Blog: Windows 7

I was running out of disk space on the C: drive of my laptop recently. I used WinDirStat to look for some files that could be removed to free up space.  It was immediately apparent that most of my free space had been taken up by a couple of virtual machine images I had been working on. However, I also noticed a large chunk of space being taken up by the Windows 7 hibernation file (hiberfil.sys). 

The hiberfil.sys file is used to dump the contents of RAM when the laptop goes into hibernation, so it has to be almost the same size as the amount of RAM in the laptop (I guess some compression takes place). As we add more and more RAM to our laptops, more and more disk space will be eaten up by hiberfil.sys. For example, a laptop with 8 GB of RAM may have a hibefil.sys file taking up about 6 GB on the hard drive. Since I don’t use hibernation on my laptop (just sleep and shutdown), I searched for a way to get rid of the file without making Windows angry. The answer is pretty simple. You just open a command prompt with administrator privileges and run “powercfg –h off”. Windows hibernation is now disabled. Your hiberfil.sys file will be gone and the “Hibernation” option will be removed from the Start menu (see screenshot below). [more]

I had trouble in renaming a mapped drive. Windows Explorer allowed me to right click on the drive and select rename. However, I discovered while I could delete letters from the name, I couldn’t enter any letters. So, I was left with an accidental abbreviation for the drive name.

I decided I would remove the misnamed drive and redo the mapping. I was surprised to see when I re-mapped the drive and typed in my preferred drive name, it reverted back to the accidental abbreviation.

I searched for a solution and learned about registry entries for Windows Explorer called MountPoints2. I found the accidental abbreviation in the “LabelFromReg” key. Editing the key to the correct name fixed my problem. As an aside, my research also indicated using this registry key will solve some issues which had existed in XP regarding the length of the mapped drive names.

One of our users was having trouble opening an e-mail attachment that was sent from one of our software applications.  It looked like some kind of permission problem.  When he tried to preview it, it would just say the file cannot be previewed because of an error in the PDF Preview Handler.  If he tried to open it, it would say that it could not save the attachment.  He was previously able to open them without receiving the error.  I found that when you open Outlook attachments, it usually saves them in a randomly named folder under this path:

%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook

This location can be changed with a registry edit.  Since that Temporary Internet Files folder is a special folder, you cannot drill down to this; you must paste or type it into explorer (or your favorite command prompt).

I'm sure you've seen how Windows will create a file with a number in parentheses if a file by that name already exists?  The problem in Grant’s case is that the attachments being e-mailed to him were all named Attachment.pdf, so they were being named Attachment.pdf(1), Attachment.pdf(2), etc.  It seems like the limit was 199 of these renamed files on Grant’s machine.  I have not been able to determine how this limit is determined, and it does not seem to be the same everywhere.  Cleaning out that folder solved his issue (at least until he gets the 200th e-mail again).

We often find the need to document the steps we take towards solving a particular problem – whether that solution be to help a customer with a similar problem, or to keep track of how to make tricky changes we don’t want to have to “re-figure out” in the future.

These HOWTO documents are invaluable to have and maintain, but are very often a hassle to make. It looks like Microsoft ran into the same problem and decided to create an application called “psr.exe” (Problem Step Recorder) to help one create these documents with minimal effort, but with excellent formatting.

To use this tool, just click “Start” and search for “psr.” Then, you can run the executable and start recording. This tool records every mouse-click and keyboard input, capturing a screen shot at every step. You also have the ability to add your own comments to each step of the process.

Then, we you are finished recording, you can click “Stop Record,” and you will be asked to save the recorded steps as a zip folder. Then, just open up the folder to find the MHT document (that contains all the steps you took) that will open in a web-browser.

This document can then be saved or distributed as needed. Needless to say, this tool can save everyone time since you just have to follow the steps once and the application will create the HOWTO document for you. As mentioned above, this tool can create HOWTO documents, but can also be used for other purposes, such as having a customer show you exactly what they do to create a software issue.

In my opinion, ClearType text looks fuzzy and I like my text crisp and sharp. I have found that just turning ClearType off does not always really keep it turned off. On Windows 7 there is a ClearType Text Tuner dialog where you keep selecting which box of text looks best. Even though clearing the checkbox immediately seems to turn off ClearType, it does not stay off. You have to go through all the dialog boxes and select that last Finish button. You may need to close and reopen some applications or even log out and back in again.

Under 64-bit Windows 7, I noticed the latest version of Acrobat Pro X (V10.1.2) becomes unresponsive for about 4-5 minutes after opening a PDF file.  Then everything is fine.  I found references to this problem being related to protected mode being used when opening PDF documents.  In the program's preferences, there's an Enhanced Security section.  When I disabled enhanced security, PDF documents started opening quickly.

Then I went back and turned enhanced security back on and added folder paths to the Privileged Locations you can specify as part of enhanced security and was able to open files from these locations without the delays.  Testing is not conclusive since I have been unable to make it go from fast to slow predictably.  However, turning off enhanced security was conclusive.

As most know, when using PGP to encrypt a hard drive, you enter your password at the boot screen and it will log you into Windows. After redeploying a laptop for a new user, PGP would not pass the new username thru to Windows. It would stop at the Windows credential prompt with an previously used username. After a fair amount of troubleshooting and research, it was determined the problem was with the TPM chip.

PGP can be configured to use password only or TPM and password to authenticate users. PGP on this laptop had been configured to use TPM and password. The TPM chip had become locked out by the previous user. Which prevented new users from accessing the TPM chip. So you could add a new user to PGP but it never would add the user to the TPM configuration and there was no error stating this.  Since the old user’s password was not available, it required deactivating the TPM chip. Before deactivating TPM, the administrator account being used changed to password only in PGP. If this change wasn’t made to the administrator account first, it would have locked out of PGP. TPM was deactivated and the laptop rebooted. TPM was reactivated and the laptop rebooted. The new user account was added back to PGP and rebooted again. This time PGP passed the username through to Windows without any problems.

When I'm working on Word 2010 documents located on a file share, particularly when they are included in folders I have synched for offline use, I often receive an error message when trying to open the document.  The message tells me the document is locked for editing by 'another user' and asks if I want to:

1. Open a read only copy
2. Create a local copy and merge changes later
3. Receive notification when the original copy is available

I usually select the last option and wait a minute or two and then receive a message when I can change my access from read only to read/write.  However, this is inconvenient partly because the 'another user' error dialog box almost always ends up displaying underneath the explorer window I am using to open the documents since I usually am opening several related documents at the same time.  There is no indication the dialog box is there until I try to open another Word document and receive a message I must close an open dialog box, etc.  Once I dig around and find the open dialog box, I can respond to receive notification when the original copy is available. [more]
 
I found numerous notes about this type of problem others are having and found one that suggested I turn off the Windows explorer Details pane to see if that helped.  In fact, it fixed my problem.

http://social.technet.microsoft.com/Forums/en-AU/word/thread/307d3e8d-914f-4e11-972d-59717098419b

However, I kind of like the information provided in the Windows explorer Details pane.  There was also a mention about applying the following hotfix if turning off the Details pane didn't work but I wasn't too excited about a hotfix unless it was absolutely necessary and the description of the hotfix didn't seem to exactly fit my problem.  In particular, it's for non-DFS errors and these files are on a DFS share.

http://support.microsoft.com/kb/2434932

The other day I tried to take an old laptop from one of our auditors to use on an audit.  When the auditor got his new laptop he migrated his entire system partition to the new machine, then renamed the machine on the domain.  This had the effect of updating his domain machine account to the new machine, and essentially killing his old machine's ability to logon to the domain.  This might not be a huge deal, except the old machine was set up to use RSA. 

From my understanding, RSA kills access to local accounts.  So, without being able to login with local accounts or domain accounts (since the machine account was essentially removed), the old laptop was pretty useless.  To work around the authentication issue I had to have the previous owner login to the machine offline (i.e., with it unplugged from the network so cached credentials would be used).  I was then able to enroll one of my fingerprints under the auditor's account to allow me to use his old laptop offline for a few days before doing a full cleanup and rejoining the domain. 

So, the lesson to be learned is, if you are going to migrate an old system to a new system using the same old domain machine account, please go back after the process and cleanup the old machine (remove RSA, rejoin the domain, reinstall RSA) so it will be useful to the next person.