Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for the ‘Vista’ Category

Active Directory Properties Commandline Tool

I have written a small commandline tool that shows the Active Directory Property Sheet for a given account.

The Property sheet is what you get when you doubleclick an object in Active Directory & Computers. Basically this tool is meant to make it easy to quickly view or change properties without needing to start a GUI tool and looking up the account in the AD Tree.

Having fun with Windows Licensing

If you look into the registry in the key HKLM\System\CurrentControlSet\ProductOptions you will find several licensing related Values.

The ProductType and ProductSuite keys contain the OS Suite and Edition, but the ProductPolicy key is much more interesting. So let’s have a closer look at it, open RegEdit and DoubleClick the key, you will something like the screenshot below, a Binary Value:


As you can see the license names are there as a Unicode string and later on I will show you how we can read the values. But because I didn’t want to extract all the names manually I decided to see if I could reverse the used structure because it didn’t look very complicated. Using a Hex Editor I could determine the important part of the structure.


Did you make a SasLibEx enquiry? And… news!

My hoster has had some problems with the domain that I use for SasLibEx enquiries. If you have sent mail to mail that has not been answered I kindly request you to send it again.

I would also like to briefly tell you about an upcoming new release of SasLib, version 2.0. There is so much I would like to tell you about it but I will limit it to a few highlights here and save the rest for the upcoming website on

  • A new option to simulate Control-Alt-Delete with only user permissions (no need to be admin or even system).
  • New Switch console function to reconnect closed RDP sessions for remote control.
  • Supports Windows Vista, Server 2008, Windows 7 and Server 2008 R2.
  • Support for Delphi 2010, C++ Builder 2010 and will support MS Visual C++ 2010 once it reaches RTM.
  • Native x64 support.

I feel especially good about 2.0 because further improvements were made to the code, again some highlights:

  • Full documentation of all functions, parameters and known possible errors.
  • 80% of the code was rewritten from scratch.
  • Uses techniques like annotations to further reduce the chance of programing errors.
  • Structured testing.

I never liked the new eventviewer that was introduced with Windows Vista. If you want to have the old eventviewer back (you can use the old and new one together) you need to follow the following steps:

  1. Open a command prompt as Adminstrator.
  2. Type Regsvr32 els.dll (if you get error code 0x80070005 then you didn’t run as Administrator).
  3. Start mmc.exe and goto File | Add/Remove Snapin.
  4. From the available Snapins choose “Classic Event Viewer”.
  5. Right-Click Classic Event Viewer under Console Root and select New Window from Here.
  6. Choose Customize from the View menu.
  7. Deselect the Action Pane and Click OK
  8. Now save the file with a name of your choice eg EventVwrC.msc.

It should look like this:


Doubleclicking an Event feels familiar as well:


Windows Vista introduced the Command Bar in Explorer which is sometimes also referred to as the Folder Band or the Task Band. The Command Bar is of course also present in Windows 7 and Server 2008 (R2).


This Command Bar shows possible tasks or actions depending on the active folder. I wanted to remove the “Uninstall or change a program” (in Dutch this is called “Een programma verwijderen of wijzigen”) button from the Computer view:



Save Explorer settings without Logging off

This is more a note to self because I always forget. Explorer holds all it’s settings in memory so if you change a settings through the GUI (like in Folder Options) you cannot use a tool like Process Monitor to see what the corresponding registry entry is.


I needed to add a printer connection to a Citrix server but the problem was that this printer had a buggy driver. I wanted to use an alternative driver such as the Citrx Universal Printer driver but on Terminal Server you might want to use the Terminal Services Easy Print driver.

So I decided to make something that could be used in both situations, the result is a small commandline tool called AddPrinter2 (sorry I am not good in finding original names).

It takes 2 parameters: the printername as unc path and the driver name. An example would be:

AddPrinter2 “\\server\printer” “Citrix Universal Printer”.


As you may know the 32 bit, also called x86, editions of Windows Vista cannot address more than 4 GB of memory. You may think this 4 GB is a limit of the processor but this isn’t true; using Physical Address Extension (PAE) it’s possible to address more memory

Enterprise Server versions of Windows (2003 and 2008) can already address more than 4 GB of memory so why can we not do that with Vista? The answer is: Microsoft doesn’t want that! It is all just a licensing matter, we can see this in the registry. Take RegEdit and goto HKLM\CurrentControlSet\Control\ProductOptions and doubleclick the Value ProductPolicy, scroll down a little until you see the value “Kernel-PhysicalMemoryAllowedx86”, next to it is the value 01 00 which corresponds to 4096 (1000 is the Hex of 4096):


We can also see where this (and other licensing values) come from: if we look in %systemroot%\system32\licensing\ppdlic al license values are in XML files. The memory value is in Kernel-ppdlic.xrm-ms:


SasLibEx updates

I have found and tested some new functionalities which I will add to SasLibEx:

  • Unlocking workstation without entering password
  • Cancel UAC (User Account Control) request
  • fully disable Ctrl-Alt-Del
  • Cancel Ctrl-Alt-Del
  • Switch between secure desktop (where the UAC prompt is) and the normal desktop.

Some people asked if SasLibEx works on x64 or Windows 7, the answer is yes. I tested on build 7000 of Windows 7 beta and also on Server 2008 x64.

Existing code to simulate the Secure Attention Sequence (SAS),which most people refer to as control alt delete or ctrl-alt-del, no longer works in Windows Vista. It seems that Microsoft offers a library that exports a function called SimulateSAS(). It is not public and one is supposed to request it by sending a mail to Mails to this address remain unanswered though.

I researched how other people (including Microsoft) have solved this task and was unhappy with the results: some solutions work only with (or without) UAC, most solutions work only for the current or console Terminal Server sessions or need a kernel mode driver.

So I decided to create my own Saslib with the following goals:

  • Should work both with and without User Account Control (UAC)
  • Should support current, console and any Terminal Server session
  • Does not need a driver
  • The calling application does not need to be signed or have a special manifest
  • Support multiple programming languages

I have succeeded and thus SasLibEx was born: not only can it successfully simulate the SAS sequence it can do this for any/all Terminal Server sessions. It can also lock the workstation (again for all sessions) and switch between the normal desktop and the secure desktop (the desktop that UAC runs on). SasLibEx was successfully tested both with and without User Account Control (UAC).

In the future I will place SasLibEx on it’s own website. Meanwhile you can contact me if you are interested in it at the following mail address: mail

Please note that I have spend lots of time into this project and therefore I cannot give it away for free

Update: I have added new features to SasLibEx, see here: