Monday, February 15, 2016

Browser MetaData Leakage

I read this recent post by Dr. Neal Krawetz with some wonder and amazement.

He followed that one up with another related post, Just Browsing. See also his Invasion of Privacy post for browser fingerprinting and some perspective on “private/incognito” browsing session tracking.

The identification that (in some cases) your cellphone carrier could be adding extra headers to your smart-device information requests is not shocking in this day and age. But that it could contain (leak) your personally identifiable cell phone number was quite a surprise!

From Dr. Krawetz’s post:

Consumer Cellular has agreements to use T-Mobile and AT&T networks. If my cellphone uses the T-Mobile network, then no extra headers are added to my HTTP requests. However, if my phone uses AT&T's network, then AT&T appends a lot of personal information to every HTTP request:

  • X-Att-Imsi: This is my International Mobile Subscribed Identity and is unique to my phone.
  • X-Att-Plmn-Id: This contains my MCC+MNC code; that's the mobile country code (MCC) and mobile network code (MNC). These values identify the country and carrier. For example, MCC 310 is the United States, and MNC 410 in the United States is Cingular Wireless (now AT&T).
  • X-Up-Calling-Line-Id: This contains my cellphone number. Seriously: AT&T sends my direct cellphone number to every website my phone visits. Looking over my web server logs, I see other people who have been through this same path. Thanks to AT&T, I have direct phone numbers for people in Portland, Oregon and Cincinnati, Ohio and Roanoke, Virginia and... I'm actually surprised that my cellphone hasn't received more telemarketer calls.
  • X-Up-Subno: This very-disturbing field includes a timestamp that shows when (down to the second) I signed up with Consumer Cellular.

That got me looking for more information and I didn’t find much.

This circa 2012 post goes into some additional details:

It points to a test web page maintained by the interviewed researcher Collin Mulliner that can show some of your browser headers:

Running several tests with my cellular devices (with Wi-Fi disabled to force the data cross AT&T’s network) came back “clean” of any PII meta data; at least as far as this particular test was able to detect.

More information on the project and issue details here: HTTP Header Privacy info page

It was noted by the post author that the issue was with “medium-price-ranged” phones that needed a Web proxy to reformat Web content. And that iPhones and Androids do not do this.

I do plan to hit this Choices and Controls | AT&T Privacy Policy site with my devices as well to then “opt-out” of several of their analytics services listed there.

Finally, Martin Brinkmann at ghacks.net has an astounding roundup of links related to online privacy checkers.

That one is a keeper in your bookmarks.

Constant Vigilance!

--Claus Valca

Opening more than one Firefox bookmarks “Library”

In trying to get a handle and organize my terribly large collection of “to be blogged” bookmarks of late, I found the desire to open more than one window of the Firefox bookmarks “Library” window.

I thought this would let me spread-out a bit and drag/drop them between – and within – different sub-folders much more efficiently.

Only I couldn’t quite make it happen.

Then I found this tip from “Gingerbread Man” on how to create an action bookmark to do just that.

1. Bookmark the following URL.

chrome://browser/content/places/places.xul

2. Middle-click the bookmark, or Shift+Click it, or right-click it and choose Open in New Window.

While not exactly two replicated “Library” window sessions, it is close enough. Yep. I can work with that!

The bad news (for me) is that I found some of my “to-blog” content over a year old and now I really have to winnow it down to remain relevant.

The good news (for you) is that I made a lot of headway in that area and coupled with some of the improvements in Open Live Writer, I might pick up the pace again.

Cheers,

--Claus Valca

MXA: Another specialized Windows Performance Tracing tool

Goodness knows I love a good Windows Performance Tracing exercise.

So imagine my delight when I spotted a new tool for doing just that – and one that is narrowly focused on tracing out audio/video playback issues!

Media eXperience Analyzer (MXA) is a visual performance analysis tool that enables engineers to optimize performance and quality of Media scenarios on Windows devices. MXA enables a broader range of performance engineers to infer meaningful information from a large amount discrete event data by representing events visually and providing powerful filtering capabilities. MXA is utilized to optimize quality, performance, and latency of the following scenarios:

    • Camera capture
    • Miracast & PlayTo
    • Energy efficiency for media
    • Audio & video playback & transcode
    • Real-time communications (Skype & Lync)
MXA is capable of loading traces collected on Windows, Windows Phone, and XBox. MXA assists with identifying delays and bottlenecks in the CPU, GPU, network, and disk and is primarily applied to:
    • Root causing audio and video glitches
    • Improving audio video synchronization
    • Correlating physical domain with software domain
    • Correlating power usage per component with system activity
    • Optimizing latency between Miracast source and sink devices
    • Optimizing devices for full screen video playback and low power audio
    • Verifying critical media threads are enlisted in Multimedia Class Scheduler Service (MMCSS)

How cool is that?!

To get a good understanding of the tool in action, Microsoft’s Channel 9 “Defrag Tools” has been running a series of sessions on it.

If you have worked with the Windows Performance Analysis Toolkit the interface and graphing should look pretty familiar.

Cheers!

--Claus Valca

Win 7 Task Image Corruption Errors: In which A Quick Fix is found and Blame is to be Assigned

When we last left the story, I had resolved a thorny issue getting a Glassware update to go on “clean” and re-attach to its service.

But subsequently I found on my Windows 7 (x64) Ultimate system that when I went into “Task Scheduler” via the Control Panel, I was getting this error:

2016-02-13 22_21_32-Task Scheduler

In total there were 46 different “tasks” that had that error message:

Task image corrupt: Dell SupportAssistAgent AutoUpdate
Task image corrupt: GoogleUpdateTaskMachineCore
Task image corrupt: GoogleUpdateTaskMachineUA
Task image corrupt: GoogleUpdateTaskUserS-1-5-21-1728537537-2011028439-759670610-1000Core
Task image corrupt: GoogleUpdateTaskUserS-1-5-21-1728537537-2011028439-759670610-1000UA
Task image corrupt: PCDEventLauncherTask
Task image corrupt: PCDoctorBackgroundMonitorTask
Task image corrupt: SamsungMagician
Task image corrupt: SystemToolsDailyTest
Task image corrupt: Microsoft\Office\Office Automatic Updates
Task image corrupt: Microsoft\Office\Office ClickToRun Service Monitor
Task image corrupt: Microsoft\Windows\Media Center\ActivateWindowsSearch
Task image corrupt: Microsoft\Windows\Media Center\ConfigureInternetTimeService
Task image corrupt: Microsoft\Windows\Media Center\DispatchRecoveryTasks
Task image corrupt: Microsoft\Windows\Media Center\ehDRMInit
Task image corrupt: Microsoft\Windows\Media Center\InstallPlayReady
Task image corrupt: Microsoft\Windows\Media Center\mcupdate
Task image corrupt: Microsoft\Windows\Media Center\mcupdate_scheduled
Task image corrupt: Microsoft\Windows\Media Center\MediaCenterRecoveryTask
Task image corrupt: Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
Task image corrupt: Microsoft\Windows\Media Center\OCURActivate
Task image corrupt: Microsoft\Windows\Media Center\OCURDiscovery
Task image corrupt: Microsoft\Windows\Media Center\PBDADiscovery
Task image corrupt: Microsoft\Windows\Media Center\PBDADiscoveryW1
Task image corrupt: Microsoft\Windows\Media Center\PBDADiscoveryW2
Task image corrupt: Microsoft\Windows\Media Center\PvrRecoveryTask
Task image corrupt: Microsoft\Windows\Media Center\PvrScheduleTask
Task image corrupt: Microsoft\Windows\Media Center\RecordingRestart
Task image corrupt: Microsoft\Windows\Media Center\RegisterSearch
Task image corrupt: Microsoft\Windows\Media Center\ReindexSearchRoot
Task image corrupt: Microsoft\Windows\Media Center\SqlLiteRecoveryTask
Task image corrupt: Microsoft\Windows\Media Center\UpdateRecordPath
Task image corrupt: Microsoft\Windows\MobilePC\HotStart
Task image corrupt: Microsoft\Windows\MUI\Lpksetup
Task image corrupt: Microsoft\Windows\MUI\Mcbuilder
Task image corrupt: Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
Task image corrupt: Microsoft\Windows\RAC\RacTask
Task image corrupt: Microsoft\Windows\Shell\WindowsParentalControls
Task image corrupt: Microsoft\Windows\SideShow\AutoWake
Task image corrupt: Microsoft\Windows\SideShow\GadgetManager
Task image corrupt: Microsoft\Windows\SideShow\SessionAgent
Task image corrupt: Microsoft\Windows\SideShow\SystemDataProviders
Task image corrupt: Microsoft\Windows\Tcpip\IpAddressConflict1
Task image corrupt: Microsoft\Windows\Tcpip\IpAddressConflict2
Task image corrupt: Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task image corrupt: OfficeSoftwareProtectionPlatform\SvcRestartTask

Oh my!  Did my Glasswire “repair” bork my system?  Did taking down the security perimeter allow an attack to penetrate?

Doubtful.  Once I clicked “OK” 46 times Task Scheduler would load and otherwise seemed OK. And the system would boot and run just fine. These errors were encountered only when loading up Task Scheduler.

Some initial research found these links:

That first link from Microsoft describes the manual repair process which is pretty painful…especially when you have a LOT of borked entries.

  1. Find the corrupted sub-key in the registry,
  2. Make a temporary copy of the corrupted task file
  3. Clean it up
    1. delete the task file
    2. delete the registry sub-key(s)
  4. Re-create the task by using the backed up copy

Luckily that last link in the Windows 7 Forums site had a recommendation for a quiet and obscure utility to help with the repair process…and explain just how these tasks got borked.

Repair Tasks – CodePlex project by Dijji

The Blame Game – Microsoft and my failed Windows 10 Upgrade/Rollback

Dijji explains exactly what happened on the main page…and it’s no surprise: my failed Windows 10 upgrade and rollback caused the issue.

In particular, it fixes problems where opening the Task Scheduler, or trying to configure Windows Backup, results in the message "The task image is corrupt or has been tampered with" (0x80041321).

Searching the web reveals that this message has been seen from time to time, and the (rather laborious) set of steps that can be taken to correct it are fairly well-documented (see here and script for it here).

However, it turns out that reverting to Windows 7 from Windows 10 generates this problem in spades. It can leave more than 40 scheduled tasks in a corrupt state (see this thread). This is because many task registry keys and the task definitions to which they refer are updated by a Windows 10 upgrade, but only the registry keys are restored on reversion, so Task Scheduler finds that, for these tasks, the task registry keys and task definitions are now inconsistent.

So basically, the Windows 10 upgrade adds a bunch of additional scheduled tasks to the system, but when you roll-back, they are not all removed. Then you get the errors.

Classy, Microsoft.

Dijji’s Repair Tasks Utility In Action

Fortunately, brilliant and clever community folks like Dijji are around to do the hard work and create solutions to mop up the mess left in isle 4.

After reading all of Dijji’s project documentation I went through the process and quickly had all my corrupted tasks restored, the ones I didn’t need removed, and Task Scheduler working normally again.

Repair Tasks is a brilliant kit of software.

First read this:  Repair Tasks – Documentation to get a deep dive into the problem and the steps the utility does in the repair process.

Then read this: Repair Tasks - Documentation - Windows 10 only tasks which gets into details on some task that are often found and not repaired on a first-run of the tool.

Then read this: Repair Tasks - Some Tasks Lost Apparently where “Norwood451” did a better job documenting the actual utility use in a walk-through better than I could.

Fixed in 14 steps. See below.

    1. Issue was Caused by reverting from Windows 10 back to Windows 7 (in my case windows 7 64 Bit)
    2. Download Repair Tasks by Dijji at https://repairtasks.codeplex.com/
    3. Download Windows7 Tasks.zip (DO NOT UNZIP) at https://repairtasks.codeplex.com/releases/view/617575?RateReview=true
    4. Create a Folder called AAAAATASK in your Documents (Which can be found START > Documents)
      C:\Users\David\Documents\AAAAATASK
    5. Open the downloaded RepairTasks.zip file From step 2 and copy both files (RepairTaskes.exe and RepairTasks.exe.config to the AAAAATASK folder in your documents folder.
    6. Copy the entire downloaded zip file Windows7 Tasks.zip to the AAAAATASK folder in your documents folder.
    7. Right click and Run as administrator RepairTaskes.exe
    8. Click the Scan Button to get list of corrupted files
    9. Click the repair Button. (most or all of the tasks should be repaired now. If not, go to step 10.
    10. Click the Radio button> Take tasks from backup
    11. Click Scan for a list of the remaining corrupted files.
    12. Click Repair again.
    13. You will get a pop-up window asking where the RepairTasks.zip is located-- the file you created AAAAATASK, which should be on the very top – of course, as reason for the name of the file.
    14. You can test by running Both Scans and if you do not get anymore lists of files. Boom! You are done.

Yep that is pretty much it.

After I did my first scan for issues I saved the results in a TXT file; that is where I got the list of 46 issues I opened up this post with. Super handy.

I then ran the “Repair” routine which almost instantly fixed 41 of them, leaving 5 remaining as seen below.

2016-02-14 13_07_53-Typical Windows 10 reversion errors

I then attempted a repair of those remaining five tasks from the offered “Windows7 Tasks.zip” file provided and did a second repair. That did the trick!

2016-02-14 13_08_35-Repair Tasks - Some Tasks Lost Apparently - Internet Explorer

When I was all done and subsequent reboots confirmed a normal Task Scheduler again, I ran a scan one last time and then chose a “Backup Tasks” routine to tuck these away in case this happens again. That way I can rely on my own system.

GSD Tip: If you do decide to do a Windows 7 to Windows 10 upgrade, be sure you take your own manual backups, set some system restore points, and also use this took to take a backup of your Tasks for good measure.

I think Dijji could be selling his project features just a bit short and recommend also highlighting it as a “regular” Task Scheduler backup tool, not just as a “repair” tool.

Yes…it was really THAT easy!

Repair Tasks – CodePlex project by Dijji – highly Valca recommended!

Cheers!

Fixing Glasswire Upgrade Issue: failed to attach to service

Man on a mission!

And in this GSD post The Struggles I explained an issue I had upgrading my free version of GlassWire on my Windows 7 Ultimate system.

And no sooner had I completed that task than GlassWire wanted to update to a new version as well.

So I went though the download/install process and it seemed to go on OK, but when it opened up it could not reconnect to the Glasswire service.

When I checked the Windows Service for it again it also showed marked for deletion.

So I uninstalled Glasswire, rebooted reinstalled Glasswire but again it could not attach to the service.

I checked the service again. It was present and set to Automatic but stopped. When I clicked “start” the service launch crashed with an error I didn’t capture.

Rinse-repeat-same result.

The updated Glasswire version 1.1.36b was doing fine on the upgrade process on Lavie’s laptop and my other Win 7 x64 laptop so I’m not sure what was the issue here.

Next I found an even newer version 1.1.4.850b. Same issues.

Finally I found the original Glasswire version 1.1.32b on one of my duplicated (but not recently sync’ed) USB drives.

That installed fine. The Glasswire service started automatically, and the app reconnected with no issues. So I’m leaving it there for the moment on this system.

So last weekend I turned my attention to troubleshooting that issue.

I did a few more rounds of uninstall/reinstall but to no avail and only the version 1.1.32b would work when installed.

I poked around on the GlassWire Official Forum a while and found a few others who had similar installation and/or service attachment issues.

So from those I came up with my own game-plan.

  1. Make sure the Glasswire service GWCtlSrv.exe (and any sub-processes) wasn’t running – kill if needed.
  2. Uninstall Glasswire via “Programs and Features”
  3. Delete the “C:\ProgramData\Glasswire” folder
  4. Scan the Registry for all keys with “Glasswire”
  5. Reboot
  6. Temporarily disable any running AV/AM protections (as reasonable).
    1. MalwareBytes AntiExploit
    2. Microsoft Security Essentials
    3. CryptoPrevent
    4. MalwareBytes Anti-Malware
    5. Zemana AntiLogger
    6. Note: EMET was left running
  7. Install the latest Glasswire release build
  8. (if everything OK) – re-enable all AV/AM protections that were disabled.
  9. Reboot and confirm all is well

And I did exactly that.

For step 4 I could have scanned my registry with any number of free utilities to make the process easier;

In the end I found Registry Finder the easiest to work with for this particular task.

I did a search in it for “Glasswire” and it came back with quite a lot of related keys still left over. I first exported these then I deleted them and rebooted the system. Nothing seemed harmed so I proceeded.

For step 6.3 I ended up “restoring” my original settings by choosing the “None – Remove all protection” option of CryptoPrevent.

My thought on temporarily disabling all of these were that perhaps some protection was blocking the proper installation/registration of the Glasswire service.

I then installed the latest version of Glasswire and it went on with no issues, connected to the Glasswire service, and the graph starting working normally again.

Hurray!

I re-enabled all the protections and rebooted.

Glasswire worked normally again.

Mischief managed.

Or was it?!! For another purpose I had to go into my “Task Scheduler” and was suddenly flooded with a long series of pop-ups like this for LOTS of different tasks. Oh SNAP!

2016-02-13 22_21_32-Task Scheduler

Come back for Episode 2 – in which Task Scheduler’s “The task image is corrupt or has been tampered with.” error is assessed, understood, and vanquished!

--Claus Valca

Open Live Writer–There are Nightlies!

It’s nice to have some time to deep dive blogging and chasing down technical itches.

On Saturday I posted frustrations and hopes regarding Open Live Writer; basically no “categories” list picks and no spelling.

But I also posted that an Open Live Writer pre-release build was available that had support added for categories.

So yesterday I downloaded it and tried it out on my “non-production” laptop. And it worked great. I just installed it on top of the existing “release” version and things were grand.

So this morning I was getting ready to load it on my “production” home system but got looking at the latest build update version.txt file on that AppVeyor page.

It was kinda interesting but what really caught my attention was a reference link to a “nightly/Releases/Releases” path and a freshly baked 0.5.1.5 version setup file.  Hmmm.

Some quick Google work and I located this Open Live Writer project page discussion:

Turns out there are two ways to get “nightly” OLW builds.

The first is via a registry setting that drives OLW to pull from new releases when it loads. As explained by the developer “ScottIsAFool”

HKEY_CURRENT_USER\SOFTWARE\OpenLiveWriter\Updates

Then you need to create a dword key for CheckForBetaUpdates 1 = beta, 0 = regular.

I have a plugin that will let you switch between them coming at some point.

Quickly followed by these “here be dragons” comments by developer “martinwoodward”:

It should update to the latest build from the CI server so does give you a more up-to-date version. "More functional" is harder to say, it might have more features but one you rely on might get accidentally broken. We'd hopefully spot that and get it fixed quickly but OLW is only going to check once per day that you restart the app.

Basically, know that if you are on the CI builds then you might get broke. The good news is that if that happens, uninstalling the app (making sure the reg keys get deleted) and installing the latest version from openlivewriter.com will get you back onto the stable build if something goes really badly wrong.

Having a certain amount of folks running on the latest build would be really helpful in case something got broke that we wouldn't have otherwise noticed, but please only do it if you are comfortable with living on the edge a little more.

However reliably getting you OLW nightlies using the registry tweak method (currently) could be problematic as developer “willduff” explains:

Problem is that we haven't bumped the version number. Right now the nightly version number is the same as the public release version number, so your local copy thinks its already up to date and skips re-downloading the same version. Let me see if its safe to bump the version number now...

But “willduff” then provides a direct-download link to grab the nightlies from – easy-peasy!

If you want to go install the nightly directly, the latest nightly is always at this URL: https://olw.blob.core.windows.net/nightly/Releases/OpenLiveWriterSetup.exe

And a note for those who ALSO do the registry tweak:

One more thing to note, if you do go test those builds out that I linked to in issues #224 and #247, and you leave CheckForBetaUpdates = 1, then you'll actually get auto-upgraded to the nightly because I bumped the version. So, if you want to test those builds properly, you'll want to set CheckForBetaUpdates = 0 temporarily.

GSD Testing Tip: This is a good point -- so what I did was to export that Registry key in both states with different names. This way I can “toggle” the beta update check “on” (CheckForBetaUpdates = 1) or “off” (CheckForBetaUpdates = 0) depending on what I want to do.

So Claus, what’s the result on your system using the latest OLW nightly (build listed as 0.6.0.0 and file timestamps from 02/13/2016)?

The “Set categories” feature is working wonderfully now.  At first my drop list was still blank but I hit the “refresh” button at the top and after a moment they all populated. Looks just like the original WLW feature.

Spelling was folded into this build as well. But…there seems to be a limitation at the moment.

It isn’t working on my Windows 7 system and that feature is grey’ed out.

puvddkkp.5c3

Looking in the OLW About section credit is given to the feature source

PlatformSpellCheck (MIT) Copyright © 2015 Bruce Bowyer-Smyth
https://github.com/bbowyersmyth/spellcheck/

Which shows where the limitation is at:

Managed wrapper for the Microsoft Spell Checking API available in Windows 8 and Windows Server 2012 and later.

So since I am running OLW on a Windows 7 platform, no integrated spell-checking is available (yet) for me.

This discussion exchange between “ScottIsAFool” and “bbowyersmyth” summarizes the situation for Windows 7 users at the moment.

ScottIsAFool commented Dec 22, 2015

Is there anything in place for if the user is running this on Windows 7? I haven't looked through the code yet, so if there is, forgive me :)

bbowyersmyth commented Dec 22, 2015

No there isn't. This is PR is to get the spell check back up and running using the Windows spell check API (Win8 and later). Win7 will need to be addressed separately with an API that has it's own dictionaries.

ScottIsAFool commented Dec 22, 2015

Sorry, I should have been clearer. What happens if this is run on Windows 7 with your changes in place. I know spell check won't be there, I'm just making sure it doesn't crash or anything :)

bbowyersmyth commented Dec 22, 2015

Oh right. The spelling will be disabled/unavailable like it is currently. There are IsPlatformSupported checks in the initialization.

However hope remains for us Windows 7 folks using OLW when a different API method is added.

So, to summarize.

That is progress!

Cheers.

--Claus Valca

Saturday, February 13, 2016

PowerShell one liner to get USB Flash Drive Serial Number

First a confession, I bought the “Learn Windows PowerShell 3 in a Month of Lunches” book quite a while ago but still haven’t had the discipline to work my way through it.

Couple that with tons of PowerShell learning resources documented across the GSD blog and I am woefully behind the game.

However, I can read music so I guess that means I can puzzle out code with patience and Google searching.

One of my duties is to keep inventory of USB device issuances to the team. I record the serial numbers of the devices in a spreadsheet.

While some external USB HDD’s have the device serial number listed on the external case, USB flash drives aren’t so good wtih that practice.

There are some USB imaging tools such as the USB Image Tool or utilities such as USBDeview or Kanguru’s free Serial Number Display Tool that I could use to get that information directly.

However, I really like to stick with “in-box” tools and techniques so while that would be the “easy” way I’ve been collecting the information the “long-way-round” by the following process:

  1. Insert USB flash drive into system.
  2. Open Control Panel
  3. Open Device Manager
  4. Expand the “Universal Serial Bus controllers” item
  5. Look for the “USB Mass Storage Device” in the list (that’s my inserted flash drive)
  6. Right-click that item and select “Properties”
  7. Select the “Details” tab
  8. In the Properties list, pick “Device Instance Path”
  9. Read the serial number which is the trailing string after the last “\”

Eject and repeat.

What I wanted to do was just run a “WMIC” query directly from the command line to get that specific information via the Command Prompt.

But despite my best efforts (which isn’t saying much) I wasn’t able to locate the correct parameter.

Tonight I did find and tweak a similar command via PowerShell and it does the trick. So while it isn’t elegant, it does the job I need. Victory at last!

gwmi Win32_USBControllerDevice |%{[wmi]($_.Dependent)} | Where-Object {($_.Description -like '*mass*')} | Sort Description,DeviceID | ft Description,DeviceID –auto

(That’s one long string btw.)

So I can get a result like this:

Description             DeviceID
-----------             --------
USB Mass Storage Device USB\VID_0DD8&PID_3200\<serial number displayed here>

Your DeviceID details will vary depending on the make/model/etc. but the serial number is there easy to copy/paste.

Credits:

wmi - Getting a USB Device Instance Path in Powershell - Stack Overflow. This post got me finally on the right track but still didn’t work for me.

Displaying USB Devices using WMI - Windows PowerShell Blog.  Jeffrey Snover’s post did get me the output I was looking for, but I then needed to clean it up just a bit as I only wanted the “USB Mass Storage Device” information.

Filtering PowerShell Objects - PowerShell content from Windows IT Pro. This was the final bit in giving examples how I could filter for just the one line I needed.

If anyone can “refine” the code or filter it more to just pass on the Serial Number string itself, I would be grateful for any recommendations.

Using PowerShell’s gwmi or the Command WMIC call are powerful ways to get system information.

Here are some additional examples that I’ve collected trying to puzzle out my own particular USB Mass Storage device query technique that could be helpful to sysadmins:

Cheers!

--Claus Valca.

Bonus USB utility finds:

Universal Extractor and updated “builds”

One of the most important utilities that I use weekly is the Universal Extractor from LegRoom.net.

It has a very large version of supported formats for archive unpacking but hasn’t been updated in a very long time.

I’ve manually updated some of the included binaries from time to time, but the Inno Setup Unpacker file is the one I need updated regularly. I get it from innounp and overwrite the older version in my bin folder. Current version as of the time of this release is 0.45 and supports Inno Setup versions 2.0.7 through 5.5.7 for all your unpacking needs.

I was excited to learn about a project to try to update not just the various unpacker binaries but the application itself.

Universal Extractor 2 – Bioruebe.com (changelog here)

From the project page:

As a short overview here is a list of the core improvements:

  • Batch mode
  • Silent mode, not showing any prompts
  • Scan only mode to determine file types without extracting
  • Integrated updater
  • 100+ new supported file types
  • Audio and video extraction for multimedia files
  • Cascading context menu
  • Support for password list for common archives
  • Improved optional status box with progress indicator
  • New detection methods + more detailed output and error messages
  • Support for some extractors not shipping with UniExtract as plugins
  • Resource usage/speed improvements, lots of fixes
  • First start assistant instead of installer
  • Full functionality available in no-install version
  • Auto-using 64 bit versions of extractors if supported by OS

Martin Brinkmann at ghacks.net has a good review of the differences; First look at Universal Extractor 2

I’ve not tossed out the original UE app that I’ve been using all these years but I’m keeping this one close by for comparisons.

Cheers.

--Claus Valca

Only my own procrastination to blame…

Three years ago – almost to the day – I posted this: grand stream dreams: …you’re getting warmer!

Then at the end of last year I posted this: grand stream dreams: Biting the hand…

Both were (mostly) fussing about the rising price of renting our cable modem box and my desire to finally buy my own unit.

Still haven’t done it yet. But I AM going to!

So here are some updated links to spur me onward.

Cheers.

--Claus Valca

Miscellaneous Apple bites

Looks like I am literally picking low-hanging fruit from my “to-blog” tree branches.

I previously reported this on my the struggles GSD post but am reposting here for topic inclusion.

The takeaway was to quit Process Explorer. I’ve seen a few other software installations where I have needed to close out Process Explorer entirely to make sure it doesn’t get in the way of some installations. Weird.

Of course, iTunes wanted to be updated, so I used the Apple Software Updater but it complained about the “iPod Service” not being able to start so the install kept failing. I then tried to download and run the iTunes package rather than using the updater but that failed at the same point.
I found this post Service ‘iPod Service’ (iPod Service) could not be installed... over in the Apple Support forums and followed “rickybpta” steps.

  • close SysInternals's Process Explorer ( if you have it and it's open )
  • close all Task Manager(s)
  • close Windows Services console ( services.msc )
  • close all command prompts ( cmd.exe )
  • open a cmd.exe as Admin
    • run: sc create "iPod Service" binpath= "C:\Program Files\iPod\bin\iPodService.exe"
    • close all command prompts ( cmd.exe )
  • open Windows Services console ( services.msc )
    • look for "iPod Service", see if it's not Disabled. If so, start it
    • close Windows Services console ( services.msc )
  • Run iTunes.msi again ( previously downloaded via the Apple Software Update's Only Download function )

That did the trick and it went on without any other fuss.

I had purchased a Yeti Blue USB microphone a while back to up my audio recording game. I had hoped to be able to eventually use it with my iPad/iPhone but there were some challenges reported so I’ve just stuck it out with my Windows 7 laptops where it has done a rocking-cool job of upping my audio game. Couple that with Audacity and The Levelator from The Conversations Network and while I am no audio-engineer, I can do a fine good job for most recording needs.

So it was exciting to see this news:

I need to update this post Claus’s iPhone App List - Updated 01/2014 as I’ve gone through some serious changes with the iOS apps I carry. I have purchased more than a few as well…so they must be that good! “Hey Siri! Remind me to update that post!”

Apps of note to get (or are recommended)

Music Memos – Apple – This one looks interesting but I’m not sure it might really meet my audio-recording needs on my Apple gear.

GarageBand for iOS – Apple – This looked good too, but maybe there is a better audio mixing app for “studio” mixing.

Due – Apple App Store – This is the best reminder/count-down timer/recurring event reminder app ever. Period. Buy it.

Round – Apple App Store – Because Due doesn’t currently handle recurring reminder events of less than a day (that I am aware of), you can’t yet use it to set medication dosing reminders. This looks to be designed specifically for that need.

Mighty Timer – Apple App Store – free app to help with brewing your tea. Alvis and her husband gave Lavie and I some very nice porcelain cups along with some fancy Matcha style tea. It has to be brewed very carefully but is super good!

Cheers.

--Claus Valca

Windows Update Agent Utility (WUAUclt.exe)

Just some sysadmin notes…nothing to see here.

  • Windows Update Agent Utility (wuauclt.exe) - pauby.com
  • wuauclt - Windows Update - Windows CMD | SS64.com
  • Appendix H: The wuauclt Utility – Windows Server TechNet page
  • wuauclt commands to force reporting of status? – Windows Server TechNet page
    • The /reportnow function is a very tricky beast, and it somewhat requires an understanding of the natural behaviors of the WUAgent.

      When the WUAgent performs activities, it queues up all of those completed activities as 'events'. When the WUAgent quits working, an idle timer is engaged, and when the WUAgent has been idle for ~20 minutes, it invokes a call to the ReportingWebService. You can see these calls in the WindowsUpdate.log and compare their timestamps with the entries just previous.

      If the /reportnow action is invoked after the WUAgent becomes idle and before the regular call to the ReportingWebService, an immediate call to the ReportingWebService will be invoked. You can also see this in the WindowsUpdate.log.

      However, the call to the ReportingWebService is not the end of the line. Those events reported in that call are loaded into a buffer, and the WSUS server then processes those events asynchronously. If the WSUS server is also busy doing other things or other clients are also reporting at the same time, there will be an additional delay until the results are visible in the WSUS console.

      The real thing to remember is that, at best, the /reportnow task isn't going to save you much more than 20-30 minutes, so usually just waiting is the more efficient approach to the whole thing.

      as commented by Lawrence Garvin

  • wuauclt and other questions about WSUS – Windows Server TechNet page
  • When run from the command prompt on a client in the form of "wuauclt.exe /resetauthorization /detectnow", this command will kick off a manual check in with the configured WSUS server (or WindowsUpdate website, if you're using that instead of WSUS).  You can verify this occurs by opening the windowsupdate.log file located in the Windows directory.

    If you manually run wuauclt.exe with the above listed switches, it will check in with WSUS, and then behave based on your update configuration, either configured locally on each client, or through Group Policy.  So, if you have your clients configured to download any available updates, it will do so.  Or, if you have your clients configured to just check in and inform you there are updates without downloading, it will do that also.

    The windowsupdate.log file, located on the individual clients, will have all the information pertaining to how wuauclt runs on their individual systems.

    as commented by John

    and…

    To expand on John's answer...

    There are three functional uses for the WUAUCLT.EXE command.

    1. wuauclt /detectnow  -- initiates a detection event to the assigned update services resource (AU or WSUS).

    2. wuauclt /resetauthorization /detectnow -- this is actually a special case version of the previous command. The /resetauthorization parameter forces the targeting cookie to be immediately expired. Normally the cookie has an ~60 minute expiration. Typically this form of the command is used when server-side targeting is being used, and a client system has just been reassigned to new group(s) via the WSUS console. Use of this command forces the WUAgent to discard any previously known group memberships and to requery the WSUS server for the current memberships. This command should also be used when the SusClientID has been deleted and a detection was performed within the previous hour to ensure the WUAgent does not use the SusClientID that is cached in the targeting cookie. Also note that the order of these parameters is critical -- the /resetauthorization flag must be the first of these flags on the command line.

    3. wuauclt /reportnow -- IF a recent event has completed and there are PENDING EVENTS to be reported to the WSUS server, this command will force the immediate flushing of that reporting event queue. If there are no pending events to be reported, this command does nothing.

    No other parameters are supported or documented -- although many are defined in the source code and have been extracted via reflection. Some of them have experimental functionality, but should not be used in a production environment.

    as commented by Lawrence Garvin

And the commands for copy-paste.

  • wuauclt /ResetAuthorization /DetectNow
    • wuauclt /a /d
  • wuauclt /ReportNow
    • wuauclt /r

moving on…

--Claus Valca

Enhanced Mitigation Experience Toolkit (EMET) version 5.5

Just a quick post.

A few weeks ago, Microsoft issued a release-version update to EMET.

Enhanced Mitigation Experience Toolkit (EMET) version 5.5 is now available - Security Research & Defense. From that post:

Today we are pleased to announce the release of EMET 5.5, which includes the following new functionality and updates:

  • Windows 10 compatibility
  • Improved configuration of various mitigations via GPO
  • Improved writing of the mitigations to the registry, making it easier to leverage existing tools to manage EMET mitigations via GPO 
  • EAF/EAF+ pseudo-mitigation performance improvements
  • Support for untrusted fonts mitigation in Windows 10

Get the stuff:

You still can’t seem to “upgrade” to the new version. I had to uninstall the previous EMET version (after exporting the custom settings I have). Then I installed the new version and imported my XML file back in.

It seems to be running just fine on our Windows 7 and 8.1 systems.

And yes, I do live dangerously and run it concurrently with Malwarebytes Anti-Exploit in a “yes I will run with scissors and you can’t stop me” sort of attitude.

Cheers.

--Claus Valca

Open Live Writer – we will (eventually) get through this

I could blame the significantly reduced GSD blog posting on competing time drains of late:

  • Downton Abbey on PBS
  • Friday Night Curling televised matches
  • Sysadmin work at the church-house
  • Deep-dive problem solving for some pernicious Windows issues
  • Multiple projects at work
  • Tech-fatigue
  • Providing more quality time to family and friends

All of those do compete quite strongly with my blogging time.

However after considerable reflection, I must put the greatest challenge against the shut-down of the Microsoft Live Writer application (via the Google blogger API changes) and the painful switch to Open Live Writer.

For some background: Windows Live Writer Goes Open - Hurray - WLW breaks - Booo! – GSD blog post

That particular “break” was quickly fixed over the holidays when version 0.5.1.4 was released.

Before anything else, let me say that I deeply appreciate and am humbly grateful to the developers volunteering their time to get Open Live Writer dialed in.

But when I get the urge to compose a blog post, my current enthusiasm drops.

Here is my current process.

  1. Go into the bookmarked topic hopper and pick the post’s subject/theme.
  2. Launch Open Live Writer (OLW).
  3. Compose my post.
  4. Copy all my content and past it into Notepad++ Home in which I’ve…
    1. added spell check functionality
    2. via http://aspell.net/win32/
  5. Run the spell checker and then fix the spelling issues back in OLW.
  6. Add tags to the post by…
    1. opening up my blog home page
    2. reviewing my tags in the side-bar
    3. typing them in manually in the tag bar in OLW
  7. Publish the post to Blogger

It’s not that bad, but the original WLW had built-in spell-checking and was able to download and provide me a pick-list of my blog post tags automatically.

Note, Scott Lovegrove has offered a (temporary) build version that seems to support Blogger categories.

I’ll try it soon on my “non-production” home system and post an update.

It looks to be ready for inclusion in the next release version – whenever that will be. Current release version as of the time of this blog post is 0.5.1.4.

Is this process a deal-breaker…of course not, but the steps required have kinda taken some of the free-form blogging away and made it a more deliberate exercise.  That could be a Good Thing ™ but it does take away the spontaneity from the process.

Likewise, it seems that the OLW team already has plans to integrate spell-checking in the next release version also.

Open Live Writer “Watch List”

So I will need to work on gaining confidence again in my blogging process and embrace it until these minor application issues can be addressed in an upcoming release.

Cheers.

--Claus Valca

Giving it Away

I saw this a few months ago and it inspired me to do some “e-waste” disposal over the weekend.

Living in Houston’s greater-Metro area would lead one to think that there are a lot of great e-waste disposal locations to pick from.  Well there are but most all of them are on the other side of the greater-Metro area from where I live.

Luckily, Goodwill will let me drop off my older computer equipment at any of their area stores (one is just 10 minutes away from home) and ship it (if needed) to their main computer sales store. Sweet.

I’ve got a Compaq Presario V2575US Notebook PC that runs OK but probably could use a new battery and definitely needs a new A/C brick.

There is also a Gateway MA3 laptop that I’ve had a A/C plug resolder service done on the mainboard.  The solder cracked again, but it might be good for parts…or someone willing to do a mainboard swap.

I’ve got several old PCI and AGP video cards.

I’ve got a few old PATA HDD’s that are less than 500 GB in size. I still have an old PATA external drive enclosure but it already has a 500 GB drive in so there isn’t much sense on holding onto any of the others I’ve “collected” over the years. They will be wiped and donated too.

I found Lavie and my old Palm Pilot III’s. Now I’ve got to figure out if I can charge them somehow and wipe them. Oh the memories of early PIM/PDA technology.

I’m still not quite ready to part with my Shuttle SK41G. It’s like a child for some reason. Since I now have a USB-DVD player, I should be able to dump the very slow (but working) Win 7 OS and finally try out LXLE Desktop on it. Sadly, my new Raspberry Pi 2 seems faster than the Shuttle and is whisper quiet.

I’ve got two Samsung 930B flatscreen monitors. They work great but really can’t seem to handle the “modern” resolutions that most systems display at now-days. I’ve considered donating them as well but since they support both DVI and VGI inputs, they might still be handy troubleshooting display issues with laptops or other systems…so those will hang around for a bit longer. Just in case.

I think that is the hardest part to get past as a techie. Experience has taught me that there is just a chance that I might encounter a situation where a piece of older hardware might come in handy. So it is tempting to hold on to things that aren’t really needed.

Not electronic but also exiting news was this.

I’ve checked on this situation too and while the local pharmacies are helpful about services I can pay for to responsibly pay for to dispose of unused medications, it is neither cheap or convenient. However I am not comfortable flushing them down the toilet or tossing them in the trash. FDA advice here.

Cheers.

--Claus Valca