Monday, May 30, 2016

Windows “Service Pack”, Slipstreaming, ISO files, misc.

Wow.  Big thanks to Lavie for being patient with me while I hammered out all these blog posts.

I’ve still got quite a lot more, but it has been a very productive – non-productive day off.

Cheers!

Claus Valca

Linux Linkfest

Again, some of this is old, some is not.

Note: I spent Sunday watching the Indy 500 and NASCAR races all day and reinstalled Apricity OS from scratch because it crashed out in the middle of a Update session. Despite my best noobie efforts and troubleshooting, I was unable to get it going.

When launching the “Update Manager” I would get a “Failed to synchronize any databases” error.

I tried this fix metioned in the Apricity forum - Lost my upgrade ability … along with some others but nothing could get it restored.  Took me a short matter of time to reinstall a fresh load of Apricity and all is well now.

Cheers,

Claus Valca

EMET news bits

Some more news about the Microsoft Enhanced Mitigation Experience Toolkit (EMET).

I still recommend running it as part of that GSD Windows Defense in Depth Strategy.

Even for home users.

Cheers,

Claus Valca

KeePass & KeeFarce

Yes I use (and recommend) the freeware KeePass Password Safe & MiniKeePass (iOS) as a password management vault.

There are lots of other very good applications that take a similar approach. This one works for me as I can keep my database file in use both on Windows and iOS.

Though all that said, I remain intrigued by Master Password.

Anyway, there were some security news blips a while back that painted a picture that KeePass might be expoitable.

Well sure, if someone already is already running malcious code on your system, it seems obvious they can scrape any data you may access while the database is unlocked.

As Zeljka Zorz said in the close of her HelpNet Security article;

Lest you believe this is the death-knell for KeePass or other password managers, it’s important to know that as helpful as they are, all password managers are unlikely to withstand a targeted attack made with specialized software like KeeFarce (KeePass developers admitted as much).

But, in order to run this software, attackers must either already have access to the target machine, or trick users into giving them access by running malicious software such as remote access Trojans (RATs) or specialized spyware on their machines.

And if they gain access, your machine is not your machine anymore, and they can do pretty much what they want with it – security protections will not last long. So you can continue (or start) using a password manager, but protect your system with security software and be careful about the software you run on it, especially when it comes from untrusted parties.

Enough said.

Claus Valca

…since we are talking about encryption…

Here are some links about TrueCrypt, VeraCrypt, CipherShed, and Bitlocker…

FWIW – I’m still running the last release version of TrueCrypt…

Cheers,

Claus Valca

Western Digital Encrypted Hard Drive “gotchas”

Good information to know if you use a Western Digital encrypted hard drive. Not breaking news but still good to be familiar with – especially if your organization uses them!

Wow.

Claus Valca

More PowerShell Fun

PowerShell and Windows To Go USB stick building

PowerShell and WinPE USB stick building

Tips

Cheers,

Claus Valca

Wrestling with Outlook Troubleshooting

I’ve found myself working on Outlook (Outlook client, Windows Live Mail, Office 365) issues much more often than usual.

Here is a collection of reference links.

Outlook/Office 365 Troubleshooting Tools

  • Office Configuration Analyzer Tool (OffCAT) information – Microsoft Support
    The Microsoft Office Configuration Analyzer Tool (OffCAT) provides a detailed report of your installed Office programs. This report includes many parameters about your Office program configuration. It also highlights known problems that are found when OffCAT scans your computer. For any problems that are listed in the report, you are provided a link to a public-facing article (usually a Microsoft Knowledge Base article) about each problem so that you can read about possible fixes. If you are a Helpdesk professional, you can also save the report to a file so that it can be viewed in the Office Configuration Analyzer Tool on another client on which the tool is installed.
  • Download Microsoft Office Configuration Analyzer Tool 2.1 - Microsoft Download Center
  • Fix Outlook and Office 365 problems with the Microsoft Support and Recovery Assistant for Office 365 – Microsoft Office
    Support and Recovery Assistant for Office 365 can help you automatically diagnose and fix a range of Outlook problems. You will need to download the application to your local computer, sign in with your work or school account and select the issue you want help with. The application will run a series of diagnostic tests and help you set up a new profile. If any of the tests fails, it will provide suggested solutions to get your problem solved.
  • New tool for helping resolve Office 365 issues - Office Blogs
  • Fix Outlook account problems in Office 365 - Office 365 Support

Outlook Management Tips

WIndows Live Mail

Outlook.com/Hotmail.com and Outlook Client

Cheers,

Claus Valca

Move that Window!

