Windows Tech Tips

The data is invalid? Windows 2000.

Real solution (as usual): Switch to Linux! (Trust me. I'm trying.)

Logon Auditing

Crazy enough to let your teenage boy have an account on your Win2k box connected to your lightning-fast cable Internet connection? Can you say, "PR0N!?" Well, at least you can have win2k log each time he logs on and off to get his porn fix. But first, you must enable logon auditing....

Logon as admin. From Control Panel run Administrative Tools. Double-click on Local Security Policy. Or you can do all the previous steps from a command line by typing secpol.msc. I have a batch file in my path called secpol.bat that has this in it:

runas /user:administrator "mmc secpol.msc"

That lets me get to secpol without even being logged in as admin. It's almost as friendly as UNIX (imagine that). Anyway, onwards...

Go to Local Policies -> Audit Policy. Now turn on "Audit account logon events" and "Audit logon events" (I have no idea what the difference is). Double-clicking on each one and checking "Success" will do it.

From here on out, Win2k will log logon events, and you can see them in the Event Viewer's Security Log. Event Viewer can be found in Administrative Tools. (I've not developed a nifty batch file for that yet. Any takers?)

Why's the Stand By Button Disabled?

After a clean install of Windows XP on my Dell Inpiron 5150 laptop, I noticed that the "Stand By" option was disabled in the "Turn Off Computer" dialog (Start | Turn Off Computer). It turns out to be quite easy to enable this, but be careful. This is disabled in the first place because it is known to be unreliable. Be sure to test it thoroughly before using it. To enable it, hit Alt-Ctrl-Del to get the Task Manager, then select Shutdown | Stand By in the task manager menu. This will perform a standby and enable the button on the Turn Off Computer dialog. For me, upon resume, the fan was stuck at one speed. So standby/resume is not reliable on my machine, and I will not be using it. [Now I just need to figure out how to re-disable the button...]

Fixing LUA File Access Problems

Running programs in an LUA can be quite an adventure. Here's how I deal with it.

Writing to the Program Files Directory

The first thing to try is opening up permissions on the program's directory in Program Files. My main approach is as follows... Give only "Everyone/Full Access" permission to the program's directory in Program Files (turn off permission inheritance). To prevent virus infestations, look for executable files (.exe, .com, .dll, .ocx...) and give them "Administrators/Full Access" and "Everyone/Read Only" (again, turn off inheritance). Most of the time, this is all you need to do.

An alternative to the previous is to just find the files that appear to be changing each time the program is run, and open those up. Run the problem program as administrator, then examine the modification dates of the files in that program's install directory. Chances are good that if you search for any files modified within the last day, you'll find one or even several. Open up the permissions on these files giving full access to everyone (add "Everyone" for full access) and retry the problem program in the LUA account. The problem with this approach is that some programs will delete and re-create files, and that requires access to the entire directory.

Writing to other Files or the Registry

There is still a possibility that a program is writing to files outside of its install directory, and it may also be accessing registry entries. In Win2k, Filemon and Regmon are the utilities to use. For WinXP and up, Procmon is the right tool. They are available at the SysInternals website. They will display file and registry accesses as a program is running. For simple programs, this should lead you directly to the offending write attempts.

For complex programs, there's a trick to make things easier. Log in as administrator. Configure your LUA account to be only a member of the "Users" group. Start up Procmon (WinXP+) or Filemon or Regmon (Win2k). Now, use "runas" to run the offending program as your limited user. This way it will crash when it gets to the key point. Examining the Procmon/Filemon/Regmon log should show the problem write in the last few events that it logged for the offending application.

Use regedt32, setacl, or regperm to set the permissions in the registry if you are running Win2k. With WinXP, regedit allows setting permissions. setacl allows changing permissions at the command line for files and registry entries. This makes it easy to write batch files and automate the permission setting process. regperm only works with the registry.

Allow an LUA to Set Power Options

One of the irritating things about Win2k is that regedit doesn't let you set permissions on registry keys. There are two solutions. The first is to use regedt32. It's uglier than regedit, but it does the job. The other solution is to use setacl. Be sure to have setacl available on all your machines. Then do the following to allow INTERACTIVE users to change their power options:

setacl -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg" -ot reg -actn ace -ace "n:INTERACTIVE;p:full"

Or if you prefer regperm:

regperm \\computername /k "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg" /A:INTERACTIVE:F /R

Of course, ideally the administrator should just force appropriate settings for each user. I've no idea how one could do this.

