Windows Hints

accounts - see user accounts, more settings

activation code, install using command line

If you wish to replace a current key then use this command first to deactivate the currently used product key

slmgr -upk

The following two codes will allow you to enter a new key into windows.

the following will not try to bring up a dialog, best used while on a remote machine.

slui.exe 3 XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

the following ollowing will try to bring up a dialog, which is bad if you're trying to do this remotely. But sometimes you don't have any choice, eh? Especially if you need to convert a volume (KMS) license into an MAK license. (Don't know how to convert KMS into MAK without slmgr which brings up pop-up window.)

slmgr -ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXXXXX-XXXXX

after you're done installing, need to activate

slui.exe 3

all by itself may do this. Or, if you don't mind the dialog:

slmgr -ato

activation code - want to reformat the hard disk and reinstall Windows XP on a system but not want to mess around with Microsoft's Product Activation after the reinstall? Fortunately, you do not have to. As long as you are not making any hardware alterations, you can back up the activation status files before you reformat the hard drive and then restore them after you reinstall the operating system. To perform the backup, follow these steps:

Use Windows Explorer to open the C:\Windows\System32 folder.2 folder.
Copy the Wpa.dbl and Wpa.bak files to a floppy disk or CD.

To perform the restore, follow these steps:

Decline the activation request at the end of the installation procedure, and restart Windows XP.
During boot up, press F8 to access the Windows Advanced Options menu.
Choose the Safe Mode (SAFEBOOT_OPTION=Minimal) option.
Use Windows Explorer to open the C:\Windows\System32 folder.
If they exist, rename the new Wpa.dbl and Wpa.bak files to Wpadbl.new and Wpabak.new.
Copy the original Wpa.dbl and Wpa.bak files from the floppy disk or CD to the
Restart the system.

activation code, can’t bring up even when you try to activate over the phone

Run following commands:

Rundll32.exe sys setup

Setup OobeBhk

oobe/msoobc/ or %systemroot%\system32\oobe\msoobe.exe /a

action pack 877-283-1925, 5

administrator password - see password, administrator

administrative permissions, don’t have all of – SpyBot sometimes makes it so you don’t have all the powers you normally would expect if you were an administrator

administrative permissions, temporarily assign yourself

Many programs require you to have Administrative permissions to be able to install them. Here is an easy way to temporarily assign yourself Administrative permissions while you remain logged in as a normal user.

Hold down the Shift key as you right-click on the program’s setup file.

Click Run as.

Type in a username and password that have Administrative permissions.

This will also work on applications in the Start menu.

ADSIedit – adsiedit.msc

annoyances.org

applications, move –

arp

arp -s 157.55.85.212 00-aa-00-62-c6-09 Adds a static entry.

arp -a Displays the arp table.

3^rd party tool - Application Mover

article that explains how to move an application using regedit

autostart – running msconfig brings up a tabbed dialog box, one of whose tabs has a lot of things that automatically start up that you can select or deselect.

All Known and (so called) Unknown Autostart Methods

Autoruns for Windows – part of Windows SysInternals

secmsconfig.exe - but the startup tab there now redirects to startup portion of task manager for Windows 8

pacs-portalcs-portalcs-portal - a very comprehensive list of utilities!

RegRun - has a lot of other stuff like security, registry search and edit

Startup Control Panel 2.6, 1

Startup Cop

Windows XP Startup Programs Tracker

—B—

backup script – Michael's VB Backup Script. I tried another one elsewhere but it didn’t work well at all.

batch job, allow user to run

I think you have to do this through group policy. To see what it is now:

run the following rsop.msc

In the Resultant Set of Policy console, navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment On the right pane, locate the “Allow log on locally” policy, check the Source GPO.

Blue Screen of Death – see BSOD, registry corrupt

blurry type or fonts on the screen – see ClearType, video performance options

boot clean - Sometimes you need to start up Windows XP clean: no extra services, no extra "start up" applications, nothing extra at all except what Windows XP needs to start up. You can use this clean boot to delete files that say that they're "in use" when you try to delete them, or install programs that will fix problems you're having when you boot normally. Remember, booting clean is for troubleshooting and fixing - it's not for running your day to day computing:

Click Start and then click the Run command. In the Run dialog box, type msconfig in the Open text box and click OK.

On the General tab, select the Selective Startup option. Remove the checkmarks from the Process SYSTEM.INI, Process WIN.INI, and Load Startup Items checkboxes.

Click on the Services tab. Put a checkmark in the Hide All Microsoft Services checkbox. Then click the Disable All button. This disables all non-Microsoft services. If a Microsoft service is causing the problem, it won't disable that service and won't fix the problem.

Click Apply and then click OK. In the System Configuration dialog box, click the Restart button.

Logon to the system. You'll see a System Configuration Utility dialog box. Click OK. Move the dialog box off to the side and make the changes you need to make. Then click on the General tab and then select the Normal Startup - load all device drivers and services option.

Click Apply and then click Close. Click the Restart button in the System Configuration dialog box.

boot disk, can’t change drive to “C” because you get “Invalid Drive Specification” – a href=http://support.microsoft.com/default.aspx?scid=kb;en-us;245162>Microsoft Knowledge Base Article - 245162

SYMPTOMS

After you start your computer from a floppy disk for troubleshooting purposes or to install an operating system, you may receive the following error message after you attempt to change to the hard disk, even though the hard disk is correctly partitioned and formatted:

Invalid Drive Specification

CAUSE

This error message can occur if you have a drive overlay program installed and you do not follow the proper procedures to boot from a floppy disk. When a drive overlay program is loaded, you cannot boot directly from a floppy disk if you want to be able to access the hard disk. You must first load the drive overlay program and then boot from the floppy disk.

RESOLUTION

To resolve this issue, check the documentation included with your drive overlay software, or contact the hard disk manufacturer for information about how to boot from a floppy disk and access the hard disk.

boot disk, make – see also slipstream service pack

Place a blank floppy disk in drive A, and format the disk by using Windows XP.
From the root folder of the system partition of your hard disk drive (for example, C:\-), copy the following files to the floppy disk:
Boot.ini
NTLDR
Ntdetect.com
You may have to remove the hidden, system, and read-only attributes from the files.
Restore the hidden, system, and read-only attributes to the files on your hard disk if you removed these attributes.
If either the Bootsect.dos or the Ntbootdd.sys file resides in the system partition, also use the procedure that is described in steps 2 through 4 to copy these files to the boot disk.

boot, most recent

systeminfo | find System Boot Time

net stats srv

boot operating system - see please select operating system to start

boot with utility to change administrator password – see password, change administrator

boot, won’t – see registry corrupt

browser – see Internet Explorer, hijacking

BSOD (Blue Screen of Death)

KMODE_EXCEPTION_NOT_HANDLED

Microsoft’s explanation – “Demystifying the 'Blue Screen of Death” - includes common error messages and likely causes

—C—

c0000218 error – see error messages

cacls terminates with an error The data area passed to a system call is too small - download SubInACL. See SubInACL for examples

cancel spooled print job forcibly– see print spooled job, forcibly cancel

Cannot run two device installations – if present, delete HKEY_LOCAL_MACHINE\System\Setup\FactoryPreInstallInProgress

C drive $ - \\MachineName\c$\

CD Key - RockXP - recover XP activation code – see also Product activation files, how to back up

cent sign (¢) – Alt+0164

certificate service – before you do anything, you need to make sure you’ve added “Active Directory Certificate Services” to your server roles

certificate services fail to start (error # 2148204801)

run this

certutil -error 2148204801

You’ll see

0x800b0101 (-2146762495) -- 2148204801 (-2146762495)

Error message text: A required certificate is not within its validity period when verifying against the current system

lock or the timestamp in the signed file.

CertUtil: -error command completed successfully.

So now what? Need to renew the CA. How to do that?

Go to Admin tools > Certification Authority.

Highlight your server and right click. Then select All Tasks > Renew CA Certificate.

If everything works, you should be able to start the certificate service. Highlight your server and right click. Then select All Tasks > Start Service.

certificates, determine health

from a command line,

certutil -dcinfo verify

which should return a list of certificate details for all your domain controllers.

Or for a GUI format, run pkiview.msc

What if you see a red “x” on your main domain with a message like, “This CA is currently offline or unavailable”?

You can try:

[PS] C:\ >certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\SetupStatus:

Old Value:
SetupStatus REG_DWORD = 6001 (24577)
    SETUP_SERVER_FLAG -- 1
    SETUP_DCOM_SECURITY_UPDATED_FLAG -- 2000 (8192)
    SETUP_SERVER_IS_UP_TO_DATE_FLAG -- 4000 (16384)

New Value:
SetupStatus REG_DWORD = 4001 (16385)
    SETUP_SERVER_FLAG -- 1
    SETUP_SERVER_IS_UP_TO_DATE_FLAG -- 4000 (16384)
CertUtil: -setreg command completed successfully.
The CertSvc service may need to be restarted for changes to take effect.
[PS] C:\ >net stop certsvc
The Active Directory Certificate Services service is stopping.
The Active Directory Certificate Services service was stopped successfully.

[PS] C:\Windows\system32>net start certsvc
The Active Directory Certificate Services service is starting.
The Active Directory Certificate Services service was started successfully.

But that didn’t solve the problem. I did notice that when I open up the certsrv I see an extra entry for the domain controller I ran this under for today’s date. It used a different template (CA Exchange) from the others that were there (Domain Controller), though.

You can also see some information when you type

certutil - key

and you might get something like a bunch of entries that look like:

Microsoft Strong Cryptographic Provider:
00d378e8-d80b-4e75-94cd-ded15306950d
2909509d83693de296fbb2b01af5ab1a_2adda048-3da8-430e-a38b-ef50501ee25b
AT_KEYEXCHANGE

bde1c823-74c7-4bdb-91e4-b68599b9dd6c
47a671a1845995b9964d14e0da35b0a4_2adda048-3da8-430e-a38b-ef50501ee25b
AT_KEYEXCHANGE

When I run this same command from two different domain controllers in the same domain, I get completely different results.

I decommissioned following instructions here.

change drive letter – see drive letter, change

chkdsk d: /f – check the disk in drive D and have Windows NT fix any errors encountered. Use the /r switch to find physical disk errors in the file system

clean boot – see boot clean

clean up "PendingDelete" files from C:\Windows\WinSxS directory

DISM /online /Cleanup-Image /StartComponentCleanup

This might take hours. See also here and here
And even after all the time it takes, it doesn't really seem to do anything to reduce these.

ClearType - On Windows XP (see also video performance options). ClearType is best for LCD, doesn’t work really well on CRT

Right click on the desktop and select 'Properties'.
Select the 'Appearance' tab and press the 'Effects…' button.
Check the tick box next to the words 'Use the following method to smooth edges of screen fonts' and select 'ClearType' from the drop down box.
Close the Effects dialog by clicking 'Okay' and click 'Apply' to complete the process.

Note: If you install Windows XP yourself, by either upgrading an existing Windows installation or performing a fresh install, ClearType will be turned off by default. Computer manufactures that preinstall with Windows XP have the choice of turning it on or off by default.

You can also turn ClearType on at our ClearType Web interface. This web site also allows you to tune ClearType for your own personal preference and for your display. Tuning ClearType makes an adjustment to Windows XP's 'contrast' or 'gamma' value set for your screen. For further information on gamma see this page.

clipboard

Clipomatic

command prompt, modify

Click the upper-left corner of the Command Prompt window, and then click Properties.

Click the Options tab.

In Command History, type or select 999 in Buffer Size, and then type or select 5 in Number of Buffers.

In Edit Options, select the Quick Edit Mode and Insert Mode check boxes.

Click the Layout tab.

In Screen Buffer Size, type or select 2500 in Height.

Do any of the following optional tasks:

In Screen Buffer Size, increase Width.

In Window Size, increase Height.

In Window Size, increase Width.

Clear the Let system position window check box, and then, in Window Position, change the values in Left and Top.

In the Apply Properties dialog box, click Save properties for future windows with same title.

Command, redirect output of to a file –

C:\ dir > somefile.txt

compress old files, prevent during disk cleanup,– see disk cleanup, prevent "compress old files"

computer name - see also rename computer

hostname

computers, refresh list available on network – restart the “Computer Browser” service

components – see Windows components, modify

console – mmc

control panel, start various components from command line – one list

control panel, icons missing

mail icon missing – search for file \programs\common files\System\MSMAPI\1031\MLCFG32.CPL

corrupt registry – see registry corrupt

crash – see also registry corrupt

"clean up" unwanted repetitive errors or crashes

Temporarily disable error reporting:

Right-clock on my computer, select properties, advanced tab, error reporting button - turn on the "no error reporting" check box and turn off the "but notify me" option.

Disable Virtual Memory:

Right-click on my computer, select properties, advanced tab, performance settings, advanced tab, virtual memory "change" button. Note down the current VM settings (system managed or any customized size. Turn on the "no paging file" bullet, and press the set tab.

Delete the paging file:

Reboot. Verify that the option reads 0 kb for page file. Use folder options on control panel or explorer "tools" pulldown menu & go to "view" tab. Turn off check box to permit viewing of system files. Now explorer on the root of C drive (or what ever drive letter you page file was set to use), should show a pagefile.sys entry. Delete this. You will get a warning message about this being a system file. Since you have disabled virtual memory, this entry is not being used. Delete it. Go empty the trash bin to make sure this entry is cleared. Some users don't find a paging file at this point.

Re-enable Virtual Memory:

Right-click on my computer, select properties, advanced tab, performance settings, advanced tab, virtual memory "change" button , turn on the system-managed or customized paging file with the same settings as you noted down earlier. Be sure to press the set button.

Reboot and verify that the paging file is active. Re-enable error reporting that was disabled earlier. Reboot to verify that the repetitive error message has indeed "left the building".

—D—

Default gateway disappears after power shutdown – see Local area connection loses all its network info

default printer, can’t set in Win XP 64-bit edition – from here, make sure the user has Full (or special) access to

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

add the key , restart PC

defrag page file – see page file, defrag

delete an "undeletable" file.

1. Close all open programs.

Open a command prompt.

Right-click the taskbar, and select Task Manager.

On the Processes tab, select Explorer.exe, and click the End Process button.

Minimize Task Manager, but do not close it.

At the command prompt, use the Delete command to remove the file, and close the command prompt.

In Task Manager, go to File>>New Task (Run).

