Wednesday, January 28, 2015

How to allow a specific AD user to add computers to the domain

You can create a group and add specific users to allow to add computers in a domain.This way you can always modify the group members to update delegation without changing the ACL.

NOTE: Administrator Can join computers to the domain without any issue.


  • Start the Delegate Control wizard on the OU/CN you want to modify.
  • Select the group/user. Choose "Create a custom task to delegate".
  • Select "Only the following objects in the folder".
  • Tick: "Computer objects" and "Create selected objects in this folder".
  • On the next page, tick "Create all child objects".
You may face "Access is denied" error while joining a computer to domain. to resolve the issue follow these steps. 

  1. Click Start, click Run, type dsa.msc, and then click OK.
  2. In the task pane, expand the domain node.
  3. Locate and right-click the OU that you want to modify, and then click Delegate Control.
  4. In the Delegation of Control Wizard, click Next.
  5. Click Add to add a specific user or a specific group to the Selected users and groups list, and then click Next.
  6. In the Tasks to Delegate page, click Create a custom task to delegate, and then click Next.
  7. Click Only the following objects in the folder, and then from the list, click to select the Computer objects check box. Then, select the check boxes below the list, Create selected objects in this folder and Delete selected objects in this folder.
  8. Click Next.
  9. In the Permissions list, click to select the following check boxes:
    • Reset Password
    • Read and write Account Restrictions
    • Validated write to DNS host name
    • Validated write to service principal name
  10. Click Next, and then click Finish.
  11. Close the "Active Directory Users and Computers" MMC snap-in.
Cheers, 

Thursday, December 11, 2014

How to Uninstall Trend Micro Office Scan without the password

To uninstall Trend Micro Office Scan from a client computer without password you can use following 2 methods:


Method 1:
·         Search for the file called ofscan.ini. It is usually located in the 
C:\Program Files\Trend Micro Folder
·         Open the file using the notepad or any text reader and search for Uninstall_Pwd= 
·         The line should look something like this:
Uninstall_Pwd=!CRYPT!523F81805821877E0B01581347A29A8A78323082895

78B8F175DF692BF
·         Remove everything on the line that is behind Uninstall_Pwd=
·         After Uninstall_Pwd= write 70 it should look like this Uninstall_Pwd=70.
·         Save the file.
·         Go to Add Remove Program and uninstall Trend Micro OffieSan.
·         When prompted for the password enter 1 as the password

Method 2:

  • Disconnect the computer from the network.
  • Open regedit.
  • Go to HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
  • Change the dword “Allow Uninstall” from 0 to 1
  • Use Add remove programs to uninstall Trend Micro.
  • Restart your computer.