Sharepoint sync and lock issues - solutions

 Sharepoint synced down to your PC by onedrive can have a ton of errors. It is caused by the simple dis-functionality of this badly thought out service but also by the fact that 10 people at one time can open one single document with various rights and do various actions on it. Imagine that one person wants to edit an excel rubric, while another wants to change it's colour and a third in the meantime tries renaming the document. In the meantime 5more users are having it open, some on the web some on their PCs. Few of them using a VPN from home, others are on the train wifi and some at work. Maybe also one user opens it up with excel 365, another with local office and the third with Power BI. I mean this shitshow has endless possibilities and something turning bad, is just normal. 

So, first of all make sure that you are not running some old windows 10 with no updates. Make sure you are at Win11 and all are updated. Second, run a full sfc /scannow and a full dism /online /cleanup-image /restorehealth. 

Before uninstalling, run these: 
%localappdata%\Microsoft\OneDrive\onedrive.exe /reset

C:\Program Files (x86)\Microsoft OneDrive\onedrive.exe /reset 

C:\Program Files\Microsoft OneDrive\onedrive.exe /reset 

wreset.exe

%localappdata%\Microsoft\OneDrive\settings 

delete this : PreSignInSettingsConfig.json 

Win+R= copy the command and run

 Then uninstall one drive. Run again the SFC and Dism commands. Check again for windows updates. Reboot your PC. Download the latest one drive version.

Before installing, go on one-drive online and make sure that there are no sharepoint links in your personal one drive. So actually often end users place Sharepoint shortcuts into their personal one drive, when for instance a company blocks direct syncing. It is blocked because the know issues of non uniform hardware and software and crappy internet connections. If I had a full on 8gig fibre going on for 30 employees, working only from the office, with latest PCs and latest OSes, like in New York, there would never be any issues.
So again, it is crucial that there are no sharepoint shortcuts in personal one drive. Not even in sub-folders.

 

Example = don't do that !!!

So now you can install your one drive on your PC, add your account, go onto sharepoint and do a new share-point sync. Do not add shortcuts to your one drive. It will not only cause bugs and issues but poses security risks too. For instance, deleted files can end up in personal recycle bins. This can also happen on multiple ways. Accidentaly deleted files might not be recoverable and will disappear completely. Confidential files might end up in a the bin of all users who had the file open in the time of deletion. No one-drive shortcuts please ! 

Of course, if on sharepoint online, you cannot access a folder or a document, that is simply a right issues. In this case, you need to ask your sharepoint admin to give you the rights and place you into the security group accessing either as a member(RWE) or a visitor (RO).

It might happen, that you still won't get rid of the issue of sync and padlocks. Repeat the process but stop your antivius and open your firewall before installing and syncing. Also un-install your actual office and adobe reader !!! Very important !!! 
Adobe hates long file-names and also long folder paths. If you had pdf visualizing enabled in your file explorer through adobe, what is automatic after installation, it might lock files, sporadically. The thing is that it does not lock only PDFs but excel or word files too. Adobe also hates file-sharing and collaborative work ! So you might need to replace it with kofax or other sort of pdf handler. 

Sources:

https://support.microsoft.com/en-us/office/reset-onedrive-34701e00-bf7b-42db-b960-84905399050c#:~:text=Select%20Applications.,Clear%20data%20and%20Clear%20cache

https://support.microsoft.com/en-us/office/add-shortcuts-to-shared-folders-in-onedrive-d66b1347-99b7-4470-9360-ffc048d35a33

https://learn.microsoft.com/en-us/answers/questions/5380580/using-the-add-a-shortcut-to-onedrive-feature-in-a 

 

 

 

 

 

TIME SERVER IMPORTANCE - Harmony is key

Recently I came across a situation , where an RDS server started having random issues of services braking, random rebooting out of the blue and users getting disconnected. At the beginning of course we were thinking of a network issue, like the usual DHCP and DNS problems or bandwidth and network down problems. Of course the logs started showing otherwise. Running w32tm /query /configuration , w32tm /query /status , w32tm /query /source , w32tm /query /peers , we have found that the actual time server is set to be a non existent long time turned off machine. 

Time sync issues in worst case scenarios can cause the breakage of trust relationships, but mostly cause log-in issues, authentication problems not only for the users, but services and apps too. Scheduled tasks will break, especially if they were not local. 

Often time server details are propagated by a GPO or the default domain GPO. Normally the good practice is that the actual  main domain server (netdom query fsmo)gets it's time from a main continental time server like pool.ntp.org (redundancy: 0.pool.ntp.org, 1.pool.ntp.org), then it should propagate to secondary DCs and other servers. So if the main domain controller is out of sync from the european time server, the infrastructure would be still in sync and issues would not come up. The most important problems occur when certain sections of the infra are delayed by more than 5minutes. It is rare, but did my research and it can cause some serious issues, especially on hybrid infra structures running linux and ms based operations, on premises and cloud in the meantime. 

Our problem had risen from the fact that when server migration happened, they changed the server name and address. However I think it wasn't a service migration, but a hard VM to VM copy. Except that the main domain default GPO stayed as it was. Still set up for the old non existent time server. 

At this moment, we did a risky practice, we edited the default GPO, then did a gpupdate /force on the 3 other servers. Would I have done the same if I had 80 servers ? Not sure !!!
Our idea worked. So I think, that it would work also for a big infra, except that maybe on the way of propagation, something would break and would need fixing. That is not an issue, as backups and snapshots are present. But, it should be done like during the general yearly downtime or during a 3 days long weekend.

Better Practice 

Main Domain Policy GPOs have N°2 priority so setting a GPO above with N°1 priority is a more sustainable and secure practice.

First need to make sure that the PDC s time server has been set right:

w32tm /config /manualpeerlist:"fr.pool.ntp.org" /syncfromflags:manual /reliable:yes /update
w32tm /resync /force 

Right-click the domain name → Create a new GPO
Example: "Time Configuration – All Computers"

Edit the GPO → Computer Configuration → Policies → Administrative Templates → System → Windows Time Service → Time Providers
Configure: 

• Enable Windows NTP Client
• Type: NT5DS
• NtpServer: leave empty (clients follow DCs)
• Link the GPO at the domain level (top-level link)
• This applies to all computers and servers in the domain

 Then you must either wait 15 to 30min or run a gpupdate /force and maybe a w32tm /resync on each server.  Than you can check your results with w32tm /query /source or w32tm /query /status.

(Please note that in some cases DCs are stubborn, so while your new time server might propagate down to everything including all servers and PCs, DCs would still not be updated. In this case you simply need to create another GPO applied to the Domain Controllers OU ! ) 

Create a CUPS / Linux Print Server

 # Download debian net inst ISO
https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.11.0-amd64-netinst.iso

# Create a bootable USB stick
```bash
sudo dd if=debian-12.11.0-amd64-netinst.iso of=/dev/sda bs=4M status=progress oflag=sync
```

# Update 
```bash
sudo apt update -y && sudo apt upgrade -y && sudo apt autoremove -y
```
# Install Printing Service
```bash
sudo apt install cups
sudo apt install avahi-daemon
sudo systemctl enable --now avahi-daemon
sudo ufw allow 631 # if using ufw
```

## Cups
Cups is accessible from your browser:
http://localhost:631

**Add admin access**
```bash
sudo nano /etc/cups/cupsd.conf
------------------------------
# Listen on all interfaces
Port 631
Listen 0.0.0.0:631
ServerAlias *

# Enable printer discovery on the local network
Browsing On
BrowseLocalProtocols dnssd

# Access control for general browsing/printing
<Location />
  Order allow,deny
  Allow @LOCAL
</Location>

# Access control for the admin pages
<Location /admin>
  Order allow,deny
  Allow @LOCAL
</Location>

# Access control for the admin operations (adding/removing printers)
# <Location /admin/conf>
#  AuthType Default
#  Require user @SYSTEM
#  Order allow,deny
#  Allow @LOCAL
# </Location>

------------------------------
sudo systemctl restart cups
```
**For usb printers, we might need two print tools**
```bash
sudo apt install printer-driver-gutenprint foomatic-db
# we can install ssh access too
sudo apt install openssh-server
# On both client and server
sudo systemctl restart cups
sudo systemctl restart avahi-daemon
```

## Install Printer Driver if needed
*I am using an old usb printer Brother L2310D*
*This is the main reason for my print server*
*My new box, cannot handle task forwarding on it, like the old Freebox*
https://support.brother.com/g/b/downloadlist.aspx?c=eu_ot&lang=en&prod=hll2310d_us_eu_as&os=128#SelectLanguageType-10283_0_1
*By clicking on the driver, all the instructions are there.*
*Normally we don't need to do this*
```bash
# This can work too
sudo apt install printer-driver-brlaser
```

# PCs that want to print need to have these installed 
*normally it is the case for ubuntu / debian / fedora*
```bash
sudo apt install cups avahi-daemon printer-driver-brlaser
sudo systemctl enable --now cups
sudo systemctl enable --now avahi-daemon
```

Finally you also have to make sure that your PC is not simply looking for a printer on another PC, because this will cause printer confusion. It should look for a print server, so the printing data will be comprehensible when it arrives to the printer. Normally on windows I especially for a network printer I would use a specific driver on the server and generic drivers on the clients. Often in Linux this is not possible, because the generic driver installs come back with an error. 

```bash
sudo nano /etc/cups/client.conf
----------

ServerName 192.168.1.83     # your printserver IP

```

So now, normally, when you simply do a printer search your PC should auto detect the printer. 
Normally, even windows devices would be dtecting it. 
If not, just add printer and try using IPP.
If not, use the TCP/IP section and add your servers IP.

Install Linux on latest DELL laptops - I9 185h / 285h - Part 2

 Even if it is not about some real professional stuff, I already have posted this article on linkedin.

I have tried and tested every single option proposed by chatgpt, perplexity, deepseek, dell website, youtube, reddit, dell forums, laptop forums and the linux did not want to go up. I did the latest 1.15 bios update too a couple of days ago. I was on the verge of uploading a custom BIOS and probably doing irreversible damage to my PC, but Windows was driving me crazy. When you turn off your PC and it does 1hour of updates before you can close the lid, then doing the same when opening up, is just nuts. When your base memory is 5gigs, you don't do anything come back in an hour and it is 12 ? When running a VM and you have only 2 gigs of memory left ? When looking for a setting and windows property search is not indexing it ? I mean it is just endless pain in the back. You open your PC and want to work right away. When want to install, update, customize, download, launch, I don't want to think about that stuff. Just do it and if it does not work, I find another solution in seconds. Like I downloaded yesterday onto my linux an apt based keepass2 and it was buggy. I did the same with keepassXC and was perfect. Uninstalled keepass2. IT took me like 1min thirty. In win11 just to go to the website and download and install would take way more.
My new linux distro was also up in under 7minutes ! Windows still takes nearly an hour if installed from zero ! Anyways, just to show you how awesomely relieved I am that my win is off and my kubuntu is up !

------------------------------------------------

I tried at least 6 linux distros, custom kernels, custom drivers for intel and dell. It still did not went up. Normally, without messing around, a simple solution of secure boot off, disk management from RAID to AHCI swtich and a linux should go up on any PC. Intel, AMD, ARM what ever. No it did not ! 

We talk about a brand new PC Dell 14 Plus 7440 32gb lpddrx Intel I9 185h. The PC was produced this april 2025 ! When I went to the reddit forums, I found a lot of issues and complaints about these new intel Dell laptops. Especially the GEN1 GEN2 I7 I9 ones ! 13th and 14th gen I5 I7 I9s have no real issues nowhere and they are well supported by LTS distros too. 

So what was my problem  ?

 This is an SKHYNIX branded bloody expensive dell NVME. It costs 188€ on DELLs website. IT comes with a long heatsink, but the actual thermal sponge is glued to the dell sticker. Not sure what a BPA coated paper can do in case of heat transfer. Very funny ! Anyways, my laptop was having this as the original NVME. The original price of my laptop was 1299€ and with some discount it was sold for 999€. I also had some extra codes and DELL points so I paid 889€. If we followed the price tag of this SKHynix NVME and the price tag of Windows, I could have gotten this PC for under 600€ and by my own NVME.

This is what I did. I actually just bought a 990 Pro from Samsung, as this is the most reputable NVME on the current and past market. I have  an old 970 EVO in AMD PC and it runs like a Nordictrack treadmill. 

I installed it and there was no bios lag on recognizing it ! My windows install did not need extra RST driver load to recognize the NVME ! One point to that ! I did this just to test my theory !
I made a Kubuntu 25 USB with balena etcher, what has also actually failed on both of my Windows machines, so I went downstairs, onto my linux tower and burnt it on that one !

Guess what. I took 6minutes and 45 seconds to install Kubuntu on my new laptop, with absolutely zero hiccups ! No questions, no issues, no nothing !  
Since last night, I am relieved, that my laptop is blazing fast, with less heat, half the memory use, half the space use for the os and components, 1/50th of update and upgrade times and much more ! 

Thank you linux and thank you DELL !

 

PS.: I also recently purchased a replacement laptop for my wife. A Dell 16" Inspirion with Ryzen 7 8840. I turned simply off secureboot and the Kubuntu went up in even faster time than on the Intel ! Strangely from a less powerful PC with less and slower memory !

Install Linux on latest DELL laptops - I9 185h / 285h

Installing Linux is a pain in the back on these new machines. Here is what can prevent you from doing so and how to correct it. I am using a DELL Inspirion 14 Plus with I9 185H.

• Sata Mode
  
• Secure Boot
• Microsoft UEFI Certificate Authority
  
• TPM 
• SMM
• WSMT
  

SMM and WSMT are both, features that you might find in BIOS. Often one or the other. Unless you custom load BIOS settings from skratch, or flash on total custom BIOS, these settings are not changeable. They also might prevent you from installing Linux, but newer Kernels support these. "Normally".

It is time consuming, but if it was me, to keep most of the possible security features on, I would start changing these settings one by one.

Step 1
Download Dell Command Configure

Step 2 - try it without at the beginning
Set BIOS admin password. You might need it, to accept changes. I simply would use either 4 digit pin or a a max 6character password for home users. For a pro environment I would definitely go with a classic 12 character, number, upper and lower case, Special Character option. Be careful with keyboard setup !

Step 3
Run Dell Command Configure Prompt. Start with setting your sata controller from Raid using Intel RST, to AHCI. Then try installing your linux distro. This is the most usual cause of Linux not going up on your new DELL Laptop.

Step 4
Ubtuntu, Fedora, Mint, but even Debian supports secure boot. Normally ! If it still is messing up your install: Turn off secure boot. This one can be done from BIOS itself. 

Step 5
Disable Windows UEFI Cert - Well, it might be necessary and most possibly just in case something went wrong, you won't be able to secure boot your deice, if you installed linux with these two features off. 

Summary of Commands

Add this before your commands, if you've set password:
cctk --valsetuppwd=MyBiosPass123

Your commands should look like that:

cctk --valsetuppwd=MyBiosPass123 --embsatara=ahci
cctk --valsetuppwd=MyBiosPass123 --secureboot=disable
 

SATA Mode → AHCI    cctk --embsatara=ahci
Disable Secure Boot    cctk --secureboot=disable
Disable MS UEFI Cert    cctk --securebootmode=custom
cctk --deletepk
Disable TPM    cctk --tpm=off
Clear TPM    cctk --tpmclear
Disable SMM / WSMT    cctk --smmsecuritymitigation=disable

At the moment of this article, I could disable everything I wanted. I did not find a way to disable security mitigation, without doing a drastic action on my BIOS. I will come back to see, if a new linux distro will go up flawlessly or not. I just have ordered a new 2TO 990pro from Samsung. I hope for the best, cause I can't get the use of Windows anymore....

Please note that Dell Command Configure is available on Linux. Except, that it also has a GUI interface on Windows and there are many many options that will be denied if you did not use that. Setting RAID sata mode to AHCI is straight forward, but all other functions might fail !
Why not just go with a R9 AI PC instead of Intel ? If you wanted to focus on virtualization projects, running multiple low level systems, you need a lot of cores. But we talked about a laptop, so when you need to run low level stuff, your battery life could be still excellent ! No thunderbolt port on AMD pcs  ! The new thunderbolt 5 can run 3 4K monitors at 144hz, while charging and having internet, headset, keyboard and mouse all plugged into one single dock ! Finallyggt now, DELL has limited options on R9 pcs not coming with LPDDR5 and without PRO feature ! Why Dell ? Cause I need physical quality and I have been seeing Lenovo, HP, Terra breaking like pretzels.

 

Windows File Server User Acces Control - Basic ICACLS use

Before we apply any sort of folder permissions, we should save the actually applied permissions. Here are the commands to use and just in case anything goes wrong, you re-establish the previous permission.
In your home, this can be important if more than one person is using the PC. 
In a work environment, this is crucial to do, as if anything goes wrong, you might be in big trouble. 

In case of the file name, I would use the date inside the filename, so you know when it was modified. I also would use some sort of identification to know where it was applied. You might leave it in the top folder, hidden from users. You should not pollute though. Probably it should be deleted, if you assured that everything is cool !  

Save Folder Permissions:
    icacls "D:\Path\To\Folder" /save perms.txt

Save Folder Permissions Recursively:
    icacls "D:\Path\To\Folder" /save perms.txt /T # for recursive 

 Restore Folder Permissions:
    icacls "D:\" /restore perms-john.txt 


Verifiy folder permissions:
     icacls "D:\Path\To\Folder"

Windows Update Button / Option disappear - update from powershell

 An old problem has started popping up recently on Windows PCs after certain updates. I have seen this on Win11, but mostly on Win10 PCs. Updates stop, Windows update search button disappears and the actual circling double flash windows update sign shows an exclamation mark, that something is not right.

No panic ! Instead of trying all sorts of stuff of get that back, you just need to be patient. The next couple of updates will be  probably correcting this issue and your windows update button and the appearance of Win update page will be the same.
However, there might be some steps to do, before you can launch your update. I really recommend, that instead of messing up your registry, searching for third party Non-MS solutions, uninstalling and re-installing updates, drivers, direct-x and more, you just do a full on windows repair, then update your current system.

Start by launching this script. You can copy it to ISE, or right click launch it as admin. Make sure that script execution is allowed. Just search in the search-bar: "script execution":
https://github.com/iv3l/PowerSHell-Scripts/blob/main/disable-non-essential-services.ps1

I have written it to stop non essential services for the being of all operations. After each restart, you need to launch it, as it won't disable the services, but stop them for the current session.

The you launch a dism and an sfc, then a reboot. These 3 commands one after another:

DISM /Online /Cleanup-Image /RrestoreHealth
sfc / scannow
shutdown /r /t 0

Depending on a lot of things like, how long have been the windows installed and untreated, on your network connection, speed of your disk and nvme drive, cpu, memory, space available, DISM might be slow, and it might take 2hours. For me on the I9 185h with GEN4 NVME and 32gb LPDDRX 6400 it takes around 1 to 2 minutes as an example.

Your PC has been restarted, now you reuse the firs script to stop services. Also please stop all non essential software too. You need to stop Dropbox, GDrive, Sticky Notes, Outlook, alll and everything.

The next thing is to update all your firmware. Most employees doesn't care about firmware updates and then they got their PC stop after an update. An OS install will fail. The PC will have program compatibility issues, like an endpoint manager will freeze the PC if running with the latest updated Ms Office package. These weird mishaps never happen on Linux, but Windows is an extremely sensitive system. All sorts of issues pop up if your system is not upgraded, but also it slows your system down. It can make updating your system the next time hell too, if you did not do anything for 2 years. I have systems with 100Gigs of obligatory windows update, just to be enough up to date on Win10, to be able to migrate to Win11. I mean with a connection speed of 2 to 20Mbps, this might take basically a week. I must keep these PCs intact, cannot just wipe them.

Now, that your firmware is updated and your PC is restarted, you run the first script again, to stop all non essential services. Then you again stop all of your programs. Here is a second script that will prompt you to install the updates. Again run ISE as admin or run the .ps1 script as admin. Your choice:
https://github.com/iv3l/PowerSHell-Scripts/blob/main/prompted_win_update.ps1

The script normally covers the installation of dependencies and initial calls of modules, but it might fail. Though it never happened to me. If you don't download it but copy it, make sure that that comments are in good condition as in some cases they do not show up as commented lines and launch as commands, what can be scary at first, giving you red error messages. 

I case you don't want to mess around with my script, you can download and install the updates yourself, running these in powershell, one after another:

Step-by-step:

a. Open PowerShell as Administrator, then install the module:

Install-Module -Name PSWindowsUpdate -Force

b. Import the module (if needed):

Import-Module PSWindowsUpdate

c. Check for updates:

Get-WindowsUpdate

d. Install updates:

Install-WindowsUpdate -AcceptAll -AutoReboot

This way you won't need to worry about your graphical interface based windows update, until the option comes back and your windows will do update itself. After the initial SFC and DISM commands, verify that you might already got back your win button. If not, wait for the KB corrections and major updates. IT might take one or 5. Run these each Wednesday and each Sunday morning.