Windows OS

112K

Solutions

80K

Contributors

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi Everyone. I would like to share a basic but working PowerShell script to clean up the Windows 2016 Start Menu (from ProgramData and Default User) and the Public Desktop. This is useful when using a Workspace Manager like RES or Citrix WEM. I've added this script at shutdown (local GPO) so we do not need to manually clean-up the folders after every application update or new installations.

#Start Menu Clean-up at Shutdown 

Robocopy "C:\ProgramData\Microsoft\Windows\Start Menu\Programs" "C:\StartMenu\ProgramData\Programs"  /e /is /move /xj /r:0 
New-Item "C:\ProgramData\Microsoft\Windows\Start Menu\Programs" -ItemType "directory"
Robocopy "C:\StartMenu\ProgramData\Programs\Administrative Tools" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools" /e /xj /r:0 

Robocopy "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs" "C:\StartMenu\Default\Programs" /e /is /move /xj /r:0 
New-Item "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs" -ItemType "directory"

#Desktop clean-up at shutdown

Robocopy "C:\Users\Public\Desktop" "C:\StartMenu\Public\Desktop" /e /is /move /xj /r:0 
New-Item "C:\Users\Public\Desktop" -ItemType "directory"
Robocopy "C:\Users\Default\Desktop" "C:\StartMenu\Default\Desktop" /e /is /move /xj /r:0 
New-Item "C:\Users\Default\Desktop" -ItemType "directory"

Open in new window

0
OWASP Proactive Controls
LVL 13
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

0
It's here! Win 10 1809 .... Our Windows 10 v 1803 PCs which use Windows Update for Business, (configured by AD Group Policy and with no deferments in place) to use the Semi Annual Channel are auto upgrading to v 1809 this morning ....
0
LVL 111

Expert Comment

by:John
A number of users apparently had issues with V1809 so widespread distribution was delayed; so much so that the V1903 feature upgrade (running well on my own Insider laptop) will delayed until May to assure adequate testing
1
for all you VMware fans out there, and a Cautionary Tale! (why not to use vCenter Server for Windows), and keep continually upgrading as each version of vCenter Server comes out, at a client site, where they've been using Windows Server 2012 to Host vCenter Server, and have resisted heavily to use VCSA. (Linux Appliance). They upgraded from 5.0 to 5.5, and then 5.5 to 6.0 (which caused many days of issues).

Now just trying to upgrade from 6.0e to 6.0h, has caused VMware Support a headache, trying to get this to go... and it's now been over 1 week, trying to get this to function!!!!
2
LVL 12

Expert Comment

by:Senior IT System Engineer
Hi Andrew,
Thanks for sharing it here, let us know how it is resolved when you got the chance.
hopefully, all is well for you.
0
LVL 131

Author Comment

by:Andrew Hancock (VMware vExpert / EE Fellow)
Finally FIXED!

It would appear, the Installer does not modify the server.xml file, which needed to be manually fettled, for the upgrade to work!!!

No Kb about this anywhere!
0
Enforce File Type Associations

In a Windows 2016 published Desktop, Citrix users are able to use the "Open with..." command in the context menu and set their own file type association. This is by design. One solution to enforce the FTA at logon is to use the "SetUserFTA" software from Christoph Kolbicz's Blog or to use a GPO to assign a "Default Associations Configuration File" (thanks to McKnife) . Another way is to detect and remove user defined File Type Associations in the registry via a script. The registry key is locked down with a "Deny" access control set to everyone including the Administrators. The following script will remove the "Deny" access control, and then proceed to the deletion of the user defined file type association. This script runs at logon and at logoff and have been tested successfully.

# REMOVE HKCU File Type Association
# in addition to OEMDefaultAssociation.xml
Function RegACL-Reset
{
$hkey = 2147483649 
$reg = [wmiclass]"root\default:StdRegProv"
$ace = $reg.GetSecurityDescriptor($hkey,$hsubkey).Descriptor.DACL
$reg.psbase.Scope.Options.EnablePrivileges = $true
$sd = ([WMIClass] "Win32_SecurityDescriptor").CreateInstance()
$sd.ControlFlags = 0x0004
for($i=0;$i -lt $ace.length;$i++)
{
 if($ace[$i].AceType -ne 1)
 {
  $SD.dacl += $ace[$i] 
 }
}
$reg.SetSecurityDescriptor($hkey,$hsubkey,$sd)
}

# .XML - Remove user defined .XML file type association
$testreg = Test-Path -Path 

Open in new window

1
LVL 64

Expert Comment

by:McKnife
Fine. And no hard feelings, I hope :-)
At least I learned that there are some policies which have no effect when not domain-joined - for whatever reason Microsoft enforces this...
0
LVL 4

Author Comment

by:Olivier MARCHETTA
No worries :-).
0
SQL Server Management Studio : Windows Authentication from a non-domain-joined computer.

When trying to connect with an Windows integrated account to a domain-joined Microsoft SQL Server 2017 from a non-domain-joined computer or a computer joined to another non-trusted domain, you get a "login failed" on every connection attempts.

The solution (or workaround) is to use the Windows Credential Manager to pre-configure the domain user account to be trusted by SSMS with the following steps:

Open Credential Manager (type Credential Manager from the Start Menu)
Click "Add A Windows Credential"
Populate the network address field with the name and port number of the SQL instance you wish to store credentials. For example: MyMSSQLServer.domain.org:1433 (1433 is the default port, you may need a different port, especially if you are connecting to a named instance).
Populate the "User Name" including the domain name: "DOMAIN\Username"
Enter the "Password"
Click OK

Done! Restart SSMS, try connecting to the remote SQL Server from your non-domain joined machine and this time your login should work!
0
Google Chrome is hopeless for reading social media - Preliminary findings below

I am currently undertaking a comparison of 6 Web Browsers which will eventually be turned into an article of my findings - most likely once Microsoft Edge has been reincarnated into the planned Chromium based platform.

In the meantime, thought I'd share a preliminary finding that is quite definitive when reading Social Media - Facebook in particular.

Using Google Chrome on Windows 10 (64-bit) in my case, you may be finding that if browsing Facebook for a while, as you keep scrolling down your feed, it will get slower, and slower, and slower, until the point where is gets so frustratingly slow, that you end up closing Chrome completely, re-opening it and starting again, at which point speed returns to normal.

Sound familiar? Keep reading.

Doing the same tests with the Brave Browser, I have noted none of the noticeable slow downs in performance of Facebook pages when used for the the same amount of time. The same has proven true to some extent on YouTube, though tests on YouTube and other social media platforms have not been as extensive yet.

My preliminary finding is as follows: Dump Chrome for Social Media like Facebook and YouTube and use the Brave browser for that purpose instead. It makes a *huge* difference on my system.

For the sake of completeness, by "quite some time", I'm talking
2
LVL 58

Expert Comment

by:Scott Fell, EE MVE
I manage multiple FB business pages and am on FB a lot. I don't notice any slowness except when my internet is poor (like when I am in the country)

I downloaded Brave. It is a Chromium browser with ad blocking and that is why it seems faster.   I looked at some others that did a write up and it seems it is faster (because of the ad blocking) but not the speed up it shows.  

Perhaps it would be good to explain what is does, the motivation for publishers etc and that it is in infancy, something to watch for.
1
LVL 28

Author Comment

by:Andrew Leniart
Thanks for your interest Scott.

I don't notice any slowness except when my internet is poor (like when I am in the country)

I initially put it down to that until I started doing browser comparisons. Internet speed can certainly be a factor but it doesn't make sense (to me) why FB reduces itself to a crawl after a couple of hours of 'continuous use', yet if Chrome is completely closed out and reopened - speed and page response times instantly return to normal. How would you explain that?

I downloaded Brave. It is a Chromium browser with ad blocking and that is why it seems faster.   I looked at some others that did a write up and it seems it is faster (because of the ad blocking) but not the speed up it shows.

Yep, good point and one I've taken into consideration. I've used two add-blockers with Chrome - uBlock Origin and AdBlock Plus and have even had them set to their highest levels. If it's ads that are causing the problem, then either Brave has an outstanding ad blocker that far exceeds the performance of the two third party ones I've used, (only one at a time of course) or those two ad blockers are the cause of the slow downs. Nothing else makes sense to me. What's your take on that?

Perhaps it would be good to explain what is does, the motivation for publishers etc and that it is in infancy, something to watch for.

A bit beyond my skill set unfortunately. I'm doing these comparison exercises from a user standpoint - the internals of the browsers and how they work I only have a very elementary understanding of.

Thanks for your input into this - appreciated.

Regards, Andrew
0
Just spotted .. New version of Rufus can download official Windows ISO files

Rufus 3.5 with Windows 10 and 8.1 download option
2
LVL 5

Expert Comment

by:SirDragon
nice tip, will try it, thanks!
1
A little help in promoting both Experts Exchange and a few of my articles!

Tweet Promoting a Firetrust Newsletter Extract advertising my articles at Experts Exchange

Firetrust Newsletter Extract
A Tweet promoting the reading of Part 1 of my Article Series on Mailwasher

Mailwasher Article Series Part 1
Please Read, Enjoy, Endorse, and Share!  :-)

Thanks, Andrew
2
A good watch if interested in examining Malware and Virus Samples

If like me, you enjoy dabbling into how Virus and Malware samples work now and then, a new tool recently released by the NSA called Ghidra looks very interesting.

There's a video available on it at the following link:

https://www.youtube.com/watch?v=ReAkNHPZtmQ

Well worth a watch.

Regards, Andrew
1
LVL 4

Expert Comment

by:PeeterB
Very good overview .... good to know that a free tool with that level of functionality exists ... added to my 'must play with this' list .... thanks for posting ..

(edit) see here also .. https://www.forbes.com/sites/daveywinder/2019/03/07/nsa-releases-super-spooks-security-tool-so-would-you-trust-it/#5d1e77242c59
1
LVL 28

Author Comment

by:Andrew Leniart
You're welcome Peter and thank you for your link too!

Regards, Andrew
1
Become a Microsoft Certified Solutions Expert
LVL 13
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

0
Free License for Revo Uninstaller Professional

Recently Revo Uninstaller Pro was updated to v4. I've owned a license for this tool since v2.0 and recently paid for the v4 major upgrade. I can highly recommend Revo Uninstaller from personal experience.

A campaign whereby you can get a V3.0 Professional License for Free has been launched, so be sure to take advantage of it. Version 3.0 works very well on Windows 10 - I was still using it until a few months ago. Grab a free key now using the link below. If you like the tool you will have a cheaper upgrade path if you want to go to the latest version later.

https://www.revouninstaller.com/campaigns/facebook-campaign-email-activation.html

I've tested the above link and can confirm it's genuine as I now have another valid Revo Professional v3.0 license.

Cheers, Andrew
1
Enable Sound when booting in Safe Mode with Networking

What for you may ask?

Well, for one thing, it's *very* useful for Blind people who make heavy use of screen readers and need to boot into safe mode. I've made the solution available from a public folder on my website using the following link:

https://www.computerhelpzone.com.au/publicdocs/SoundInSafeMode.zip

Credits for this great solution:

Brian Vogel - The author of this solution. Brian tutors the blind and is a volunteer moderator at Bleeping Computer forums

Bill Prew - Trusted Expert at Experts Exchange who very kindly assisted greatly with the debugging and rewriting of the included batch file to allow flawless execution when I reached out to him for help

Hope it helps someone out.

Regards, Andrew
0
Some info on changes coming to how Windows Update for Business will interact with Servicing Channels .....
Windows Update for Business and the retirement of SAC-T
0
LVL 111

Expert Comment

by:John
Thank you for posting this. I saw this in an MVP group and it is effective with V1903.  So that should be in April.

Apparently the change is not huge, and businesses can hold off feature updates until they are in wide distribution
1
Formatting a hard drive is enough security if giving a computer away - or is it?

I recently had cause to recount an experience with one of my clients several years ago at another forum.

A client of mine was once convinced that despite my advice, nothing short of forensic recovery would put his old data at risk when he decided to donate some old workstations to a youth hostel. He wanted me to just delete the partitions the OS was sitting on, format and reinstall Windows. I did that on one machine right in front of him. Then I asked him to give me a few hours with that box on my own.

I returned the machine to him several hours later, with PDF copies of a few of "his" clients Tax Returns (complete with Tax File numbers) and a variety of other highly sensitive data sitting on the computer's desktop ready for the reading on a freshly installed copy of Windows 7 Pro. The entire exercise took about 4 - 5 hours, less than 30 minutes of actual hands-on work on my part. He was so grateful for my taking the time to show him what he was risking that I scored a $200 voucher to a high-end restaurant in Melbourne on top of my fee. Some people just need to physically "see" the proof of the pudding in order to believe.

What's your take? Are you still finding people insist on knowing better? I'm contemplating writing an article on this topic, but it seems so obvious to me that I wonder if it's going to turn out to be a wasted effort?

Regards, Andrew
0
LVL 40

Expert Comment

by:BillDL
I bought a 2nd hand EIDE hard drive from a PC refurbisher on eBay many years ago.  There was an ID written on the label in felt-tip pen containing the letters "NHS".  This is a well known acronym for the National Health Service in the UK.  Out of curiosity I ran GetDataBack on it and recovered a massive amount of very confidential information relating to psychiatric patients at one of the NHS hospitals in the area where the eBay seller was located.

After many emails and phone calls I finally managed to speak with the IT manager who was responsible for phasing out old IT equipment and passing it on through a recycling / refurbishment company.  I told him that I had recovered a lot of highly personal data from a hard drive that had come from a PC at the named hospital and told him who I had bought it from so that he could review the procedures and companies used.  I was met with a patronising wall of denial accompanied by an explanation of how drives are securely wiped, and was more or less told that I was lying and perhaps trying to extort money.

I printed about 20 of the documents I had recovered and posted them to the patients' home addresses with an anonymous note saying that the information had been recovered from NHS IT equipment sold on eBay.

I felt quite satisfied that at least a few of those patients would demand an explanation from the NHS as to how the documents came into 3rd-party hands and that the IT Manager would most likely be grilled about it.  (Note: it wasn't Pete Long :-)
1
LVL 27

Expert Comment

by:Brian B
Trust no one. I have read accounts of personal data getting out when someone donated a system or gave it to a friend without first fully wiping the drive. Said drive was removed and never used and then put back into the system when it was passed on to the next person and surprise! Hacker got the data.
1
New Offensive USB Cable Allows Remote Attacks over WiFi

Be careful where you buy your USB cables folks

https://www.bleepingcomputer.com/news/security/new-offensive-usb-cable-allows-remote-attacks-over-wifi/


4
LVL 49

Expert Comment

by:noci
Hopefully not to late to learn... ;-)

Many people considder USB to be some Serial cable like they used to have for Modems, Printers etc.
USB really is a multi-drop networking standard. And it provides for all kind of adapters like Storage Nodes, Network "routers" (=Usb Ethernet ...), Network camera's (photo equipment), ...
So USB sticks are more like a NAS on a private network then a Disk onto a Pata/Sata cable.  The difference is they have no configuration items on most USB equipment.
(Rather like the original SCSI standard, only serial).

The Poison Tap (short version) provides a network adapter, with DHCP and it will provision a network with netmask 0 (so ALL packets sent by your system [ except for the local network you PC is connected to ] go to the PoisonTap..). Which also runs a transparant proxy to hijack connections.  and will inject code back into the browser to redirect ALL access through another public site. After the PoisonTap is removed the attack still persists. Allowing an attacker to keep on tapping authentication data.
1
LVL 28

Author Comment

by:Andrew Leniart
Hopefully not to late to learn...
Never too late to learn something new noci. I live by that rule :)
0
Stop using Internet Explorer, warns Microsoft's own security chief

https://www.telegraph.co.uk/technology/2019/02/08/stop-using-internet-explorer-warns-microsofts-security-chief/

Heads up for those of you that might be doing so.
4
LVL 111

Expert Comment

by:John
Fuller quote from the bottom of the article (and I have read others like it)

""We want you to use IE for the sites that need it - what I'm trying to say here is that I hope you don't use it for everything else,” Mr Jackson said in a comment on the blog post.
Microsoft will end support for Internet Explorer 10 in January 2020, while Internet Explorer 11 will remain as the final iteration of the software."

Some servers do not have (and have not been able to update to) IE 11.  This was not in the article but I have read it along with the statement that Server updates would be revised to use IE 11. I am not sure about Server 2008 but certainly Server 2012.
0
LVL 27

Expert Comment

by:Brian B
The headline is somewhat sensational, the message is just good security practice.
1
Having problems reaching Windows Update Servers?

Then check out this AskWoody Article and see if it applies to you.

The Windows Update servers are having hiccups



Hope it helps.

Regards, Andrew
1
Do you sometimes forget what to click to get to where you want to go on Experts Exchange?

Then take a look at this: Experts Exchange - Feature Guide

Experts-Exchange Feature Guide
Should be useful to new and seasoned members alike. You may even discover some things you were not aware of :)

Comments and suggestion encouraged.
0
Microsoft Azure 2017
LVL 13
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

I'm looking for a cybersecurity-oriented managed service provider that will monitor a single Windows webserver for a small business that will be launching a web app soon. Most MSPs have a minimum that is too expensive for this organization. Any ideas on firms that will take a client that small, are reasonable and provide good service?
0
LVL 21

Expert Comment

by:Lucas Bishop
Depending on what type of monitoring you need, the Experts Exchange Business Account monitoring tool might give you what you're looking for:
https://www.experts-exchange.com/business.jsp#analysis
2

Author Comment

by:Ed Eckenstein
Sounds interesting. I will look into it.
Thanks!
0
Install and run a Microsoft Access application with one click

A revised article on this topic has been published:
Deploy and update a Microsoft Access application with one click
Microsoft Access on Windows 10
Deploying a Microsoft Access application in a normal Windows environment is not difficult but takes a few steps. The method and script provided here will - literally - turn the process into a one-click process for the user, even in a Citrix environment.
0
Warning - A respectable looking scam attempt

I get scam attempt emails all the time, however, this one caught my eye due to how cleverly it's been put together. An almost perfect reproduction of a genuine Energy Australia electricity bill. Two screw-ups from this particular scammer though - An invalid "From:" email address and the Copyright statement at the bottom of the bill is dated 2017.

Other than those two mistakes, it is an almost perfect reproduction that I fear would fool the majority of technically challenged users. Even the Sign in to My Account etc. links are genuine. Take a look at this:

EnergyAustralia Scam
















The "view your bill" link is bogus and hyperlinks to the following address, which I've purposely mangled to make it unclickable.

h t t p: // org155 DOT outdoorjacketstore DOT com / route / b65ffaead5b87a47

Give a heads up to your folks if you still have them, as well anyone else you think might benefit from this information.

Hope that's helpful.

Regards, Andrew
1
Yesterday, MS started phased rollout of Win 10 v 1809 (to Semi Annual Channel Targeted machines 'that can take it' ...)
****************************************************************************
Current status of Windows, version 1809, Windows Server 2019, and Windows Server, version 1809
Windows 10, Version 1809 Rollout Status as of January 16, 2019
We are now starting our phased rollout to users via Windows Update, initially offering the update to devices we believe will have the best update experience based on our next generation machine learning model.
Fully available for advanced users who manually select “Check for updates” via Windows Update.
***************************************************************************
Windows 10, Version 1809 Rollout Status as of January 16, 2019

0
Smallest pentest for windows domains ever. Launch
findstr /s /i cpassword %logonserver%\sysvol\%userdnsdomain%\policies\*.xml

Open in new window

...let's hope that no results come up.
0
https://www.computerworld.com/article/3005184/encryption/bitlocker-encryption-can-be-defeated-with-trivial-windows-authentication-bypass.html
Wow. Just came across this by chance. I can't believe I missed that one back in 2015. The article describes, that due to bad design, windows (all versions) allowed attackers at the logon screen to break in without knowing the password of your domain user account.

I consider myself very well-informed when it comes to computer security and I did not know this. How did Microsoft manage that this did not start a giant outcry, back then? Must be, because the security advisory simply does not even rate this "critical"!
0