Oct 13

Shrink a Raspberry Pi or RetroPie .img On Windows with PiShrink

PiShrink is a bash script that automatically shrink a pi image that will then resize to the max size of the SD card on boot. However, thanks to Windows Subsystem for Linux (WSL), you can now run it on Windows!


  • Install Linux on Windows with WSL
  • Rasberry Pi / RetroPie backup .img
    • An .img backup of a MicroSD includes all of the unused space and will be the size of the Micro SD Card (ie: a 16GB MicroSD Card will create about a 16GB .img backup). The simplest method for Windows is to use Win32 Disk Manager. Windows cannot read an EXT4, so it should show the Micro SD card as a Boot Drive (with a disk size of about 250MB) and another drive (with no disk size). Make sure you backup the second drive without a size listed in WIn32 Disk Manager, and this will backup the entire Micro SD card.
    • Note: Micro SD cards can vary slightly in size by manufacturer as well as between different models of Micro SD cards. Therefore, there’s no guarantee creating an .img backup of a Micro SD Card will be able to write back to the same size Micro SD card unless it’s the exact same manufacturer/model.
  • PiShrink.sh script
    • PiShrink will shrink an .img backup of Raspberry Pi / Retropie by removing the “unused” space. For example, if you create a backup image a 16GB Micro SD with 7GB of data on it, the original .img will be about 16GB but after running PiShrink, it will be about 7GB. Upon the first boot, the image will resize the max size of the SD card, so if you restore the 7GB image to a 32GB card, it will expand to have a max of 32GB.

Shrink Raspberry Pi / RetroPie .img on Windows with WSL

  1. Move your Raspberry Pi / RetroPie .img to C:\RPI\
    1. Ex: C:\RPI\RetroPie48.img
  2. Download PiShrink.sh and move it to C:\RPI\
  3. Open your WLS Linux Distro (ie: Ubuntu) and run the below commands:
    1. The time to complete will vary based on the size of the image and how much it can shrink. It took about 20min for me to shrink a 120GB image to 22GB.
cd /mnt/c/rpi
sudo ./pishrink.sh retropie48.img
Oct 13

Install Linux on Windows with WSL

Install a Linux distribution using the Windows Subsystem for Linux (WSL), which enables you to use Linux tools on you Windows File System.

Install WSL | Microsoft Learn


  • Windows 10 version 2004 or higher (Build 19041 or higher)
  • Windows 11

Install WSL Command

From an elevated PowerShell or Command Prompt run the below command and you will need to reboot once complete. The command only works if WSL is not installed (See next section to determine WSL version & installed Linux distros), and by default will install Ubuntu (This can be change by specify -d <distributionname> in the command below).

wsl --install

After you reboot, the Ubuntu install will finish up and prompt you to create a username and password (Does not need to match your Windows username).

List and Install Linux Distributions

See a list of available Linux Distributions available for download through the Microsoft Online Store, run the below from an elevated PowerShell or Windows Command Prompt:

wsl --list --online

See a list of Linux Distributions installed

wsl --list -verbose

Install Linux Distribution

wsl --install -d <Distro>
wsl --install -d Debian

Ways to Run Multiple Linux Distributions with WSL

  1. Install Windows Terminal (Recommended). Open as many tabs or Window panes to quickly switch between multiple Linux Distros or other command lines (PowerShell, Command Prompt, Azure CLI, etc). This can be installed by search Windows Terminal in the Microsoft Store.
  2. Click Windows Start menu and start typing the name of the distro such as Ubuntu
  3. From PowerShell or Windows Command Prompt, you can enter the name of your installed distro such as ubuntu
  4. From PowerShell or Windows Command Prompt, open your default Linux distro by entering wsl.exe
  5. From PowerShell or Windows Command Prompt, you can use the default Linux distro

Access Linux File System from Windows

In the Windows Explorer address bar enter \\wsl$ and you will be able to access a hidden file share for your Linux Distros.