Allow an LUA to use a USB Flash Drive

If you have limited user accounts (LUAs) on your win2k/xp/vista machine, you'll notice that they cannot plug in a USB key and get to it. This is because they do not have "Load and unload device drivers" privilege. In Win2k, go to Control Panel | Administrative Tools | Local Security Policy | Local Policies | User Rights Assignment. In the big list here, you'll find "Load and unload device drivers". You want to give this privilege to either the users that need it, or a particular group. I'm not sure how serious a security risk this is. Many virii install themselves as device drivers, and having this privilege might allow these virii to run. On the other hand, drivers need to be installed first, and this privilege won't allow the necessary modifications to the filesystem for installing a device driver.

In Administrative Tools, it really pays to get familiar with Computer Management and Local Security Policy. There's lots of useful stuff in these areas.

Web Browse from an LUA

To eliminate the possibility of getting a virus while browsing highly questionable websites, be sure to do your questionable browsing from a Limited User Account. This is an account that is only a member of the Users group, not a member of the "Power Users" or "Administrators" groups. An LUA cannot make changes to the system that are needed to install a virus. It would be ideal if we could always work in an LUA, however, some Windows programs will not work properly without administrator privileges. You can still try it, though. It might work out fine for you. If you have trouble with a program, test the program as Administrator to eliminate that as being the cause.

Unknown Hard Error?

If you see a pop-up saying "Unknown Hard Error", and it happens more than once, your hard drive may be dying. Shutdown the machine, buy a new hard drive, pull your current hard drive, install the new, and install the OS. If the OS installs fine, then it was definitely the old hard drive at fault. There are a number of other things that can cause the dreaded "Unknown Hard Error" including bad RAM and corrupt system files. It's smartest to assume the worst in this situation, however. Assuming the OS installed fine, shutdown the machine, install the old hard drive as D:. Pray. Power up the machine and attempt to copy everything off the D: drive to the C: (start with the really important stuff, then robocopy the rest). If you are incredibly lucky, you've just completely avoided total data loss. If you're not lucky, hopefully you have a backup.

Disable AutoPlay in Win2k

Win2k provides no GUI checkbox for turning off AutoPlay. Instead, check this key in the registry:

\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\Autorun

Set it to zero. Haven't tried this yet, but was having some trouble DVD cutting where every two minutes or so the buffer would drop down to nothing. I'm guessing it might be autoplay coming to life. I had Windows Explorer up at the time, so that might have also been it.

Don't forget that you can also hold down the SHIFT key while loading up a CD and autoplay will be disabled.

Outlook 2000 SP3 99% CPU Problem

If you run MS Outlook 2000 (SP3) and have appointments with pending reminders, Outlook will use 99% CPU. The only solution that worked for me was to delete all of my appointments, empty the Deleted Items folder, and restart Outlook.

Apparently, anytime there is an appointment with a pending reminder, Outlook will use 99% CPU. The only way to stop this behavior is to delete all the appointments as described above. It will also go away the moment you see all the pending reminders (you can turn off reminders for all appointments, then once each of the reminders occurs (yes they do occur even though you've turned them off), CPU will drop to 0%).

I've tested this on a clean install, and it is perfectly repeatable. This is a bona fide Outlook 2000 bug. If you must use appointments with reminders, be sure to close Outlook when you aren't using it. Then what's the point of reminders? Well if you have a PDA, they are still useful. You gotta love this Microshit garbage. I guess that's how they keep making money. Release garbage and force people to upgrade (for a fee) if they actually want to use what they paid for. I've now switched to Thunderbird with the Lightning add-on. It's so much better. Goodbye Outlook!

Tried this on Outlook 97. It doesn't have this problem.

Filename Completion in Windows

The downside to long filenames is that they are a real pain to type in at the command line. This is why command shells usually have a filename completion feature. I like to set the Windows command line so that the Tab key will complete filenames for me. For Windows 2000 and up, look in the registry and find the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor

In there add two DWORD keys: EnableExtensions set to "1", and CompletionChar set to "9". You may find that EnableExtensions is already there and set to "1". Just leave it as is. If you find a PathCompletionChar in there, set it to 9 also. You will also find the same path under HKEY_CURRENT_USER. If you don't have admin privileges, you can make the change there.

Thanks to Mike Morearty for this info. Much more info can be found in KB310530 on Microshaft's site.

