Windows Administration: Difference between revisions

From miki
Jump to navigation Jump to search
(→‎Tips: Verbose Status)
Line 226: Line 226:
"VerboseStatus"=dword:00000001
"VerboseStatus"=dword:00000001
</source>
</source>

== Open Issue ==
=== Reduce volume size after updates and service packs ===
Particularly true for Windows Vsta. Ideas:
* Can we use '''[[Windows Reference|sysprep]]''' tool?


== Troubleshoot Windows 7 Boot Issues ==
== Troubleshoot Windows 7 Boot Issues ==

Revision as of 11:31, 22 March 2013

CMD.EXE

Configuration

  • Enable file / path extension (see help cmd):
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar     <-- 09 (tab)
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar <-- 09 (tab)
  • Command Extension are enabled by default
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions
  • Delayed expansion is not enabled by default:
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion


Other useful config tools:

  • DOSHere
    Open a cmd prompt by right clicking on any directory in windows explorer

Device Management

View and Delete Unused Devices

Open a cmd.exe console:

> set devmgr_show_nonpresent_devices=1
> devmgmt.msc

In the Device Management Console, select show hidden devices. Unused devices are grayed out.

Convert Logical Drive Letter to PhysicalDrive

The following C program illustrates what Win32 API to use to convert a logical drive letter like C: to the corresponding PhysicalDrive specification.

#include <stdio.h>
#include <w32api/wtypes.h>
#include <w32api/ddk/ntdddisk.h>

int main()
{
    HANDLE hDeviceHandle = NULL;

    char drive[] = {'\\', '\\', '.', '\\', 'A', ':', 0};
    DWORD driveMask = GetLogicalDrives();

    for(int i = 0; i < 26; i++)
    {
        drive[4] = 'A' + i;
        printf("Drive: %s\n", drive);
        hDeviceHandle = CreateFile(drive , 0, 0, NULL,
        OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL, NULL);
        if (hDeviceHandle != (HANDLE)-1)
        {
            STORAGE_DEVICE_NUMBER sdn;
            DWORD returned;
            if (DeviceIoControl(
                hDeviceHandle,IOCTL_STORAGE_GET_DEVICE_NUMBER,NULL ,0,&sdn,sizeof(sdn),&returned,NULL));
            {
                printf("\tDevice type: %d number: %d partition: %d\n",sdn.DeviceType,
                sdn.DeviceNumber, sdn.PartitionNumber);
                if(sdn.DeviceType == 7)
                    printf("\t-->\t\\\\.\\PhysicalDrive%d\n",sdn.DeviceNumber);
            }
        }
    }

    return 0;
}

Compile with:

% gcc logicalToPhysicalDrive.cpp

Example of output:

Drive: \\.\C:
        Device type: 7 number: 0 partition: 1
        -->     \\.\PhysicalDrive0

Patch file version resource

Some windows file have a specific resource record that stores release information on that specific file (like file version, company name, etc ). One can see this record by using the NT Explorerright clickpropertiesVersion panel.

It is quite easy to change the content of this record by using an Hex Editor such as UltraEdit. Just look for either of the hex string below in the file:

560053005F00560045005200530049004F004E005F0049004E0046004F00 // V.S._.V.E.R.S.I.O.N._.I.N.F.O.
460069006C006500560065007200730069006F006E                   // F.i.l.e.V.e.r.s.i.o.n.

Note that the version number (file version) given at the top of the Version panel is actually coded in hex. The example below gives a file version 1.2.3.4.

xx xx xx xx xx xx xx xx xx xx 56 00 53 00 5F 00 // xxxxxxxxxxV.S._.
56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 // V.E.R.S.I.O.N._.
49 00 4E 00 46 00 4F 00 xx xx xx xx xx xx xx xx // I.N.F.O.xxxxxxxx
xx xx xx xx 02 00 01 00 04 00 03 00 xx xx xx xx // xxxx........xxxx

Shutting Down / Locking

Using rundll32.exe (see [1]):

rundll32.exe user32.dll,LockWorkStation

Another one:

rundll32.exe shell32.dll,SHExitWindowsEx [0|1|2|4|8]
:: 0: logoff, 1: shut down, 2: reboot, 4: forced shutdown, 8: powers down the machine

Regedit

Command-line

Using regtool (cygwin):

regtool /s registry_file.reg                     ;Silent merge registry file (no user confirmation)

Using reg.exe (windows):

;Silent merge
regedit /s registry_file.reg                      

;Create a global USER environment variable (persistent)
SET MYROOT="%CD"
echo Setting global USER Environment variable to %MYROOT%
reg add HKCU\environment /v MYROOT /t REG_SZ /d %MYROOT% /f

Regedit .reg File Format

See also Microsoft's reference page, here, here, here and on Wikipedia.

See also regtool chapter on Cygwin page.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
@=dword:00000000
"SetupType"=dword:00000000
"CmdLine"="setup -newsetup"
"SystemPrefix"=hex:c5,0b,00,00,00,40,36,02

; Comments are created with a semi-colon

; Delete a value by assigning a minus to it
"SetupType"=-

; Delete a key by preceding the name with a minus sign
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup]

The header line indicates the version and can be either

 Windows Registry Editor Version 5.00   for Windows 2000, Windows XP, and Windows Server 2003
 REGEDIT4                               for Windows 98 and Windows NT 4.0 (but is also accepted in 2000, XP or 2003)

Network

Detect Network Environment Change

The following VBS script can be used to detect automatically when a network cable is connected or disconnected ("network cable unplugged"), as in [2]. Some explanations at [3], and more on [4].

Use MSNdis_StatusMediaDisconnect to detect when a cable is unplugged.

Set colMonitoredEvents = GetObject("winmgmts:root\wmi")._
     ExecNotificationQuery("Select * from MSNdis_StatusMediaConnect")
Do
     Set strLatestEvent = colMonitoredEvents.NextEvent
     WScript.Echo "Connected! Do something here"
     ' enable the line below if you want to exit after the first event.
     ' Exit Do
Loop

Same script a bit improved in order to limit detection to some specific adapter:

Set colMonitoredEvents = GetObject("winmgmts:root\wmi")._
     ExecNotificationQuery("Select * from MSNdis_StatusMediaConnect" _
        & " WHERE InstanceName = '3Com 10/100 Mini PCI Ethernet Adapter'")
Do
     Set strLatestEvent = colMonitoredEvents.NextEvent
     WScript.Echo "Connected! Do something here"
     ' enable the line below if you want to exit after the first event.
     'Exit Do
Loop

Rename / Delete locked files using Registry

This uses a registry data called PendingFileRenameOperations in key [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]. This data is a REG_MULTI_SZ. The syntax is as follows:

\??\source file
!\??\target file

To delete a file, target file must be the null string, i.e. 00 00. For instance the registry file below can be used to delete a file named c:\TEMP\Kill-ME.eXe.

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations"=hex(7):5C,3F,3F,5C,63,3A,5C,54,45,4D,50,5C,4B,69,6C,6C,2D,4D,45,2E,65,58,65,00,00,00

Another way is to use the windows program reg.exe.

Tips

Re-Enable Hibernate Option (Vista)

On Vista, Hibernation is disabled after running the disk cleanup wizard and removing the hibernate files. To re-enable (see [5]):

  • Go to the command prompt icon in the Start menu under Accessories and right click the icon: click “Run as administrator”.
  • Paste: “powercfg.exe /hibernate on” and hit Enter and also paste “powercfg -h on” and hit enter just to be safe.
  • Open Control Panel and type in “Hibernate” in the Search.
  • Click “Turn hibernation on or off”
  • Click “Change advance power settings”
  • Scroll to and expand the “Sleep” option.
  • Select “Off” to the “Allow hybrid sleep” option.
  • Scroll to and expand the “Power buttons and lid” option.
  • Select “Hibernate” for the “Sleep button action” option.
  • Select “Hibernate” for the “Start menu power button” option.

Enable Login Verbose Status

Reference: [6]

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"VerboseStatus"=dword:00000001

Open Issue

Reduce volume size after updates and service packs

Particularly true for Windows Vsta. Ideas:

Troubleshoot Windows 7 Boot Issues

The new Microsoft's flagship OS come with new features in boot, and now has plenty of different ways to fail at boot, each time with very cryptic and unhelpful messages. It is very easy to get these insulting messages for instance when you change your harddisk, or restore your Windows 7 backup in a different machine (possibly a virtual one). Here I list all the issues I encountered, and how I did solve them.

Using Windows BootRec

Use BootRec to fix issues in the following items [7]:

  • A master boot record (MBR)
  • A boot sector
  • A Boot Configuration Data (BCD) store

Simply boot Windows Recovery CD, and type at prompt:

bootrec

Corrupted / Missing Master Boot Record (MBR)

Typical error messages when the MBR is absent / corrupted:

Missing operating system
Error loading operating system
Invalid partition table
MBR Error 1
...

There are actually 2 possible way for corrupted MBR:

  • Corrupted MBR code (detected by BIOS)
  • Corrupted Partition Table (detected by MBR code)

The actual message may vary depending on the BIOS (corrupted MBR code), or the variant of MBR code installed on the disk. Note that the MBR works fine if GRUB shows up (even in rescue mode).

Solutions:

  • Install new MBR - Windows
    Boot Windows Recovery CD, and open command prompt
bootrec /fixmbr
  • Install GRUB
TBC
  • Fix partition table
TBC
  • Set boot partition
TBC

Corrupted / Missing Volume Boot Record (VBR)

Corrupted / Missing BOOT.INI

Corrupted / Missing \bcd Directory

Error:

      Windows Boot Manager

File: \Windows\system32\winload.exe
Status: 0xc000000e
Info: The selected entry could not be loaded because the applicationis missing or corrupt

Fix: - Boot Windows Recovery Disk, let auto-repair run. You'd likely get another error afterwards (0x0000007B), see below.

Error 0x0000007B

Error: BSOD 0x0000007B, followed with error message

       Windows Error Recovery
Windows failed to start. A recent hardware or software change might be the 
cause.

[...]

    Launch Startup Repair (recommended)
    Start Windows Normally

[...]

This message is indicative that the kernel was not even loaded (no way to launch Safe Mode). It means that the BCD is missing or corrupted.


Fix:

  • Launch startup repair (or use recovery dvd)
  • Go to command prompt:
bcdedit /export C:\BCD_Backup
ren C:\boot\BCD bcd.old
bootrec /rebuildbcd