Recovery is trying to change system settings. No Administrator Found

I was trying to enable an Extension on a MAC, but the MAC asked to boot to Recovery, go to System Security settings and enable it from there.

The MAC was part of Jamf.  I logged in to it using a username First.Last, then I needed to login to Azure/Office 365, and password, and when I went to System Setting/Preferences to enable an extension for Egnyte, I got a message that I would need to shut down the computer, which I did, then pressed and held power button, until I got to the recovery screen, and from there I selected Options, provided encryption recovery key for HD (can’t recall the order here), then when I went  the top menu and chose the system security, and attempted to reduce security and enable Kernel extensions… I got a message saying that “Recovery is trying to change system settings. No Administrator Found

Then another message, Biometric accessory is not connected.

The way I circumvented the issue was by shutting it down, turn it on until it got to the login screen, logged in with the user, then when I got to the Office 365 sign on screen, there was an option to Login Locally (we had a local admin user created on the MAC), I logged in with that local user, and shut down the MAC from there, pressed and held the power button like above, and I went through the above process and I was able make that change to recovery screen.

So the key here is to have been logged in as the local admin user not the Azure user when you shut the mac down, and that seemed to fix the issue.

How to search Outlook phrases using AND / OR

How to search Outlook email for phrases using AND / OR

First make sure you can use quotations in Outlook search, so you might need to make a registry change

If the leading keys don’t exist, please create them

Example of searching Outlook for emails received between 01/01/2019 to 01/01/2023 with phrases, words or email address like


New Agreement





How where you can type in Outlook search

received:2019/01/01..2023/01/01 (“” OR “New agreement” OR “26/23.6”  AND “Design”)

Manage AD from a PC that is not Member of the Domain

If you are remote and want to manage Active Directory from a computer that is not part of the AD domain.

VPN into the office
For Windows 10/11, add “RSAT: Active Directory Domain Services and Lightweight Directory Services Tool” to Windows. This is an Optional Feature in Windows so if you go to Optional Features you should be able to find it and add it.

Go to command line and change directory to C:\windows\system32

Run the following command

runas /netonly /user:User@Domain.Whatever “mmc dsa.msc /domain=Domain.Whatever”

Where user@Domain.Whatever is a domain user with domain admin privileges so if the user is John and the domain is domain.local, that would be John@Domain.local
Domain.Whatever would be Domain.local in the example above.

How to encrypt drive – Bitlocker – Command Prompt/line


How to encrypt drive of Windows 10 / 11 with Bitlocker and print encryption key to copy and save for future recovery.  Don’t save on the same C drive.

Run command line as admin

manage-bde -protectors -add C: -rp


How to Schedule Tasks from Command Line Windows 10/11

How to schedule a daily reboot or shutdown and at a certain time using command line / command prompt.  Applies to Windows 10/11

Below is an example of scheduling a shut down of a computer, daily at 6PM.

schtasks /create /sc daily /tn ShutdownAt6PM /tr “shutdown -s -f -t 2” /st 18:00 /NP

schtasks, command to schedule tasks.  the AT command that used to be with earlier versions of Windows has been deprecated

/create, To create a new task

/sc, to schedule frequency.  like once or daily.

/tn, name of the task.  this is a description

/tr, this is the command to schedule like “Shutdown -s -f -t 2”. -s to shutdown, -f to force shutdown, -t 2 to delay by 2 seconds.  The -s can be replaced by -r to reboot instead of shutdown.

/st, this is the time to execute the command.

/NP to run the schedule account on the Windows computers regardless whether the user is logged in or not.

How to Extract Private Key and SSL Certificate from a Certificate.pfx file


If you have an SSL certificate in pfx format (also called PKCS#12 format) and that usually includes the SSL certificate for your host or domain along with the private key (usually the key is secured with a password), and if you want to extract the certificate file and the private key, here what you can do

Assuming the name of the certificate is MyCertificate.pfx

1- download/Install/extract OpenSSL command line utility into a temp folder.

2- Copy the the MyCertificate.pfx certificate file into that folder.

3- To export the ssl certificate into pem format

openssl  pkcs12  -in  MyCertificate.pfx  -nokeys  -out  MyCertificate.pem

4- To export private key:
openssl  pkcs12  -in MyCertificate.pfx  -nocerts  -out  MyPrivateKey.pem  -nodes

5- To remove the passphrase/password from the private key:
openssl rsa  -in  MyPrivateKey.pem  -out   NewPrivateKey.key

Now you have you have the certificate MyCerificate.pem & the private key NewPrivateKey.key (the names here could be anything – you can name them or rename them to anything descriptive or to whatever your webserver/web application documentation requires).


My notes on Halo (unrelated to the above)

Open the “cert” on the servers desktop, backup the current certificate and private key and move them out.  Copy the new cert and private key and match the names to backup files..

Restart Halo services.


Microsoft Office 365 List of outgoing SMTP IP/Network addresses

The following are the outgoing IP addresses and networks of Microsft Office 365 SMTP/Email in case you need to know to white-list in your antispam or firewalls:

How to Map Network Drive to a SharePoint Folder

Mapping SharePoint Site/Folder to a network drive is only available with Windows Explorer.  This won’t work with Edge or any other browser.

If your SharePoint URL


And the name of the site MySite (could be blank as it’s the root of SharePoint), and the folder on the root to map called Compliance.

1- Go to Control Panel, Internet Options and add that site to Trusted Site list.

2- Open Internet Explorer, login to the share point site and save password on log in. Documents/Compliance

3- Map the network drive to the Compliance SharePoint folder using the following format

In Explorer choose to Map a network drive, choose a drive and point it to\DavWWWRoot\sites\MySite\Shared Documents\Compliance


Office 365 Mailbox Migration Status Stuck Syncing

Office 365 Mailbox Migration Status Stuck Syncing

We had a mailbox that wouldn’t complete migrating from a hybrid setup with on-premise Microsoft Exchange 2013 Server to Office 365. We’ve cancelled the migration several time and restarted it but it always got hung up at the end without completing, with status Syncing or InProgress… left it even for days and wouldn’t complete

We’ve found out that some corruption in the calendar ACLs that was causing the issue… Office 365 portal wouldn’t show any message about corruption or skipped items….

We connected to Office 365 through PowerShell and issued the following commands which would approved skipped items (that we never prompted to approve in the migration using the browser which was odd, then the 2nd command would complete it)

Set-MigrationBatch  -Identity  TypeNameOfTheBatchHere  -ApproveSkippedItems
Complete-MigrationBatch  -Identity  TypeNameOfTheBatchHere

Outlook “Need Password” With No Prompt – Office 365 Multifactor Authentication

After migrating mailboxes from on-premise Exchange 2013 to Office 365, some Microsoft Outlook 2016/2019/Office 365 clients kept on getting a message on the bottom right-hand corner of Outlook saying “Need Password” without being prompted to enter it, they would click on the message and it would disappear, and Outlook would resume receiving emails but after a little time that message would come up again.. this behavior continues persistently through the day…

Modern Authentication is enabled and might have contributed to the issue.

1- The following registry keys fixed the issue (Close Outlook and other MS programs before making changes).  Reboot computer after making changes.  Add as DWORD and set to 1.  You can save it to a reg file and double-click to add the keys automatically:

Windows Registry Editor Version 5.00



2- Now browse to the following registry location:


Find out if the following DWORD exists


and if it does delete it.

3- Reboot your the computer after that.