tinyapps.org / blog


Change msconfig boot options from command prompt via boot disc #

During a malware cleanup, msconfig was used to change the boot method to Safe Mode with Networking (msconfig > Boot > Boot options > check Safe boot > check Network). On reboot, Windows would not load. Reverting the changes and returning to Normal Mode was done like so:
  1. Boot from Windows install disc and open command prompt (Shift+F10)

  2. Check the current boot mode:

    X:\>bcdedit
    ...
    Windows Boot Loader
    -------------------
    identifier {default}
    ...
    nx OptIn
    safeboot Network

  3. Remove the Safe Mode with Networking option:

    X:\>bcdedit /deletevalue {default} safeboot
    The operation completed successfully.

  4. Check boot mode again:

    X:\>bcdedit
    ...
    Windows Boot Loader
    -------------------
    identifier {default}
    ...
    nx OptIn

BCDEdit can be used on offline drives via the "store" command (the help documentation oddly refers to it as a command instead of a flag or switch), e.g., bcdedit /store E:\Boot\BCD /deletevalue {default} safeboot. (Found this handy for editing BCD on a DiskCryptor-encrypted drive mounted inside of a Windows PE session.)

Sources:

/windows | Apr 17, 2016

A better Problem Steps Recorder #

Windows' Problem Steps Recorder makes it easy to create step-by-step screenshots for troubleshooting, documentation, etc. However, annotation and output options are severely limited.

Searching for a Windows program similar to MacSnapper1 or Explainer2, I stumbled upon Wink, a freeware, cross-platform screen capture tool that allows you to "[C]apture screenshots, add explanations boxes, buttons, titles, etc and generate a highly effective tutorial for your users." Additional features include audio recording, importing BMP/JPG/PNG/TIFF/GIF files, and exporting to PDF, PostScript, HTML, Flash, EXE, and the aforementioned image formats.
  1. "Create lesson webpages and PDFs from snapshots and images"
  2. "A screenshot app for those of us who explain 'computer stuff' to other people"

/windows | Apr 14, 2016

Windows Update stuck "Checking for updates..." / Error 0x80070005 #

TL;DR: WSUS Offline Update solved the problem.

Windows Update was stuck overnight "Checking for updates..." on a virtually brand new, clean Windows 7 install. Tried the following:

  1. Reset Windows Update Agent - "This Script allow reset the Windows Update Agent resolving issues with Windows Update." Runs under XP - 10. Last updated Feb 29, 2016. Did not resolve issue.
  2. Fix Microsoft Windows Update Issues - "This troubleshooter will detect and solve Windows update issues automatically." Did not resolve issue, but reported an unresolved "error 0x80070005".
  3. Error 0x80070005 in Windows Update when you try to install updates - Uses a batch script and SubInACL to repair file and registry permissions. More information. Did not resolve issue.
  4. 0x80070005 – Fix for Windows - Several suggestions, none of which resolved the issue.
  5. Repair or reinstall Windows Update - Massive collection of potential fixes, including WSUS Offline Update, which resolved the issue and fixed Windows Update.

Wish I had found this first - exact same issue and resolution: Windows 7: How I Solved the Infinite 'Checking for Updates' Hell.... More suggestions: Windows 7 SP1 Windows Update stuck checking for updates

/windows | Apr 06, 2016

Restoring Windows 7 Dell Factory Image After Windows 10 Upgrade #

Restoring a Dell factory image is usually performed by pressing F8 during boot to open the Advanced Boot Options menu and then navigating to "Repair Your Computer" > "Dell Factory Image Restore".

Upgrading to Windows 10 breaks this functionality. Here is an alternate method for restoring the factory image; unlike the usual method, a current Windows username and password is not required:
  1. Backup, backup, backup! This process will erase the entire contents of the OS partition.
  2. Boot from Windows 7 DVD
  3. Press Shift+F10 at language selection screen to launch cmd.exe
  4. Check drive letter assignments carefully; they may well differ from the ones shown here (in my case, the RECOVERY partition was assigned C: while the OS partition (which is assigned C: when booted normally) was assigned D:)
  5. Copy imagex.exe (or imagex64.exe for 64-bit boot discs) to the RECOVERY partition (C: in this example)
  6. Check the factory image:
    C:\>imagex.exe /dir C:\Dell\Image\Factory.wim 1
  7. Format the OS partition
  8. Restore the factory image to the OS partition:
    C:\>imagex.exe /apply C:\Dell\Image\Factory.wim 1 D:
Notes & Updates References

/windows | Mar 30, 2016

Windows won't boot (or boots only once) after SSD upgrade #

TL;DR: BIOS update solved Windows 7 boot problems following SSD installation.

Installed a 960GB SanDisk SSD into a Dell Latitude E5510 and tried cloning the previous hard drive to it:

  1. Acronis True Image 2014 would not even begin cloning: "Clone Disk Operation Failed".
  2. AOMEI Backupper Standard 3.2 created an unbootable copy.
  3. MiniTool Partition Wizard Free 9.0 made a copy that booted once, and then would only boot to Startup Repair or, after enough meddling, to the Windows Boot Manager: "Windows failed to start ... File: \Windows\system32\winload.exe ... the application is missing or corrupt" (reproduced below in full monochrome CSS for your viewing pleasure). Replacing winload.exe with a new copy did not help. Attempts to repair, including with Easy Recovery Essentials, were futile. Tried cloning again, same result.
  4. EaseUS Todo Backup Free 8.8 was taking way too long; estimated time remaining kept increasing - cancelled.
  5. Paragon Drive Copy 15 Professional - same result as #3
  6. HDClone 6 - same result as #3

The SATA mode was never changed from its original setting (AHCI). At this point, RAID and ATA/IDE modes were attempted to no avail.

Next, a clean install of Windows 7 was made to the SSD. It booted once, but after some Windows updates were installed and the machine rebooted, would not start again (back to the same issues in #3 above.)

Contacted SanDisk on the off-chance that it was the drive or the firmware; they kindly sent a brand new (not refurbished) replacement in an unopened retail box. Tried a clean install to the new SSD; same result as before.

Finally it dawned on me ("One more coruscation, my dear Watson -- yet another brain-wave!") to try updating the BIOS. Sure enough, after updating from A05 to A10 and then A16, Windows booted up just fine. Cloned the old HDD with Paragon Drive Copy and that too worked perfectly.

In hundreds, if not thousands, of drive cloning operations over the years, it was the first time I had encountered a situation in which Windows would boot once and then fail on subsequent attempts. It was also one of the few times I had seen a BIOS update solve anything (UPDATE: Claus and Matt kindly inform me that they've found BIOS updates to be especially effective at resolving knotty problems, even those not typically associated with the BIOS). Lesson learned! May this pitiful account save some other soul time and toil.

 

Windows Boot Manager

Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

1. Insert your Windows installation disc and restart your computer.
2. Choose your language settings, and then click "Next."
3. Click "Repair your computer."

If you do not have this disc, contact your system administrator or computer manufacturer for assistance.

File: \Windows\system32\winload.exe

Status: OxcOOOOOO1

Info: The selected entry could not be loaded because the application is missing or corrupt.

ENTER=Continue ESC=Exit

 

CSS props:

/windows | Oct 18, 2015

Robocopy replacement #

strarc.exe (Stream Archive) is
"a console backup/archive tool for Windows NT/2000/XP/2003/Vista/2008/7. It uses the same backup methods as the ntbackup or robocopy programs and thus backs up all information and meta data on an NTFS volume. The main difference is that strarc is free and open source and produces stream archives you can store on tapes, disks or anywhere else or it can create the archive stream to stdout so that it can be compressed easily using stream compression tools like gzip or bzip2. The command line switches and parameters are quite similar to the *nix tar utility and it can easily be used to clone an entire NTFS volume including everything, files, directories, their time stamps, attributes and security information, compression attribute, alternate data streams, junctions, hard links etc. It is now even possible to backup the registry database files of a running Windows system."

