Category Archives: Windows Administration
Windows Updates helps users keep their Microsoft software up-to-date, either by downloading them from Microsoft over an Internet connection, or from a local server running Windows Server Update Services (WSUS). WSUS itself downloads them from Microsoft. The whole process is fully automated but it is also possible to download update packages from Microsoft to install them manually, if there is the need.
But how about downloading them from a local WSUS server?
[Updated 16 July 2018]
Today, I came across a computer running Windows 10 Enterprise v1709, and after chatting with the local admin, I plugged my USB Flash Drive in and upgraded it to v1803.
The upgrade went smoothly.
After the installation and OOBE all finished, and I was more than a kilometer away from said computer, I remembered that the Windows Setup inside my USB Flash Drive was created with Microsoft’s official Media Creator utility for my personal laptop. Very legit and all… but it does not contain Windows 10 Enterprise edition! The Enterprise edition can only be procured from the Microsoft Volume Licencing Center. In addition, at the time of the upgrade, the target computer was offline. There was no Internet connection, LAN connection or Bluetooth connection; so, Windows Setup could not have downloaded a Windows 10 Enterprise edition.
To be honest, I am scared. I have not heard that it is possible to upgrade with the wrong edition’s installation image. Fortunately, before the upgrade, I had told the local admin to keep a backup copy handy and be on the look out for any sign of trouble.
Update (16 July 2018): The computer did not experience any problems until a few days ago, when it was reset. The reason behind the reset, as I am told, is nothing particular related to said upgrade; just a plain old Windows 10 making trouble.
This article demonstrates how to copy a Windows installation source to a USB flash drive (UFD), and make that UFD bootable, without using any third-party app. Every now and then, such an article must be re-written to update the sum of knowledge. Only the tools included with the operating system are used. This article assumes you have at least Windows 7. Also, it assumes that the OS you’d like to copy to a UFD is Windows Vista, 7, 8, 8.1 or 10 and is already available to you on DVD or in folder somewhere.
BootSect.exe and BootRec.exe are both components of Windows Vista and later. They help make disks bootable. Both are included with a Windows installation DVD, USB flash drive or ISO.
/mbr switches. It can be found in the “boot” folder, at the root of the Windows installation media. Also, a copy it can be found in the same places as BootRec.exe. (Read below.) Starting with Windows 8, a copy of it is installed in “C:\Windows\System32” folder, but this was not the case with Windows 7.
/RebuildBCD switches. However, it is harder to find. It is only exposed if a computer is booted into Windows Setup or Windows Recovery Environment. Otherwise, one has to extract it from the “sources\boot.wim” file of the Windows installation media, or the elusive “winre.wim” file. These .wim files can be mounted via DISM or browsed using 7-Zip. Once either of the two images of “boot.wim” are mounted or opened, BootRec.exe can be located under “Windows\System32” subfolder.
Update (2018-08-09): Updated with additional info.
 The “winre.wim” file is not guaranteed to exist on all Windows installations; OEMs may not include it, may rename or may place it somewhere different. Depending on the Windows version, edition and installation condition, this file may be found on the system volume, boot volume or recovery volume. (On is C:, the other two are hidden volumes.) Within that volume, look for a hidden “Recovery” folder. In that folder, there is a randomly named (GUID) subfolder. Inside that folder, you find “winre.wim”.
So… are you annoyed by the Get Windows 10 (GWX) app which hogs your bandwidth and tries to persuade you to upgrade to Windows 10? And you want to put a stop to it? You are in the right place.
Today, I’ve decided to write about unregistering and deleting Windows event logs, because searching the web about this subject brings up some very dangerous results with dangerous consequences.
Problem: A user notices redundant event logs in Event Viewer or PowerShell, i.e. the program with which they were associated are now gone and their contents is irrelevant. These event logs might be occupying valuable disk space, e.g. 128 MB. Deleting them is tempting.
This article requires Windows PowerShell 2.0 or later, which comes with Windows 7 and Windows Server 2008 R2.
If reclaiming disk space is the goal, then empty the log and forget about it. An empty log that occupies a just few bytes is not a problem on a computer that has 165,606 files.
Unregistering and deleting the log file only makes sense when the sheer number of these logs is causing a slowdown (e.g. when there are 100 redundant logs) or when eliminating all traces of an app from a computer is important (e.g. mandated by a corporate policy).
A word of warning
The following event logs are part of Windows; if you unregister them by accident, the ensuing dire consequences may force you to reinstall Windows. You can empty them if you wish, but never unregister them:
- Internet Explorer
- Key Management Service
- Windows PowerShell
Unregistering and deleting via PowerShell
To see a list of registered event logs in PowerShell, issue a
Get-EventLog -List order. Here is an example of the result:
PS C:\Windows\system32> Get-EventLog -list Max(K) Retain OverflowAction Entries Log ------ ------ -------------- ------- --- 20,480 0 OverwriteAsNeeded 32,288 Application 512 1 OverwriteOlder 0 Autodesk REX 512 7 OverwriteOlder 1 COMODO Internet Security 512 7 OverwriteOlder 142 GhostBuster 20,480 0 OverwriteAsNeeded 0 HardwareEvents 512 7 OverwriteOlder 0 Internet Explorer 20,480 0 OverwriteAsNeeded 0 Key Management Service 128 0 OverwriteAsNeeded 671 OAlerts 20,480 0 OverwriteAsNeeded 6,362 Security 20,480 0 OverwriteAsNeeded 55,179 System 512 7 OverwriteOlder 1,211 TuneUp 15,360 0 OverwriteAsNeeded 387 Windows PowerShell
To delete an event log from the list, use
Remove-EventLog -LogName command, as follows:
PS C:\Windows\system32> Remove-EventLog -LogName "Autodesk REX" PS C:\Windows\system32> Remove-EventLog -LogName GhostBuster
There won’t be any message indicating success, but failure would be reported. Below is an example of what happens if you try to delete a non-existing log or try deleting an existing log without administrative privileges.
PS C:\Windows\system32> Remove-EventLog -LogName System2 Remove-EventLog : The Log name "System2" does not exist in the computer "localhost". At line:1 char:1 + Remove-EventLog -LogName System2 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [Remove-EventLog], InvalidOperationException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.RemoveEventLogCommand PS C:\Windows\system32> Remove-EventLog -LogName System Remove-EventLog : Requested registry access is not allowed. At line:1 char:1 + Remove-EventLog Security + ~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : SecurityError: (:) [Remove-EventLog], SecurityException + FullyQualifiedErrorId : NewEventlogException,Microsoft.PowerShell.Commands.RemoveEventLogCommand
This article assumes you have heard about the new features of Windows 8.1 in Update 1 and decided to give it a try. So, you’d install a stock Windows 8.1 from a DVD and then proceed to Windows Update to install Update 1.
But you don’t find it there.
Update (November 2017): It has come my attention that this blog post has become the #1 search result for this topic. Therefore, I believe an update, even a minor one, is due.
Let’s assume you have created a folder called “Programs” in your D: volume and now you want its NTFS permissions to match that of “C:\Program Files”, thus having the same level of security.
There are more than one ways. It can be accomplished with the following utilities:
- icACLs and Notepad
- Windows PowerShell
- XCopy (not recommended)
- Robocopy (not recommended)
Since the subject of NTFS security is one that requires intermediate knowledge of Windows, I will skip elementary details such as how to run a certain program with elevated privileges. Read the rest of this entry