Server 2016 unable to change Product key MAK in GUI (BUG)

We have a Server 2016 fully patched until 05/2019. We run a KMS-Server which does not have a SRV KMS 2016 channel activated.

PROBLEM: Strangely we can't change to Product key with the GUI. There is simply no reaction when you click "Change product key" button.

We have seen things like this under Control Panel (Unable to scroll) in W10 1903 where Dameware did not work and only possible with RDP.




Use the Activation Wizards to do it. In a cmd type.

slui 3


The wizard appears

Enter the MAK key (NOT any KMS please ;-)

You can also change the key with Commandline direct:

slmgr.vbs /ato


Fortigate Forticlient Silent Installlevel 1 does not work on 6.X Version how to solve


Problem: Forticlient Silent Option to select different Module to install does not work as before with Forticlient 6.X up to 6.0.5 (FortiClientSetup_6.0.5.0209_x64)

Problem: You see an empty Forticlient Window when you open it




Bis jetzt gab es fuer den Forticlient:

  • Forti Configurator (Ein Tool bei welchem man die Optionen wählen konnte und dann gleichzeitig ein CONFIG file mitgeben und es machte am Schluss ein MSI)
  • Ein Windows Installer OPTION INSTALLLEVEL (Mit dieser konnte man bis Forticlient 5.9.X sagen was man will (SSLVPN/VPN/Antivirus usw.)


Den Configurator gibt es nur noch auf dem Developer Network von Fortinet. Damit man dort an das File kommt MUSS man zwei Fortinet Mitarbeiter als Referenz angeben.

To get the Configurator where you can you have to open a developer account with Fortinet. And to do that you have to get approval of TWO Fortinet employees (Fortinet E-mail Addresses). That's simply because they don't want customer to modify the default install and use the ONLINE Installer so everybody tries their Antivirus and Patch Module. Before you could download the Forticlient Configurator for free und the Support Forticlient download section.

There are also other nice things there like the VPN Automation scripts and SSLVPN Commandline tools. I am sure a lot of Fortinet Customer would like to use those and don't even know they exists and swap to VPN technology from Microsoft



This thread Shows what happens when you use Installlevel=1 (As worked before with Forticlient 5.X)




Nice ;-.)



Use INSTALLLEVEL 3 instead of 1


msiexec.exe /i FortiClientSetup_6.0.5.0209_x64\forticlient.msi /quiet INSTALLLEVEL=3

The MSI package:

VPN, SSLVPN, SSO is fine for most enterprise users.

We don't see the NAC Option in the GUI even if we choose it with option 3 > We don't want that so Installlevel 1 would be the choice but that DOES not work as mentioned.



Here is the reason Fortigate makes this so complex. They want to sell EMS which can be used to Deploy Forticlient.



MCAFEE Removal Tools Enduser Line and Corporate Endpoint (GUI or EPO)

Sometimes we have client machines where we can't rollout ENS or VSE even when all is fine. Because some people left over OEM supplied version of Mcafee Enduser products (User tried to Deinstall or update without Local Admin) or because a migration has gone bad because a user closed the laptop LID or lost power during migration. Or user forced off Desktop client. We very rare have such cases since 10 years and the EPO is great solution how it handles MSI Packages and Migration on Clients, Server and Terminal Server. If regular Deployment Solution would work like this?

So here are the two solutions for removing:

  1. Mcafee ENDUSER Products
  2. Mcafee ENS Corporate Version



MCPR (Removes all Enduser products or OEM Supplied version like on HP or DELL)



Sample leftover Enduser products:



MCAFEE Endpoint Product Removal Tool (ENS Corporate)

You can only download that tool if you have a VALID NAI Mcafee Support running

Here is HOW to find in under downloads. Yes you need a manual to download a file ;-(

Choose Enterprise

There is standalone version for Remote Support or a Version which you PUSH out to Problems clients with the EPO with Task Sequence. You can set OPTION in the Deployment JOB if you let it run with EPO.

Some sample Commandline we use with the EPO Push Version to remove stalled single endpoint ENS 10.X > 10.X Migrations

--accepteula --ENS --=600

--accepteula --ENS --noreboot

Server 2016, MDT 2013, W10 1809 6.3.8456.1000 SQL Compact Database

If you don't connect MDT on Server 2016 to an SQL Database it will use SQL Server Compact to store information

You see in MONITOR. You ONLY access the Info from the Compact Edition with SQL Management Studio 2008R2

And NOT the newer Version I have read somewhere. With the SQL Management Studio 2008R2 we

Can open the SDF database from C:\Program Files\Microsoft Deployment Toolkit\Monitor\MDT_Monitor.sdf


You can also access through API Web:





It's written that they keep the information in there for 3 days. So this is only a temporary solution until the client runs.


C:\Program Files\Microsoft Deployment Toolkit\Monitor\MDT_Monitor.sdf


To see or view data itself you could use:



GPO, Group Policy, Extra Registry Settings, Display names for some settings cannot be found


GPO error you see in Group Policy Console after you migrated/imported GPO from another domain or location:

Extra Registry Settings:

Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.


  1. This is a leftover of some old GPO you migrated over years and want to get rid OFF (Our solution with Powershell)


  1. (Not so good) you are missing certain ADM* files in your Central Policy Store but have the GPO already there (Copied from somewhere). Check this link to understand what we talk about: So this is what the original error says (Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.)



How to solve this for problem 1 above:

Let's assume all is fine and the GPO with the Central Policy Store and you migrated or imported GPO has some old things you would like to get of rid of and maybe someone merged them into newer GPO over the years XP > W7 > W8 > W10 15** > W10 17** > W19 18** etc. (Just some things that dropped out in a new version of W10 as example)

Simple an option that maybe dropped out (Does not exist) in W10 1809 but did before. And you want to use the same GPO as you did in 1709 for another customer.


Error in GPO-console:

Backup the GPO to DISK and shortly verify gpreport.xml and search for the string just to make sure it's in that POLICY you think it is and that all is fine before you correct it.

Here you see the error again in the GPO console:

Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.




Software\Policies\Microsoft\Windows Mail\ManualLaunchAllowed




























Here is how to exact remove that settings from the existing GPO settings running on your Admin W10 with GPO-Console (RSAT) with Powershell.

Let's start with a sample we want to get rid of:

Software\Policies\Microsoft\Windows Mail\ManualLaunchAllowed

Step 1

Check if the error is under USER or COMPUTER (SYSTEM) part of GPO.



Add to the Registry String depending where it is:

Sample: Software\Policies\Microsoft\Windows Mail\ManualLaunchAllowed

After: HKCU\ Software\Policies\Microsoft\Windows Mail\ManualLaunchAllowed (If it's a USER Policy)

After: HKLM\ Software\Policies\Microsoft\Windows Mail\ManualLaunchAllowed (If it's a COMPUTER Policy)

Step 2

Cut of the last value name and separate

HKLM\ Software\Policies\Microsoft\Windows Mail\ManualLaunchAllowed

"HKLM\ Software\Policies\Microsoft\Windows Mail"        ManualLaunchAllowed


Sample Powershell would be:

Remove-GPRegistryValue -Name "W10_C_Computer"

-key "HKLM\Software\Policies\Microsoft\Windows Mail"

-ValueName ManualLaunchAllowed


After we have all the info and correct string let's do this sharp:


Powershell Import-Module -Name grouppolicy to load API for GPO

Import-Module -Name grouppolicy

Remove-GPRegistryValue -Name "W10_C_Computer" -key "HKLM\Software\Policies\Microsoft\Windows Mail" -ValueName ManualLaunchAllowed

Remove-GPRegistryValue -Name "W10_C_Computer" -key "HKLM\Software\Policies\Microsoft\Windows\Backup\Client" -ValueName DisableBackupLauncher

Remove-GPRegistryValue -Name "W10_C_Computer" -key "HKLM\Software\Policies\Microsoft\Windows\Backup\Client" -ValueName DisableBackupToDisk

Remove-GPRegistryValue -Name "W10_C_Computer" -key "HKLM\Software\Policies\Microsoft\Windows\Backup\Client" -ValueName DisableBackupToNetwork

Remove-GPRegistryValue -Name "W10_C_Computer" -key "HKLM\Software\Policies\Microsoft\Windows\Backup\Client" -ValueName DisableBackupToOptical

Remove-GPRegistryValue -Name "W10_C_Computer" -key "HKLM\Software\Policies\Microsoft\Windows\Backup\Client" -ValueName DisableBackupUI

Remove-GPRegistryValue -Name "W10_C_Computer" -key "HKLM\Software\Policies\Microsoft\Windows\Backup\Client" -ValueName DisableRestoreUI

Remove-GPRegistryValue -Name "W10_C_Computer" -key "HKLM\Software\Policies\Microsoft\Windows\Backup\Client" -ValueName DisableSystemBackupUI

Remove-GPRegistryValue -Name "W10_C_Computer" -key "HKLM\Software\Policies\Microsoft\Windows\PreviewBuilds" -ValueName EnableConfigFlighting

Remove-GPRegistryValue -Name "W10_C_Computer" -key "HKLM\Software\Policies\Microsoft\Windows\PreviewBuilds" -ValueName EnableExperimentation

Remove-GPRegistryValue -Name "W10_C_Computer" -key "HKLM\Software\Policies\Microsoft\Windows\SideShow" -ValueName Disabled

Remove-GPRegistryValue -Name "W10_C_Computer" -key "HKLM\Software\Policies\Microsoft\WindowsMediaCenter" -ValueName MediaCenter