Changing the Default Windows Icon

I don't know about you, but always having the "orange flower" icon whenever I log into a new account on a system or use the Remote Desktop client has gotten old.

Of course, you can change the account icon by clicking on it from the Start Menu, bringing you into Control Panel > User Accounts to select Change your picture and choose from the list available or Browse for more pictures...

But if you want to change the default permanently, grab yourself a 128 x 128 bitmap (.bmp) image and name it user.bmp and dump it into: C:\ProgramData\Microsoft\User Account Pictures, confirm to overwrite.

You can also add your own icons to the list offered by naming the bitmaps usertile45.bmp, usertile46.bmp, etc. and placing them in: C:\ProgramData\Microsoft\User Account Pictures\Default Pictures

As you would imagine, this works for Windows Vista and 2008/R2. Still don't have a Windows 8 system to use, so you're mileage may vary with that...

Testing an External NTP Server

First off, NTP uses port 123. That was the first thing I checked when trying to telnet to one of the pool.ntp.org servers. Seems most NTP server ignore the telnet command.

Then I thought I'd use net time, but it has been deprecated in Windows 7 in favor of the newer w32tm command.

There's a litany of switches to use with it, but the /monitor /computers:server are the ones you want.

And using the command: c:\w32tm /monitor /computers:time.nist.gov
You will get the following output, showing it works:

time.nist.gov[64.250.177.145:123]:
    ICMP: 59ms delay
    NTP: -0.1402919s offset from local clock
        RefID: 'ACTS' [0x53544341]
        Stratum: 1

You can find a huge amount of popular public NTP servers at NTP.org

Cisco VPN Client PCF File

I could have sworn you exported the pcf profile (the VPN configuration file that can be imported for new installs) within the Cisco VPN IPSec Client, but I was wrong.

This little guy is actually a text file that's created as soon as you add a new connection. And it places it within the VPN client installation directory, as listed below.

C:\Program Files\Cisco Systems\VPN Client\Profiles

Once you grab your profile, you can throw it in with the installation files for the client and it will automatically be imported for use immediately upon completion (reboot is necessary, of course).

Hide Your Windows System from the Network

Should you wish to hide your Windows system from the Network Neighborhood just run the command below:

c:\net config server /hidden:yes

There's a bevy of net commands to be used to perform all sorts of tasks; truly worth investigation.

Optimize Windows Settings for SSD

So you got a shiny new SSD for your Windows system. As you may or may not know, there is only a finite number of writes to each sector before it becomes unusable, eventually causing the disk to be unusable.

So what can you go to make sure it lasts as long as it can? I've gathered a few tips from around the web to help.

• Go without a pagefile (if you have at least 2GB of RAM)


• Disable automatic disk defragmentation (only Vista and Win 7)


• Turn off hibernation


• Put a halt to prefetching


• If this is a system with two drives move the location of your Temp directory path (and move the pagefile rather than disabling it as above).

Versions after Windows XP actually do make some changes to optimize, but it doesn't hurt to check. And have fun with your new found (or bought) speed!

Activate Windows and Office at the Command Line

I was recently looking for a way to activate Windows 7 and Office 2010 at a command prompt; this is what I found...

Since the release of Vista, you can use the command line utility slmgr for Windows activation when using a MAK (or Multiple Activation Key).

Windows Activation

1. Open a command window (as administrator)


2. And run...

slmgr -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
slmgr -ato

Office Activation

1. Open a command window (as administrator)


2. From C:\Program Files\Microsoft Office\Office14 run...

cscript ospp.vbs /inpkey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
cscript ospp.vbs /act

Who needs all that pointing and clicking anyway?

(Not so) New Folder Locations

Since the advent of Windows Vista, the usual folder locations don't always apply. Take the Quick Launch or All Users Desktop, where did they go?

Here's a short list of what's been moved around (and yes, I'm writing this as much for me as anyone else)...

All Users:

• All Users Desktop, Favorites, Documents, Downloads, Music, Pictures & Videos - C:\Users\Public


• All Users Start Menu - C:\ProgramData\Microsoft\Windows\Start Menu


• Documents and Settings (just for completeness sake): C:\Users


• Templates - C:\ProgramData\Microsoft\Windows\Templates

User Specific:

• Cookies - C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Cookies


• Default Outlook OST/PST folder - C:\Users\%username%\AppData\Local\Microsoft\Outlook


• Quick Launch - C:\Users\%username%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch


• Send To - C:\Users\%username%\AppData\Roaming\Microsoft\Windows\SendTo


• Start Menu - C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu


• Temp - C:\Users\%username%\AppData\Local\Temp


• Temporary Internet Files - C:\Users\%username%\AppData\Local\Microsoft\Windows\Temporary Internet Files

PowerShell: Execution of scripts is disabled

This information is available on many sites, but I'm tired of searching for it every few months when I switch laptops/tablets.

Whenever you try to run an unsigned PowerShell script, you get the following message: "File C:\Custom\Test.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details."

I certainly believe Microsoft is doing the right thing with keeping PowerShell script execution secure with the proliferation of malware and 99%+ of Windows users don't even know about PowerShell.

Changing the PowerShell security setting is a simple affair. Open PowerShell as an Administrator and run the following: Set-ExecutionPolicy

Your choices are:
Restricted (default) - Which stops all unsigned scripts from running.
AllSigned - This allows only signed scripts to run.
RemoteSigned (my recommendation) - Allows local scripts to run, but all downloaded or remotely executed must be signed.
Unrestricted (not recommended) - This allows all scripts to execute, whether from an e-mail, website or instant message.

Syntax: Set-ExecutionPolicy RemoteSigned

WMIC to the Rescue

A recent project had me trying to script the retrieval of the Dell Service Tag. Luckily there's WMI Command-line to the rescue.

From a command line or in a script wmic bios get serialnumber will display or grab the Dell Service Tag.

Furthermore, you can use the WMI Command-line to retrieve all kinds of system data and even make configuration changes. Rob van der Woude's great site on scripting has a great primer and examples on using WMIC. TechNet Magazine also has a very useful article on gathering system data using WMIC in your environment.

Finally, checkout the WMI Admin Tools pack. It contains more than I want to type about here, but it gives you the ability to browse the various objects, classes and properties, plus a custom event viewer and much more. Check it out and make your (administrative) life better.

Microsoft Learning Snacks

You may have guessed it already, but they're bite-sized videos for learning quite a few of Microsoft's products.

Click here for a full list of what's available, all that is required is Silverlight for viewing.

I'm currently watching the eleven videos for Windows 7, part of my studies for an upcoming certification exam, and they've been pretty good so far. And of course, they're free :)

Where the 32-bit Programs Hide in the Registry

Trying to increase the speed of a Windows system typically involves disabling Services, removing items from the Startup menu and deleting Registry entries under Run, in both the Current User and Local Machine trees. The latter bit is what was missing when working on 64-bit systems.

After noticing that the pesky Acrobat Speed Launcher and other usual suspects were missing from the Run locations I ran a registry search for reader_sl.exe and with little delay was presented with the location below, which also hosted all it's resource sapping pals as well.

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

Note: As always, the Registry can be a dangerous place, so do a backup/export before making changes.

Microsoft offers Security Essentials to (very) Small Businesses

Since Microsoft announced its own anti-malware product, Microsoft Security Essenstials, back in late 2008, the product has been steadily getting better. When asked what I use for anti-virus, I always answer MSE or AVG Free.

Both cost my favorite price, free, and are well regarded in the security community.

The big news of course, is that MSE is now free to small businesses with 10 or less PCs. I've actually been recommending it to smaller businesses for a while and now they'll be in compliance. (Now if only it was okay for servers...)

Paychex Preview Upgrade to Mapped Drive

This was actually too simple, but unless you speak with support, how is one to know?

I was recently tasked with upgrading a server installation of Paychex Preview software, which according to documentation cannot be done on the host server, it has to be upgraded from one of the workstations via mapped drive. It seemed simple enough, until the point of the install "wizard" where it prompts for installation directory. It listed C:\RAPID, and had a dropdown menu so I could choose one of the mapped drives; but instead of listing mapped drives it only offered the local C:\ drive. No problem, the instructions on the screen said reboot if it doesn't list your mapped drive. Wait a few minutes for the reboot... and no good, just C:\RAPID again; time to call support.

After starting a WebEx session, so the tech could see what I was saying was true, we copied the RAPID directory from the mapped drive to C:\, then ran the Paychex Preview software upgrade on C:\RAPID. When the upgrade was complete, it was just a copy and replace over the RAPID directory on the mapped drive and the deed was done. Oh yeah, don't forget to run WS_Setup.exe from each workstation to create appropriate shortcuts to the mapped drive.

HP tc4400 and Windows 7 Boot Failure

I've been using an HP tc4400 Tablet PC with Windows Vista for quite some time now and thought it was about time I started using Windows 7 for work and not just home.

Don't get me wrong, I do like Vista (I think I may be only one of eight people), but as an IT professional I should be using the latest operating system.

So I got started with swapping out the hard drive to start with a fresh install (always the best way to go), and tossed in the install DVD. The install went flawlessly and I followed with Windows Update, as one always should. Upon rebooting the system, it failed to start.

What followed was a large pain in the posterior: After attempting to do a System Restore (it failed, of course), I reinstalled. This time during Windows Update, I deselected some of the likely updates that may have caused the boot failure issue, same result. This process went on five times before I found the (in)correct update:Intel Corp - Display - Mobile Intel(R) 945 Express Chipset Family 16.6MB. Not surprising that it's a video driver, since those are typically the drivers that will hose a Windows system most often (rather embarrassed it took five tries to find out the obvious). Anyway, the update was released in September, 2009 and is one version behind what is available on the Intel website.

Once I skipped the Windows Update version of the driver and installed latest display driver from Intel, I was in business, actually Windows 7 Professional (can't MS marketing decide on a consistent nomenclature?).

Vista - Configuring Updates Step 3 of 3 -- 0% Complete

Last Friday I came upon a frustrating problem with a Windows Vista system that had applied updates during shutdown, but could not finish the process. This resulted in many reboots and an unusable computer; too bad it held the company's only copy of QuickBooks.

Typically the simplest fix is to boot from the Vista install media and choose Repair, then System Restore. The trouble with this system was that System Restore was turned off and there weren't any checkpoints to go back to.

Enter the endless search online. More IT troubleshooting by Bing and Google. I'm not exactly sure which search engine got me there, but one forum listed the answer (albeit two hundered or so, lines down the page).
Boot from a Vista or Windows 7 disk and choose Repair, then Recovery Console. Once you have a command line to work with, cd to C:\windows\winsxs and del pending.xml, exit to reboot again and you'll see the "Configuring Updates..." message once more, but it will continue to the Windows login screen allowing for celebrations all around.

This was the fix that worked for me, hopefully you'll have the same luck.

Network Printer Offline

Yesterday I was at a client site where everyone prints directly to the printers, rather than sharing via a print server. One of the PCs kept showing a printer as offline, even though everyone else was printing to it. From the PC you could ping the printer and even browse to the builtin web server to see that it was low on cyan.

After chewing on this for quite a while, I found the issue: a checkbox on the Ports tab "SNMP Status Enabled", which when checked (along with SNMP turned off on the print device) will result in the printer being listed as Offline. Once the box was unchecked, it was back online and the customer was back to printing once again.

God Mode in Windows Vista or 7

Following Paul Thurrott's blog such as I do, today's post listed a way to see a hidden GUI. There is quite a list, some of which are not normally exposed but via the Registry.

This is really a pretty simple hack:

Create a New Folder, rename it GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

You can actually name it whatever you want before the dot, i.e. LinusMode, Dave, Matrix, etc. The icon will change to the one used for the Control Panel, and when opened it will list a plethora of settings.

Have fun, and be careful.

Control Panel Applets from Command Line

One of my customers doesn't allow user accounts to be in the local Administrators group,  something I wish more companies would do. In fact over 90% of infections could be stopped by not logging in as an administrator; but I'll save that "soapbox" topic for another post.

Many times I need to change settings or install/remove software on someones PC without logging them out of the system, in which case I will go to %windir%\system32, shift+right-click CMD.exe and choose Run As...

Once I've opened a Command window with an account in the administrators group, I can start the Services MMC (services.msc), Device Manager (devmgmt.msc) or Computer Manager (compmgmt.msc), plus many more useful consoles from the command line. Often times I need to remove software or make a change to network settings which involves Control Panel Applets. These also can be run at the command-line (or Run... prompt if you're already logged in as an administrator), some of my favs are listed below.

Appwiz.cpl - Add/Remove Programs (or Programs and Features in Vista or Windows 7)
Ncpa.cpl - Network Connections (for changing IPs and DNS)
Powercfg.cpl - Power Options (perhaps for turning off Standby or enabling the Performance setting)
Sysdm.cpl - System Properties (lots to find here: Remote Desktop, Pagefile, System Restore settings, etc.)
Wscui.cpl - Security Center (change Automatic Updating, the Firewall and Malware monitoring)

Want more? Check out the Wiki page.

Vista and Windows 2008 SP2 Now Available!

The latest service pack for the unified kernel was released yesterday. For the early adopters, get it here!

I'm installing it on my test system, but will be waiting a few weeks to deploy this on my work and home systems. I'd prefer to see what the tech sites and blogosphere have to say about possible issues before subjecting myself to any possible pain.

Three Free Utilities

Everyone carries around a USB drive these days with a variety of utilities, these three have been very useful in the recent past.

CPU-Z - A great utility to find out what kind of memory is installed in a system. This is especially useful when a system is a plain box with out a service tag or serial number.  And it's really annoying to open a box only to find the memory is without a label.

Magic Jelly Bean - This little gem has been in my toolbox for a long time. It grabs the key codes for popular software installed on a system (Adobe, VMWare, Office) including the OS. This is very useful if you have a disk, but lost your installation key or have lots of keys and don't know which ones were used on a particular system.

Wireless Key View - And finally, this tool grabs the WPA/WEP wireless key(s) from a Windows system (must be using the built-in Windows wireless utility) when you can't see the actual text or log into your wireless router.

And while you're visiting these sites, check out the other free software they have. You'll have your 32GB thumb drive filled up in no time ;)