Accessing a Windows Share from the Native Windows Command Prompt

I needed to run a application installer from a share located on a server. I knew I could use “net use” to map the drive but I remembered that there was an easier way but couldn’t recall the command. After some searching I found it:

pushd \\<server>\<share>

Then after you are done accessing the share:

popd

Per the docs, pushd will start at the drive letter “Z” and work its way back until the next unused drive letter is found and use that letter for the mapping.

As a “net use” refresher to map a drive:

net use z: \\<server>\<share>

Of course there are other switches available so to get help:

net use /?

And since “net use” is part of the “net” command:

net /?

Windows Server Broken Update Fix

Updates can break on Windows Server for a number of reasons, so this is not an all encompassing fix. But over the years I have seen this occasionally. What happens is that the server does not update and when you attempt a manual update via the Windows Updates setting screen, the updates never download: the downloads are typically stuck at 0% complete. This is apparently due to a corruption of the files within the “C:\Windows\SoftwareDistribution” folder. Because the update process is hung, the update service also appears to be hung up so the process to repair the problem is slightly more involved that one would expect.

First, open the services control applet:

-Click the "Start" Button
-Type "services.msc"
-Set Windows Update to "disabled"
-Reboot the server

Once the server has re-started, verify that the Windows Update service is not running:

-Click the "Start" Button
-Type "services.msc"

Rename the SoftwareDistribution folder:

Rename C:\Windows\SoftwareDistribution to SoftwareDistribution.old

Reset the update service:

-Click the "Start" Button
-Type "services.msc"
-Set windows update to "manual"
-Start the service

Now manually run the updates and make sure they are downloaded and installed. Then perform the required server reboot.

Microsoft PKI – Decommission CA Server

Abbreviated mostly  from: https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/decommission-enterprise-certification-authority-and-remove-objects

Several notes:

These instructions assume that all issued certificates are expired.

If the issued certificates still exist and are active within the expire time or are revoked, you will need to go through a set of steps to revoke the remaining issued certificates and update/transfer the revocation list to the current PKI systems. Generally you can just remove the certificate templates from the old server and let the certificates expire or be re-issued by the newer issuing servers. It all depends on how quickly the old PKI server needs to be removed from inventory.

Steps are different on a single-tier PKI set up, so don't do this unless you are sure!

Get and pair the server name and CA name. This will show all info about all CA servers, so choose the server name wisely. From PowerShell or CMD terminal as admin:

certutil

Shutdown certificate services on the server being decommissioned:

certutil -shutdown

Delete CA private key using the name gathered from above (I have had issues with this step and probably is not important if you securely erase the drive immediately after server decommissioning):

certutil -delkey <"ca name">

Uninstall Certificate Services:

"Server Manager", "Manage", "Remove Roles and Features"
Click through wizard and de-select "Active Directory Certificate Services"

Restart the server.

ONLY do the following if issued objects like CRL and AIA no longer matter! DO NOT remove the Certificate Templates if you are replacing this PKI server!

Remove CA Objects from AD:

"Server Manager", "Tools", "Active Directory Sites and Services"

Select appropriate icon in left window pane, "View", "Show Services Node"

"Services", "Public Key Services"

Under the "AIA", "CDP", "Certification Authorities", and "Enrollment Services":

Delete the CA object
NOTE: should already be missing under "Enrollment Services" because it is removed during the removal of certificate services.

There are more advanced cleanup procedures in the link at the top if you feel that these deletion steps did not work properly.

There is also a method to recover the certificate templates if they are deleted.