Category: Windows OS-Level Issues

Group Policy Improvement, Part I: General
article #1148, updated 247 days ago

First in a series on improving Windows Group Policy. This apply to the whole Group Policy milieu on a network, all domain controllers.

  • Even if there is only one domain controller, change the replication from 180 minutes to 15 minutes. These are in the properties of the site links, in Active Directory Sites and Services, under Inter-Site Transport, under IP. If you have more than one site link enabled, do it for all. Obviously you should moderate carefully, if you are using SMTP or have bandwidth issues.

  • Set services fdPHost and FDResPub as startup Automatic, from Manual.
  • Add Subnet(s) to each Site in Active Directory Sites and Services. Then show subnets in the Group Policy Management Console, and map group policies there. Even if there is only one Site, this can help a lot.

Part II, Destrangulation, is here.

Categories:      

==============

Group Policy Improvement, Part II: Destrangulation
article #1203, updated 247 days ago

Second in a series on improving Windows Group Policy.

One very common Group Policy strangulator shows up in Windows event logs as SceCli, event ID 1202. When Group Policy processing encounters this, it can prevent many things from occurring.

The error, specifically, is a nonexistent user or group present in a GP configuration item. For instance, most recently there was a Group Policy including a security item which included “Domain Uers”, a typo of “Domain Users”, deep in computer-level security items, and this prevented the policy from doing anything, even though there were other, equivalent, items in the same area. I’ll repeat, the typo item had to be removed, before the entire policy would do anything; group policy processing is apparently not able to treat a nonexistent referent as irrelevant.

Finding the item is interesting too. It requires a file of this name and location:

%SYSTEMROOT%\Security\Logs\winlogon.log

It may not exist. If not, or if it’s not up to date, browse to this registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}

and set DWORD ExtensionDebugLevel to 2. Then run gpupdate, and the file will be created. Then in administrative CMD, run:

FIND /I "Cannot find"  %SYSTEMROOT%\Security\Logs\winlogon.log

The above will produce one or more invalid security group names or login names, included somewhere as a configuration item within a group policy. Once you have the name(s), run:

rsop.msc

and examine all of its tree carefully, to find the error. That will lead you to the spot in GPMC where you will find the bad entry, to fix. Once you have fixed, try your gpupdate again, and your policy will apply, unless something else is wrong!

Part III, Copying Files, is here.

Categories:      

==============

Group Policy Improvement
article #1205, updated 247 days ago

In my experience, group policy is the only nearly indispensable tool on a Microsoft domain-controlled LAN which breaks very often and admits of almost zero solid documentation towards fix. Someday this may be thorough, Lord willing; for now, we have:

Part I, General
Part II, Destrangulation
Part III, Copying Files

Categories:      

==============

Install All Microsoft Redistributable VC++ Runtimes
article #643, updated 264 days ago

Here is the only complete method known to this writer to automatically download and install all current Microsoft redists. It uses this:

https://www.powershellgallery.com/packages/VcRedist

Steps:

  1. You’ll need the PowerShell Gallery. Windows 10 and WMF 5.1 come with it.
  1. If you have 10, or once you have WMF installed, you can just run GETREDISTS.CMD (part of windows-tools ) as administrator. Alternatively, you can continue :-)
  1. VcRedist is the core, we’ll install that automatically as part of the procedure. In administrative PowerShell (the -Force takes in any new updates):
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Install-PackageProvider -Name NuGet -Force
Install-Module -Name NuGet -SkipPublisherCheck -Force
Import-Module -Name NuGet
Install-Module -Name VcRedist -SkipPublisherCheck -Force
Import-Module -Name VcRedist
New-Item C:\VcRedist -ItemType Directory
Get-VcList | Get-VcRedist -Path C:\VcRedist
Get-VcList | Install-VcRedist -Path C:\VcRedist

The above installs all of the redistributables which Microsoft currently supports. Reportedly, some older ones (going back to 2005 at this writing) can be had using this:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Install-PackageProvider -Name NuGet -Force
Install-Module -Name NuGet -SkipPublisherCheck -Force
Import-Module -Name NuGet
Install-Module -Name VcRedist -SkipPublisherCheck -Force
Import-Module -Name VcRedist
New-Item C:\VcRedist -ItemType Directory
Get-VcList -Export All | Get-VcRedist -Path C:\VcRedist
Get-VcList -Export All | Install-VcRedist -Path C:\VcRedist

You may wish to delete the downloadables after the procedure:

Remove-Item C:\VcRedist -Recurse -Force

Categories:      

==============

Optimize Service Work Items and Additional/Delayed Worker Threads
article #1084, updated 278 days ago

OWTAS sets a number of additional critical and delayed worker threads, plus service work items. The changes are autocalculated according to a combination of RAM and OS bit-width (32 vs. 64). Performance will increase, more so with more RAM. Available as VBS and as PowerShell 3 and up. Future development will be in PowerShell, as part of the windows-tools project.

The tool is designed for Windows 10 down through XP. As of 2017-10-10, it is self-elevating if run non-administratively.

Categories:      

==============

RUNALL and RUNMOST: Speed up Windows several different ways
article #1182, updated 278 days ago

RUNALL.CMD is the best way to run our very own windows-tools, a Windows cleanup, optimization, and speedup toolset, on an Internet-connected Windows PC. It requires Powershell 3.0 or newer, which comes with Windows 8 or newer, and can be installed into Windows 7 using the WMF. There is just one gotcha: Offline Files compatibility of all folders shared from the PC, “share caching”, is turned off, for one of several significant hikes in performance and overall reliability. If you need Offline Files, you’ll want RUNMOST.CMD, which does it all except this one item.

Categories:      

==============

Download Windows Install Media from Microsoft
article #1180, updated 316 days ago

No keys of course, but ISO media indeed, and very helpful for DISM and other fixes:

https://support.microsoft.com/en-us/help/15088/windows-create-installation-media

Categories:      

==============

Run Linux on Windows 10
article #1175, updated 331 days ago

From the extraordinary Mike Hunsinger:

Today I learned something fascinating. You can run linux as a Windows Subsystem w/o using a vm or dual-boot. All you have to do is run PS as admin, execute this:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

reboot when prompted and then you can use the windows store to install just about any Linux distro you want.

This article describes folks running Linux GUI apps talking to Windows-native X Windows. Ponderworthy hasn’t tested this yet, but the following X server looks like a very worthy candidate:

sourceforge.net/projects/vcxsrv/

Categories:      

==============

When Internet Explorer crashes and nothing else works
article #1172, updated 337 days ago

Get the portable version here:

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

  1. Unpack it
  2. Run Repair_Windows.exe as administrator
  3. Click “Jump to Repairs”
  4. Click “Open Repairs”
  5. Uncheck all of the fixes except “Repair Internet Explorer”
  6. Do it, and reboot.

Works very nicely.

Categories:      

==============

XP Mode helps
article #1165, updated 362 days ago

  1. There are three ways to reset the password if you need to do so:

https://www.mydigitallife.net/reset-and-fix-incorrect-or-wrong-password-for-windows-xp-mode-xpmuser/

  1. If you need to transfer an XP mode virtual from one user profile to another, create a blank XP mode on the new user, then copy all of the old files replacing the new. Use the default filenames, don’t change anything. It will work, but you will need to change the password, above.

Categories: