Sunday, November 16, 2014

Linkfest for the Weary Sysadmins

As usual, the weekend is quickly waning and work looms just on the other side of a short night’s sleep.

So, like all good sysadmins, why worry about precious sleep when linkage awaits?!

Offered with minimal (if any) comment as Lavie is looking at me sternly. Categorized for your enjoyment.

Security First

You can download EMET 5.1 from or directly from here. Following is the list of the main changes and improvements:

  • Several application compatibility issues with Internet Explorer, Adobe Reader, Adobe Flash, and Mozilla Firefox and some of the EMET mitigations have been solved.
  • Certain mitigations have been improved and hardened to make them more resilient to attacks and bypasses.
  • Added “Local Telemetry” feature that allows to locally save memory dumps when a mitigation is triggered.

All the changes in this release are listed in Microsoft KB Article 3015976.

If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is particularly important to install EMET 5.1 as compatibility issues were discovered with the November Internet Explorer security update and the EAF+ mitigation.

  • Adware Remover - Bitdefender Labs – new free standalone tool to scan and remove unwanted apps, adware, hijackers, toolbars, and add-ons. Finds are listed and you can select which you want to remove. spotted via Betanews.

New Performance Troubleshooting Tool PerfView (and other tips)

I used this tool just last week to quickly and simply take a performance trace on a problematic system. I’ve not had time to do an analysis yet but I must say, the capture process was super slick! Check out the videos above to get a quick review. Does require .NET to be present on the system.

In Depth Refocus on Folder Redirection Impact

I recently stumbled across the Helge Klein web site and blog. It contains a great variety of technical posts and tips for harried sysadmins. Check out this series on Folder Redirection issues by Aaron Parker, Helge Klein and Shawn Bass

Windows PowerShell 4.0 (and other tips)

IE 11 Enterprise Mode News and Tips

New and Improved Tools/Utilities

A few of the changes I implemented in this version

  • The .NET framework 4.0 is now required.  The previous version required 2.0.
  • Updated for DISM 6.3.  This version may work with older releases of DISM but some feature may not be available.
  • Added Capture and Apply tabs – This was the single most requested feature.  Requires DISM 6.2 or higher
  • Added a Read Only option to the mount control tab
  • Corrected some spelling errors

The Fuzzy Lookup Add-In for Excel was developed by Microsoft Research and performs fuzzy matching of textual data in Microsoft Excel. It can be used to identify fuzzy duplicate rows within a single table or to fuzzy join similar rows between two different tables.

The matching is robust to a wide variety of errors including spelling mistakes, abbreviations, synonyms and added/missing data. For instance, it might detect that the rows “Mr. Andrew Hill”, “Hill, Andrew R.” and “Andy Hill” all refer to the same underlying entity, returning a similarity score along with each match. While the default configuration works well for a wide variety of textual data, such as product names or customer addresses, the matching may also be customized for specific domains or languages.

VM’s and ISO’s

Network Tips

Note: The process to get and load Plug-ins for Microsoft’s Message Analyzer packet capture application is much different from Microsoft Network Monitor (NetMon) was. It really wasn’t intuitive. To do so you need (assuming MessageAnalyzer is already installed on your system) launch it, then go to “FIle” and select “Start Page” from the list.


Once you do, the Start page show be showing in the top pane. From there look for and select the not-so-obvious “Downloads” hotlink which then displays the Add-On modules. click to download install just the ones you want, or if space isn’t a concern, just grab them at at once! See below.

2014-11-15 22_44_34-Office and SharePoint Plug-fest Video - MessageAnalyzer - Site Home - TechNet Bl

Security Bits for Sysadmins

“Now How Do I’s”?

“Where Do I Learn From Here?”

Good Night and Good Ops this week!

--Claus Valca

Open URL Links from Omea Reader in Firefox by Default

Every now and then I score a major, minor victory. This is one of those stories.

On my Windows 7 laptop “Tatiana” I have been using the free RSS reader Omea Reader. There are a lot of client-based RSS feed readers and believe me, I have gone through many of them.

In the end I settled on Omea Reader; it was free, it was very fast, it supported all kinds of tagging, highlighting, filtering, and sorting. However one of the strongest features it offers is an incredibly robust (for my needs) search engine that lets me go back and rediscover feed articles I knew I saw somewhere.

What makes it super convenient to me is how it integrates in my blogging process.

I sort though the feed links and view the article in the embedded window pane. That uses the Internet Explorer browser. Nothing special there.

I’m running Mozilla Firefox, Portable Edition in the background as it is my primary blogging platform.

Now I also use Chromium and have just been fiddling with Mozilla Firefox Developer Edition, Portable.

Yet I still have Internet Explorer 11 set as my system default web browser.

With me so far?

When I want to save a feed article for later blogging or reference, I click the link – in Omea – and it opens as a new tab in my Firefox browser. I then drag the tab into its place on my bookmark sidebar and it is thus categorized and saved for a future blog-post or other usage.

It is very seamless.

So when I got around to setting up my new Win 7 laptop “Alister”, I copied my portable Firefox folder over to the new system and my browser system was set.

I then decided to try out an alternative RSS feed reader again for kicks and grins.

I settled on trialing QuiteRSS Portable and the portable (ZIP) version of Feedreader (v3.14) instead of going for Omea Reader.

I really liked the simple layout of Feedreader and the search worked fine but there was no way I could work out a way to get it to open URL links in Firefox. I would have to copy/past the link from Feedreader into Firefox, or open the link in IE and again copy it into Firefox. Not smooth. However, for simple RSS feed needs it still works great after all these years.

I then gave QuiteRSS a workout. It is actively being maintained and it shows. It is very polished and devoured the OPML file I gave it. It has AdBlock integration which was unexpected and good. I can flag, tag, and bag just about anything I want with a feed article. It has some basic filtering and sorting options.

And, in the options, there is one where I could set a third part external browser to be used. I pointed it to my portable Firefox install and – happy day – any URL for a feed or embedded in the feed article would open in Firefox. Great! It is a strong and viable RSS feed reader.

What made me give it up? Well, despite it running on an i7 processor with 16 GB RAM and off the SSD disk, it kept locking up and was particularly good at doing so (APPCRASH) when I was searching for a word or phrase within my feeds. Not being able to run any searches in my feed reader was a deal-breaker.

So I just installed Omea Reader on Alister and was done with it…or so I thought.

It installed great, I tweaked it out with all the same settings I had on Tatiana and I thought I was good.

Except when I clicked on URL’s they wouldn’t open in Firefox like on Tatiana.

(To be clear…the Firefox web browser has to be open already for it to open in a new Firefox tab. That’s the way the process works. If no web browser is open, then IE gets the default call and the URL link opens in an IE tab.)

I fiddled with settings, I scoured and compared Omea Reader’s key “omniaMea.ini” file between both systems looking for some kind of hidden config setting. I didn’t find any.  I went through all my notes and blog posts trying to find out how I got Omea URL’s to open in Firefox and I just couldn’t do it.

I also tried setting Firefox as my default system web-browser on Alister but even then, URL’s launched from Omea Reader still launched in Internet Explorer. I then reset IE back to be the default web browser again like before. I was stumped.

Google was surprisingly unhelpful.

What gives?!!  How did I manage to get Omea Reader URLs to open in Firefox?

In the end I turned to Process Monitor and did a controlled trace run on Tatiana.

I had Firefox running in the background, with just a blank tab open.

I set filters on Process Monitor for OmeaReader.exe and firefox.exe and firefoxportable.exe process names.  I had scrolling turned on and I cleared the list of events showing.

I then waited for an event to show up and bookmarked it as my starting point.

Then I switched to Omea, selected a feed URL and watched it open in Firefox.

I then stopped the trace.

I was focusing on OmeaReader.exe events after my bookmark right before a Firefox process took over.

Examining the filtered events (3,861 of 14,964) and the sequence, I quickly found a possible area to focus on in the registry.

There were a whole series of RegQueryKey operations to HKCU\Software\Classes\http\shell\open\ddeexec (and subkeys


Jumping into the registry from ProcMon I dug around and found all kinds of interesting registry keys/values. I exported the entire “HKEY_CURRENT_USER\Software\Classes\http” branch as a REG file.

When I then cross-matched those to the same ones on Alister I found that Tatiana’s registry keys held clear differences; the important parts being the following which were present on Tatiana and missing on Alister.

Windows Registry Editor Version 5.00




So basically what I did was to clean up the REG file and remove the values that didn’t need to be modified/added to result in the REG key (above).

I then exported the entire “HKEY_CURRENT_USER\Software\Classes\http” branch on Alister s a REG file for backup purposes.

Then I merged the new REG file (above) into Alister’s registry.

I then opened Firefox, then Omea Reader, and tried launching a URL link.

Success! It opened as a new tab in Firefox just the way I needed it to as as it does on the Tatiana system already.

Again, if Firefox is not running already, then Omea Reader (or any other URL from any other app) still launches in the default system web-browser IE (just like it does on Tatiana).

Here is my final (full) REG key export for the curious; “HKEY_CURRENT_USER\Software\Classes\http”

Windows Registry Editor Version 5.00

"URL Protocol"=""




@="\"C:\\Users\\Alister\\Tools\\FirefoxPortable\\App\\Firefox\\firefox.exe\" -osint -url \"%1\""




Don’t use this full one on your system, I’d recommend trying after careful consideration and modification (YMMV…paths and filenames are certainly going to be different, here be dragons, etc.) the shorter REG key text earlier above. I just want to show how it all looks.

There are probably just the entire sum total of one (1) person who is a Omea Reader user in the entire online world who cares, but it bothered me and I’m glad I could figure it out.

One other interesting tidbit; Omea keeps a running activity log file. The name/location on your system may vary but I was able to find and correlate the URL launch in Firefox from Omea Reader I was tracing to the following log entry on the Tatiana system:

16.11.2014 13:58:11.768 [U] ResourceListView2.HandleActiveNodeChanged
16.11.2014 13:58:11.768 [U] Displaying resource 474367
16.11.2014 13:58:11.770 [U] [OMEA.MSHTML]: ShowHtml has been invoked for content-length=520, words-to-highlight=<Null>.
16.11.2014 13:58:11.959 [U] [OMEA.MSHTML]: OnDocumentComplete: loaded document "about:blank".
16.11.2014 13:58:57.207 [N] [UIM]: Error making a DDE conversation to the Browser at "Firefox" on topic "WWW_OpenURLNewWindow" with command "",,0. Could not start the DDE conversation. A client's attempt to establish a conversation has failed.

In there was a reference to a DDE conversation in Firefox for "WWW_OpenURLNewWindow" .

That corresponds to what I found present in Tatiana’s registry and missing (now added) from the Alister system registry.

In case you want to go deeper on what is behind the activity…

DDE stands for Dynamic Data Exchange. Here’s a Google search on it.

And here is a Google search for “WWW_OpenURLNewWindow”.

Whew! Score one for Claus this weekend—even if it took me about an hour to trace out and then another two or so to blog…


--Claus Valca

Saturday, November 15, 2014

Speed Dating Windows SBS 2008/Server 2012 Essentials

I’ve had to up my game at the church-house and start assisting with more regular Windows desktop administration and support.

I’ve been doing it already for some time, but for the most part it has been focused on just some of the physical network items and a few key workstations. I’ve not needed to address the domain/server operations yet.

That changed a few weeks ago when the deacon wearing the primary “network admin” hat decided he wanted to share it with me.

A few logins later and now I’ve been granted full domain admin rights on the Windows server. Nice.

While I have a lot of hands-on time for domain administration and objects/permissions, truth be told, I’ve had very little opportunity to work on the actual Windows servers.

Time to get learning!

After a few hours of recon-work, I had established we are running Windows SBS 2008.

So before I got too crazy with my RDC Win Server work on the live server, I thought it might be good to build a few VM’s with available trial versions. This way I can spend some time looking around and getting the flow of things without worrying about impacting the live server—at least at first.

I decided to play with Windows Server 2012 Essentials as well as SBS 2008 just to compare the differences. I must say I much more like WS 2012 Essentials. It is slick.

Windows Server Essentials (Small Business Server) – Microsoft TechNet

Windows Server R2 Essentials

Installation and setup was so simple it was frightening.

The price-point for WS 2012 R2 Essentials is pretty decent too. If I get any more laptops or desktop systems, I might have to seriously consider getting a copy and setting up our own home domain network.

In getting it set up in my VM, I discovered a cool trick from Andrea Matesi to getting MSSE to install as a poor-man’s AV solution. Perfect for this VM-loaded trial.

Read the post for the details but basically you set the installer binary to run in compatibility mode for Win 7, then install it via a command-prompt “mseinstall /disableoslimit”  Super clever.

For kicks and grins, I decided to load the Windows Management Framework 5.0 Preview as well. This was to get me the very latest version of PowerShell to fiddle with.


Windows Small Business Server (SBS) 2008

It took me two tries before I was actually able to get SBS 2008 installed in a VMWare Player session for some reason. The first go, I just could not get the vm to pick up a network driver.  Not sure what happened, but the second time it worked fine.


More Windows Server Resources:

So the first issue I had to address was that although I (my user object) had full permission rights to just about everything, I just could not get either my user account or a few other important ones to map to a Windows network share on the server. Permissions were perfect. It took me a whole day before I figured out some basic foundational items for share permissions in SBS.

Steep learning curve lowered…I discovered it wasn’t enough just to set user domain permission shares to have rights to a folder, I had to go into the SBS Console, select the “Shared Folders and Web Sites” module, then select the folder (share) access was desired on, then change folder permissions to add the SBS user account so they can access it. Once done, I was able to easily map the network share from the local workstation with nary a fuss.

I know…basic stuff…I’ve got a lot to learn quickly…

The next “major” issue I need to address (and haven’t yet) is to get things properly configured to either A) fix the SBS WSUS service on the system or B) disable it entirely so the Windows client systems (desktops/laptops) can self-manage updates directly.

Currently, all the domain systems don’t get updates, at all. Checking Windows Updates shows the message that “Updates are managed by system Administrator”. If you click the link below to check online for Updates, you then find like 20 GB (I slightly exaggerate) of updates available to actually bring the system current. Nice.  So we have be manually checking each system and manually forcing them to pull down updates to at least get caught up. It’s a serious security issue from a patching standpoint.

I’ve collected the links below for reference, now I need to dig around on the live server to figure out just what part of it is “broken” and if it would be best to disable things altogether or try to repair it so updates flow from the server to the clients again properly. Not all of these may specifically be applicable but they seem like a good place to get to better know the lay of the land.

I would be appreciative to any good links to Windows SBS administrations resources and/or blogs that might help me get up to speed with being an effective sysadmin for SBS/Server Essential systems. Even it is down-and-dirty basic foundational stuff. Got to start somewheres!


--Claus Valca

Windows 10 Bits and Pieces

I managed to successfully upgrade my Win 10 TP VM to the latest preview build. I’ve decided to set the build update preferences to the “slow” preview build branch for now.

The first time I tried it, the download came fine, but the install failed.  The second time the install was found downloaded and went on with no drama.

Additional thoughts:

I’ve come to like the new “modernized” start menu. I think it establishes a strong balance with the prior Windows start menus and the new “live-tile/apps”.  I’d like to have a bit more control over tiling and create (one level smaller?) groupings of square icons.


The “dual nature” of the start “Window” icon is hard to get used to. Left-click to get the start-menu, right-click to get an additional set of action links known as the “power menu”. I get it but I’d like to see it better unified.


I am only now starting to experiment with “Metro” type apps. For now I’ve tried tweaking out the default Weather and News apps. I really like the weather app and the news one isn’t too bad. However I don’t think it will replace my feed reader anytime soon.

So far, still liking Windows 10 TP…

--Claus Valca

Tuesday, November 11, 2014

More Browser Quick-Links

As I continue to work my way through the blog hopper here are some quick-links without additional comment regarding browser stuff lately.


--Claus Valca

VirtualBox Working Again

Back with Oracle’s Virtual Box 4.3.14 version release, it had some new security enhancements that broke things bad. Really bad. As in I can’t launch my VM’s any more bad.

I rolled back to 4.3.12 and was fine again.

Here’s the drama for the curious.

That eventually got resolved.

Today I downloaded and installed the latest current version (4.3.18) and all my VM’s are running fine with this version.

So there you go.  Better late than never I suppose.

--Claus Valca.

Ubuntu 14.10 Utopic Unicorn out

Getting caught up on some blog posts.

Ubuntu 14.10 “Utopic Unicorn” was released a few weeks ago.

I ran an upgrade and it went on. I am getting some errors launching it now and am trying to decide if I want to trace them out again or not and just start with a fresh build.

I don’t have too many things installed in this VM I run it in.

Biggest thing I would need to do is to reload Xplico. It’s a hassle tweaking everything including my Firefox launching shortcuts to behave with Xplico but I’ve done it a few times now.

It doesn’t look like the Xplico team has specifically updated their repository support for 14.10 just yet but I may go reckless and give it a try again if I can’t clear the (non-fatal) error upon logging into Ubuntu that I see.

I don’t think the Classic Ubuntu desktop package I loaded has anything to do with it…but maybe?


Update: latest round of updates obtained today through the Software Updater app seem to have cleared the issue and/or the upgrade to VirtualBox 4.3.18.  All is well and no reload required…for now.


--Claus Valca