Tag Archives: Windows

Disable Cortana in Windows 10

Windows 10 has been updating the search to only use Cortana, Microsoft’s digital assistant. This assistant might be useful to you and Microsoft has put a lot of time in making Cortana reasonable to use.
Some people would rather have the good old basic search that only shows the programs and the files on your local computer without all the web results and options fro the assistant. Recent updates from Microsoft have change the location of the settings so that you must sign in to Cortana in order to disable options like ‘Show Web Results‘.

There is a way to disable Cortana and change her back to a dumb search box for your system with a few simple edits to the windows registry. Be warned that changing the registry can have major impact on your systems stability if you are not careful.

Continue reading

Remove Suggested Apps from Windows 10 by Registry

If you need to remove the new suggested applications option from the Windows 10 Start Menu, and you need to push this change to a large install base of managed systems you have a few options.

You can create a GPO to disables the feature if you are managing a domain, or you can modify the registry if you are using a Remote Management Suite to manage several domains and/or workgroups.

Here is the registry value to disable the suggested applications.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent]
"DisableWindowsConsumerFeatures"=dword:00000001

This command can be run from an admin command prompt to set the registry setting.
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent /v DisableWindowsConsumerFeatures /t REG_DWORD /d 1 /f

Event ID 4319 NetBIOS over TCP/IP with Dual Nic’s

We have received many alerts on the error Event ID 4319 as seen below.
Event log: System
Event Source: NetBT
Event ID: 4319
Message Contents: A duplicate name has been detected on the TCP network.
The IP address of the computer that sent the message is in the data.
Use nbtstat -n in a command window to see which name is in the Conflict state.

netbios-nbtstat

View of the nbtstat -n command result

The cause of this issue has been systems that have more than one network card, this is more common in laptops that will use a hardline in the office. you can see this by using the command ‘nbtstat -n’ multiple network cards have the same NetBIOS name.

To correct this behavior you could prevent both network cards from connecting at the same time, although that is not a viable tactic to us. What we have decided to do is disable NetBIOS over TCP/IP on the wireless card.  If you are doing this remotely you can run the following commands.

First you will need to know what the index number of your network card is, you can retrieve that with the following command.

wmic nicconfig get caption,index,TcpipNetbiosOptions

netbios-nicindex

View of the network cards and the index numbers

You can see the index number listed next to each network card name, in this case we are looking for the wireless card, that would be index number ‘2’. You can also see the TcpipNetbiosOptions column is showing a ‘0’, that means it is set to DHCP server options or fail over to enabled if DHCP has no options set. we will need the TcpipNetbiosOptions value to be ‘2’ to disable NetBIOS over TCP/IP, and with the index number we can run the following. (Change the index to the nic relevant to your issue.)

wmic nicconfig where index=2 call SetTcpipNetbios 2

netbios-settcpipnetbios

Result of setting NetBIOS over TCP/IP off.

Error: The application failed to initialize properly (0xc0000135)

If you are getting the error “The application failed to initialize properly (0xc0000135). Click on OK to terminate the application.” when you are launching an application you do not have the .NET Framework installed.

You can go to http://www.microsoft.com/en-us/download/details.aspx?id=22 to download the .NET Framework from Microsoft.

This can be an issue with XP systems as they do not come with .NET Framework by default, most Vista and newer systems will have .NET Framework 3.5 SP1 installed by default. Please remember that .NET Framework 4.0 is not backwards compatible with .NET Framework 3.5.

Windows ReportQueue Eating the Drive

Working on a few system I have found that the following folder has filled up at times with error report files eating all available drive space.

C:\Users\All Users\Microsoft\Windows\Wer\ReportQueue\*

Now I know that this if you have files collecting here you might have bigger issues with the system and you should check that out in time. The files are safe to delete and will not cause any issues after removed. You can also disable error reporting on the system to stop the generation of the error reports.

MS13-036 Security Update KB2823324

This patch has several issues and should NOT be installed on your system at this time.
If you have installed this patch it is recommended that you remove this patch before you reboot.

This patch has been causing the Event ID 55, or a 0xc000021a Stop error in Windows 7 upon rebooting. If you are using Kaspersky as your Anti-Virus this patch will cause Kaspersky to fail to load properly causing it to report a failure with your license. After you have removed the patch you will have to revalidate your Kaspersky install.

Please refer to http://support.microsoft.com/kb/2839011 for more details.

If you wish to script the removal of this patch you can do so using the following command:

%SYSTEMROOT%\system32\wusa.exe /uninstall /kb:2823324 /quiet /log /norestart

You can also use DSIM to remove the patch with the following command:

32 Bit
dism /image:C:\ /remove-package /PackageName:Package_for_KB2823324~31bf3856ad364e35~x86~~6.1.1.1
64 Bit
dism /image:C:\ /remove-package /PackageName:Package_for_KB2823324~31bf3856ad364e35~amd64~~6.1.1.1

Set Server 2012 Network Location

After setting up Server 2012 to test with, I had a major issue with the network location. I was not able to change from the network location from “Public network” to “Private network”. I could get around this issue by join the server to a domain, and doing so would set the network location to “Domain network”. Although this solution might not be ideal or even possible for some people.

Local Security Policy

If you can not join the system to a domain or do not wish to join the system to a domain you will have issues accessing the system through the network connection. Now if you were to set the network location to “Private network” you would be able to access the system like a domain joined system.

Follow these steps to be able to change the network location:

All Networks Properties

  • In “Server Manager” open the “Tools” menu and select “Local Security policy”.
  • Select “Network List manager policies” in the console tree.
  • Open “All Networks” properties.
  • Change “Network location” to “User can change location”
  • Now reboot to apply the changes.

In the “Local Security Policy” editor you can also change the network type of your network if it listed by editing the properties of the listed network instead of the “All Networks” option.

Update: 
Several people have pointed out that this option can be done with the following Powershell commands.

Get the list of network profiles on the system.
Get-NetConnectionProfile
Change the network interface to private, use the network interface index number from the previous command.
Set-NetConnectionProfile -InterfaceIndex 10 -NetworkCategory Private

Domain Joins from PowerShell

I have been working in Kaseya a bit and I have had issues with domain joining systems and rejoining systems to domains. I would have even liked to rename systems if I could. After searching and testing many different ideas I have com across PowerShell’s way of domain joining systems.

Help for Add-Computer in Powershell

In Powershell V2 there is a new cmdlet called Add-Computer and it has more power than the GUI version of the domain joining system.
PS C:\> Add-Computer [-DomainName]  [-Credential ] [-OUPath ] [-PassThru] [-Server] [-Unsecure] [-Confirm]
PS C:\> Add-Computer [-WorkGroupName] [-Credential ]

The command below I will be joining the domain “testdom.local” and have already said what account I want to use to do this. This will result in the need to enter a password but that is a simple step. The -passthru switch will give me some basic details about the domain join.
PS C:\> Add-Computer -domainname testdom.local -cred testdom.local\administrator -passthru
You can even specify an Orginization Unit using the switch -OUPath if you did not want to move the system to a different OU after it has been joined to the domain.

The place that this is cmdlet great for anyone running a managed service system like Kaseya is when you can remove a computer from a domain and change the computers name and rejoin the domain. To change a systems name you can use the following command.
PS C:\> Add-Computer -workgroup workgroup -newname testsys01 -force -restart
The switch -Force will suppress the confirmation boxes since the cmdlet Add-Computer asks for confirmation on all commands. The final switch will -Restart will do exactly what it says, it will restart the system after it has run since a restart is often required to make the changes effective.

Windows Installer Failure

I was working on a server doing some cleanup of old applications when I was suddenly not able to uninstall or install applications anymore. I would get an error about the Windows Installer Service failing. I have a quick glance at the event logs and found this gem of an error:
Event Type: Warning
Event Source: MsiInstaller
Event ID: 1015
Description:
Failed to connect to server. Error: 0x8007041D

This error does not give a huge amount of details, but according to Microsoft it translates to “The system cannot find the path specified“. 

I tried several fixes including running the following commands. You must have the services console closed or it will not properly reset the service.
msiexec.exe /unreg
msiexec.exe /regserver

This did not correct the issue, I next found a direct uninstall command and executed it manually from the command line adding logging to the the command to see what the installer service was having an issue with.
c:\Windows\System32\msiexec.exe /i {ProductCode} /L*v c:\temp\msiexeclog.txt

This returned the following error code:
MSI (c) (44:98) [16:16:41:018]: MainEngineThread is returning 1601

I have now reached the point that it looks like reinstall of the Windows installer would be the fastest solution, to do this I first cleaned the old installer from the system using the following commands.
cd %windir%\system32
attrib -r -s -h dllcache
ren msi.dll msi.old
ren msiexec.exe msiexec.old
ren msihnd.dll msihnd.old

After restarting the system I downloaded and installed a new copy of the Windows Installer from Microsoft. After one more reboot I was able to continue application uninstalls on the server.

Setup Windows To Go on a USB Drive

The idea of a windows to go setup for Windows 8 is very interesting and I have wanted to try this as soon as I hear about it. After doing some research and testing I have managed to get a working copy of Windows To Go to work on a 32GB USB drive.

Now I have seen that this is not the fastest thing in the world, but this is because of some simple reasons. The drive I am using is only USB 2.0 not USB 3.0 making it rather slow, as well as the drive is just not that great to start with. I still really like to use the device and it is a lot of fun to use when you’re at someones house and you want to browse or do work but you do not want to use their computer.

You will need the following.

How to setup the drive.

  • From a command prompt
  • Run: diskpart
  • At the DISKPART> prompt find your USB drive by typing: list disk
  • Select your USB drive by typing: select disk 2 (if your drive is listed as drive 2)
  • Prep the drive by typing: clean
  • Now we create a partition: create partition primary
  • The partition needs to be formatted and set as bootable: format fs=ntfs quick
  • Set the drive letter for the partition: assign letter=W
  • Set the partition as active: active
  • Exit diskpart: exit

You will now need to get a file off the Windows 8 DVD ISO and a copy of imagex.exe. To access the files in the ISO I recommend using winrar as it can open ISO files. The file you need is called install.wim and it is located in the sources folder in the ISO, copy this file to your local hard drive I recommend the C:\temp\ as it is simple to access from the command prompt.

Windows 8 ISO, install.wim location

Windows 8 ISO, install.wim location

You will also need to get a copy of imagex.exe. This is not a simple file to find, you can use Windows AIK but I do not like to download such a large file for a tiny program. I found this great tool called Waik Tools, this will download only the parts that you need. After you have imagex.exe copy it to the same location as your install.wim file.

We can now install Windows on to the drive, to do this run the following command. (change drive letters and paths to what you have set your self)
imagex.exe /apply c:\temp\install.wim 1 W:

After this has run you need to create to boot records on the drive, run the following command.
bcdboot.exe W:\windows /s W: /f ALL

The drive will work properly at this point but it still needs two more changes to make it shine. You will need to apply a SAN policy to take the internal drives offline preventing any changes to the internal drives. This is done by creating a file called san_policy.xml and placing it in the root of the drive with the following contents.

<?xml version='1.0' encoding='utf-8' standalone='yes'?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
 <settings pass="offlineServicing">
 <component
 xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 language="neutral"
 name="Microsoft-Windows-PartitionManager"
 processorArchitecture="x86"
 publicKeyToken="31bf3856ad364e35"
 versionScope="nonSxS"
 >
 <SanPolicy>4</SanPolicy>
 </component>
 <component
 xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 language="neutral"
 name="Microsoft-Windows-PartitionManager"
 processorArchitecture="amd64"
 publicKeyToken="31bf3856ad364e35"
 versionScope="nonSxS"
 >
 <SanPolicy>4</SanPolicy>
 </component>
 </settings>
</unattend>

After you have placed this file in the root of the drive run this command: (this command only works on Windows 8)
dism.exe /Image:W:\ /Apply-Unattend:W:\san_policy.xml

You will now want to create an answers file that will disable the Windows Recover Enviroment for the drive. Create a file called unattended.xml with the following contents.

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
 <settings pass="oobeSystem">
 <component name="Microsoft-Windows-WinRE-RecoveryAgent"
 processorArchitecture="x86"
 publicKeyToken="31bf3856ad364e35" language="neutral"
 versionScope="nonSxS"
 xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 <UninstallWindowsRE>true</UninstallWindowsRE>
 </component>
 <component name="Microsoft-Windows-WinRE-RecoveryAgent"
 processorArchitecture="amd64"
 publicKeyToken="31bf3856ad364e35" language="neutral"
 versionScope="nonSxS"
 xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 <UninstallWindowsRE>true</UninstallWindowsRE>
 </component>
 </settings> 
</unattend>

Save this file as unattended.xml to the sysprep folder on the drive. (W:\Windows\System32\sysprep\)

You should now be ready to use your drive. all you need to do now is boot from it. The first time you boot to the drive on a new computer it will take some time to setup but after that it will be a lot faster to boot.