Some Notes on the Machines

Every scripting language which runs on Windows can call multiple methods of bringing up a popup to users. However, only this CMD method seems to do it for all users, and be callable universally:

msg * /time:9999 /v /w Put your message here!

Appears to work in Vista, 7, and 8. A whole lot of web references are out there on this. Just one example:

http://helpdeskgeek.com/windows-vista-tips/manage-irq-settings-windows-vista-7/

One studies a list of IRQs and related hardware, and then choose the hardware to maximize priority upon using registry adds. Use msinfo32 (Hardware Resources, IRQs).

We then add registry entries here:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl

It is reported best to include IRQ zero (0) and eight (8) to start with, this is system timer and real time clock. To do these two, add the following-named items as DWORD in the above area, value 1 for the first, value 2 for the second:

IRQ0Priority
IRQ8Priority

When originally looking at this, I was solving a tendency for my softphone to cut out during any load situation or drive access, and so I checked my PC using Device Manager and msinfo32 as above, and also added subseqeuent priorities:

IRQ7Priority
IRQ20Priority
IRQ21Priority
IRQ4294967288Priority

because on this box, 7, 20, and 21 were USB, and 4294967288 was the active NIC. After you have made the changes, reboot.

The above also produced much better response to VNC and RDP redirection via Labtech.

At least one resource states that one must not set the same priority to multiple IRQs. Duplication may be the source of some reports saying it is placebo effect. Here is a very interesting post with some seriously good-quality testing and results:

https://www.tenforums.com/performance-maintenance/140553-regedit-priority-control-irq.html#6

Sometimes IPv6 networking goes haywire, on a PC, server, or even a whole network. Machines are there, ping may happen or not, but one, some, or all of them just insist on using oddball IPv6 IPs to connect to each other, even though nothing has been changed voluntarily. Given that even after all these years there still are no useful IPv6 blacklists on the Internet, and given the excellent methods in place to use IPv4, we see no need for IPv6 at this time.

But Microsoft does insist on using IPv6 inside its operating systems, so we must keep it running; disabling v6 does harm in a Microsoft environment. The following is Microsoft’s recommendation to instruct Windows to prefer IPv4, which does eliminate the above issue. One adds a DWORD here:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\

named DisabledComponents. Hex value 20, binary 32. Then reboot.

A quick way to do the registry add, in administrative CMD:

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents /t REG_DWORD  /d 32

Still you’ll need to reboot to get it to take effect.

The info is from this reference.

Several fixes, some of them most interesting:

https://www.guidingtech.com/fixes-for-chrome-not-opening-on-windows/

Number 4 on that page, is most surprising, and often functional with new build upgrades.

Recommended by the amazing Yvonne Wynkoop.

There is some definite undocumented mystery concerning Volume Shadow Services in Windows. In general we are told to use VSSADMIN to do maintenance, and it does a lot, and helps a lot. But recently there was a Server 2012 R2 machine using 280G of space for System Volume Information on C:, and after CHKDSK and various DISMs it still was using 280G. So I tried removing all orphan shadows with VSSADMIN, and it found one and removed it; almost zero change comparatively. And then I searched a little deeper.

DISKSHADOW is built into Windows 2012 R2 and later, and earlier too I think, not sure how early. It may be a successor to VSHADOW which was an SDK add-on to 2003. Regardless, DISKSHADOW is a command-line environment of its own sort of like NSLOOKUP and DISKPART (!), not a simple command, can run a script of its own commands, and one of its commands is:

DELETE SHADOWS ALL

Now VSSADMIN DELETE SHADOWS /ALL deletes all orphan shadows, all VSS shadow copy sets which Windows knows are good to delete. The above within DISKSHADOW is a different animal altogether: it deletes them all. And does not appear to report anything to event logs (!). And definitely frees up a whole lot of space. And also, definitely not least, is flagged as infection activity by certain high-test super-anti-malware tools, when run! That was amazing, a Windows built-in being run with one of its own recommended commands, flagged. But I’ll think that that means this is to be used only when very needed. There may be gotchas I don’t know about yet.

As I write, the System Volume Information on this C: drive has been shrunken 290 (two hundred ninety) gigabytes, and everything is still running fine. There were originally 522 (five hundred twenty-two) shadow copies hanging out there of many different sizes, and DISKSHADOW was able to delete them all, all server services appear AOK.

Well, it rocked my little world. This came from the excellent Terry Powell. He had a Server 2016 machine where Explorer would crash and restart every time Devices and Printers was opened. A very large number of common fixes was tried, including four different DISM methods with SFC and others, no change, DISM said the image was fixable but nothing would fix, and the only thing clearly missing according to DISM and SFC logs was a .lnk file. Terry found a reference stating that if one clears everything here except “(Default)”:

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices

and then restarts the printer spooler, all begins working well. And indeed, it appears that this is space in which bad gunk can build up! He found about 100 there, removed them, and lo and behold, all is well. Powershell code to do this:

function Remove-AllItemProperties
{
    [CmdletBinding()]
    param([string]$Path)

    Remove-ItemProperty -Name * @PSBoundParameters
}

Remove-AllItemProperties "HKCU:\SOFTWARE\microsoft\windows nt\currentversion\devices"

Stop-Service Spooler
Start-Service Spooler

If you get PsTools, and do this:

psexec -i -s CMD.exe

you’ll get another CMD box, where the username is SYSTEM, that is to say, the hostname of the machine with a dollar sign on the right end. If the machine is on a domain, it is DOMAIN\hostname$, have not tested it on a non-domain machine yet.

One software installer recently, required that the folder containing its installer package be TAKEOWNed and ICACLSed, as that system user, before it would run to completion, it must have some odd permissions bug in it.

There are likely to be quite a few circumstances in which this special CMD can be useful.

To see if there is cleanup to be done:

DISM /Online /Cleanup-Image /AnalyzeComponentStore

To remove obsolete and unused system files:

DISM /Online /Cleanup-Image /StartComponentCleanup

To remove obsolete and unused system files and also service pack uninstallation files:

dism /online /Cleanup-Image /SPSuperseded

To remove obsolete and unused system files and everything prior, making it impossible to reverse any patches:

dism /online /Cleanup-Image /StartComponentCleanup /ResetBase

If MMC for any Windows administrative tool gets stuck, delete everything here:

C:\Users\USERNAME\AppData\Roaming\Microsoft\MMC

This command:

wmic product where name="Application Name" call uninstall /nointeractive

appears to do it. Put the whole long name from the software list in Control Panel, within those double parentheses. This works in at least some cases where msiexec /x does not. And it is not version-specific.

To get a full list of names with GUIDs, try this:

get-wmiobject Win32_Product | sort-object -property Name | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize