1. Open a command prompt. 2. Navigate to %windir%\PCHealth\HelpCtr\Binaries 3. Run this command:

start /w helpsvc /svchost netsvcs /regserver /install 4. Once this command completes the Help and Support service should now appear in services.msc 5. Start the Help and Support service

Regards,

The SBS Bloggers team

Active directory adsiedit.exe lists account times as a long integer number. To convert, use the following.

http://support.microsoft.com/kb/192949/

w32tm.exe /ntt3 <number>
w32tm.exe /ntte 127792363385310954

Attributes (Large Integer/Interval)

accountExpires
badPasswordTime
lastLogon
lastLogontimestamp
pwdLastSet

Attribute (UTC Coded time) (these don't need converstion in adsiedit)

createTimeStamp
modifytimeStamp
whenChanged
whenCreated

to get change password date, get pwdLastSet from user and maxPwdAge from base. maxPwdAge is negative, so subtracting maxPwdAge effectivly adds the absolute values of the two.

pwdLastSet - maxPwdAge
w32tm.exe /ntte <sum of above>

userAccountControl attributes

Password must be reset:

ldapsearch -x -D 'cn=ldapbrowser,cn=Users,dc=aoe,dc=vt,dc=edu' -W -b 'dc=aoe,dc=vt,dc=edu' "(&(objectclass=*)(pwdLastSet=0))" cn uid |grep -E "cn|uid"

Password last set:

ldapsearch -x -D 'cn=ldapbrowser,cn=Users,dc=aoe,dc=vt,dc=edu' -W -b 'dc=aoe,dc=vt,dc=edu' "(&(objectclass=*)(uid=sateel))" pwdLastSet

Max Password age

ldapsearch -x -D 'cn=ldapbrowser,cn=Users,dc=aoe,dc=vt,dc=edu' -W -b 'dc=aoe,dc=vt,dc=edu' "(objectclass=domain)" maxPwdAge

pwdLastSet/10,000,000=seconds since Jan 1,1601
pwdLastSet/10,000,000/seconds/minutes/hours/days=years
pwdLastSet/10,000,000/60/60/24/365.25=year

( x /10000000/60/60/24/365.25)+1601

converted = WindowsTimestamp / 10000000 - 11644473600;
date -u --date="1970-01-01 $converted sec GMT"

*The result is off by 5 hours due to GMT.

http://www.lochan.org/2005/keith-cl/useful/win32time.html

/windows/system32/drivers/etc/hosts

Broadcom managment application for wireless NIC was interfering with the DHPC of the LAN connection and not allowing an address to be received. Removing the managment program fixed it. The symtom was when “limited network connectivity” followed by getting an address when renewing the lease.

http://support.microsoft.com/kb/923100 Basically, try to remove, then use the Windows Installer CleanUp Utility to remove the entry and reinstall.

rundll32.exe advapi32.dll,ProcessIdleTasks

This immediately executes all background idle tasks to completion, including tasks such as the Windows prefetcher.

http://isc.sans.org/diary.html?storyid=4039

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here

http://www.computerworld.com.au/index.php/id;1170986376;fp;4194304;fpid;1

Applying Group Policy causes Userenv errors and events to occur on your computers that are running Windows Server 2003, Windows XP, or Windows 2000

Vista Upgrade on a new machine

http://www.vistax64.com/tutorials/130095-user-profile-service-failed-logon-user-profile-cannot-loaded.html

activate administrator account using safe mode:

net user administrator /active:yes

As Administrator in Safe Mode:

4. In regedit, go to: (See screenshot below step 5)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

5. In the left pane, look for the S-1-5….. folder (SID key) with the long number that has .bak at the end of the numbers. [and switch with the one without the .bak]

This is an old problem when Vista first came out. The problem was with Samba not using NTLMv2, which is seems to handle now (2010-6-8).

http://www.jimmah.com/vista/Networking/ntlm.aspx

When accessing a file share on a remote computer or device, Windows Vista will refuse to send your password using older encryption methods.

Unfortunately, many NAS devices as well as older versions of linux do not understand the newer encryption methods. This keeps you from being able to access these devices.

The solution is to force Windows Vista to use the older encryption methods. To do that, follow these steps:

CAUTION: Improperly modifying the registry can harm your system.

 1. Click start
 2. Type: regedit
 3. Press enter
 4. In the left, expand these folders: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
 5. In the left, click on the folder named: Lsa
 6. In the right, double-click "LmCompatibilityLevel"
 7. Type the number 1 and press enter
 8. Restart your computer

 1. Click Start
 2. Click Control Panel
 3. Click System and Maintenance
 4. Click Administrative Tools
 5. Double-Click Local Security Policy
 6. In the left pane, click the triangle next to Local Policy
 7. In the left pane, click Security Options
 8. In the right pane near the bottom, double-click "Network security: LAN manager authentication level"
 9. Click the drop-down box, and click "Send LM & NTLM - use NTLMv2 session security if negotiated"
10. Click OK

http://technet2.microsoft.com/windowsserver/en/library/4960db77-7bc9-4b5c-9c68-53a8b3c593f61033.mspx?mfr=true

http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=993326&SiteID=17

http://technet2.microsoft.com/WindowsVista/en/library/5ae8da2a-878e-48db-a3c1-4be6ac7cf7631033.mspx?mfr=true

http://blog.washingtonpost.com/securityfix/2008/04/windows_vista_service_pack_1_n_1.html First:

Backup data
chkdsk c: /F
SFC /Scannow

AT \\machinethatyouareon 21:07 /INTERACTIVE cmd.exe

[Start] [Run] [Regedit]
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\MyComputer\NameSpace\DelegateFolders

In the left pane, delete the sub-key {59031a47-3f72-44a7-89c5-5595fe6b30ee}

Exit Registry and Reboot

• Run the Registry Editor (REGEDIT.EXE).
• Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom.
• Double-click the Autorun value, and type 0 for its value. (If it's not there, create it by selecting Edit → New → DWORD Value, and typing “Autorun” for its name.)
• You may have to log out and then log back in for this change to take effect.

• Note: With this solution, Windows will no longer be notified when you insert a new CD. To make sure the correct icon and title for the current CD are displayed in My Computer and Explorer, press F5 to refresh the window.

http://support.microsoft.com/kb/953252 –> http://support.microsoft.com/kb/967715/

Group Policy key

Administrative templates > system > turn off Auto Play

fixboot
fixmbr

http://support.microsoft.com/kb/314503

4. If the primary boot partition is a FAT partition, use the FIXBOOT command from the Windows XP Recovery Console to write a new boot sector on the system partition, and then use the FIXMBR command to repair the master boot record.

http://icrontic.com/articles/repair_windows_xp

Internet options, Security, Internet, Custom Level, Miscellaneous, Launch applications and unsafe files, Prompt.

Auto Login kb315231

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\
TransportBindName 
  Value: \Device\

http://support.microsoft.com/?id=315619

Four things are required for transparent icon backgrounds:

1.Control Panel-System-Advanced-Performance Settings. Check “Use drop shadows for icon labels on the desktop” on the Visual Effects tab.

2.Right-click on Desktop - “Arrange Icons by” and ensure Lock Web items is cleared.

3.Transparency will not work if you have web content on your desktop, Control Panel - Display Properties - Desktop tab - Customize Desktop - Web tab. Clear all check boxes.

4. Ensure the Wallpaper is an image file not HTML.

….Alan – Alan Edwards, MS MVP Windows - Internet Explorer http://dts-l.com/index.htm

Dr Simpson's laptop was giving a blue screen upon logon. Installing bios, reinstalling drivers all was not effective. Downloading and installing the complete SP3 fixed the bluescreen problem. It then complained of having spyware, which was a malware program called XP_AntiSpyware 2009.

http://www.bleepingcomputer.com/malware-removal/remove-xp-antispyware-2009

Malwarebytes Anti-malware

http://isc.sans.org/diary.html?storyid=5548

download the boot-able cd here:

http://www.avira.com/en/support/support_downloads.html

“After that, I performed a scan with F-Secure's Blacklight rootkit detection and elimination tool:

http://www.f-secure.com/security_center/”

reinstall and run with updates:

1. malware bytes http://www.malwarebytes.org/mbam.php
2. avira http://www.avira.com/en/support/support_downloads.html
3. spy bot http://www.safer-networking.org/en/spybotsd/index.html
4. windows defender (may need windows updates working to get updates) http://www.microsoft.com/windows/products/winfamily/defender/default.mspx
5. black light http://www.f-secure.com/security_center/
6. Norton removal tool http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

use the one from the ISP

1. sep http://antivirus.vt.edu
2. windows updates

from -Lee Dickey

1. F-Secure Rescue CD which can update on the internet if it detects your Ethernet connection or through a connected USB key. http://www.f-secure.com/linux-weblog/2008/06/19/f-secure-rescue-cd-300-released/
2. Combofix.exe http://www.bleepingcomputer.com/combofix/how-to-use-combofix

from Russ

1. Avast for home use http://www.avast.com/

http://www.tomshardware.com/forum/86497-45-windows-find-explorer

if explorer.exe does is not found, or the logon does not complete, it could be trying to run a debugger program instead. remove this key:

HKLM/Software/Microsoft/Windows NT/Current Version/Image File Execution Options/explorer.exe/{ a key similar to "Debugger" }

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/934d7988e4ebff7c88257348007a2574?OpenDocument

Logging on results in immediate logoff. The problem is a key is corrupt or missing.

http://www.tomshardware.com/forum/28295-45-editing-registry-recovery-console

http://www.opentechsupport.net/forums/archive/topic/20552-1.html

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

modify the value of Userinit to

C:\WINDOWS\system32\userinit.exe

The problem is that the registry cannot be modified unless you can log on.

Jason wrote a vbscript to first read the key and the script was applied via startup scripts in GPO. Then he exported the key from a good machine and applied it using

regedit.exe /s thegoodfile.reg

using another startup batch file.

The VB Script information was found here:

http://www.websystemsadministration.com/kb/FileDepot/tabid/71/Default.aspx

http://www.update.microsoft.com/windowsupdate/v6/showarticle.aspx?articleid=38&ln=en&IsMu=False

Step 1: Start Registry Editor
Click Start, click Run, type regedit, and then click OK. Registry Editor starts.
Step 2: Delete the UpperFilters registry entry
1. In Registry Editor, expand My Computer, and then expand HKEY_LOCAL_MACHINE.
2. Expand SYSTEM,"and then expand CurrentControlSet.
3. Expand Control, and then expand Class.
4. Under Class, click {4D36E965-E325-11CE-BFC1-08002BE10318}.
5. In the right pane (topic area), click UpperFilters.

Note An UpperFilters.bak registry entry may also appear.
To delete the UpperFilters registry entry, you must click UpperFilters and not UpperFilters.bak.
6. On the Edit menu, click Delete.
7. When you receive the following message, click Yes to confirm the deletion of the UpperFilters registry entry:
Are you	sure you want to delete this value?
The UpperFilters registry entry is removed from the {4D36E965-E325-11CE-BFC1-08002BE10318} registry subkey.

Note Do not exit Registry Editor. You must have this program for the next step.
Step 3: Delete the LowerFilters registry entry
1. In Registry Editor, expand My Computer, and then expand HKEY_LOCAL_MACHINE.
2. Expand SYSTEM, and then expand CurrentControlSet.
3. Expand Control, and then expand Class.
4. Under Class, click {4D36E965-E325-11CE-BFC1-08002BE10318}.
5. In the right pane (topic area), click LowerFilters.

Note An LowerFilters.bak registry entry may also appear. To delete the LowerFilters registry entry, you must click LowerFilters and not LowerFilters.bak.
6. On the Edit menu, click Delete.
7. When you receive the following message, click Yes to confirm the deletion of the LowerFilters registry entry:
Are you sure you want to delete this value?
The LowerFilters registry entry is removed from the {4D36E965-E325-11CE-BFC1-08002BE10318} registry subkey.
8. Exit Registry Editor.

Step 4: Restart the computer
If a CD recording program no longer works after you restart the computer, you must reinstall the CD recording program

11/7/2008, Xing brought McCue's laptop with a virus. Malwarebytes mostly fixed it thought the install had an error that was okay to ignore. SEP was installed and scans are clean.

Also, I had to remove c:\autorun.inf and c:\autorun.p<something> to get my computer to open the drives. Then the following had to be done to get it to stop bringing up “search”.

http://windowsxp.mvps.org/searchwindow.htm

regsvr32 /i shell32.dll

Or,

HKEY_CLASSES_ROOT \ Directory \ shell
HKEY_CLASSES_ROOT \ Drive \ shell

• In the right-pane, locate and click the (Default) value
• Click Modify on the Edit menu
• Type the word none in the Value data box, and then click OK

tasklist
taskkill /pid <number>

The size for a logon icon is

71 dpi, 48x48 pixels

http://www.junauza.com/2009/01/hacking-windows-administrator-password.html

sudo apt-get install chntpw

access the Windows NTFS partition by mounting it and allowing read/write support. A good tutorial on how to do this can be found:

http://www.ubuntugeek.com/widows-ntfs-partitions-readwrite-support-made-easy-in-ubuntu-feisty.html

sudo apt-get install ntfs-config

Applications—>System Tools—>NTFS Configuration Tool ...

cd to ‘WINDOWS/system32/config’.

Once inside the ‘config’ directory, issue this command:

sudo chntpw SAM

A long display of information will follow. Just ignore them.

Once you are prompted to reset the password, it is recommended to leave the password blank with an asterisk *. Reboot, and you can now login to freakin’ Windows.

• Turn off autoplay
• Disable IIS

install these

• SEP (If not done by GPO)
• Firefox
• Flash
• pdf viewer of some kind
• putty
• CoreFtp

magical jellybean key finder

http://magicaljellybean.com/keyfinder/

http://news.cnet.com/8301-13880_3-10147826-68.html?part=rss&subj=news&tag=2547-1_3-0-20

…For example, backing up your Documents (Vista) or My Documents (XP) folder to a USB thumb drive is as easy as typing a variation of either of the following lines:

xcopy C:\Users\username\Documents g:\backup /D /E /C /R /H /I /K /Y
xcopy "C:\Documents and Settings\username\My Documents" g:\backup /D /E /C /R /H /I /K

(Swap out “username” with your ID, and don't forget to put the quotes around the file path in XP.)

These examples assume you're using the default location of the folders. Change the drive letter to match that of your USB drive, or whatever device you're backing up the file to. At the end of each command are several switches:

The /D switch ensures that the files being copied are newer than the ones already on the destination device. The /E switch will copy empty directories and subdirectories. The /C switch ignores errors. The /R switch copies over read-only files. The /H switch copies hidden (system) files. The /I switch creates directories on the destination device automatically. The /K switch includes attributes to avoid making all the copied files read-only. Lastly, the /Y switch gets rid of the prompts when overwriting files.

1. Put in the WinXP CD. Close the Box that comes up.
2. Fire up “Run” (Win + R)
3. Type “sfc /scannow” (SFC - System File Checker)

Error message when client computers encrypt a file in a Windows Server 2003 domain: “Recovery policy configured for this system contains invalid recovery certificate”

http://support.microsoft.com/kb/937536

netstat -ano

Vista uses a link to its location from legacy locations like “Documents and Settings”

http://www.svrops.com/svrops/articles/jpoints.htm

dir /aL

using driver packs and Unattended, the remaining drivers needed were:

Button Driver
Fingerprint Driver
Media Slot
Shock Sensor driver and Application
Bluetooth

Installed apps:

Unattended:
  Office
  Matlab
  Flash
  IE7-AOE
manual:
  SEP
  Camtasia
  Acrobat Pro

http://support.microsoft.com/kb/299357

netsh int ip reset resetlog.txt

http://support.microsoft.com/kb/892350

http://technet.microsoft.com/en-us/library/cc753591.aspx

netsh winsock reset catalog

How to add printers with no user interaction in Windows

Scan entire system

SFC.EXE /scannow

http://support.microsoft.com/default.aspx?scid=223300

Open the registry with Regedit.exe and create the following path and keys:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer
Reg_SZ: Logging
Value: voicewarmupx

arp -d *
ipconfig /flushdns
nbtstat -R
nbtstat -RR

*commands are case-sensitive*

–Russ

OVPR

Mark Minasi webinar 2009-05-28

Vista and 7 uses a deployment engine codenamed Panther.

