Major performance boost: Disable NETBIOS and related on all Windows NICs
article #1557, updated 5 days ago

NETBIOS is a very legacy protocol, security of it is very poor. Substantial performance gains by disabling it have been noticed. This is probably because when active it broadcasts constantly to every single NIC on its LAN, creating NIC and switch contention. Also, a large proportion of security violation exploits use it, so disabling becomes a very good idea in general. The only exceptions occur when there are needs to do SMB sharing with very old machines, machines all long out of support. By default, it is still active on all current Microsoft Windows operating systems.

Here is a paste to Powershell that does it all:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }

Get-WmiObject Win32_NetworkAdapterConfiguration | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')

$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'

Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"

The various bits are below.

Turn off NETBIOS over TCP/IP, for each NIC:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Where-Object -Property 'TcpipNetbiosOptions' -ne $null | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }

Get rid of all WINS entries, if present (sorry, no CimInstance code yet):

Get-WmiObject Win32_NetworkAdapterConfiguration -Filter "IPEnabled='True'" | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')

Uncheck of LMHOSTS lookups:

$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'

Disable the service “TCP/IP NetBIOS Helper”:

Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"

If Microsoft DHCP is in use, DHCP can tell clients to do the simple disable, the first item above:

And if you want to combine the above with a new Microsoft standard preventing Windows port exhaustion:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }
Get-WmiObject Win32_NetworkAdapterConfiguration | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')
$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"
netsh int ipv4 set dynamic tcp start=49152 num=16384
netsh int ipv4 set dynamic udp start=49152 num=16384

Below is another script, to reenable the protocols, though it does not try to put back any WINS server IPs that may have been deleted, and it cannot override Microsoft DHCP:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = 0 }

$DisableLMHosts_Class=Get-WmiObject -list Win32_NetworkAdapterConfiguration
Set-Service -Name "lmhosts" -StartupType Manual
Start-Service -Name "lmhosts"



Road sensors in cars
article #1588, updated 7 days ago

An epiphany, after a rental:

My truck doesn’t have any road sensors to malfunction or replace!! And neither does Sweet Lori’s car!!! Yahoo!!!!!



Appx Cleanup for Windows 10/11 Performance
article #1561, updated 23 days ago

Appx’s are a method used for application install, first delivered in Windows 8.1. There are a lot of builtins which take live system resources in hidden fashion, usually not showing up in Task Manager very much or at all. And there have been a lot of changes in this over recent years. Here’s an overview of items for cleanup as of this writing. One can free a lot of resources on machines this way.

The first thing to know is that many appx’s are “provisioned”, they are embedded in the current (“online”) DISM image, and will be automatically activated whenever a new user profile is made. To get a list of these:

Get-AppxProvisionedPackage -Online | Sort-Object | ft DisplayName, PackageName

To get a list of all apps installed for all users, in nicely sorted form:

Get-AppxPackage -AllUsers | Sort-Object | ft

To remove several of these, that I like to have gone in business desktops, both from provisioning and from any user for which any of them may be installed:

#Begin Script

$RemovalItems =  @(

$ProvisionedItems = Get-AppxProvisionedPackage -Online
foreach ($ProvItem in $ProvisionedItems) {
	foreach ($RemItem in $RemovalItems) {
		If ($ProvItem.DisplayName -like "*$RemItem*") {
			Write-Host "Deprovisioning:" $ProvItem.DisplayName
			try {
				Remove-AppXProvisionedPackage -Online -PackageName $ProvItem.PackageName -ErrorAction SilentlyContinue | Out-Null
			catch { "Failed: Microsoft does not allow, or other error." }
			if (!$error) { "Succeeded!" }

$InstalledItems = Get-AppxPackage -AllUsers
foreach ($InstItem in $InstalledItems) {
	foreach ($RemItem in $RemovalItems) {
		if ($InstItem.Name -like "*$RemItem*") {
			Write-Host "User-level removal operation:" $InstItem.Name
			try {
				Get-AppxPackage $InstItem.Name -AllUsers | Remove-AppxPackage -Allusers -ErrorAction SilentlyContinue | Out-Null
			catch { "Failed: Microsoft does not allow, or other error." }
			if (!$error) { "Succeeded!" }

# End Script

The above first gets rid of the provisioned, then the user-level for all user profiles, for the whole list. There are some for which Microsoft prevents all removals; errors are thrown for these.



Increase WMI quota for performance under heavy load
article #1587, updated 24 days ago




IP4 subnet calculators
article #79, updated 25 days ago

For CIDR to IP range (IP range extraction):

For IP range to CIDR:

IP subnet calculator:



Delete and recreate NTFS USN journal for performance gains
article #1483, updated 30 days ago

The journal can get huge over time, slowing machines down a lot. Here’s how to delete it and recreate it for C:, in CMD. The process can cause interference and conflict with Windows internals and applications, though I have not seen this happen so far. On a machine that has been in use a while, it can help a whole lot.

fsutil usn deletejournal /n C: & fsutil usn createjournal C:

Here are quick pastes for D: and E:.

fsutil usn deletejournal /n D: & fsutil usn createjournal D:
fsutil usn deletejournal /n E: & fsutil usn createjournal E:

In 2012R2/8.1 and before, we must be more specific in the creation:

fsutil usn deletejournal /n C: & fsutil usn createjournal m=1000 a=100 C:
fsutil usn deletejournal /n D: & fsutil usn createjournal m=1000 a=100 D:
fsutil usn deletejournal /n E: & fsutil usn createjournal m=1000 a=100 E:

And here’s Powershell, to do it all for every drive letter in the system:

# Delete and Recreate NTFS USN Journal #

# This script iterates through all lettered NTFS drives in Windows, 
# and deletes and recreates the USN Journal of each one.
# Considerable performance gain results if the image has been running
# for a year or more.

