===== Missing Help and support services ===== 1. Open a command prompt. 2. Navigate to %windir%\PCHealth\HelpCtr\Binaries 3. Run this command: start /w helpsvc /svchost netsvcs /regserver /install 4. Once this command completes the Help and Support service should now appear in services.msc 5. Start the Help and Support service Regards, The SBS Bloggers team ===== Active Directory time conversion ===== Active directory adsiedit.exe lists account times as a long integer number. To convert, use the following. [[http://support.microsoft.com/kb/192949/]] w32tm.exe /ntt3 w32tm.exe /ntte 127792363385310954 Attributes (Large Integer/Interval) accountExpires badPasswordTime lastLogon lastLogontimestamp pwdLastSet Attribute (UTC Coded time) (these don't need converstion in adsiedit) createTimeStamp modifytimeStamp whenChanged whenCreated to get change password date, get pwdLastSet from user and maxPwdAge from base. maxPwdAge is negative, so subtracting maxPwdAge effectivly adds the absolute values of the two. pwdLastSet - maxPwdAge w32tm.exe /ntte [[http://msdn.microsoft.com/en-us/library/ms680832.aspx|userAccountControl attributes]] Password must be reset: ldapsearch -x -D 'cn=ldapbrowser,cn=Users,dc=aoe,dc=vt,dc=edu' -W -b 'dc=aoe,dc=vt,dc=edu' "(&(objectclass=*)(pwdLastSet=0))" cn uid |grep -E "cn|uid" Password last set: ldapsearch -x -D 'cn=ldapbrowser,cn=Users,dc=aoe,dc=vt,dc=edu' -W -b 'dc=aoe,dc=vt,dc=edu' "(&(objectclass=*)(uid=sateel))" pwdLastSet Max Password age ldapsearch -x -D 'cn=ldapbrowser,cn=Users,dc=aoe,dc=vt,dc=edu' -W -b 'dc=aoe,dc=vt,dc=edu' "(objectclass=domain)" maxPwdAge ==== Time Calculation ==== === year === pwdLastSet/10,000,000=seconds since Jan 1,1601 pwdLastSet/10,000,000/seconds/minutes/hours/days=years pwdLastSet/10,000,000/60/60/24/365.25=year ( x /10000000/60/60/24/365.25)+1601 === date in year === === Easy Formula === converted = WindowsTimestamp / 10000000 - 11644473600; date -u --date="1970-01-01 $converted sec GMT" *The result is off by 5 hours due to GMT. http://www.lochan.org/2005/keith-cl/useful/win32time.html ===== hosts file ===== /windows/system32/drivers/etc/hosts ===== Problem taking AD GPO software ===== Broadcom managment application for wireless NIC was interfering with the DHPC of the LAN connection and not allowing an address to be received. Removing the managment program fixed it. The symtom was when "limited network connectivity" followed by getting an address when renewing the lease. ===== .NET update problems ===== [[http://support.microsoft.com/kb/923100]] Basically, try to remove, then use the Windows Installer CleanUp Utility to remove the entry and reinstall. ===== complete background tasks ===== rundll32.exe advapi32.dll,ProcessIdleTasks This immediately executes all background idle tasks to completion, including tasks such as the Windows prefetcher. ===== Level 2 Headline ===== http://isc.sans.org/diary.html?storyid=4039 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here ===== useful web sites ===== [[http://www.computerworld.com.au/index.php/id;1170986376;fp;4194304;fpid;1]] [[http://support.microsoft.com/kb/887303/#|Applying Group Policy causes Userenv errors and events to occur on your computers that are running Windows Server 2003, Windows XP, or Windows 2000]] [[http://windowssecrets.com/comp/080403#story1|Vista Upgrade on a new machine]] ===== Vista User profile problem ===== [[http://www.vistax64.com/tutorials/130095-user-profile-service-failed-logon-user-profile-cannot-loaded.html]] activate administrator account using safe mode: net user administrator /active:yes As Administrator in Safe Mode: 4. In regedit, go to: (See screenshot below step 5) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList 5. In the left pane, look for the S-1-5..... folder (SID key) with the long number that has .bak at the end of the numbers. [and switch with the one without the .bak] ===== Using Samba with Vista - NTLM issue ===== This is an old problem when Vista first came out. The problem was with Samba not using NTLMv2, which is seems to handle now (2010-6-8). http://www.jimmah.com/vista/Networking/ntlm.aspx == Why can't I access my NAS (Network Attached Storage) share, Macintosh (MAC) share, linux share, or a share from an old version of Windows == When accessing a file share on a remote computer or device, Windows Vista will refuse to send your password using older encryption methods. Unfortunately, many NAS devices as well as older versions of linux do not understand the newer encryption methods. This keeps you from being able to access these devices. The solution is to force Windows Vista to use the older encryption methods. To do that, follow these steps: == Users of Windows Vista Home Basic and Home Premium == CAUTION: Improperly modifying the registry can harm your system. 1. Click start 2. Type: regedit 3. Press enter 4. In the left, expand these folders: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ 5. In the left, click on the folder named: Lsa 6. In the right, double-click "LmCompatibilityLevel" 7. Type the number 1 and press enter 8. Restart your computer == Users of Windows Vista Business, Enterprise, and Ultimate == 1. Click Start 2. Click Control Panel 3. Click System and Maintenance 4. Click Administrative Tools 5. Double-Click Local Security Policy 6. In the left pane, click the triangle next to Local Policy 7. In the left pane, click Security Options 8. In the right pane near the bottom, double-click "Network security: LAN manager authentication level" 9. Click the drop-down box, and click "Send LM & NTLM - use NTLMv2 session security if negotiated" 10. Click OK ===== command window modifications ===== [[http://technet2.microsoft.com/windowsserver/en/library/4960db77-7bc9-4b5c-9c68-53a8b3c593f61033.mspx?mfr=true]] ===== Deploying Group policy Using Windows Vista ===== [[http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=993326&SiteID=17]] [[http://technet2.microsoft.com/WindowsVista/en/library/5ae8da2a-878e-48db-a3c1-4be6ac7cf7631033.mspx?mfr=true]] ===== Vista SP1 ===== [[http://blog.washingtonpost.com/securityfix/2008/04/windows_vista_service_pack_1_n_1.html]] First: Backup data chkdsk c: /F SFC /Scannow ===== System Shell ===== AT \\machinethatyouareon 21:07 /INTERACTIVE cmd.exe ===== Turn off "Files Stored on this computer" on a non-domain machine ===== [Start] [Run] [Regedit] Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\MyComputer\NameSpace\DelegateFolders In the left pane, delete the sub-key {59031a47-3f72-44a7-89c5-5595fe6b30ee} Exit Registry and Reboot ===== Autoplay ===== * Run the Registry Editor (REGEDIT.EXE). * Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom. * Double-click the Autorun value, and type 0 for its value. (If it's not there, create it by selecting Edit -> New -> DWORD Value, and typing "Autorun" for its name.) * You may have to log out and then log back in for this change to take effect. * Note: With this solution, Windows will no longer be notified when you insert a new CD. To make sure the correct icon and title for the current CD are displayed in My Computer and Explorer, press F5 to refresh the window. ===== Turn off Autoplay ===== [[http://support.microsoft.com/kb/953252]] --> [[http://support.microsoft.com/kb/967715/]] Group Policy key Administrative templates > system > turn off Auto Play ===== repair MBR ===== fixboot fixmbr [[http://support.microsoft.com/kb/314503]] 4. If the primary boot partition is a FAT partition, use the FIXBOOT command from the Windows XP Recovery Console to write a new boot sector on the system partition, and then use the FIXMBR command to repair the master boot record. [[http://icrontic.com/articles/repair_windows_xp]] ===== unable to execute files on the network drives ===== Internet options, Security, Internet, Custom Level, Miscellaneous, Launch applications and unsafe files, Prompt. ===== Turn on auto login ===== [[http://support.microsoft.com/kb/315231|Auto Login kb315231]] ===== Thomas Beirling network problem ===== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\ TransportBindName Value: \Device\ ===== Enumerate Machine GUID's ===== http://support.microsoft.com/?id=315619 ===== Icon Background Text not transparent ===== Four things are required for transparent icon backgrounds: 1.Control Panel-System-Advanced-Performance Settings. Check "Use drop shadows for icon labels on the desktop" on the Visual Effects tab. 2.Right-click on Desktop - "Arrange Icons by" and ensure Lock Web items is cleared. 3.Transparency will not work if you have web content on your desktop, Control Panel - Display Properties - Desktop tab - Customize Desktop - Web tab. Clear all check boxes. 4. Ensure the Wallpaper is an image file not HTML. ....Alan -- Alan Edwards, MS MVP Windows - Internet Explorer http://dts-l.com/index.htm ===== Simpson's XP_AntiSpyware ===== Dr Simpson's laptop was giving a blue screen upon logon. Installing bios, reinstalling drivers all was not effective. Downloading and installing the complete **SP3** fixed the bluescreen problem. It then complained of having spyware, which was a malware program called XP_AntiSpyware 2009. [[http://www.bleepingcomputer.com/malware-removal/remove-xp-antispyware-2009]] [[http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe|Malwarebytes Anti-malware]] ===== Antivirus 2009 ===== [[http://isc.sans.org/diary.html?storyid=5548]] download the boot-able cd here: [[http://www.avira.com/en/support/support_downloads.html]] "After that, I performed a scan with F-Secure's Blacklight rootkit detection and elimination tool: [[http://www.f-secure.com/security_center/]]" ===== Virus mitigation ===== reinstall and run with updates: - malware bytes [[http://www.malwarebytes.org/mbam.php]] - avira [[http://www.avira.com/en/support/support_downloads.html]] - spy bot [[http://www.safer-networking.org/en/spybotsd/index.html]] - windows defender (may need windows updates working to get updates) [[http://www.microsoft.com/windows/products/winfamily/defender/default.mspx]] - black light [[http://www.f-secure.com/security_center/]] - Norton removal tool [[http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039]] use the one from the ISP - sep [[http://antivirus.vt.edu]] - windows updates from -Lee Dickey - F-Secure Rescue CD which can update on the internet if it detects your Ethernet connection or through a connected USB key. [[http://www.f-secure.com/linux-weblog/2008/06/19/f-secure-rescue-cd-300-released/]] - Combofix.exe [[http://www.bleepingcomputer.com/combofix/how-to-use-combofix]] from Russ - Avast for home use [[http://www.avast.com/]] === explorer won't start === [[http://www.tomshardware.com/forum/86497-45-windows-find-explorer]] if explorer.exe does is not found, or the logon does not complete, it could be trying to run a debugger program instead. remove this key: HKLM/Software/Microsoft/Windows NT/Current Version/Image File Execution Options/explorer.exe/{ a key similar to "Debugger" } === Norton Antivirus Corporate Edition 7.6 Removal === [[http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/934d7988e4ebff7c88257348007a2574?OpenDocument]] ===== Simpson's laptop immediately logs off after logon ===== Logging on results in immediate logoff. The problem is a key is corrupt or missing. [[http://www.tomshardware.com/forum/28295-45-editing-registry-recovery-console]] [[http://www.opentechsupport.net/forums/archive/topic/20552-1.html]] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon modify the value of Userinit to C:\WINDOWS\system32\userinit.exe The problem is that the registry cannot be modified unless you can log on. Jason wrote a vbscript to first read the key and the script was applied via startup scripts in GPO. Then he exported the key from a good machine and applied it using regedit.exe /s thegoodfile.reg using another startup batch file. The VB Script information was found here: [[http://www.websystemsadministration.com/kb/FileDepot/tabid/71/Default.aspx]] ===== Windows update fails after SP3 on new Dells ===== [[http://www.update.microsoft.com/windowsupdate/v6/showarticle.aspx?articleid=38&ln=en&IsMu=False]] ===== CD Burn problems Remove upper and lower filters ===== Step 1: Start Registry Editor Click Start, click Run, type regedit, and then click OK. Registry Editor starts. Step 2: Delete the UpperFilters registry entry 1. In Registry Editor, expand My Computer, and then expand HKEY_LOCAL_MACHINE. 2. Expand SYSTEM,"and then expand CurrentControlSet. 3. Expand Control, and then expand Class. 4. Under Class, click {4D36E965-E325-11CE-BFC1-08002BE10318}. 5. In the right pane (topic area), click UpperFilters. Note An UpperFilters.bak registry entry may also appear. To delete the UpperFilters registry entry, you must click UpperFilters and not UpperFilters.bak. 6. On the Edit menu, click Delete. 7. When you receive the following message, click Yes to confirm the deletion of the UpperFilters registry entry: Are you sure you want to delete this value? The UpperFilters registry entry is removed from the {4D36E965-E325-11CE-BFC1-08002BE10318} registry subkey. Note Do not exit Registry Editor. You must have this program for the next step. Step 3: Delete the LowerFilters registry entry 1. In Registry Editor, expand My Computer, and then expand HKEY_LOCAL_MACHINE. 2. Expand SYSTEM, and then expand CurrentControlSet. 3. Expand Control, and then expand Class. 4. Under Class, click {4D36E965-E325-11CE-BFC1-08002BE10318}. 5. In the right pane (topic area), click LowerFilters. Note An LowerFilters.bak registry entry may also appear. To delete the LowerFilters registry entry, you must click LowerFilters and not LowerFilters.bak. 6. On the Edit menu, click Delete. 7. When you receive the following message, click Yes to confirm the deletion of the LowerFilters registry entry: Are you sure you want to delete this value? The LowerFilters registry entry is removed from the {4D36E965-E325-11CE-BFC1-08002BE10318} registry subkey. 8. Exit Registry Editor. Step 4: Restart the computer If a CD recording program no longer works after you restart the computer, you must reinstall the CD recording program ===== Search Companion Starts If You Double-Click a Folder or Drive ===== 11/7/2008, Xing brought McCue's laptop with a virus. Malwarebytes mostly fixed it thought the install had an error that was okay to ignore. SEP was installed and scans are clean. Also, I had to remove c:\autorun.inf and c:\autorun.p to get my computer to open the drives. Then the following had to be done to get it to stop bringing up "search". [[http://windowsxp.mvps.org/searchwindow.htm]] regsvr32 /i shell32.dll Or, HKEY_CLASSES_ROOT \ Directory \ shell HKEY_CLASSES_ROOT \ Drive \ shell * In the right-pane, locate and click the (Default) value * Click Modify on the Edit menu * Type the word none in the Value data box, and then click OK ===== kill tasks ===== tasklist taskkill /pid ===== icon size ===== The size for a logon icon is 71 dpi, 48x48 pixels ===== Hack administrator Password with Linux ===== [[http://www.junauza.com/2009/01/hacking-windows-administrator-password.html]] sudo apt-get install chntpw access the Windows NTFS partition by mounting it and allowing read/write support. A good tutorial on how to do this can be found: [[http://www.ubuntugeek.com/widows-ntfs-partitions-readwrite-support-made-easy-in-ubuntu-feisty.html]] sudo apt-get install ntfs-config Applications—>System Tools—>NTFS Configuration Tool ... cd to ‘WINDOWS/system32/config’. Once inside the ‘config’ directory, issue this command: sudo chntpw SAM A long display of information will follow. Just ignore them. Once you are prompted to reset the password, it is recommended to leave the password blank with an asterisk *. Reboot, and you can now login to freakin’ Windows. ===== XP setup configuration modifications ===== * Turn off autoplay * Disable IIS install these * SEP (If not done by GPO) * Firefox * Flash * pdf viewer of some kind * putty * CoreFtp ===== key recovery ===== magical jellybean key finder [[http://magicaljellybean.com/keyfinder/]] ===== xcopy backup ===== [[http://news.cnet.com/8301-13880_3-10147826-68.html?part=rss&subj=news&tag=2547-1_3-0-20]] ...For example, backing up your Documents (Vista) or My Documents (XP) folder to a USB thumb drive is as easy as typing a variation of either of the following lines: xcopy C:\Users\username\Documents g:\backup /D /E /C /R /H /I /K /Y xcopy "C:\Documents and Settings\username\My Documents" g:\backup /D /E /C /R /H /I /K (Swap out "username" with your ID, and don't forget to put the quotes around the file path in XP.) These examples assume you're using the default location of the folders. Change the drive letter to match that of your USB drive, or whatever device you're backing up the file to. At the end of each command are several switches: The /D switch ensures that the files being copied are newer than the ones already on the destination device. The /E switch will copy empty directories and subdirectories. The /C switch ignores errors. The /R switch copies over read-only files. The /H switch copies hidden (system) files. The /I switch creates directories on the destination device automatically. The /K switch includes attributes to avoid making all the copied files read-only. Lastly, the /Y switch gets rid of the prompts when overwriting files. ===== system file check ===== - Put in the WinXP CD. Close the Box that comes up. - Fire up "Run" (Win + R) - Type "sfc /scannow" (SFC - System File Checker) ===== Windows Encrypted File System (EFS) ===== Error message when client computers encrypt a file in a Windows Server 2003 domain: “Recovery policy configured for this system contains invalid recovery certificate” [[http://support.microsoft.com/kb/937536]] ===== ports and process id's (pid's) ===== netstat -ano ===== Vista junction ===== Vista uses a link to its location from legacy locations like "Documents and Settings" [[http://www.svrops.com/svrops/articles/jpoints.htm]] dir /aL ===== Devenport's Tablet from COE XP reinstall ===== using driver packs and Unattended, the remaining drivers needed were: Button Driver Fingerprint Driver Media Slot Shock Sensor driver and Application Bluetooth Installed apps: Unattended: Office Matlab Flash IE7-AOE manual: SEP Camtasia Acrobat Pro ===== Reset network connection ===== [[http://support.microsoft.com/kb/299357]] netsh int ip reset resetlog.txt [[http://support.microsoft.com/kb/892350]] [[http://technet.microsoft.com/en-us/library/cc753591.aspx]] netsh winsock reset catalog ===== Here's another way to add printers ===== [[http://support.microsoft.com/kb/189105|How to add printers with no user interaction in Windows]] ===== System File Checker ===== Scan entire system SFC.EXE /scannow ===== How to enable Windows Installer logging ===== [[http://support.microsoft.com/default.aspx?scid=223300]] Open the registry with Regedit.exe and create the following path and keys: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer Reg_SZ: Logging Value: voicewarmupx ===== Flush Cache ===== arp -d * ipconfig /flushdns nbtstat -R nbtstat -RR *commands are case-sensitive* --Russ OVPR ===== Windows 7 ===== Mark Minasi webinar 2009-05-28 === deloyment === Vista and 7 uses a deployment engine codenamed Panther. WAIK 2.0 diskpart WinPE 3.0 * includes DISM "Deployment Image Servicing and Management Tool" incorporates drivers, etc. * Examples: * dism /get-wiminfo /wimfile:filename /indes:n (shows info about a wim) * remount and cleanup commands possible * XML scripting support built-in * No Prep any more (used to slim down the install in Vista) * VHD support to use a virtual hard drive on a physical machine * powerconfig === security === Mark wrote chiml, a tool to modify file permissions for Vista * bitlocker-to-go for USB disks * AppLocker (restricts specific programs) * DirectAccess (ipsec tunnel or VPN like connection that works seamlessly) * NRPT Name resolution policy table * DNSSEC === other === * Branch * AD Powershell (active directory) * RSAT Remote Server Administration Tool == AD Web Service == * DC listens on TCP 9389 * every 2008 R2 DC runs ADWS === === * ADAC AD Admin Center * Offline domain join (using a text file blob created on the server and passed to the workstation) * Managed Service Accounts ===== force XP update with WSUS ===== wuauclt /detectnow ===== some antivirus options ===== * avast * avg * comodo ===== fileserver errors from Windows Defender and shortcuts to samba share on desktop===== Jul 2 13:16:10 alexandria smbd[29442]: [2009/07/02 13:16:10, 0] smbd/service.c:make_connection(1191) Jul 2 13:16:10 alexandria smbd[29442]: csultan-t3500 (128.173.189.207) couldn't find service roycf Jul 2 13:16:10 alexandria smbd[29442]: [2009/07/02 13:16:10, 0] smbd/service.c:make_connection(1191) Jul 2 13:16:10 alexandria smbd[29442]: csultan-t3500 (128.173.189.207) couldn't find service roycf Jul 2 13:16:10 alexandria smbd[29442]: [2009/07/02 13:16:10, 0] smbd/service.c:make_connection(1191) Jul 2 13:16:10 alexandria smbd[29442]: csultan-t3500 (128.173.189.207) couldn't find service roycf Jul 2 13:16:10 alexandria smbd[29442]: [2009/07/02 13:16:10, 0] smbd/service.c:make_connection(1191) Jul 2 13:16:10 alexandria smbd[29442]: csultan-t3500 (128.173.189.207) couldn't find service roycf [[http://forums.contribs.org/index.php?topic=43323.0]] "So to sum up Windows defender can leave logs that look like something is scanning Ibays for windows executables. It doesn't need a mapped drive just a short cut on a user desktop and will normally happen at scheduled scan times (early hours)." ===== ActiveX Kill Bits deployment ===== Two methods: [[http://blogs.technet.com/askds/archive/2007/08/14/deploying-custom-registry-changes-through-group-policy.aspx]] ==== 1 regedit in startup script ==== Create a reg file **from the domain controller**. Include the header and blank lines. Include the msa number for the Microsoft Security Advisory just for convenience. [[http://www.microsoft.com/technet/security/advisory/973472.mspx]] activex_compatibility-msa972890.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}] "Compatibility Flags"=dword:00000400 In GPO startup-scripts regedit.exe /s \\aoe.vt.edu\SYSVOL\aoe.vt.edu\scripts\activex_compatibility-msa972890.reg ==== 2 ADM template for Active directory ==== [[http://blogs.msdn.com/askie/archive/2009/07/14/group-policy-adm-template-to-implement-the-workaround-from-security-advisory-973472.aspx]] x86 ADM Template ;####################### Begin x86 adm setting ########################### CLASS MACHINE CATEGORY "Group Policy workaround for KB973472, x86" POLICY "MS 973472 Activex component {0002E541-0000-0000-C000-000000000046}" KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}" EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472" VALUENAME "Compatibility Flags" VALUEON NUMERIC 1024 VALUEOFF NUMERIC 0 END POLICY POLICY "MS 973472 Activex component {0002E559-0000-0000-C000-000000000046}" KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}" EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472" VALUENAME "Compatibility Flags" VALUEON NUMERIC 1024 VALUEOFF NUMERIC 0 END POLICY END CATEGORY [strings] kb973472="kb973472" kb973472="Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution " ;####################### End of x86 adm setting ########################### x64 ADM Template ;####################### Begin x64 adm setting ########################### CLASS MACHINE CATEGORY "Group Policy workaround for KB973472, x64" POLICY "MS 973472 Activex component {0002E541-0000-0000-C000-000000000046}" KEYNAME "SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}" EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472" VALUENAME "Compatibility Flags" VALUEON NUMERIC 1024 VALUEOFF NUMERIC 0 END POLICY POLICY "MS 973472 Activex component {0002E559-0000-0000-C000-000000000046}" KEYNAME "SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}" EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472" VALUENAME "Compatibility Flags" VALUEON NUMERIC 1024 VALUEOFF NUMERIC 0 END POLICY END CATEGORY [strings] kb973472="kb973472" kb973472="Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution " ;####################### End of x64 adm setting ########################### ==== Firefox bookmarks folder on Vista ==== C:\Users\stedwar1\AppData\Roaming\Mozilla\Firefox\Profiles\gxobi28k.default\places.sqlite ==== Device manager ==== devmgmt.msc ==== Free Tools ===== * http://www.computerworld.com/s/article/9168758/Top_free_troubleshooting_tools_for_Windows?taxonomyId=18&pageNumber=1 http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx * [[http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx|Process Explorer]] * [[http://www.gtopala.com/|System Information for Windows]] * [[http://www.nirsoft.net/utils/blue_screen_view.html|Blue Screen View]] * [[http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx|Autoruns]] * [[http://windirstat.info/|WinDirStat]] * [[http://ccollomb.free.fr/unlocker/|Unlocker]] * [[http://www.nirsoft.net/utils/opened_files_view.html|OpenedFilesView]] * http://www.infoworld.com/d/windows/top-10-windows-tools-it-pros-792?source=fssr * [[http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx|Sysinternals Suite]] * [[http://www.hwinfo.com/|HWiNFO32 (Hardware Info)]] * [[http://www.ccleaner.com/|Crap Cleaner]] * [[http://www.recuva.com/|Recuva (File Recovery)]] * [[http://filezilla-project.org/|Filezilla (FTP software)]] * [[http://www.slysoft.com/en/virtual-clonedrive.html|Virtual CloneDrive (iso mounting)]] * [[http://www.defraggler.com/|Defraggler]] * [[http://www.imgburn.com/|ImgBurn]] another is [[|Alcohol 52%]], but lesser flexible. * [[http://www.7-zip.org/|7-Zip]] * [[http://www.virtualbox.org/|virtualBox]] * http://www.infoworld.com/d/open-source/best-free-open-source-software-windows-903?source=fssr * [[http://www.getpaint.net/|paint.net]] Though not open source any more. * [[http://sourceforge.net/projects/pdfcreator/|PDFCreator]] * [[http://www.clamwin.com/|ClamWin]] ==== delete hyberfil.sys ==== http://www.howtogeek.com/howto/15140/what-is-hiberfil.sys-and-how-do-i-delete-it/ Disable Hibernate (and Delete hiberfil.sys) in Windows 7 or Vista You’ll need to open an administrator mode command prompt by right-clicking on the command prompt in the start menu, and then choosing Run as Administrator. Once you’re there, type in the following command: powercfg -h off ===== Delete cached Windows passwords ===== [[http://www.technize.com/how-to-delete-remembered-network-passwords-in-windows/]] Go to Start Menu –> Run –> control userpasswords2 and press Enter. * User Accounts Dialog Box will appear, * Go to Advance Tab and * Click on the Manage Password Button. * In Stored User Names and Password press the Remove Button and Remove all users information that you want to delete. ===== Outlook opening attachments slow ===== Try deleting the outlook cache. Sounds simple, but try browsing to the Oulook cache with explorer. C:\Documents and Settings\\Local Settings\Temporary Internet Files\ Now try using the command line: cd C:\Documents and Settings\\Local Settings\Temporary Internet Files\ dir /a Look different? So, just enter in the directory path in explorer for the Outlook cache and commence with deleting the files in that directory. cd C:\Documents and Settings\\Local Settings\Temporary Internet Files\content.outlook\ Win 7 cd c:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.outlook\ Look in this registry key to find the location HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security [[http://www.groovypost.com/howto/microsoft/outlook/find-the-microsoft-outlook-temporary-olk-folder/]] ===== File Checksum Integrity Verifier ===== Provides md5sum calculations fciv.exe [[http://support.microsoft.com/kb/841290]] ===== clean up temp files ===== http://www.theregister.co.uk/2010/06/23/reg_linux_guide_2/ C:\WINDOWS\TEMP C:\Documents and Settings\%USERNAME%\Local Settings\Temp C:\Users\%USERNAME%\AppData\Local\Temp DEL *.* /s/q ...you might need to reboot, or start the PC in Safe Mode. ...search the disk for files matching "~*.*" and remove them – they're temporary files which MS Office tends to litter all over your drive. Next, look in C:\WINDOWS. You'll probably see loads of uninstall folders for Windows updates - usually, these are called things like $NtUninstallKB898461$: anything with a name starting and ending with a dollar sign and called "NtUninstall" followed by a number or name. Only delete these ones - leave everything else, including the folder $hf_mig$ if you have it. Reboot to make sure everything still works. If all seems fine, empty the Recycle Bin. Next, open a command prompt and do a CHKDSK /F on all of your drives. ===== Buring iso CD on Windows ===== [[http://www.imgburn.com/]] ===== techradar 100 Free Windows Software ===== http://www.techradar.com/news/software/applications/100-best-ever-free-pc-system-tools-705029?artc_pg=1 ===== commands to start control panels ===== to bring up network control panel ncpa.cpl http://www.vlaurie.com/computers2/Articles/control.htm Add remove programs appwiz.cpl Device manager devmgmt.cpl Run as administrator Press Ctrl+Shift+Enter ===== Outlook 2010 - Import 2007 .nk2 auto complete nicknames ===== http://support.microsoft.com/kb/980542 ===== View open ports in Windows ===== netstat -ano or http://www.nirsoft.net/utils/cports.html ===== Change the name ===== http://www.techradar.com/news/software/operating-systems/10-windows-7-registry-hacks-and-tweaks-905864?src=rss&attr=all Bought a second-hand machine? Then you might want to alter the name of the registered owner. Go to HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows NT\ CurrentVersion\ double-click on the 'RegisteredOwner' key and then change it. ===== Windows doesn’t fully support IPv6 ===== http://blogs.techrepublic.com.com/10things/?p=1893 It’s kind of ironic, but as hard as Microsoft has been pushing IPv6 adoption, Windows does not fully support IPv6 in all the ways you might expect. For example, in Windows, it is possible to include an IP address within a Universal Naming Convention (\\127.0.0.1\C$, for example). However, you can’t do this with IPv6 addresses because when Windows sees a colon, it assumes you’re referencing a drive letter. To work around this issue, Microsoft has established a special domain for IPv6 address translation. If you want to include an IPv6 address within a Universal Naming Convention, you must replace the colons with dashes and append .ipv6.literal.net to the end of the address — for example, FE80-AB00–200D-617B.ipv6.literal.net. ===== File recovery tools ===== http://www.howtogeek.com/howto/15120/get-back-that-photo-picture-or-file-you-deleted-accidentally/ DiskDigger from dmitrybrant.com Recuva from piriform.com ===== Event logs ===== http://www.techradar.com/news/software/operating-systems/windows-event-viewer-tips-and-tricks-930708?src=rss&attr=all remote log events: prepare the remote computers to forward events and Run cmd as administrator winrm quickconfig the central PC where you'll be collecting these events wecutil qc Subscriptions | Create subscription ===== Recovering the Windows Boot Record ===== http://www.howtogeek.com/55989/ask-how-to-geek-fixing-the-windows-boot-record-sharing-mac-folders-with-windows-and-reviving-the-outlook-reminder-bell/ Put a Windows installation disc in your disc drive and reboot. Press any key when prompted, do the basic setup (selecting your language, time zone, etc.) and click next. Then click Repair your computer. Click on the operating system you want to repair and click next. At this point you’ll be at the System Recover Options menu, click on Command Prompt. Now it’s time to execute a simple repair on your machine. At the command prompt type in bootrec.exe /FixMbr ===== Secure Delete ===== Sysinternals command line tool sdelete http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx CleanUp! http://www.stevengould.org/index.php?option=com_content&task=view&id=15&Itemid=69 Eraser http://www.heidi.ie/node/6 ===== Disallow Programs from running ===== When trying to run Microsoft Security Essentials the followin message could appear after virus removal: "this operation has been cancelled due to restrictions in affect on your computer. please contact your system admin." Remove the entries from this key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun http://answers.microsoft.com/en-us/protect/forum/protect_scanning/this-operation-has-been-cancelled-due-to/aab48174-38c1-4f10-9f11-f6c2bb3709c4 ===== Call Microsoft ===== PCSafety is a toll-free telephone support line that Microsoft operates for customers with malware-infection problems. The number in the U.S. is: 866-727-2338. ===== Power Settings for XP ===== http://support.microsoft.com/kb/915160 If you give the user full control of the following registry keys: It works without giving the user full admin rights on the machine HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ControlsFolder\PowerCfg\GlobalPowerPolicy HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ControlsFolder\PowerCfg\PowerPolicies ===== Programs may be unable to access some network locations after you turn on User Account Control in Windows Vista or in Windows 7 ===== http://support.microsoft.com/kb/937624 To configure the EnableLinkedConnections registry value, follow these steps: 1. Click Start, type regedit in the Start Search box, and then press Enter. 2. Locate and then right-click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System 3. Point to New, and then click DWORD Value. 4. Type EnableLinkedConnections, and then press Enter. 5. Right-click EnableLinkedConnections, and then click Modify. 6. In the Value data box, type 1, and then click OK. 7. Exit Registry Editor, and then restart the computer. ===== Microsoft Standalone System Sweeper Beta ===== http://connect.microsoft.com/systemsweeper ===== Microsoft Safety Scanner ===== http://www.microsoft.com/security/scanner/en-us/default.aspx ===== Restrict Remote desktop users to a group (like distancelearn) through group policy ===== http://technet.microsoft.com/en-us/library/cc776790%28WS.10%29.aspx