Fix for roaming profiles not working without local admin access to Windows 7

At work, we’ve long been using Roaming Profiles for most of our users, because despite their issues, it works well for users that move around and use many different PCs.

Again, it’s not best practice by any means, but Domain Users also have local administrative access to their PCs. At one time, there were several pieces of software that required it, and we just never made any changes after that.

Any new users that were created had their roaming profile copied from a generic profile folder that we have saved on the network to be copied to a new users folder. Once copied, we will assign proper rights/ownership and then log in as the new user for any final setup.

We’ve recently decided that we need to phase out all local admin access to these users, and move Domain Users over to the local Power Users group. However, before we could even get into the testing phase for any of this, we were dead in the water with an error message at login.

The Group Policy Client service failed the logon. Access is denied.

After trying our best to research why this would happen with no local admin access, we came up short, and were honestly at a bit of a dead end. Most of anything we would search only returned the most generic unrelated issues with that message.

One day, I must have typed something just right into a search because that’s when I stumbled across this forum post discussing someone having the same error when trying to have several users use the same mandatory network profile.

This was mostly unrelated to our use case, but some of the posters there got me thinking that much like the OP’s issue was the registry rights in his file, how the rights in our ntuser.dat files may be our issue, as we copy the same generic profile to every new user.

That was indeed the solution we needed to get rid of the error, and have our roaming users login and load their profiles without local admin access. See below for what needs to be done to the ntuser.dat files to resolve this.

This will require editing the permissions on the registry entries in ntuser.dat

Open up regedit (it can be on anything, server or workstation as you won’t be modifying the existing registry on that station).

Select/highlight HKEY_USERS, then click File, Load Hive.

Browse to and open the ntuser.dat file under the user’s roaming profile folder you need to edit. Give it a name on the next prompt (this is just a local nickname for this process, so use whatever like the user’s first name) and it’ll appear under HKEY_USERS.

Then right click on it, go to Permissions and change them as you would with a file (give the appropriate user full control).

Now with that user’s hive still selected, click File, Unload Hive.

That’ll save the changes.

Disable Java’s “Sponsored Offers” Automatically for All Users

The only thing worse than Java and its many security issues, is its incredibly crappy and outdated update scheme. The lack of an automated background update service as well as requiring user intervention for every Java security update is simply unforgivable in 2016. I mean, if Adobe can do it with Flash… anyone can do it, guys.

But, what really adds insult to injury is the fact that Oracle is still up to their old tricks of trying to trick unaware users (who are in a hurry) into installing crap ware, and/or changing settings during the update. Security updates that include opt-out “Sponsored Offers” is really just a fucked up and unprofessional business practice.

Thankfully gone is the Ask Toolbar bundled software. Replaced now with an offer to make Yahoo your home page and default search engine. I could go into rant mode about this at this point, but I won’t…

Any IT manager will tell you that keeping Java up to date on your network is a nightmare alone without having to worry about clueless users installing garbage by mistake.

Now, there an option to check in advanced settings that will disable these offers, but this setting seems to now be user specific now rather than PC specific. And who has the time or inclination to worry about that check box on hundreds of PCs?

There were also registry keys that worked well to change this setting in the past, but no longer do. In fact, it seems like Oracle has intentionally made automating this setting change more arcane with the hopes of duping a few more users.

After battling with this for a while I finally discovered a way to automatically make the change on the PCs in my Windows 7 domain so that the so-called sponsored offers are disabled. The change I am now pushing out is surprisingly simple, which made me surprised that I did not find it on the internet, but rather had to mostly figure it out on my own.

Anyway, the suppress sponsor check box under advanced options is currently controlled by a single config (.CFG) file. I found it after finding many other files and registry keys that have what looks like an option to suppress sponsors, but don’t actually do anything when modified.

The file that worked for me was C:\ProgramData\Oracle\Java\java.settings.cfg

The file is literally a blank document, until I check the box to suppress sponsored offers, it was then filled with a very simple SPONSORS=0 line. Copying this updated config file to the same location on other PCs checked the box for me and seems to even work for all users that log into that PC after that.

At that point, it is a simple matter of copying that file onto all the PCs you want to make the change on via the user’s login scripts or whatever other method you would like, and they will not get the Yahoo offer any more! At least until this is changed around again…

It is a simple fix, but as I said I found nothing out there about it while searching on how to disable the sponsored offers programmatically on the newest Java releases, so hopefully this will help some other IT specialists out there and keep a few pennies out of Oracle and Yahoo’s pockets.

Because seriously, fuck them for this still being a problem I have to deal with.

A String of Numbers before a web address in a URL link (SPAM)

Any networking guy is well aware that an IP address can be used in the place of a domain name in a link. for example, will take you to

Did you know, however, that the IP address itself in a link can also be represented in different ways?

For example, a DWORD integer value? If I convert that Google IP address to a decimal number, I get this: 2915222666. Now if you were to click on http://2915222666, it would also take you to Google’s homepage just like the other two links above.

To most people, that would not look like a valid link to anything, but it is. There are also plenty of other valid ways to represent an IP address in a link, and this is no new trick, as I read all about it on this site that was apparently written in 1999.

The reason I discovered all this, is because of a link in a spam/malware email sent to some users at work. The link was along the lines of this: http://[ten digit number]/wwwdotrealwebsitedotcom/mail. Now keep in mind, the email made no attempts beyond this to mask the link. It was not hidden until you hovered over it, or anything like that. It even had a “helpfully” fully written out version of the link for users with trouble to copy and paste into the browser.

It claimed to be a link to an encrypted email message, so the strange URL seemed almost plausible.

The link really lead out to the IP address represented by that ten digit number and not the real, unrelated, domain included in the link. The malware website was clearly designed to have the valid URL included in its address, but hid the real domain (IP address) behind that DWORD integer. The link lead to a Russian owned IP address that wanted to download a Trojan disguised as a MS word compatibility pack.

I normally have a very sharp eye when it comes to spotting bullshit URLs, and other things like this. So, the fact that this one looked weird to me, but didn’t set off any alarm bells right away could have been a very bad thing, and this bothered me.

After my research, I now have a much better understanding of an older, somewhat sophisticated, technique to mask where a bullshit link really leads. I wanted to share that information, in one place, in a hopefully easier to find way.

Maybe this was just a weird fluke, or maybe we are going to start to see more attacks like this.

HP 2530p WIFI Hard Disabled after Clonezilla disk clone

Today, after using the newest stable release of Clonezilla -version 2.4.2-32, in boot CD form- to make a disk clone of my laptop’s (HP 2530p) hard drive, I found that the internal wireless LAN adapter was inoperable. Even the LED light/toggle button was stuck on the off/amber color.

After trying all the standard things in terms of software and hardware, and some less than helpful Googling, I was only able to find that it may have been hard locked by the Linux kernel used on the boot CD.

Knowing nothing about Linux or its drivers, and using Windows 7 on the laptop, I figured I may just be fucked. I tried reinstalling the windows driver, system restore, and everything else you can in Windows 7, and I also physically re-seated the card and its antenna connections.

I tried a startup test in the Bios and found no issues. I had already tried disabling the card and re-enabling it in the Bios, with no effect. But, all that gave me the idea of doing a complete reset on the Bios settings themselves.

Once I reset the Bios to the default settings, the WIFI card was working normally again in Windows. The toggle switch and indicator light were able to change to the on/blue position, and the wifi connected like normal in Windows. Beware using Clonezilla on your laptop! Hope this helps.

Dynasty Warriors 7 Empires PAL is region free, works in US PS3

I bought the UK (PAL) version of Dynasty Warriors 7 : Empires because I’m old school and like to have a disk in my hand for the new game I just purchased. I know the vast majority of PS3 games are region free, meaning you can import games from other territories and play them, but that there have been some exceptions (apparently including an earlier DW title).


It’s so pretty. It even comes with a full color manual that is actually helpful! Old school, indeed.

I looked over Google for a forum post or anything that might confirm that the game was region free, but mostly ended up with piracy links. I found the game on Play Asia’s site and it has it listed as region free. So I took the chance trusting the site and bought the game on Amazon, keeping my fingers crossed.

After a bit longer delivery wait time than I’m used to (my friends and I jested that it was arriving via ancient Chinese warship), I got the game and fired it up last night. It works perfectly in my North American (NTSC) 60GB “Fat” PS3, so I can confirm that the game is region free.

Hopefully that can help someone looking for the same info I was. As for the game itself? I’ve long given up on my mini reviews for this blog, but I can say that it is awesome. If you (and your coop friends) enjoyed DW6:Empires, you will certainly love this game. They basically expanded and improved on the previous title in every way. Even my friend who has never played the series before insisted on staying up until 2am on a work night to drink beers and couch coop it. =)

You Tube App freezing video only on fullscreen GS3 Android 4.1.1 fix

Not long after my (official, over the air) upgrade to Android 4.1.1 “Jelly Bean” on My Verizon Samsung Galaxy S3, I started having an issue with the official You Tube app. Whenever I would try to view videos in landscape, full screen mode the video would stop or freeze even though the audio would continue playing.

Bringing up the full screen HUD (play, pause, progress bar, etc), for lack of a better term, would catch the video back up and play it again, but only as long as the HUD is shown. The videos had no issues in the tiny portrait mode. My issue was not with the data connection, the settings or even the version of the You Tube app, or Android 4.1.1 itself (though, this could be very indirectly blamed in my case).

I’m not a hardcore You Tuber, but watching tiny portrait videos on the 4.8” screen of a flagship device was simply unacceptable. After “dealing with it” for a while, hoping for a fix, I was finally annoyed enough to figure it out. Goggling was no help, so I was on my own, and that is the reason I’m writing this article. It’s a fairly esoteric problem, and this post will likely only help a handful of people. But esoteric issues are kinda the only reason this blog exists at this point, so here we go.

I tried all the obvious, clearing the data and cache for You Tube, uninstalling updates and trying it on the old version, reinstalling the updates and trying again. Nothing. Then I realized what might be different on my phone than other peoples. I mean, this is a popular phone, so why weren’t there others having my issue?

A little back ground: I have two free games installed from the same company, Madfinger, which are great. There is a known issue with Dead Trigger and Shadowgun: DeadZone with the GS3 running 4.1.1 that causes the graphics to blur or “ghost” making the games unplayable on the phone. They still haven’t fucking fixed this, despite the numerous complaints. But, hey, the games themselves are great and are perfect examples of “freemium” done right on Android.

The work around to get the games to work normally again on 4.1.1 is to go to Settings > Developer Options > turn on developer options > check Disable Hardware Overlays. This is what was breaking my You Tube app. Something that simple. Un-checking this makes You Tube work perfectly again. So for those that are using this work around for these games, you just need to turn it off when you are not playing if you want You Tube to work full screen.

Dawn of War 2 Retribution Skidrow LAN fix for name in use error

We have been playing Dawn of War 2: Retribution with the Skidrow crack (version because we wanted to play the game in our local (and offline) LAN without any bullshit. We had the game working swell on two computers, but after that we discovered the other PCs in our LAN would get an strange error when trying to join the game.

The name you are trying to use is already in the game

The other odd thing was once the error occurred, the person trying to join would “push” their name onto the host.  Now, of course, our names were different and we checked all the obvious things like the the various config files and I even searched the registry for anything that would cause the error. The internet was no help either, the one half way decent idea I found was to try the “smart steam” crack, but that did not help us at all (in fact just caused us more issues). We tried many other, almost silly, fixes too.

We were racking our brains at this point, why were three of four computers able to join a game with the one PC that had never gotten the error, but not able to join any games with each other? Then we realized the only relevant difference was that the working PC -the one that never got the error, period- had the game installed on a second HDD (D:) in a custom directory. At this point, we already tried reinstalling the game on the non-working PCs in a custom folder and it did not help.

The fix for us was to run the game off of a different drive other than C: on the trouble PCs. Well technically one of them is still running it off the default directory on C:, because only one doing that was not causing us any issues. The two we fixed do not have second hard drives, so how we fixed this was having them run the game off of my server that is in the same LAN. I just created a share, copied the whole (crack and all) install directory of the game to it, and had the PCs run the game off of the server. Worked perfect.

Of course, not everyone has a server sitting in their LAN room, but running it from anywhere other than C: seems to fix the issue. So you could just run the game off of an external drive, or a share that is just on another PC in your LAN. For doing it over the network, you can either map a drive, or just create a shortcut to the UNC path of the DOW exe.

Even more ironic, is that now we can even connect to games with two people using the same name

I know its a stupid sounding fix, but I hope this helps someone. Happy LAN gaming!