Access Windows File System from Linux

In your Linux Distro, it automatically mounts all of your Windows drives (ex: C:). You can list them by running

ls /mnt
Apr 07

L2TP Behind Double NAT

If you’ve ever received an error connecting to a L2TP endpoint from a Windows client, where the L2TP endpoint or Windows client is behind a NAT-T device (Or Double NAT), it is most likely due to the Windows client not supporting Internet Protocol security (IPsec) network address translation (NAT) Traversal (NAT-T) security associations to servers that are located behind a NAT device. In my specific case, I setup an L2TP connection on an Ubiquiti Edge Router ER-4 that was behind a double NAT on the WAN. On the Windows client, you would most likely receive an error similar to:

The network connection between your computer and the VPN server could net be established because the remote server is not responding. This could be because one of the network devices (e.g., firewalls, NAT, routers, etc.) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which devices may be causing the problem.


  • https://community.ui.com/questions/EdgeMax-L2TP-with-Double-NAT/e4d45aa3-bb25-4402-97ba-b3b86877499c
  • https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-l2tp-ipsec-server-behind-nat-t-device
  • https://help.ui.com/hc/en-us/articles/204950294-EdgeRouter-L2TP-IPsec-VPN-Server

By default, Windows Vista and Windows Server 2008 don’t support Internet Protocol security (IPsec) network address translation (NAT) Traversal (NAT-T) security associations to servers that are located behind a NAT device. If the virtual private network (VPN) server is behind a NAT device, a Windows Vista or Windows Server 2008-based VPN client computer can’t make a Layer 2 Tunneling Protocol (L2TP)/IPsec connection to the VPN server. This scenario includes VPN servers that are running Windows Server 2008 and Windows Server 2003.


Because of the way in which NAT devices translate network traffic, you may experience unexpected results in the following scenario:

  • You put a server behind a NAT device.
  • You use an IPsec NAT-T environment.

If you must use IPsec for communication, use public IP addresses for all servers that you can connect to from the Internet. If you must put a server behind a NAT device, and then use an IPsec NAT-T environment, you can enable communication by changing a registry value on the VPN client computer and the VPN server.


To create and configure the AssumeUDPEncapsulationContextOnSendRule registry value, follow these steps:

  1. Log on to the Windows Vista client computer as a user who is a member of the Administrators group.
  2. Select Start > All Programs > Accessories > Run, type regedit, and then select OK. If the User Account Control dialog box is displayed on the screen and prompts you to elevate your administrator token, select Continue.
  3. Locate and then select the following registry
    1. subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
  4. On the Edit menu, point to New, and then select DWORD (32-bit) Value.
  5. Type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.
  6. Right-click AssumeUDPEncapsulationContextOnSendRule, and then select Modify.
  7. In the Value Data box, type one of the following values:
    • 0It’s the default value. When it’s set to 0, Windows can’t establish security associations with servers located behind NAT devices.
    • 1When it’s set to 1, Windows can establish security associations with servers that are located behind NAT devices.
    • 2When it’s set to 2, Windows can establish security associations when both the server and VPN client computer (Windows Vista or Windows Server 2008-based) are behind NAT devices.
  8. Select OK, and then exit Registry Editor.
  9. Restart the computer.
Aug 31

Remove RDS CALs from RDS Server


There are many circumstances where you will need to remove a RDS CALs from an RDS Server, or in some cases you want to rebuild the entire RD licensing database.  Microsoft allows you to remove an individual CAL license pack using powershell, or rebuild the entire database.  However, if neither of those work, it’s quite easy to manually rebuild the RD licensing database.  I’ve included directions for all 3 methods below, and have tested this on Windows Server 2008, 2008R2, 2012, 2012R2, and 2016.

Remove An Individual RDS CAL License Pack Using Powershell (User or Device CAL)

  • Open powershell elevated as an administrator
  • Type the following command to list the RDS Licenses and note the KeyPackID
    • Alternatively, open RD Licensing Manager and note the Keypack ID
Get-WmiObject Win32_TSLicenseKeyPack
  • Run the below command to remove the licenses pack from your RD Server
    • Replace KEYPACKID with the number you obtained above
wmic /namespace:\\root\CIMV2 PATH Win32_TSLicenseKeyPack CALL UninstallLicenseKeyPackWithId KEYPACKID


Rebuild the RD Licensing Database

Microsoft provides directions on how to do this automatically, via a web browser, or via the phone:



Manually Rebuild the Licensing Database (Guaranteed to Work if the Previous 2 methods Fail)

  • Make sure you have documentation of your MS License agreement that includes Authorization number, License number, License type (User/Device CAL), and Quantity before proceeding
  • Stop the Remote Desktop Licensing service

Stop Remote Desktop Licensing Service

  • Rename C:\Windows\System32\lserver\TLSLic.edb to C:\Windows\System32\lserver\TLSLic.old
  • Start the Remote Desktop Licensing service
  • All licenses will now be cleared out of RD Licensing Manager, and you’ll need to re-install the licenses you want to add back in
Oct 28

Missing Power and Search Button On Start Screen

Missing Power and Search Button On Start Screen on Server 2012 R2 and Windows 8.1

Recently, after installing a Windows 2012 R2 Server VM, I noticed the Start screen was missing the Power and Search buttons.  All of my older Server 2012 R2 Server VM’s had the Power and Search button on the start screen, I used the same ISO to install, and Windows was 100% up to date.  After researching, this issue can affect Windows Server 2012 R2 as well as Windows 8.1.  Here is a screenshot of my Start screen missing both the Power and Search buttons:

Power and Search Button Missing On Start Screen

The Solution

The short answer is KB2919355 needs installed.  HOWEVER, you need to make sure you install the following updates in this order:

  1. Prerequisite: KB2919442
  2. Install KB2919355 that has multiple downloads in it, which can be directly downloaded from the Microsoft Download Center
    1. Windows 8.1 x86
    2. Windows 8.1 x64
    3. Server 2012 R2 x64
    4. NOTE: Once downloaded, these updates need installed in the following order
      1. clearcompressionflag.exe
      2. KB2919355 (Reboot after installation, if fixed you can skip the rest)
      3. KB2932046
      4. KB2959977
      5. KB2937592
      6. KB2938439
      7. KB2934018

Once KB2919355 is installed and you reboot, you should now see the Power and Search buttons on the start screen as displayed below:

Power and Search Button On Start Screen

Final Notes

Once KB2919355 is installed, run Windows Updates and you’ll probably need to install a few hundred updates again



Sep 22

Move Off-Screen Window in Windows

Have you ever had a window that ended up off of your screen and were unable to move it back into view?  I’ve personally had this occur after disconnecting a monitor from my laptop which I had my desktop extended on.  However, there’s a simple trick to move the Window back into view of your desktop.

Make the Off-Screen Window Active

  • Hold the Alt key down and then press Tab key until you’ve selected the Window that is off-screen


Select Move for the Active Window

  • Hold the Alt key down, press the Space-bar key, then press the M key

Move Your Window Back Into View

  • You can now move the window in the desired direction with the arrow keys
Feb 18

Mail Merge with Attachment

There is not native way to add an attachment when doing an mail merge in Microsoft Office (Outlook/Word/Excel).  However, there are 3rd party apps that allow you to add attachments when doing a mail merge, but these programs usually cost $.  If you’re like me and don’t want to spend money on an application you’ll probably use once, then I came up with an alternative free solution with Powershell.  This method works similar to a Microsoft Office mail merge because it will require a data source, email template, and an Outlook profile.

Step 1 – Create Data Source

I will use a users.csv as the data source of users we want to email.  The users.csv file will look as follows:

FirstName LastName Email Username Password
Joseph smith jsmith@domain.com jsmith VideoGame01
Bill Contoso bcontoso@company.com bcontoso LilyFlower18
Jim Rufus jim.rufus@yahoo.com jrufus StuffedAnimal23

Step 2 – Create Outlook Profile to Send Mail Merge From

Now that you have your data source, you’ll need to make sure you have an Outlook profile.  This profile should be setup with the email address you wish to send the mail merge from.

Step 3 – Create Powershell Script

In the below powershell script, you’ll need to modify the following variables:

$DataSourcePath to the data source (users.csv) file created in step 1
$AttachFile – Path to the file to attach to the email
$EmailSubject – Subject of the email

In addition to modifying the above variables, you’ll need to modify $Mail.Body, which is the body of the email.  The below example is referencing data fields in users.csv for the mail merge, which you may want to modify.  These correspond as follows:

$($_.FIRSTNAME) FIRSTNAME field in users.csv

$($_.LASTNAME) LASTNAME field in users.csv

$($_.USERNAME) USERNAME field in users.csv

$($_.PASSWORD) PASSWORD field in users.csv

Special Note:  To add a new line in the body text use a backtick + n ( `n

$DataSource = "C:\mailmerge\users.csv"
$AttachFile = "C:\mailmerge\Setup Email Directions.docx"
$EmailSubject = "How to Setup Email"

Import-CSV $DataSource | Foreach-Object {
	$ol = New-Object -comObject Outlook.Application  
	$Mail = $ol.CreateItem(0)
	$Mail.Subject = $EmailSubject	
	$Mail.Body = "$($_.FIRSTNAME) $($_.LASTNAME),`n`n"
	$Mail.Body += "The attached directions will guide you through setting up your email account.  Your username and password are as follows:`n`n"
	$Mail.Body += "Username: $($_.USERNAME)"
	$Mail.Body += "Password: $($_.PASSWORD)`n`n"
	$Mail.Body += "If you have any issues installing, please contact support"

Extra Special Note:  If you want to have the email body be HTML formatted instead of Plain Text, just modify $Mail.Body to $Mail.HTMLBody and add your HTML tags in the text.  Using the example above:

$DataSource = "C:\mailmerge\users.csv"
$AttachFile = "C:\mailmerge\Setup Email Directions.docx"
$EmailSubject = "How to Setup Email"

Import-CSV $DataSource | Foreach-Object {
	$ol = New-Object -comObject Outlook.Application  
	$Mail = $ol.CreateItem(0)
	$Mail.Subject = $EmailSubject	
	$Mail.HTMLBody = "<html><body>"
        $Mail.HTMLBody += "<h1>$($_.FIRSTNAME) $($_.LASTNAME),</h1>"
	$Mail.HTMLBody += "<p>The attached directions will guide you through setting up your email account.  Your username and password are as follows:</p>"
	$Mail.HTMLBody += "<p>Username: $($_.USERNAME)</p>"
	$Mail.HTMLBody += "<p>Password: $($_.PASSWORD)</p>"
	$Mail.HTMLBody += "<p>If you have any issues installing, please contact support<p></body></html>"


Step 4 – Send the Mail Merge

Open Microsoft Outlook with the profile created in step 2 (It is required for Outlook to be open in order for the powershell script to work!)  Then open Powershell, and run the powershell script in step 3.  You can confirm the emails are sending by looking in the “Sent Items” in Outlook.

Note: – If you’re using User Account Control (UAC), Outlook and Powershell must be running at the same security level.  This simply means, if you open powershell using “Run as administrator” you must open Outlook with “Run as administrator”.  Alternatively, if you open powershell normally (not elevated) you must open Outlook normally (not elevated).

Feb 11

Removing Trend Micro Client/Server Security Agent from Dell Laptops

Trend Micro Client/Server Security Agent 3.5.1163 Removal from Dell Laptops


Some Dell laptops came bundled with “Trend Micro Client/Server Security Agent” which most people will want to uninstall.  I recently had to restore a Dell Latitude E6430 to the Factory Defaults.  When removing the bundled bloatware, uninstalling “Trend Micro Client/Server Security Agent” froze up and I had to kill the process.  Upon rebooting, it was still partially installed.  However, when I tried uninstalling again, Trend Micro was prompting me for a password to uninstall it.  Lots of searching kept leading me to Trend Micro removal tools that just flat out failed.  I started to notice all the removal tools were for WFBS CSA 5.0+, WFBS SA 6.0+, Titanium 2011+, Diagnostic Toolkit, etc….  I looked in Windows Programs and Features and noticed the Trend Micro Client/Server Security Agent Product Version: 3.5.1163 matched nothing I could find on Trend Micro’s website.  After hours of digging, I found a sure fire way to remove this program.  I’ll list some of the “common” solutions below and finish with my guaranteed procedure.

Trend Micro Client/Server Security Agent 3.5.1163

Trend Micro Client/Server Security Agent 3.5.1163


Uninstalling the Worry-Free Business Security (WFBS) Agent using the Uninstall Tool

  • Download the uninstall tool direct from Trend Micro OR direct from sigkillit.com (In case they pull their copy down).
  • Run SA_Uninstall_1384.exe to extract the files
  • Locate Uninstall.bat and run
    • If you have UAC enabled, right-click and select “Run as administrator”


  • Open a command prompt
    • If you have UAC enabled, make sure you run it as an elevated command prompt
  • At the command prompt change to one of the following directories depending if you have a 32-bit or 64-bit Operating System
    • 32-bit: C:\Program Files\Trend Micro\Client Server Security Agent\
    • 64-bit: C:\Program Files (x86)\Trend Micro\Client Server Security Agent\
  • Run the following command
    • ntrmv -980223


If you’re being prompted to supply a password to remove Trend Micro, the following registry edits will disable that prompt.  After the prompt is disabled, you should be able to remove it through Programs and Features without having to supply the password:

  • Open the registry editor
    • Click Start and in the search box enter: regedit
    • Click regedit
  • Open the one of the following registry keys depending if you have a 32-bit or 64-bit Operating System
    • 32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc
    • 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc
  • Locate the DWORD “Allow Uninstall” and change the Value from “0” to “1
    • If it does not exist, you’ll need to create it:
      • Click Edit->New->DWORD (32-bit) Value
      • Name: Allow Uninstall
      • Data: 1
  • Uninstall Trend Micro through Programs and Features and you should no longer get prompted for an uninstall password


This method uses a special uninstall tool that’s not publicly listed on Trend Micro’s website.  The tool is not graceful, will throw prompts you need to dismiss, and you’ll probably need to manually close it out.  With that being said, here’s what you need to do.

  • Download the uninstall tool direct from Trend Micro OR direct from sigkillit.com
  • Unzip the exe and when prompted for the password use
    • Password: trend
  • Run WFBSS_UninstallTool_V1106.exe
    • If you have UAC enabled, right-click and select “Run as administrator”
  • Accept the terms and click Next
  • Click Install
    • Keep clicking Retry if prompted to continue the installation.  This will occur multiple times (5 in my case), but keep going
  • The uninstaller will open several prompts including (Click to ignore any prompts you receive and continue)
    • Multiple command prompts
    • Multiple Trend Miro Uninstallation Tool progress windows
      • Wait for the progress bars to stop moving, which can take several minutes
  • After about 10 minutes, you should see no more progress on any of the windows
    • Close all of the command prompt windows
    • The “TrendMicro Uninstallation Tool – Setup” window should now show “Installation Successful”  TrendMicro Uninstallation Tool-Setup Installation Successful
    • Reboot the computer
    • Check in Programs and Features and the Trend Micro Client/Server Security Agent will be gone!


Apr 22

Run Active Directory Management Tools as Another User

There’s quite a few situations where you may need to run Active Directory Management tools like Active Directory Users and Computers with different credentials. For example:

  • Computer is not joined to the domain
  • Need to connect to another domain/forest
  • Logged in as a standard domain user and need to supply different credentials
  • etc…

Step 1 – Install Remote Server Administration Tools (RSAT)

If you are using a 2008 or 2012 WIndows member server, RSAT is a feature you must enable using the directions below:

RSAT Server 2008 or 2012

If you’re using Windows Vista, WIndows 7, Windows 8, or Windows 10 you must download, install, and enable the RSAT feature.  Here are the links to download RSAT:

RSAT Vista SP1

RSAT Windows 7 SP1

RSAT Windows 8

RSAT Windows 8.1

RSAT Windows 10 (By default all features are enabled)

Once you’ve installed RSAT you need to enable the feature (Except Windows 10).  Open Control Panel, click Programs and Features, and click Turn Windows features on or off.  Then enable the following:

Windows Features Enable RSAT

Step 2 – Make Sure You’re on the Domain Network

Make sure you’re on the same network as the Domain Controller.  This simply means, connect to the LAN they’re on, or connect to a VPN if you’re remote.

Step 3 – Run As Commands for AD Management Tools

The key to running AD Management tools is the Runas command in Windows, which allows you to specify alternate credentials.  However, there are a few gotcha’s with runas such as needing to specify the /netonly command when on a non-domain computer.  Here are the commands you’ll need to run to successfully launch the AD Management tools, and all will work whether or not the computer is joined to a domain:

  • C:\Windows\System32\runas.exe – Default path to runas
  • /netonly – Credentials are specified for remote access, which is required for computers not joined to a domain but still works if the computer is on the domain
  • /user: – specify the username by the samaccountname(DOMAIN\user) or UPN(user@domain.local)
  • “mmc %SystemRoot%\system32\snapin.msc” – Microsoft Management Console with the path to the snapin.
C:\Windows\System32\runas.exe /netonly /user:user@domain.local "mmc %SystemRoot%\system32\adsiedit.msc"
C:\Windows\System32\runas.exe /netonly /user:user@domain.local "mmc %SystemRoot%\system32\domain.msc /server=pdc.domain.local"

Note: I’ve added an extra parameter to specify the PDC Emulator, otherwise you may receive the error “You cannot modify domain or trust information because a Primary Domain Controller (PDC) emulator cannot be contacted.”

C:\Windows\System32\runas.exe /netonly /user:user@domain.local "mmc %SystemRoot%\system32\dssite.msc /domain=domain.local"

Note: I’ve added an extra parameter to specify the domain, otherwise you may receive the error “Naming information cannot be located because: The specified domain either does not exist or could not be contacted.”

C:\Windows\System32\runas.exe /netonly /user:user@domain.local "mmc %SystemRoot%\system32\dsa.msc /domain=domain.local"

Note: I’ve added an extra parameter to specify the domain, otherwise you may receive the error “Naming information cannot be located because: The specified domain either does not exist or could not be contacted.”

Step 4 – Applying Run As Commands

Option 1: Run from an Elevated Command prompt

Right-click the command prompt (cmd.exe), select Run as Administrator, and enter one of the runas commands in the previous section.


option 2: create shortcut and run as administrator

Right-click in the Windows file explorer, select New, click shortcut, for the location enter one of the runas commands from the previous section, click Next, name the shortcut appropriately, and click Finish.  Whenever you launch the shortcut, right-click it and select Run as Administrator.

Shortcut Runas RSAT

option 3: modify RSAT shortcuts

Under Administrative Tools on the start menu, right-click each RSAT shortcut, click Properties, and modify the target using the appropriate runas command from the previous section.  Whenever you launch the shortcut, right-click it and select Run as Administrator.

Modify RSAT Target
Apr 04

Delivery Report in Outlook or Outlook Web App


When using Outlook or Outlook Web App (OWA) in an Office 365 or Exchange environment, you can track the message from the client side.  Both Outlook and OWA allow you to view a delivery report in order to confirm a message was delivered when the recipient claims they have not received it or if it’s taking a long time to deliver.  Delivery reports work for both internal and external recipients.

View a Delivery Report in Outlook

  1. In Outlook, go to your Sent Items folder
  2. Locate the message you want to track and open it
  3. Click File, click Info, and click Open Delivery Report

Outlook Message Delivery Report

View a Delivery Report in Outlook Web App (OWA)

If you are using any other email client than Outlook (mobile device, OWA, etc), you can use OWA to view a delivery report.

  1. Login to OWA at https://portal.microsoftonline.com
  2. Click the Gear Icon, then click Options
  3. Click Organize Email then click Delivery Reports
  4. Enter your search criteria, click Search
  5. Select the email you want to track and click the Pencil Icon to view the delivery report

OWA Delivery Report

Review Delivery Report

Internal delivery reports will show Delivered upon success delivering.  Also note, Office 365 Exchange only keeps message tracking data for 14 days.

Delivery Report Internal

External delivery reports will only show Transferred which means it successfully sent out from your mail server.  However, this does not guarantee the recipient received the email because there can be issues on the recipients email server.

Delivery Report External