In Windows environment, each user is assigned a unique identifier called Security ID or SID, which is used to control access to various resources like Files, Registry keys, network shares etc. We can obtain SID of a user through WMIC USERACCOUNT command. Below you can find syntax and examples for the same.
Get SID of a local user
wmic useraccount where name='username' get sid
For example, to get the SID for a local user with the login name ‘KARL, the command would be as below
wmic useraccount where name='KARL' get sid
Get SID for current logged in user
To retrieve the SID for current logged in user we can run the below command. This does not require you to specify the user name in the command. This can be used in batch files which may be executed from different user accounts.
wmic useraccount where name='%username%' get sid
Get SID for current logged in domain user
Run the command ‘whoami /user’ from command line to get the SID for the logged in user.
c:\>whoami /user USER INFORMATION ---------------- User Name SID ============== ============================================== mydomain\wincmd S-1-5-21-7375663-6890924511-1272660413-2944159 c:\>
Get SID for the local administrator of the computer
wmic useraccount where (name='administrator' and domain='%computername%') get name,sid
Get SID for the domain administrator
wmic useraccount where (name='administrator' and domain='%userdomain%') get name,sid
Find username from a SID
Now this is tip is to find the user account when you have a SID. One of the readers of this post had this usecase and he figured out the command himself with the help of the commands given above. Adding the same here.
wmic useraccount where sid='S-1-5-21-1471586919-1128665872-1817863081-504' get name
Force Thunderbird to check if it is the default
Thunderbird can be configured to check if it is the operating system's default mail client each time it is started.
- At the top of the Thunderbird window, click the , or click the menu button menu and select and choose .
- On the panel, select the tab.
- Make sure that "Always check to see if Thunderbird is the default mail client on startup" is checked.
- Click to check if Thunderbird is set as the default mail client immediately.
- If you want to set Thunderbird as the default client for e-mail, newsgroups or feeds, check the corresponding boxes and click OK. When a box is grayed out, Thunderbird is already set as the default client for that purpose.
- If you set Thunderbird to be the default mail client, other applications (such as your web browser or word processing application) may need to be restarted for the changes to take effect.
Set Thunderbird as the operating system default
- Open the Settings application by pressing and releasing the Windows Start button, then clicking the gear icon.
- Click the Apps icon, then click Default Apps in the list.
- Click the icon under the heading Email to show your choices.
- Select Thunderbird.
Set Thunderbird as an application default
In some cases (such as Firefox on KDE Linux), the application doesn't check the operating system preferences to determine the default email application. When that is the case, you must set the default in the application itself. Refer to the application documentation for instructions.
How to Create a PFX Certificate File from a PEM File
Some certificate authorities (such as RapidSSL) only supply certificate in the form of a PEM file, which is not usable by many Windows services.
In the case of RapidSSL, the PEM file may not have been generated as a part of a certificate signing request.
How to Convert PEM to PFX
- Install the latest stable Open SSL. The main page is here or you can find good Windows binaries here.
- Copy the PEM file to the OpenSSL binary folder, such as C:\Program Files\OpenSSL-Win64\bin
- Open an administrative command prompt or Powershell window to that folder
- Type in:
.\openssl pkcs12 -export -out result.pfx -inkey mypemfile.pem -in mypemfile.pem
- You will be prompted for a PFX password as part of the process. You must securely store the password with the PFX file to be able to use it.
- Above, the -inkey command is used to input the private key. If you have a separate certificate signing request (CSR) this would likely not be in the .PEM file, but would be in a separate .CRT file:
.\openssl pkcs12 -export -out result.pfx -inkey mycsrkeyfile.crt -in mypemfile.cer
Also see here.
- Windows Server services that require a PFX certificate that includes the private key
The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key into a single encryptable file. PFX files are usually found with the extensions .pfx and .p12. PFX files are typically used on Windows and macOS machines to import and export certificates and private keys.
- The original private key used for the certificate
- A PEM (.pem, .crt, .cer) or PKCS#7/P7B (.p7b, .p7c) File
- OpenSSL (included with Linux/Unix and macOS, and easily installed on Windows with Cygwin)
The commands below demonstrate examples of how to create a .pfx/.p12 file in the command line using OpenSSL:
PEM (.pem, .crt, .cer) to PFX
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt
Breaking down the command:
openssl– the command for executing OpenSSL
pkcs12– the file utility for PKCS#12 files in OpenSSL
-export -out certificate.pfx– export and save the PFX file as certificate.pfx
-inkey privateKey.key– use the private key file privateKey.key as the private key to combine with the certificate.
-in certificate.crt– use certificate.crt as the certificate the private key will be combined with.
-certfile more.crt– This is optional, this is if you have any additional certificates you would like to include in the PFX file.
PKCS#7/P7B (.p7b, .p7c) to PFX
P7B files cannot be used to directly create a PFX file. P7B files must be converted to PEM. Once converted to PEM, follow the above steps to create a PFX file from a PEM file.
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.crt
Breaking down the command:
openssl– the command for executing OpenSSL
pkcs7– the file utility for PKCS#7 files in OpenSSL
-print_certs -in certificate.p7b– prints out any certificates or CRLs contained in the file.
-out certificate.crt– output the file as certificate.crt
Clear the group policy cache on a machine
- Open My Computer/Computer
- In the URL or address bar paste: %windir%\system32\GroupPolicy
- Right click and delete the: Machine and User folders to clear local group policy cache
- Restart the computer to reapply the group policies
You can also run the little PowerShell oneliner as Administrator to remove the Group Policy folder and all files below:
Remove-Item "$env:windir\system32\GroupPolicy" -Force -Recurse
- Delete the “HKLM\Software\Policies\Microsoft” Key (looks like a folder).
- Delete the “HKCU\Software\Policies\Microsoft” Key
- Delete the “HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects” Key.
- Delete the “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies” Key.
- Remove the computer from the domain – (change to a Workgroup)
- Restart computer
- Run gpupdate /force
- Rejoin the domain