Tuesday, July 19, 2011
Maybe a bit late ….
Windows 7 offers a very handy feature called the Audit Mode. I’ve blogged about that before. This enables you to prepare the computer for the end-user, therefore it skips the whole OOBE (Out Of Box Experience) and the creation of local user accounts.
Windows XP does not have that feature so on the end of a fresh installation of Windows XP you’ll be prompted to create a user account and Windows will then automatically log in with that account. Microsoft doesn’t allow you to skip this, so you will always have to create a second local account (besides the Administrator account).
I recently found out a way to bypass this. Ok, resetting the machine does the trick also. But a more friendly way is to type SYSTEM in the first field.
Wednesday, March 2, 2011
Because of some issue between Windows XP and a HP 6000 Pro system, i needed to rollout a script to ~10000 clients that detected the type of system and change the boot.ini accordingly.
Microsoft’s article on this “bug”.
' Quick'n Dirty HP 6000 Pro boot.ini (/usepmtimer) changer (c) Hugo
On Error Resume Next
Set objFSO = CreateObject("Scripting.FilesystemObject")
Set objShell = CreateObject("WScript.Shell")
Set objNetwork = CreateObject("WScript.Network")
Set WSHProcessEnvironment = objShell.Environment("Process")
strComputerName = "."
strWinMgt = "winmgmts://" & strComputerName &""
Set ComputerSystemSet = GetObject(strWinMgt).ExecQuery("select * from Win32_ComputerSystem")
For Each objComputerSystem In ComputerSystemSet
strComputerSystem_Model = objComputerSystem.Model
strComputerSystem_Description = objComputerSystem.Description
Next
WScript.Echo " Found: " + strComputerSystem_Model
' Learned so far:
' - "HP Compaq 6000 Pro MT PC"
' - "HP Compaq 6000 Pro SFF PC"
' - "HP Compaq 6000 Small Form Factor"
' - ..
Select Case strComputerSystem_Model
Case "HP Compaq 6000 Pro MT PC"
boot_ini_aanpassen()
Case "HP Compaq 6000 Pro SFF PC"
boot_ini_aanpassen()
Case "HP Compaq 6000 Small Form Factor"
boot_ini_aanpassen()
Case "blablabla pro 6000 type 4 that will be found some day or the next"
boot_ini_aanpassen()
Case Else
WScript.Echo " No Pro 6000 detected, exit ..."
End Select
'#########################################################################
' support function(s)
'#########################################################################
Function boot_ini_aanpassen()
WScript.Echo " Match found, now change boot.ini"
' make the file accessable
objShell.Run "c:\windows\system32\attrib.exe -h -a -r -s c:\boot.ini"
' sleep for a while because it needs time to process the attribute change (10 sec will do for sure)
WScript.Sleep(10000)
' define new boot.ini layout
strMyBootIni_line1 = "[boot loader]"
strMyBootIni_line2 = "timeout=30"
strMyBootIni_line3 = "default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS"
strMyBootIni_line4 = "[operating systems]"
strMyBootIni_line5 = "multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=""Microsoft Windows XP Professional"" /fastdetect /usepmtimer"
Const WriteMode = 2 '2 = ForWrite, 8 = ForAppend
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile ("c:\boot.ini", WriteMode, True)
objTextFile.WriteLine(strMyBootIni_line1)
objTextFile.WriteLine(strMyBootIni_line2)
objTextFile.WriteLine(strMyBootIni_line3)
objTextFile.WriteLine(strMyBootIni_line4)
objTextFile.WriteLine(strMyBootIni_line5)
objTextFile.Close
' re-attribute the file
objShell.Run "c:\windows\system32\attrib.exe +h +a +r +s c:\boot.ini"
WScript.Echo " Boot.ini changed. Active after next reboot"
End Function
Monday, December 20, 2010
If you know what it is and (also) looking for it: Bootvis
Friday, July 16, 2010
sysprep.inf:
[Identification]
JoinDomain=DOMAIN
DomainAdmin=sysprepadmin
DomainAdminPassword=password
MachineObjectOU="OU=Desktops,OU=Machines,DC=Domain,DC=local"
Wednesday, May 12, 2010
XP or 2003 rktools gives you version XP010. There is a newer version, but hard to find.
Here’s XP026, the latest that’ll run on XP (Vista and up have 027 embedded but won’t run on XP).
robocopy.exe
Thursday, October 8, 2009
Another happy customer due to the following registry hack:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"RasDisable"="1"
aka
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v RasDisable /t REG_SZ /d "1" /f
Monday, September 14, 2009
Having problems with sending mail?
You might want to try to simulate a smtp session to see what goes wrong exactly.
Start a msdos prompt and type:
C:\WINDOWS>telnet smtp.xs4all.nl 25
Your smtp may be different offcourse.
Trying 194.109.6.51...
Connected to smtp.xs4all.nl.
Escape character is '^]'.
220 smtp-vbr11.xs4all.nl ESMTP Sendmail 8.13.8/8.13.8; Mon, 14 Sep 2009 15:03:50 +0200 (CEST)
Type “helo” followed by your domain
helo bogusdomain.nl
250 smtp-vbr11.xs4all.nl Hello xxxxxxxxx [a.b.c.d], pleased to meet you
Type “mail from:” followed by your email address
mail from:[email protected]
250 2.1.0 [email protected]... Sender ok
Type “rcpt to:” followed by your email address
rcpt to:[email protected]
553 5.3.0 [email protected]... Relaying denied,Authenticate with your username and password first
Now we see what is wrong here. This server doesn’t allow me to relay.
Type “quit” to exit.
quit
221 2.0.0 smtp-vbr11.xs4all.nl closing connection
Connection closed by foreign host.
If you didn’t get an error after “rcpt-to:”, continue with:
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hello hugo
.
250 2.0.0 Ok: queued as 60D2A4A24A
quit
221 2.0.0 Bye
Mail should arrive now.
Wednesday, August 12, 2009
How to make sure your client is in the right timezone and synchs with your preferred ntp server?
Control.exe TIMEDATE.CPL,,/Z (GMT+01:00) Amsterdam, Berlijn, Bern, Rome, Stockholm, Wenen
net time /setsntp:ntp.xs4all.nl
net time /querysntp
w32tm /Resync
Event viewer nicely logs the resync action:
Type gebeurtenis: Informatie
Bron van gebeurtenis: W32Time
Categorie van gebeurtenis: Geen
Gebeurtenis-ID: 35
Datum: 12-8-2009
Tijd: 10:04:10
Gebruiker: n.v.t.
Computer: HUGO7900SSF
Beschrijving:
De tijdservice is nu bezig met het synchroniseren van de systeemtijd met de tijdbron ntp.xs4all.nl (ntp.m|0×1|10.0.11.76:123->194.109.22.18:123).
Zie Help en ondersteuning op http://go.microsoft.com/fwlink/events.asp voor meer informatie.
Thursday, August 6, 2009
If you want to make changes to the registry for the “default user” there is one BIG misunderstanding that i want to clarify here.
HKEY_USERS\.DEFAULT is NOT the Default User!
This is actually the registry for the Local System account. Changes in this hive will be applyed before a user logs in.
A clear example: when making the following change:
Windows Registry Editor Version 5.00
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"Wallpaper"="C:\Windows\mywallpaper.bmp"
the background called “mywallpaper.bmp” will be loaded onto the background while pressing ctrl+alt+del and entering your credentials. (e.g. this is how Dell or HP use their own backgrounds on a pre-installed system).
Ok so how do you make changes to the default user?
It’s actually pretty simple.
As you should know the registry for a user is placed in a file called ntuser.dat in the %userprofile% directory. Therefor, in c:\documents and settings\Default User you’ll find the registry for the default user (doh!).
Now load this file as a temporary hive to enabled making changes to it.
Start a dos prompt. Then type:
reg load HKU\Temp "c:\documents and settings\Default User\NTUSER.DAT"
Start regedit and go to HKEY_USERS\Temp and you’ll see the registry for the default user.
Make the desired changes. When done, close regedit to avoid locking issues and back in your dos prompt type:
reg unload HKU\Temp
And you’re done!
New users without existing profile will inherit the Default User profile and therefor inherit the changes you just made.
“Ok one question though, why not use (domain) policies for such purposes?”
Good question. Policies will always be a better solution because changes to the policies will automatically be applied to existing user profiles and changes to the default user profile will only be used when a user logs in and the user has no existing profile.
There are, however, settings that can not be changed from (domain) policies (at least not in current Windows versions…). Examples:
- Power management (screensaver, disks going to stand-by), etc
- Schemes for audio/sounds
- (one of my favorites) Quick Launch behaviour (e.g. the number of items, the locked status, etc)
- … etc!
Conclusion
Now you know how to edit the default user registry.
Think about making these changes when preparing an image that you’re going to deploy to a network. Or at least apply the changes to the clients before all users are going to log in!
Monday, August 3, 2009
I’m involved in a lot of network migrations (client/servers).
Usually, migrating the server isn’t that difficult. However, the software on the clients can be tricky. There can be a lot of registry keys, ini files or all sort of pointers pointing to the old servername.
There’s one sneaky trick that makes it all a lot easyer!
- Raise your domain funtional level to 2003.
- Download and install the latest Support Tools
- Use netdom to add a server alias, e.g.
netdom computername newserver /add:oldserver.domain.local
- Import this regfile:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"DisableStrictNameChecking"=dword:00000001
Thursday, July 23, 2009
Regedit
Connect to remote registry
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"fDenyTSConnections"=dword:00000000
Then reboot the machine remotely, e.g.
shutdown -m \\yourserver -r -t 0
Thnx to my mate at http://www.tech-notes.nl
Friday, June 12, 2009
Most of you probably know that ctrl+shift+esc brings up the task manager.
Today i learned a sneaky way to disable that combination
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
"debugger"="Disabled"
Sunday, June 7, 2009
The IntelPPM should be enabled on all Intel systems. If not, the processor will overheat.
But it can not be enabled on systems with an AMD processor. The system won’t boot and result in a 0×000007 bluescreen.
This is something you need to know if you want to create images and deploy it on different systems.
_disable_intelppm.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm]
"Start"=dword:00000004
_enable_intelppm.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm]
"Start"=dword:00000001
RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove
Saturday, June 6, 2009
When logging off from a Windows 2000, XP or 2003 machine system processes and applications occasionally maintain connections to registry keys in the user profile after a user logs off. In those cases the user session is prevented from completely ending. This can result in problems when using Roaming User Profiles in a server environment.
Therefor, always install the User Hive Cleanup service from Microsoft:
http://www.microsoft … 18-b570-42470e2f3582.
After doing so i’ve seen some errors in the eventviewer when using Symantec Antivirus v10 or Endpoint Protection. These programs have “Tamper Protection” which means they will block programs from messing around with the main processes from Symantec.
In this case it’s actually pretty clear who’s blocking the registry :)
Roaming profiles. How convenient. No matter which computer you are sitting behind, the roaming profile will always make sure you have all your personal settings.
In practice however, roaming profiles tend to grow (slow logins), give problems with permissions, get corrupted and most of the time there’s nothing you can do but to start over with a whole new profile.
There is however something you can do to figure out what’s going on.
It’s called User Environment Logging (http://support.microsoft.com/kb/221833). You’ll get a log from milisecond to milisecond about what’s going on.
Paste this code into a regfile and import it.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserEnvDebugLevel"=dword:00010002
Login and logout and afterwards you’ll have a nice logfile called %SystemRoot%\Debug\UserMode\Userenv.log giving you all the details you need to know about your profile, what happens in the background and what goes wrong.
Good luck!
Whenever you put a new piece of hardware into your computer, Windows will try to find a driver within it’s own database (”%windir%\inf”).
If no matching driver is found, you will be prompted for other approaches (windows update, choose, removeable media, etc).
You can however add extra directories for Windows to look for drivers.
The key used for this is:
HKLM\Software\Microsoft\Windows\CurrentVersion\DevicePath (REG_EXPAND_SZ)
Add extra directories separated by “;” e.g.
c:\windows\inf;c:\drivers\audio;c:\drivers\chipset;c:\drivers\massstorage;c:\drivers\modem
Ok but when do you actually need this?
This is often used when creating images for computer deployment and you want to add lots of drivers in order to support all sorts of computers. After deploying the image, Windows will find new hardware and look for drivers in all directories.
Whenever i create an image, i always run this batchfile first:
@echo off
mkdir C:\Drivers\audio
mkdir C:\Drivers\biometrics
mkdir C:\Drivers\bluetooth
mkdir C:\Drivers\chipset
mkdir C:\Drivers\hid
mkdir C:\Drivers\massstorage
mkdir C:\Drivers\modem
mkdir C:\Drivers\nic
mkdir C:\Drivers\proc
mkdir C:\Drivers\sensors
mkdir C:\Drivers\sound
mkdir C:\Drivers\storage
mkdir C:\Drivers\tpm
mkdir C:\Drivers\vga
mkdir C:\Drivers\wlan
mkdir C:\Drivers\extra1
mkdir C:\Drivers\extra2
mkdir C:\Drivers\extra3
mkdir C:\Drivers\extra4
mkdir C:\Drivers\extra5
mkdir C:\Drivers\extra6
mkdir C:\Drivers\extra7
mkdir C:\Drivers\extra8
mkdir C:\Drivers\extra9
echo "bla" >C:\Drivers\bogus.inf
copy C:\Drivers\bogus.inf C:\Drivers\audio
copy C:\Drivers\bogus.inf C:\Drivers\biometrics
copy C:\Drivers\bogus.inf C:\Drivers\bluetooth
copy C:\Drivers\bogus.inf C:\Drivers\chipset
copy C:\Drivers\bogus.inf C:\Drivers\hid
copy C:\Drivers\bogus.inf C:\Drivers\massstorage
copy C:\Drivers\bogus.inf C:\Drivers\modem
copy C:\Drivers\bogus.inf C:\Drivers\nic
copy C:\Drivers\bogus.inf C:\Drivers\proc
copy C:\Drivers\bogus.inf C:\Drivers\sensors
copy C:\Drivers\bogus.inf C:\Drivers\sound
copy C:\Drivers\bogus.inf C:\Drivers\storage
copy C:\Drivers\bogus.inf C:\Drivers\tpm
copy C:\Drivers\bogus.inf C:\Drivers\vga
copy C:\Drivers\bogus.inf C:\Drivers\wlan
copy C:\Drivers\bogus.inf C:\Drivers\extra1
copy C:\Drivers\bogus.inf C:\Drivers\extra2
copy C:\Drivers\bogus.inf C:\Drivers\extra3
copy C:\Drivers\bogus.inf C:\Drivers\extra4
copy C:\Drivers\bogus.inf C:\Drivers\extra5
copy C:\Drivers\bogus.inf C:\Drivers\extra6
copy C:\Drivers\bogus.inf C:\Drivers\extra7
copy C:\Drivers\bogus.inf C:\Drivers\extra8
copy C:\Drivers\bogus.inf C:\Drivers\extra9
del C:\Drivers\bogus.inf
pause
Then i use the “sysprep driver scanner” (http://www.vernalex. … spdrvscn/index.shtml). It will scan a directory and all subdirectories for .inf files. When found, the directory will be added to the list. This list will then be save to the registry key mentioned above.
Either use the GUI or use the commandline functionality, e.g.
spdrvscn.exe /d %SystemRoot%\inf /p C:\Drivers /e inf /a /s /q