If you must have filename completion in DOS/Win9x/Me, 4DOS is your best bet. While there are several smaller filename completion utilities for Win9x, they all have minor quirks that will drive you crazy. For NT4, I use JPSoft's older 4NT which worked with NT4. It appears from their website that 4NT is no longer compatible with NT4, so you may be out of luck.

Nero Burning ROMs Slowly (IDE/PATA)

This tip only applies for internal IDE (PATA) drives. Do not follow any of this advice if you have a USB or FireWire drive. The best advice in that case is to get rid of the drive and get a new internal PATA or SATA drive. They are significantly faster.

Here's a checklist if Nero is cutting CDs or DVDs slowly.

  1. Did you install Intel UltraATA or Intel Application Accelerator (IAA)? These conflict with Nero and will slow down cutting. Uninstall.
  2. Look through the BIOS screens to see if there's anything related to DMA on the IDE channels there. Make sure DMA (or PATA2) is enabled.
  3. Make sure DMA is on for the CD cutter and the hard drives in the OS (Control Panel | System).

If after checking those things it's still cutting slowly, and you're getting desperate, these things can sometimes help, but not usually. Still, they might be worth a try.

  1. Upgrade CD/DVD cutter firmware.
  2. Plain old 40-conductor cables are usually ok with CD/DVD cutters, but you might want to try a new cable just in case.

Windows XP Automatic Login

Go to a command prompt and type:

  control userpasswords2

This will give you the old-fashioned Win2k user account dialog where you can turn on/off auto login. I have no idea why this is so obnoxious. There should be a way to get here through the GUI, but AFAIK, there is not. In Win2k, you could get here by going to Control Panel | Users and Passwords. Simple.

delete, file not found?

When attempting to delete a file with a very long filename, you may get a "File Not Found" error. Generally this is because the filename plus the pathname are too big (128 or 256 chars in windows, I'm not sure which). One technique to delete these sorts of files is to rename all the directories in the path to a single character name. You might have

c:\oldc\Documents and Settings\user\Local Settings\
  Temporary Internet Files\Content.IE5\...

Just rename all the directories along the way until you have:

c:\oldc\d\u\l\t\c\...

This will shorten the full path name of the files to the point where they can be deleted. You can name the directories back when you are finished, or if you are just trying to get rid of the entire directory, delete it after renaming it.

robocopy

Have you ever needed to copy the entire contents of a hard drive to another hard drive? Have you tried using xcopy or Windows Explorer, only to have it fail halfway through? While xcopy and Windows Explorer are terrible for this job, M$'s free tool "robocopy" is perfect. You can find robocopy version XP010 in the resource kit tools for Windows XP (rktools). Download rktools from MS, install them on a WinXP box (while robocopy runs on NT4 and 2000, it will only install on XP), then grab the two robocopy files (.exe and .doc) and copy them to all your Windows NT4/2000/XP machines. Always keep robocopy handy. Here is how I usually use it when installing a new hard drive in a system (old hard drive is d:):

robocopy d:\ c:\oldc /e /w:1 /r:1

/e says to copy all subdirectories, even if they are empty. /w:1 says to wait only one second if a file can't be opened. /r:1 says to retry a file that won't open only once. The defaults for robocopy are pretty useless and will end up hanging robocopy the moment a file that won't open is encountered. robocopy also works fine with network paths, so you can copy an entire hard drive across the network too.

With old Win95/98/ME machines, pkzip is what I usually use to copy hard drives. There may be better tools out there, so it might be worth looking around.

Getting Data Off a Windows XP Drive

If you hook up an NTFS drive from another computer as a secondary hard drive on an XP machine, sometimes you'll get "Access is denied." To fix this, you have to turn off "Simple File Sharing" and change ownership of the files on the secondary drive.

To turn off Simple File Sharing, go to Windows Explorer | Tools menu | Folder Options... | View tab. Scroll to the bottom of the Advanced Settings tree and you'll find the checkbox for "Use simple file sharing." Uncheck it. According to MS, this will now allow you to set folder permissions for specific users and groups. And sure enough, this enables the "Security" tab in the Windows Explorer File Properties dialog.

Now you should be able to set permissions on the secondary drive so that you can access the files. Browse to the secondary drive in Windows Explorer, and select the files of interest. Right-click and go to Properties. Here you will now see the new "Security" tab that has been enabled by the previous step. Click on this tab. Now click on the "Advanced" button near the bottom. Click on the Owner tab. Select the appropriate account name. If you've selected a folder, you'll see a "Replace owner on subcontainer and objects" checkbox. Click on it to check it. Now click OK. If it asks about granting "full control", click Yes.

