Skip to main content

Posts

Showing posts with the label Windows Registry

PowerShell remove line feed

Line feed is useful in some ways like formatting lines so it will be easy to read if there’s a line in between the other line.
But there are also instances that line feed might be annoying or simply we need to get rid of it since it’s not desired on the output.
There instances that Out-string parameter in PowerShell will append a line feed on its output.
Or if you take the input or output from other sources but want to remove the line feed, PowerShell can remove the line feed without any hassle.
Code below is using PowerShell to remove line feed from an input, the input could either be a text file or a string pipe to another variable.
$string_with_line_feed -replace "`n|`r"
`n -  backtick with n refers to the line feed character `r – backtick with r refers to the carriage return
Or the code above can be written as follows:
$string_with_line_feed -replace "`n|"
So, basically line feed is replace with nothing. But for readability and to avoid confusion it’s better to …

Wanna disable SMBv1 to stop WannaCry

Link from Technet why SMBv1 should be disabled:

STOP using SMBv1

Link below shows how to to check whether SMBV1 is enabled and how to disable SMBV1:

How to disable SMBv1? - How to check if SMBv1 is enabled?


PowerShell codes below is from the link above:

Windows 8 and Windows Server 2012

To check whether SMB1 and SMB2 are enabled:

Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol

To disable SMBv1 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB1Protocol $false

=====================

Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008

Requires Windows PowerShell 2.0 or a later version of PowerShell

To disable SMBv1 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force

Or if you're not comfortable using PowerShell just open registry editor and do it manually.

PowerShell is quite straight forw…

Svchost process in task manager

Svchost.exe contains generic host processes.

If the svchost.exe is accidentally close or intentionally close, then the system might crash or shutdown.

There are times that svchost.exe does consume quite a lot of resources and eats up the memory on the system. Thus, it's quite tempting to close or kill the process.

To kill or close a process forcefully via command line can be done using taskkill command plus the process id.

Ex: Taskkill /pid 1234

How to know exactly which service or process the svchost is running?

To check the pid and the process that svchost is running, type:

tasklist /svc

Tasklist /svc command will display the image name, pid and the services.

Output example for tasklist /svc command:

svchost.exe                   1172 EventSystem, fdPHost, FontCache, netprofm,
                                   nsi, W32Time, WdiServiceHost
svchost.exe                   1200 Appinfo, BITS, Browser, CertPropSvc,
                                   EapHost, IKEEXT, iphlpsvc, LanmanSe…

Insert a new PCIe graphic card

Inserting a new PCIe graphic card to a custom built-PC, it sounds easy right.
Plug the PCIe graphic card to the PCIe slot on the motherboard; insert DVI, VGA cable or any other input that the graphic card supports.
Then, simply power on the PC and boom, everything will be working. However, the monitor shows a blank screen only.
If the PCIe graphic card has been tested and working well, then try resetting the CMOS or remove the CMOS battery and power on the PC for 5 seconds turn it off and put back the CMOS batt.
Now, turn on again the PC with the cables inserted or plug to the graphic card and if the PCIe card is inserted properly in the slot. Then the monitor will work as per normal. The display will be working fine.
When inserting or troubleshooting the graphic card, it is better to unplug the hard disk. If the monitor has no display, you do not know whether the OS is booting or not. 
In addition, by simply turning off the power, once, the graphic card is working fine. Then you got…

Active Directory GPO apply to forest

How to apply GPO to whole forest?

1. Open GPMC (Group Policy Management Console) and create a GPO for a single domain.

2. Link the GPO to other domains in the forest.
   Right click each domain and select "Link an Existing GPO Here" then select the GPO that will be applied to all domains in the forest.

3. If everything works fine, then you're a lucky man.


Before rolling out a GPO create a test Organizational Unit and create Active Directory user accounts for test purposes.

Then apply the GPO to the OU.

If it works properly then there's a good chance that it will work smoothly to all users but it's not a guarantee that it will work correctly to all users.

If the GPO is critically needed to be applied to all users and testing works okay, roll out the GPO and troubleshoot issues that may occur.

If no problem arises, then drink a cup of coffee and consider yourself "lucky".

If the GPO is not yet tested and you are not sure whether it will havoc the Active Directory …

Check User SID

To check the SID for a user whose profile is not currently login using WMIC, type: wmic useraccount where (name="user007") Replace "user007" with the correct username to get the user SID.
The SID will be displayed for that particular user being queried. This will be useful if the profile for that particular user cannot be loaded or corrupted and need to identify the SID for the corrupt user profile.
Editing the registry for corrupt user profiles must edit the correct SID or else multiple issues might occur to the system.

To check the SID of a currently login user; just open a command prompt and type:
whoami /user
The command above will display the username and SID of the currently login user.
To check for FQDN (Fully Qualified Domain Name):

   whoami /fqdn
The FQDN is useful for System Administrator to check which OU (organizational unit) the user belongs to.

To check the UPN (user principal name):

   whoami /upn

UPN output will be shown like an email address, the use…

Download Windows 10 ISO

Ever want to download the ISO file for Windows 10 but keeps getting an error.
To download Windows 10, click on the link below and on Microsoft Webpage scroll down and click on "Download tool now". Click "Using the media creation tool" on how to use this tool.
Link to download Media creation tool: https://www.microsoft.com/en-gb/software-download/windows10

Download the tool; once its downloaded the file name should be "Media Creation Tool".

ISO file is around 3GB so depending on your bandwidth it make take some time. If your bandwidth is not reliable use a browser that continue or resume the download, even though the connection was disconnected. Firefox supports this feature.
If the tool is executed at an elevated mode, you will receive an error like:

There was a problem running this tool
We're not sure what happened, but we're unable to run this tool on your PC. If you continue experiencing problems, reference the error code when contacting custome…

Check startup items in Windows

Startup items might slow down your computer during logon or boot up process and some malware or viruses can also be triggered using startup items in Windows registry.
How to check startup items in Windows?
If you want to have a  simple reminder upon startup the "run" item on the registry will be able to help.
A reminder during Windows logon or startup can be set on the "run" key registry.
Like running a notepad with notes on it, so every time the computer boots up the notepad will open and you can read whatever notes are written on the notepad.
How to query the run item in Windows registry for programs that run automatically on startup?
Of course, this can be done manually by opening the registry editor and browsing to the desired registry keys.
Command line is useful to automate the process or query a remote computer without disturbing the user.
Here's the link on how to query remote computers registry using command line:
http://quickbytesstuff.blogspot.sg/201…

Disable startup items in Windows 10

Disabling startup items in Windows 10 has changed from the conventional way of doing it.
Prior to Windows 10 you can navigate to program items and select the startup option. The registry option might still be the same but don’t mess up with the registry if you are not familiar with it.
In Windows 10 disabling startup items is part of the Task Manager option.
To launch task manager in Windows 10, right click on an empty space on the taskbar and select task manager.
Or press the ctrl+alt+del (press together) and click on task manager.
Another way to launch task manager is to use the windows run box. Press “windows key + r” together to launch run box and type “taskmgr” then press enter key or click the “OK” button. (See  screen shot below for the run box)




On Task Manager Window select the “Startup” tab and select the item you want to disable. Right click on the program and click on disable or select the disable button at the bottom of the window.
If the “disable” option is grayed out o…