Blog Archives

I received a cryptic message!

An incoming text, in a Nokia N79. Part of the message is corrupted.

An incoming text, in a Nokia N79. Part of the message is corrupted.

I have already wrote about the evils of plain text and how it is one of the worst inventions of the computing field. But as if I needed a tangible example for my readership, yesterday, I received a cryptic text (I mean SMS) on my mobile phone, which run as follows:

Tried my best; knew your life depends on it:
http://arstechnica.com/te捨⵰潬楣礯㈰ㄴ⼰㘯慰灥慬猭捯畲琭瑨牯睳ⵯ畴ⴳ㐰〰〭潮汩湥⵬楢敬⵲畬楮术⍰㌍ਊ慲獴散桮楣愮捯洯獥捵物瑹⼲〱㐯〶⽵湤敲ⵤ摯猭晥敤汹ⵢ畣歬敳ⵢ畴ⵤ敦楥猭慴瑡捫敲猭數瑯牴楯渭摥浡湤猯

It was a very tough situation: My life depended on a corrupt text. But fortunately, I had a Windows computer at hand and I could fix it. Read the rest of this entry

Advertisements

Unregistering and deleting an event log

Today, I’ve decided to write about unregistering and deleting Windows event logs, because searching the web about this subject brings up some very dangerous results with dangerous consequences.

Event Viewer in Windows Vista: In comparison to its predecessor in Windows Server 2003, it has become several times more elaborate to accommodate the vast logging infrastructure introduced in this version of Windows.

Event Viewer in Windows Vista: In comparison to its predecessor in Windows Server 2003, it has become several times more elaborate to accommodate the vast logging infrastructure introduced in this version of Windows.

Problem: A user notices redundant event logs in Event Viewer or PowerShell, i.e. the program with which they were associated are now gone and their contents is irrelevant. These event logs might be occupying valuable disk space, e.g. 128 MB. Deleting them is tempting.

This article requires Windows PowerShell 2.0 or later, which comes with Windows 7 and Windows Server 2008 R2.

Cautious approach

If reclaiming disk space is the goal, then empty the log and forget about it. An empty log that occupies a just few bytes is not a problem on a computer that has 165,606 files.

Unregistering and deleting the log file only makes sense when the sheer number of these logs is causing a slowdown (e.g. when there are 100 redundant logs) or when eliminating all traces of an app from a computer is important (e.g. mandated by a corporate policy).

A word of warning

The following event logs are part of Windows; if you unregister them by accident, the ensuing dire consequences may force you to reinstall Windows. You can empty them if you wish, but never unregister them:

  • Application
  • HardwareEvents
  • Internet Explorer
  • Key Management Service
  • Security
  • System
  • Windows PowerShell

Unregistering and deleting via PowerShell

To see a list of registered event logs in PowerShell, issue a Get-EventLog -List order. Here is an example of the result:

PS C:\Windows\system32> Get-EventLog -list

Max(K) Retain OverflowAction        Entries Log
  ------ ------ --------------        ------- ---
  20,480      0 OverwriteAsNeeded      32,288 Application
     512      1 OverwriteOlder              0 Autodesk REX
     512      7 OverwriteOlder              1 COMODO Internet Security
     512      7 OverwriteOlder            142 GhostBuster
  20,480      0 OverwriteAsNeeded           0 HardwareEvents
     512      7 OverwriteOlder              0 Internet Explorer
  20,480      0 OverwriteAsNeeded           0 Key Management Service
     128      0 OverwriteAsNeeded         671 OAlerts
  20,480      0 OverwriteAsNeeded       6,362 Security
  20,480      0 OverwriteAsNeeded      55,179 System
     512      7 OverwriteOlder          1,211 TuneUp
  15,360      0 OverwriteAsNeeded         387 Windows PowerShell

To delete an event log from the list, use Remove-EventLog -LogName command, as follows:

PS C:\Windows\system32> Remove-EventLog -LogName "Autodesk REX"
PS C:\Windows\system32> Remove-EventLog -LogName GhostBuster

There won’t be any message indicating success, but failure would be reported. Below is an example of what happens if you try to delete a non-existing log or try deleting an existing log without administrative privileges.

PS C:\Windows\system32> Remove-EventLog -LogName System2
Remove-EventLog : The Log name "System2" does not exist in the computer "localhost".
At line:1 char:1
+ Remove-EventLog -LogName System2
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Remove-EventLog], InvalidOperationException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.RemoveEventLogCommand
 
PS C:\Windows\system32> Remove-EventLog -LogName System
Remove-EventLog : Requested registry access is not allowed.
At line:1 char:1
+ Remove-EventLog Security
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [Remove-EventLog], SecurityException
+ FullyQualifiedErrorId : NewEventlogException,Microsoft.PowerShell.Commands.RemoveEventLogCommand
 

Copying NTFS permissions between folders

Update (November 2017): It has come my attention that this blog post has become the #1 search result for this topic. Therefore, I believe an update, even a minor one, is due.

Let’s assume you have created a folder called “Programs” in your D: volume and now you want its NTFS permissions to match that of “C:\Program Files”, thus having the same level of security.

Basic NTFS permission of

Basic NTFS permission of “Program Files” folder in Windows 7

There are more than one ways. It can be accomplished with the following utilities:

  1. icACLs and Notepad
  2. Windows PowerShell
  3. XCopy (not recommended)
  4. Robocopy (not recommended)

Since the subject of NTFS security is one that requires intermediate knowledge of Windows, I will skip elementary details such as how to run a certain program with elevated privileges. Read the rest of this entry

Finding wallpaper location in Windows 7 and Windows 8

This article introduces two PowerShell scripts that help you find the wallpaper location in Windows 7 and Windows 8.

View of Garachico, Tenerife, Spain by Diego Delso

View of Garachico, Tenerife, Spain by Diego Delso


Read the rest of this entry

Shortcuts that everyone must absolutely know

Whether you are beginners who just want to survive in the post-2012 computing ecosystem that Microsoft created or a computer guru, there are shortcuts that you must absolutely know.

A backspace key on a rock, having been removed from a keyboard.

As soon as you see these shortcuts, you’ll be laughing and saying: “Ha! I knew them!” But I am not sure that would be the case when you are done reading.

Read the rest of this entry

Windows 8.1 Preview: Hits and misses

Windows 8.1 Preview has both new features and flops, some of which are bugs that will be solved by the time it is released to manufacturing (RTM) and some are flops by design and will never get fixed.
Screenshot: Windows 8.1 error  on small screen
Here is the first: Windows 8.1 Preview still does not run Metro-style apps on screens whose vertical resolution is lower than 768. That means, they do not run on your 720p High Definition TV (1280×720) .

Read the rest of this entry

Renaming in PowerShell: Underscore to Space

Special thanks goes to Jeffery Hicks for the original post in his blog, The Lonely Administrator. The following explains how to use Windows PowerShell to rename a group of files, so that all underscore characters (“_”) become space characters. Read the rest of this entry

A quick way to delete all files with a certain name pattern in Windows

This article introduces a simple way to list and delete all files with a certain name pattern in a folder and all its sub-folders. A common scenario is deleting the hidden thumbs.db files which Windows XP (and in some cases, Windows 7) stores in each folder that contains pictures or video files.

Read the rest of this entry

%d bloggers like this: