Sunday, December 27, 2009

Browser Wars

I’ve got to admit I’ve been keeping my head down lately regarding the latest round of Windows web-browser releases.

While the EU has been hard at work making sure its proud members and residents have 12 Lucky Browsers to select from on their fresh Windows installs, I go the simple route and install Safari, Opera, Firefox, and Chromium to allow me some flexibility with things. Yesh, IE is still on my system as well.

So here is a roundup of browser-related bits I’ve collected for the interested recently.


  • Opera browser – now sitting at version 10.10

  • Opera Browser End-Users Request: Opera Installer Without Unite Feature – Donna’s SecurityFlash. I’m not convinced the security related issues of Unite are fully addressed, particularly when folks are able to download and install it themselves in a workplace environment without the blessing of the sysadmins.  Donna’s post contains this link to disable Unite via a rather clever though ugly manner.  Good information.

  • From all of us to all of you– Opera Desktop Team – Link to download the 10.5 pre-alpha build along with their new JavaScript engine built from the ground up, faster startup/shutdown times, and some new tricks with “private mode tabs” and/or “private mode windows”.  Fair warning, the team reports memory usage is high, unexpected quits occur, and (gasp) Opera Unite is disabled.

  • Opera Mini 5 beta 2 – I love Opera Mini on my Blackberry device.  Try out the new beta release.  I’ve been feelin the lovin!


  • Firefox 3.6b5 – Download the latest baked beta version for all you “cutting edge” browser fans.

  • Firefox 3.6 beta 5 is out: Time to give it a try – TechBlog.  Firefox 3.6 Beta 5 Released – Firefox Extension Guru’s blog. Latest Firefox 3.6 beta fixes 133 bugs, promises faster page load times – Betanews.

  • Mozilla Firefox, Portable Edition 3.6 Beta 5 Try this version out if you want to run it on your system but don’t want to install over your current-release version of Firefox.

  • Firefox 3.5.6 – Or download the current “stable” release version. Firefox 3.5.6 Released – FF Extension Guru’s blog and Releases/Firefox 3.5.6 – MozillaWiki have some info about this build.

  • CheckPlaces :: Add-ons for Firefox – I really like this Add-on and use it weekly.  It checks for duplicated or invalid bookmarks in the new Favorites structure of the Firefox 3.x family of browsers.  It is fast, has more than a few options, and ensures that your bookmarks are current (and can get the favicons as well).  Very useful when you are manually syncing bookmark files between systems.  See this post How to Find duplicate and dead bookmarks in Firefox over at TechnoSpot for great how-to-use and screenshots.  In the past I used and recommended AM-DeadLink but though it rocked, it hasn’t been updated in quite a while and isn’t compatible with the newer SQL-based Firefox bookmark databases.  AM-DeadLink 4.0 Beta-1 is available in the site’s Beta section, but still no FF 3.x support. Read the post to see why.

  • Voyage - “A Firefox Addon to Rediscover Your Web Browsing History” is a clever add-on to visualize your browsing activity and history.  I’m curious what benefit this could do for visualizing Firefox-based history usage in a forensics type response.  Maybe it could make presenting the user’s activity more “understandable” to the suits when presented in this format rather than a dry Excel timeline.  This visual timeline presentation might be worth exploring more…

  • How to fix Firefox 3 freezing or heavy disk use – Confluence – I’m not sure if this is a real “fix” or not. Some say it helps wonderfully others…not so much.  I think the thought is that the way Firefox interacts with the malicious site database it keeps and checks URL’s against can cause “lockups” when FF reads it.  Of course, if you are a more savvy web-citizen, you might try disabling the malicious website checking features entirely in Firefox. See this Firefox 3 makes my hard drive thrash • mozillaZine Forums post for more on tips related to that.

  • Memory Fox Helps Tame Memory Usage in Firefox – MakeUseOf blog.  I’ve got enough system RAM to not be so concerned about how much memory Firefox uses (still a lot).  I’m more aware of the maxed-out CPU rates I get.  Seems worse when NewsFox is checking RSS feeds.  This trick might help with RAM, but not so much with CPU control.


  • YouTube "Feather" Beta – New “opt-in” beta to possibly improve YouTube video playback.  I’m pretty sure it is cookie based.  “The "Feather" project is intended to serve YouTube video watch pages with the lowest latency possible. It achieves this by severely limiting the features available to the viewer and making use of advanced web techniques for reducing the total amount of bytes downloaded by the browser. It is a work in progress and may not work for all videos.” Your mileage may vary…  Me?  YouTube works great on my laptops but for some reason I’m still not finding the sweet-spot with my AGP video card settings and Win7 RC build on the desktop.  Most of the videos are still showing up pixilated-pink.  However if I save the FLV file and do playback once downloaded, they are just fine.

  • How to Fix Annoying YouTube Jumpiness in Firefox - Lifehacker.  Now this trick DID work for my laptops in Firefox where the YouTube freeze was painfully annoying.

    Many users, myself included, visit YouTube on an almost daily basis. Ever since Firefox version 2.0 implemented the session restore function, when you are watching a video on YouTube (perhaps on other video sites as well, I haven't really tested that), you may notice a tiny freeze-up of the video every 10 seconds or so. This happens because the session restore is by default set to save all open tabs every 10 seconds. This is especially noticeable if you happen to have a lot of tabs open at once.

    The quick fix for this problem, at least for my own sake, is to increase the time between each of the saves performed by session restore. By opening about:config in your Firefox address bar, then typing browser.sessionstore.interval in the filter box, you'll see a value of 10000, which is in milliseconds. (Meaning your session is saved every 10 seconds.) I changed this to 300000, or every 5 minutes, as I don't have the urgent need for tab restoration. If you feel like being more on the safe side, try increasing it to something a bit lower, say 120000, or every 2 minutes.

  • Workaround to Manually Uninstall, Remove or Delete Firefox Addon With Add-Ons Uninstall Button Disabled - My Digital Life.  Because we all have it happen to us sometime or another by some “rogue” software installer “feature” add-in.  Me? I go the hard-case route and take workaround method #4 on the page.

  • hp smart web printing in firefox - Google Search. So our HP Photosmart C6280 printer is really cool and everything, but like most HP products, to really use all the features, you can’t just use the default Windows driver for it (though Win7 has a nice one).  No, you have to install the full HP Photosmart C6280 All-in-One Printer driver/software package which adds in some “Smart Web Printing” features to Firefox and other browsers.  Trying to remove it manually is possible, though painful.  Instead just do a custom install of the HP software and while watching closely, find and de-select inclusion of this software in your install.  I always do a custom install of HP printer software and only pick the features I really need.

  • Using Flash 10.1 beta? You may want to turn off crash logging - Within Windows.  If you recently downloaded and installed the latest 10.1 beta (or new Flash Player 10.1 beta 2 released 12-17-09) then you might notice some hard-drive thrashing.  Rafael Rivera worked out a way to disable crash logging pretty simply.  I’ve done the trick and while I didn’t really notice a problem to begin with, I’m a bit more comfortable now with it in place. It’s a painless and easily reversed trick.

  • New in Labs: Default text styling – New Gmail feature.

  • Pencil Project – Not for the general public but this project kinda brings a MS Visio-like diagramming experience to the Firefox browser as an add-on.  It is really sharp and cool.  For folks who can’t afford the full Visio experience, and don’t need the Dia Open Source alternative, this might be worth investigating for quick and at-hand diagramming.

  • Google Analytics has been hard at work tweaking and improving their page-monitoring code.  Newest tricks added to the stable are.


--Claus V.

iTunes Damage Control

modified cc image by bmb at flickr

iPodAlarmPullSo while the majority of issues related to my desktop systems volume failure have been rebuilt, there was one  glaring hole facing me.

The system volume that got blown-out just so happened to be the one that held all our iTunes music and video files.

Bummer. REAL Bummer

Fortunately, I had many fortunate things working in my favor when it came to recovery and rebuilding of the years worth of iTunes data and purchases that had accumulated.

No, I hadn’t yet installed the latest iTunes version that allows for backups/restorations.  I didn’t even know that was a feature until I started this rebuild.

No, the biggest thing that have saved me are patience, my original 40 GB 1st generation iPod “brick” device that I synced all our music to, regardless if it was my interest or Lavie and Alvis’s, and the iPod Nano’s that the girls use have all the movie/video files on them, and they haven’t been able to connect them to the downed system, the files they contain are tucked safely away there as well.

So what did I do?

  • Connected my iPod before reloading iTunes on the rebuilt system, and made an iTunes recovery folder on my new partition.
  • I then copied all my iTunes user files from my recovered user profile when I recovered the system into that folder.  This kept the original files “safe” just in case I mucked something up and needed to try again.  For that I just found the correct path/subfolder location in this What are the iTunes library files? Apple article.
  • I then connected my iPod and browed it to find the “iPod_Control” folder and copied that sucker (and all contents over to the iTunes recovery folder as well.  That was after spending some time reading this excellent iLounge post Copying Content from your iPod to your Computer - The Definitive Guide.  Disconnecting the iPod device when done.
  • Then I installed iTunes.
  • Then I launched iTunes and let it do some initial startup.  Once it settled down I tweaked the options to get it to not do any automatic synchronizations with iPods when attached.
  • I then shut down iTunes and killed any associated background services with Process Explorer just to be safe.
  • I then copied my recovered “copy” of the original iTunes user profile folders over into the corresponding location on my new user profile.
  • I re-launched iTunes and let it figure out (which it did instantly) that it needed to rebuild the list of items there.  Of course, if you clicked on any song, it tossed an error as it couldn’t find the actual media file that went with it.  Not a big deal, yet.
  • Now I had to restore the actual media files themselves.  There are a number of excellent and full-featured for-buy ($) programs that can do this.  However I knew of a few wonderful free ones that offered to back up and restore you iTunes library and songs on the iPod itself.
    • SharePod - (freeware) – this is the one I chose to use.  It has a easy to use GUI interface, can actually replace iTunes when run as a “standalone player/manager” directly from your iPod when connected to a system, and was rock-solid in performance for me.
    • (YamiPod) - Yet another iPod manager - (freeware) – another great standalone iPod player but also has a number of useful device and music library management tools as well.
    • iDump - (freeware) – Not updated for a while but it does the basic task of transferring songs off your iPod to a PC.  Very simple and no-frills.  Portable so good to keep on the iPod in case of an emergency

  • Sharepod quickly moved my music files from the copied iPodControl” folder back into the correct location for iTunes.
  • Next I found I had a bunch of duplicate entries in my library.  I added a “date added” column and sorted by this, then deleted all the entries that were before the date I added in the real media files again.
  • I also had to clean up the imported play biggie..
  • Finally, the “Purchased” folder still wouldn’t associate the songs we had bought with the ones I had re-imported.  This confused me for a moment.  Did I have to re-purchase them? Beg Apple to let me redownload them? Nope. They were in my library. Turns out that this folder just is a specialized playlist of sorts that shows which ones you have purchased specifically (Reformated, Backedup iTunes Music Folder, how to restore purchased songs? - iLounge Forums). I just deleted the mess.  All the purchased ones were still present and accounted for.
  • Finally I authorized the computer (About iTunes Store authorization and deauthorization) with my iTunes account and all was well…except for the video files that I still have to pull off the Nanos.
  • Once it is all cleaned up, I’m going to do a back up (How to back up your media in iTunes and Back up your iTunes library by copying to an external hard drive) and tuck it away for safe keeping.  Just in case.

Additional linkage

Lesson learned…

Claus V.

Saturday, December 26, 2009

Tiny CLI Revisit

For the past two weeks I’ve been working on tweaking and using a CLI-batch file to automate a few post-system install setup-steps.

Nothing dramatic but stuff I got tired manually copying from the network, executing in command-line, etc.

For one of those steps I used the simple “copy” command successfully. However the network analyst working with me on the project had some trouble and tweaked my batch file to use “xcopy” instead.  Fine. I’m not sure what benefit that added in this particular batch file but both worked as coded…

Then the ever-dependable TinyApps bloggist shared his own way-cool experience with xcopy.

That got me thinking not just about the CLI for XP in general (which is what we were working with) but also what changes, if any Windows7 brings to the mix.

So here is a CLI reference dump, updated from prior GSD posts and new material as well.

…and then there came Windows Power Shell

All versions of Windows 7 now ship with Windows Power Shell as well.  It can be installed on XP/Vista/Sever 2003 and 2008 as well. This allows for some heavy-lifting from the command-line in script format.  Similar to the familiar batch-files, but on steroids.


--Claus V.

T-Bird 3.0 versus Outlook 2010 (beta)

At work, Microsoft Outlook 2003 is the de-facto standard for email management.

At home, I’ve been using Thunderbird for years.

Due to a recent hard-drive (volume) failure at home, on the primary system our “master” email got managed on, I had to rebuild our email stores.

It wasn’t really any problem just took some time to migrate from Thunderbird 2.0 to 3.0.

Then I had to redo some of my email account settings in TBird 3.0 as I wanted to be able to choose which email account I wanted to respond out of, not just the default one.  That took some work with Gmail's documentation and TBird 3.0.

So here is my problem.  I’ve installed and configured Outlook 2010 beta to access my personal web-mail account and really, really like the familiarity and layout in 2010.  Really.  But I also like the dependability and ease of export/import options that Thunderbird offers me.

So now I’m in a real pickle!  Do I commit to one or the other?

Both do an admirable job but there will be consequences for committal.

Links below for my reference (and anyone else stumbling over these)

Outlook 2010 beta reference links.

Thunderbird 3.0 reference links

server name:
port: 465
use secure: No
Connection security: -

Lightning Project (Calendar for Thunderbird)

To help add calendaring functionality to T-Bird, I’ve relied on the Lightning project XPI add-on.  Only it isn’t quite yet ready for TBird 3.0 compatibility.

Here’s how I got Lightning working in Thunderbird 3.0

To install these builds in Thunderbird 3, please follow these steps:

  1. Download the build for your operating system to a folder on your hard disk
    UPDATE: Please make sure, that you right-click on the links above and choose "Save Link as...". Otherwise Firefox will try to install Lightning and you will get an error message like "Lightning 1.0b1 could not be installed because it is not compatible with Firefox."
  2. Open Thunderbird, then open its add-on manager via Tools --> Add-ons (or the corresponding entry in your language)
  3. Click on the "Install..." button on the lower left and navigate for the lightning.xpi file that you just downloaded.
  4. Restart Thunderbird after the add-on installation has been performed. Voila!

Note: You will see there are two XPI files in the download.  Get them both; lightning-all.xpi is the main file while gdata-provider.xpi ties Lightning into your Google gCalendar.


As best I can tell, I’m using POP settings/access for Thunderbird for my mail clients including Gmail.  However Outlook 2010 may be actually using IAMP settings for Gmail connectivity.  I’ve not had the time to dive into the settings to verify.  The Outlook 2010 setup wizard took what I fed it regarding my Gmail account and seemed very pleased.  Not 100% sure what it did just yet.

I’m not sold yet if I want to convert my Thunderbird settings to use IMAP as well or not.  I think so.

I think there is some benefit but my brain is tired from all the holiday food and distractions and I’m having trouble focusing.

For reference….

Claus V.

Sunday, December 20, 2009

Run Windows Remote Desktop Connection on Win7 “Home” editions – Updated

01-10-10 Major Post Update! – Gentle readers…it has come to my attention via the comments that the post title and content might be a bit misleading.  That was not my intention, but after careful and objective reading of the post now, I clearly find that was the case.

To that end I want to make some important clarifications and additions up front.  Then please go on and read the rest of the post.

1)  My original desire here was twofold: a) run Windows RDC from my Windows 7 Home Premium laptop to control my desktop “faux-server” Windows 7 system (currently running Win7 Ultimate RC1), and b) be able to use the final Win7 RDC binaries at work on my XP Pro system to RD some XP Pro systems.  If that is what the post title and/or Google led you here for…then read these bits and then drop down to the main post.  If not, check out item #5 below before deciding to stay or leave the page…you might be rewarded for doing so.

2) The original nomenclature I used to refer to “host” and “client” in RDC was incorrect.  Here is the “official” definitions per Microsoft;  “Remote Desktop Connection is a technology that allows you to sit at a computer (sometimes called the client computer) and connect to a remote computer (sometimes called the host computer) in a different location.”  So the PC you are working at that you are initiating the RDC session from is the client end and the one you are actually remote-controlling is the host end. M’kay?

3) As the table below in this post shows (but is a bit misleading without the above information) ALL versions of Windows 7 allow you to run the Windows 7 RDC client natively. That’s why (as some commenters pointed out) the binaries I noted are actually present on all the Win7 systems.  So following the post instructions really are not necessary UNLESS you want to run the Windows 7 RDC client binaries from a non-Win7 system (XP/Vista/Server) and do so from a USB stick (unless you then offload them to that system locally).

4) Which now gets back to my misleading post title “Run Windows Remote Desktop Connection on Win7 “Home” editions.”  Yep.  Based on #3 above, you just don’t need to do this, UNLESS you mean to say you want to run Windows Remote Desktop on Windows 7 Home Premium as the HOST.  Then this post would be completely useless per the official Microsoft product description for Win 7 RDC: “You can connect to computers running Windows 7 Professional, Windows 7 Ultimate, or Windows 7 Enterprise. You can't use Remote Desktop Connection to connect to computers running Windows 7 Starter, Windows 7 Home Basic, or Windows 7 Home Premium.”  Only you actually “can” with Windows 7 Home Premium (x32 or x64)…but in a different manner than contained in the original post.  If that is what you came here looking for…see item 5 below.

5) To REALLY run Windows RDC in “host-mode” on a Windows 7 Home Premium system.

  • Note: ONLY do this if you understand what you are doing, what the consequences are, and any security issues that might arise if you decide to do this!  Pet hamsters might escape their cages. You might Black or Blue Screen of Death your Windows 7 Home Premium system that works just fine right now.  Seriously.  This really shouldn’t even be considered by anyone except advanced or professional Windows users and administrators.  Seriously. I mean it.  M’kay?  Still want to do it? Fine.  Keep reading then.
  • Probably want to start by manually making a System Restore Point.
  • On the Windows 7 Home Premium system, go to Start --> Control Panel –> System.
  • From that window, check the sidebar and find and select “Remote settings” on the left-hand side sidebar.
  • In the “System Properties” window select the “Remote” tab.
  • Check (enable) the “Allow Remote Assistance connections to this computer.”
  • Select “Apply” and “OK”.  Then close all the windows out.
  • Go to this page: How to enable Remote Desktop in Windows 7 Home Premium over at the Tenniswood Blog and follow the link to download the zip file.
  • unpack the zip file “”.
  • Open up the unpacked folder and find the install.cmd file and run it as “administrator” (note: On my Windows 7 HP x32 bit laptop it worked fine out of the box. On my Win7 HP x64 AMD system…it errored out as it said the termsrv.dll file didn’t exist.  A CLI search for the file did find it present (but cloaked by the OS) in C:\Windows\System32.  So I had to then disable UAC, reboot, re-run the install.cmd file as “administrator”.  It worked. I then reset UAC and rebooted….)
  • You will need to decide if you wish to allow “concurrent” sessions (let a logged-on user work while you also work on it without force logging out the current user…I select “Y” myself, and if you want to enable “blank” password for account login (not have to provide the password)…I select “N” for this.
  • Once done (and the process may take a while, particularly when it waits to listen to the service on port 3389) you will be directed to close the window out.  Then you are done!
  • Your Windows 7 Home Premium system should now be “patched” to run RCD as a HOST for incoming RDC sessions.

Observations:  This is a hack/patch/mod of a Windows OS file along with some other automagical system configurations that changes the code of the termsrv.dll file, adds the rdpclip.exe file to the system, starts the service, and adds Windows Firewall Rules.  It is completely unsupported by Microsoft.  Future Service Pack release and/or monthly OS security/updates might overwrite and/or break this whole house of cards.  I am a bit smart, but I am not a programmer and cannot certify that the documentation on file patching is all that goes on.  It might allow Martians to mind-control RDC your system.  I just don’t know.  As far as I can tell everything seems legit and quite effective, but your mileage may vary.

Finally, I owe early commenter to this post “Kevin” an apology.  I because my nomenclature was mixed up, I didn’t quite “get” the tipoff he was trying to pass to me on this very technique.  Kevin’s tip and information turned out to be MUCH more valuable (granted to a really small set of Windows Home Premium users) than I realized at the time…including myself!.  Great tip Kevin and a full hat tip to you, mate!


--I’m sincerely sorry for any confusion the original post below caused…that said, it still stands solid for carrying a working set of the Windows 7 RDC binaries on your USB stick.

--Claus V.

Original Post below….

I’ve got four Windows systems humming along in our home.  Three are laptops running Windows 7 Home Premium edition (via one of the last remaining Family Pack sets), and the fourth is my old home-brew Shuttle SFF system that was running XP Home, and now is sporting Windows 7 Ultimate Edition (RC1 build).  Two are x64 bit loads of Win7 and the other two are x32 bit loads.

I’m amazed at the performance I’m getting out of the Shuttle.  It is a single core system and much, much older than the dual-core laptops. Yet is still gets a higher score on the performance index rating than any of them.  Might be because of the drive or the dedicated AGP video card.

Anyway…the Shuttle is now repartitioned with two volumes.  The first is a bit smaller and carries the OS and user files.  The second is much bigger and I’m using it for file storage and serving.  No, it’s not a true “server” in the sense of Microsoft’s Home Server, but since Windows 7 allows Homegroups and file/volume sharing, I’ve been able to set it up as such to some degree.

…in which the need arises

Now, what I really wanted to be able to do is to remote-desktop control the Shuttle and work/maintain it from my laptop when I am multi-tasking and file syncing.

As I’ve said before, at work we use a Novell remote desktop product and Windows Remote Desktop is not used.  So when the Make Microsoft Remote Desktop A Portable App over at MakeUseOf came out, I posted it which the back room tech Julie picked up and stated she found great value in this trick.  Turns out there seem to be many folks who continue to look for a portable solution for Windows Remote Desktop Connection (RDC).

Since Windows 7 Home Premium edition doesn’t support the Connection (Host) manager I was out of luck with running it from laptop to control the desktop.  Sure, I could use it on the supported Windows 7 Ultimate desktop to control the laptops (because the Home editions contain the “client” end and can support inbound requests for RDC control). But that didn’t help me

(edit on 01-10-10.  OK I must have been drinking too much green tea when I wrote the above.  I could in fact use RDC on my “out-of-the-box” Win7 Home Premium systems to control the Windows 7 Ultimate desktop.  The “client” side is included in all versions of Win7 as seen in the chart below.  What I was unable to do (and still couldn’t do until applying the “patch” to the Win7 Home Premium systems) was RDC into any of my three Windows 7 Home Premium systems. Period.  I didn’t catch that error as I was only RDC’ing from my Win7 HP system into my Win7 Ultimate to begin with, which did support the RDC Host natively.  It wasn’t the trick I did in this post that made that possible….it was the fact I was connecting into a Win7 Ultimate OS version. Doh! My bad.  I think we are all cleared up now.)

See the chart below I found.


creator unknown original image here.  Comment please and I will give credit

What to do?

Maybe it was time to take a second look at those posts and see if I could get a Windows 7 RDC Host session ported over onto the Home Premium edition?

Worth a try.


As Julie found before, there seemed to be four key files that needed to be copied over from a build of Windows 7 that supports the full Windows Remote Desktop.

  • mstsc.exe
  • mstscax.dll
  • mstsc.exe.mui, and
  • mstscax.dll.mui

Hopefully nothing had changed.

Before I got started, however, I fired up both Process Explorer and Process Monitor, set the second to start a capture session, and then launched the Windows 7 Remote Desktop Connection application on my Win 7 Ultimate RC1 build.  I figured this info might help me tease out if any new file dependencies were added since XP/Vista.   Once I had established a remote connection to one of my laptops, I saved a Process Explorer open-file report for the mstsc.exe process.  Then I disconnected and saved the Process Monitor data set.

Next I copied the mstsc.exe and mstscax.dll files where they had been quickly located in the C:\Windows\System32 folder.  However, like Julie before, I had greater difficulty finding the “MUI” files on Windows 7.

So I pulled out SearchMyFiles and ran a query on the entire system for them.  I found them located in a number of places on the Windows 7 Ultimate RC1 (…x32 bit by the way…) build I am using:

Filename Folder
mstsc.exe C:\Windows\System32
mstsc.exe C:\Windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7100.0_none_becf45f6762d6147
mstsc.exe.mui C:\Windows\System32\en-US
mstsc.exe.mui C:\Windows\winsxs\x86_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_6.1.7100.0_en-us_e590ad18c3342f78
mstscax.dll C:\Windows\System32
mstscax.dll C:\Windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7100.0_none_a0e1001e1abe07c6
mstscax.dll.mui C:\Windows\System32\en-US
mstscax.dll.mui C:\Windows\winsxs\x86_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_6.1.7100.0_en-us_e4b4a972db9424cf

note that the folder paths actually have no spaces in them, despite the way the table wrapping makes them look.

I copied one of each kind of file needed from the locations and dumped them into a fresh folder on my USB stick.

I then took that USB stick over and plugged it into my Windows 7 Home Premium laptop (...x64 bit version by the way…) and then launched the mstsc.exe file.

Houston, you’ve got a problem

…and was promptly greeted by the following.

Error 1

Bummer!  Maybe it couldn’t be pulled off under Win7 anymore.  Or maybe the x32 to x64 platform transfer was fuzzing the ability of it to work.


A quick look at the error suggested that the mstsc.exe file was looking for the mstsc.exe.MUI file to be located in a specific location.  It wanted the file to be located in a sub-folder under whatever the correct <LANG_NAME> folder it should be.

So I just made a folder in the same one that contained my mstsc.exe file.  But what to name it?  What language format should I use?

I ended up referring to the Process Explorer log I captured earlier, but if you want a trick, just look at the folder-path for the file listed in the table above.

mstsc.exe.mui    C:\Windows\System32\en-US

Yep.  I named my subfolder “en-US” and moved the single mstsc.exe.mui file I had copied into it instead.

Relaunched mstsc.exe and….


Houston, we have lift-off!

I connected just fine and have successfully made connections from my Windows 7 Home Premium x64 laptop, wirelessly, to all my systems including extended ones to the Windows 7 Ultimate RC1 x32 desktop system.  I’ve also been able to use this folder set of the Windows 7 Remote Desktop Connection file version set on my XP Professional SP3 system to control other XP Pro systems in a pinch.  I don’t see why it shouldn’t work for Windows Servers or other RDC supported systems/builds as well.


But Wait, Claus, One Problem!

…I don’t have access to a copy of Windows 7 Ultimate or any of the other versions that contain the “full” RDC file-set.  But I do have Windows 7 Home Premium.  Am I out in the cold?

Nah.  But you’ve got some work to do to get it.  Here are some options as I see them.

  1. Find a friend/co-worker/significant other who does have Windows 7 Ultimate/Professional/Enterprise and treat them to a free dinner or pizzas and beg them to let you snag the files off their system.  (Just don’t make any compromises in your character that old Claus wouldn’t do either.)  or
  2. Download a ISO file of any said versions of Windows 7.  Risky but potentially useful.  PenTestIT has list that might get you started. Windows 7 Direct ISO download links — PenTestIT
  3. Download the free 90-day trial VHD package of Windows 7 Enterprise directly from Microsoft. (Claus’s recommended trick if option #1 fails.)

Door #3 Examined.

OK, Ready?  Let’s make this quick.

  • Pop over and download the Microsoft Windows 7 Enterprise 90-Day Eval VHD.  Yes, I know, it has all kinds of overwhelmingly threatening talk such as “…Windows Server 2008 Hyper-V is required to use this virtual machine.  In addition to the system requirements for Windows Server 2008 as described in the release notes, a 64-bit system with hardware-assisted virtualization enabled and data execution prevention (DEP) is required.  It is also recommended to ensure that you have a clean install of x64 edition of Windows Server 2008 to be able to use the Hyper-V technology.”   Whatever.  We just want the VHD file itself.
  • Download the three parts, the primary exe file and the two other rar files.
  • When they are all downloaded, run the exe file and it will unpack the collection in a location specified. Make note.
  • The actual VHD is located in:
  • <wherever you unpacked it>\Windows7Fullx86Ent90Days\Windows7Fullx86Ent90Days\Virtual Hard Disks
  • It is named: Win7ENT90DAYS.VHD
  • Mount (..actually “attach”) the VHD in Windows 7 (I’m assuming you are using Windows 7).  There are TONS of ways/tools to do this.  I’m assuming if you even need a “portable” version of the latest Windows Remote Desktop Connection tool, you are well versed in VHD mounting (attaching) techniques.  However, if you don’t, here are two different methods (free) you might want to review: The Lazy Admin : Mount a VHD Within Windows 7 / Server 2008 R2 or How to Mount VHD Files Without Virtual PC | Gil’s Method
  • With the VHD mounted (attached), just follow the steps at the top of this post to get the files you need. On this particular Windows 7 Enterprise edition, they would be located in the following spots:
Filename Folder
mstsc.exe H:\Windows\System32
mstsc.exe H:\Windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.16385_none_4db2a3b8826b256f
mstsc.exe.mui H:\Windows\System32\en-US
mstsc.exe.mui H:\Windows\winsxs\x86_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_6.1.7600.16385_en-us_74740adacf71f3a0
mstscax.dll H:\Windows\System32
mstscax.dll H:\Windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7600.16385_none_2fc45de026fbcbee
mstscax.dll.mui H:\Windows\System32\en-US
mstscax.dll.mui H:\Windows\winsxs\x86_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_73980734e7d1e8f7
  • Copy one file of each of the above into a folder, make your en-US folder in that folder and move the mstsc.exe.mui file into it. 
  • Unmount (actually “detach”) your VHD file and be on your merry way.
  • Delete the entire 90-day trial folder/contents if you are tight on space, otherwise you might want to keep the VHD handy in case you need to go on any future raiding parties.


Using Windows 7 RDC

Again, if you’ve stuck with me this far, I’m assuming you know what to do with RDC now; both how to enable and configure access at the “client” end you want to remote attach to, as well as the “host” RDC application as well.


First read up on all things Remote Desktop Services in that Wikipedia article.


Now move onto these guides.

In most cases, you don’t want the ability to remotely turn-off/power-down the remote system as you then wouldn’t be able to re-connect to it.  That’s why Microsoft removes the shut-down option from the remote system’s start-menu when you are connected to it.

I know this is getting to be a long post but that first post above by NeoWin sports info on some neat changes in the Windows 7 release of RDC.  It’s laden with screenshots but these features might be enough to try adopting it on your XP Pro systems at work as well (if allowed), rather than the XP Pro version:

Below are the features introduced in Windows 7 Remote Desktop Client

  • Windows 7 Aero support
  • Direct 2D & Direct 3D 10.1 application support
  • True multi-monitor support
  • RDP Core Performance Improvements
  • Multimedia enhancements
  • Media Foundation support
  • DirectShow support
  • Low Latency audio playback support
  • Bi-directional audio support

So how do you initiate a remote shutdown, if, say, you are in bed with your laptop and don’t want to pad across the cold floor to the room where your “server” is?  Easy enough.

Alternative Remote Control Tools

Maybe Windows Remote Desktop Connection (Host) isn’t your thing.

Lucky for you there are a lot more freeware apps to pick from.  However in my mind, this particular scenario that I found need for just seemed to make RDC a perfect fit whereas many of these listed below just didn’t quite offer the ease or flexibility I needed in an Microsoft/Windows network integrated manner.

Anyway, here’s a list of lists.  Your mileage may vary. Listed in a particular order (to me).

Finally all recent Windows builds come with something most folks don’t know called “Remote Assistance” or “Easy Connect”.  It’s also pretty cool, free, and installed on all XP/Vista/Windows7 builds.


More? I’m tired!

OK. Last link: Comparison of remote desktop software - Wikipedia, the free encyclopedia


--Claus V.

Saturday, December 19, 2009

I’m no dummy (but I know how to make one…)

A number of weeks ago I was participating in an internal pilot project.

One of the parameters being measured and tested was how file transfers of a certain size were processed.

To do this, we had to send a file over 4 MB through the software application being tested.  No file was provided. No file source was suggested.

Now I don’t know about you, but the thought of willy-nilly picking just any old file off my system and sending it into the black-hole of the testing endpoint just didn’t sit well with me on numerous levels.  Sure I had lots to pick from.

A simple search with the free Nirsoft tool SearchMyFiles would have allowed me to filter down my system for files between a certain range.  Then do I pick an application file? Maybe an MS Office file?  If I send the right one might it leak some content I would rather not?  Or would the file-type itself maybe cause some kind of variance in the testing/results?

Instead, I just used a utility to generate a file of a specific size filled with garbage.  Didn’t matter what I called it (Bad_HAL.txt), or what it actually did (nothing). It was just a garbage file of a specific size.

Sweet Free Dummy File Generators

These things are dead-useful for system admin work and particularly, testing of file transfers across networks or devices without fear of information leakage. 

Here’s a brief round up of a few nice and free dummy file generators:

  • At almost the very bottom of this Coding Snacks list from I found the “DFC: Dummy File Creator” application from programmer seedling.  Written way back in 09 of ‘05, it proves that good code stands the test of time..  just 328 kB this is tiny any good in a GUI package. Download the “portable” zip version with no installer.  Enter the file size you want (in bytes, Kbytes, Mbytes, or Gbytes), specify a fill pattern (if desired), and press the “OK” button.  You will then be asked to provide a name for the file and a location to put it.  Bam. Done.
  • Dummy File Generator - (freeware) – according to the developer, Boris Toll,  “Mit dem Dummy File Generator ist es möglich Dateien mit beliebiger Größe zu erstellen. Die Standardauswahl enthält Byte, KByte, MByte und GByte. Dieses Programm ist vorallem für Netzwerk und Performance Tests hilfreich.” or with a bit of Google translation help, “ With the dummy file generator, it is possible to create files with any size. The default selection includes byte, KB, megabytes and gigabytes. This program is especially helpful for network and performance testing.”  Yep.  Good German coding at its best. Not convinced? Let Killer Tech Tips blog give you a visual walkthrough in their post Create Dummy Files.  Really tiny at just 23 kB in the single exe file, its extremely portable!  Set your size format (in bytes, Kbytes, Mbytes, or Gbytes), provide the size, and create your file.  You don’t get the option to specify a custom fill pattern, however.
  • Dummy File Creator – (freeware) – MyNikko. Download either the MSI-based installer or the “portable” zip version with no installer (my preference). The GUI exe weighs in at just 56 kB while the command-line version is just 16 kB. Dummy lets you either generate a single file or multiple files as defined in a user-created batch list.  Specify the path and name of the file output, the size and “create”!  The sample batch list is great as it allows you to pre-define the name/location of your files, the size, and a randomization switch.  The web page has all the information you need for both versions. Awesomely clever little utility.
  • NOD32 Dummy File Creator Utility 1.0 -- (freeware) – download source at Softpedia. Weighing in at 327 kB, it has a very pleasant GUI interface. Set your file size, your file fill string, set the attributes for the file (archive, hidden, readyonly, system), and create your file.  What is particularly groovy about this tool is that it feeds off a “DFC.INI” file located in the same place as the executable.  It comes with a sample one but any geek should be able to figure out the format.  Once you do you could automagically generate a whole set of different dummy files, types, etc, at a predetermined size.  Why such a tool from a A/V vendor? I think the reason is by creating locked-down dummy files of specific names, when the malware attempts to drop itself onto those locations, it can’t as the locked files already exist.  It’s a technique I used quite successfully with some auto-respawning malware in the past.

And then there is Microsoft’s FSutil

I’m guessing here it stands for least it makes sense to me to remember it that way.

It appears to be present in XP, Vista, and Windows 7 (and the corresponding server editions as well)

It must be launched from an administrator-elevated command prompt session.

Please bear in mind that it is really a powerful tool that “…you can use to perform many FAT and NTFS file system related tasks, such as managing reparse points, managing sparse files, dismounting a volume, or extending a volume” according to Microsoft.

But it is of note to this post as it contains the ability to create a dummy file.  (Though truth be told, using this utility to do so is a bit like using the Death Star to swat a fly.)

Documentation of changes in it from XP to Vista to Win7 are a bit hard to come by.  This link outlines the XP subcommands.

ITsVISTA rounded up the Vista changes, including the additional subcommands of repair (self healing management), resource (Transactional Resource Manager management), and transaction (Transaction management).

On my Win7 system I see it also contains all the XP and Vista noted subcommands and now adds 8dot3name (8dot3name management).

To view help for the available subcommands at the command prompt, type fsutil, type the subcommand, and then type help (that is, fsutil subcommand help).

However what we want is to make a dummy file.

C:\Windows\system32>fsutil file createnew help
Usage : fsutil file createnew <filename> <length>
   Eg : fsutil file createnew C:\testfile.txt 1000

So we would type the following fsutil file createnew D:\dummy_file.txt 512

C:\Windows\system32>fsutil file createnew d:\dummy_file.txt 512
File d:\dummy_file.txt is created

That just created a new file named “dummy_file.txt” on the root of the D drive at a size of 512 bytes.

See these kinda related coolnesses of fsutil:

See.  It’s easy to be a dummy.


--Claus V.

Tiny Stuff

Said with a nod to TinyApps Blog

Here are some links on some free tiny tools, tricks, and techniques that might be just darn fun or useful to play with.

Your mileage may vary.

I knows what I’s likely be doin over the holiday weekend!

Not a bad tiny post, I must say!

--Claus V.

For the Geeky Crew _ Mostly Virtualized

Virtualizations First

Here’s a collection of virtualized system applications and perspectives.

Me?  I’ve been running Windows Virtual PC almost exclusively at work and home.  Why? Well it seems to play sufficiently well with the Windows-based virtualized OS’s I use, test, and tweak.  Couple that with the added USB-support in the latest iteration of Virtual PC and I have the tools—and supporting utilities—I need to get my work done.

However, I might have to seriously reconsider that position after reading about the newest features in VMWare Player

Other stuff for sysadmins and techies

"For the Microsoft Office 2010 release, we will not support Windows XP 64-bit," a Microsoft spokesperson confirmed with Ars. Upon further inspection, we also noticed Windows Server 2003 support was missing. "For the best productivity and user experience, the benefits of 64-bit computing with Office 2010 is best experienced by utilizing the newly introduced 64-bit version of Office 2010 with Windows 7 (64-bit) or Windows Vista (64-bit) version." In short, Microsoft does not think the experience will be good enough on its previous operating systems.

So there you have it.

Claus V.

DECAF and COFEE, and a brush


I’ve been pondering for some time what to say regarding the COFEE / DECAF events of the past month or so.

Stick with me and I’ll get back to the personal touch-stone shown above.  It’s all related.

First let’s pour a cup of COFEE

Back in early November the Computer Online Forensic Evidence Extractor, a forensics tool made by Microsoft and distributed to law-enforcement groups, was released (accidentally or otherwise) and like so many photos of celebrities on a binge, quickly made its way across the Net in a firestorm.

Microsoft scurried to damage-control while others who weren’t privy to the law enforcement (LE) only tool salivated at the chance to break it down.   Curiously, when details on building the Windows Forensic Edition (FE) version of Windows PE (which by some reports, seemed to also include a COFEE package) made their way onto the web, nary a eye was raised or key typed regarding this “release” of forensic tool information.

Maybe it was because the COFEE spill came during a slow news cycle.  Or maybe because it was USB based and fairly auto-executing it was “relatable” and something that the masses could quickly digest.   Compare that to doing the heavy lifting understanding how to and executing the build of a custom Win PE disk, with registry tweaking and bundling of George M Garner Jr.’s Forensic Acquisition Utilities; all of which are CLI-based.  Nothing at all sexy here.

And yet I would argue that this Win FE tool, in the hands of a skilled investigator, is loads more threatening to the underworld than COFEE could hope to be.

Anyway, I digress.  Some folks cheered the release as it was proof that M$ was in cahoots with the goberment suits, enforcers, and MiB.  Other’s moaned that this was a body-blow to computer forensics and now criminals would run amok coming up with anti-COFEE techniques.  Pandora’s box was opening.

Sure enough: New tool deCOFEEnates Windows systems - The H Security: News and Features  (one of many).

DECAF swept the Net blog-o-sphere like wildfire.  But just what really was going on with both?

As far as I can tell, COFEE just manually or auto-executes a slew of publically available system administration and “forensic-type” utilities and allows those results to be saved as log-files back to the USB stick containing COFEE.  It’s pretty much “plug-n-play.”  No in-depth analysis.  No sirens going off or “look what I found Mr. Policeman”.  Just raw and dirty data-collection and logging.  Someone still has to sift though it all.

Simon Price outlines its features simply in his More COFEE Please, on Second Thought… post

Make yours DECAF?

Thought was that some baddie could install this program, let it just sit there monitoring the system for the door-busting entry-team with their COFEE laden USB dongles ready to thwart nefarious LE attacks.

Simon then actually took the time to break down exactly what it did on his Praetorian Perfect blog: Regular or Decaf? Tool launched to combat COFEE.  Really?  Not much.  It is an interesting read.  Thank you, Simon, for the time it took to share this.  I appreciated it.

Despite the few folks who were trying to assess the real merit and worth of DECAF, many still bought into the hype and excitement of DECAF.

Fortunately or unfortunately, it all came crashing down this week: DECAF Was Just a Stunt, Now Over – Slashdot.

It may never be clear what the true motive and direction those responsible for DECAF had in mind.  Needless to say, the site closed up shop in a somewhat bizarre rant, and a few sour-grapes from those who got taken.

Perspectives That Matter

Simon Price (again) spent some time tossing up a post showing that it really wasn’t “disabled” but is rendered non-functional because it calls home when launched.  No response from the mother-ship? No workie!  Only Simon showed how it can be done anyway…not that anyone really would care to do so.

In Simon’s post, he offers a number of valuable points from this whole COFEE/DECAF drama:

If you have a serious computer crime to deal with, get a serious computer forensics investigator, who uses sets of real computer forensics tools based on the situation he or she is faced with.


part of the unnecessary nonsense generated around the leak of COFEE and all that followed was the inappropriate way it was originally released and marketed as “only for law enforcement”. Forensics tools must be well known, analyzed by experts, and their effects on target systems well documented. Thus releasing a closed source tool to a small community meant that COFEE could never be used seriously to present evidence in court. That is if it did anything novel, but it doesn’t, COFEE allows the user to run existing tools, system utilities, from a USB stick.

The promise of COFEE, how it was marketed, has sold a number of people on why its so important that it was leaked and subverted. Standardization of incident response tools (as in only a couple are used) would be a nice idea, but would be an effort faced with serious challenges because heterogeneous non-complex IT environments are a thing of the distant past. Having less skilled people “run a tool” that allows them to perform data capture is a nice idea, albeit even a little more dubious. What lawyer could not get evidence from a computer thrown out that’s collected by someone who doesn’t understand a computer? The reasons why it would be a positive is clear, forensic data would not be lost even if an investigator lacks computer forensics skills, and frankly there are not that many good computer forensic investigators to go around.

But COFEE does not deliver on either of these aspirations, as much as some might wish it does. And it was easily countered, meaning any bad actor could have done it. And tools aren’t evil, the people who use them are.

Well said, Simon.

Windows forensic author and guru, Harlan Carvey has been rather silent on the whole thing until now. Gotta respect his patience and wisdom.  That’s a mark of a pro.  He’s probably been hanging out with the other real computer forensics experts, watching from his porch the COFEE/DECAF train-wreck litter his lawn with spilled beans.  He also has shared his thoughts:

It's long been known that subversive tools and techniques, colloquially referred to as "anti-forensics" tools, haven't been directed at subverting other, tools such as timestomp aren't meant to subvert EnCase or even NTFS. What's being targeted here is the analyst and their training.


When you really think about it, DECAF is meant for one subvert the use of COFEE. If the responder is a one-trick pony, and ALL they have is that COFEE over, and DECAF, wait...I wasn't gonna say "done it's job". No, what I was gonna say was the DECAF has demonstrated the shortcomings inherent to types of responders that rely solely on the use of one tool, such as COFEE.

And For more Keydet89 thoughts, continue reading his DF and Disclosure post.

[One of the authors of DECAF] primary issue with COFEE throughout the interview seemed to be that it could be fingerprinted...that there were automatic means by which someone could determine that COFEE was being run on a system. Okay...but isn't that true for just about ANY software? I don't know the inner workings of DECAF, but couldn't the same thing be said for other responder tools? According to an article in The Tech Herald, it appears that COFEE's primary purpose is to automate the use of 150 (wait...150?!?) tools, some of which include tools available from the MS/SysInternals site.

How many other responders use these tools?

How many other toolkits could possibly be affected by tools such as DECAF?

Consider this...why COFEE? Why not Helix? Why not WFT? Why target a tool released by MS, and not one, say, endorsed by SANS? I'm not going to speculate on those...those are for tool authors themselves to consider.

That’s the exactly the same point I made earlier regarding Win FE.

So what does all this have to do with the photo of the makeup brush on the photo at the top of this post?


See, that little brush is the personal fingerprinting brush my Hoover-era FBI agent grandfather carried.  It might look brand new but a close inspect finds specks of dust embedded between the brush hairs. The gloss has been worn away from the center of the bush-handle where it had been spun in his fingers.  Yes, it does look like just another tool, one of many makeup brushes like Alvis or Lavie have on their bathroom counters.  Yet it is different.

In his skilled and trained hands, he could lift prints which would be manually compared against many, many, many held in catalog files. No CSI-eye-candy computer databases back then.  And Grandpa and his colleagues also faced “anti-forensics” in their time too. Crooks wore gloves, wore masks, may have burned their shoes or clothes, tossed the iron into the river. Some even went hard-core and used chemicals or other methods to try to remove their own fingerprints from their fingertips.

Yet with patience, common tools used by common men, with uncommon training and discipline, that “makeup brush” would often lead them directly to their collar.  Same goes for all these system administration tools, utilities, and other “forensics” specialized software applications.  Just tools. Inert and (sometimes) worse than useless unless wielded by a skilled investigator.

Guys like Simon Price and Harlan Carvey get it.  There are many other hard-working forensics women and men who don’t have blogs or books or other stuff who also get it, and get the bad-folks.  They understand that the real threat the bad-folks face and fear isn’t the tools, or programs, or utilities; it’s the knowledge and skills of those who are behind them.

In the end, I believe it never really is about the tools/software. Really.  It all boils down to the skill and knowledge of those that use them. Period.  Everything else is just means to an end.

There will always be specialized tools to help aid LE and forensic/incident responders.  And there will always be others who seek to subvert, disable, or fuzz those tools.  It’s just another arms-race of sorts.  What matters is what we are doing to train and maintain the knowledgebase of those who stand in that thin-gray line, and recruit others to join their ranks in the future.

And with that, I’m raising my cup of decaffeinated coffee, and a simple brush, to dear grandpa.

And yes, that is him in the photo directly underneath the brush…about the time of his retirement from the F.B.I. That man had the strongest and firmest hands I have ever known.  And they almost always had a tool in them…always practicing, always busy.

--Claus V.

More COFEE/DECAF linkage for those who still care..