Category: Windows OS-Level Issues

Reregister All Win10/8 Appxes
article #1390, updated 22 days ago

This can solve lots of problems:

# Reregisters the remaining Appx items, this can solve lots of problems

"Reregistering needed Appx items..."

Get-AppXPackage -AllUsers | Foreach {
	Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)AppXManifest.xml" -ErrorAction SilentlyContinue | Out-Null



"BitLocker waiting for activation", McAfee Security, and other items
article #1388, updated 43 days ago

If you see “BitLocker waiting for activation”, this is a situation needing careful action: the machine is in an unstable state, and is likely to bluescreen and/or misbehave in other ways unless handled well.

What has happened, is Microsoft’s BitLocker, embedded into Windows, has done at least some encryption of the hard drive, but has lost whatever tool it was that controlled the encryption, so it is not “activated” even though the encryption is in place at least to some extent. One of the tools known to do this, is McAfee Security, it is not unlikely that there are many others.

If you see this situation, don’t try to install or remove anything yet, don’t try diagnostics, just run this from administrative CMD:

manage-bde C: -off

Then, in Control Panel, in the Small Icons, you’ll notice BitLocker Drive Encryption. Please be aware that status reporting in this Control Panel area is not reliably informative. To know what is happening, run this:

manage-bde -status

Discovered by the excellent Yvonne Wynkoop.



When Software or Drivers Won't Install in Windows - Replace All Internal OS Certificates
article #1382, updated 63 days ago

Sometimes, when software won’t install, especially something like ShadowProtect SPX which includes a driver, it is because of corruption of one or more internal Windows certificates. A method recommended to some extent in a few Microsoft resources:

certutil.exe -generateSSTFromWU roots.sst
Import-Certificate -FilePath .\roots.sst -CertStoreLocation 'Cert:\LocalMachine\Root' -Verbose

This does not always work. The only thorough method currently known to this writer, is to download this:

which contains a binary called “rootsupd.exe”. It will unpack itself if one runs it in administrative CMD, with syntax like this:

rootsupd.exe /c /t:C:\rootsupd

It will create the folder C:\rootsupd. Then go into C:\rootsupd, and do these (administrative CMD, not Powershell for some reason!):

updroots.exe authroots.sst
updroots.exe -d delroots.sst
updroots.exe roots.sst
updroots.exe updroots.sst

rootsupd.exe was, according to Google, available by download from Microsoft, but is not at this writing.

One does not have to reboot the system after doing the above, so far it just works.



Windows Networking Speed Tweaks
article #1376, updated 102 days ago

Recently received these. Not all work in all versions of Windows. Run these commands in administrative CMD. Some will take effect at next reboot.

netsh int tcp set global chimney=disabled
netsh int tcp set global rss=disabled
netsh int ip set global taskoffload=disabled
netsh int tcp set global autotuninglevel=disabled
netsh int tcp set supplemental custom congestionprovider=none
netsh int tcp set global ecncapability=disabled
netsh int tcp set global timestamps=disabled
netsh int tcp set supplemental custom congestionprovider = ctcp
netsh int tcp set global ecncapability=enabled
reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v EnableTCPA /t REG_DWORD /d 1



Permit NTLMv1 and v2
article #1375, updated 120 days ago

Apparently, not only is there SMB1, SMB2, and SMB3, but there is also NTLMv1 and NTLMv2. If we need to access older NASes and the like reliably, we may need to create or set this DWORD:


to 1.



Disable Windows Compatibility Telemetry
article #1370, updated 147 days ago

This can sometimes save a lot of CPU and/or disk cycles.


  1. Open the Task Scheduler
  2. Open Task Scheduler Library, Microsoft, Windows, Application Experience.
  3. Disable Microsoft Compatibility Appraiser, with a right-click choice.


schtasks /Change /Disable /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser"



Troubleshooting Azure AD Sync: Synchronization Service Manager
article #1371, updated 148 days ago

Search the machine for the “Synchronization Service Manager”. That’s the GUI debugger.



OpenGL 2.0 emulation libraries for Windows
article #1369, updated 155 days ago

Some applications will crash or fail to run, asking for OpenGL emulation libraries, sometimes ANGLE libraries. Here are some:

Download the “Download package”, unpack it with 7zip, copy the DLLs in the “bin” folder to C:\Windows.



Use TAKEOWN and ICACLS with very long paths and filenames
article #1361, updated 179 days ago

If there are very long folder or file names, or the path is just too long somewhere down in the tree, this will fail:

ICACLS X:\folder /Q /C /T /reset

but this will succeed:

ICACLS "\\?\X:\folder" /Q /C /T /reset

Apparently the latter incorporates a different API somewhere in the chain.

For TAKEOWN, we just have to run it in Powershell, not CMD.

Powershell code to do it all at once, while CD’d to the level just above, using command-line parameter to specify folder name, is here:


$iexcmd = 'TAKEOWN /F ' + '"E:\Shared Data\' + $location + '" /R /D Y'
Write-Progress -Activity "Reset Permissions" -CurrentOperation $iexcmd -PercentComplete -1
Write-Host $iexcmd
iex $iexcmd | Out-Null

$iexcmd = 'ICACLS ' + '"\\?\E:\Shared Data\' + $location + '" /Q /C /T /reset'
Write-Progress -Activity "Reset Permissions" -CurrentOperation $iexcmd -PercentComplete -1
Write-Host $iexcmd
iex $iexcmd | Out-Null



"Show Desktop" shortcut in Windows 10
article #1359, updated 190 days ago

Create a shortcut to this:

explorer.exe shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

and name it “Show Desktop”. When double-clicked, it will minimize all applications and show the desktop. This was standard in 7 and before. You can pin this icon to the Taskbar, to the Start menu, et cetera.