentials you get the dreaded message:
The security database on the server does not have a computer account for this workstation trust relationship
This can have many causes, and the most effective way to fix this is to detach and re-attach the server to the domain.
For security reasons the best if there are no local admin accounts on the Windows server, only domain accounts added to the Administrators group. If there is no local admin account on the server, how can we access it with the non-working domain accounts? When a Windows computer loses the trust of the domain there is no way to log into it with a domain account when the computer is connected to the network and has access to the domain controllers.
If the server is in your data center it is enough to unplug the network cables, the server cannot connect to the domain controller, and you can log in with the last cached password you used for the Administrator domain account.
How can we unplug the network cables from a cloud computer?
The Amazon Web Services (AWS) Security Groups and Azure Network Security Groups (NSG) act as firewalls. Those control the inbound and outbound traffic rules.
To be able to access your Windows server, but prevent it to contact the domain controller, create a security group that contains all necessary inbound rules to access your Windows server with the remote desktop connection, but do not enable any outbound connections.
Open port 3389 for inbound traffic, but do not allow any outbound traffic.
- Change the security groups of the server
- Unselect the existing security groups to remove all other security groups from the server,
- Select the newly created recovery security group
- Use Remote Desktop to log into the server with your domain credentials you used the last time you logged into the server (it can be an earlier domain password). If you use stored credentials in your remote desktop client, enter your password again on the Windows login screen.
- Create a local administrator account, because once you remove the server from the domain, you will not be able to log into it with your domain account,
- To make sure the local administrator account credentials are correct, remote into the server with the local account,
- Change the security group back to the original one that enables outbound access to the domain controller,
- Remove the server from the domain by attaching it to a workgroup,
- Right-click This PC and select Properties
- On the Control Panel Home window select Advanced system settings
- On the Computer Name tab of the System Properties window click the Change… button
- In the Computer Name/Domain Changes window select the Workgroup radio button and enter WORKGROUP for the name of the workgroup
- Make sure you do these steps with the local admin account and click OK.
- Enter the credentials of a domain account that has enough rights to remove servers from the domain,
- Your server is out of the domain,
- Make sure again, you have a local admin account on the server and click OK,
- Click the Close button to continue,
- Make sure you have a local admin account with a known password, all your files are saved, and click the Restart Now button to restart the computer.
Remove the server from the domain controller database
To successfully add the server to the domain again, you need to remove the current entry of the server from the domain.
- Log into the domain controller,
- Open the ActiveRoles Console,
- Expand the Active Directory item, right-click the domain name, and select Find,
- in the Find drop-down select Computers, enter the name of the computer into the Name field and click the Find Now button,
- Right-click the name of the found computer and select Delete.
Add the server to the domain
- Using the local admin account log into the server,
- Follow the steps above to open the Computer Name/Domain Changes window,
- Select the Domain radio button, enter the name of the domain, and click OK,
- Enter the credentials of a domain account that has enough rights to add servers to the domain. Don’t forget to add the name of the domain in front of your username with a backslash.
- The server has been successfully added to the domain,
- Click OK to continue,
- Click the Close button to restart the computer.
- Click the Restart Now button to restart the computer.
Windows Server contains the Windows Backup functionality. It can create full backups of your server that contain all volumes. With the bare metal recovery, you are able to fully restore the server even if the hard disks fail, after a virus attack, or security breach. Depending on the size of the server drives and the backup media, set up frequent backup times, so when you need to restore the server, less data has to be entered again.
To restore a Windows Server from a backup image
- Insert the Windows Server 2012 R2 installation DVD into the DVD drive of the server
- Boot the server from the DVD
- Connect the drive, that contains the backup images, to the server
- On the first screen select the language and keyboard options
- On the next screen, select Repair your computer
- Select the Troubleshoot icon
- Click the System Image Recovery
- Select your operating system as the target operating system
- Select the backup image to restore; latest or from a previous date
- If you selected Select a system image option
- In the table select the backup device
- Select the time of the backup
- If you want to clear the drives of the server select the Format and repartition disks option
Enable shared folders on the virtual machine
To be able to use shared folders between the host ( your workstation ) and the Windows virtual machine.
- Start the Windows virtual machine in VirtualBox,
- Select the virtual machine window on your workstation,
- In the Devices menu of VirtualBox select Insert Guest Additions CD image…
- In the virtual machine start Windows Explorer,
- Open the VirtualBox Guest Additions CD,
- Start VBoxWindowsAdditions.exe,
- On the User Account Control popup click Yes,
- Click Next on the setup page,
- Click Next on the path selection page,
- Click the Install button,
- Save all your documents on the virtual machine, and allow the reboot of the virtual machine for the changes to take effect.
The shared folders will be available in the virtual machine’s Windows Explorer under Network locations as the E: drive
When an application copies or deletes files and folders in the displayed shared folder, click the Refresh button to see the new state of the directory. Windows usually does not refresh the view of the shared folder.
On a Windows 10 guest machine, the Git Bash and Command Prompt windows cannot see the mapped shared folders. To execute commands in shared folders, use the PowerShell window. For more see Git Bash and Command Prompt cannot see the VirtualBox shared folder on Windows 10 guest