Windows 8 VHDx Native Boot without Host Operation System

1. Boot the machine from your trusty USB Windows 8 Pro or Enterprise stick.
2. When it comes to the first screen, press SHIFT+F10 for command window.
3. Format C: /q — This is optional, but make sure you delete c:\bootmgr
4. Copy Windows 8 VHDx file to any location on the hard disk [In this case I copied it to C:\VHD\Win8Pro.vhdx]
5. Copy Bootmgr from the USB disk – Very important step, only the Windows 8 bootmgr will allow boot from VHDx
6. Type the following commands in the WinPE command window:

C:\>DISKPART
DISKPART>SEL VDISK File=C:\VHD\Win8Pro.vhdx
DISKPART>ATTACH VDISK
DISKPART>LIST VOL (This lists the drive letters and mappings, assuming F: maps to the VDISK)
DISKPART>Exit
C:\>Bcdboot F:\Windows

Now the system is ready, just Reboot the system and this will take you straight into your VHDx.

Posted in Uncategorized | Comments Off

Canonical Names of Windows Control Panel Items

The following canonical names are defined for Control Panel items in Windows 7. All names are also valid on Windows Vista unless specified otherwise. Not all Control Panel items are available on all varieties of Windows and some Control Panel items might appear only when appropriate hardware is detected. These canonical names do not change for different languages. They are always in English, even if the system’s language is non-English.

As of Windows Vista, each Control Panel item is given a canonical name for use in programmatically launching that item. This topic lists each Control Panel item, its canonical name, and its GUID.

Windows 7 Control Panel Canonical Names

The following canonical names are defined for Control Panel items in Windows 7. All names are also valid on Windows Vista unless specified otherwise. Not all Control Panel items are available on all varieties of Windows and some Control Panel items might appear only when appropriate hardware is detected. These canonical names do not change for different languages. They are always in English, even if the system’s language is non-English.

Control Panel Item Canonical name GUID
Action Center Microsoft.ActionCenter (Windows 7 and later only) {BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}
Administrative Tools Microsoft.AdministrativeTools {D20EA4E1-3957-11d2-A40B-0C5020524153}
AutoPlay Microsoft.AutoPlay {9C60DE1E-E5FC-40f4-A487-460851A8D915}
Backup and Restore Microsoft.BackupAndRestore (Windows 7 and later only) {B98A2BEA-7D42-4558-8BD1-832F41BAC6FD}
Biometric Devices Microsoft.BiometricDevices (Windows 7 and later only) {0142e4d0-fb7a-11dc-ba4a-000ffe7ab428}
BitLocker Drive Encryption Microsoft.BitLockerDriveEncryption {D9EF8727-CAC2-4e60-809E-86F80A666C91}
Color Management Microsoft.ColorManagement {B2C761C6-29BC-4f19-9251-E6195265BAF1}
Credential Manager Microsoft.CredentialManager (Windows 7 and later only) {1206F5F1-0569-412C-8FEC-3204630DFB70}
Date and Time Microsoft.DateAndTime {E2E7934B-DCE5-43C4-9576-7FE4F75E7480}
Default Location Microsoft.DefaultLocation (Windows 7 and later only) {00C6D95F-329C-409a-81D7-C46C66EA7F33}
Default Programs Microsoft.DefaultPrograms {17cd9488-1228-4b2f-88ce-4298e93e0966}
Desktop Gadgets Microsoft.DesktopGadgets (Windows 7 and later only) {37efd44d-ef8d-41b1-940d-96973a50e9e0}
Device Manager Microsoft.DeviceManager {74246bfc-4c96-11d0-abef-0020af6b0b7a}
Devices and Printers Microsoft.DevicesAndPrinters (Windows 7 and later only) {A8A91A66-3A7D-4424-8D24-04E180695C7A}
Display Microsoft.Display (Windows 7 and later only) {C555438B-3C23-4769-A71F-B6D3D9B6053A}
Ease of Access Center Microsoft.EaseOfAccessCenter {D555645E-D4F8-4c29-A827-D93C859C4F2A}
Folder Options Microsoft.FolderOptions {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
Fonts Microsoft.Fonts {93412589-74D4-4E4E-AD0E-E0CB621440FD}
Game Controllers Microsoft.GameControllers {259EF4B1-E6C9-4176-B574-481532C9BCE8}
Get Programs Microsoft.GetPrograms {15eae92e-f17a-4431-9f28-805e482dafd4}
Getting Started Microsoft.GettingStarted (Windows 7 and later only) {CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1}
HomeGroup Microsoft.HomeGroup (Windows 7 and later only) {67CA7650-96E6-4FDD-BB43-A8E774F73A57}
Indexing Options Microsoft.IndexingOptions {87D66A43-7B11-4A28-9811-C86EE395ACF7}
Infrared Microsoft.Infrared (Windows 7 and later only) {A0275511-0E86-4ECA-97C2-ECD8F1221D08}
Internet Options Microsoft.InternetOptions {A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}
iSCSI Initiator Microsoft.iSCSIInitiator {A304259D-52B8-4526-8B1A-A1D6CECC8243}
Keyboard Microsoft.Keyboard {725BE8F7-668E-4C7B-8F90-46BDB0936430}
Location and Other Sensors Microsoft.LocationAndOtherSensors (Windows 7 and later only) {E9950154-C418-419e-A90A-20C5287AE24B}
Mouse Microsoft.Mouse {6C8EEC18-8D75-41B2-A177-8831D59D2D50}
Network and Sharing Center Microsoft.NetworkAndSharingCenter {8E908FC9-BECC-40f6-915B-F4CA0E70D03D}
Notification Area Icons Microsoft.NotificationAreaIcons (Windows 7 and later only) {05d7b0f4-2121-4eff-bf6b-ed3f69b894d9}
Offline Files Microsoft.OfflineFiles {D24F75AA-4F2B-4D07-A3C4-469B3D9030C4}
Parental Controls Microsoft.ParentalControls {96AE8D84-A250-4520-95A5-A47A7E3C548B}
Pen and Touch Microsoft.PenAndTouch (Windows 7 and later only) {F82DF8F7-8B9F-442E-A48C-818EA735FF9B}
People Near Me Microsoft.PeopleNearMe {5224F545-A443-4859-BA23-7B5A95BDC8EF}
Performance Information and Tools Microsoft.PerformanceInformationAndTools {78F3955E-3B90-4184-BD14-5397C15F1EFC}
Personalization Microsoft.Personalization {ED834ED6-4B5A-4bfe-8F11-A626DCB6A921}
Phone and Modem Microsoft.PhoneAndModem (Windows 7 and later only) {40419485-C444-4567-851A-2DD7BFA1684D}
Power Options Microsoft.PowerOptions {025A5937-A6BE-4686-A844-36FE4BEC8B6D}
Programs and Features Microsoft.ProgramsAndFeatures {7b81be6a-ce2b-4676-a29e-eb907a5126c5}
Recovery Microsoft.Recovery (Windows 7 and later only) {9FE63AFD-59CF-4419-9775-ABCC3849F861}
Region and Language Microsoft.RegionAndLanguage (Windows 7 and later only) {62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}
RemoteApp and Desktop Connections Microsoft.RemoteAppAndDesktopConnections (Windows 7 and later only) {241D7C96-F8BF-4F85-B01F-E2B043341A4B}
Scanners and Cameras Microsoft.ScannersAndCameras {00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}
Sound Microsoft.Sound (Windows 7 and later only) {F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}
Speech Recognition Microsoft.SpeechRecognition (Windows 7 and later only) {58E3C745-D971-4081-9034-86E34B30836A}
Sync Center Microsoft.SyncCenter {9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}
System Microsoft.System {BB06C0E4-D293-4f75-8A90-CB05B6477EEE}
Tablet PC Settings Microsoft.TabletPCSettings {80F3F1D5-FECA-45F3-BC32-752C152E456E}
Taskbar and Start Menu Microsoft.TaskbarAndStartMenu {0DF44EAA-FF21-4412-828E-260A8728E7F1}
Text to Speech Microsoft.TextToSpeech {D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}
Troubleshooting Microsoft.Troubleshooting (Windows 7 and later only) {C58C4893-3BE0-4B45-ABB5-A63E4B8C8651}
User Accounts Microsoft.UserAccounts {60632754-c523-4b62-b45c-4172da012619}
Windows Anytime Upgrade Microsoft.WindowsAnytimeUpgrade {BE122A0E-4503-11DA-8BDE-F66BAD1E3F3A}
Windows CardSpace Microsoft.CardSpace {78CB147A-98EA-4AA6-B0DF-C8681F69341C}
Windows Defender Microsoft.WindowsDefender {D8559EB9-20C0-410E-BEDA-7ED416AECC2A}
Windows Firewall Microsoft.WindowsFirewall {4026492F-2F69-46B8-B9BF-5654FC07E423}
Windows Mobility Center Microsoft.MobilityCenter {5ea4f148-308c-46d7-98a9-49041b1dd468}
Windows SideShow Microsoft.WindowsSideShow {E95A4861-D57A-4be1-AD0F-35267E261739}
Windows Update Microsoft.WindowsUpdate {36eef7db-88ad-4e81-ad49-0e313f0c35f8}

Windows Vista Control Panel Canonical Names

The following are canonical names for Control Panel items found in Windows Vista that have been renamed or removed as of Windows 7. For compatibility with Windows Vista, all of these names are valid on Windows 7, but the experience can be different:

  • Some items have been simply renamed and given new canonical names, retaining the same GUID. The old canonical name launches the Control Panel item, which may or may not use the same UI seen in Windows Vista.
  • The functionality of some items has been moved or consolidated with other items in a new item. In this case, the old canonical name maps to the most appropriate new Control Panel item.
Control Panel Item Canonical name GUID Notes
Add Hardware Microsoft.AddHardware {7A979262-40CE-46ff-AEEE-7884AC3B6136} Maps to Microsoft.DevicesAndPrinters
Sound Microsoft.AudioDevicesAndSoundThemes {F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D} Now Microsoft.Sound
Backup and Restore Center Microsoft.BackupAndRestoreCenter {B98A2BEA-7D42-4558-8BD1-832F41BAC6FD} Now Microsoft.BackupAndRestore
Windows Marketplace Microsoft.GetProgramsOnline {3e7efb4c-faf1-453d-89eb-56026875ef90} Removed
Infrared Microsoft.InfraredOptions {A0275511-0E86-4ECA-97C2-ECD8F1221D08} Now Microsoft.Infrared.
Pen and Input Devices Microsoft.PenAndInputDevices {F82DF8F7-8B9F-442E-A48C-818EA735FF9B} Now Microsoft.PenAndTouch
Phone and Modem Microsoft.PhoneAndModemOptions {40419485-C444-4567-851A-2DD7BFA1684D} Now Microsoft.PhoneAndModem
Printers Microsoft.Printers {2227A280-3AEA-1069-A2DE-08002B30309D} Maps to Microsoft.DevicesAndPrinters
Problem Reports and Solutions Microsoft.ProblemReportsAndSolutions {FCFEECAE-EE1B-4849-AE50-685DCF7717EC} Maps to Microsoft.ActionCenter
Regional and Language Options Microsoft.RegionalAndLanguageOptions {62D8ED13-C9D0-4CE8-A914-47DD628FB1B0} Now Microsoft.RegionAndLanguage
Windows Security Center Microsoft.SecurityCenter {087DA31B-0DD3-4537-8E23-64A18591F88B} Maps to Microsoft.ActionCenter
Speech Recognition Options Microsoft.SpeechRecognitionOptions {58E3C745-D971-4081-9034-86E34B30836A} Now Microsoft.SpeechRecognition
Welcome Center Microsoft.WelcomeCenter {CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} Now Microsoft.GettingStarted
Windows Sidebar Properties Microsoft.WindowsSidebarProperties {37efd44d-ef8d-41b1-940d-96973a50e9e0} Now Microsoft.DesktopGadgets
Posted in Uncategorized | Comments Off

Reset Windows 7 Password without a Password Recovery Key

I came across this rather easy way to get into a password protected W7 system:

Like with all other solutions that allow you to reset the Windows password without having an account on the corresponding computer, you have to boot from a second operating system and access the Windows installation while it is offline.

You can do this with a bootable Windows PE USB stick or by using Windows RE. You can start Windows RE by booting the Windows Vista or Windows 7 setup DVD and then selecting “Repair” instead of “Install Windows.”

By the way, you can’t use the Windows XP boot CD for this purpose because its Recovery Console will ask for a password for the offline installation. However, you can use a Vista or Windows 7 DVD to reset a forgotten Windows administrator password on Windows XP.

This works because Windows RE, which is based on Vista or Windows 7, will let you launch a command prompt with access to an offline installation without requiring a password.

To reset a forgotten administrator password, follow these steps:

1. Boot from Windows PE or Windows RE and access the command prompt.

2. Find the drive letter of the partition where Windows is installed. In Vista and Windows XP, it is usually C:, in Windows 7, it is D: in most cases because the first partition contains Startup Repair. To find the drive letter, type C: (or D:, respectively) and search for the Windows folder. Note that Windows PE (RE) usually resides on X:.

3. Type the following command (replace “d:” with the correct drive letter if Windows is not located on D: copy d:\windows\system32\sethc.exe d:\
This creates a copy of sethc.exe to restore later.

4. Type this command to replace sethc.exe with cmd.exe:
copy /y d:\windows\system32\cmd.exe d:\windows\system32\sethc.exe
Reboot your computer and start the Windows installation where you forgot the administrator password.

5. After you see the logon screen, press the SHIFT key five times.

6. You should see a command prompt where you can enter the following command to reset the Windows password: net user your_user_name new_password
If you don’t know your user name, just type net user to list the available user names.

7. You can now log on with the new password.

Recommend you replace sethc.exe with the copy you stored in the root folder of your system drive in step 3. For this, you have to boot up again with Windows PE or RE because you can’t replace system files while the Windows installation is online. Then you have to enter this command:

copy /y d:\sethc.exe d:\windows\system32\sethc.exe

Posted in Windows | Comments Off

Removing a Ghosted Network Adapter

Under certain conditions, you may see this error message from a Windows guest operating system:
The IP address XXX.XXX.XXX.XXX you have entered for this network adapter is already assigned to another adapter Name of adapter. Name of adapter is hidden from the network and Dial-up Connections folder because it is not physically in the computer or is a legacy adapter that is not working. If the same address is assigned to both adapters and they become active, only one of them will use this address. This may result in incorrect system configuration. Do you want to enter a different IP address for this adapter in the list of IP addresses in the advanced dialog box?

In this message, XXX.XXX.XXX.XXX is an IP address that you are trying to set and Name of adapter is the name of a network adapter that is present in the registry but hidden in Device Manager.

This can occur when you change a network connection’s TCP/IP configuration from DHCP to a static IP address if:

•You have upgraded virtual network adapters.

•You have added and removed network adapters multiple times.

The cause of the error is that a network adapter with the same IP address is in the Windows registry but is hidden in the Device Manager (My Computer > Properties > Hardware > Device Manager). This hidden adapter is called a ghosted network adapter.

Using the Show hidden devices option in the Device Manager (View > Show hidden devices) does not always show the old virtual NIC (ghosted adapter) to which that IP Address is assigned
For more information, see the Microsoft Knowledge Base article 269155.

To resolve this issue, make the ghosted network adapter visible in the Device Manager and uninstall the ghosted network adapter from the registry:

1.Select Start > Run, type cmd.exe, and press Enter.2.At the command prompt, run this command:

set devmgr_show_nonpresent_devices=1

Another method of resolving this problem is to use the DevCon utility. This is a command-line utility that acts as an alternative to Device Manager. When you use DevCon, you can enable, utility disable, restart, update, remove, and query individual devices or groups of devices.

To use DevCon:

1.Download the DevCon tool from Microsoft Knowledge Base article 311272.

2.Unpack the 32 bit or 64 bit DevCon tool binary to a local folder.
3.Click Start > Run, type cmd,and press Enter.
4.Type CD:\path_to_binariesto navigate to the devcon.exeis located.
5.Use this syntax to find installed network adapters:

devcon findall *net*

or

devcon listclass net

Note: In the output of the previous commands, there is a line for the ghosted network adapter that is similar to PCI\.

6.Run this command to remove the adapter:

devcon remove @device\name

For example, devcon remove “@PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2″ .

Note: IDs that include an ampersand character (&) must be enclosed in quotation marks as seen in the example.

7.Reboot the system and you no longer see the ghost network adapters.

Note: If you did not get the Device Instance ID or the OCI name from devcon, search for the adapter name in the registry using Find by going to Start > Run and type regedit. Then copy the Device Instance ID for the concerned adapter. When you locate the device use the command from Step 6 above.

Posted in Forefront TMG, Hyper-V, Server 2008 R2, Windows | Comments Off

Extending a 7 or 2K8 partition by using the command line

Extending a partition by using the command line – Works on system partition of 2008 Core / Std / Ent

Saves the bacon when you made that .VHD too small!

1. Click Start and type CMD, then press Enter.
2. In the command prompt type

Diskpart

3. Select the right disk drive and partition to work on.
Typically this should be disk 0 and partition 2.

Select disk 0
Select partition 1

Note: You may want to perform a LIST operation to view your existing disks and partitions BEFORE attempting to expand the wrong one. Needless to say, if you don’t have any space you can use on the same disk, you will NOT be able to extend the partition any further.

List disk
List partition

4. When the right disk and partitions were selected, perform the EXTEND command.

Extend size=500
The above command will extend the partition by 500 MB.

Extend
The above command will extend the partition by using all of the contiguous space available on that disk.

Posted in Server 2008 R2, Windows | Comments Off

Exchange 2010 & GoDaddy UCC certificate walkthrough

If you want to use a GoDaddy UCC certificate with Exchange 2010, you’ll run into a few problems using the new certificate GUI tools.

Since GoDaddy does not provide a PFX certificate to download, you have to use the PowerShell command line.

Though you can use the new GUI to assist you in determining which SAN names you need if you want.

MY ADVICE: make your common name just your top level domain name! (ex. montopolis.com) This way you can change out your SANs easily and rekey when needed.

Go to DigiCert’s Exchange 2010 CSR Tool which is just supper handy (GoDaddy really needs to make a version of this tool).

Enter all of your information and click Generate.

Copy the PowerShell code provided into Notepad.

In front of the code you pasted put in “$Data=” (without quotes).

Example:

$Data=New-ExchangeCertificate -GenerateRequest -KeySize 2048 –SubjectName…………………

On the next line enter the following (without quotes)

set-content -path “mycommonname.com.csr” -Value $data

Now paste these two lines into your Exchange Management Shell.

You should now have a mycommonname.com.csr file!

Open this file in notepad so you can copy & paste this for GoDaddy.

Go to https://certs.godaddy.com and request a new UCC certificate. When asked paste your CSR.

Wait for GoDaddy to issue your cert and download it for Exchange 2007. Copy the contents of the ZIP into the directory where your CSR is located.

From the Exchange Management Shell type in, replacing mydomain.com.csr with your filename:

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path mydomain.com.crt -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services “IIS”

Don’t worry about the services enabled right now. We just want to enable one.

Now start your Exchange Management Console –> Server Configuration. You should now see your new certificate listed. Select it and click Assign Services to Certificate from the Actions menu.

Now assign the certificate to the services you want and voila!

Posted in Uncategorized | Comments Off

Disallow Saving Remote Desktop Credentials in Windows 7

To remove the ability of Windows to save your credentials when you log into a remote computer, run gpedit.msc.

Navigate to the following item:

User Configuration | Administrative Templates | Windows Components | Remote Desktop Services

Select the Remote Desktop Connection Client item under Remote Desktop Services. In the Setting list on the right, double-click on the Do not allow passwords to be saved setting. On the dialog box that displays, select the Enabled radio button.

Posted in Uncategorized | Comments Off

Reasons For & Against Cached Exchange Mode

I often get asked about the advantages and drawbacks of using Cached Exchange Mode. With differing customer needs and environments, the answer is not one-fits-all, so here is my short list to answer the question of should you use or not use cached Exchange Mode.

Non-Cached Mode is considered “Online” mode – everything stays on the server.

Cached Mode keeps a master copy on the server and brings a copy local so that if Exchange is not accessible, one can still view personal Outlook Mail, Calendar, etc. Outlook automatically manages your server connection and data updates; when your connection is restored, Outlook synchronizes your cached mailbox with your mailbox on the server.

Reasons Against:

If users have roaming profiles and expect to use Outlook on different machines, I don’t use Cached Mode. This would initiate a local dump of the Exchange mailbox to each local machine used. This creates unnecessary network traffic and is not very secure – having copies of all your mailbox floating around that is.

If security is a concern, especially on laptops, I don’t typically do Cached Mode. It’s really easy to change a users’ password in the event a laptop gets stolen, but what’s the point if the thief has all the time in the world to hack the OS login or use a different method to grab the OST file? If this is required, definitely use Bit Locker or some encryption of the Outlook files to help reduce the impact.

If your users access Outlook through a Terminal Server session, don’t use Cached Mode. Not to worry, as you can’t enable Cached Mode on Outlook when installed for this purpose anyway.

Reasons For:

Obviously, having users still able to open their Outlook clients and view their world is a huge positive. Having this feature turned on has saved my bacon on more than one server reboot parties.

In Exchange / Outlook 2010, there are several features that require Cached Exchange Mode:

•Junk E-mail Filter
•Instant Search
•Conversation View (Show Messages from Other Folders)
•Clean Up
•People Pane / Outlook Social Connector

Aside from Cached Exchange Mode, Instant Search also needs Windows Search in order to work. The Outlook Social Connector, which adds the People Pane in Outlook, relies heavily on Instant Search.

Posted in Exchange | 1 Comment

Shortcut: Commands to format and make bootable USB

I often have the need to format a USB to boot Windows Install, Utilities, and today, the LiteTouch PE method for distributing Windows via the Installation Toolkit 2010.  I also forget the syntax and command sequence, so here is the synopsis:

Boot LiteTouchPE_x64.iso on USB

insert USB stick
mount LiteTouchPE_x64.iso to e: (use Virtual CloneDrive)
open cmd as administrator
diskpart
list disk
select disk 1
clean
create partition primary
select partition 1
active
format fs=fat32 quick
assign letter=f
exit
xcopy e:\*.* /s /e f:
exit

Boot up in USB!

Posted in Windows | Comments Off

New 2010 CyberSpace Operations Manual

We have moved past the civilities in the cyberspace domain. US forces and those of our adversaries now rely heavily on their computer networks for command and control, for intelligence, for planning, for communications,
and for conducting operations. But these architectures are vulnerable. In fact for more than 15 years, the US government and DOD networks have come under increasing pressure to attacks and probes from adversaries,
as diverse as nation-states, to disgruntled individuals or bored teenage hackers. And while we have detected illicit activities on our networks for more than 15 years and employed dual resources to offer a comprehensive
multidisciplinary approach to protecting our networks, we need to do more.
—General Kevin Chilton, USAF

This is a must read document for anyone concerned with network security or those involved with planning, deploying, and maintaining corporate firewalls.  Time to do your regularly scheduled security review?

AFDD 3-12 Cyberspace Operations

Posted in Announcements, Forefront TMG | Tagged | Comments Off