Windows 10 – Dave Wenger

With W10 1803, it’s now possible to reset your password with a Hybrid Azure AD Joined (Domain Joined, Synchronized to Azure AD) device directly from Logon Screen.

ssr

The following actions needs to be done to fullfill this:

Configure your Azure AD Connect Service to synchronice device records
- Login to the Azure AD Connect Box
- Run “Initialize-ADSyncDomainJoinedComputerSync –AdConnectorAccount [connector account name] -AzureADCredentials $aadAdminCred;” (https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup)
- Enable the Device Registration GPO on your Testclient or run it manually (Task Sheduler –> Workplace Join –> Automatic-Device-Registration)
- Relogin with a Azure identity (synchronised) and check the device Registration status:

dsregcmd

Set the following registry key to enable the “reset password” button on your logon screen: “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AzureADAccount\AllowPasswordReset” dword:00000001

Thats it, now your users are able to reset their passwords through the well known Azure AD SSPR feature:

With setupdiag.exe, Microsoft is providing us an easy way to troubleshoot faild inplace upgrades. This is handy if you don’t like to crawl through massive logs in different places.

Here is a first impression:

First, download it here: https://docs.microsoft.com/en-us/windows/deployment/upgrade/setupdiag

Then run it on your failed client with /online, or copy down all the logs and refere within the /offline switch. In my case, I’m troubleshooting directly on a failed client:

Now it’s collection every relevant entry in all the different locations and displays the interessting lines:

this is it, in my case it was the EFI Disk which was in a bad shape (led there by searching the 0x80070002 error). If you need the results collected, it stored in the path specified in the /Output parameter, the log itselfs looks like this:

Tag: Windows 10

Self Service PW Reset from LogonScreen

New Tool: SetupDiag.exe