Log Fragmentation in Windows, Especially Servers
article #854, updated 3504 days ago

Modern Windows machines, when running for a while, often accumulate many gigabytes of log files, and they are often extremely fragmented over time. Recently I have found a log file of just ~110 megabytes with more than nine thousand (9,000!) fragments, and several multigigabyte files with four and five thousand fragments.

Below is a globular list of satisfactory purges so far found. Do be aware that you should only do this when you know that you do not need their contents!

C:\Program Files\Windows Small Business Server\Logs\MonitoringServiceLogs\*.log
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash*\*.tmp.*
C:\Program Files (x86)\StorageCraft\ImageManager\Logs\*.log
C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\*.log
C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\*.txt
C:\Program Files\Update Services\LogFiles\*.old
C:\Program Files\Update Services\LogFiles\*.log
C:\Windows\inf\setupapi.dev.log
C:\Windows\Logs\CBS\CBS.log
C:\Windows\Microsoft.NET\Framework*\*\*.log
C:\Windows\Microsoft.NET\Framework*\*\*.old

Categories:      

==============

Rogue DHCP server detection
article #855, updated 3505 days ago

Found by the profound Mike Martinez.

http://blog.mir.net/2014/10/rogue-dhcp-server-detection-free-tool.html

Categories:      

==============

Disable RTF (and WINMAIL.DAT) in Exchange Online and 2010
article #773, updated 3507 days ago

To disable Rich Text Format, and eliminate WINMAIL.DAT transmission, in Exchange Online:

  1. Log into https://outlook.office365.com
  2. Click the 3×3 matrix at the upper-left, click Admin
  3. Scroll down on the left side, open Admin if it’s not opened, click Exchange
  4. Under the heading Mail Flow, click Remote Domains
  5. Edit the item Default
  6. set “Use rich-text format”, to Never.

In Exchange 2010:

  1. Open the Exchange GUI console,
  2. Open Organization Configuration, Hub Transport, and the Remote Domains tab.
  3. Open the Properties of Default/*.
  4. Browse to the Message Format tab.
  5. Under “Exchange rich-text format”, choose “Never use”.

Categories:      

==============

New malware remover
article #849, updated 3543 days ago

Here’s a new one, being recommended by shouldiremoveit.com, appears to work well:

https://www.reasoncoresecurity.com/product.aspx

Categories:      

==============

Full wipe and recreate of the NTFS transaction record for a system drive
article #848, updated 3547 days ago

Here is a procedure which reportedly does a full wipe and recreate of the NTFS transaction record for a system drive. The commands below need to be run in an administrative CMD, then the machine rebooted. ‘setautoreset’ tells the system to do a smaller-scale reset at every boot, it is not known whether there is any reason to set it back to ‘false’ after the reboot is complete. The procedure appears to be able to eliminate some extremely stubborn Windows Update errors, as well as alleviating some situations where NTFS volumes become very slow in accessability. Setting setautoreset to true, all by itself with a reboot, has been seen to help quite a lot too.

fsutil resource setautoreset true %SystemDrive%\

attrib -r -s -h %SystemRoot%\System32\Config\TxR\*
del %SystemRoot%\System32\Config\TxR\*

attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\*
del %SystemRoot%\System32\SMI\Store\Machine\*.tm*
del %SystemRoot%\System32\SMI\Store\Machine\*.blf
del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms

Categories:      

==============

Reset Windows filesystem transaction support
article #846, updated 3550 days ago

Apparently, corruption in Windows filesystem transaction support will cause many different kinds of errors, ranging from IIS not starting to scheduled task creation failing to Windows updates failing. To fix this, one can do the following in an administrative command prompt:

fsutil resource setautoreset true c:\

In some circumstances it is reportedly helpful to repeat the above for E:\ and any other NTFS drive in production.

Categories:      

==============

Sending mass email marketing via SMTP
article #843, updated 3558 days ago

A few methods:

https://sendgrid.com/

https://mandrill.com/

http://smtp.com

The first two have free-of-charge tiers.

Categories:      

==============

Export Exchange public folders to PST
article #841, updated 3560 days ago

Here:

“https://technet.microsoft.com/en-us/library/Dn874017(v=EXCHG.150).aspx#PSTMigrate”

appears to be a method.

Categories:      

==============

Find HP Drivers by Device Serial Number
article #832, updated 3560 days ago

Here are great places to find drivers and info for HP devices by serial number.

First, workstations and printers:

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdSelector/?spf_p.tpst=psiProductSelector&spf_p.prp_psiProductSelector=wsrp-navigationalState%3D_op%253Dserial&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

Second, Enterprise, for servers, storage, and networking:

http://h20566.www2.hpe.com/portal/site/hpsc/template.PAGE/public/psi/swdSelector/?cc=us&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken&javax.portlet.prp_867000c4cf25636cc859bfdeb053ce01=wsrp-navigationalState%3D_op%253Dserial&javax.portlet.tpst=867000c4cf25636cc859bfdeb053ce01&lang=en-us&ac.admitted=1438961375712.125225703.1938120508

Categories:      

==============

Export mailboxes to PST from Exchange 2010
article #840, updated 3563 days ago

Procedure:

  1. Run Exchange command shell as administrator.
  2. Create one or more new export requests:
    New-MailboxExportRequest -Mailbox username -FilePath \\SERVER\SHARE\username.pst
  3. Check status of export request(s) in progress:
    Get-MailboxExportRequest
  4. Access PSTs after export is complete, at \\SERVER\SHARE.

Categories: