Author Archives: John Dangerbrooks

Downloading updates on WSUS for manual installation

Windows Updates helps users keep their Microsoft software up-to-date, either by downloading them from Microsoft over an Internet connection, or from a local server running Windows Server Update Services (WSUS). WSUS itself downloads them from Microsoft. The whole process is fully automated but it is also possible to download update packages from Microsoft to install them manually, if there is the need.

But how about downloading them from a local WSUS server?

Screenshot: Windows Server Update Services management console

The WSUS management console running on Windows 10

Read the rest of this entry


Upgrading Windows 10 v1709 to v1803, with the wrong Windows Setup disk!

[Updated 16 July 2018]

Today, I came across a computer running Windows 10 Enterprise v1709, and after chatting with the local admin, I plugged my USB Flash Drive in and upgraded it to v1803.

Screenshot: Windows 10 v1803 Setup, ready to upgrade a copy of Windows 10 Enterprise edition

The upgrade went smoothly.

After the installation and OOBE all finished, and I was more than a kilometer away from said computer, I remembered that the Windows Setup inside my USB Flash Drive was created with Microsoft’s official Media Creator utility for my personal laptop. Very legit and all… but it does not contain Windows 10 Enterprise edition! The Enterprise edition can only be procured from the Microsoft Volume Licencing Center. In addition, at the time of the upgrade, the target computer was offline. There was no Internet connection, LAN connection or Bluetooth connection; so, Windows Setup could not have downloaded a Windows 10 Enterprise edition.

To be honest, I am scared. I have not heard that it is possible to upgrade with the wrong edition’s installation image. Fortunately, before the upgrade, I had told the local admin to keep a backup copy handy and be on the look out for any sign of trouble.

Update (16 July 2018): The computer did not experience any problems until a few days ago, when it was reset. The reason behind the reset, as I am told, is nothing particular related to said upgrade; just a plain old Windows 10 making trouble.

Stack Exchange: Resolving harassment problem by punishing victims

Stack Exchange is the title of a series of online community sites that includes the famous Stack Overflow, the question and answer site for the software developers. By its own confession, Stack Exchange is a very unfriendly place.

Screenshot: Stack Exchange

So, recently, moderators have started enforcing its policies more strictly. Good, isn’t it? Not really. They are punishing victims instead of perpetrators. Read the rest of this entry

Stories whose endings were spoiled prematurely

I am writing this blog post for the fun of it only. Plus, this subject has been occupying my mind for a while. Writing it is getting rid of it. However, I did choose pretty old stories and films.

Regardless of the age of stories, please be warned: Spoilers lie ahead!

Read the rest of this entry

Making a USB flash drive for Window setup

This article demonstrates how to copy a Windows installation source to a USB flash drive (UFD), and make that UFD bootable, without using any third-party app. Every now and then, such an article must be re-written to update the sum of knowledge. Only the tools included with the operating system are used. This article assumes you have at least Windows 7. Also, it assumes that the OS you’d like to copy to a UFD is Windows Vista, 7, 8, 8.1 or 10 and is already available to you on DVD or in folder somewhere.

Read the rest of this entry

Where can I find BootSect.exe and BootRec.exe?

BootSect.exe and BootRec.exe are both components of Windows Vista and later. They help make disks bootable.

Both are included with a Windows DVD or ISO but are not installed.

BootSect.exe features /nt60, /nt52 and /mbr switches. It can be found in the “boot” folder, at the root of the Windows DVD.

BootRec.exe features /FixMbr, /FixBoot and /RebuildBCD switches. However, it is harder to find. It is only exposed if a computer is booted into Windows Setup or Windows Recovery Environment. Otherwise, one has to extract it from the “boot.wim” file in the “sources” folder of Windows setup disc, or  the “winre.wim” file in a subfolder of “C:\Recovery” folder (although you might not find such a file), via DISM or 7-Zip. Once either of the two images of “boot.wim” are mounted or opened, BootRec.exe can be located under “Windows\System32” subfolder.

The definitive guide to stopping forced Windows 10 upgrades (GWX) permanently

Screenshot: Forced upgrade to Windows 10 in progress

Screenshot of the Get Windows 10 (GWX) app, which forces users to upgrade to Windows 10

So… are you annoyed by the Get Windows 10 (GWX) app which hogs your bandwidth and tries to persuade you to upgrade to Windows 10? And you want to put a stop to it? You are in the right place.

Read the rest of this entry

I received a cryptic message!

An incoming text, in a Nokia N79. Part of the message is corrupted.

An incoming text, in a Nokia N79. Part of the message is corrupted.

I have already wrote about the evils of plain text and how it is one of the worst inventions of the computing field. But as if I needed a tangible example for my readership, yesterday, I received a cryptic text (I mean SMS) on my mobile phone, which run as follows:

Tried my best; knew your life depends on it:捨⵰潬楣礯㈰ㄴ⼰㘯慰灥慬猭捯畲琭瑨牯睳ⵯ畴ⴳ㐰〰〭潮汩湥⵬楢敬⵲畬楮术⍰㌍ਊ慲獴散桮楣愮捯洯獥捵物瑹⼲〱㐯〶⽵湤敲ⵤ摯猭晥敤汹ⵢ畣歬敳ⵢ畴ⵤ敦楥猭慴瑡捫敲猭數瑯牴楯渭摥浡湤猯

It was a very tough situation: My life depended on a corrupt text. But fortunately, I had a Windows computer at hand and I could fix it. Read the rest of this entry

TrueCrypt: Its last bow

June 2016 update: Link repairs.

TrueCrypt is a discontinued free disk encryption utility for Windows, Mac, and Linux. It is a free and shared-source alternative to BitLocker, but is not restricted to the high-end editions of Windows and does not need Trusted Platform Module (TPM).

TrueCrypt v7.1a running on Windows 8.1

TrueCrypt v7.1a running on Windows 8.1

TrueCrypt’s sudden end of life on 28 May 2014 become controversial, since unlike most computer programs, TrueCrypt’s authors beheaded it with the release of version 7.2. Read the rest of this entry

Unregistering and deleting an event log

Today, I’ve decided to write about unregistering and deleting Windows event logs, because searching the web about this subject brings up some very dangerous results with dangerous consequences.

Event Viewer in Windows Vista: In comparison to its predecessor in Windows Server 2003, it has become several times more elaborate to accommodate the vast logging infrastructure introduced in this version of Windows.

Event Viewer in Windows Vista: In comparison to its predecessor in Windows Server 2003, it has become several times more elaborate to accommodate the vast logging infrastructure introduced in this version of Windows.

Problem: A user notices redundant event logs in Event Viewer or PowerShell, i.e. the program with which they were associated are now gone and their contents is irrelevant. These event logs might be occupying valuable disk space, e.g. 128 MB. Deleting them is tempting.

This article requires Windows PowerShell 2.0 or later, which comes with Windows 7 and Windows Server 2008 R2.

Cautious approach

If reclaiming disk space is the goal, then empty the log and forget about it. An empty log that occupies a just few bytes is not a problem on a computer that has 165,606 files.

Unregistering and deleting the log file only makes sense when the sheer number of these logs is causing a slowdown (e.g. when there are 100 redundant logs) or when eliminating all traces of an app from a computer is important (e.g. mandated by a corporate policy).

A word of warning

The following event logs are part of Windows; if you unregister them by accident, the ensuing dire consequences may force you to reinstall Windows. You can empty them if you wish, but never unregister them:

  • Application
  • HardwareEvents
  • Internet Explorer
  • Key Management Service
  • Security
  • System
  • Windows PowerShell

Unregistering and deleting via PowerShell

To see a list of registered event logs in PowerShell, issue a Get-EventLog -List order. Here is an example of the result:

PS C:\Windows\system32> Get-EventLog -list

Max(K) Retain OverflowAction        Entries Log
  ------ ------ --------------        ------- ---
  20,480      0 OverwriteAsNeeded      32,288 Application
     512      1 OverwriteOlder              0 Autodesk REX
     512      7 OverwriteOlder              1 COMODO Internet Security
     512      7 OverwriteOlder            142 GhostBuster
  20,480      0 OverwriteAsNeeded           0 HardwareEvents
     512      7 OverwriteOlder              0 Internet Explorer
  20,480      0 OverwriteAsNeeded           0 Key Management Service
     128      0 OverwriteAsNeeded         671 OAlerts
  20,480      0 OverwriteAsNeeded       6,362 Security
  20,480      0 OverwriteAsNeeded      55,179 System
     512      7 OverwriteOlder          1,211 TuneUp
  15,360      0 OverwriteAsNeeded         387 Windows PowerShell

To delete an event log from the list, use Remove-EventLog -LogName command, as follows:

PS C:\Windows\system32> Remove-EventLog -LogName "Autodesk REX"
PS C:\Windows\system32> Remove-EventLog -LogName GhostBuster

There won’t be any message indicating success, but failure would be reported. Below is an example of what happens if you try to delete a non-existing log or try deleting an existing log without administrative privileges.

PS C:\Windows\system32> Remove-EventLog -LogName System2
Remove-EventLog : The Log name "System2" does not exist in the computer "localhost".
At line:1 char:1
+ Remove-EventLog -LogName System2
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Remove-EventLog], InvalidOperationException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.RemoveEventLogCommand
PS C:\Windows\system32> Remove-EventLog -LogName System
Remove-EventLog : Requested registry access is not allowed.
At line:1 char:1
+ Remove-EventLog Security
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [Remove-EventLog], SecurityException
+ FullyQualifiedErrorId : NewEventlogException,Microsoft.PowerShell.Commands.RemoveEventLogCommand
%d bloggers like this: