Tuesday, May 26, 2015

Browser News: Firefox and Vivaldi (Damp Edition)

From yesterday afternoon though early this morning, the Houston metro area was inundated with rains causing extensive flooding. Highways, bayous, side-streets all have become waterways. Kayaks are more useful right now than cars.

Telework is a good thing for your staff. Just saying.

So while we wait for the waters to recede here are some links touching on Firefox and Vivaldi web browser developments.

Mozilla Firefox

It is just me or does it seem that there are more and more tweaks needed to remove/disable “features” being added to Firefox. I remember the good-old-days when Mozilla Firefox was the browser to go to for a lean-mean no-bloatware featured product. That’s what the “add-on/extension” platform was so exciting. If you wanted to add features, you decided what you wanted and added it! No more it seems. Sigh.

Vivaldi

I’m spending more time settling into Vivaldi. It still runs #4 (behind Firefox, Chromium, and IE 11) as a go-to browser for me. That said if development continues at this pace, it might just get swapped with my Chromium build.

The inclusion of a “true” bookmark side-bar feature is the biggest factor attracting me to Vivaldi. If you have been a hard-core Firefox user and depend on the bookmark side-bar in Firefox, the lack of a corresponding feature in Chrome/Chromium is a real hassle to swapping.

If you haven’t checked out the Vivaldi web-browser project yet, I encourage you to do so. It is still in a Technical Preview/snapshot state but so far it has been very stable for me. I wouldn’t use it with any high-security (banking/bill-pay/shopping) sites due to it’s current build state, but for general web-surfing and meme-following, it is very smooth and dependable.

Cheers,

Claus Valca.

Monday, May 25, 2015

Revisiting the Toshiba Laptop Error: Workaround Attained!

It has been just over 1 month since I posted the GSD Crowd Source Troubleshooting Flare: Toshiba Laptop Error.

My uncle had been doing OK with his Vista loaded Toshiba Satellite A215-S4757. (Part No: PSAEGU-01100U.)

However he started getting the following BIOS error in booting:

System Configuration Data updated
ERROR
Resource Conflict – PCI Serial Bus Controller in slot 01
    Bus:1A, Device:04, Function:01
ERROR
Resource Conflict – PCI Mass Storage Controller in slot 01
    Bus:1A, Device:04, Function:02
ERROR
Resource Conflict – PCI Serial Bus Controller in slot 01
    Bus:1A, Device:04, Function:03

We could continue with the BIOS boot process and eventually get to the desktop Vista load.

That then reported a driver issue with the “Memory Module” driver and we were unsuccessful with getting one installed. My uncle reported there were also a few other device errors found in the Device Manager.

Miles Wolbe left a comment in the post that led to the solution. They key bit of his detailed research was this:

Check the Device Manager for what device is on (in your case) Bus 1A (26 in decimal).

Attila-Mihaly Balazs was close behind.

Just an observation: the error message talks about different PCI devices (serial bus and mass storage - this could the the SD/CF card reader), so I don't think it's a memory issue but rather an issue with those devices. Is the BIOS failing to detect them properly?

Upon finally being able to coordinate a remote-control session with my uncle, I checked the device manager to look at the details of what was showing an error…and what their bus # was (looking for “1A” or “26”).

Guess what we found?

Image-1

Image-2

Image-3

A more detailed look with SIV - System Information Viewer found some more details.

Image-4

Tech Tip: if you haven’t ever ran an SIV “Save all” export to TXT file(s) before it is an amazing thing to behold once done! Extreme system hardware documentation!

Basically every one of the bus number “26” items listed there report “Detected Parity Error”.

The PCI bus item involves the Cardbus Bridge (26-04-0), the OHCI FireWire (26-04-1), a Memory Controller (26-04-2), and a SMBus Controller (26-04-3) all sitting on it. That seems to involve the 5-in-1 “memory” card reader device.

Do those look familiar? They should!

ERROR
Resource Conflict – PCI Serial Bus Controller in slot 01
    Bus:1A, Device:04, Function:01
ERROR
Resource Conflict – PCI Mass Storage Controller in slot 01
    Bus:1A, Device:04, Function:02
ERROR
Resource Conflict – PCI Serial Bus Controller in slot 01
   Bus:1A, Device:04, Function:03

So I went in and set both these “error state” devices to “disabled” manually.

This didn’t stop the BIOS errors from still appearing, but did prevent the errors and device driver detection attempts when Windows Vista loaded.

My uncle was satisfied with this fix and figures he can keep it running for a while longer before deciding to do a repair or replace it with a new system.

My uncle had been doing a lot of photography and may have caused a crack or problem with the card-reader/connection to the mainboard to develop while heavily using the integrated card-reader.  He can live without it and works around the issue by using an external USB connector to flash memory card reader to still access his photos.

Here are some supplemental resources if/when a motherboard replacement may be decided upon:

That last link was very fascinating.  I didn’t spring for the schematic, but the picture provided shows the PCI card-bus. It seems very likely to me that this is the same TI IEEE 1394 Bus host controller we are having issues with.

Laptop-schematics.com also provides a free samples page where you can download a RAR file for many motherboards including Toshiba. I took a look at that sample one and while I am no electrical engineer, I can see how these documents would be very helpful for low-level hardware troubleshooting and problem isolation. Really cool stuff there!

So all is well and special thanks to Miles, The FF Guru, and Attila-Mihaly for contributing to the solution!

This was an excellent and nicely guided journey to see how BIOS errors can be translated into the Windows device manager (and more) with some friends, logic, and a few utilities.

Cheers!

--Claus V.

Windows 10 Link Dump

MSDump

CC Photo Credit: by Choctopus on Flickr

Like an albatross around a sailor’s neck, this collection of Windows 10 links has been a bookmark favorites mark of shame. Time to shed it. I’ve dumped lots of hoarded links trying to pare it down to the bare minimum. It’s purpose is for reference as I continue to wrap my head around what Windows 10 means for the Microsoft eco system and the path to follow when it comes out.

Microsoft Edge Browser

TL:DR - First the new Microsoft web browser was “Spartan” then it became “Edge”. And there are two different Microsoft Windows 10 browsers; the traditional “desktop” browser IE 11 and the Windows App browser “Edge”.

Windows 10 Upgrade

TL:DR - Non-enterprise/volume Windows licensees will be allowed (for a limited time period) to upgrade their Genuine Windows 7 and up OS versions to Windows 10 at no cost. Non-enterprise/volume Windows licensees running non-genuine Windows versions will also be allowed to upgrade to Windows 10 for free--but will be watermarked and still retain their non-genuine Windows status. I wish Windows Vista users could also get grandfathered in, however there is a good possibility they (Dad) are running Vista on hardware that might not support Windows 10.

Windows 10 Updating

The Build Ladder

I had planned on providing lots of URLs expanding the review of each of the major Windows 10 build preview. But then there have been lots of build releases, and it got a bit repetitive. I’m only putting in the best-of-the-best I saved. Each time a new build came out I got all excited and stuff but then the next one was released and I looked back to the previous one and said “Meh.”

How to do “Stuff” with Windows 10

Of course learning a new Windows GUI configuration can be fun but frustrating. So here are some useful references for doing stuff under Windows 10.

Thinkers Thinking on Windows 10

Windows 10 ADK/MDK/Server 2012 Previews

Windows 10 for Makers

--Claus Valca

Monday, May 04, 2015

iOS Security News

It’s hard enough keeping current on just the Windows security ecosystem. Now that we are iOS mobile device users as well, there is a whole second ecosystem to keep a security eye on. Of course, those devices have software and need to communicate so there are those layers as well to monitor for security awareness.

So here are a round of articles and tools involving iOS security findings of late.

Per that second Ars Technica article by Dan Goodin, each are different bugs but both involve components of AFNetworking,

“an open-source code library that allows developers to drop networking capabilities into their iOS and OS X apps. Any app that uses a version of AFNetworking prior to the just-released 2.5.3 may expose data that's trivial for hackers to monitor or modify, even when it's protected by the secure sockets layer (SSL) protocol. The vulnerability can be exploited by using any valid SSL certificate for any domain name, as long as the digital credential was issued by a browser-trusted certificate authority (CA).”

  • SSL MiTM attack in AFNetworking 2.5.1 - Do NOT use it in production! - Minded Security Blog - a more technical breakdown of the security issues. According to the post, the issue has been fixed in a newer 2.5.2 version of their library code. However it still requires developers to update their apps and get them on user’s devices where installed.
  • iOS Code Report - SourceDNA’s searchable database to see if your iTunes Developer has released app(s) that remain vulnerable to the weaker code.
  • SSL Analysis: Now With More Pinning - SourceDNA | Code Transparency for iOS & Android Apps, SDKs - SourceDNA Blog

This database reminded me of the ZAP - Zscaler Application Profiler that I had previously come across. It remains a great tool to look up the security of an iOS (or Android) application before -- or after -- you install it on your device.

From the “About” page link:

About ZAP

Zscaler Application Profiler (ZAP) is web based tool designed to streamline the capture and analysis of HTTP(S) traffic from mobile applications. ZAP is capable of analyzing traffic from both iOS and Android applications and includes the following functionality:

  • Search: View summarized historical results for past scans.
  • Scan: Proxy traffic from a mobile device through the ZAP proxy and the mobile app traffic will be automatically captured and analyzed
  • iPCU: Upload your iOS device configuration file(.deviceinfo) to check risk score of installed application. It will give you overall risk score of your device. The information provided is based on out knowledge base.

ZAP classifies traffic into the following buckets and calculates an overall risk score for the application:

  • Authentication: Username/password sent in clear text or using weak encoding methods.
  • Device Metadata Leakage: Data that can identify an individual device, such as the Unique Device Identifier (UDID).
  • Personally Identifiable Information Leakage: Data that can identify an individual user, such as an email address, phone number or mailing address.
  • Exposed content: Communication with third parties such as advertising or analytics sites.

Zscaler also has a detailed video on this service on their blog: Zscaler Research: Introducing ZAP.

  1. Check their historical report data on apps already researched, or
  2. Connect your device to their proxy to do a scan on a new app/version not already captured historically, or
  3. Upload your own iOS device config file.

Meanwhile on the far side of the globe, web security/developer Troy Hunt has been hard at work finding issues with additional iOS apps down under. His reviews provide great learning material to extend across other iOS application reviews closer to home.

Troy offers a free Pluralsight course to help get into the issues around mobile app security, Hack Your API First – Pluralsight Training

Finally, here is a guide from the Telerik crew on how to use Fiddler to Capture Traffic from iOS Device

Constant Vigilance!

Claus Valca

Sunday, May 03, 2015

Sysadmin Linkfest Extravaganza

Like I said, I’m opening up the floodgates…again for my personal reference but there is the off-chance you might find something useful in here.

Network Stuff

Vivaldi Browser News/Releases

Firefox/Mozilla News

Google Account Protection for Chrome (sort-of)

The point of the bypasses (to me) isn’t so much that Goggle’s effort is a fruitless effort, but that the noble cause demonstrates the challenges of password security monitoring and the (relative) ease of exploiting/bypassing such attempts.

Chrome Web Browser News and Tips

Internet Explorer 11 and Enterprise Mode

Critical Updates…better late than never…

I note that on at least one Win 7 Professional system I support (x64) KB3046269 continues to present itself as needing to be installed after it installs and the system reboots. This seems to be reported by others as well. It’s not fatal but is a nuisance.

Samsung SSD EVO 840 Firmware Released (+ other SSD news & Tips)

Previous details:

The Samsung Magician software update (v 4.6)and then followup firmware update (EXT0DB6Q) went smoothly on my EVO 840 SSD drive. The only special thing I had to do was first to disable RAPID mode, reboot, apply the update, reboot, enable RAPID mode again, then reboot.

New and improved utilities

Malwarebytes Anti-Malware Update

General Security Bits for Sysadmins

I have always liked using Stinger as an alternative malware scanning tool to get an additional opinion on a system’s state of cleanness after a malware infection. I also like the features that Raptor provides. However I’m not sure I like it being bundled in with Stinger; particularly since it actually installs into the system and you need to know in advance it does this…and how to remove it when done. Count me undecided for now…

So, have you seen that new Age-Guesser App from Microsoft? Guess what…

IANAL and there is some conflicting commentary about the TOS noted on the page link and the “P.S. We don’t keep the photo” statement also on that page. I’m just saying…

Update 05/04 - per the Observing Virality in Real Time article post, they have provided the following statement:

Updated 5/2/2015

We've had some questions so we updated this post to be more clear. To answer the top one: No we don't store photos, we don't share them and we only use them to guess your age and gender. The photos are discarded from memory once we guess. While we use the terms of service very common in our industry, and similar to most other online services, we have chosen not to store or use the photos in any way other than to temporarily process them to guess your age.

Tips, Tricks and Tools

I really like the OffCAT tool. It is awesome for diagnostics and configuration troubleshooting and assessments. This new version looks even more feature-packed!

Ubuntu 15.04 Released

It took forever to download and upgrade my previous Ubuntu install to 15.04. Sure I made the mistake of doing it over WiFi rather than a wired connection. And I didn’t stick with it so it hung up on some packages that needed my express confirmation and I had stepped away (slept overnight) so it couldn’t continue till I discovered the pause in the morning. I was running it in a Virtual Box session and it crashed a couple of times booting up after the upgrade process completed. However I kept rebooting and eventually it cleared the errors itself and continued on to a now stable state again. Upgrade was good.

Surface Pro 3 Admin

Microsoft Visual Studio Code release - Cool factor +10

Notepad++ works good enough for me for my humble code editing needs (XML/HTML markup mostly). However this also has syntax highlighting for a ton of languages.

Note per the project page fine print:

By downloading and using Visual Studio Code, you agree to the license terms and privacy statement for Visual Studio Code. When this tool crashes, we automatically collect crash dumps so we can figure out what went wrong. If you don’t want to send your crash dumps to Microsoft, don't install this tool.

So if that bothers you, be warned that here could be privacy dragons. Or just don’t crash their code.

Topics still to be posted from the bookmark hopper..

To name just a few…

Cheers!

Claus Valca

(mostly) Fast burn video file to DVD-playable format

I had a request the other day at the church-house to get a short digital video file onto a DVD for a class so they could play it on an old-school DVD player. By that I mean it needed to be a playable DVD format and not a digital video file burned onto a DVD data-disk like some “modern” DVD/BluRay players can handle.

For whatever crazy reason, Microsoft’s DVD Maker application kept choking during the DVD creation process and I really didn’t have the time or energy late that night after work to troubleshoot the problem.

After some searching I found good comments for the Open Source program DVD Flick. I couldn’t find a portable version of it (see this interesting comment thread and this one too) so ended up installing it.

Unfortunately, what I should have done was to RTFM. In my choices I opted to burn the project to DVD rather than making an ISO of the DVD.

For whatever reason, it choked during the DVD writing process. Subsequent attempts to repeat the process or switch to the ISO method left me with a hung application launch of DVD Flick. Even after system reboots. I was tired and running out of time before the lights got turned off on me. So I uninstalled it. Then, my other ISO burning tools seemed to have problems detecting my R/W DVD drive as a writeable drive. It picked up the hardware and drive letter but they just seemed to stare blankly at the device being available for drive writing.

Sheesh.

Eventually--despite no effort on my part other than trying time after time to get the system to see it as a writeable drive, another failed attempt at Microsoft DVD Maker ended up with it recognizing the drive as writeable source. Then the others fell in line and agreed they would recognize it again too.

Anyway, I punted and used DVDStyler Portable over at PortableApps.com. I made a simple menu, copied the video file to the queue and ensured I selected the NTSC option for the video format and not the default PAL format. I left the remaining options as is.

Having learned my lesson I wrote out the resulting DVD as an ISO format, then used another app to burn the ISO to the DVD.

I tested the DVD in several different DVD players (the PC itself with VLC player), a DVD player connected to our projection system, and a bargain basement DVD player connected to a flat-panel display with S-video cable. It worked fine in all of them.

Project done.

I want to spend some more time with DVD Flick as the comments seem so positive and my issues may have been as much due to my tiredness and lack of patience rather than the software/system.

I also later found this Free Video to DVD Converter software over at DVDVideoSoft. I don’t know much about the company or the product but it looked positive and simple. To the developer’s credit, they do clearly note on the product page they do third-party bundles with their software but that you can opt-out of those products. That always makes me wary but to they seem to clearly let you know what to expect so props for that. If I do try it I’ll do an update to this post.

Do you have any other recommendations for free/open-source solutions to quickly get one (or more) video file formats ported over to a DVD for standard DVD player playback? I’m open to suggestions!

Cheers!

Claus Valca

Old News Update on TrueCrypt

My “to blog” hopper is overflowing with linkage. However there have been a number of challenges keeping up with the onslaught of “real-life” work and family needs lately.

The hopper is much neglected.

I anticipate there will be a series of upcoming posts that cover very old (in Internet time) topics that I still want to get up for my own reference.

This is one of such posts.

I use TrueCrypt to encrypt my primary personal laptop. The protection is against data-loss due to common theft.

The TrueCrypt project shut down suddenly, freaked a bunch of folks out, and spawned an independent security audit of the source code. Many folk fled in panic. I decided to stick it out and leave TrueCrypt in place rather than migrate to another solution. In April 2014 the first phase of the Audit was completed (PDF link) and things generally seemed fairly solid.

The second phase of the audit was finished up (PDF link) in April 2015 and things again looked relatively positive for the core security integrity of the software.

Here’s the rest of the story:

Now that the dust has settled, I remain confident in sticking with the current TrueCrypt deployment on my system. If/when I upgrade to Win 10 I’ll have to remove the TrueCrypt encryption and begin looking for the next alternative. But until then, it’s good enough for me.

Cheers,

Claus Valca

Thoughts on USB drive duplication for Sysadmin work

Deployment of system images has matured over the years at the sausage factory.

In the wild-west days, we would have just a handful of hardware platforms. So when they came off the truck from the factory, we would use Clonezilla to grab an image of the system.  As time went on we would periodically apply the respective image back to each of the platforms, run all our update processes, do a new Sysprep shut it down, capture an updated image, rinse, repeat.

I later shifted image capture from Clonezilla to Microsoft’s ImageX platform and could capture multiple platforms in a single WIM and deploy it depending on the specific hardware. That really helped cut down on having “separate” image DVD’s and external HDD’s to carry around and saved a lot of space due to the way ImageX and WIM files worked.

As the organization grew (became more departmentalized and specialized) other teams gradually took over the imaging process and standardized it.

Today we no longer handle the image building and distribution work ourselves but get the latest images built and shipped to us on a master USB stick.

Hopefully we will move on from this method to PXE booting and image deployments. Won’t that be exiting!

So now the challenge has shifted from system image duplication and distribution to image device duplication and distribution.

Typically the method involves taking the (bootable) USB master stick, and capturing a single IMG file of the entire device, then writing that disk image back to all the target drives.

I’ve struggled with this method for a number of reasons:

  • As the USB sticks have gotten larger, the time to capture an image of the drive has gotten longer.
  • As the USB sticks have gotten larger, the time to write an image of the drive to other devices has gotten longer.
  • It takes a lot of space to store these IMG files; particularly as I tend to hold on to a few of the previous versions--just in case.
  • Since we rarely use the entire space on the USB drive, there is a lot of wasted space and time capturing and then re-writing back that unused space.
  • As different USB sticks are procured, variances in actual space on disk can wreak havoc when your master stick turns out to be a “larger” 64 GB USB stick than the purchased 64 GB USB stick you were given.

The popular tool we were asked to used for this duty was PassMark Software’s ImageUSB.  This tool is “standalone” software, works great on capturing a single IMG file of a removable USB device, and handles writing the image back great; even to multiple devices. So if you set up a bunch of USB hubs you can quickly write the image back to them all. Well, assuming that the IMG file represents a “smaller” USB storage amount than the devices you are writing back to.

I also like Alexander Beug’s USB Image Tool which can capture both device and volume-based images of removable USB devices. It has a few more bells and whistles.

Steve Si also details how you can use RMPrepUSB to capture a more efficient image of a USB drive in his Bulk duplication of USB drive images post.

In my post All Kinds of USB Cloning Challenges… I outlined how I had used both ImageX to capture a WIM-based image of the master drive and then after some DISKPART and BOOTSECT work, restored the WIM image to the drives for cloning. That works as well and saves a ton of time and space overhead storing the files that make up the master image stick rather than taking\writing a sector-based device image of the master.

I really prefer to stick with Microsoft based solutions where I can due to the health-department standards of system cleanliness on the sausage factory floor. There is always a risk bringing in and using third-party tools and I’m not a coder so I can’t audit the code these apps run on. Can’t be too safe I suppose. So I continue to fiddle around with alternatives to the WIM based image capture/cloning method.

I’ve got a library of WIM images of these master USB images and they are pretty small. They are stored on a external USB drive. However sometimes I don’t want to go through the extra steps of connecting up the drive, authenticating past it’s encryption, and then deploying the WIM to the USB stick after re DISKPART prepping the target device.

It takes me about a minute tops to go through the IMAGEX steps to re-prep a USB drive I want to apply an image to:

And did this from the command line window.

>DISKPART

DISKPART>LIST DISK

note: this is to confirm which disk number the USB drive was showing at…in this case the USB stick was disk 1 as my system disk was disk 0. Be sure you get this part identified correctly or bad things can happen! Your system will almost certainly vary!

DISKPART>SELECT DISK 1

DISKPART>CLEAN

DISKPART>CREATE PARTITION PRIMARY

DISKPART>ACTIVE

DISKPART>ASSIGN LETTER = E

DISKPART>EXIT

>format E: /fs:ntfs /q /y

note: at this point I have a freshly formatted (smaller) USB stick that is empty. Next I need to make it “bootable” so the USB stick will work as designed for system booting/imaging after the files are restored. I used the bootsect.exe tool to do this. You should be able to find it under the Windows ADK that you probably installed to get to this point to first have snagged imagex.

> bootsect /NT60 E:

Then I have just used a working “master” USB stick I had cloned off the true USB master stick I got and do a simple XCOPY to copy the files from the master to the copy.

XCOPY D:\*.* E: /e

That seems to work pretty well and duplicate USB sticks perform as needed.

I’ve also seen a variant command thusly:

XCOPY D:\*.* E: /e /h /k

The “/e” switch makes sure that directories and subdirectories -- including empty ones -- get copied.

The “/h” switch makes sure that hidden and system files get copied.

the “/k” switch makes sure that attributes get copied also as the normal xcopy will reset read-only attributes.

More here: MS-DOS xcopy command help - Computer Hope

However, Win 7 and up also now come with RoboCopy as part of the arsenal.

So I should be able to do the DISKPART parts, then use the following command to make my clone:

At the simplest I could do the following:

Robocopy D:\ E:\ /E

But since I am really trying to make a mirrored duplicate of the “master” I could do thus: 

Robocopy D:\ E:\ /MIR

At this point it seems that the biggest choke-point in the image clone deployment process is the speed at which the system can shuffle data through the USB port(s) and onto the USB stick itself. Man those things get warm when done!

And here is the other thing.

Our new Windows 8 Surface Pro 3 tablets use a different USB stick for their image/deployment.

And they aren’t just any “removable” USB stick. Nope. They have to be seen as “fixed disk” type USB drive hardware as they contain two separate and distinct partitions. Windows can’t recognize those on “removable” type USB flash drives.

So out goes PassMark’s ImageUSB tool as it can’t handle the fixed disk type USB devices with more than one partition. Nor does USB Image tool seem to handle device duplication of these multi-partition fixed disk USB drives. At least as far as I have been able to figure out.

However, being able to see and replicate the fixed-disk USB flash drive partition structure and make it bootable using just DISKPART and BOOTSEC, AND being able to restore the files to each of the partitions using either IMAGEX WIM deployments, XCOPY, or ROBOCOPY these methods make duplication of even these “fancy-pants” USB image deployment master sticks pretty straightforward.

Now, if I can only convince the powers that be to invest in USB 3.0 drives and hardware platforms that use USB 3.0 ports, I should be able to really cut down the image capture and image/file writing times for duplication.

If you have any other suggestions or recommended additional switches for use in these scenarios with XCOPY or ROBOCOPY please drop some tips in the comments.

I’d love to refine the process and steps even more.

Cheers!

Claus Valca

Quickpost: MSICUU2, Program Install and Uninstall Troubleshooting Tool, & C:\MATS

So the other day we were trying to remove some Microsoft software that had been installed on a Win 7 system but was no longer listed under the “Programs and Features” list.

In the past we would have reached for the Windows Installer CleanUp Utility (MSICUU2.exe).

Only we discovered that it is no longer supported.

Instead Microsoft now offers a replacement FixIt solution for these situations under KB290301.

What happened to the Windows Installer Cleanup Utility (MSICUU2.exe)? - Microsoft Support

We ran it. Unfortunately it didn’t help our particular issue. Also we noticed the presence of a C:\MATS folder with a bunch of stuff related to the app we were trying to install that had not been present before running the tool. Curious.

A bit more searching found this wonderful article that also details the Program Install and Uninstall Troubleshooting Tool.

Link to more information about the Program Install and Uninstall Troubleshooting Tool - Aaron Stebner's WebLog

Aaron details two locations you can get this tool from:

Quoting from Aaron Stebner’s post, below we find his explanation of the C:\MATS folder creation and contents:

More details about how the tool works

The Program Install and Uninstall Troubleshooting Tool does the following behind the scenes when you use it to uninstall a program:

  • Creates a system restore point prior to removing program files and registry entries.  This restore point can be used to return the computer to the state prior to any action taken by the tool.
  • Makes back-up copies of all files and registry entries that it will remove to a folder under c:\MATS\<ProductCode>.
  • Backs up files in sub-folders that correspond to the system drive letters.  For example: c:\MATS\<ProductCode>\FileBackup\c\...
  • Backs up registry information in an XML file. 
  • Creates a PowerShell script that can be used to automatically restore file and registry information deleted by the tool.  The PowerShell script will be located at C:\MATS\<ProductCode>\RestoreYourFilesAndRegistry.ps1, and you can double-click on it to run it if you have PowerShell installed.
  • Stores additional information in the registry about actions that it has taken.  This information can be found at the following location:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MATS\WindowsInstaller\<ProductCode>\<DateTime>
    The most useful piece of information stored at this location in the registry is the return value received when MATS attempted to run msiexec /x to uninstall the product.

The Program Install and Uninstall Troubleshooting Tool requires Windows Installer product codes in order to know what file and registry information to remove from the computer.  For programs that are listed in the tool UI, the product code will appear as a tool tip when you mouse over the product name.  If you choose the Not Listed option in the tool UI, you can use a tool like MsiInv to determine the product code.

That last paragraph is very important. You will need to know/provide the Windows Installer product code during use of the utility. If you don’t know it already (say from a working system/application install) then you will need to find it.

These additional posts by Aaron are also great supplemental references.

Yes, there are lots of other third-party applications for installation/removal of applications. However, in this case we were dealing specifically with a MSI-based installer for a Microsoft product line and really wanted to avoid use of any third-party non-Microsoft utilities in case this turned out to be a process we needed to use enterprise wide.

Note: Yes, you can find the Windows Installer CleanUp Utility (MSICUU2) archived at some third-party download locations. However, use on your systems at your own risk: Download Windows Installer CleanUp Utility - MajorGeeks.

Likewise, if you are just dealing with one of the Microsoft Office Suites, these guides may also be useful as they contain a number of different methods to remove the suite from a system:

Cheers,

Claus Valca