Some Notes on the Machines

From the remarkable David Gottschamer:

www.colasoft.com/capsa-free/

The Powershell below, updates/installs all Microsoft redistributable libraries. The general repository is here.

<#PSScriptInfo

.VERSION 4.2

.GUID 03c695c0-bf45-4257-8156-89310e951140

.AUTHOR Jonathan E. Brickman

.COMPANYNAME Ponderworthy Music

.COPYRIGHT (c) 2024 Jonathan E. Brickman

.TAGS

.LICENSEURI https://opensource.org/licenses/BSD-3-Clause

.PROJECTURI https://github.com/jebofponderworthy/windows-tools

.ICONURI

.EXTERNALMODULEDEPENDENCIES 

.REQUIREDSCRIPTS

.EXTERNALSCRIPTDEPENDENCIES

.RELEASENOTES
GetRedists
Retrieve, and install/update, all missing VC++ redistributable libraries
currently being supported by Microsoft, using the excellent
VcRedist module.

.PRIVATEDATA

#> 

<#

.DESCRIPTION 
GetRedists - Get all current Microsoft VC++ redistributables

#>

Param()


#######################################################################
# GetRedists                                                          #
# v5.0                                                                #
#######################################################################

#
# by Jonathan E. Brickman
#
# Retrieves and installs all of the Microsoft redistributable libraries
# currently being supported, using the excellent VcRedist package.
#
# Copyright 2024 Jonathan E. Brickman
# https://notes.ponderworthy.com/
# This script is licensed under the 3-Clause BSD License
# https://opensource.org/licenses/BSD-3-Clause
# and is reprised at the end of this file
#
# GetRedists is entirely dependent upon VcRedist:
# https://docs.stealthpuppy.com/vcredist/function-syntax/get-vclist
# for which profound gratitude is!!!
#
#

""
""
"****************"
"   GetRedists   "
"****************"
""
""

# Items needing work:
# - Command-line option for location of repo folder
# - Error handling; if errors occur at any stage, terminate and print.

# Self-elevate if not already elevated.
if (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
    {
    "Running elevated; good."
    ""
    } else {
    "Not running as elevated.  Starting elevated shell."
    Start-Process powershell -WorkingDirectory $PWD.Path -Verb runAs -ArgumentList "-noprofile -noexit -file $PSCommandPath"
    return "Done. This one will now exit."
    ""
    }

# Sets TLS version.  Necessary for some situations.
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12

$reportStatus = ''
$currentOp = ''
function ShowProgress {
	param( [string]$reportStatus, [string]$currentOp )

	Write-Progress -Activity "Get Microsoft Redistributables" -Status $reportStatus -PercentComplete -1 -CurrentOperation $currentOp
	# Write-Progress is not compatible with some remote shell methods.

}

'Preparing Powershell environment...'

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force > $null

ShowProgress("Preparing Powershell environment...","Setting up to use Powershell Gallery...")

Install-PackageProvider -Name NuGet -Force -ErrorAction 'SilentlyContinue' > $null
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
If (Get-InstalledModule -Name PsWindowsUpdate -ErrorAction 'SilentlyContinue') {
	Update-Module -Name PSWindowsUpdate -Force
} Else {
	Install-Module -Name PSWindowsUpdate -Force
}
Import-Module PSWindowsUpdate

ShowProgress("Preparing Powershell environment...","Checking and preparing module VcRedist...")

# Install or update module VcRedist
If (Get-InstalledModule -Name VcRedist -ErrorAction 'SilentlyContinue') {
	Update-Module -Name VcRedist -Force
} Else {
	Install-Module -Name VcRedist -AllowClobber -Scope CurrentUser -Force
}

# Import VcRedist to this session
Import-Module -Name VcRedist

if ($False -eq (Test-Path C:\VcRedist -PathType Container)) {
	New-Item C:\VcRedist -ItemType Directory | Out-Null 
	}

''

'Getting list of currently installed redistributables...'

ShowProgress("Getting list of currently installed redistributables...","")
$InstalledRedists = Get-InstalledVcRedist

'Getting list of currently available and supported redistributables...'
''

ShowProgress("Getting list of currently available and supported redistributables...","")
$AvailableRedists = Get-VcList

ShowProgress("Checking and installing/upgrading as needed...","")

# Create blank array of redists to install
$RedistsToGet = @()

# Initialize...
$NothingMissing = $True

# Cycle through all available redists
# Using .ProductCode not .Version, .ProductCode will eliminate false downloads
ForEach ($OnlineRedist in $AvailableRedists) {

	'Checking: ' + $OnlineRedist.Name + '...'

	# Cycle through all redists currently installed,
	# checking to see if the available one being checked is there,
	# and if not, add it to the array of those to be installed.

	$IsInstalled = $False

	ForEach ($LocalRedist in $InstalledRedists) {
		If ($OnlineRedist.ProductCode -eq $LocalRedist.ProductCode) {
			'Already installed.'
			""
			$IsInstalled = $True
			break
			}
		}
	If ($IsInstalled -eq $False) {
		'Needed.'
		""
		$RedistsToGet += ,$OnlineRedist
		$NothingMissing = $False
		}
	}

If ($NothingMissing -eq $True)
	{
	"No VC++ redistributables missing."
	""
	Exit
	}

ShowProgress("Retrieving all needed redistributables to repo folder...","")
"Retrieving..."
""
$ListOfDownloads = Get-VcRedist -Verbose -VcList $RedistsToGet -Path C:\VcRedist

ShowProgress("Installing all needed redistributables from repo folder...","")
""
"Installing and reporting current list..."
""
Install-VcRedist -Verbose -VcList $RedistsToGet | ft

# The old brute force get-them-all code
#
# ShowProgress("Retrieving all redistributables to repo folder...","")
# Get-VcList | Get-VcRedist -Verbose -Path C:\VcRedist | Out-Null
# ShowProgress("Installing all redistributables from repo folder...","")
# Get-VcList | Install-VcRedist -Verbose -Path C:\VcRedist | Out-Null

ShowProgress("Removing repo folder...","")
Remove-Item C:\VcRedist -Recurse -Force | Out-Null
ShowProgress("Done!","")

# The 3-Clause BSD License

# SPDX short identifier: BSD-3-Clause

# Note: This license has also been called
# the AYA>A>??sA??.??oNew BSD LicenseAYA>A>??sA??,A? or AYA>A>??sA??.??oModified BSD LicenseAYA>A>??sA??,A?.
# See also the 2-clause BSD License.

# Copyright 2018 Jonathan E. Brickman

# Redistribution and use in source and binary
# forms, with or without modification, are
# permitted provided that the following conditions are met:

# 1. Redistributions of source code must retain the
# above copyright notice, this list of conditions and
# the following disclaimer.

# 2. Redistributions in binary form must reproduce the
# above copyright notice, this list of conditions and
# the following disclaimer in the documentation and/or
# other materials provided with the distribution.

# 3. Neither the name of the copyright holder nor the
# names of its contributors may be used to endorse or
# promote products derived from this software without
# specific prior written permission.

# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
# CONTRIBUTORS AYA>A>??sA??.??oAS ISAYA>A>??sA??,A? AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER
# OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.

This venerable tool:

https://www.speedguide.net/downloads.php/

is still by far the best. It optimizes Windows settings for speed on the Internet. It can help at both home and enterprise, and quite a lot. Still being kept up to date for Windows 11.

NETBIOS is a very legacy protocol, security of it is very poor. Substantial performance gains by disabling it have been noticed. This is probably because when active it broadcasts constantly to every single NIC on its LAN, creating NIC and switch contention. Also, a large proportion of security violation exploits use it, so disabling becomes a very good idea in general. The only exceptions occur when there are needs to do SMB sharing with very old machines, machines all long out of support. By default, it is still active on all current Microsoft Windows operating systems.