In the Create New Task dialog box, enter Explorer.exe, and click OK.

Close Task Manager.directory structure -- from DOS prompt, type “tree c:” followed by a “> file.txt” to send the output to a file.

2. Unlocker 1.8.5

Helps delete locked files with error messages like:

Cannot delete file: Access is denied
There has been a sharing violation.
The source or destination file may be in use.
The file is in use by another program or user.
Make sure the disk is not full or write-protected and that the file is not currently in use.

3. Symptom: you have identified files or folders belonging to spyware, malware, or adware that cannot be deleted since some background service has the files or folders locked. You receive a message “access denied” when attempting to delete them and uninstalling the malware from Add/Remove programs, or deleting associated Regkeys, still does not remove the files.

Right click on the folder, or file(s), and select Properties.
Click on the Security tab.
Highlight the Administrators group, and then click Remove. You should not have to highlight any other groups or user names.
When prompted with a message “you cannot remove xxxxx/xxxxx because this object is inheriting permissions from its parent, click on "OK" to the message, and then click the “Advanced” button.
Uncheck the box for “inherit from parent the permission entries…”
When prompted with another dialog “selecting this option means the parent permission entries… will no longer be applied….” click “Remove”.
Still in the Advanced Security Settings dialog, click Add.
In the Select User or Group dialog, type in “Everyone” (no quotes) in the “Enter the object…” field, then click on "OK".
In the Permissions Entry dialog, check off “Full Control”. All other boxes should automatically be checked off. Click on "OK".
In the Advanced Security Settings dialog again, “Everyone” should appear in the Permissions entries field, and under “Inherited From”, should appear.
Click on "OK" again to exit that dialog.
Click on "OK" to exit the folder or file Properties dialog.

Try deleting the folders or files. You may need to reboot the PC in order to release the current security settings from memory. Once restarted, try deleting the items again. If removing malware from a PC, this is a good start toward disabling the software, especially where Add/Remove Programs, or registry key deletions have not worked.

deleted users, recover – right-click Windows button → Run → dsac.exe to open the Active Directory Administrative Center. But you must open this as a domain administrator.

device installations, cannot run two– if present, delete HKEY_LOCAL_MACHINE\System\Setup\FactoryPreInstallInProgress

DHCP server detection - Rogue DHCP Server detection

DirectX – info and diagnostics – Start, Run, “dxdiag”; 9.0b

disk cleanup, prevent "compress old files"

This is caused by the "compress old files" function of disk cleanup tool scanning files and calculating for file compression, assuming we all want to save space. Run, type in "regedit.exe" for windows registry editor, then click edit and find, and type in "compress old files". Or just navigate to that sub-key using this path:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Compress old files

Then to be safe, in the registry editor, select file from the top menu, then export, and save that "compress old files" subkey as a .reg file. Then delete only that registry subkey, and disk clean up will run through quickly. Also there is an option button after disk cleanup has run, when you click to select the "compress old files" that allows you to change the # of days for files to be "old", the default is 50 days. But that option is only there if disk cleanup runs through once with the "compress old files" .reg key in. Also look here on line 48, right side area for basically the same fix.

http://www.kellys-korner-xp.com/xp_tweaks.htm

disk error checking in Windows XP - After you install Windows XP, the Scandisk command is not available. Double-click My Computer, and then right-click the hard disk drive that you want to check. Click Properties, and then click Tools. Under Error-checking, click Check Now. Click Start.

disk management –

Either right click on My Computer and choose "manage" or Click Start, click Run, type compmgmt.msc and then click OK.

In the console tree, click Disk Management. The Disk Management window appears.

disk not recognized – see drive not recognized

dll, register - Go to the Run item on the Start menu, and type:

regsvr32 <path & filename of dll or ocx>

DNS hosts (local file) - C:\Windows\System32\Drivers\etc

DNS info

dig utility (from BIND)

nslookup

DNS name servers

From command line, nslookup. That will show your name server. Then type in a FQ domain name and it will return an IP address.

Control panel, Network and Internet Connections, Network Connections bottom right, right click Local Area Connection and select "Properties", Highlight "Internet Protocol (TCP/IP)", click Properties

or, see IP Address, find

DNSMGMT.MSC

Location: C:\WINDOWS\system32\config\netlogon.dns

DNS out of date when pinging

Let’s say you’ve recently updated a DNS entry for “bob” on your domain server from 192.168.0.51 to 192.168.0.52

Now, on your client PC, when you

nslookup bob

you get 192.168.0.52 – as expected. But when you

ping bob

you still get 192.168.0.51 What to do? Try

Ipconfig /flushdns

And then ping again. That should fix.

DNS problems

look in C:\WINDOWS\system32\config\netlogon.dns for anomalies. Note: doesn’t matter how you edit netlogon.dns or netlogon.dnb. You can actually delete them and then restarting the netlogon service recreates them with whatever was in there before.

Netdiag below doesn’t work anymore in Windows 7 or Windows Server 2008/2012. But back in the day, it worked OK.

netdiag /fix

For domains:

(or all by itself without the /fix)

dcdiag /fix

(or all by itself without the /fix) and

dcdiag /test:registerindns /dnsdomain:domain

dcdiag /e /test:DNS

nltest /dsregdns

if this is a domain controller

You could try nslookup. For instance,

nslookup yourlocalserver.yourdomain.net

nslookup someoutsidedomain.com

if success,

Server: yourdomainserver.yourdomain.net
Address: 192.168.0.1

Name: yourlocalserver.yourdomain.net
Address: 192.168.0.2

If success on a server with IPv6

Server: yourdomainserver.yourdomain.net
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
       primary name server = 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
       responsible mail addr = (root)
       serial = 0
       refresh = 28800 (8 hours)
       expire = 604800 (7 days)
       default TTL = 86400 (1 day)
Server: Unknown
Address: ::1

Name: yourlocalserver.yourdomain.net<
Address: 192.168.0.2

if problems,

Server: yourdomainserver.yourdomain.net
Address: 192.168.0.1

*** yourdomainserver.yourdomain.net can’t find yourlocalserver.yourdomain.net: Non-existent domain

DNS OK but can’t ping – you can sometimes look up outside servers but you can’t ping them. For instance,

nslookup yourdomainserver

nslookup someoutsidedomain.com

work OK but pinging won’t.

The following might work

1. Go to device manager. Disable the NIC, enable again. If this works for a little bit but then problem again, consider replacing your NIC.

The following actions do NOT solve this problem:

IPConfig /FlushDNS

netsh interface tcp show global

to show

and then

netsh int tcp set global autotuninglevel=disabled

to change and

netsh int tcp set global autotuninglevel=nromal

to change back

net stop dnscache

followed by

net start dnscache
netsh winsock reset catalog

(which requires a restart afterwards)

DNS, set up from command line

netsh interface ip add dns name="NIC1" 192.168.0.123

netsh interface ip add dns name="NIC1" 192.168.0.124 index=2

DNS, split – see split DNS here

Documents and Settings directory, change to a different drive – Go to Start>Run>Regedit and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. On this entry you will see an entry on the right for %systemdrive%\Documents and Settings. You should be able to substitute %systemdrive% for whichever drive letter you want.

Make sure you create a Documents and Settings folder in the location you specify and that correct permissions are applied. You can also change that entire path to "Y:\TerminalS\Stuff\Documents and Settings" or whatever you want. If you browse the registry entries under ProfileList you will notice that is where information on each entry is kept. You may need to delete each entry for the users so their profile is created again at the new location.

Also, if you decided to move a profile from one place to the other to keep all settings, manually copy the folder then update the path in the ProfileImagePath entry for the profile, listed under the ProfileList.

Alternatively, using Vista, need to make a junction:

mklink /J “C:\Users\Bob User” “E:\Profiles\Bob User”

or you can make a junction under WindowsXP/Windows 2000. Junction is not part of these OS and must be downloaded.

Junction “C:\Documents and Settings\<original folder name>” “G:\Profiles\<original folder name>”

documents, remove record of most recently used - In Windows XP Professional, the Start menu contains a My Recent Documents folder that contains 15 of your recently used documents.

To remove the record of recently accessed documents:

Right-click Start, click Properties, and then click Customize.

Click the Advanced tab, and then click Clear List. If you're using the Classic Start menu, click Clear.

Clicking Clear List empties the My Recent Documents folder. It doesn’t delete the documents from your computer.

If you don’t want to include anything in the My Recent Documents folder:

On the Advanced tab, click Customize, and then clear the List my most recently opened documents check box.

In Windows XP Home Edition, My Recent Documents is not automatically listed on the Start menu. You can turn on this feature by right-clicking Start, clicking Properties, clicking Customize, and then selecting the List my most recently opened documents check box.

Also MRU-Blaster utility

DOS command, send output to a file -- follow the command by “> file.txt”

DOS prompt, get

Sometimes you need to get to a DOS prompt but it's not easy to do. Like when Windows Explorer (which controls all kinds of things like even being able to see the desktop) fails.

Open Task Manager using ctl-shift-esc, go to file → Run new task → type in “cmd”

drag-n-drop sensitivity - Windows Drag Sensitivity Utility

drive letter, change ge - Right-click on My Computer, Manage, Disk Management. Right click on the drive you want to change. There should be an option to change the drive letter unless that drive is the drive you installed the OS onto. In that case, to change the System/Boot Drive Letter, you need to do the following as described by an MS KB article. However, there’s a good chance you won’t be able to boot after this so you’ll need to do this to undo the damage.

Log on as an Administrator.
Start Regedt32.exe.xe.
Go to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices

Click MountedDevices.
On the Security menu, click Permissions. Verify that Administrators have full control. Change this back when you are finished with these steps.
Quit Regedt32.exe, and then start Regedit.exe. Locate the following registry key

HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices

Find the drive letter you want to change to (new). Look for "\DosDevices\C:".

Right-click \DosDevices\C:, and then click Rename. Note You must use Regedit instead of Regedt32 to rename this registry key.

Rename it to an unused drive letter "\DosDevices\Z:". This frees up drive letter C.
Find the drive letter you want changed. Look for "\DosDevices\D:".

Right-click \DosDevices\D:, and then click Rename.

Rename it to the appropriate (new) drive letter "\DosDevices\C:".

Click the value for \DosDevices\Z:, click Rename, and then name it back to "\DosDevices\D:".
Quit Regedit, and then start Regedt32.
Change the permissions back to the previous setting for Administrators (this should probably be Read Only).
Restart the computer.

drives, manage – see disk management

drive not recognized – If the BIOS sees it fine but the OS doesn’t, Control Panel, Administrative Tools, Computer Management, Storage, Disk Management

driver verification - verifier.exe

Dr. Watson – Go to the registry editor (regedt32) and go to \\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug. If the Debugger value is empty, the message box will have only an OK button and no debugger will start. It defaults to the following value: drwtsn32 -p %ld -e %ld –g

To disable Dr. Watson, modify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\ADebug. The value 'Auto' tells Watson how to start up.

Changing the Auto value from '1' to '0' will disable it.

Or…

To configure Dr. Watson, start Drwtsn32.exe and use the interface for

configuration purposes.

All configuration information is stored in the registry under

HKLM\Software\Microsoft\DrWatson.

Duplicate accounts – see multiple accounts with name xxx@yourdomain.net of type DS_USER_PRINCIPAL_NAME

“A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.” (4319 Event ID) – see nbtstat. So far, I’ve found that command to be completely worthless to solve this problem. According to here, there could be several reasons. But since I had 2 NICs on the same server on the same subnet, I tried “teaming” to merge them into one. We’ll see if that works.

—E—

emergency repair disk — go to program manager, click File/Run and then type:

rdisk /?

The “real“ command is

rdisk.exe -s

A dialog box will come up allowing you to choose to create a new or update an existing repair disk. Alternatively, just click on the Start button, choose help, type “emer” or the like, click on the Emergency Repair Disk selection, a help screen will pop up with a button that will bring up the dialog box necessary for you to begin.

environment variables -- go to a DOS prompt and type the “set” command. You can follow this by “| more” or “> file.txt” to either see one screen at a time or send it to a file.

PowerShell:

gci env:* | sort-object name

error messages – see BSOD

c0000218

STOP: C0000218 {Registry File Failure} The registry cannot load the hive (file):\System Root\System32\Config\SECURITY or its log or alternate. It is corrupt, absent, or not writable.

I was trying to do a Recovery on my computer to put it back to what it was when I bought it and to start over again. I want to just start fresh.

This is one of the main reasons I prefer to do a clean installation from CD rather than simply doing a system restore. There's less chance for something to go wrong with a clean installation. Unfortunately, many computer manufacturers no longer provide a complete CD, but you still may be able to completely wipe your drive rather than using the restore option. The Stop: c0000218 error is typically associated with one of several things, depending on how far through the recovery process you made it before encountering the error.

The first possibility is simply corruption in the Windows Registry. A second option is a component of your system hardware is not compatible with Windows XP or your hard drive has some kind of issue. Since you are re-installing Windows XP using System Restore, it seems unlikely your system hardware is incompatible, although I won't rule out the possibility entirely. The third possibility, a damaged hard drive, is possible even if Windows appeared to run smoothly prior to your re-installation. Before throwing in the towel, we'll take a closer look at each possibility

Assuming the Windows Registry is simply corrupt, the first thing to attempt is a recovery via the Automatic System Recovery for your particular installation. Since you are attempting to do a system restore, it's possible you already tried this and had it fail. If this is not the case, follow the detailed directions presented in Microsoft Knowledge Base article 307545.

If you attempted your system restore using the OEM provided restore partition or CD and received this error, make sure you don't have any hardware components connected which weren't part of the initial build of your computer. System restore disks look for specific hardware components. If the original components are missing it occasionally introduces errors in the restore process.

A third possibility is the hard drive is damaged in some way. Many disks have bad sectors and you won't know about them until you attempt to write over the sectors during a specific operation. If you can boot from your install CD, you will be presented with the option to Repair or Recover the Windows XP installation. Pressing R launches the Microsoft Recovery Console which then asks for the Administrator password. After entering the password, run chkdsk to check the drive for errors by typing chkdsk /r at the command line. If chkdsk finds errors, you may need to use chkdsk /f to repair the errors before proceeding.

KMODE_EXCEPTION_NOT_HANDLED

error reporting, disable -

Open Control Panel. Click on Performance and Maintenance.

Click on System.

Then click on the Advanced tab.

Click on the error-reporting button on the bottom of the windows.

