As you may know, recent Intel processors have an extension to the x86 instruction set called Advanced Encryption Standard Instruction Set (AES-NI).

AES-NI is basically hardware support for AES based encryption and because I had a chance to run some benchmarks on differing systems I was curious what the impact of AES-NI would be.

I used TrueCrypt for running the benchmarks because this is a real life application and it had support for AES-NI.

I first ran the benchmark on a laptop with an Intel Core2 DUO (P9700 2,80 GHz):

The next system was an Intel Core i7 Q740 (Quad Core with Hyperthreading, so 8 in total) machine.

Read the rest of this entry »

After I uninstalled Office 2010 64 bit and installed Office 2010 32 bit I had a problem with Office Communicator 2007 R2.

After entering my password and clicking sign in it crashed every time:

In the EventLog an Application Error was recorded with some additional error info:

Event Type: Error Event Source: Application Error Event Category: (100) Event ID: 1000 Date: 10-3-2011 Time: 15:20:52 User: N/A Computer: remkolaptop Description: Faulting application name: communicator.exe, version: 3.5.6907.221, time stamp: 0x4cddcd9f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7bafa Exception code: 0xc06d007e Fault offset: 0x0000b727 Faulting process id: 0xf94 Faulting application start time: 0x01cbdf2e592fc53c Faulting application path: C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 9a4e3adf-4b21-11e0-8f0f-c0cb38a92f9b For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The exception code is 0xc06d007e which is defined in WINERROR.h as ERROR_MOD_NOT_FOUND, the error description is: “The specified module could not be found”.

Read the rest of this entry »

I have worked with Office 2010 x64 for a while now but because of compatibility issues I wanted to remove it and install the x86 version instead.

After uninstall Office left a key in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\SmartTag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}

I couldn’t remove it so I figured there was a specific process that had opened this key but couldn’t find anything (using Process Explorer).

Then I checked the permissions on the Office key but it was set to Full Control for Administrators.
Read the rest of this entry »

In the previous parts (part 1 part 2) i’ve described the theoretical part and implementation problems. So, now we can write the code:

1) In case we login the user, we just call LsaLogonUser to get the token:
Read the rest of this entry »

In part 1 I’ve described the theoretical parts needed for a custom autologon application implementation.

But there are some practical problems which I will describe here.

1) I use the LsaLogonUser function to log in the user. However, if I do not pass not null for the LocalGroups parameter, msgina.dll fails to process the logon.

Why? Because it looks for the SE_GROUP_LOGON_ID SID and treat it as logon SID. So we have to add the logon SID manually:
Read the rest of this entry »

Windows XP introduced the ability to use Fast User Switching (FUS from here on), which is implemented using Terminal Services.

But in some cases (i.e. when FUS is not enabled, or when you connect to the console in Windows 2003 server), the Winlogon process in an RDP session needs to transfer credentials to Session 0.

Although not documented in MSDN, the process of transferring credentials is described by Keith Brown in the June 2005 issue of MSDN magazine: Customizing GINA, Part 2.

WlxQueryConsoleSwitchCredentials and WlxGetConsoleSwitchCredentials are used in the transfer with the semi-documented WLX_SAS_TYPE_AUTHENTICATED SAS code constant.

Internally, winlogon.exe uses a Named Pipe, \\.\Pipe\TerminalServer\AutoReconnect, to implement both of these functions.

The pipe format is described in this structure:
Read the rest of this entry »

Yesterday I had some intermittent hangs on the family pc, and old Medion MD-8800 PC.

Since there was no crash and thus no crash dump, there was nothing to debug.

I suspected a hardware issue and opened the pc and I noticed that there was an enormous amount of heat.

The CPU Cooler block was very hot, so after letting it cool down for a while I took it off and the visual inspection made the problem clear:

There is a very small opening between the fan and the cooler block so it’s really a design issue but nothing the vacuum cleaner can’t fix!

On a side note: as you can see on the first picture this pc has a nice display on the front that can display time & date, current item in Media Player, e-mail notification and so on.

I reversed the software that came with the display a couple of years ago so I can put my own things on it. If you are interested in it then let me know!

A few days ago I needed to test a few things on a Windows XP Workstation running under a regular user account.

I wanted to verify if some files and registry keys existed but Group Policies were in place that denied me access to the command prompt and regedit.

While this may be a good thought to secure the pc it is not very convenient if you need to verify some settings.

For that purpose I created patched versions of the Windows Server 2003 command prompt and regedit utilities.

They are patched to ignore the Group Policy settings and I usually place them in some share, secured by NTFS permissions.

You can read about it in my post: Registry editing has been disabled by your administrator (not anymore!).

However due to kernel differences you cannot use the Windows 2003 cmd.exe on Windows XP (you can do it the other way round btw). So I decided to create a patched version of the XP version as well.

I thought it might be interesting to show you how it’s done so here we go:

Read the rest of this entry »

I had a very interesting issue today on a new Citrix XenApp 5 farm. We went into production yesterday and we noticed a number of issues:

• Printing in general was slow, especially when a user connects to a printer for the first time.
• User Profiles were rapidly growing in size (from the expected 1-2 MB to over 40 MB).
• Logons took much longer then in the testing period (and since we use a Full Screen Desktop the user doesn’t see any progress).
• Performance monitoring showed CPU spikes in Word, Excel and IE processes.

I took a look at the profiles first and noticed that the size growth was due to a Xerox subfolder in %APPDATA%:
Read the rest of this entry »

In my project the monitoring group required that SNMP was installed and configured on all servers.

I wrote scripts for Windows 2003 and Windows 2008 that I deploy from my Altiris Server.

This is the script for Windows 2003: