Many old friends, e.g. Hiren’s and UBCD4Win, are no longer in development, and do not boot on quite a lot of newer hardware; for a while there was no clear replacement. But there is Medicat, which is Linux-based:
gbatemp.net/threads/medicat-usb-a-multiboot-linux-usb-for-pc-repair.361577/
and there is a new Hiren’s renaissance:
There is a renaissance of Hiren’s Boot CD, called Hiren’s Boot CD PE:
Today (2024-02-12) my up-to-date Lazesoft could not reset a Windows password, but when I booted into the above, loaded drivers using the embedded Lazesoft, and then reset the password using the NT password edit/reset tool, it worked. There’s also a way to build the bootable with custom driver additions.
When you copy an entire folder with ROBOCOPY, sometimes it hides files. Use this on the end to prevent:
/A-:SH
This is the Internet DNS name of a Microsoft server. On a Windows operating system, immediately before any and all of a wide variety of things occur, the machine will contact this server for some bandwidth and connectivity tests.
There are often issues with this. If attempt is made and fails, Windows may throw up a popup in the lower-right corner, asking for a mouse-click. Sometimes DNS servers lack this record for some reason, causing odd and unusual troubles. There have been other consequences.
There are ways to turn this off altogether. So far testing has found zero gotchas for shutting it off, it is not clear whether it is essential. The simplest way to do so, is probably to enable this item in local or domain group policy:
Computer Configuration
Administrative Templates
System
Internet Communication Management
Internet Communication settings
Turn off Windows Network Connectivity Status Indicator active tests
Just learned about this:
Appears to be very very good. Better ping than many from some major ISPs. Also very sophisticated and configurable, and considerably less expensive for the features, than some.
HP Support Assistant is the oft-default tool, not suitable for automation; but there is the HP Image Assistant:
ftp.ext.hp.com/pub/caps-softpaq/cmit/HPIA.html
So far this looks like the way forward. Early testing done, not thorough yet. It has a GUI for default use, but also has command line usage. Download the installer, complete it, CD to the folder it created in command-line, and run HPImageAssistant.exe for nice GUI. Documentation is here:
ftp.hp.com/pub/caps-softpaq/cmit/imagepal/userguide/936944-008.pdf
Several command-line examples are in that PDF. This command does a lot of very good things, very silently:
.\HPImageAssistant /Operation:Analyze /Category:All,Accessories /selection:All /action:Install /silent /reportFolder:c:\HPIA\Report /softpaqdownloadfolder:c:\HPIA\download
The hidden NTFS “System Volume Information” folders on Windows machines, can build up and up and up in size. I’ve seen instances ranging from 20G to hundreds of gigabytes, and every time this occurs, the overall system slows down, and often slows down a whole lot. SpaceSniffer is my favorite method of identifying this situation, but there are many. The only preventative I have been able to identify so far, is here.
But here we are discussing cleanup. If you have SentinelOne (S1) installed on this machine, you need to know that S1 considers deletion of volume shadows to be very bad actor behavior. This is because it often is a way that cryptolockers and others delete last-known-good checkpoints. S1 will not let you clear SVI, unless you disable it first, and it will complain very loudly if you try. Instructions for disabling S1, are at the end of this article. There may well be other security tools which will behave similarly, and need similar interaction beforehand.
wmic shadowcopy delete /nointeractivevssadmin delete shadows /alldiskshadowdelete shadows allAny of these can take a while, especially if SVI is big, e.g., more than 20-30 gigabytes. It can get huge occasionally, hundreds of gigabytes. I recently saw 1,022 shadow copies deleted (the first and third methods tell you the count) from one server.
Special cases do occur. Here are steps which can help a lot.
vssadmin resize shadowstorage for the relevant drive(s) (try /? for syntax…), first to 10%, then back to whatever it was. Sometimes Windows will do a lot of steady cleanup for you, sometimes over hours of time. You’ll see it by watching File Explorer.cd "C:\Program Files\SentinelOne\Sentinel*".\sentinelctl.exe unload -slam -k "<passphrase>"Then, and only then, will the cleanup commands above work.
.\sentinelctl.exe load -slamIf you should need to reenable S1 and your command prompt is not where you need it, here’s a paste:
cd "C:\Program Files\SentinelOne\Sentinel*" .\sentinelctl.exe load -slam
Ran into this recently. First one then four more users at a site, encountered it. This page:
has a fix with registry entries for version 2015. The fix reportedly works all the way up to the current (DC). Here’s Powershell to get the fix in; reportedly restart and/or reboot is required:
$RegistryPath = "HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown"
If (-Not (Test-Path -Path $RegistryPath)) {
"Adobe Acrobat DC is not installed; fix not appropriate or needs modification."
exit
}
cd $RegistryPath
If (-Not (Test-Path -Path "cServices")) {
mkdir cServices
}
cd cServices
New-ItemProperty -Path . -Name bToggleAdobeDocumentServices -Value 1 -PropertyType "DWord"
New-ItemProperty -Path . -Name bToggleAdobeSign -Value 1 -PropertyType "DWord"
New-ItemProperty -Path . -Name bToggleAdobePrefSync -Value 1 -PropertyType "DWord"
New-ItemProperty -Path . -Name bUpdater -Value 0 -PropertyType "DWord"
There are multiple methods; this is reported to be undeprecated by Apache, possibly the only undeprecated way to do this.
AuthType Basic AuthName "myserver publicname" AuthUserFile "/myserverpath/.htpasswds/public/passwd" require ip 11.12.13.14 require ip 11.12.13.15 require valid-user