Yesterday I needed to set a few registry keys remotely from a 32 bit windows machine to a 64 bit machine.

I used reg.exe to set the key but even though it returned success the key wasn’t altered.

As I suspected the key was written to the Wow6432Node. In the help I couldn’t find any switch to force reg.exe to use the 64-bit view.

On a 64 bit machine this is not a problem since both 32- and 64 bit versions of reg.exe exists. The 32 bit version of reg.exe defaults to the 32 bit view and the 64 bit version defaults to the 64 bit view.

But luckily reg.exe has a switch (that is not listed in the help) to force the View:

(more…)

In Windows 7 and 2008 R2 all IP Addresses are by default registered in DNS.

If you don’t want certain IP addresses to appear in DNS you can alter this behavior with Netsh using the skipassource flag.

Use the following syntax to add an additional IP Address with skipassource flag:

(more…)

Today I was reusing some old (pre vista) code the retrieves the Logon SID that I wrote a few years ago. The Logon SID is a special SID that identifies a logon session that has the form S-1-5-5-X-Y.

You can view your Logon SID with Process Explorer, right click a GUI process, select Properties and goto the Security Tab:

(more…)

The GetTokenInformation function can be used with the TokenLinkedToken Information Class on Windows Vista and higher to the linked (Elevated) token.

This is useful when User Account Control is enabled and you want to launch an elevated process e.g. from a service.

This example code fails however when User Account Control is disabled:

GetLastError() returns 1312 which is defined in winerror.h as ERROR_NO_SUCH_LOGON_SESSION with description “A specified logon session does not exist. It may already have been terminated.”

So you should check if User Account Control is enabled in such cases (or make this error non critical).

Snippet below can be used to programmatically determine if User Account Control is enabled:

If you want to check if you are running on a Server Core edition of Windows you can use the GetProductInfo API.

GetProductInfo takes 4 input parameters that can be obtained using GetVersionEx and the OSVERSIONINFOEX structure:

No we call GetProductInfo:

(more…)

I just recorded a SasLibEx Screencast, it shows some of the very powerfull features of SasLibEx.

The following features are shown:

• Simulate Ctrl Alt Del (Secure Attention Sequence)
• Cancel Ctrl Alt Del
• Lock Workstation
• Unlock Workstation (without credentials)
• Disable Ctrl Alt Del
• Enable Ctrl Alt Del again
• Cancel pending UAC request
• Is Desktop Locked

I often hear that people configure the Paging File (on Citrix or Terminal Servers) on a seperate volume but, the reasons is either performance or the chance that the Paging File might corrupt the volume.

However if at some point you would like to create a Memory Dump you must have a paging file on the boot volume.

For a Small memory dump you need at least 2MB Paging File on the Boot Volume but for a Full Memory Dump you need a Paging File that is sufficient to hold all the physical RAM plus 1 megabyte (MB).

Side Note: with the increasing ram of today’s servers, how long does it take for a full memory dump to be saved when you have lots of gigabytes?

See also: Overview of memory dump file options for Windows Vista, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000.

If you are implementing a Citrix, Terminal Server or even just a plain Client-Server environment you will need to create a Default User Profile at some point.

The Default User Profile can be thought of as the initial registry settings that are used when a new profile is created.

Many people think that the Default User Profile is available in regedit via HKEY_USERS\.Default but this is NOT the Default User Profile.

(more…)

Today I wanted to install the Dutch Language pack for Internet Explorer 8, the Dutch language comes as part of the Windows Internet Explorer 8 MUI Pack (in my case the version for Windows Server 2003 SP2).

If you install the MUI Pack you will always end up with all 35 (!) languages installed. This behaviour is the same as the language pack for Internet Explorer 7 that I wrote about earlier (see Modifying Microsoft Updates and/or hotfixes)

The solution is really the same as for the IE7 language pack: you modify the inf file (in my case update_srv03.inf) but if you run update.exe it will refuse to use your modified inf file:

So we need to patch update.exe to accept your modified version!

(more…)