# There are slightly different commands between some OS versions.
$OSVer = [System.Environment]::OSVersion.Version
If ($OSVer.Major -gt 10)
	"OS > 10. Create uses short command."
	$ShortCommand = $True
} ElseIf ($OSVer.Major -eq 10) {
	If ($OSVer.Build -le 14393)	{
		("OS is 10 build " + $OSVer.Build + ". " + "Create uses long command.")
		$ShortCommand = $False
	Else {
		"OS is 10, build > 14393. Create uses short command."
		$ShortCommand = $True
} ElseIf ($OSVer.Major -lt 10) {
	"OS < 10. Create uses long command."
	$ShortCommand = $False

Get-CimInstance -Query "Select * FROM Win32_LogicalDisk WHERE DriveType=3" | ForEach-Object {
	$DriveID = $_.DeviceID

	If ($DriveID -match "[A-Z]")
		"Deleting USN Journal on " + $DriveID + " ..."
		fsutil usn deletejournal /n $DriveID

		"Recreating USN Journal on " + $DriveID + " ..."
		if ($ShortCommand) {
			fsutil usn createjournal $DriveID
		else {
			fsutil usn createjournal m=1000 a=100 $DriveID
# End Script




Use DMARC to harden SPF and DKIM
article #1255, updated 33 days ago

As of Q4 2023, Google and Yahoo are requiring DMARC to be set on the sender side, for many emails to be delivered. Some Office 365 tenants have exhibited similar behavior.

The following TXT record contents:

v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s

indicate that both DKIM and SPF are checked, and any email not satisfying both entirely, will be marked such that a spam filter should quarantine it. The =s means “strict”; there is a “relaxed” mode, =r, which allows subdomains. But if you have to allow for some email to be transmitted without DKIM, e.g. from a web site’s or application’s email generator, go with either this:

v=DMARC1; p=quarantine; pct=100; aspf=s

which does not look at DKIM; or if you must, this:

v=DMARC1; p=none

which is a kind of ‘null’ DMARC, it’s a placeholder such that DMARC exists, but doesn’t do anything. At least one cloud-application vendor is recommending this, but it’s far from clear how Google, Yahoo, and other machines will respond to it, either now or in the future.

To use the above, create a TXT record of name _dmarc with chosen contents.

Some more info is here:



If you have a Ford with a "permanent" air filter...
article #1586, updated 49 days ago

My sweet Lori’s 2007 Ford Focus came with a “permanent” air filter, “suitable for the life of the car” by one suggestion. After we had had the car a while, I knew we wanted to keep it running long, long past Ford’s glorious preferences, so I started looking for options. One well-known vendor sold an aftermarket air filter box for about $480. This seemed a bit high to me for a mildly complicated piece of plastic, so I looked further. And lo and behold:

Highly recommendable, and $78 at this writing. I saw some reports which said it made things a tad louder; au contraire I must report, Sweet Lori’s little car is now quieter, much smoother, better power. Yahoo!



Automatic update of Lenovo drivers, firmware, etc.
article #1585, updated 68 days ago

Here it is:

It’s also available via Winget: winget install "Lenovo System Update"



New Windows package management: winget
article #1504, updated 68 days ago

It’s built into the latest builds of Windows 10 and 11 and Server, and can be installed into many.

To see if you have it, try winget from CMD or Powershell. If you don’t have it on a newer platform with the Microsoft store, here’s the link:

One good way to try it, is to install Microsoft .NET framework (SDK) 6, thus, from administrative Powershell:

winget install --id Microsoft.DotNet.Runtime.6 --silent --accept-source-agreements

I learned just now that if you add other seemingly valuable options to the one above, e.g., --scope machine, at least while running as SYSTEM, it will fail citing package not found. So you’ll want to test carefully.

Here’s one proven just now for 7zip (there’s a “search” option in winget to get the ID):

winget install --exact --id 7zip.7zip --accept-package-agreements --silent --scope machine

Here’s one for Google Chrome, needs a bit of extra:

winget.exe install --exact --id Google.Chrome --silent --accept-package-agreements --accept-source-agreements --scope machine

If you do want to use it from the SYSTEM account, in scripting, it gets interesting. You’ll want to first run this:

$ResolveWingetPath = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe"
    if ($ResolveWingetPath){
           $WingetPath = $ResolveWingetPath[-1].Path
$ENV:PATH += ";$WingetPath"

and then winget will run as expected.

Adding Winget on Windows 10/2019/2016 builds 1809 or lower is touch and go. This worked on a recent Server 2019/1809, with the addition to the path above:

# Install VCLibs
Add-AppxPackage ''

# Install Microsoft.UI.Xaml.2.7.3 from NuGet
Invoke-WebRequest -Uri -OutFile .\
Expand-Archive .\
Add-AppxPackage .\microsoft.ui.xaml.2.7.3\tools\AppX\x64\Release\Microsoft.UI.Xaml.2.7.appx

# Install the latest release of Microsoft.DesktopInstaller from GitHub
Invoke-WebRequest -Uri -OutFile .\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle
Add-AppxPackage .\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle

# Fix permissions
TAKEOWN /F "C:\Program Files\WindowsApps" /R /A /D Y
ICACLS "C:\Program Files\WindowsApps" /grant Administrators:F /T