It never fails that when I pull my laptop off my docking station and then start it up again in the field, I’ll have an “orphaned” application window launch on my “phantom” 2nd monitor.

Getting it repositioned back on the visible display is always a pain.

Here are some tips/tools to help.

How to move or resize windows with the keyboard – BetaNews

On Windows 7 and later, pressing Win+Left or Win+Right snaps the current window to the left or right half of the screen.

Using Win+Shift+Left moves the window across displays on a multimonitor setup.

Win+Up and Win+Down maximize and minimize your window.

If a window is positioned off the screen, then pressing Alt+Space+M is still an easy way to bring it back. Just press or hold down the arrow keys to move it wherever you need.

Window Seizer – freeware app from Alex Nolan. Click the window’s process, then click the “Move to 1,1” icon on the bar. It doesn’t always work properly, but does more times than not. Portable single exe file.

MultiMonitorTool – NirSoft – Has some options to move a/some/all windows to the primary monitor. Portable app in both x32 and x64 versions.

Cheers,

Claus Valca

Windows Defender News and Tricks

I still recommend Microsoft’s free Windows Defender or Microsoft Security Essentials anti-virus/anti-malware applications (depending on Windows OS version) for most family and friends.

When coupled with a layered security approach for Windows systems it is a free and satisfactory solution for most users.

Microsoft has recently added a few new tricks to Windows Defender. These are good to be familiar with.

Note that the PUA feature seems to only work with Windows 10 OS versions – and not Windows 7 or 8.

Stay safe!

Claus Valca

Sysadmin Tools and Tips Linkfest: Part II

Mores…

Windows Updating and Patching – Tips and Tricks

Windows Troubleshooting and Tips

Windows Tools

Windows PowerShell

Microsoft News Bits

Cheers,

Claus Valca

Sysadmin Tools and Tips Linkfest: Part I

More goodies for the Sysadmin crowd!

Cheers,

Claus Valca

Suface Pro SysAdmin Linkage

This is one of the piles of collected linkage that I have been working hard to get to and post.

Supporting Surface Pro devices is a never-ending challenge. They operate differently than our other laptop/desktop platforms and require a different set of tools and utilities for troubleshooting core device issues.

So here are some critical tips and resoure links.

Surface Pro Device Firmware and Drivers

Surface Pro power cord issues

Surface Pro Diagnostic Toolkit

Note the Toolkit files that stand out to me are:

  • Surface_Data_Eraser_Installer_v3.1.9.msi
  • Surface_Diagnostic_Toolkit_v1.0.88.0.zip
  • Surface_Dock_Updater_v1.0.8.0.msi

Surface Pro Tips and Tricks

Surface Pro Data Eraser Utility

This is important as the Surface uses a SSD drive and “normal” secure wiping techniques may not be effective. Using the Microsoft Surface Data Eraser tool should ensure a secure wipe occurs before the device is repurposed or returned to Microsoft for service.

Surface Recover Image

Cheers,

Claus Valca

New Defrag Tool videos – does the fun never stop?!!!

Now that we are getting near the summer TV re-run doldrums, maybe now is a good time to start Chromecasting some technical videos.

Defrag Tools – Microsoft Channel 9

Media eXperience Analyzer – Microsoft Download Center

Cheers,

Claus Valca

Ongoing consumer product security issues

Note: most of this is “old news” now. Posted for posterity.

If you do use a Logitech wirless mouse/keyboard with a Unifying receiver, follow that last link above to install the new Unifying Software package, then do a firmware update on the device. Now would be a good time to check and upgrade your SetPoint software as well. GSD tip here.

…moving on…

Claus Valca

Network Link Roundup

And yet another pile of URL web-linkage. This collection focuses on network techniques, tools, and software releases.

Grab a fork and dig in!

Cheers.

Claus Valca

Windows Task Manager Alternatives

Not sure what got me started on this collection of links.

The stock Task Manager application on Windows isn’t that bad in Windows 7 and gets even better in Windows 8/8.1/10.

However, sometimes you really need something with a bit more lifting power when you are working on Windows system to review and dive into the running processes.

I use Microsoft Sysinternals Process Explorer as my EDC utility. I’ve yet to find a product to beat the overall feaures it brings.

However, there are a number of other utilities I like to keep handy just in case I need a different view.

Cheers.

Claus Valca

Found Applications, Utilities, and Miscellany

Here is a bunch of stuff that I’ve collected over the past several months but never go around to posting.

Maybe you will discover something new or interesting in this mess.

Cheers!

Claus Valca

Quickpost: that whole Bash on Windows thing

Old news; just a collection of links for future reference.

Moving on…

Claus Valca

Write On!

Note to self: Read these often!

Moving on.

Claus Valca

TRAINING: Windows Security & Forensics

“New” Microsoft Virtual Academy training course spotted.

Topics:

  1. Windows Security and Forensics
    Take a look at the current state of the security landscape, Windows Security, and what "computer forensics" are.
  2. Windows Memory Attacks and Forensics
    Learn how and why hackers attack a system’s memory, and see how Memory Forensics can help address the problem.
  3. Windows Authentication Attacks and Forensics
    See demonstrations of how attackers use credential dependencies to gain elevated access to systems and to perform lateral movement. Plus, learn how to detect and prevent many of these attacks.
  4. Windows Forensics
    Explore Digital Forensics, and find out what to do as a first responder to preserve evidence for legal actions.
  5. Network Forensics
    Explore network forensics, along with case studies, best practices, and online analysis techniques.
  6. Malware Incident Response
    Learn about malware incident response, including identifying, locating, and removing malware.
  7. Windows 10 Forensics
    Take a look at Windows 10 forensics, and hear about new security features and innovations that can help forensic experts with their work.

Learn the following through this course:

  • Examine how and why hackers attack a system’s memory.
  • Identify how attackers use credential dependencies to gain elevated access.
  • Review what to do as a first responder to an attack; learn to preserve evidence for legal actions.
  • Explore network forensics.
  • Learn about innovations of Windows 10 that can help forensic experts do their jobs.
  • Learn the basics of computer forensics.
  • See how to respond to malware incidents.

This won’t instantly make you a professional forensicator it looks to give sysadmins a well-rounded introduction into key topic and foundational approaches when deciding where to begin – if there isn’t already a formal support structure in your organization for these items.

Claus Valca

Quickpost: Thunderbird Notes

New annoyance fixed: Fix Thunderbird 45 Enter-key creating two lines (gHacks Tech News). Note: I probably should just go to “plain text” email formatting. Life would be so much simpler…

I didn’t save any notes but some time ago – perhaps after a Thunderbird version upgrade, I started noticing an error that my add-on Extra Folder Columns was disabled and no longer working.

I finally decided to do something about the error message.

I quickly found this note by “SpartacusOrangatang”:

For all those w/ TB38+ that don't want the unread total to include subfolders... 

by SpartacusOrangatang on February 22, 2016 · permalink · translate

When Mozilla integrated this add-on in Thunderbird, they removed the ability to set things so that a folder's unread count is limited to that folder only, and not all of its subfolders. Fortunately, you can change this behavior in the preference editor. Simply change "mail.folderpane.sumSubfolders" to false, restart TB, and all will be well again.

Oh.  So this add-on is now a bundled feature of Thunderbird. That explains why it stopped working I guess.

I followed that tip and added the preference setting and removed the Extra Folder Columns add-on. No more error message.

I did some minor tweaking to the column appearance as explained in this feature note.

Expanded Folder Pane columns - New in Thunderbird 38.0 - Thunderbird Help

For some reason I didn’t know this either and had only recently noticed it as well: What does asterisk mean in Inbox (*12) • mozillaZine Forums

Answer: “The asterisk in the main folder means that there are new messages in a subfolder of that main folder.”

Here are the add-ons I run in Thunderbird as of this posting.

That is all.

Claus Valca

Windows Winsock Repair

A few weeks ago it was brought to my attention that the XP desktop system sitting in our church-house library hasn’t been able to get on the Internet for quite some time.

(Yes…I said “XP”…moving on…)

I tried to argue that this sounded like a security feature rather than a problem but it was explained to me that the librarian used software on that system to catalog new book arrivals. One feature of that software was to look up the ISBN to pre-populate the database record it creates.

Turns out the system had a number of issues.

I had to remove quite a lot of third-party junkware from the system; (at least) one of which it turns out messed up the network/WinSock settings of the OS.

The net result was basically that no web-browser could reach the Internet.

After the system was cleaned up of all the junkware and auto-start crud, I had to clean up the network settings and fix the WinSock settings.

In the end I just followed the steps in this Microsoft KB: How to determine and to recover from Winsock2 corruption in Windows Server 2003, in Windows XP, and in Windows Vista

Manual steps to recover from Winsock2 corruption
Windows XP with Service Pack 2 instructions

To repair Winsock if you have Windows XP Service Pack 2 (SP2) installed, type netsh winsock reset at the command prompt, and then press ENTER.

Note Restart the computer after you run this command. Additionally, for computers that are running Windows XP SP2, there is a new netsh command that can rebuild the Winsock key. For more information, visit the following Web site:

http://technet.microsoft.com/en-us/library/bb457156.aspx

Warning Programs that access or monitor the Internet such as antivirus, firewall, or proxy clients may be negatively affected when you run the netsh winsock reset command. If you have a program that no longer functions correctly after you use this resolution, reinstall the program to restore functionality.

Note If these steps do not resolve the problem, follow the steps in the next section.

Windows XP without Service Pack 2 instructions
To repair Winsock if you do not have Windows XP SP2 installed, delete the corrupted registry keys, and then reinstall the TCP/IP protocol.
Step 1: Delete the corrupted registry keys
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

For more information about how to back up the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows XP and Windows Vista

  1. Click Start, and then click Run.
  2. In the Open box, type regedit, and then click OK.
  3. In Registry Editor, locate the following keys, right-click each key, and then click Delete:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2

  4. When you are prompted to confirm the deletion, click Yes.
Note Restart the computer after you delete the Winsock keys. Doing so causes the Windows XP operating system to create new shell entries for those two keys. If you do not restart the computer after you delete the Winsock keys, the next step does not work correctly.
Step 2: Install TCP/IP
  1. Right-click the network connection, and then click Properties.
  2. Click Install.
  3. Click Protocol, and then click Add.
  4. Click Have Disk.
  5. Type C:\Windows\inf, and then click OK.
  6. On the list of available protocols, click Internet Protocol (TCP/IP), and then click OK.
    If Internet Protocol (TCP/IP) does not appear, follow these steps:
    1. Click Start, and then click Search.
    2. In the Search Companion pane, click More advanced options.
    3. Click to select the following three check boxes:
      • Search system folders
      • Search hidden files and folders
      • Search subfolders
    4. In the All or part of the file name box, type nettcpip.inf, and then click Search.
    5. In the results pane, right-click Nettcpip.inf, and then click Install.
  7. Restart the computer.

The real “trick” for me was in Step 2.5 above.  You need to actually type “C:\Windows\inf” as it says. If you try to browse to the folder in the GUI you won’t “see” the folder present. Type it in and the protocols appear as documented above.

Once the PC was restarted I manually set the network configuration to the proper static IP the system should use along with custom DNS server values.

If you don’t want to go through all that manual work, you could try the Microsoft FixIt (50203) download link and save/run that file.

There are also a lot of third-party utilities that can fix WinSock issues. I like to keep these along with the Microsoft FixIT file handy just in case:

Cheers,

Claus Valca

FIle & Folder Mirroring: top picks and other misc notes

I have two folders on my system: “Standalone Apps” and “Updaters”.

The first one pretty much speaks for its content. The second folder contains the most recent installation binaries for third-party browser plugins, security applications, etc.

I keep them updated weekly.  Then I synchronize (mirror) them to a few different USB drive devices.

I have been using FreeFileSync Portable for a long time as my primary tool to handle it.  It has a clear interface, runs pretty fast, and has been reliable. I can do a “preview” of the synchronization run to see just what will occur. Drawbacks? I’m stuck on the older v6.2 build as it is the last one that plays nicest with the portable launcher. It also is more complicated in that it uses a lot of dependencies to make it work.

I had been using Dimio's DSynchronize application before that. I still do use it once a month or so just in case it catches something that FreeFileSync misses. I like it is that it is very small and fast, regularly updated, and has a complex “simple” interface.

So TinyApps bloggist brought a new synchronization tool to my attention recently in the blog post Synchronize, backup, or copy files and folders.

It’s a very nice freeware tool called SyncFolders. As TinyApps points out, it can be combined with ShadowSpawn to leverage the VSS.

The only “problem” I had using it the first time was that I had selected the “copy” option in my rule build and not “back-up”. This meant that none of the removed files in my “source” set were getting deleted on target drives. Once I figured that detail out it was smooth mirroring.

In my post Call Me Burned but Recovered: Windows 10 Upgrade Failure I mentioned a backup tool called Drive Snapshot that seemed pretty darn cool.

TinyApps reached out to me after that post and kindly shared some content on his site related to this backup tool:

Somehow I also ended up finding Image for Windows via Terabyte. They offer their backup/restoration tool in DOS/Linux/Windows editions with a free 30-day trial version. Full product purchase is less than $50 at the time of this post.

As noted in my original post my whole-system backup solution involved using a boot version of OSFClone to capture my system partition to a USB drive IMG file. Restoration was booting with a WinPE stick, running DiskPart to recreate my partition structure, then booting a LiveCD ISO of Linux Mint (Cinnamon version). Then I used the Ubuntu Disk Image Writer already integrated in the Mint OS build shell to browse to my IMG file on the external USB drive and simply selected my system’s primary HDD to write the image back, after first confirming I was selecting the correct one with gParted.

For my standard system-wide key file and folder backups for disaster recovery I am still using the freeware application Back4Sure in the portable version. This backup routine focuses not on creating an entire system backup image but just the most critical folders on my system that would allow me to recover my user-data in the event of a malware/cryptoware attack.

Cheers.

Claus Valca

Coding & Scripting Notes

I’m still working out the PowerShell basics and my study time allocated is woefully inadequate.

So for some crazy reason I’ve decided I need to expand my toolset.

Here are some links for my reference.

Learn SQL – Codecademy – This will be my primary focus because I interact daily with a SQL-based application and want to improve my query skills.

How to learn to code when you have no idea where to start – iMore. Serenity Caldwell provides a great collection of websites and recommendations for learning to code.

Learn the Basics of Four Programming Languages to Get to the Early Coder Stage – Lifehacker

Bento - Learn to code the way professional programmers do

Claus V.

Saturday, May 28, 2016

Run Free Google Nik Photoshop filter collection in Paint.NET

I have an older build of Adoble Photoshop that I rarely use for photo editing work. I prefer the freeware application Paint.NET.

So when I heard that the Google Nik Collection became a free download back in March I got really excited because at least I would have some new filters for Photoshop.

If you aren’t familiar with the Nik Collection and just hit that page, you might think that it offers seven or so very high-quailty photo retouching/editing filter profiles for use in Photoshop.

What it really contains is an amazing number of high-end photo retouching/editing filters that fall under seven primary filter categories.

But maybe you don’t have Adobe Photoshop so you have the sads as you couldn’t take advantage of these filters.

Fear not!  You can easily run the Google Nik Photoshop filters in the free Paint.NET photo-editing software application to your heart’s content and not need Adobe Photoshop at all.

image

sample photo by Mayur Gala via Unsplash with CC0 license

  1. Download/install Paint.NET (if you don’t have it already).
  2. Download and manually install the Paint.NET 8bf filter plugins.
    1. Once downloaded, unzip the file package.
    2. Close out Paint.NET if running. 
    3. From the unzipped location, copy the “PSFilterPdn.dll” and “PSFilterShim.exe” into the Paint.NET “Effects” folder (usually C:\Program Files\Paint.NET\Effects) (see here if needed) Download/install the Google Nik Collection. Tip: make a note of what the default install directory path is.
  3. Run Paint.NET
  4. Go to “Effects” on the Menu bar,
  5. Select the 8bf Filter near the bottom.
  6. In the window, click on “Search Directories” tab,
  7. Make sure the “Search Subdirectories” tick box is checked.
  8. Click on the “Add” button.
  9. Browse to the top-level folder location where the Google Nik Collection was installed (from step 3 tip) and select that folder.  (On my system it was “C:\Program Files\Google\Nik Collection”
  10. Click “OK” and the path will be added to the seach directory. (more details on installing Photoshop-compatible filteres wth 8bf Filter here.)
  11. Done!

To access the Google Nik Collection fiters in Paint.NET do this.

  1. Run Paint.NET if not already running.
  2. Load up an image file in Paint.NET to get started with.
  3. Go to “Effects” on the Menu bar,
  4. Select the “8bf Filter” near the bottom of the Effects dropdown listing.
  5. Select the “Filters” tab in the window.
  6. Expand the “Nik Collection”
  7. Pick a filter category
  8. Click the “Run Filter” button
  9. It will load up the image you have selected and then present you with the filter control window.
  10. On the top left side you will see the different sub-categories for the loaded filter.
  11. Select the filter subcategory and then try the different filters. You will see them previewed on your image.
  12. If you want, you can fine-tune the selected filter effect on the right hand side.

Amazing! All this in Paint.NET.

Mind blown.

Cheers.

Claus Valca