Here's a simple usage example from the documentation:

strarc.exe -cjd:C:\dir | strarc -xd:D:\dirbk

"This will clone the C:\dir directory tree to D:\dirbk but will not follow junctions in the C:\dir directory tree but instead clone the junction itself to the D:\dirbk location."
A few initial observations:
  1. Source code available separately here
  2. Attempting to clone a live system (even with the -r switch to "backup loaded registry database of the running system") to another drive failed to produce a bootable copy (after Startup Repair ran, Windows 8 booted to the login screen but stayed stuck on "Preparing Windows"), despite the promise of "How to backup a complete running Windows system" in the documentation (which does not cover shadow copies - see #3).
  3. However, using one of the command line shadow copy tools in conjunction with strarc reportedly works.
  4. While copying C: to E:, received a number of "Short names are not enabled on this volume" errors. Ran fsutil 8dot3name set e: 0 to resolve, though strarc also offers a "-w:8" switch which hides warnings when short 8.3 names cannot be restored.
  5. Need to update emcopy.exe post and Xcopy Windows to a new hard drive

More info:

/windows | Oct 12, 2015

Free and easy email migration from Thunderbird to Outlook #

Aid4Mail has long offered a fast and easy path from Thunderbird to Outlook (as illustrated in our 2005 review). However, there were few free and easy options until MailStore Home; it seamlessly handles importing from Thunderbird and exporting directly into Outlook. In fact, once your email is archived in MailStore Home, you may not need or want to export into Outlook at all, as the full-text search feature (including attachments) is very fast and PST files are a nightmare anyway.

/windows | Oct 09, 2015

That's a lot of gigabytes... #

Seen on a Windows 10 desktop today:

CCleaner Alert - Cleaning can save 13,808,924,507 GB of disk space

13,808,924,507 gigabytes is equal to 13.808924507 exabytes. Considering that "by the end of 1999, the sum of human-produced information (including all audio, video recordings, and text/books) was about 12 exabytes of data", this might take a little while.

/windows | Oct 01, 2015

BitLocker device encryption _requires_ giving Microsoft your recovery key (unless you're in a domain) #

While setting up a new Surface Pro 3 with a local user account under Windows 10 Pro, I noticed an unfamiliar icon on the C: drive - a yellow yield sign with an exclamation mark on top of an open padlock:

yellow yield sign with exclamation mark icon on C: drive

Thinking it might have something to do with encryption, I searched Settings for "BitLocker" and was directed to System > About where I found this:

You need a microsoft account to finish encrypting this device
You need a Microsoft account to finish encrypting this device

Hardly believing such a thing was possible, I turned to the Internet for answers; sadly, Microsoft confirmed the ugly truth (highlighting and missing comma added):

Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected ... If the device is not domain-joined, a Microsoft Account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to online Microsoft account and TPM protector is created. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key using their Microsoft Account credentials.

Cem Paya clarifies it rather succinctly:

Remembering that "not domain-joined" will apply to most consumer PCs for use at home, this translates to: for any Windows 8.1 machine that happens to have requisite TPM hardware, BitLocker disk encryption will be enabled with recovery keys escrowed to MSFT automatically.

At least Apple still has the decency to ask (for now?) if you want to give them your recovery key:

filevault_recovery_key_icloud

More information and updates:

/windows | Sep 21, 2015

Find out what process changed a registry key or value #

Process Monitor (and the deprecated RegMon) is swell for live monitoring of registry activity, but, if run for long periods, it will saturate the page file and stop capturing data.

In order to track down which process kept (vexingly) changing a registry value once or twice a day, Windows' built-in registry auditing was used:

  1. C:\>auditpol /set /subcategory:"Registry" /success:enable
  2. In regedit, right click key to monitor then click "Permissions..."
  3. "Advanced" > "Auditing" > "Add..."
  4. Everyone > OK > check both boxes to right of "Set Value" > OK x3
  5. Any value changes will be recorded to Windows Logs\Security in the Event Viewer, including the guilty process name

/windows | Sep 17, 2015


Subscribe or visit the archives