This can solve lots of problems:
# Reregisters the remaining Appx items, this can solve lots of problems
"Reregistering needed Appx items..."
Get-AppXPackage -AllUsers | Foreach {
Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)AppXManifest.xml" -ErrorAction SilentlyContinue | Out-Null
}
If you see “BitLocker waiting for activation”, this is a situation needing careful action: the machine is in an unstable state, and is likely to bluescreen and/or misbehave in other ways unless handled well.
What has happened, is Microsoft’s BitLocker, embedded into Windows, has done at least some encryption of the hard drive, but has lost whatever tool it was that controlled the encryption, so it is not “activated” even though the encryption is in place at least to some extent. One of the tools known to do this, is McAfee Security, it is not unlikely that there are many others.
If you see this situation, don’t try to install or remove anything yet, don’t try diagnostics, just run this from administrative CMD:
manage-bde C: -off
Then, in Control Panel, in the Small Icons, you’ll notice BitLocker Drive Encryption. Please be aware that status reporting in this Control Panel area is not reliably informative. To know what is happening, run this:
manage-bde -status
Discovered by the excellent Yvonne Wynkoop.
Sometimes, when software won’t install, especially something like ShadowProtect SPX which includes a driver, it is because of corruption of one or more internal Windows certificates. A method recommended to some extent in a few Microsoft resources:
certutil.exe -generateSSTFromWU roots.sst Import-Certificate -FilePath .\roots.sst -CertStoreLocation 'Cert:\LocalMachine\Root' -Verbose
This does not always work. The only thorough method currently known to this writer, is to download this:
http://media.kaspersky.com/utilities/CorporateUtilities/rootsupd.zip
which contains a binary called “rootsupd.exe”. It will unpack itself if one runs it in administrative CMD, with syntax like this:
rootsupd.exe /c /t:C:\rootsupd
It will create the folder C:\rootsupd. Then go into C:\rootsupd, and do these (administrative CMD, not Powershell for some reason!):
updroots.exe authroots.sst updroots.exe -d delroots.sst updroots.exe roots.sst updroots.exe updroots.sst
rootsupd.exe was, according to Google, available by download from Microsoft, but is not at this writing.
One does not have to reboot the system after doing the above, so far it just works.
Recently received these. Not all work in all versions of Windows. Run these commands in administrative CMD. Some will take effect at next reboot.
netsh int tcp set global chimney=disabled netsh int tcp set global rss=disabled netsh int ip set global taskoffload=disabled netsh int tcp set global autotuninglevel=disabled netsh int tcp set supplemental custom congestionprovider=none netsh int tcp set global ecncapability=disabled netsh int tcp set global timestamps=disabled netsh int tcp set supplemental custom congestionprovider = ctcp netsh int tcp set global ecncapability=enabled reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v EnableTCPA /t REG_DWORD /d 1
Apparently, not only is there SMB1, SMB2, and SMB3, but there is also NTLMv1 and NTLMv2. If we need to access older NASes and the like reliably, we may need to create or set this DWORD:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
to 1.
This can sometimes save a lot of CPU and/or disk cycles.
GUI:
CMD:
schtasks /Change /Disable /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser"
Search the machine for the “Synchronization Service Manager”. That’s the GUI debugger.
Some applications will crash or fail to run, asking for OpenGL emulation libraries, sometimes ANGLE libraries. Here are some:
https://www.nuget.org/packages/ANGLE.WindowsStore/2.1.13
Download the “Download package”, unpack it with 7zip, copy the DLLs in the “bin” folder to C:\Windows.
If there are very long folder or file names, or the path is just too long somewhere down in the tree, this will fail:
ICACLS X:\folder /Q /C /T /reset
but this will succeed:
ICACLS "\\?\X:\folder" /Q /C /T /reset
Apparently the latter incorporates a different API somewhere in the chain.
For TAKEOWN, we just have to run it in Powershell, not CMD.
Powershell code to do it all at once, while CD’d to the level just above, using command-line parameter to specify folder name, is here:
param( [string]$location ) $iexcmd = 'TAKEOWN /F ' + '"E:\Shared Data\' + $location + '" /R /D Y' Write-Progress -Activity "Reset Permissions" -CurrentOperation $iexcmd -PercentComplete -1 Write-Host $iexcmd iex $iexcmd | Out-Null $iexcmd = 'ICACLS ' + '"\\?\E:\Shared Data\' + $location + '" /Q /C /T /reset' Write-Progress -Activity "Reset Permissions" -CurrentOperation $iexcmd -PercentComplete -1 Write-Host $iexcmd iex $iexcmd | Out-Null
Create a shortcut to this:
explorer.exe shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
and name it “Show Desktop”. When double-clicked, it will minimize all applications and show the desktop. This was standard in 7 and before. You can pin this icon to the Taskbar, to the Start menu, et cetera.