Here is a paste to Powershell that does it all:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }

Get-WmiObject Win32_NetworkAdapterConfiguration | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')

$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
$nicall.enablewins($false,$false)

Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"

The various bits are below.

Turn off NETBIOS over TCP/IP, for each NIC:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Where-Object -Property 'TcpipNetbiosOptions' -ne $null | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }

Get rid of all WINS entries, if present (sorry, no CimInstance code yet):

Get-WmiObject Win32_NetworkAdapterConfiguration -Filter "IPEnabled='True'" | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')

Uncheck of LMHOSTS lookups:

$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
$nicall.enablewins($false,$false)

Disable the service “TCP/IP NetBIOS Helper”:

Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"

If Microsoft DHCP is in use, DHCP can tell clients to do the simple disable, the first item above:

learn.microsoft.com/en-us/troubleshoot/windows-server/networking/disable-netbios-tcp-ip-using-dhcp

And if you want to combine the above with a new Microsoft standard preventing Windows port exhaustion:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }
Get-WmiObject Win32_NetworkAdapterConfiguration | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')
$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
$nicall.enablewins($false,$false)
Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"
netsh int ipv4 set dynamic tcp start=49152 num=16384
netsh int ipv4 set dynamic udp start=49152 num=16384

Below is another script, to reenable the protocols, though it does not try to put back any WINS server IPs that may have been deleted, and it cannot override Microsoft DHCP:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = 0 }

$DisableLMHosts_Class=Get-WmiObject -list Win32_NetworkAdapterConfiguration
$DisableLMHosts_Class.EnableWINS($true,$true)

Set-Service -Name "lmhosts" -StartupType Manual
Start-Service -Name "lmhosts"

An epiphany, after a rental:

My truck doesn’t have any road sensors to malfunction or replace!! And neither does Sweet Lori’s car!!! Yahoo!!!!!

Appx’s are a method used for application install, first delivered in Windows 8.1. There are a lot of builtins which take live system resources in hidden fashion, usually not showing up in Task Manager very much or at all. And there have been a lot of changes in this over recent years. Here’s an overview of items for cleanup as of this writing. One can free a lot of resources on machines this way.

The first thing to know is that many appx’s are “provisioned”, they are embedded in the current (“online”) DISM image, and will be automatically activated whenever a new user profile is made. To get a list of these:

Get-AppxProvisionedPackage -Online | Sort-Object | ft DisplayName, PackageName

To get a list of all apps installed for all users, in nicely sorted form:

Get-AppxPackage -AllUsers | Sort-Object | ft

To remove several of these, that I like to have gone in business desktops, both from provisioning and from any user for which any of them may be installed:

#Begin Script

$RemovalItems =  @(
"Microsoft.Advertising.Xaml",
"Microsoft.BingWeather",
"Microsoft.BingFinance",
"Microsoft.BingNews",
"Microsoft.BingSports",
"Microsoft.SkypeApp",
"Microsoft.WindowsCommunicationsApps",
"Microsoft.XboxGameOverlay",
"Microsoft.XboxGamingOverlay",
"Microsoft.XboxGameCallableUI",
"Microsoft.Xbox.TCUI",
"Microsoft.XboxApp",
"Microsoft.XboxSpeechToTextOverlay",
"Microsoft.XboxIdentityProvider",
"Microsoft.YourPhone",
"Microsoft.ZuneVideo",
"Microsoft.ZuneMusic",
".DellDigitalDelivery",
".DellSupportAssistforPCs",
".DellUpdate",
".Power2GoforDell",
".PowerDirectorforDell",
".DellDigitalDelivery",
".DellWatchgdogTimer",
".DelltypeCStatus",
".DiscoverHPTouchpointManager",
".HPDesktopSupportUtilities",
".HPEasyClean",
".HPJumpStart",
".HPPCHardwareDiagnosticsWindows",
".HPPowerManage",
".HPPrivacySettings",
".HPProgrammableKey",
".HPQuickDrop",
".myHP",
".HPSupportAssistant",
".HPSystemInformation",
".HPWorkWell",
".HPAccessoryCenter"
)

$ProvisionedItems = Get-AppxProvisionedPackage -Online
foreach ($ProvItem in $ProvisionedItems) {
	foreach ($RemItem in $RemovalItems) {
		If ($ProvItem.DisplayName -like "*$RemItem*") {
			Write-Host "Deprovisioning:" $ProvItem.DisplayName
			$error.clear()
			try {
				Remove-AppXProvisionedPackage -Online -PackageName $ProvItem.PackageName -ErrorAction SilentlyContinue | Out-Null
			}
			catch { "Failed: Microsoft does not allow, or other error." }
			if (!$error) { "Succeeded!" }
		}
	}
}

$InstalledItems = Get-AppxPackage -AllUsers
foreach ($InstItem in $InstalledItems) {
	foreach ($RemItem in $RemovalItems) {
		if ($InstItem.Name -like "*$RemItem*") {
			Write-Host "User-level removal operation:" $InstItem.Name
			$error.clear()
			try {
				Get-AppxPackage $InstItem.Name -AllUsers | Remove-AppxPackage -Allusers -ErrorAction SilentlyContinue | Out-Null
			}
			catch { "Failed: Microsoft does not allow, or other error." }
			if (!$error) { "Succeeded!" }
		}
	}
}

# End Script

The above first gets rid of the provisioned, then the user-level for all user profiles, for the whole list. There are some for which Microsoft prevents all removals; errors are thrown for these.

This:

medium.com/@mail2wesley/increase-memory-quota-for-wmi-classes-to-avoid-wmi-quota-violation-error-ee2070092674

For CIDR to IP range (IP range extraction):

http://bonomo.info/coyote/cidr-calculator.php

For IP range to CIDR:

http://ip2cidr.com/

IP subnet calculator:

ipcalculator.com

As of Q4 2023, Google and Yahoo are requiring DMARC to be set on the sender side, for many emails to be delivered. Some Office 365 tenants have exhibited similar behavior.

The following TXT record contents:

v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s

indicate that both DKIM and SPF are checked, and any email not satisfying both entirely, will be marked such that a spam filter should quarantine it. The =s means “strict”; there is a “relaxed” mode, =r, which allows subdomains. But if you have to allow for some email to be transmitted without DKIM, e.g. from a web site’s or application’s email generator, go with either this:

v=DMARC1; p=quarantine; pct=100; aspf=s

which does not look at DKIM; or if you must, this:

v=DMARC1; p=none

which is a kind of ‘null’ DMARC, it’s a placeholder such that DMARC exists, but doesn’t do anything. At least one cloud-application vendor is recommending this, but it’s far from clear how Google, Yahoo, and other machines will respond to it, either now or in the future.

To use the above, create a TXT record of name _dmarc with chosen contents.

Some more info is here:

www.dmarcanalyzer.com/how-to-create-a-dmarc-record/

My sweet Lori’s 2007 Ford Focus came with a “permanent” air filter, “suitable for the life of the car” by one suggestion. After we had had the car a while, I knew we wanted to keep it running long, long past Ford’s glorious preferences, so I started looking for options. One well-known vendor sold an aftermarket air filter box for about $480. This seemed a bit high to me for a mildly complicated piece of plastic, so I looked further. And lo and behold:

www.rockauto.com/en/moreinfo.php?pk=8624632&cc=1433435&pt=11160&jsn=1

Highly recommendable, and $78 at this writing. I saw some reports which said it made things a tad louder; au contraire I must report, Sweet Lori’s little car is now quieter, much smoother, better power. Yahoo!