Select Disable error reporting.

Click OK. Click OK.

event viewer, find IP

Open the Event Viewer on your Windows machine.
In the left pane, navigate to Custom Views.
Right-click on Custom Views and choose Create Custom View.
Click on the XML tab and check Edit query manually.
In the XML query window, you can specify your filtering criteria.

source IP address

<QueryList>
<Query Id="0" Path="Directory Service">
<Select Path="Directory Service">
*[EventData[Data[@Name='IpAddress'] and (Data='123.45.67.89')]]
</Select>
</Query>
</QueryList>

event viewer, launch Event Viewer from the command line – eventvwr.exe or mmc.exe.

exe files won’t fun, gives “Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item”

Windows doesn’t like it when you try to run something from a networked drive. Even copying them to local directory doesn’t work. But right click, go into the properties, and on the 1st, default “General” tab at the bottom you might see, “Security: This file came from another computer and might be blocked to help protect the computer” and you’ll see a button labeled, “Unblock”.

executable, find path for an – where <executable name>. For example, where calc returns C:\WINDOWS\system32\calc.exe only seems to work on Windows 2003

executable, “We can't verify who created this file. Are you sure you want to run this file?” - see open file - security warning

extensions, file, change program associated with –

The associations are stored in

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts

and the applications themselves are stored in the key

HKEY_CLASSES_ROOT\Applications

But I found the key

HKEY_CLASSES_ROOT\.ext

Where “.ext” is the extension you want also affects the system – especially if you don’t have access to it because of permission problems. Fix the permission problems and a lot of other problems seem to go away. Like a missing “open with” in the right click menu, for instance.

Associate File Extension with Shell OPEN command and Application

OpenExpert

—F—

FAQ - see hints

fdisk – fdisk /mbr to get rid of bad partition (according to Chris Everett)

file history - see most recently used files, see; Documents, remove record of most recently used

file, send DOS commands to - DOS command, send output to a file

files open, see open files

find path for an executable – where <executable name>. For example, where calc returns C:\WINDOWS\system32\calc.exe only seems to work on Windows 2003

find string in a directory of files - see string, find in files in a directory

firewall, configure - from here

Enable

Netsh

netsh advfirewall set allprofiles state on

Windows PowerShell

Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True

Control firewall behavior

The global default settings can be defined through the command-line interface. These modifications are also available through the Windows Firewall with Advanced Security MMC snap-in. The following scriptlets set the default inbound and outbound actions, specifies protected network connections, and allows notifications to be displayed to the user when a program is blocked from receiving inbound connections. It allows unicast response to multicast or broadcast network traffic, and it specifies logging settings for troubleshooting.

Netsh

netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound

netsh advfirewall set allprofiles settings inboundusernotification enable

netsh advfirewall set allprofiles settings unicastresponsetomulticast enable

netsh advfirewall set allprofiles logging filename %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log

Windows PowerShell

Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow –NotifyOnListen True -AllowUnicastResponseToMulticast True –LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log

Finally, to allow remote administration

Netsh

netsh advfirewall firewall set rule group=Remote Administration new enable=yes

I finally had to turn the dang thing off:

netsh advfirewall set allprofiles state off

folder, change opening default - By default, Windows Explorer opens showing the My Documents folder. To change the default setting so that all top–level drives and folders are shown, follow these steps:

Click Start > Programs > Accessories, then right–click Windows Explorer, and click Properties.

Under Target field, which reads %SystemRoot%\explorer.exe, add to make the line read:

%SystemRoot%\explorer.exe /n, /e, /select, C:\

Click OK.

folder, password protect - AxCrypt

font, copy to another PC – On old PC, find it in Control Panel/Fonts. Right-click Drag 'n' drop (copy) to a shared folder. On new PC, drag 'n' drop from shared folder to Control Panel/Fonts.

fonts or type are fuzzy or blurry on the screen – see ClearType, video performance options

font manager - NexusFont

format an unformatted partition - right click on ‘my computer’ and select ‘manage’, then choose ‘storage\disk management’

forcibly cancel spooled print job – see print spooled job, forcibly cancel

ftp – to get to using Windows Explorer, put the following in the address window:

ftp://user@ftp.yourdomain.com

freeze - see crash

fully qualified domain name, can’t resolve – try netsh int ip reset reset.log. You’ll need to reboot and then reset your network settings. This may or may not help.

fuzzy type or fonts on the screen – see ClearType, video performance options

—G—

games, disable

edit the Sysoc.inf file to unhide all games:

Choose Start / Run / Copy+Paste the next line into the RUN box and press [ENTER]:

notepad %SystemRoot%\Inf\Sysoc.inf

Scroll down until you find the line that reads:

Games=ocgen.dll,OcEntry,games.inf,HIDE,7

and delete the HIDE from the line so it now reads:

Games=ocgen.dll,OcEntry,games.inf,,7

Below that is the line that reads:

AccessUtil=ocgen.dll,OcEntry,accessor.inf,HIDE,7

delete the word HIDE from the line so it now reads:

AccessUtil=ocgen.dll,OcEntry,accessor.inf,,7

Scroll down a little to the line that reads:

Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7

delete the word HIDE from the line so it now reads:

Pinball=ocgen.dll,OcEntry,pinball.inf,,7

Click File / Exit and choose YES to save the changes you made to the file.

Click Start / Settings / Control Panel / Add-Remove Programs.

Select and Remove any of the games you want from the list. They may be in the windows components tab of the add/remove programs window, rather than the main programs list

gateway info disappears after power shutdown – see Local area connection loses all its network info

“ghost” local area connection – see Local area connections, how to see and get rid of “phantom” or “ghost” connections

GPT or MBR, which style is a disk partitioned in? - Server Management → Tools → Computer Management → Disk Management → right click the left pane where it says Disk 0 → click the Volumes tab on the pop-up that comes up → look at the Partition Style

"green bar of slowness" when you click on filename column heading in Windows File Explorer - see here

Right-click on the folder and select "Properties".
Click on "Customize" tab.
Under "What kind of folder do you want?" and under " Optimize this folder for:", select "General Items".
You are done!

—H—

handle - used to find out: which program has a particular file or directory open? A component of SysInternals, pretty much the same as Process Explorer without the GUI

see also open files

hidden network adapter – see network adapter, hidden

hijacking

hints - used to have some XP hints but that's ancient history now

hosts - C:\Windows\System32\Drivers\etc

hosts file locked, full of junk like “74.125.45.100 4-open-davinci.com”. Try to modify it. Just try. Uh-uh. What to do? I went here and downloaded their Combofix.exe. It warned that I had a couple anti-malware services running. These services you can’t really kill easily. I let Combofix keep going (even though it said to do so was at my own risk) and it worked great!

Hyper-V, Manage Hyper-V Server 2012 Remotely

—I—

icons missing from control panel – see control panel, icons missing

ID, Windows product – from DOS prompt, type “systeminfo”

IE – see Internet Explorer

inactivity timeout – see sleep

Internet Connected but browsers don’t work Link

“Invalid Drive Specification” when you try to change drive to “C” after booting from boot floppy disk – see boot disk, can’t change drive to “C” because you get “Invalid Drive Specification”

Error: Access is denied; URL: res://C:\WINNT\system32\shdoclc.dll/preview.dlg – maybe stoolbar.dll – see BHOCaptor - control the IE Browser Helper Objects

hijacking

runonce annoyance, get rid of – need to add two DWORDS:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "RunOnceComplete"=dword:00000001 "RunOnceHasShown"=dword:00000001

"Windows Internet Explorer 7 Beta 2 cannot be uninstalled from this user account. Please log on to the same user account from which it was installed and try again."

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer.

Right-click the Internet Explorer key, click New, and then click DWORD value.

Type InstalledByUser as the name, and then press ENTER to finish creating the new registry value.

Try to uninstall Internet Explorer 7 again.

“The IP address 192.168.0.17 you have entered for this network adapter is already assigned to another adapter (D-Link DGE-530T Gigabit Ethernet Adapter (rev.B) #2) which is no longer present in the computer. If the same address is assigned to both adapter and they both become active, only one of them will use this address. This may result in incorrect system configuration”

“Do you want to remove the static IP configuration for the absent adapter?”

If you answer, “yes” to the question above, it sorta kinda “fixes” it. But it’s still messed up. A temporary solution is Local area connections, how to see and get rid of “phantom” or “ghost” connections. This keeps coming up after almost every reboot on a couple PCs.

Here’s at least a way to see the dang thing and uninstall it (from here, where it also describes how to download and use a DevCon tool):

Click Start, click Run, type cmd.exe, and then press ENTER.
Type

Set devmgr_show_nonpresent_devices=1

In the same prompt, you can type

Start DEVMGMT.MSC

Click View, and then click Show Hidden Devices.
Expand the Network Adapters tree.
Right-click the dimmed network adapter, and then click Uninstall.

You can also see it by searching in the registry. In this example, search for “DGE-530T”. In my case I found a whole bunch at

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards

And again, by hitting F3 each time to find each of the entries below, each location having many such entries at

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\NetworkCards

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_1186&DEV_4B01&SUBSYS_4B011186&REV_11

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI\VEN_1186&DEV_4B01&SUBSYS_4B011186&REV_11

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCI\VEN_1186&DEV_4B01&SUBSYS_4B011186&REV_11

Not sure how all these (one for each reboot; dozens) get here or what to do about them. Presumably it wouldn’t hurt to delete some of these. But it’s not immediately obvious which ones are the old bogus ones and which is the new one. Some entries, like the last one, have them conveniently numbered. So I might safely delete them. But what keeps these proliferating? Still don’t know. There are also entries at

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces

With the IP address.

IP address default for Windows DHCP if unable to find info: 169.254.0.1 through 169.254.255.254, a range that has been reserved especially for Microsoft. When a DHCP client boots up, it first looks for a DHCP server in order to obtain an IP address and subnet mask. If the client is unable to find the information, it uses APIPA (Automatic Private IP Addressing) a feature in Windows to automatically configure itself with an IP address and subnet mask when a DHCP server isn't available.

IP address, find -

for XP, Win 2000, Windows 7 - “ipconfig /all” from DOS window

for Win9x - type “winipcfg” from “start/run” command” line - only works in Win9x, not XP or Win2000

winipcfg for XP - see utilities, Doug Knox or Microsoft's site

netsh interface ip show config

IP address, configure from command line

netsh interface ip show config

The following command configures the interface named Local Area Connection with the static IP address 192.168.0.100, the subnet mask of 255.255.255.0, and a default gateway of 192.168.0.1:

netsh interface ip set address name=Local Area Connection static 192.168.0.100 255.255.255.0 192.168.0.1 1

more here

to set up DNS

netsh interface ip add dns name="NIC1" 192.168.0.123

netsh interface ip add dns name="NIC1" 192.168.0.124 index=2

IP address, find in event viewer – see event viewer, find IP

IRPStackSize in the server's Registry key LanmanServer \Parameters was invalid - see value named IRPStackSize in the server's Registry key LanmanServer Parameters was invalid

—J—

—K—

KDC (Key Distribution Center) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate (event ID 29)

You could start by running

certutil -dcinfo verify

from a command line which should return a list of certificate details for all your domain controllers.

Or for a GUI format, run pkiview.msc

Microsoft suggested barging ahead and removing certificates willy-nilly before verifying using the “certutil -dcinfo verify” at the end of their article. But I tried that command at the beginning and nothing seemed amiss. So why would I delete them if nothing’s wrong?

One thing I did notice was when I went into Server Manager/Active Directory Certificate Services/Certificate Templates that it said they were all bad and gave me a choice to fix. So I did.

Key, change XP

Click on Start and then Run.
In the text box in the Run window, type regedit and click OK. This will open the Registry Editor program.
Locate the HKEY_LOCAL_MACHINE folder under My Computer and click on the (+) sign next the folder name to expand the folder.
Continue to expand folders until you reach the HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Current Version\WPAEvents registry key.
Click on the WPAEvents folder.
In the results that appear in the window on the right, locate OOBETimer.
Right-click on the OOBETimer entry and choose Modify from the resulting menu.
Change at least one digit in the Value data text box and click OK. This will deactivate Windows XP.
Click on Start and then Run.
In the text box in the Run window, type the following command and click OK.

%systemroot%\system32\oobe\msoobe.exe /a

When the Windows Product Activation window appears, choose Yes, I want to telephone a customer service representative to activate Windows and then click Next.
Click Change Product Key.
Type your new, valid Windows XP product key in the New key text boxes and then click Update.
If you're taken back to the previous screen and prompted, choose Remind me later.
Restart your PC.

Key Distribution Center (KDC) cannot find a suitable certificate – see KDC (Key Distribution Center) cannot find a suitable certificate

key, view Windows XP key - ViewKeyXP.zip

kill a process – see taskkill, PsKill. Sometimes neither of these work. See long discussion here. You’ll get something like

taskkill /pid 5448 /f

ERROR: The process with PID 5448 could not be terminated.

Reason: There is no running instance of the task.

I found once (9/6/11) that killing Symantec’s antivirus process “SMC.exe” was able to kill an instance of Excel that just wouldn’t go away. SMC.exe respawned itself, but sans Excel.

KMODE_EXCEPTION_NOT_HANDLED - Backdoor.NTHack virus

PC DoorGuard - Commercial anti-trojan

Symantec’s instructions to remove

—L—

last time booted - see boot, most recent

letter for a drive, change – see drive letter, change

letter for drive not showing up in the OS – see drive not recognized

license, see activation code, install using command line

license, convert volume KMS to MAK

slmgr -ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

Linux, run on XP - coLinux

list of computers available on network, refresh – restart the “Computer Browser” service

local administrator password - see password, administrator

Local area connection loses all its network info – one Window 7 PC, it loses all its connection info – including its default gateway – whenever it shuts down unexpectedly such as during a power outage. No problems if it shuts down normally. It also loses its DNS, IP address and mask. What really seems to be happening is that it’s losing its default connection, keeping it as some sort of a “ghost” connection, and creating a new connection. Often you’ll recognize this ‘cause the old one might have been named something like “Local Area Connection 2” whereas the new one might be called something like “Local Area Connection 5”.

If you try to add back the info with the same IP address to this newly created Local Area Connection, when you go to save, it complains that there’s already a connection with that IP address. Like I say, there’s a “ghost” connection still there. Or probably lots of ghost connections.
BUT, it asks you if you want to get rid of that ghost connection’s IP address. Choose “yes”.
So now you think you’re all fixed up, right? Har! You’d be wrong, of course. Turns out that, if you close out the local area connection and re-open it, most of the stuff you just entered is still there. But the default gateway info you added is gone. But if you now add the default gateway info again and then save it, it really does keep it this time around.

How to get rid of these ghosts? Well, that’s a whole ‘nother story at Local area connections, how to see and get rid of “phantom” or “ghost” connections

Local area connections, how to see and get rid of “phantom” or “ghost” connections. I’ve noticed this problem particularly on some Win 7 PCs when their power goes off unexpectedly. This entry covers a quick fix and doesn’t really address how to keep this from happening over and over again and the ghosts from proliferating. For a more in-depth discussion, see IP address you entered for this network adapter is already assigned.

Where can you even see these ghosts? 3 ways:

In the Registry:

You can see these ghost local area connections in the registry at.

HKLM/System/CurrentControlSet/Services/Tcpip/Parameters/Interfaces/

And scattered in other locations throughout the registry. See more detail at IP address you entered for this network adapter is already assigned

Here you'll see a bunch of candidate CLSID – one of which is your “real” network adapter where you change the settings. The others are the “ghosts”. Not sure yet how to tell which is “real” and which is/are “ghost”. You'll probably recognize them by looking at the value IPAddress that will have the IP of this adapter. I suppose you could delete some of these ghosts. But still not sure how to keep them from proliferating.

From command line

ROUTE PRINT

There should be two groups that print out: “Active Routes” first and then “Persistent Routes” right after that (In the IPv4 1^st section, not the IPv6 section right after that). We’re looking for “Persistent Routes” and we’re looking for multiple instances of the Network Address “0.0.0.0”. All the entries will likely look the same. This seems to particularly be a problem with Window 7 / Server 2008. You should really only need one of these entries for “0.0.0.0”.

In the device manager (from here, where it also describes how to download and use a DevCon tool)

Click Start, click Run, type cmd.exe, and then press ENTER.
Type

Set devmgr_show_nonpresent_devices=1

and then press ENTER.

In the same prompt, you can type

Start DEVMGMT.MSC

and then press ENTER.

Click View, and then click Show Hidden Devices.
Expand the Network Adapters tree.
Right-click the dimmed network adapter, and then click Uninstall.

How to fix?

Windows 7

One solution that I’ve adapted from here:

The issue is that the ROUTE table contains a phantom persistent default route 0.0.0.0 to one of the network interface cards. This activates the "Unidentified Network" (Public) every time the network connection becomes active. Sharing permissions are turned off.

From the Windows Command Screen as Administrator (Windows button, type “cmd”, then hit Ctl+Shift+Enter)

ROUTE PRINT

You’ll likely see more than one entry in the “Persistent Routes” area of the IPv4.

Remove all default routes.

ROUTE DELETE 0.0.0.0

This removes the default routes from all network interfaces. (This doesn’t seem to have any effect on extra entries at HKLM/System/CurrentControlSet/Services/Tcpip/Parameters/Interfaces/ in the registry, though.) If you

ROUTE PRINT

You’ll see there are no longer any entries in the “Persistent Routes” area of the IPv4. Keep this command line box open, but now go back and look at your local area connection. In particular, look at your IPv4 properties. If you had a default gateway before, it’s gone now. Add it back. Go back to your command line box and type

ROUTE PRINT

You should now see just one entry in the “Persistent Routes” area of the IPv4 that looks a lot like the ones you just got rid of. But at least now you should just have the one. Jury’s still out as to whether you’ll keep accumulating more of these persistent route entries again when power goes off unexpectedly again. But at least this gets rid of all the unnecessary accumulated extra ones for now.

Not sure why Microsoft decided to make the default routes 0.0.0.0 persist in the routing table instead of just being bound to the network adapter. The network stack used by XP, 2000, 2003 systems do not have this problem.”

From the same place, I see netsh winsock reset. Haven’t tried this yet. And there’s also stuff there about Adobe CS3 and Apple Bonjour ("C:\Program Files (x86)\Bonjour\mDNSResponder.exe" –remove.

I forget where I got this but I’ve never tried it ‘cause I don’t use XP much anymore.

Go to Control Panel. Go into Security Centre and switch OFF the FIREWALL then go to SYSTEM, DEVICE Call up each unwanted connection and uninstall it. If it goes as mine did, go back to the Network Connections and you should find the connections GONE!!!

Don’t forget to turn your firewall back on.

local users and groups

lusrmgr.msc

locking, opportunistic, disable - see opportunistic locking, disable

logged in, who’s logged in?

query users

or just look at task manager. A bonus of using task manager is that you can also kick them off!

logon, can’t ‘cause you don’t know the password

EBCD – Emergency Boot CD CD to make a CD capable of booting up and resetting an ID’s password
Offline NT Password & Registry Editor, Bootdisk / CD

logon failure: the user has not been granted the requested logon type at this computer

gpedit.msc. Computer configuration->Windows Settings->Security Settings->Local Policies->User Rights Assignment. I tried this but it didn't work 12/29/02

http://www.symantec.com/avcenter/venc/data/backdoor.kryost.html - I tried this but it didn't work 12/29/02

logon options, in group policy, Computer\Administrative Templates\System\logon\

—M—

MAC address, get

For the PC you’re on right now: ipconfig /all

For an IP address: ping the address and then arp -a – this only seems to remember maybe half a dozen back

mail icon missing from control panel – see control panel, icons missing

malware removal

10 tips for getting rid of stubborn malware – some pertinent extracts:

Gain access to a clean PC - Do your research and download the tools and fixes you need on another PC that's not infected. Don't transfer anything via your network or a USB flash drive; instead, burn it to a CD or DVD, which won't pass on the infection after being in close contact with the infected computer.
Reclaim Safe mode - One nasty trick malware performs is to delete the SafeBoot Registry key, which basically cripples Safe mode. Open Registry Editor on a clean PC running the same version of Windows, browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ and export the SafeBoot key to a Registry file. Transfer this across to your infected PC and attempt to merge the REG file into your Registry.
Stubborn Safe mode fix - Some malware actively monitors the SafeBoot key and deletes any changes made. To counter this, download UndeletableSafeBootKey from Didier Stevens. Extract the UndeletableSafeBootKey application and transfer this to the infected PC. Run this prior to importing your REG file, and the malware will be thwarted, giving you access to Safe mode again.
Construct a toolkit - Download the following tools on your clean PC and transfer them to your infected PC via CD – they can all be installed and run in Safe mode: Malwarebytes Anti-Malware, ComboFix, a2Free, Sophos Anti-Rootkit, HijackThis! and Virus Effect Remover.
Access Registry Editor - Virus Effect Remover should be able to undo the worst damage done by malware – the One Click Registry Heal button performs a number of fixes, giving you back access to key system tools like Registry Editor plus re-enabling critical functionality like automatic updates.
Internet connection fixes - Open a command prompt window with administrative privileges (you can do this from within Virus Effect Remover – click Other Tools > Command Prompt) and type the following two commands, pressing [Enter] between each:

netsh winsock reset
netsh int ip reset resetlog.txt

Exit and reboot back into Safe mode with networking to verify your connection is back.

map drive

net use z: \\someserver.yourdomain.com\someshareddirectory

mapped drive of remote server, change to that directory – see remote machine mapped drive

media player – see Windows Media Player

memory, how much – from DOS prompt, type “systeminfo”

Menu bar/Toolbar Missing in Windows Explorer and/or Internet Explorer

Go to the following Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar

For Windows Explorer: In the right pane, locate the Explorer sub-key and open it. In the right pane, locate the ITBarLayout value. Right click this value and select Delete.

For Internet Explorer: In the right pane, locate the WebBrowser sub-key and open it. In the right pane, locate the ITBarLayout value. Right click this value and select Delete.

Quit Registry Editor.

Open the affected program (Windows Explorer or Internet Explorer) and verify that you're Menu bar/Toolbar has been restored. If not, close all open Windows Explorer and Internet Explorer Windows and repeat the above step. Then locate the ShellBrowser sub-key, open it and delete the ITBarLayout value there.

Any Toolbar layout customizations will be undone, and the affected Toolbar will be reset to its default configuration.

message, send - net send {name | * | /domain[:name] | /users} message – examples:

To send the message "Meeting changed to 3 P.M. Same place." to the user robertf, type:

net send robertf Meeting changed to 3 P.M. Same place.

To send a message to all users connected to the server, type:

net send /users This server will shut down in 5 minutes.

To send a message that includes a slash mark (/), type:

net send robertf "Format your disk with FORMAT /4"

modem

ModemSite.com

XP resources

if the option to add a modem is grayed out, see also Remote Access Auto Connection Manager

most recently used files, see - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*

most recently used documents, remove record of - see Documents, remove record of most recently used

mouse sensitivity - see drag-n-drop sensitivity

move program or application – see applications, move

multiple accounts with name xxx@yourdomain.net of type DS_USER_PRINCIPAL_NAME – try

ldifde –f check_UPN.txt –d “dc=yourdomain,dc=net”et”

ldifde –f check_UPN.txt –t 3268 –d “” –l userPrincipalName –r “xxx@yourdomain.net” –p subtree

"Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again." – especially when trying to join a PC to a domain

best: disconnect the Ethernet cable, reboot, stick the cable in and try again

not so good: from a command prompt, type: net use * /del –this isn’t enough. But it does seem to find and kill some connections. This command removes any mappings/connections that were statically made on the workstation to the server. Use login scripts to map drives, including /persistent:no at the end of the net use command, so they won't be cached.

"Multiple default gateways are intended to provide redundancy to a single network. They will not function properly when the gateways are on two separate, disjoint networks." – You will see this when you have 2 network cards on the same PC with the same assigned IP address – even if one is disabled. This can happen, for instance, when you're upgrading the motherboard's 100M to an add-on 1G. Go to the properties on the other network adapter and in TCP/IP setting change to get IP address automatically.

—N—

name servers (DNS ), see IP Address, find

nbtstat

Displays the names registered locally by NetBIOS applications such as the server and redirector. The output of this is a little strange. Once, I was looking for duplicate IPs. I ran the above command per the error message’s suggestion

nbtstat -n

and got:

Local Area Connection 2:
Node IpAddress: [192.168.254.206] Scope Id: []

                NetBIOS Local Name Table

       Name          Type     Status
    ------------------------------------
    MAIL3     <00> UNIQUE Registered
    MYDOMAIN <00> GROUP   Registered
    MYDOMAIN <1C> GROUP   Registered
    MAIL3     <20> UNIQUE Registered

Local Area Connection:
Node IpAddress: [192.168.254.6] Scope Id: []

                NetBIOS Local Name Table

       Name          Type     Status
    ------------------------------------
    MAIL3     <00> UNIQUE Registered
    MYDOMAIN <00> GROUP   Registered
    MYDOMAIN <1C> GROUP   Registered
    MAIL3     <20> UNIQUE Registered

Other variants on this command are

nbtstat -r

Which gives similar output

    NetBIOS Names Resolution and Registration Statistics
    ----------------------------------------------------

    Resolved By Broadcast     = 1860
    Resolved By Name Server   = 0

    Registered By Broadcast   = 8
    Registered By Name Server = 0

    NetBIOS Names Resolved By Broadcast
---------------------------------------
           TIMBXP         <00>
           THEZDRIVE
           THEZDRIVE
           BRAD-PC        <00>
           TIMBXP         <00>
           TANNER-WIN7    <00>
           THEZDRIVE
           THEZDRIVE

As you can see, there are at least a couple apparent duplicates. So I focus on 000000C55FBE. I pinged, and it resolved to

Pinging TIMBXP [192.168.0.90] with 32 bytes of data:
Reply from 192.168.0.90: bytes=32 time=1ms TTL=64

I recognize it as a PC and unplug its Ethernet, and run “nbtstat -n” again and get the same thing! So it appears to simply hold a stash of recently resolved requests. Whether or not the devices are still present seems irrelevant. Also, just ‘cause you see an entry there twice doesn’t mean there really are two such or any duplicate. It probably means the same device made 2 inquires recently.

Then there’s

nbtstat -c

option shows the contents of the NetBIOS name cache, which contains NetBIOS name-to-IP address mappings. It gives something like this:

Local Area Connection 2:
Node IpAddress: [192.168.0.206] Scope Id: []

                  NetBIOS Remote Cache Name Table

        Name              Type Host Address    Life [sec]
    -----------------------------------------------------
    BRAD-PC        <00> UNIQUE     192.168.0.41      370
    TANNER-WIN7    <00> UNIQUE     192.168.0.52      232
    TIMBXP         <00> UNIQUE     192.168.0.74      325

Local Area Connection:
Node IpAddress: [192.168.0.6] Scope Id: []

    No names in cache

Then

nbtstat -s

and

nbtstat -S

are supposed to give different results. “s” is supposed to list the NetBIOS sessions table converting destination IP addresses to computer NetBIOS names whereas “S” is supposed to list the current NetBIOS sessions and their status, with the IP address. But they both yield

Local Area Connection 2:
Node IpAddress: [192.168.0.206] Scope Id: []

No Connections

Local Area Connection:
Node IpAddress: [192.168.0.6] Scope Id: []

No Connections

so not sure about the supposed difference

Netmeeting

W2K - Start, point to Programs, point to Accessories, point to Communications, and click NetMeeting.

XP - Start - > Run -> conf.exe

Netscape

bookmarks – :\WINDOWS\Application Data\Mozilla\Users50\default\w2r71tt0.slt\bookmarks.htm

mail files – C:\WINDOWS\Application Data\Mozilla\Users50\default\w2r71tt0.slt\Mail\pop.yourisp.com

network - see IP Address, Find

start, run, command,

netsh

At the netsh prompt, type

netsh> diag

and press enter (must be something else; “command not found”). Type gui and press enter.

See IP address, find

Windows XP Network Troubleshooting

Windows XP’s Built-In Troubleshooting Tools

network adapter, hidden – When you trying to set the IP address on a network adapter, you may receive the following error message:

The IP address XXX.XXX.XXX.XXX you have entered for this network adapter is already assigned to another adapter Name of adapter. Name of adapter is hidden from the network and Dial-up Connections folder because it is not physically in the computer or is a legacy adapter that is not working. If the same address is assigned to both adapters and they become active, only one of them will use this address. This may result in incorrect system configuration. Do you want to enter a different IP address for this adapter in the list of IP addresses in the advanced dialog box?

Where XXX.XXX.XXX.XXX is the IP address that you are trying to set and Name of adapter is the name of the network adapter that is present in the registry but hidden in Device Manager.

To fix:

Click Start, click Run, type cmd.exe, and then press ENTER.
Type set devmgr_show_nonpresent_devices=1, and then press ENTER.
Type Start DEVMGMT.MSC, and then press ENTER.
Click View, and then click Show Hidden Devices.
Expand the Network Adapters tree.
Right-click the dimmed network adapter, and then click Uninstall.

network problems – see netdiag, Local area connections, how to see and get rid of “phantom” or “ghost” connections

To show network activity (without processes, faster, seems more complete)

netstat -a

To show network activity (with processes, slower, requires elevation)

netstat -b

or (Win Server 2008)

nbtstat -n

See more at nbtstat.

For problems relating to switching laptops between wired Ethernet and wireless, 3 commands in succession have worked for me in the past:

netsh winsock reset
netsh int ip reset
ipconfig /flushdns

or sometimes (especially if this PC gets its IP from DHCP), 2 others inserted between the second and third commands help:

netsh winsock reset
netsh int ip reset
ipconfig /release
ipconfig /renew
ipconfig /flushdns

Sometimes there are problems related to the PC trying and failing to properly communicate with the domain. Removing and then re-joining the PC to the domain sometimes fixes problems. Other times, need to to go group policy editor (gpedit.msc), start at Local Computer Policy → Computer Configuration → Windows Settings → Security Settings → Network List Manager Policies. From there look at values in the following three areas:

Unidentified Networks
Identifying Networks
All Networks

For the 1^st 2 especially, change any “Not configured” or “Public” to “Private”

network’s list of computers, refresh – restart the “Computer Browser” service

network too slow – try the SG TCP Optimizer utility

Num-Lock

before logon - HKEY_USERS\.Default\Control Panel\Keyboard, Change the value of the InitialKeyboardIndicators value in this key from 0 to 2.
for a user after logon - HKEY_Current_User\ControlPanel\Keyboard\InitialKeyboardIndicators – change from 0 to 2

—O—

older programs - If an older application gives you trouble when running Windows XP, you can set the compatibility properties manually so that the program runs in a different mode, such as Windows 95, or in a different display or resolution setting.

Right–click the executable or the program shortcut to the executable, and then click Properties.

Select the Run this program in compatibility mode check box.

From the list, select an operating system that the program runs in comfortably.

If necessary, also change the display settings and/or resolution, or disable the Windows XP visual themes.

Run the program again when you’re finished changing the settings. Adjust the compatibility settings again if the program is still not running smoothly: a program that’s unhappy on Windows 2000 may work just fine on Windows 98.

open file - security warning

Sometimes when you run an executable directly from a “UNC” path (something like from \\someserver\somesharedpath) you'll get a warning like

“We can’t verify who created this file. Are you sure you want to run this file?”

which can be annoying if you’re the one who installed it there in the first place and you really do want to run this all the time

To fix, go to:

Control Panel → Internet Options → “Security” tab → click “local Intranet” which results in the “Sites” button becoming “black” instead of “greyed out” → click “sites” where it says “Local intranet” → “Advanced” → type or paste the UNC path

open files - see also handle, process explorer

For your local machine

openfiles /Query

If this returns

INFO: The system global flag 'maintain objects list' needs
to be enabled to see local opened files.
See Openfiles /? for more information.

INFO: The system global flag 'maintain objects list' is currently disabled.

then run:

openfiles /local on

which returns:

SUCCESS: The system global flag 'maintain objects list' is enabled.
This will take effect after the system is restarted.

or for a remote server:

openfiles /Query /S Servername

where “Servername” is the name of a remote computer.

If the list is really long and you only want to see one user:

Pipe command by user

openfiles /query | find "someuser"

should return

725 someuser Windows D:\Installer\someFile.txt
726 someuser Windows D:\Installer\someOtherFile.txt

now let’s say you want to close all the connections to these files for some user

openfiles /disconnect /A someuser

it will tell you everything succeeded:

SUCCESS: The connection to the open file "D:\Installer\someFile.txt" has been terminated.

SUCCESS: The connection to the open file "D:\Installer\someOtherFile.txt" has been terminated.

But when you re-run the

openfiles /query | find "someuser"

command to verify that it did, indeed, really close these files, it’ll return exactly what it did before:

725 someuser Windows D:\Installer\someFile.txt
726 someuser Windows D:\Installer\someOtherFile.txt

Which means it didn’t do squat!

whatever you do, do NOT try this

openfiles /disconnect /s someserver /u someuser /id *

thinking you'll close just the files for one user.

Also,

net file

shows for just whichever machine you’re on. But only seems to work on Windows 8, Server 2008 and Server 2012 - not Win 7 where I get

System error 5 has occurred.

Access is denied.

The following work on Win 7, but doesn’t seem to work on 2008 (No “shared folders” directory. Or it’s somewhere else.)

Right-click My Computer, click Manage → Shared Folders → Open Files.

Administrative Tools → Computer Management → Shared Folders → Open Files - for the machine you're on

Windows Server 2008 instructions to find open files.

Administrative tools → Share and Storage management → “Volumes” tab in the middle pane→ Choose whichever drive your shared files are on → on right “Actions” pane select either “Manage Sessions” or “Manage Open Files”

PSTools, create batch file "NetFile.bat" with statement:

Psexec \\%1 cmd /c net file ^| find /i "%2"

PsFile \\%1 | Find /I "%2"

Then run like

NetFile.bat Server2 Database.Mdb

I've never got either batch file to work

code

open files, close -

Open Computer Management (not to be confused by server manager) → System Tools → click Shared Folders → click Open Files

operating system to start - see please select operating system to startart

opportunistic locking, disable

Perform the following steps to disable opportunistic locking and caching of open files:

Start Registry Editor (Regedt32.exe) and go to the following subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

On the Edit menu, click New, DWORD value and add the following:

Value Name: EnableOplocks; Data Type: REG_DWORD; Data: 0

The following 2 should already exist, but we're going to change the values:

Value Name: CachedOpenLimit; Data Type: REG_DWORD; Data: 0 (already was "0")

Value Name: autodisconnect; Data Type: REG_DWORD; Data: ffffffff (was "f")

Shut down and restart the computer.

OS to start - see please select operating system to start

owner/organization - change

WinInfo

—P—

page file, defrag - see unmovable files, move

partition, can't make big enough because unmovable files prevent enough shrinkage - see unmovable files, move

partition – fdisk

partition, can't make big enough because unmovable files prevent enough shrinkage - see unmovable files, move

password, administrator (that is, the local administrator) - how to reset

assuming you can log onto the machine using some other administrator account - either local or domain:

You can try from Run (or a command shell), type

CONTROL USERPASSWORDS2

This mainly just seems to bring up the normal "User Sccounts" window - where you still can't see the local administrator. You can select the "advanced" tab and then the "advanced" button which brings up another window. From there, you can navigate to the "Users" folder which, if you click, you should see "Administrator" show up as one of the users. If you right click and choose "Set Password", you'll be presented with a scary-looking pop-up that says something like, "Resetting this password might cause irreversible loss of information. For security reasons, Window protects certain information by making it impossible to access if the password is reset. The data loss will occur next time you log off"

So, instead, you can open a command window (run as administrator) and type:

net user "administrator" "newpassword"

But now if you try to log in as local "administrator", you'll be informed that your administrator id is disabled! Yikes!

But, since you can log on as some other administrator, all is not lost. Simply log on as that other administrator. Go back into the User Accounts window - where you still can't see the local administrator. Again, select the advanced tab and then the advanced button which brings up another window. From there, you can navigate to the Users folder which, if you click, you should see Administrator show up. It will likely have a little down arrow indicating it's disabled. If you right click, select "Properties", you'll see the "Account is disabled" check box checked. Simply un-check it. Everything should be more or less OK now.

"More or less" 'cause you might notice in C:\users, where you used to just see a directory for "Administrator", you'll now see a directory for "Administrator.COMPUTERNAME." So it looks as though some stuff was shifted around and, perhaps as advertised, you might have lost some data. The data might be, "The user account will immediately lose access to all of its encrypted files, stored passwords, and personal security certificates". But I'm not sure how important it is. Hopefully not very.

change if you've forgotten passwords to all or any administrators

ntpasswd

EBCD (Emergency Boot CD)

password complexity, enable/disable password must meeet complexity requirements

Group Policy Management (gpmc.msc) → find your domain there → right click Default Domain Policy → edit (brings up a new window) → Computer Configuration → Windows Settings → Security Settings → Account Policies → Password Policy

passwords, make so they never expire - from Run, type CONTROL USERPASSWORDS2. On the screen that comes up, go to the "Advanced" tab, hit the "Advanced" button. Another screen will come up. Highlight "Users". Highlight the ID you want, right click and select "Properties".

password protect files, folders - AxCrypt

password requirement, disable (Windows Server 2003) – I got this from here

Administrative tools folder
Double-click on the Default Domain Security Policy icon.
Navigate to Security Settings → Account Policies → Password Policy.
Right-click on the Minimum Password Length option in the right pane and select Properties.
Keep the V (check mark) on the Define Setting selected! Do not remove the V from that check-box. Removing the V will cause the GPO to revert to the default setting, which is what we are trying to remove in the first place.
Enter 0 (zero) for the number of minimum characters required in a password.
Now double-click on the Passwords Must Meet Complexity Requirements option in the right pane.
Again, do not remove the V from that check-box. Instead, select Disabled.
Click OK all the way out and close the GPO window.
In order to refresh the policy type the following command in a CMD window and click ENTER: gpupdate /force

password, Windows cannot change the

Often, despite this message, Windows has, indeed, changed the password. Better believe it and remember what you typed for when you log on next!
from Run and type CONTROL USERPASSWORDS2 and then click Reset Password...

patches – see also Windows Update

HotFix & Security Bulletin Service

Microsoft Data Access Components (MDAC) 2.7 Service Pack 1

softwarepatch.com

Windows Update - scans your computer and provides you with a selection of updates tailored just for you

path environment variable (PowerShell)

$env:Path -split(";") | sort $_

path, find for an executable –

where <executable name>

For example,

where calc

returns

C:\WINDOWS\system32\calc.exe

works on Win 7, Windows 2003. Not Win 2008.

path, set — Control Panel\System (Windows button-Pause/Break), Advanced tab, Environment Variables button lower left

"PendingDelete" files in C:\Windows\WinSxS directory, clean up – see clean up "PendingDelete" files from C:\Windows\WinSxS directory

performance, enhance – see Speed up

performance options (video) – see video performance options

performance recorder

permissions, can’t see tab – see security tab missing

person which Windows thinks is the registered owner of the machine – see Owner/Organization - change

“phantom” local area connection – see Local area connections, how to see and get rid of “phantom” or “ghost” connections

ping, can’t – see also DNS OK but can’t ping

Ping uses the ICMP (Internet Control Message Protocol), which doesn’t have ports like the TCP and UDP protocols. Unlike TCP and UDP, ICMP doesn’t operate on specific port numbers. Instead, it relies on message types:

Echo Request (Type 8): This is the message sent by the ping command to request a response from the target host.
Echo Reply (Type 0): The target host responds with this message to acknowledge the ping request.

check the firewall

ICMP messages may be disabled

Open Properties of Local Area Connection
Click Advanced, Settings, Advanced
ICMP Settings
Enable ‘Allow incoming echo request’

Try tracert

Try setting from fixed IP to DHCP and back again. Supposedly sometimes this fixes weird problems.

“Please select operating system to start”, get rid of this message when you first boot up – control panel, system, and click on the advanced tab

Please wait while domain list is created – if you strike Ctrl-Alt-Del while it appears to be hanging, you will be able to choose your domain. Once you choose your domain you might be prompted with the same message yet again, simply strike Ctrl-Alt-Del again and you can logon

port, check if active –

ping 192.168.1.1:1723

to test pptp, for instance, which listens on port 1723. Or use CanYouSeeMe.org

port, check why blocked - from here

To show network activity (without processes, faster, seems more complete)

netstat -a

To show network activity (with processes, slower, requires elevation)

netstat -b

maybe this combines the two above? (requires elevation)

netstat -ab

this includes the PID

netstat -aon

a slick way to find, for instance, what might be clogging up port 80

FOR /f tokens=5 %G IN ('netstat -ano ^| findstr 0.0.0.0:80') DO tasklist /v | findstr %G

power user in XP - start/run, type compmgmt.msc . Users and groups , Properties of a user (right click for context menu), 'Member of' tab, add button, advanced button, find now button. ‘Course, this only works in XP Pro, not XP Home

print problems from Internet Explorerrer

Error: Access is denied; URL: res://C:\WINNT\system32\shdoclc.dll/preview.dlg – maybe stoolbar.dll – see BHOCaptor - control the IE Browser Helper Objects

print spooled job, forcibly cancel – you’ve tried to cancel a bunch of jobs for a printer. They all go away except one. And nothing will work on that last one. Argh! Try:

in DOS window,

net stop spooler

Navigate to

c:\WINDOWS\system32\spool\PRINTERS

and delete every file found there.

in DOS window,

net start spooler

or, to put all together in PowerShell

Cd c:\WINDOWS\system32\spool\PRINTERS
Net stop spooler
ls
Remove-Item *
ls
Net start spooler

process explorer - used to find out which files are being used by various processes

processes in the task manager, what are they and what do they do? – see task list programs

product activation files, how to back up - Copy the following files: \WINDOWS\System32\wpa.dbl, wpa.bak

product ID for Windows – from DOS prompt, type “systeminfo”

program, move – see applications, move

protect files, folders with a password - AxCrypt

PsKill – utility by Microsoft here

—Q—

—R—

record steps/clicks/actions - steps recorder (built in to Windows)

recycle bin, empty D drive

rd /s /q d:\$RECYCLE.BIN

registered owner of the hine – see Owner/Organization - change

registry, back up just one subkey –

Do not follow these steps to export a whole registry subtree. (HKEY_CURRENT_USER is an example of such a subtree.) If you must back up whole registry subtrees, back up the whole registry instead.

Click Start, and then click Run.
In the Open box, type regedit, and then click OK.
Locate and then click the subkey that contains the value that you want to edit.
On the File menu, click Export.
In the Save in box, select a location where you want to save the Registration Entries (.reg) file, type a file name in the File name box, and then click Save.

registry, back up the entire –

Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Backup. The Backup or Restore Wizard starts.
Click Advanced Mode.
Click the Backup tab.
On the Job menu, click New.
Click to select the check boxes for the drives that you want to back up (optional, ancillary to the actual registry backup)
Click to select the System State check box.

Note If you want to back up your system settings and your data files, back up all the data on your computer plus the System State data. The System State data includes such things as the registry, the COM+ class registration database, files under Windows File Protection, and boot files.

In the Backup destination list, click the backup destination that you want to use.
If you clicked File in the previous step, type the full path and file name that you want in the Backup media or file name box. You can also specify a network share as a destination for the backup file.
Click Start Backup. The Backup Job Information dialog box appears
Under If the media already contains backups, use one of the following steps:

If you want to append this backup to previous backups, click Append this backup to the media.
If you want to overwrite previous backups with this backup, click Replace the data on the media with this backup.

Click Advanced.
Select the Verify data after backup check box.
In the Backup Type box, click the type of backup that you want. When you click a backup type, a description of that backup type appears under "Description."
Click OK, and then click Start Backup. A Backup Progress dialog box appears, and the backup starts.
When the backup is complete, click Close.

registry cleaner

ccleaner (crap cleaner) – freeware
Easy Cleaner
EUsing Free Registry Cleaner – works with Vista, Win7
jv16 – not free, but free trial
RegScrubXP - only XP

Registry corrupt, recover from corrupted registry that prevents Windows XP from starting

This procedure does not guarantee full recovery of the system to a previous state; however, you should be able to recover data when you use this procedure.

Warning Do not use the procedure that is described in this article if your computer has an OEM-installed operating system. The system hive on OEM installations creates passwords and user accounts that did not exist previously. If you use the procedure that is described in this article, you may not be able to log back into the recovery console to restore the original registry hives.

You can repair a corrupted registry in Windows XP.

We assume that typical recovery methods have failed and access to the system is not available except by using Recovery Console. If an Automatic System Recovery (ASR) backup exists, it is the preferred method for recovery. Microsoft recommends that you use the ASR backup before you try the procedure described in this article.

Note Make sure to replace all five of the registry hives. If you only replace a single hive or two, this can cause potential issues because software and hardware may have settings in multiple locations in the registry

When you try to start or restart your Windows XP-based computer, you may receive one of the following error messages:

Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM

Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SOFTWARE

Stop: c0000218 {Registry File Failure} The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or its log or alternate

System error: Lsass.exe

When trying to update a password the return status indicates that the value provided as the current password is not correct.

Manual steps to recover a corrupted registry that prevents Windows XP from starting

Start the Recovery Console, create a temporary folder, back up the existing registry files to a new location, delete the registry files at their existing location, and then copy the registry files from the repair folder to the System32\Config folder. When you have finished this procedure, a registry is created that you can use to start Windows XP. This registry was created and saved during the initial setup of Windows XP. Therefore any changes and settings that occurred after the Setup program was finished are lost.

Here below is more detailed explanation of what we just described above:

Insert the Windows XP startup disk into the floppy disk drive, or insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.

Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted to do so.

When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
If you have a dual-boot or multiple-boot computer, select the installation that you want to access from the Recovery Console.
When you are prompted to do so, type the Administrator password. If the administrator password is blank, just press ENTER.
At the Recovery Console command prompt, type the following lines, pressing ENTER after you type each line:

md tmp
copy c:\windows\system32\config\system c:\windows\tmp\system.bak
copy c:\windows\system32\config\software c:\windows\tmp\software.bak
copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
copy c:\windows\system32\config\security c:\windows\tmp\security.bak
copy c:\windows\system32\config\default c:\windows\tmp\default.bak

delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default

copy c:\windows\repair\system c:\windows\system32\config\system
copy c:\windows\repair\software c:\windows\system32\config\software
copy c:\windows\repair\sam c:\windows\system32\config\sam
copy c:\windows\repair\security c:\windows\system32\config\security
copy c:\windows\repair\default c:\windows\system32\config\default

Type exit to quit Recovery Console. Your computer will restart.

registry editor — regedt32

registry, remotely view/edit — How to remotely edit the registry of a client computer from a host computer after you use Remote Recover to connect the host computer to the client computer

remote access – see

NetMeeting – hosted Web service that you pay for. Need java installed

Remote Desktop with Windows – only one user at a time. Remote user will lock out local user; if local user unlocks, remote user logged off

SharedView - Microsoft’s free hosted Web service allows you to share a desktop (or any application) with up to 15 users simultaneously

Windows Server Administration Tools Pack

Remote Access Auto Connection Manager - can't start (as in, "Could not start the remote access auto connection manager on local computer. error 1068: the dependency service or group failed to start.")

Automated Edit:

Dial-Up Modem or PPPoE is Unavailable (Line 87) at:

http://www.kellys-korner-xp.com/xp_tweaks.htm

To use the Regedit:

Save the REG File to your hard disk. Double click it and answer yes to the import prompt. REG files can be viewed in Notepad by right clicking on the file and selecting Edit.

Manual Edit:

Go to Start/Run/Regedit and navigate to this key:

HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP

Delete the subkeys listed except 13 and 4.

Standard Checkpoints:

Go to Start/Administrative Tools/Services. Set these three to "Automatic":

Remote Access Connection Manager

Remote Access Auto Connection Manager

Telephony.

Remote administration of Windows Server – copy Windows Server Administration Tools Pack or follow instructions here - especially if you need to manage Windows Server Core

It's possible you don't have to do any of the stuff below in Server 2012 since remote server manager is already enabled by default

First, configure the firewall. Actually, I finally had to turn the dang thing off:

netsh advfirewall set allprofiles state off

Step #1: Enable remote management from any MMC snap-in through the firewall To enable remote management from any MMC snap-in, type the following:

netsh advfirewall firewall set rule group=Remote Administration new enable=yes

which fails with:

No rules match the specified criteria

so then I try from powershell:

Configure-SMRemoting.exe -enable

which fails with:

Server Manager Remoting is already on

Remote Desktop

command:

mstsc

By default, this uses port 3389, but you can change port by specifying the IP address and then adding the port at the end. Example: 192.168.1.1: 22229

To get into a subnet, you must use port forwarding. Test to make sure the port is open using CanYouSeeMe.org

To change the listening port for Remote Desktop, go to

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

On the Edit menu, click Modify, and then click Decimal. Type the new port number, and then click OK.

After changing the port, you must restart the “Terminal Services” service (in XP, “Remote Desktop Services” in Win 7). But you can’t (in XP):

C:\>sc query termservice
SERVICE_NAME: termservice
   TYPE: 20 WIN32_SHARE_PROCESS
   STATE    : 4 RUNNING
  (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
   WIN32_EXIT_CODE    : 0 (0x0)
   SERVICE_EXIT_CODE : 0 (0x0)
   CHECKPOINT    : 0x0
   WAIT_HINT: 0x0

So resign yourself to rebooting.

Remote Desktop doesn't work first time on a server - see here

Remote Desktop used to work just fine but now fails after unexpected power outage – see Local area connection loses all its network info. The most important, annoying thing you have to remember in the process is that you have to reset the gateway info of the local area connection twice; the first time it remembers everything but the gateway info. You’d think that gateway would mostly have to do with the PC finding its way around the outside world. But if that gateway info is missing from your local area connection, inbound connections such as your remote desktop connection also seem to be adversely affected. I notice this on Windows 7 PCs. Might have affected other, earlier OS but never noticed it ‘til Win7.

remote machine mapped drive

cd \\TestServer\f$\

gets you to TestServer's F drive

remote machine, log onto (from a command line)

net use \\remote_machine_name\IPC$ /user:administrator *

winrs –r:<Server Core System Name> cmd.exe

or, from the powershell prompt (actully worked)

Enter-PSSession

remove record of most recently used documents – see Documents, remove record of most recently used

rename computer

netdom renamecomputer WIN-IAKDINN28SU /newname:HV0

rename files utilities – therename

rename multiple files with Windows Explorer – pretty pedestrian – better to look at rename files utilities

Click Start → All Programs → Accessories → Windows Explorer.
Press and hold down the Ctrl-key while you are clicking files.
After you select the files, press F2. (or just rename normally)
Type the new name, and then press ENTER.
Note: When you complete the preceding steps, the highlighted state of all files except one disappears, so it may appear as if you are only renaming one file. However, after you press ENTER, all of the files are renamed. When you rename multiple files, all of the renamed files have the same name with a number in parentheses appended to the name to make the new file name unique. For example, if you type BUDGET as the new name, the first file is named BUDGET. All of the remaining selected files are named BUDGET(x), where x is a unique number, starting with (1).

If you make a mistake when you try to rename multiple files, you can press Ctrl+Z, or click Undo Rename on the Edit menu to undo file rename action you just completed, and you can repeat this process as needed.

The Rename function in Windows Explorer does not match the behavior of the REN command you may use at a command prompt. For example, if you had files that are named smitha.doc, smithb.doc, and smithc.doc, you could use the ren smoth*.doc smythe*.doc command. All file names automatically show the new spelling, and are renamed smythea.doc, smytheb.doc, and smythec.doc.

repartition, see partition

replication, show recent attemptspts

repadmin /showreplepl

replication latency warning – see replication, show recent attempts

reset password - from Run and type CONTROL USERPASSWORDS2 and then click Reset Password...

resource kit

restart, computer restarts automatically when it encounters a serious error - right click My Computer icon on desktop and click Properties, click the Advanced tab, click the Settings button under the Startup and Recovery section and uncheck the Automatically restart option under the System Failure section, so the next time your computer has a failure it will give you a blue screen telling you what the problem is.

restore point from dos

rstrui.exe

root kit attack –

BartPE

RootkitRevealer< – part of Windows SysInternals

runonce annoyance – see Internet Explorer

—S—

safe mode - F8

scheduled tasks, run from command line

schtasks /run /tn <taskname>

where you substitute the actual task name up above for <taskname>

screen capture —

hitting the {print screen} key will place a copy of the screen into the clipboard, ready to paste to another application such as Paintbrush. Alt-PrtScr will get just the active window.

screen appears blurry or fuzzy – see ClearType, video performance options

security tab missing (XP Home)

Windows XP "Home", ALWAYS has simple file sharing turned on. You can neither turn it on, nor uncheck a box to disable it. THERE IS NO BOX in "Home".

Even after formatting to NTSF, because simple file sharing is in effect, you can NOT change permissions in the WINDOWS environment. (At least I haven't been able to.) I had to boot to DOS - Use Safe Mode – and log in under the Administrator. Only then was I able to set permissions for files/folders on a NTSF drive. All of this being relevant to the "Home" version.

CACLS command

Type

CACLS xxx

where xxx is the directory you are changing}

This will show the current security settings for the directory xxx. You might see

BUILTIN/USERS:R

Here lies the problem. Limited Users can only read from these files. To change this directory to full privileges, do the following:

Type

CACLS xxx /t /e /g everyone:f

This will give "everyone" full access to that directory and its sub-directories. Your programs should now be able to read/write from any user account, regardless if they are limited, guest, alien.

To learn more about the CACLS options, just type CACLS by itself.

See also PC Magazine article

The only way to set permissions is to log on as administrator, which you can do only from Safe Mode. (To boot into Safe Mode, press F8 after the graphical boot screen appears and select Safe Mode with Networking from the menu.) After logging on as administrator, open the Sharing tab of a shared folder's Properties dialog and click Permissions. You can set Full Control, Change, or Read permissions for the users and groups in your network. To set granular permissions for additional users, choose Add | Advanced | Find Now, and you'll see a display of user names (local users only). Select a name and click OK, then set the permissions.

security tab missing (XP Professional) – see also security tab missing (XP Home) above

When Simple file sharing is enabled, the user is presented with the Simple File Sharing UI rather than the classic "Security" and "Sharing" tabs. This new UI is implemented by default in Windows XP, Windows XP Home Edition, and Windows XP Professional when working in a workgroup. However, the computer is started in Safe mode, the ACL editor is displayed.

Easy Way: Description of File Sharing and Permissions in Windows XP or, better yet, HOW TO: Disable Simplified Sharing and Password-Protect a Shared Folder in Windows XP

To turn Simple File Sharing on or off in Windows XP Professional:

Double-click My Computer on the desktop.

On the Tools menu, click Folder Options.

Click the View tab, and then click to select the Use Simple File Sharing (Recommended) check box to enable Simple File Sharing (click to clear this check box to disable this feature).

Hard Way: How to Set Security in Windows XP Professional That Is Installed in a Workgroup

When security settings are set in Windows XP, the following registry key is used:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

The values are:

ForceGuest=1: Use this value to force guests on

ForceGuest=0: Use this value to force guests of

The following table describes the default value for the ForceGuest registry key for each operating system mode and the Sharing UI and ACL editor behavior.

Operating system and mode	ForceGuest	Sharing UI	ACL editor
Personal	1 (no choice)	Simple	Not available
Personal in Safe mode	1 (no choice)	Classic	Available
Professional	0*	Classic	Available
Professional	1	Simple	Not available
Professional in Safe mode	0	Classic	Available
Professional in Safe mode	1	Classic	Available

Windows XP Professional defaults to normal authentication but supports the Log on as Guest option. For example, if the computer is upgraded from Windows XP Home Edition, Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows 98 Second Edition, Windows XP Professional uses the Guest if in a workgroup option by default.

security tool - Microsoft’s Enhanced Mitigation Experience Toolkit (EMET)

select operating system to start - see please select operating system to start

send message – see message, send

server core setup - see here

serial number, get from command line>

wmic bios get serialnumber

service pack, slipstream into regular boot CD – see also slipstream service pack

service, stop a service which is starting - if a service is running and you try

net stop whateverservice

to stop it, you'll likely get:

The service is starting or stopping. Please try again later.

Not especially useful, eh? I mean, the service is probably stuck or you wouldn't be trying to do this in the first place, right? Try matching up the service name to an .exe using

MsInfo32

In the screen that comes up after you execute MSInfo32, look in the Software Environment / Services. Look at the path column to get the .exe. Then locate the PID of the service using ProcMon (the process may not show up in task manager) then use Task Kill from the Windows Support Tools to kill the process. You can then attempt to start the problem service

services, control which are running, etc.

to bring up the GUI to see which are running:

services.msc

to start an individual service.

net start whateverservice

Also, net stop, net pause, net continue

services.msc hangs up

If, after having run

services.msc

or trying to start from the UI and the “services” window just pops up and does nothing, the only thing I’ve found that works so far is to reboot until it does. You might also want to try

gpedit.msc

to see if that also hangs up. They both run under mmc.

services, which are running

net start

services

which windows XP services are safe to turn off, which to turn off to speed up PC

server tools – srvtools.exe

“The session setup from the computer MYPC failed to authenticate. The name(s) of the account(s) referenced in the security database is MYPC$. The following error occurred: Access is denied.” – event ID 5722 – see Kerberos client received a KRB_AP_ERR_MODIFIED error

share tab missing

1. control panel, network. In the default "Configuration" tab that comes up, click on "File and Print Sharing..."

2. Try using the Services snap-in to start the Server service. To do so:

Click Start, and then click Control Panel.

Click Performance and Maintenance, click Administrative Tools, expand Services and Applications, and then double-click Services.

Right-click the Server service, and then click Start.

sharing, security tab missing - see security tab missing

sharing, still prompted for user id, password even though you’ve set the permissions so that “everyone” has full permission – If the security of the Windows-based computer is not a priority, enable the Guest account. To do this:

Right-click My Computer, and then click Manage.
Under System Tools, double-click Local Users and Groups to expand it, and then click Users.
In the right pane, right-click the Guest account, and then click Properties.
Click to clear the Disable this account check box, and make sure the password is set to null (blank). Click OK.

shdoclc.dll – Error: Access is denied; URL: res://C:\WINNT\system32\shdoclc.dll/preview.dlg – maybe stoolbar.dll – see BHOCaptor - control the IE Browser Helper Objects

Show Desktop, restore icon to Quick Launch on Taskbar – If the Show Desktop icon is deleted from Quick Launch, the procedure below will recreate the file.

Open Notepad and enter the following text:

[Shell] Command=2 IconFile=explorer.exe,3 [Taskbar] Command=ToggleDesktop

Save the new file as Show Desktop.scf then drag and drop the icon on the Quick Launch bar or whatever location you want the shortcut to appear.

Show Desktop Icon Windows 8

shut down, computer automatically shuts down when it encounters an error - see restart, computer restarts automatically when it encounters a serious error

shut down, force

Windows 98 Shutdown Supplement This patch addresses shutdown issues on systems with specific hardware/software configurations running Windows 98 Second Edition. The issues include systems restarting when the user selects the Shut Down command and systems hanging during the shutdown process

Force Down

shutdown problems – - see Windows XP shutdown & restart troubleshooting

Most Win XP shutdown problems are that it reboots when shutdown is attempted. By default, XP executes an automatic restart in the event of a system failure. Therefore, anything compromising the operating system during the shutdown process could force this reboot. Disabling the “restart on system failure” feature may permit the exact cause to be isolated: Right-click on My Computer, click Properties, click the Advanced tab. Under “Startup & Recovery,” click Settings. Under “System Failure,” uncheck the box in front of “Automatically restart.”

slipstream service pack (XP) – tutorial. Briefly, copy original XP CD files to C:\CD and service pack file to C, run the command “C:\WindowsXP-KB835935-SP2-ENU.exe -s:C:\CD” from a DOS window. This will update the files in C:\CD. Then, make bootable CD-ROM out of these files. If you don’t have the “xpboot.bin” file, need to download< it. Make sure “Number of loaded sectors” is 4 and relax all ISO restrictions (more than 255 characters in a path, etc.)

sleep

2 possibilities

For Dell laptops: proximity sensor. Open the Dell Optimizer app and disable it (“Dell precision Optimizer”).
One time our organization set an Azure AD policy to lock PC after 900 seconds (15 minutes). For reasons I still don't understand, it somehow locked my PC after 15 seconds. I finally found I could override this faulty setting by running gpedit.msc to open up “Local Computer Policy”. Navigate to Computer Configuration → Windows Settings → Security Settings → Local Policies → Security Options → Interactive logon: Machine inactivity limit. That worked for a while until one day the Azure AD policy finally kicked in (correctly, this time) to override my local setting (literally: it substituted my 3600 seconds with 900 seconds in the local policy on my PC.)

slow system – see Speed up

snipping tool, capture context menus (pop-up)

Open the Snipping Tool, which will automatically cast a white transparency over your desktop and let you select an area to capture. Click on the Cancel button to get your desktop back. Do not close the Snipping Tool, just let it hang out there with the window still open. Now right-click somewhere to get a context menu. To capture it, press the Ctl-PrtScn button combination. This will initiate a new capture in the Snipping Tool with the context menu still present. You'll have to open and cancel the Snipping Tool each time you want to capture such a context menu.

speed up

Speed Up Windows XP by Keeping the Operating System in Memory

Make sure that key operating system functions stay in memory. Memory is much faster than the hard disk.
In the Registry Editor, go to the following registry key:

HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

Right click the DisablePagingExecutive entry in the right pane of the Registry editor and click Modify.
In the Edit DWORD Value dialog box, type the number "1" (without the quotes) in the Value data field. Click OK, reboot.

Speed Up Windows XP by enabling prefetcher

Click Start | Run and type regedit to open the Registry Editor
Navigate to

HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters

In the right pane, right click EnablePrefetcher and select Modify
Under Value data, change the value from 3 (the default) to 5. Reboot

23 ways to speed up

99 Performance Tips for Windows XP

spinning circle at startup - see spinning circle at startup

splash screen, suppress

Start / Run / msconfig / OK.
Select the Boot.ini tab.
Check the /NOGUIBOOT box.
Press Apply.
Press OK.

You can also directly edit C:\BOOT.INI:

Open a CMD.EXE window.
Type

attrib -r -s -h c:\boot.ini

and press Enter.

Type notepad c:\boot.ini and press Enter.
Add the following switch to the end of each desired [operating systems]line:

/noguiboot

so one might look like:

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /execute /noguiboot

Save the C:\boot.ini and close Notepad.
Type

attrib +r +s +h c:\boot.ini

and press Enter.

spooled print job, forcibly cancel – see print spooled job, forcibly cancel

spooler service starts, but then stops all by itself after a few seconds - possibly a corrupt job in the spooler is crashing it - forcibly clear out the spool queue

spyware utilities

spyware from XP - see XP Spyware, stop

start button upper left instead of lower left – with the “normal” left mouse button, click in the small blue area immediately outside the green part of the button and drag it to where it’s supposed to be

startup - see autautostart

startup operating system - see please select operating system to start

startup problems

spinning circle - use the power button on your PC to restart the PC 3 times. That will get you to a choice of "Advanced" or "restart"

Store (Windows Store) Won't open

Run the following from Powershell in windows - Taken from Here

powershell -ExecutionPolicy Unrestricted Add-AppxPackage -DisableDevelopmentMode -Register $Env:SystemRoot\WinStore\AppxManifest.xmlpan>

string, find in files in a directory - from Powershell prompt

Get-ChildItem -recurse | Select-String -pattern dummy | group path | select name

SubInACL is a command-line tool that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain. More importantly, you can fix permissions where cacls fails! (presumably without having to take ownership via the GUI.) Download here.

But just downloading & installing isn't quite good enough! In order not to have to go to its C:\Program Files (x86)\Windows Resource Kits\Tools\ default install location, it should reside in C:\Windows\System32. But even though the install program will allow you to specify this C:\Windows\System32 when installing, if you try installing it there the subinacl.exe will never get installed there! Instead, you must let it install where it wants to in C:\Program Files (x86)\Windows Resource Kits\Tools\ and then manually copy the subinacl.exe over to the C:\Windows\System32

example

subinacl /subdirectories C:\Windows.old /setowner=mydomain\Joe

When I tried running this against a problem file, I got:.

SeSecurityPrivilege : Access is denied.

WARNING :Unable to set SeSecurityPrivilege privilege. This privilege may be required.
C:\Windows.old - CreateFile Error : 1314 A required privilege is not held by the client.

And that's about the time I lost interest.

svg files, preview in file explorer – See How to Enable SVG Thumbnail Preview in Windows 11 File Explorer. Use PowerToys

Svchost.exe Sucks CPU/disk - Rebulding the WMI/WBEM Repository from here

stop WMI from the command line with:

net stop winmgmt

Delete the Repository directory in c:\windows\system32\wbem\ then start again with

net start winmgmt

re-store/compile all the .mof (Managed Object Format) files with a batch file containing this one line:

for %i in (*.mof,*.mfl) do Mofcomp.exe %i

Now should be better. Maybe also check Troubleshooting Problems with WMI Scripts and the WMI Service

system info – from DOS prompt, type “systeminfo”

—T—

Task bar gone / missing / disappeared:

Sometimes, after manually hiding the taskbar (or going too far when you're trying to make it smaller), you can't get it back. The thin blue line disappears, or your mouse pointer won't turn into a double-headed arrow when you position it on the thin line. Here's how to fix the problem:

Press Ctrl+Esc. This keystroke selects the taskbar, even though you can't see it (although you can now see the Start menu).
Press Esc to make the Start menu disappear. (The taskbar is still selected, even though you can't see it.)
Press Alt+Space bar to bring up a shortcut menu.
Choose Size from the shortcut menu; this changes your mouse pointer into a four-sided shape. Don't click anything.
Press the arrow key that points toward the center of the screen (from the taskbar's perspective). As you do, the taskbar reappears.
Resize the taskbar very carefully to avoid repeating all of these steps.

task list programs – in the task manager, what are they and what do they do?

Task Scheduler

A specified logon session does not exist. It may have already been terminated.

From Task Scheduler Error “A specified logon session does not exist” This happens if the following Security Policy is enabled and you select the “Run whether user is logged on or not” Security option on the General tab, when creating a new task:
SECPOL.MSC (run this command from command prompt to bring up local security policy) → Security Settings → Local Policies → Security Options →
Network access: Do not allow storage of passwords and credentials for network authentication

To resolve this issue, simply Set this policy to Disabled.

The specified account name is not valid (especially when trying to save changes) - if the ID is a domain ID, need to put in format domain\someID

This task requires that the user account specified has Log on as batch job rights. For more information about setting this policy, see the Task Security Context topic in help.

open local security policy:

secpol.msc

Expand Security Settings > Local Policies > User Rights Assignment node

Double click Log on as a batch job

Click the Add User or Group button and add your service account user

taskkill – first, go into command prompt as administrator. If you want, you can run tasklist which will list running processes, if you don’t like task manager or procexp64. Then:

Taskkill /IM excel.exe /F

Where:

/IM - Kill by Image Name

/F - Kill the process forcefully.

To kill any process using it's ID, run the command as:

Taskkill /PID 4492 /F

To kill multiple processes, type the command as:

Taskkill /PID 4492 4600 5856 /F

“Time service has not synchronized the system time” error (event ID 36)

What happens if you get event ID 36? It might say something like, “The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details”. You might try:

w32tm /resync

to force an instant time synchronization If you get

Sending resync command to local computer

The computer did not resync because no time data was available.

Then problems.

If this is your PDC, then maybe

w32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /update

If this is not your PDC but instead a client, then you can try

PS C:\Users\administrator.SEMINARCROWDS> w32tm /config /syncfromflags:domhier /reliable:yes /update

The command completed successfully.

to configure a client computer for automatic domain time synchronization

Toolbar / Menu bar/ Missing in Windows Explorer and/or Internet Explorer – see Menu bar/Toolbar Missing in Windows Explorer and/or Internet Explorer

traceroute (DOS Prompt Traceroute) –

first get a DOS prompt: start, run, cmd

At prompt, type: tracert url/ip

TweakUI

two device installations, cannot run– if present, delete HKEY_LOCAL_MACHINE\System\Setup\FactoryPreInstallInProgress

type or fonts are fuzzy or blurry on the screen – see ClearType, video performance options

—U—

UAC exceptions - Create Elevated Program Shortcut without UAC Prompt

Unable to Log You on Because of an Account Restriction – Ah, yes. Wonderful Home Edition. The Administrator account has been set aside so that it can be used in Safe mode when the Owner account is not available. MicMicMicrosoft Knowledge Base Article - 290109

unmovable files, move - From here, I ran these two steps:

Disable System Restore (Right click on Computer => Properties => System Protection => System Restore) i>
Disable Virtual Memory (Right click on Comptuer => Properties => Advanced System Settings => Performance (Settings) => Advanced Tab => Virtual Memory (Change) => No Paging File => Set.

They have extra stuff, but I had already defragged my PC by this point.

updates fail - look in event log for errors 3009, 3011 and fix them.

updates - see patches, HotFix & Security Bulletin Service, Windows Update

updates – Can’t download windows updates

Delete the cookies, temp files, and history of internet explorer.
Open up Control Panel/Administrative Tools/Services and stop Automatic Update
Go to C:/WINDOWS/SoftwareDistribution and rename it to SoftwareDistributionOld
Restart the Automatic Update service

up time – from DOS prompt, type “systeminfo”

users accountsusers accounts

XP – Control Panel, Users

Windows Server 2003,

when the PC is NOT a domain server

right click on My Computer, Manage, System Tools, Local Users

This “Local Users” option will disappear once you make the computer a domain server

after the PC has been made a domain server

Programs, Administrative Tools, Active Directory Users and Computers, the domain, Users

user accounts, more settings - from Run and type CONTROL USERPASSWORDS2

user, what user am I logged in as?

whoami

utilities

Doug Knox - includes Win NT IP Config (wntipcfg, really from Microsoft) - needs to have "C:\Program Files\Resource Kit" already created to work right

—V—

"value named IRPStackSize in the server's Registry key LanmanServer \Parameters was invalid. The value was ignored, and processing continued". This is caused by the IRPStackSize value having been set to less than 0x11 which is the legal minimum value. Unfortunately Symantec's NAV2000 and perhaps other packages reset this value below the legal minimum. You can ignore the message but this is not recommended. There are reports that sporadic network errors were eliminated after IRPStackSize was returned to its default. To fix, apply the following Windows 2000 registry hack:

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Name: IRPStackSize
Type: REG_DWORD
Value: 0x11

vb 6 runtime library

version, which version of windows are you running – from command line

winver

(either from DOS or PowerShell) will pop up a window with that info. To find more detail (either from DOS or PowerShell)

systeminfo | findstr /B /C:OS Name /C:OS Version

to find more detail and on a remote machine in the same domain (only works in DOS; doesn't work from PowerShell). Hint: if you want to run this command on the PC/Server you happen to be on but don't know the name of the machine you're logged into, run the hostname command first to get that info and substitute that for YOURMACHINENAME below.

WMIC /node:YOURMACHINENAME os get buildnumber,caption,CSDVersion /format:csv

to find more detail and on a remote machine that's in a different domain (again, only works in DOS; doesn't work from PowerShell)

WMIC /node:MACHINENAME.yourdomain.local os get buildnumber,caption,CSDVersion /format:csv

video performance options – Control Panel / System / Advanced / Performance Settings

virus – see also malware removal

SoBig.F – remove the following key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run”TrayX”=”%Windir%\winppr32.exe /sinc”

and also remove any instance of the winppr32.exe file

virtual memory, change

OS older than XP, Control Panel, System, Performance, Change

in XP, Right-click on my computer, select properties, advanced tab, performance settings, advanced tab, virtual memory "change" button

virtual PC disappears – if you start Virtual PC and you only get a little blip in the task bar but it doesn't show up, click the blip and hit "enter". Or maybe right-click its icon on the taskbar and select Show Virtual PC Console. But to more permanently fix this, edit C:\Users\%current_user%\AppData\Microsoft\Virtual PC\Options.xml.

Find the console section. Note the left and top positions. They'll probably be set to some really large, obnoxious number like 4294935296. Change the left and top positions to something small like 10 each...

<window> <console> <height type="integer">256</height> <left_position type="integer">10</left_position> <top_position type="integer">10</top_position> <visible type="boolean">true</visible> <width type="integer">367</width> </console>

Other solutions here such as: Alt + Space, m, Left Arrow – and then move your mouse; the console should snap back onto the screen.

VPN - see How to Set Up VPN in Windows 7

Error 868 - from here

Try the following:

netstat -ano

and see if 1723 is open. Should look something like:

TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING 4

—W—

“We can't verify who created this file. Are you sure you want to run this file?” - see open file - security warning

who's logged in - see logged in, who's logged in

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. – right click, properties, Unblock

Windows cannot change the password – see password, Windows cannot change, User Accounts, more settings and then click Reset Password...

“Windows cannot bind to yourcompany.com domain. (Local Error). Group Policy processing aborted” – UserEnv event ID # 1006 see Group Policy problem

“Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear contact your System Administrator for assistance.”

This error is received even though the computer account for the workstation and user account for the user both exist.

This or error may appear when a PC is replaced with another computer with the same computer name without first deleting the duplicate computer name from the Active Directory domain before joining the new workstation to the domain with the same duplicate name.

The funny part is that the symptom may either appear immediately at the first try, or even after a few successful logons.

The cause of the error is usually related to security identifier (SID) issues. Another possible cause for the error is that the computer account for the workstation was accidentally deleted from the Active Directory domain.

Another common cause for the error is using Norton Ghost or any other similar disk cloning software. This happens when the administrator has cloned one XP machine and reproduced it to many other new computers without first using and running Microsoft's SYSPREP utility (read more on that in a different article).

The resolution to the above error is:

Login to the Windows Server 2003 Domain Controller, open DSA.MSC (Active Directory Users and Computers) and delete the computer account object from the domain.
Login to the Windows XP workstation as a local administrator. If you cannot logon as local administrator, try to disconnect the network cable and login to the computer by using a domain administrator user that was used to logon on the PC before. This will be made possible because of the cached logon credentials feature that remembers the last 10 successful logons.
Go to Control Panel, then click on System icon, then go to Computer Name tab. You can also do this by right-clicking My Computer, and then Properties or by pressing the Windows logo key я and Break.
Remove the computer from the domain by clicking on “Change”. You should see that Domain button is now selected. Remember your domain name in the text box. Select the “Workgroup” radio button to remove the computer from the domain, and put any workgroup name in the text box (e.g. workgroup).
Click OK to exit and reboot the computer.
After the computer restarts, go back to Control Panel > System > Computer Name tab, and click Change.
Rejoin the domain by chocking the Domain button. Enter the domain name noted in step 4.
You might be prompter to enter the credentials of one of the Domain Admin users. This can be bypassed if one of the Domain Admins manually creates a computer account in Active Directory Users and Computers for the workstation you're about to join.
Click OK to exit.
Reboot the PC.

Windows components, modify – LitePC 3^rd party utility

Windows Explorer colors – Folder Options→ View→ Show encrypted or compressed files in color. The normal defaults are blue for compressed, green for encrypted. Tweaking programs such as TweakUI will allow you to change those colors

Windows Image, capture and apply from here

Windows Installer Appears Every Time I Start an Application – from here

Open the Group Policy Editor by selecting Run from the Start Menu, and typing gpedit.msc. (If the file is missing, run mmc.exe instead. Then, select Add/Remove Snap-in from the Console menu, click Add, and double-click Group Policy. Click Finish, then Close, then Ok.)
Expand the following branches:
Local Computer Policy \ Computer Configuration \ Administrative Templates \ Windows Components \ Windows Installer
Double-click Disable Windows Installer to your right, click Enabled, and choose Always from the list. Click Ok when you're done.

Windows license, see activation code, install using command line, license, convert volume KMS to MAK

Windows Logo Key

Windows	Display the Start menu.
Windows + D	Minimize or restore all windows.
Windows + E	Display Windows Explorer.
Windows + F	Display Search for files.
Windows + Ctrl + F	Display Search for computer.
Windows + F1	Display Help and Support Center.
Windows + R	Display Run dialog box.
Windows + break	Display System Properties dialog box.
Windows + shift + M	Undo minimize all windows.
Windows + tab	Move through taskbar buttons.
Windows + L	Lock the workstation (or switch to the Logon screen w/Fast User Switching enabled).
Windows + U	Open Utility Manager.

Windows Media Player – won’t play in a web browser. From here and here:

may occur if one or more of the Jscript registry key settings are incorrect. This behavior may also occur if the Jscript.dll file is missing or damaged

Method 1: Reregister Jscript.dll and Vbscript.dll

Click Start, and then click Run.
In the Open box, type strong>regsvr32 jscript.dll, and then click OK.
Click OK.
Click Start, and then click Run.
In the Open box, type regsvr32 vbscript.dll, and then click OK.
Click OK.

If either of the files do not register as expected, or if you receive an error message, the system file may be missing or damaged. To extract the missing file in Microsoft Windows XP, follow these steps:

Click Start, and then click Run.
In the Open box, type msconfig, and then click OK.
Click Expand File.
In the File to restore box, type the name of the file that you want to restore.
In the Restore from box, type the path of the Windows XP .cab file where you want to restore the file, or click Browse From to locate the Windows XP .cab file.
Note The Windows XP .cab files are stored in the I386 folder on the Windows XP CD.
In the Save file in box, type the path where you want to extract the new file, or click Browse To to locate the folder that you want.
Click Expand.
In the System Configuration Utility dialog box, click OK. If you are prompted to restart the computer, click Restart.

Method 2: Edit the registry

Click Start, and then click Run.
In the Open box, type regedit, and then click OK.
Locate the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\In procServer32
The (Default) value data should contain the following value:
C:\WINDOWS\SYSTEM32\JSCRIPT.DLL
If it does not, double-click Default, type C:\WINDOWS\SYSTEM32\JSCRIPT.DLL in the Value data box, and then click OK.
The ThreadingModel value data should contain the following value:
Both
If it does not, double-click ThreadingModel, and then type Both in the Value data box.
Locate the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbbb58}\In procServer32
Repeat steps 3 and 4 to edit this key, and then go to step 7.
Locate the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbbb58}\In procServer32
Repeat steps 3 and 4 to edit this key, and then go to step 9.
Exit Registry Editor.

Windows.old directory, remove - the process of removing is delicate because of the possibility of impacting the current OS via junction points. We use MS junction utility to fix this. But before you get to that, we really need to make sure we have permissions on windows.old directory.

Before you can change permissions on Windows.old directory, you might want simply resort to taking ownership from SYSTEM. Although I worry that doing this might make the system crash and unbootable, it's worked so far. I put this as the first step because, if you don't do this first, you'll likely have problems down the line.
make sure you have write/delete perms on Windows.old directory.

icacls C:\windows.old /T /G Everyone:F

which asks

Are you sure (Y/N)?

and returns things like:

processed dir: C:\Windows.old
processed file: C:\Windows.old\BOOTNXT

you should get many, many lines. If you don't and only get a few and see, access denied anywhere, or, at the end, you get:

The data area passed to a system call is too small.

you probably don't have enough permission to change permissions. This is why I've found it simplest to just take ownership as the first step above. Other possible commands (which I have never got to work without first taking ownership):

cacls C:\windows.old /t /c /GRANT Everyone:F

download junction.zip and install it somewhere. (Unless you add it to the path, won't work.)
From the location you installed the junction.exe program, run:

junction.exe -s -q C:\windows.old > c:\junc.txt

then run the following PowerShell script:

foreach ($line in [System.IO.File]::ReadLines("c:\junc.txt"))
{
  if ($line -match "^\\\\")
  {
    $file = $line -replace "(: JUNCTION)|(: SYMBOLIC LINK)",""
    & c:\utilities\junction.exe -d "$file"
  }
}

If you get a bunch of Error deleting \\?\C:\windows.old\xxx Access is denied. then you failed to properly fix perms as described up above better and you'll have to run the last couple of steps involving creation of the junc.txt file and running the PowerShell script again.

Finally you should be able to delete the windows.old directory with impunity using the normal file manager commands. Or you can run:

rd /s /q C:\windows.old

There may still be a few files the system claims is in use. For instance, a IntcDAud.sys in C:\Windows.old\WINDOWS\System32\drivers and a C:\Windows.old\WINDOWS\System32\DriverStore subdirectory. Reboot the system and then try deleting those stragglers.

Windows PE

Windows Product ID – from DOS prompt, type “systeminfo”

Windows Update – see also patches

Windows Update Error

look in c:\Windows\Windows Update.log for clues

Suggestion 1:

Make sure the MSXML files are registered correctly by following the steps below. NOTE: You may not have the files listed in Steps 2 and 3 installed on your PC but please perform all 3 steps. If you don't have one of the files, when you try to register it you will see a pop-up window that has this text:

LoadLibrary("filename.dll") failed - The specified file name could not be found.

Just disregard the error and continue to the next step.

Follow these steps:

Click on Start, Run and type regsvr32 c:\windows\system(32)\msxml.dll. You should see a pop-up message that this process succeeded.
Click on Start, Run and type regsvr32 c:\windows\system(32)\msxml2.dll. You should see a pop-up message that this process succeeded.
Click on Start, Run and type regsvr32 c:\windows\system(32)\msxml3.dll. You should see a pop-up message that this process succeeded.

Now try the Windows Update site and see if you get the same error.

Suggestion 2:

This error can be the result of a file mismatch or corruption of the MSXML.DLL files. Try upgrading your XML parser to the most recent version, which is currently MSXML Parser 3.0 Service Pack 2 Release. You can download the latest parser from this site:

http://msdn.microsoft.com/library/default.asp?url=/downloads/list/xmlgeneral.asp

Windows Updates Stuck At 0% - see How To Fix Windows Updates Stuck At 0%

Press Windows+R. This will prompt run dialogue box. In here, type services.msc
Scroll down and look for Windows Update Service. Right click on it and stop it.
Now go in C:\Windows\SoftwareDistribution and delete all of its contents.
Go back to services again (as mentioned in Step 1) and this time start the Windows Update Service, by right clicking on it. Try to update Windows again. It should be working this time.

Windows update error code 8E5E03FE

net stop cryptsvc

ren %systemroot%\system32\catroot2\edb.log *.tst

net start cryptsvc

exit

Windows 3rd party utilities

GroupAdmin

WinSxS "PendingDelete" files, clean up – see clean up "PendingDelete" files from C:\Windows\WinSxS directory

“Workgroup is not accessible. You might not have permission to use the network resource. Contact the administer of this server to find out if you have access permissions. The list of servers for this workgroup is not currently available.”

1) Enable NetBIOS over TCP/IP on one or more computers in the workgroup. To do that, go to properties of Local Area Connection>properties of Internet Protocol (TCP/IP)>General> Advanced>WINS, check Enable NetBIOS over TCP/IP (If you have a DHCP-assigned IP address, select Use NetBIOS setting from the DHCP server ).

2) Make sure the Computer Browser service is started.

—X—

XP window, view

XP spyware, stop - XP-AntiSpy

—Y—

—Z—

—No's—

1310 error uninstalling problems where it says, “Error 13210. Error writing to file: C:\Config.Msi\xxx. Verify that you have access to that directory.”– use Revo Uninstaller. From here.

229.111.112.12 showing up in WireShark - by LSI MRmonitor (via VivaldiFramework and javaw.exe)

29 Event ID – see KDC (Key Distribution Center) cannot find a suitable certificate

36 Event ID – “Time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp” – see Time service has not synchronized the system time

3011 Event ID from LoadPerf - also 3009, 3013

All performance counter names and explain text are maintained in string tables managed by the performance counter subsystem (Perflib).
The current contents of the performance counter string tables are corrupted and cannot be displayed. To correct the problem, rebuild the string tables.
To rebuild the string tables, on the computer that displayed the message, at the command prompt, type

Lodctr /r

or perhaps a capital R - not really sure how or even whether the two differ but I usually try both

Lodctr /R

The contents of the string tables are automatically rebuilt. Unless, of course, you get:

Error: Unable to rebuild performance counter setting from system backup store, error code is 5

in which case you must manually rebuild Performance Counter Library values. Or you can try Exctrlst.exe with instructions here.

After running lodctr, Microsoft suggests

typeperf -qx

to Verify that the performance counter list contains expected values. But it just spits out a whole bunch of stuff that I've never known what to do with. I sure don't know what the "expected values" might be.

Microsoft also says I should be worried about the Remote Registry service not being started. But after I ran the lodctr, this error seemed to go away without me having to have ever start that service.

4319 Event ID – “A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use

nbtstat -n

in a command window to see which name is in the Conflict state.” – see duplicate name has been detected on the TCP network, nbtstat. So far, I’ve found that command to be completely worthless to solve this problem. According to here, There could be several reasons

8E5E03FE, Windows update error code

net stop cryptsvc

ren %systemroot%\system32\catroot2\edb.log *.tst

net start cryptsvc

exit