Blog: Windows Vista

I recently ran across a free open source utility called Keyfinder that extracts license keys for the software you have installed on your computer.   You can find more information and download it from http://magicaljellybean.com/keyfinder/. [more]

There is a configuration file that indicates where in the registry the key is located for various products - it can be expanded for additional products.  You can also load the hive from another drive if you have an accessible drive from another system and need the keys for software that was installed on it.

A user a one of our client's site was experienc an issue where a Symantec Antivirus full scan was started when the user logged in every morning.  The scan was scheduled to run at 1:00 AM, but it seemed to be ignoring the schedule.  The problem was caused by the computer being in sleep mode during the evening when the scan was scheduled to run.  The scheduled scan would not bring the computer out of sleep mode to run the scan at the scheduled time.  As soon as the started to login the computer would come out of sleep mode and the scan would start.  The power saving options are a per use setting.  Without group policies in place, this setting must be completed for each user on each computer.

One of our employees started experiencing regular account lockouts a few weeks ago.  The lockouts started soon after a domain password change.  At boot, and random times throughout the day, his account would just reach the maximum bad attempts and lock.  We checked to make sure he didn’t have any saved credentials under the “Managed Network Passwords” settings of his user account.  The few he had didn’t appear to be related, but after a while we went ahead and cleared them all out.  We checked all his services to make sure none were using his domain account to start.  We also checked scheduled tasks, but none appeared to be the problem.  We thought it might be one of his startup applications, so we disabled all his HKLM/HKCU Run and Startup folder items.  This didn’t fix the problem.  We noticed the account would lockout even before he tried to login, so we were sure it had to be something starting up with the computer (not part of his profile).  The event log kept saying the failure was coming from a stored credentials (though we had removed all the ones we knew of).  We eventually cleared the registry key where all stored passwords are saved, which also caused us to have to remove and rejoin the domain (machine account password probably got cleared).  None of this worked. [more]

We tried to remove all applications we thought might have some old credentials cached.  We removed his ThinkPad fingerprint software, disabled his backup software, removed Symantec.  When none of this worked, I had him decrypt his drive and remove PGP Desktop (multiple day process).  The problems still persisted.  We then booted into safe mode (with networking) to see if the lockout would still happen with a bare minimum of services.  It didn’t.  We ran msconfig to do a “diagnostic startup” (safe mode not in safe mode).  We waited at the logon screen to see if the account would lockout.  It didn’t, so we logged on and began starting services one by one.  (NOTE: msconfig sets services to Disabled, so you must  1) run it  2)set it back to normal startup  3)when prompted to reboot, don’t … then services will be back to their default settings.)  We started a few services, then noticed we actually weren’t on the network because the DHCP service wasn’t running.  We started all network related services and made sure we were authenticated on the network.  We waited to see if what we had brought up so far would cause the lockout.  It didn’t.  We started working through the rest of the services one by one, and eventually two by two.  We finally got to the service “SeaPort”.  The service has no description, but research shows it to be installed alongside any Windows Live “essentials”.  After starting the service, the account locked out.  We played with the service a few times (unlocking, restarting it, unlocking, etc.) to verify it was the problem.  We disabled the SeaPort service and rebooted (with everything else set back to “normal”).  No lockouts!  After a while, we started the service (just to make sure one last time after a clean boot).  The account locked out.  We permanently disabled the service.

A problem I have had since upgrading to Vista was being unable to access domain resources once I connect a VPN session to a customer site. Accessing file shares on our network or connecting to Activity would require me to run "cmdkey.exe /delete /ras" to clear the RAS credentials cached when the VPN was established. I never had this issue with my Windows XP installation. So, after getting fed up with always having to run the command, I finally found a solution. Which is to disable using RAS credentials on my VPN connections. To do so, follow these steps: [more]

1. Locate the .pbk file that contains the entry that you dial. To do so, click Start, type *.pbk in the Research Bar, and then press Enter.
   • Vista location (C:\Users\<USERNAME>\AppData\Roaming\Microsoft\Network\Connections\Pbk
   • XP location (C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk)
2. Open the file in Notepad.
3. Locate the following entry: UseRasCredentials=1
4. Modify the entry to the following: UseRasCredentials=0
5. On the File menu, click Save, and the click Exit.

I was experiencing long delays when attempting to delete files from my laptop or external USB drives.  For example, deleting a 1.5 GB file would start a continually rotating flood bar of deleting.  It would run for 30 minutes or more before I would give up and click the cancel bar in the dialog window.

The canceling would also present a never ending flood bar lasting 15 minutes or more.  After doing some research regarding an early Vista problem with file moves and deletions I looked at several configurations but could not find the problem.

Finally realized during the installation of PGP desktop I had enabled a secure delete (shred) feature.  When I disabled the shred feature, my never ending delete processes went away.

Desktop Restore is a free shell extension that records the position of desktop icons and lets you restore your favorite layout when things have been rearranged by things such as having the screen resolution change.  [more]

www.midiox.com/desktoprestore.htm

This is a context menu where you can save or restore the desktop but there is also a custom save/restore option that saves multi-monitor information:

NTFS Undelete is a free software utility that recovers deleted files that are no longer in the recycle bin.  Of course, you're hoping something hasn't overwritten any of the deleted file.  An ISO image is also provided if you want to run NTFSUndelete from a CD rather than installing the program after deleting a file.  (The ISO image is not bootable, just used to run NTFSUndelete from the CD.) [more]

http://ntfsundelete.com

The user interface is easy to understand and there are some helpful advanced search options (date, size filters as well as file names, etc.)

Find the container for the software within the Uninstall path in the registry.  Usually there is a description within that says what program it is tied to.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*Install Container*

Registry DWORD values that can be added are “NoRemove”, “NoRepair”, and “NoModify”.  Setting these values to 1 enables the setting or use 0 to disable.  You can use these settings to keep users from manually being able to remove, repair, or modify specific programs.

For Vista users you may have found that when you run ipconfig from the command prompt you are given an extremely long list of network interfaces. These are actually all IPv6 tunnels. In order to disable these tunnels there is a registry setting that has to be changed. The registry setting is located at:

HKLM>System>CurrentControlSet>Services>Tcpip6>Parameters

Within the parameters key you have to edit a dword called ‘DisabledComponents’. By setting this value to 1 this will disable your IPv6 tunnels and thus clean up your ipconfig results. Its possible that you may not have ‘DisabledComponents’ under the Parameters key in which case you will have to create one