Monday, February 29, 2016

The location of the jump list tasks in Windows

When you right-click some programs on the task bar in Windows 7 or newer, some application-specific things can appear, like "New tab" for browsers. The interesting thing is that those menu items appear even if the program is pinned but not running, so Explorer can't ask it what things it wants on its jump list. Therefore, the items have to be stored somewhere, and that somewhere is:

%APPDATA%\Microsoft\Windows\Recent\CustomDestinations

(There's a similar folder called AutomaticDestinations under the Recent folder that has the entries for non-pinned things.) The files are proprietary and not documented anywhere I can find, but removing them definitely empties the special entries for pinned icons.

Sunday, February 28, 2016

Interesting phenomenon: Symlinks evade DOS device names

Today I discovered an interesting thing involving the special file names. Normally, attempting to write to any file called NUL will result in nothing going anywhere. If you poke around the registry, you'll find that IO on that actually goes to \Device\Null. There are several other files like this, such as AUX. These are holdovers from DOS.

If you make a symbolic link targeted at a file with such a name, no special redirection will occur. Suppose a symlink named NotNul is created with a target of NUL. Writes to NotNul will produce a file literally called NUL in that directory. That new file can only be deleted by its \\?\ name.

Saturday, February 27, 2016

When printers don't accept refilled toner catridges

I recently dealt with a Brother HL2270DW printer whose toner cartridge had recently ran out. A refilled (i.e. unofficial) one had been installed, but the printer continued to claim that the toner needed replacement. I tried reseating the cartridge in every possible way, but the same behavior occurred.

Apparently, some printers have a toner sensor that needs to be reset when non-genuine supplies are installed. For that specific model, it involved a series of button pushes that I found online. Googling the printer's model followed by "toner reset" seems to turn up any model's specific steps.

Friday, February 26, 2016

Solving HP all-in-one's baffling Bluetooth problem

I recently dealt with a very peculiar problem. There was an HP Envy 23, an all-in-one, that had stopped connecting to Bluetooth devices. I tried updating all relevant drivers - Bluetooth, USB roots, chipset - and rebooting, and running troubleshooters, and changing settings, and nothing worked.

I had been using the touchscreen to work with it. To make sure that Windows hadn't suddenly decided to reject real mouse and keyboard input, I plugged in a USB mouse. Shockingly, everything started working again. I suspect this is because the Bluetooth emitter is connected internally via USB, and plugging in a new USB device somehow made Windows figure everything out.

Wednesday, February 24, 2016

Requiring an SMB file share's traffic to be encrypted

As of Windows Server 2012 and Windows 8, file shares can use SMB 3, which supports encryption and authentication for the data transfer. You can enable that with a PowerShell command. To enable encryption for all shares on the machine:

Set-SmbServerConfiguration -EncryptData $true

To enable encryption for a particular share:

Set-SmbShare "ShareName" -EncryptData $true

If you need to reverse those, just do them with $false instead of $true. Note that both of those will fail on non-Server computers.

Tuesday, February 23, 2016

MDT breaks without the System Reserved partition

Today I was experimenting with MDT, and tried to remove the extra two partitions (recovery and System Reserved) from the format-and-partition step. I found when I attempted to run the deployment that it failed at the bootsect call. Evidently, it won't adjust to the absence of those partitions, even though they're not absolutely necessary for Windows to work correctly.

Monday, February 22, 2016

Easy, attractive code formatting with CSS

Today I found myself wanting to format some text in a simple HTML/CSS page as inline code, as is seen on Stack Exchange. After just a tiny bit of fiddling around, I got a very nice CSS style working:

.code {
 background-color: rgb(230, 230, 230);
 border-color: rgb(180, 180, 180);
 border-radius: 3px;
 border-width: 1px;
 font-family: Consolas, "Lucida Console", "Courier New", monospace
 padding: 2px;
}

Text formatted with that style (via <span class="code">) gets set apart from the rest of the page with a slightly distinct background color and a rounded border. The padding makes sure that the first and last characters aren't right up against the border.

Sunday, February 21, 2016

Assigning an icon for extensionless files in the "New" menu

A while back, I discovered an interesting Super User question that asked how to set the icon for extensionless files in the "New" submenu of a folder's context menu. The poster had added an option to create a new extensionless file, but its icon in the New menu was the C drive's icon. The normal way to set the icon that works for files with extensions did not work in this case.

I was unable to answer, so I added a small bounty to the question. With just two hours left before the deadline, somebody answered. Apparently, there's a different icon path setting that works for all entries, IconPath under the extension's ShellNew.

Get the full .reg file at the answer.

Saturday, February 20, 2016

Interesting phenomenon: Newly-spanned drives briefly appear as full

Today I installed a new drive in a VM and spanned an existing volume onto it. I noticed after doing so that Explorer showed the volume as having its new capacity, but almost full, with the same amount of free space as before. Attempting to look at the drive's properties froze Explorer.

Everything was good; in a moment, Explorer went back to normal and the real free space was reported. So, if this happens again, it's probably normal and not indicative of anything bad.

Friday, February 19, 2016

Solving the old Adobe Acrobat unattended install mystery

A while ago, I wrote about how much trouble I was having trying to install Adobe Acrobat DC unattended. Today I think I found what was causing the failures.

On the last computer that the process was mysteriously not working on, I tried running the UI-enabled installer. After I waited a while, it threw up a dialog about needing to close some applications: Word and Outlook. Once those programs were closed, it proceeded and ran to completion.

So, the trick is to close the Office applications before installing Acrobat.

Wednesday, February 17, 2016

What's the biggest number Excel can handle?

A fairly common question about Excel is the maximum number size. Getting a simple answer requires a bit of research. The most relevant document is "Excel specifications and limits."

The absolute largest positive number that can be dealt with in Excel is 1.79769313486231570 • 10308, using the Double data type. However, you can't have a literal number in a cell bigger than (i.e. you need an arithmetic formula to go above) 9.99999999999999 • 10307. Note that the Double type is floating point, so once your numbers get that large, you'll lose some precision if you try to add comparatively small numbers. (Excel only does 15 figures.)

Tuesday, February 16, 2016

Office 365 Deployment Tool Surprise: Updates element required

I tested the Office 2013 Deployment Tool today, and discovered an interesting phenomenon. The first time I asked it to download the installation media, I had only enabled the Add element, the one that specifies the products and edition to download. I left all the other elements, including Updates, commented out.

When I tried to use the tool in /configure mode to set up Office on another computer, it failed, leaving a message in the log about not being able to find a certain CAB file in the installation media. That file was in fact absent.

After a bit of trial and error, I found that enabling the Updates element for the /download phase seemed to make the tool download more/bigger files, including the one that had been absent. It's entirely possible that I did something wrong, but maybe it's required to declare whether you're getting updates?

Monday, February 15, 2016

Lots of ways to get the logical sector size

While attempting to discover a way to find the physical sector size of a disk that doesn't have any volumes, I have found many ways to get the logical sector size:

  • fsutil fsinfo sectorinfo x: where x is the drive letter of a volume on the disk
  • wmic partition get BlockSize, Name (produces a list of partitions and their drive's sector size)
  • wmic diskdrive get BytesPerSector, Name (works even for disks without any volumes, but only shows the logical size)
  • fsutil fsinfo ntfsinfo \\?\Volume{guid}\ where guid is the GUID of the volume as reported by mountvol (works only for NTFS volumes, but does support volumes without drive letters)
  • The System Information program (msinfo32) has a Disks section (under Components → Storage) that shows the logical sector size in an item called Bytes/Sector

Sunday, February 14, 2016

Why can't monitor-mode sniffers be detected?

I answered this Super User question today. It asked about network sniffers that are in monitor mode, i.e. just listening to the Wi-Fi radio signals. Such sniffers are particularly insidious because it's not possible to see that they're listening. See, they're just hearing the same radio signals as legitimate clients, and to do that, they don't have to send anything. With nothing being sent, there's nothing for security tools to look for, and no way to know that bad things are in play.

A similar attack on wired connections would involve a physical splitter. Since that device would operate at the physical layer - the world of electrical signals on the literal wire - no network appliance would see anything different.

Saturday, February 13, 2016

How does Windows determine the highlight color for running apps in the taskbar?

When you mouse over the taskbar icon of a running program in Windows 7 or 8, a colored shine effect appear behind your mouse. I just answered this Super User question that asked how that color is determined from the icon.

Basically, Windows looks at each non-fully-transparent pixel and sorts it into buckets. A pixel can go into one of 27 buckets depending on the value of each of its channels (red, green, blue). Effectively, the buckets are in a three-dimensional array that is three wide in each direction, so the ranges are split into three chunks. They don't appear to be equal ranges, though: it looks like they're about 0-60, 60-200, and 200-255.

Once all the pixels are put into buckets, some buckets are eliminated, specifically, those where all channels were in the same chunk. That removes black, white, and gray. Windows then looks for which bucket has the highest number of pixels in it, and makes the highlight color something in the middle of the bucket's range.

Other notes:

  • If the program defines no icon at all, it gets a white highlight despite the default icon being greenish or blue
  • There's no rule that says multiple programs can't have the same highlight color
  • Icons with no pixels in any acceptable buckets get a light blue highlight no matter what the system theme color is
  • Ties are broken in a deterministic but not super intuitive way; it's probably just a consequence of the maximum-finding algorithm
Note that all of this might not be exactly right because I, of course, don't have access to the actual code; it was mostly experimental. Science!

Friday, February 12, 2016

What's the point of the Fonts key in the Registry?

I just wrote this Super User answer, and learned some interesting things while doing the research and experimentation. In short, the question asked about the purpose and impact of the entries in this Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts

What immediately meets the eye is that each entry's name is a human-readable-ish font title and the data is the name of the font file.

The interesting part is that the entry names don't seem to matter. The font files contain the family name and style name, and those are what Windows uses to group fonts and display their names. I tried naming the Registry entries all sorts of things, but programs just used the title in the file.

Two pieces of information are required for Windows to recognize a font. There must be an entry in this key with the filename as the data, and the font file has to exist. If either of those conditions are not met, Windows will ignore the entry or the file. Fortunately, Windows Explorer handles the bookkeeping for you when you paste a font file into the Fonts folder.

Thursday, February 11, 2016

Lenovo ThinkPad Edge drivers for the SD card slot

I realized when I inserted an SD card into my Lenovo ThinkPad Edge E545 that no drivers were installed for the SD slot. Windows 8.1 was installed on the machine, and the physical computer had a sticker indicating that it was designed for Windows 8, so I was confused as to why Windows couldn't find drivers.

It turns out that Lenovo has labeled the driver as being compatible only with Windows 7. You can download it at their website. I've installed it on my laptop and it works fine, but I guess they never got around to updating the download page.

Wednesday, February 10, 2016

Strange Wi-Fi connection failures? Remove the battery

I have a Lenovo ThinkPad Edge E545 that recently had a strange problem. Even though it was connected to a wireless network, it couldn't communicate with any other machines there. It couldn't get DHCP, but all other hosts on the network could. Windows network diagnostics did nothing; no amount of fiddling with the adapter helped.

A person I was working with had seen something like that before. He suggested that I fully power the machine off by unplugging it and removing its battery. Interestingly enough, that worked. I can't imagine how a network adapter could get so messed up, but this trick might be helpful on other models too.

Tuesday, February 9, 2016

Lenovo storage driver difficulty

One of my projects entails deploying a Windows image to a group of laptops, all of a certain Lenovo ThinkPad Edge model. I have successfully deployed to them in the past with normal WDS, but this time I'm trying to use MDT, which (though the image is ultimately served by WDS) does not produce WDS boot images.

The problem is that the MDT image - the thing that presents the UI that gives all the options and the wizard - doesn't seem to contain drivers for the storage controller. MDT can never see the disk; DiskPart says that there are no fixed disks. I've jammed all the drivers from the Lenovo Update Retriever for the model into the image and tried putting in the drivers from an installed OS, but the problem persists.

I have also tried all combinations of UEFI vs. Legacy booting and AHCI vs. Compatibility SATA mode. Changing those settings makes the BIOS/UEFI startup screen look different, and one combination makes the disk appear in DiskPart, but then MDT hangs before it can show the wizard. I don't know what's going on here.

Monday, February 8, 2016

BitLocker works on SD cards

While doing some research on BitLocker, I happened to notice that I had a 32GB SD card laying on my desk. (It's amazing that so much storage can fit in so little physical space!) Curious as to whether SD cards could be secured with BitLocker, I put it in my machine's reader and opened the BitLocker management UI.

It appears that BitLocker To Go does in fact support SD cards; they're removable disks just like flash drives. Of course, cameras and other devices won't be able to read/unlock the drive, but it's interesting that it's possible to carry secure super-compact storage.

Sunday, February 7, 2016

Hyper-V hangs on "Applying changes" when adding a new drive

While attempting to add a VHD as a hard drive to a Hyper-V virtual machine, I had to wait a very long time for the "Applying changes" dialog to go away. When it did, I was greeted with a generic failure message.

When I recreated the stuff in the VHD as a VHDX, however, it worked fine, and the progress dialog went away almost immediately. This is a Generation 2 VM, so it might be more strict about what sort of things it accepts. If that is the case, I wish the UI made such limitations more obvious. If it actually has to do with the machine being Generation 2, G2 might be more trouble than it's worth for me due to this and other surprises in the past.

Saturday, February 6, 2016

Hyper-V: "No boot entries"

I created a Windows 10 VM with Hyper-V today, and I noticed that its settings seemed to have no way to set a boot order. The machine was Generation 2, and no "BIOS" entry was to be found in the Hardware category. Under "Firmware", there was a message stating "No boot entries", despite a bootable ISO being in the virtual DVD drive. When I tried starting the machine, the PXE firmware appeared.

I did some Googling and was unable to turn up anything relevant. Waiting for a while, however, resulted in the VM booting from the DVD after it gave up on the network. Later, once the OS got installed, an entry did appear in the Firmware section, but is not editable. That's rather strange, and I'm not sure how to change this VM's boot order, but at least patience let it start.

Friday, February 5, 2016

Office 365 Deployment Tool

Office 2013's style of installation makes it tricky to deploy and license via normal methods. Streaming every installation package from the Internet seems inefficient to me, and Microsoft understands. Therefore, they created the Office 365 Deployment Tool. It enables you to download the installation media to local storage for simpler deployment. The Configuration.xml file governs the behavior of the tool, and the program itself has very sparse information on what you need to do, so you'll want to consult the reference.

Thursday, February 4, 2016

Services that aren't

Most Windows services are normal programs run under the direction of the Service Control Manager. Some run in shared processes named svchost.exe. If you poke around with sc.exe, however, you might find some that are neither and that can't be found anywhere in the Services snap-in for MMC. The Volume Manager Driver (volmgr), for instance, cannot be found anywhere in Services or in the listing of sc query.

It will, however, appear if you use sc queryex type= driver. See, some "services" aren't programs in the normal sense. Instead, they're kernel-mode drivers (TYPE: 1 KERNEL_DRIVER) that the Service Control Manager is responsible for handling. Since they're not the same kind of thing as standard services (they have no process ID, for example), the Services control panel doesn't show them. You can, however, start and stop them with sc on the command line.

Wednesday, February 3, 2016

Solving the ClickSend message processing mystery

A couple days ago, I was quite baffled as to why one of my programs was not seeing input as it appeared in the ClickSend web app. Today, after perusing my log files, I think I've figured it out.

Some people's phones evidently send a line break at the end of SMS messages. My program looked for keywords in the message, but the line break after the last word made it appear as a word not in the list of keywords. Therefore, it didn't process the message correctly.

I have updated the program to replace CR/LF with spaces before searching for keywords. I will know tomorrow whether that solved the problem.

Tuesday, February 2, 2016

Data Recovery Agents and EFS

The Encrypting File System in Windows/NTFS is very nice, protecting user files with a key derived from the user's password. That means that if the user's password is forcibly reset (as opposed to changed), the user will lose access to EFS-encrypted files. That could be a problem.

Fortunately, Windows allows the registration of Data Recovery Agents for EFS. DRA certificates are also derived from a user's password. When an EFS file is created or touched, Windows encrypts the file's symmetric key with each DRA's public key in addition to that of the user. Therefore, even if access to one key is lost, a DRA can recover the file.

Note that EFS does not necessarily prevent malicious programs running as a user from accessing encrypted data. Malware could simply wait for the target file to be opened; it could also register a DRA certificate for a new user, wait for the user to touch some files, and read them with the DRA's account.

Monday, February 1, 2016

Intermittent problems when receiving messages through ClickSend

Now that I got ClickSend connected to a program, the program is indeed doing its job. I am, however, noticing a strange phenomenon. Sometimes, the program doesn't understand what was said by the human even though it appears correctly in the ClickSend history web control. Sadly, I can't run any debugging beyond logging on the production machine, so I can't know exactly what's happening.

The program is supposed to receive replies by polling the server for an XML document. Parsing the XML works fine, but the user data is not being handled as expected. My guesses at the moment are character encoding mismatches and the presence of extra spaces. The web control doesn't tell me how the text was encoded, though the documentation indicates that the XML document should be UTF-8. There also don't appear to be any extra spaces in the replies when viewed online, though it is conceivable that my code could misbehave when given them.