WAIK 2.0

diskpart

WinPE 3.0

• includes DISM “Deployment Image Servicing and Management Tool” incorporates drivers, etc.
  • Examples:
    • dism /get-wiminfo /wimfile:filename /indes:n (shows info about a wim)
  • remount and cleanup commands possible

• XML scripting support built-in
• No Prep any more (used to slim down the install in Vista)

• VHD support to use a virtual hard drive on a physical machine

• powerconfig

Mark wrote chiml, a tool to modify file permissions for Vista

• bitlocker-to-go for USB disks
• AppLocker (restricts specific programs)
• DirectAccess (ipsec tunnel or VPN like connection that works seamlessly)
• NRPT Name resolution policy table
• DNSSEC

• Branch
• AD Powershell (active directory)
• RSAT Remote Server Administration Tool

• DC listens on TCP 9389
• every 2008 R2 DC runs ADWS

• ADAC AD Admin Center
• Offline domain join (using a text file blob created on the server and passed to the workstation)
• Managed Service Accounts

wuauclt /detectnow

• avast
• avg
• comodo

Jul 2 13:16:10 alexandria smbd[29442]: [2009/07/02 13:16:10, 0] smbd/service.c:make_connection(1191) Jul 2 13:16:10 alexandria smbd[29442]: csultan-t3500 (128.173.189.207) couldn't find service roycf Jul 2 13:16:10 alexandria smbd[29442]: [2009/07/02 13:16:10, 0] smbd/service.c:make_connection(1191) Jul 2 13:16:10 alexandria smbd[29442]: csultan-t3500 (128.173.189.207) couldn't find service roycf Jul 2 13:16:10 alexandria smbd[29442]: [2009/07/02 13:16:10, 0] smbd/service.c:make_connection(1191) Jul 2 13:16:10 alexandria smbd[29442]: csultan-t3500 (128.173.189.207) couldn't find service roycf Jul 2 13:16:10 alexandria smbd[29442]: [2009/07/02 13:16:10, 0] smbd/service.c:make_connection(1191) Jul 2 13:16:10 alexandria smbd[29442]: csultan-t3500 (128.173.189.207) couldn't find service roycf

http://forums.contribs.org/index.php?topic=43323.0

“So to sum up Windows defender can leave logs that look like something is scanning Ibays for windows executables. It doesn't need a mapped drive just a short cut on a user desktop and will normally happen at scheduled scan times (early hours).”

Two methods: http://blogs.technet.com/askds/archive/2007/08/14/deploying-custom-registry-changes-through-group-policy.aspx

Create a reg file from the domain controller. Include the header and blank lines. Include the msa number for the Microsoft Security Advisory just for convenience.

http://www.microsoft.com/technet/security/advisory/973472.mspx

activex_compatibility-msa972890.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}]
"Compatibility Flags"=dword:00000400

In GPO startup-scripts

regedit.exe /s \\aoe.vt.edu\SYSVOL\aoe.vt.edu\scripts\activex_compatibility-msa972890.reg

http://blogs.msdn.com/askie/archive/2009/07/14/group-policy-adm-template-to-implement-the-workaround-from-security-advisory-973472.aspx

x86 ADM Template

;####################### Begin x86 adm setting  ###########################

CLASS MACHINE

CATEGORY "Group Policy workaround for KB973472, x86"

POLICY "MS 973472 Activex component {0002E541-0000-0000-C000-000000000046}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}"
EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472"
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY

POLICY "MS 973472 Activex component {0002E559-0000-0000-C000-000000000046}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}"
EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472"
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY

[strings]
kb973472="kb973472"
kb973472="Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution "

;####################### End of x86 adm setting  ###########################

x64 ADM Template

;####################### Begin x64 adm setting  ###########################

CLASS MACHINE

CATEGORY "Group Policy workaround for KB973472, x64"

POLICY "MS 973472 Activex component {0002E541-0000-0000-C000-000000000046}"
KEYNAME "SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}"
EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472"
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY

POLICY "MS 973472 Activex component {0002E559-0000-0000-C000-000000000046}"
KEYNAME "SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}"
EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472"
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY

[strings]
kb973472="kb973472"
kb973472="Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution "

;####################### End of x64 adm setting  ########################### 

C:\Users\stedwar1\AppData\Roaming\Mozilla\Firefox\Profiles\gxobi28k.default\places.sqlite

devmgmt.msc

• http://www.computerworld.com/s/article/9168758/Top_free_troubleshooting_tools_for_Windows?taxonomyId=18&pageNumber=1 http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
  • Process Explorer
  • System Information for Windows
  • Blue Screen View
  • Autoruns
  • WinDirStat
  • Unlocker
  • OpenedFilesView
• http://www.infoworld.com/d/windows/top-10-windows-tools-it-pros-792?source=fssr
  • Sysinternals Suite
  • HWiNFO32 (Hardware Info)
  • Crap Cleaner
  • Recuva (File Recovery)
  • Filezilla (FTP software)
  • Virtual CloneDrive (iso mounting)
  • Defraggler
  • ImgBurn another is Alcohol 52%, but lesser flexible.
  • 7-Zip
  • virtualBox
• http://www.infoworld.com/d/open-source/best-free-open-source-software-windows-903?source=fssr
  • paint.net Though not open source any more.
  • PDFCreator
  • ClamWin

http://www.howtogeek.com/howto/15140/what-is-hiberfil.sys-and-how-do-i-delete-it/

Disable Hibernate (and Delete hiberfil.sys) in Windows 7 or Vista

You’ll need to open an administrator mode command prompt by right-clicking on the command prompt in the start menu, and then choosing Run as Administrator. Once you’re there, type in the following command:

powercfg -h off

http://www.technize.com/how-to-delete-remembered-network-passwords-in-windows/

Go to Start Menu –> Run –> control userpasswords2 and press Enter.

• User Accounts Dialog Box will appear,
• Go to Advance Tab and
• Click on the Manage Password Button.
• In Stored User Names and Password press the Remove Button and Remove all users information that you want to delete.

Try deleting the outlook cache. Sounds simple, but try browsing to the Oulook cache with explorer.

C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\

Now try using the command line:

cd C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\
dir /a

Look different? So, just enter in the directory path in explorer for the Outlook cache and commence with deleting the files in that directory.

cd C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\content.outlook\<random number>

Win 7

cd c:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.outlook\<some number>

Look in this registry key to find the location

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security

http://www.groovypost.com/howto/microsoft/outlook/find-the-microsoft-outlook-temporary-olk-folder/

Provides md5sum calculations

fciv.exe

http://support.microsoft.com/kb/841290

http://www.theregister.co.uk/2010/06/23/reg_linux_guide_2/

C:\WINDOWS\TEMP
C:\Documents and Settings\%USERNAME%\Local Settings\Temp
C:\Users\%USERNAME%\AppData\Local\Temp
DEL *.* /s/q

…you might need to reboot, or start the PC in Safe Mode.

…search the disk for files matching “~*.*” and remove them – they're temporary files which MS Office tends to litter all over your drive.

Next, look in C:\WINDOWS. You'll probably see loads of uninstall folders for Windows updates - usually, these are called things like $NtUninstallKB898461$: anything with a name starting and ending with a dollar sign and called “NtUninstall” followed by a number or name. Only delete these ones - leave everything else, including the folder $hf_mig$ if you have it.

Reboot to make sure everything still works. If all seems fine, empty the Recycle Bin. Next, open a command prompt and do a CHKDSK /F on all of your drives.

http://www.imgburn.com/

http://www.techradar.com/news/software/applications/100-best-ever-free-pc-system-tools-705029?artc_pg=1

to bring up network control panel

ncpa.cpl 

http://www.vlaurie.com/computers2/Articles/control.htm

Add remove programs

appwiz.cpl

Device manager

devmgmt.cpl

Run as administrator

Press Ctrl+Shift+Enter

http://support.microsoft.com/kb/980542

netstat -ano

or

http://www.nirsoft.net/utils/cports.html

http://www.techradar.com/news/software/operating-systems/10-windows-7-registry-hacks-and-tweaks-905864?src=rss&attr=all

Bought a second-hand machine? Then you might want to alter the name of the registered owner. Go to

HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows NT\ CurrentVersion\

double-click on the 'RegisteredOwner' key and then change it.

http://blogs.techrepublic.com.com/10things/?p=1893

It’s kind of ironic, but as hard as Microsoft has been pushing IPv6 adoption, Windows does not fully support IPv6 in all the ways you might expect. For example, in Windows, it is possible to include an IP address within a Universal Naming Convention (\\127.0.0.1\C$, for example). However, you can’t do this with IPv6 addresses because when Windows sees a colon, it assumes you’re referencing a drive letter.

To work around this issue, Microsoft has established a special domain for IPv6 address translation. If you want to include an IPv6 address within a Universal Naming Convention, you must replace the colons with dashes and append .ipv6.literal.net to the end of the address — for example, FE80-AB00–200D-617B.ipv6.literal.net.

http://www.howtogeek.com/howto/15120/get-back-that-photo-picture-or-file-you-deleted-accidentally/

DiskDigger from dmitrybrant.com

Recuva from piriform.com

http://www.techradar.com/news/software/operating-systems/windows-event-viewer-tips-and-tricks-930708?src=rss&attr=all

remote log events:

prepare the remote computers to forward events and Run cmd as administrator

winrm quickconfig

the central PC where you'll be collecting these events

wecutil qc

Subscriptions | Create subscription

http://www.howtogeek.com/55989/ask-how-to-geek-fixing-the-windows-boot-record-sharing-mac-folders-with-windows-and-reviving-the-outlook-reminder-bell/

Put a Windows installation disc in your disc drive and reboot. Press any key when prompted, do the basic setup (selecting your language, time zone, etc.) and click next. Then click Repair your computer. Click on the operating system you want to repair and click next. At this point you’ll be at the System Recover Options menu, click on Command Prompt.

Now it’s time to execute a simple repair on your machine. At the command prompt type in bootrec.exe /FixMbr

Sysinternals command line tool sdelete http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx

CleanUp! http://www.stevengould.org/index.php?option=com_content&task=view&id=15&Itemid=69

Eraser http://www.heidi.ie/node/6

When trying to run Microsoft Security Essentials the followin message could appear after virus removal:

“this operation has been cancelled due to restrictions in affect on your computer. please contact your system admin.”

Remove the entries from this key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

http://answers.microsoft.com/en-us/protect/forum/protect_scanning/this-operation-has-been-cancelled-due-to/aab48174-38c1-4f10-9f11-f6c2bb3709c4

PCSafety is a toll-free telephone support line that Microsoft operates for customers with malware-infection problems. The number in the U.S. is: 866-727-2338.

http://support.microsoft.com/kb/915160

If you give the user full control of the following registry keys:

It works without giving the user full admin rights on the machine

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ControlsFolder\PowerCfg\GlobalPowerPolicy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ControlsFolder\PowerCfg\PowerPolicies

http://support.microsoft.com/kb/937624

To configure the EnableLinkedConnections registry value, follow these steps:

 1. Click Start, type regedit in the Start Search box, and then press Enter.
 2. Locate and then right-click the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
 3. Point to New, and then click DWORD Value.
 4. Type EnableLinkedConnections, and then press Enter.
 5. Right-click EnableLinkedConnections, and then click Modify.
 6. In the Value data box, type 1, and then click OK.
 7. Exit Registry Editor, and then restart the computer.

http://connect.microsoft.com/systemsweeper

http://www.microsoft.com/security/scanner/en-us/default.aspx

http://technet.microsoft.com/en-us/library/cc776790%28WS.10%29.aspx