Blog: Windows 7

Here is a very handy Microsoft article about how to install Windows Updates to a Windows 7 Embedded device that uses a File-Based Write Filter (FBWF) or an Enhanced Write Filter (EWF).  This is a great tool to use on Thin Clients that can’t be managed by HPDM or SCCM.

The process includes a running a Scheduled Task, which calls a VBS script.  That VBS Script handles disabling the write filter, downloading and installing updates, then re-enabling the write filter and committing the changes.
The VBS script and .xml scheduled task files are available here:

Note: This will not install updates that display a setup UI (Service Packs, new IE Versions) as a part of the installation.


While verifying Windows patches were up to date on a few Windows 7 clients, WSUS showed one PC needed some updates with approval: "install" but status: "not installed." Running Windows Update check on the PC was not showing any updates available from the WSUS. The WindowsUpdate.log file was showing differently that there were updates detected matching the number that WSUS showed with approval: "install", but Windows Update would never install them.[more]

Recreating the Software Distribution folder on the client seemed to have resolved this synchronization problem.

  1. Stop Windows Update service
  2. Rename C:\windows\softwaredistribution folder  
  3. Start Windows Update service and check again for updates.  It will recreate the softwaredistribution folder automatically.

Windows Update now showed the missing updates to install from WSUS server.




A Windows 8 machine was being backed up with the Windows 7 backup. The backup completed all the file level backup but it failed backing up the system image. I found various articles indicating that the problem was in creating the shadow copy, and apparently it tries to create the shadow copy on the system partition instead of the larger “C” partition (in this case). In this case, the system partition (partition #1 on the physical disk 0) was 1GB and the C drive (partition #2 on the physical disk 0) is about 450GB. [more]

I used the partition program Mini Partition Home Edition V7.7 (downloaded from to resize the C drive smaller, then shift it so the system partition can grow contiguously. I increased the system partition size to 2.5GB. Then, the Windows 7 backup program ran to completion and backed up the system image also.

In using the Mini Partition program, I had to remove all USB drives from the system. If USB drives are found, then the Partition Wizard will error out when it reboots to apply the partition changes. This problem is discussed in the FAQ’s for the Partition Wizard found here:


Starting in Windows 7 and Windows Server 2008 R2, Microsoft introduced sub-category configuration audit policies.  This provides administrators with added granularity when deciding which event logs are necessary to be logged.  More on  Advanced Audit Policies can be found here: [more]

The following command will pull the configuration for all of the new advanced security audit policies:

audipol /get /category:*


I needed to create a command line script that could remove the local users access from sensitive log folder in Windows XP/7.  You can use a built in command "cacls" with many different switches to get the desired results.  However a word of caution when you do not use the /E "edit" switch.

I had tried to remove the local users account from the folder with command "cacls C:\<folder> /D users".  The /D switch is used to Deny a specified user access.  When I went back to look at the folder permissions, ALL of the other accounts had been removed.  The only thing on the folder was Deny all for Users.  Make sure and use the /E "edit ACL" switch so that all of the other account permissions are retained.

Also, after I removed the permissions for local users, I logged in as a test user and was still able to access the directory.  The reason was that there was another security account called "Interactive" that had read access.  This is a local system account and will apply to anyone logged into the system.  Removing the Interactive account achieved the desired results.


Extended Control Panel:  There is a special hidden feature in Windows 7 (Vista and Windows 8 also) that allows you to show an extended control panel (so called “God” mode). Here you will find a detail list of most things you can imagine and some things you never heard of… about your operating system. [more]

Create a NEW Folder, and rename the folder to “Extended Control Panel.{ED7BA470-8E54-465E-825C-99712043E01C}”

The folder will then change to a blue icon and you will see a list of items to control/administer your operating system.


This is an addendum to a previous post on searching in windows explorer.  You can also search in all sorts of places, not just the file system

Control panel - sort of an expanded fuzzy search and finds items related to your term.

Under Add/Remove programs, installed updates: You can search for a KB number to see if it’s installed.  You have to start with a word and it does not seem to use wildcards.  Also you cannot specify fields, like program:, version:, etc.[more]

Keep this in mind when you are scrolling through a long list of printers, list of gadgets, etc.

New gotcha:  Outlook:// links no longer work.  It looks like officially these are no longer supported.  It is still recognized by Outlook, so a simple workaround there is to just start up Outlook and pass it the URI.
This will still work for folders in your mailbox, outlook://Inbox will go to your inbox.  But this will not work for public folders.
There is a discussion here: that says the official word from Microsoft is "there is no solution".  It seems the problem is caused by the fact that Outlook can now access more than one Exchange server at a time, so the SMTP address of the user is now included in the path to the Public folders.  So it will work by including your e-mail address, like this:

outlook /recycle /select "outlook://Public Folders - Public Folders/Contacts"


I had been helping a vendor install Cisco VPN Client and the installation kept failing with “Error 27850.  Unable to manage networking component.  Operating system corruption may be preventing installation.”

As it turns out, there was other VPN software installed and bound to the local network adapter.  Windows 7 has a default maximum number of 8 network filter drivers it can have assigned to the network adapter. 

The image at the following link shows a good example of adding more than 8 network filters to an adapter:

The maximum number of filter drivers for Windows 7 can be set to 14.  To increase the value from the default, the change must be done in HKEY_Local_Machine\System\CurrentControlSet\Control\Network\MaxNumFilters.  Increasing the value to 14 allowed the Cisco VPN Client installation to complete.


A day or so after returning home from an audit trip I noticed my system seemed to be extremely slow when performing everyday tasks.  For example, I noticed 100% CPU utilization that seemed to be tied to offline files synching up.  I fiddled with it off and on and then realized what had happened when Carl sent an email explaining a little research he’d done.

He explained what the Maximum frequency indicator in the resource monitor meant.  If it’s 100% or higher, the system is running close to its top speed. However, if it’s running lower, it is probably something like speed step cutting back on resources to save power. [more]

I looked at mine and the maximum frequency was showing about 30%.  That’s when I remembered changing to power saver mode for battery savings when I was in an exit meeting at the bank prior to coming home.  I didn’t have access to a power plug and I didn’t want to run out of juice during the meeting.  Then when I got home, I didn’t think of it until this came up.

I changed back to my normal power mode and the maximum frequency jumped above 100% and things began running normally.

With regular power settings (maximum CPU, etc.):

However, if I use the predefined "Power Saver" power mode:


I came across a weird issue with a user running Windows 7 with Outlook 2010.  Tif attachments opened from an e-mail launched Windows Photo Viewer.  When the document was printed, it was cutting off a good portion of the bottom from all of the pages. 

While troubleshooting printer settings, I had saved the tif attachment to the user’s desktop and it printed correctly after opening it from there.  There were no changes between opening the document from Outlook vs. the desktop, but something was causing the printer to cut off the bottom area. [more]

It was suggested that we try using the Microsoft Office Document Imaging (MODI) application to handle tif files instead of the Windows Photo Viewer in Windows 7.  Upon trying to install the feature from Office 2010, it is not available. Microsoft has the following workarounds listed in this article

I chose to go with option 2 which was to download the free SharePoint Designer 2007 which includes the MODI tool.  Beware that this download is 295 MB, so it took me about 30 minutes to download just to get this little utility. 

After performing the custom install for MODI, it does not show up in the list when you right click the tif file and choose what program to open tif files with.  I had to right click on the shortcut in the start menu and get the file path from the properties.  Then I added MODI to the list of applications to open tifs with and checked “always use”.

The Microsoft Office Document Imaging utility printed out the user’s tif documents without any issues.