Some Notes on the Machines

Well, it rocked my little world. This came from the excellent Terry Powell. He had a Server 2016 machine where Explorer would crash and restart every time Devices and Printers was opened. A very large number of common fixes was tried, including four different DISM methods with SFC and others, no change, DISM said the image was fixable but nothing would fix, and the only thing clearly missing according to DISM and SFC logs was a .lnk file. Terry found a reference stating that if one clears everything here except “(Default)”:

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices

and then restarts the printer spooler, all begins working well. And indeed, it appears that this is space in which bad gunk can build up! He found about 100 there, removed them, and lo and behold, all is well. Powershell code to do this:

function Remove-AllItemProperties
{
    [CmdletBinding()]
    param([string]$Path)

    Remove-ItemProperty -Name * @PSBoundParameters
}

Remove-AllItemProperties "HKCU:\SOFTWARE\microsoft\windows nt\currentversion\devices"

Stop-Service Spooler
Start-Service Spooler

If you get PsTools, and do this:

psexec -i -s CMD.exe

you’ll get another CMD box, where the username is SYSTEM, that is to say, the hostname of the machine with a dollar sign on the right end. If the machine is on a domain, it is DOMAIN\hostname$, have not tested it on a non-domain machine yet.

One software installer recently, required that the folder containing its installer package be TAKEOWNed and ICACLSed, as that system user, before it would run to completion, it must have some odd permissions bug in it.

There are likely to be quite a few circumstances in which this special CMD can be useful.

To see if there is cleanup to be done:

DISM /Online /Cleanup-Image /AnalyzeComponentStore

To remove obsolete and unused system files:

DISM /Online /Cleanup-Image /StartComponentCleanup

To remove obsolete and unused system files and also service pack uninstallation files:

dism /online /Cleanup-Image /SPSuperseded

To remove obsolete and unused system files and everything prior, making it impossible to reverse any patches:

dism /online /Cleanup-Image /StartComponentCleanup /ResetBase

If MMC for any Windows administrative tool gets stuck, delete everything here:

C:\Users\USERNAME\AppData\Roaming\Microsoft\MMC

The MMCSS (not sure why the extra letters) is a service in Vista (SP1+), 7, Server 2008, and Server 2008R2, which places priority on video and audio data. Here are some good tweaks. Click here for a VBS script, called MCSO, which does everything below automatically.

So we go here in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile

open the item named “NetworkThrottlingIndex”, and change it to “FFFFFFFF” (that’s eight F’s) hex. We can do the same for “SystemResponsiveness”.

Then drill further down to here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks

and you’ll see a list of folders. Each folder is a “multimedia profile” according to one reference. Each can contain the following:

Affinity        dword:00000000
Background Only        False
BackgroundPriority        dword:00000001
Clock Rate       dword:00002710
GPU Priority        dword:00000001
Priority       dword:00000001
Scheduling Category       High
SFIO Priority       High

I kept the “Window Manager” set at the default, and set the rest to the above. According to one reference it is possible to create custom multimedia profiles and use some applications’ capabilities to assign them, I have not tried this yet.

According to one reference, the above changes only activate at reboot. However, I have found that if you restart MMCSS and then Audiosrv, the same results obtain.

Addendum. Have just recently looked into Windows 10 in this. It appears to be a driver, not a service, in 10. Will be investigating further. Not sure about Audiosrv either.

Finally, a real repair tool:

https://support.microsoft.com/en-us/help/2698555/microsoft-net-framework-repair-tool-is-available

If you see “BitLocker waiting for activation”, this is a situation needing careful action: the machine is in an unstable state, and is likely to bluescreen and/or misbehave in other ways unless handled well.

What has happened, is Microsoft’s BitLocker, embedded into Windows, has done at least some encryption of the hard drive, but has lost whatever tool it was that controlled the encryption, so it is not “activated” even though the encryption is in place at least to some extent. One of the tools known to do this, is McAfee Security, it is not unlikely that there are many others.

If you see this situation, don’t try to install or remove anything yet, don’t try diagnostics, just run this from administrative CMD:

manage-bde C: -off

Then, in Control Panel, in the Small Icons, you’ll notice BitLocker Drive Encryption. Please be aware that status reporting in this Control Panel area is not reliably informative. To know what is happening, run this:

manage-bde -status

Discovered by the excellent Yvonne Wynkoop.

Sometimes, when software won’t install, especially something like ShadowProtect SPX which includes a driver, it is because of corruption of one or more internal Windows certificates. A method recommended to some extent in a few Microsoft resources:

certutil.exe -generateSSTFromWU roots.sst
Import-Certificate -FilePath .\roots.sst -CertStoreLocation 'Cert:\LocalMachine\Root' -Verbose

This does not always work. The only thorough method currently known to this writer, is to download this:

http://media.kaspersky.com/utilities/CorporateUtilities/rootsupd.zip

which contains a binary called “rootsupd.exe”. It will unpack itself if one runs it in administrative CMD, with syntax like this:

rootsupd.exe /c /t:C:\rootsupd

It will create the folder C:\rootsupd. Then go into C:\rootsupd, and do these (administrative CMD, not Powershell for some reason!):

updroots.exe authroots.sst
updroots.exe -d delroots.sst
updroots.exe roots.sst
updroots.exe updroots.sst

rootsupd.exe was, according to Google, available by download from Microsoft, but is not at this writing.

One does not have to reboot the system after doing the above, so far it just works.

Recently received these. Not all work in all versions of Windows. Run these commands in administrative CMD. Some will take effect at next reboot.

netsh int tcp set global chimney=disabled
netsh int tcp set global rss=disabled
netsh int ip set global taskoffload=disabled
netsh int tcp set global autotuninglevel=disabled
netsh int tcp set supplemental custom congestionprovider=none
netsh int tcp set global ecncapability=disabled
netsh int tcp set global timestamps=disabled
netsh int tcp set supplemental custom congestionprovider = ctcp
netsh int tcp set global ecncapability=enabled
reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v EnableTCPA /t REG_DWORD /d 1

Apparently, not only is there SMB1, SMB2, and SMB3, but there is also NTLMv1 and NTLMv2. If we need to access older NASes and the like reliably, we may need to create or set this DWORD:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel

to 1.