How to add a web linked icon to your Gmail signature

Are you struggling with figuring out how to add a web-linked icon to your Gmail signature? Follow the steps below:

  1. To update your signature, go to Mail Settings, then down to signature.  Click the images icon.
  2. Then click “Web Address (URL)
  3. Paste the icons from up above.
  4. Then Highlight the image and click the link icon
  5. Click Change
  6. Type in the address, leave the Text to display blank.

How do I setup an authorized users message on Active Directory – HIPAA, NIST, FINRA

One common rule for setting up compliance is an unauthorized user rule on login.  Below is a video showing how to set up a title and message under an active directory.  It worked great for us!

How to set up a login warning message, via Group Policy (GPO) for Windows Computers | VIDEO TUTORIAL

https://www.youtube.com/watch?v=aeWySqwgEvw


B

HIPAA Patient Data Retention time for South Carolina, SC – How Long Should I Keep My Patient Files?

A common question for doctors, medical professionals, and IT staff who deal with patient data, medical files, or HIPAA related info is, “How long do I need to keep all of our patient records?”

HIPAA protects patients’ rights to access their personal files.  Patient Data and access to Patient Files in the state of South Carolina should be stored and accessible for a time period of 10 years for adults from the last treatment and 13 years from the last treatment for children.

According to hss.gov’s website,  HIPAA doesn’t designate a particular period of time for file retention. It does clearly state that a reasonable effort needs to be saved, stored, backed-up, and retrievable.  It also allows the states to make their own time retrieval policies.  According to healthit.gov’s website, in South Carolina, the retention time for Patient Data is 10/Years.  The website also shows other state laws in regard to their retention policies.

How do I become HIPAA compliant? (a checklist)

A little housekeeping before we answer the question. This article is not a definitive list of what is required for HIPAA compliance; you should assign a Privacy Officer to review each rule in its entirety. This article is intended to point you in the right direction.

So you have determined that you are handling protected health information (PHI) and that you need to be HIPAA compliant. What’s next? What steps need to be taken in order to become HIPAA compliant?

The simple answer is that Covered Entities and their Business Associates need to protect the privacy and security of protected health information (PHI). But, it gets more complicated when you start to put together a to-do list.

There are 4 rules that you will need to dissect.

  1. HIPAA Privacy Rule
  2. HIPAA Security Rule
  3. HIPAA Enforcement Rule
  4. HIPAA Breach Notification Rule

As far as action items are concerned, you need to follow the HIPAA Privacy Rule and the HIPAA Security Rule. And, you need to provide notification following a breach of unsecured protected health information (the Breach Notification Rule).

If you’re a developer trying to understand the scope of the build, then you need to focus on the Technical and Physical Safeguards spelled out in the Security Rule; these two sections comprise the majority of your to-do list. Let’s start there.

HIPAA Security Rule

The HIPAA Security Rule requires appropriate Administrative, Physical, and Technical Safeguards to ensure the confidentiality, integrity, and security of protected health information (PHI).

The Security Rule is made up of 3 parts.

  1. Technical Safeguards
  2. Physical Safeguards
  3. Administrative Safeguards

All 3 parts include implementation specifications. Some implementation specifications are “required” and others are “addressable.” Required implementation specifications must be implemented. Addressable implementation specifications must be implemented if it is reasonable and appropriate to do so; your choice must be documented. (see the HHS answer)

It is important to remember that an addressable implementation specification is not optional. When in doubt, you should just implement the addressable implementation specifications. Most of them are best practices anyway.

Technical Safeguards

The Technical Safeguards focus on the technology that protects PHI and controls access to it. The standards of the Security Rule do not require you to use specific technologies. The Security standards were designed to be “technology neutral.”

There are 5 standards listed under the Technical Safeguards section.

  1. Access Control
  2. Audit Controls
  3. Integrity
  4. Authentication
  5. Transmission Security

When you break down the 5 standards there are 9 things that you need to implement.

  1. Access Control – Unique User Identification (required): Assign a unique name and/or number for identifying and tracking user identity.
  2. Access Control – Emergency Access Procedure (required): Establish (and implement as needed) procedures for obtaining necessary ePHI during an emergency.
  3. Access Control – Automatic Logoff (addressable): Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
  4. Access Control – Encryption and Decryption (addressable): Implement a mechanism to encrypt and decrypt ePHI.
  5. Audit Controls (required): Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.
  6. Integrity – Mechanism to Authenticate ePHI (addressable): Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.
  7. Authentication (required): Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed.
  8. Transmission Security – Integrity Controls (addressable): Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of.
  9. Transmission Security – Encryption (addressable): Implement a mechanism to encrypt ePHI whenever deemed appropriate.

Security Standards: Technical Safeguards

HHS offers insight into the Security Rule and assistance with the implementation of the security standards.

HHS: https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf

Physical Safeguards

Physical Safeguards are a set of rules and guidelines that focus on the physical access to PHI.

TrueVault provides an in-depth analysis of the Physical Safeguards in a two-part blog post.

HIPAA Physical Safeguards Explained, Part 1

HIPAA Physical Safeguards Explained, Part 2

There are 4 standards in the Physical Safeguards section.

  1. Facility Access Controls
  2. Workstation Use
  3. Workstation Security
  4. Device and Media Controls

When you break down the 4 standards there are 10 things that you need to implement.

  1. Facility Access Controls – Contingency Operations (addressable): Establish (and implement as needed) procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency.
  2. Facility Access Controls – Facility Security Plan (addressable): Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft.
  3. Facility Access Controls – Access Control and Validation Procedures (addressable): Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision.
  4. Facility Access Controls – Maintenance Records (addressable): Implement policies and procedures to document repairs and modifications to the physical components of a facility which are related to security (e.g. hardware, walls, doors, and locks).
  5. Workstation Use (required): Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access ePHI.
  6. Workstation Security (required): Implement physical safeguards for all workstations that access ePHI, to restrict access to authorized users.
  7. Device and Media Controls – Disposal (required): Implement policies and procedures to address the final disposition of ePHI, and/or the hardware or electronic media on which it is stored.
  8. Device and Media Controls – Media Re-Use (required): Implement procedures for removal of ePHI from electronic media before the media are made available for re-use.
  9. Device and Media Controls – Accountability (addressable): Maintain a record of the movements of hardware and electronic media and any person responsible therefore.
  10. Device and Media Controls – Data Backup and Storage (addressable): Create a retrievable, exact copy of ePHI, when needed, before movement of equipment.

Security Standards: Physical Safeguards

HHS: https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/physsafeguards.pdf

Administrative Safeguards

The Administrative Safeguards are a collection of policies and procedures that govern the conduct of the workforce, and the security measures put in place to protect ePHI.

The administrative components are really important when implementing a HIPAA compliance program; you are required to assign a privacy officer, complete a risk assessment annually, implement employee training, review policies and procedures, and execute Business Associate Agreements (BAAs) with all partners who handle protected health information (PHI).

There are 9 standards under the Administrative Safeguards section.

  1. Security Management Process
  2. Assigned Security Responsibility
  3. Workforce Security
  4. Information Access Management
  5. Security Awareness and Training
  6. Security Incident Procedures
  7. Contingency Plan
  8. Evaluation
  9. Business Associate Contracts and Other Arrangements

As with all the standards in this rule, compliance with the Administrative Safeguards standards will require an evaluation of the security controls already in place, an accurate and thorough risk analysis, and a series of documented solutions.

When you break down the 9 standards there are 18 things that you need to do.

  1. Security Management Process – Risk Analysis (required): Perform and document a risk analysis to see where PHI is being used and stored in order to determine all the ways that HIPAA could be violated.
  2. Security Management Process – Risk Management (required): Implement sufficient measures to reduce these risks to an appropriate level.
  3. Security Management Process – Sanction Policy (required): Implement sanction policies for employees who fail to comply.
  4. Security Management Process – Information Systems Activity Reviews (required): Regularly review system activity, logs, audit trails, etc.
  5. Assigned Security Responsibility – Officers (required): Designate HIPAA Security and Privacy Officers.
  6. Workforce Security – Employee Oversight (addressable): Implement procedures to authorize and supervise employees who work with PHI, and for granting and removing PHI access to employees. Ensure that an employee’s access to PHI ends with termination of employment.
  7. Information Access Management – Multiple Organizations (required): Ensure that PHI is not accessed by parent or partner organizations or subcontractors that are not authorized for access.
  8. Information Access Management – ePHI Access (addressable): Implement procedures for granting access to ePHI that document access to ePHI or to services and systems that grant access to ePHI.
  9. Security Awareness and Training – Security Reminders (addressable): Periodically send updates and reminders about security and privacy policies to employees.
  10. Security Awareness and Training – Protection Against Malware (addressable): Have procedures for guarding against, detecting, and reporting malicious software.
  11. Security Awareness and Training – Login Monitoring (addressable): Institute monitoring of logins to systems and reporting of discrepancies.
  12. Security Awareness and Training – Password Management (addressable): Ensure that there are procedures for creating, changing, and protecting passwords.
  13. Security Incident Procedures – Response and Reporting (required): Identify, document, and respond to security incidents.
  14. Contingency Plan – Contingency Plans (required): Ensure that there are accessible backups of ePHI and that there are procedures for restore any lost data.
  15. Contingency Plan – Contingency Plans Updates and Analysis (addressable): Have procedures for periodic testing and revision of contingency plans. Assess the relative criticality of specific applications and data in support of other contingency plan components.
  16. Contingency Plan – Emergency Mode (required): Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of ePHI while operating in emergency mode.
  17. Evaluations (required): Perform periodic evaluations to see if any changes in your business or the law require changes to your HIPAA compliance procedures.
  18. Business Associate Agreements (required): Have special contracts with business partners who will have access to your PHI in order to ensure that they will be compliant. Choose partners that have similar agreements with any of their partners to which they are also extending access.

Security Standards: Administrative Safeguards

HHS: https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf

HIPAA Privacy Rule

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, healthcare clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records and to request corrections.

Business Associates are directly liable for uses and disclosures of PHI that are not covered under their BAA or the HIPAA Privacy Rule itself.

The Privacy Rule requires Business Associates to do the following:

  1. Do not allow any impermissible uses or disclosures of PHI.
  2. Provide breach notification to the Covered Entity.
  3. Provide either the individual or the Covered Entity access to PHI.
  4. Disclose PHI to the Secretary of HHS, if compelled to do so.
  5. Provide an accounting of disclosures.
  6. Comply with the requirements of the HIPAA Security Rule.

HHS, Privacy Rule:

http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html

HIPAA Enforcement Rule

The HIPAA Enforcement Rule spells out investigations, penalties, and procedures for hearings.

What’s the penalty for a HIPAA violation? Read True Vault’s blog on post the subject.

HHS, Enforcement Rule:

http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/index.html

HIPAA Breach Notification Rule

The Breach Notification Rule requires most healthcare providers to notify patients when there is a breach of unsecured PHI. The Breach Notification Rule also requires the entities to promptly notify HHS if there is any breach of unsecured PHI, and notify the media and public if the breach affects more than 500 patients.

HHS, Breach Notification Rule:

http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html

Summary

When you boil it down, HIPAA is really asking you to do 4 things:

  1. Put safeguards in place to protect patient health information.
  2. Reasonably limit uses and sharing to the minimum necessary to accomplish your intended purpose.
  3. Have agreements in place with any service providers that perform covered functions or activities for you. These agreements (BAAs) are to ensure that these services providers (Business Associates) only use and disclose patient health information properly and safeguard it appropriately.
  4. Have procedures in place to limit who can access patient health information, and implement a training program for you and your employees about how to protect your patient health information.

https://www.truevault.com/blog/how-do-i-become-hipaa-compliant.html#.VBI3A85dXkt

(Solved) 2502/2503 Error When Installing from a .msi File

Sometime, you will get a 2502/2503 error message when trying to install a program from a .msi file.

Here’s how to fix it.

  1. Log in as an administrator
  2. Navigate to the C:\windows directory in file explorer
  3. Find and right-click the temp folder in this directory
  4. Select properties from the menu and click the security tab
  5. Make a note of the permissions for the following:
    1. All Application Packages
    2. Creator/Owner
    3. Users
    4. Trusted Installers
  6. Click the edit button and change the permissions to full control for all of these
  7. Click apply and OK/close out of the temp folder properties windows
  8. You can now install the program without issue
  9. Once the program is installed and working, go back to the temp properties and change the permissions back to what they were before

(Solved!) How to Disable “You should only open attachments from a trustworthy source” in Outlook on Windows Remote Desktop Server

(Solved!) How to Disable “You should only open attachments from a trustworthy source” in Outlook on Windows Remote Desktop Server.   Recently we set up an RDP server for a client who moves around from location to location.  In their outlook profile when the user tried to open a PDF a message would pop up:

Solution:

  1. Login as administrator to your RDP server
  2. Promote the user having the issue to a local computer administrator on the remote desktop server.  (Control Panel, User Accounts, Manage User Accounts, Add, then select the user and domain if applicable and choose administrator)
  3. Log in as the user
  4. Hold Control and Shift then click on the Outlook icon.  Or right-click the Outlook icon and “Run as Administrator”.  Outlook will open in elevated status and should not ask for a username and password as you are logged in as a local administrator.  It will also load the correct Outlook profile.
  5. Open a PDF and the box will be able to be unchecked.
  6. Log off of the user and back into the domain admin
  7. Remove the  user as an administrator for the local remote desktop (we don’t want them to continue to be an admin)

Notice the “Always ask before opening this type of file” is greyed out.  This setting requires local administrator access and an elevated Outlook to get rid of the checkbox.  On a remote desktop server, this was a real issue as the local user isn’t an administrator.  When you tried to open Outlook as an administrator and use the network admin credentials, Outlook would not load the profile correctly so you couldn’t see any files which would bring up this error.

We perused the Googles for hours and couldn’t come up with a registry entry or anything that worked.  We finally fixed the issue.  What ended up helping was a post from Roady, a Microsft MVP.  His solution would work on a normal Windows machine but did not work in a remote desktop environment.

The key is, you need a local administrator to elevate Outlook to enable the checkbox.

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook-mso_win10/how-to-disable-the-warning-on-opening-any/b424facc-3855-4467-8225-cb0c9de44c11

As this is a computer-wide change, you can only change that option when you are running Outlook as an Administrator.

  1. Close Outlook.
  2. Hold CTRL+SHIFT while clicking on the Outlook icon.
  3. Accepts the security prompt and/or provide administrator credentials.
  4. Open the attachment and untick the “Always ask…” box.
  5. Close Outlook and start it normally.

Robert Sparnaaij [MVP-Outlook]

https://www.howto-outlook.com

https://www.msoutlook.info

How To: Setup Active Directory Roaming Profiles with Folder Redirection Server 2016, Server 2012, Server 2008R2

How to Setup Active Directory Roaming Profiles with Folder Redirection with Administrative access to files and folders and without user access to other people’s profiles.

First a warning.  Do not forward the App Data folder.  From our practical application, we found many programs require your App Data Local and App Data Roaming folder to be editable on the local computer and may respond incorrectly to different installations and configurations.  This includes most networked programs particularly requiring network connectivity like SQL based applications.  Also, MS Outlook can act erratically by not being able to read the folder on your local machine to find the profiles etc.

Setting up a server with Roaming Profiles can be a great benefit to your organization.  It allows users to log in to any computer and have their user settings and files follow them.  There are drawbacks to the default Roaming Profiles setup.  Windows Server, if you just use the profile settings which Microsoft defaults to in the Active Directory Users and Computers app, then you will end up with user profiles in a folder where you as an administrator cannot access.  Also, some backup software will have issues backing up the software because of the user permissions assigned.

In this tutorial, we’ll show you how to set up a Roaming Profile and set up proper Folder Redirection where the user cannot see the other users files, but the administrator can administer the files and assign other users like backup operators to be able to access and backup the files as well.  Some steps in this user guide will assume you have a basic knowledge of Windows Server software, File Permissions, and Active Directory.

Step 1 – Create two folders

Create two folders on your storage drive, this may be a separate drive or on your C:\ drive.  We will call this “Profiles” and “Users.”  You can name them what you want. We recommend you do this on a separate storage drive or partition for backup and working purposes.  The reason why we have two is one will hold our User Profile, and the other will hold our home directories, like Documents, Desktop, Downloads, Etc.

Step 2 – Permissions of the Profiles Folder.

Right-click on the Profiles folder and click “Share With” and then “Specific People”  Make sure the Administrator has Read/Write access.  Then click the Security Tab.  Change the Group or user names permissions by clicking Edit.  Click Add and type “Users”.  Hit enter and your box should look like below.

Step 3 – Permissions of the Users Folder

Right-click on the Profiles folder and click “Share With” and then “Specific People”  Make sure the Administrator has Read/Write access.  Then click the Security Tab. Make sure the “Users” is not on this folder as we do not want other users to be able to look at other people’s files.

Step 4 – Create Folder Redirection Policy in Group Policy

This setup is not scary!

Go back to your Administrator Tools and select Group Policy Management.  Open it to Forest/Domains/*your domain*.  It should look like below.

Now, right-click on your “Default Domain Policy” and select Edit

Navigate to User Configurations / Policies / Windows Settings / Folder Redirections

Here you can see the folders which can be redirected.  Right-click on each one, Select Basic – Redirect everyone’s folder to the same location

Then select the Root Path “\\yourservername\users”  **Make sure this is a UNC path and not a local C:\whatever

Then select the Settings tab.  Make sure the “Grant the user exclusive rights to *whatever* is UNCHECKED.

Do the same procedure for all of the folders you want re-directed.  Accept prompts.

Step 5 – Create a new user in Active Directory

Open the Windows Administrator Tools Window from the Control Panel

Open Active Directory Users and Computers

Click on Users and right-click.  Select New / User

Name your user whatever.  Here we named our user Test6

Click Next, Select Password, click ok

Step 6 – Profile paths in the User Profile section

Find the new user and right-click on the user then select Properties

Click the Profile tab

In the Profile tab, enter the UNC path to our first “Profile” folder  *in my test it was \\pfd-server\profiles\test6  -the pfd-server is your username and the test6 is the profile folder you want to create for this user.  We keep them the same.

Under the “Home Folder, select “Connect”, then select the U drive *or any drive letter* then type the UNC path to your users folder you created earlier.  *In my test, it is \\pfd-server\user\test6

Press Apply, and OK

Step 7 – Login as the User

When you log in as the user, you should now see a regular login screen but you should also see “Applying Folder Re-Direction Policy” which means it is copying the home folders to the “Users” folder you selected.  It may take a minute or two to copy.

Now you should see in your file explorer under your “This PC” a U drive with the username listed.  If you click on it, you should see all of your home folders there for the user.

Now if you log into the server, you should be able to go to your storage drive and go to users.  You can see below, I am logged in as the administrator but I am able to fully access the files and work with them.

Good luck out there!  Hope this helps you :).

Solved! Login Failed, slow logins, winlogon notification subscriber gpclient error taking 450 seconds to boot

A client was having an issue logging into their computer.  First was a blue screen with the login failed because the unique identifier is not supported.  After fixing that issue, We faced two errors today with our roaming profile.

Error 1:

First logon fails with “The universal unique identifier (UUID) type is not supported

Error 2:

Here is the winlogin notification about the gpclient in event viewer we received after taking 10 minutes to login.

The first part was solved by taking control of the gpsvc service then applying the command from here:

cmd /c reg add “HKLM\SYSTEM\CurrentControlSet\Services\gpsvc” /v Type /t REG_DWORD /d 0x10 /f

after we ran this command in an elevated command prompt, the error for the UUID went away, but it still took ten minutes to log in.  We did a little more research and found a beautiful script below.  We copied it into a winlogin.bat file, saved it on the C Drive.  After we saved it, we opened an elevated command prompt and ran navigated to the script to run it.  I found just double clicking the script or opening it did not work properly.

@Echo off
If EXIST "c:\Wbem.txt" GOTO END
:BEGIN
 Echo.Checking following services... 
Echo IPHelper (iphlpsvc) 
Echo SMS Agent Host (CcmExec) 
Echo Security Centre (wscsvc)  
Echo Windows Management Instrumentation (winmgmt) 
Echo.  

Set Service1="ccmexec"
Set Service2="iphlpsvc"
Set Service3="wscsvc"
Set Service4="winmgmt"

:CHECK
for /F "tokens=3 delims=: " %%H in ('sc query %Service1% ^| findstr "STATE"') do ( 
Set Service1State=%%H 
if /I "%%H" NEQ "STOPPED" (
echo.%Service1% still STOP_PENDING. Press Any key to check again otherwise Ctrl C out of the script
net stop %Service1% timeout 10 cls GOTO Check ) ) for /F "tokens=3 delims=: " %%H in ('sc query %Service2%  ^| findstr "STATE"') do (   Set Service2State=%%H if /I "%%H" NEQ "STOPPED" (    echo.%Service2% still STOP_PENDING. Press Any key to check again otherwise Ctrl C out of the script net stop %Service2% timeout 10 cls GOTO Check ) ) for /F "tokens=3 delims=: " %%H in ('sc query %Service3% ^| findstr "        STATE"') do ( Set Service3State=%%H if /I "%%H" NEQ "STOPPED" (    echo.%Service3% still STOP_PENDING. Press Any key to check again otherwise Ctrl C out of the script    net stop %Service3% timeout 10 cls GOTO Check ) ) for /F "tokens=3 delims=: " %%H in ('sc query %Service4% ^| findstr "        STATE"') do ( Set Service4State=%%H if /I "%%H" NEQ "STOPPED" (    echo.%Service4% still STOP_PENDING. Press Any key to check again otherwise Ctrl C out of the script    net stop %Service4% timeout 10 cls GOTO Check ) )  

:STATUS CLS Echo.%Service1% is %Service1State% Echo.%Service2% is %Service2State% Echo.%Service3% is %Service3State% Echo.%Service4% is %Service4State% echo. echo.All Services Stopped... Please Wait... Repairing WBEM Repository del C:\Windows\System32\wbem\Repository\*.* /q rd C:\Windows\System32\wbem\Repository* /q timeout 5 cls echo.Fix complete. Your computer will Restart in 60 seconds. shutdown -r -t 60 echo.WBEM Script Control > c:\WBEM.txt timeout 60  :END

After running this script, the boot time went down to 30 seconds instead of 5-10 minutes.  It seems when this problem happens you have to run this manually.  I’m sure you can set this up in a shutdown sequence.

Here are two resources I used:

https://support.microsoft.com/en-us/help/2976660/first-logon-fails-with-the-universal-unique-identifier-uuid-type-is-no

https://community.spiceworks.com/topic/324801-winlogon-notification-subscriber-gpclient-error-taking-605-seconds-to-boot

Synchronize time with external NTP server on Windows Server 2008, Server 2008R2

Here’s how to synchronize time with an external NTP server on Windows Server 2008 (R2).

Posted on 16 November 2009 by Marek in MicrosoftWindows Server 2008Windows Server 2008 R2

Time synchronization is an important aspect for all computers on the network. By default, the clients’ computers get their time from a Domain Controller and the Domain Controller gets his time from the domain’s PDC Operation Master. Therefore the PDC must synchronize his time from an external source. I usually use the servers listed at the NTP Pool Project website. Before you begin, don’t forget to open the default UDP 123 port (in- and outbound) on your (corporate) firewall.

  1. First, locate your PDC Server. Open the command prompt and type: C:>netdom /query fsmo
  2. Log in to your PDC Server and open the command prompt.
  3. Stop the W32Time service: C:>net stop w32time
  4. Configure the external time sources, type: C:> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
  5. Make your PDC a reliable time source for the clients. Type: C:>w32tm /config /reliable:yes
  6. Start the w32time service: C:>net start w32time
  7. The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing: C:>w32tm /query /configuration
  8. Check the Event Viewer for any errors.

How to show and hide a Windows Update or Driver Update from Windows 10

Recently I’ve had an issue with Windows Update where it wouldn’t install a particular update.  It would crash and make Windows boot screen stay in a perpetual startup or “Welcome” screen.  I was able to cancel the update by restarting which rolled the computer back to a time before the update, then it would re-download the update and crash again.  Unlike Microsoft Windows updates of old, there is no place natively to view updates and stop them from installing.  I found the following steps from the Microsoft article on how to prevent a driver update from reinstalling to be helpful.  In particular downloading the wushowhide.diagcab file did the trick for us.  We were able to hide the update and the system hasn’t been in a reboot loop since:

For Windows 10 Version 1607 (Anniversary Update)

  1. Start Device Manager. To do this, press and hold (or right-click) the lower-left corner of the desktop, and then select Device Manager.
  2. Locate and right-click the device that has the problem driver installed, and then select Properties.
  3. Select the Driver tab, and then select Roll Back Driver.

For Windows 10 Version 1511 (November update)

Important If you don’t have Version 1607 installed, we recommend that you update now. You can use Windows Update to get Version 1607 or go to https://www.microsoft.com/en-us/software-download/windows10, and then select Update Now.

  1. Start Device Manager. To do this, press and hold (or right-click) the lower-left corner of the desktop, and then select Device Manager.
  2. Locate and right-click the device that has the problem driver installed, and then select Properties.
  3. In the Confirm Device Uninstall dialog box, select the Delete the driver software for this device checkbox, if it’s available.

To temporarily prevent the driver from being reinstalled until a new driver fix is available, a troubleshooter is available that provides a user interface to hide and show Windows updates and drivers for Windows 10.

The following troubleshooter is available for download from the Microsoft Download Center (note, file will begin downloading once you click):

Download icon Download the “Show or hide updates” troubleshooter package now.

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

When you click the download link, you’re prompted to open or save wushowhide.diagcab.

open or save wushowhide.diagcab prompt

To run the troubleshooter, open wushowhide.diagcab, select Next, and then follow the instructions in the troubleshooter to hide the problematic driver or update.