That should do it. Pretty convoluted, but it'll get the job done.

Thanks to the Houston Chronicle HelpLine blog for explaining this one to me.

XP Welcome Screen Trick

From the Windows XP "Welcome" screen, press ALT-CTRL-DEL twice and you can login as Administrator. After you log in a number of times, Administrator will appear on the "Welcome" screen. I'm not sure how to get rid of that.

This from Microshaft's site.

Outlook 2000 Mail Filtering

It's pretty obvious that Microshaft had no clue what they were doing when they implemented the "Rules Wizard" for Outlook 2000. There's no way to set up a simple rule that will move all email out of your inbox that isn't from someone in your address book. Outlook 2002 (Office XP) can do this, Outlook 2000 cannot. The best you can do is set up a rule that moves any mail that isn't from a specific list of email addresses out of your inbox. The drawback is that anytime you add someone to your contacts, you also have to add them to the rule. It's double-maintenance, and a pain, but if you want to keep on using Outlook 2000, you don't have much choice. Here's the procedure (it's not at all obvious)...

First, create a "Junk" or "Spam" folder in your Outlook Today - [Personal Folders]. I call mine "Junk". Now go to the rules wizard (Tools | Rules Wizard...). Now hit "New...". On the next dialog "Check messages when they arrive" will be highlighted. This is exactly what we want, so just hit "Next >". Hit "Next >" again, and you'll get a warning that says "This rule will be applied to every message you receive. Is this correct?". Hit "Yes". Now click on the checkbox next to the first selection "move it to the specified folder". Now click on the word "specified" in the "Rule description" box and select the "Junk" folder (or whatever you may have called it). Click "Ok". Now click "Next >". Now click on the checkbox next to "except if from people or distribution list". Now click on "people or distribution list" in the "Rule description" box. Select all your contacts in the left box by clicking on the first one, scrolling to the bottom, and shift-clicking on the last one. Press the "From->" button (I always forget this step). You should now see all your contacts in the right hand box. Click "Ok". Now click "Next >". Give the rule a name and click "Finish".

It's a bit convoluted, but it works. Just remember that every time you add a contact, you'll need to go in to the rules wizard, modify the rule, and add the new contact to the "people or distribution list" list. You'll still want to sift through your Junk file and delete things, but it will go more quickly because you'll know that everything in there is very likely to be junk.

I've switched to Thunderbird with the Lightning add-on. It offers the ability to filter out messages from addresses that aren't in your address book. How convenient!

Windows Clock Sync

Windows 2000, Windows XP and beyond have built-in NTP clients that can sync your PC clock to one of the many atomic time servers out there. There are three basic steps. First, use "net time /setsntp:xxx" to set up the windows time service to point to a time server. Replace the "xxx" with the IP of a time server, or a list of time server IPs enclosed in double-quotes and separated by spaces:

net time /setsntp:"128.220.223.94 198.82.1.201"

Click here for a list of time servers. Now you need to stop and restart the windows time service by entering "net stop w32time" followed by "net start w32time".

While "net start w32time" will manually start the time service, it will not make it start automatically each time you boot. For that, you must set the Windows Time service to automatic startup. I don't know how to do this from the command line, so in Win2k, I went into Control Panel, then Administrative Tools, then Services. Find "Windows Time", right-click, select properties, then change Startup type to "Automatic".

That should be it. You can always take a look at what time server you are pointing at with "net time /querysntp". I had to figure this out when NIST's Gaithersburg time servers were refusing connections in July 2006, and again, when abovenet's time servers stopped responding in April 2007.

For non-Win2k and above machines, I use synchronize by Joerg Hillebrand. It used to be free. Another option is Dimension 4 by Thinking Man Software. I've not tried it, but it appears to be popular and small.

NET TIME at Microshaft's site.

Windows ME

Turn off System Restore. It will quickly suck up your entire hard drive and you'll wonder where all the space went.

Microshit Office

Turn off fastfind, or don't install it at all. All it does is churn your drive for hours periodically. Does anyone ever actually use fastfind? While you're at it, don't install Office Assistant either. There's nothing worse than being bothered by that annoying paper clip all day!

Even better, get rid of Microshaft Office and install LibreOffice, Thunderbird, and Lightning. You'll be much happier and you'll have a lot more money in the bank.

Software Developers, Windows

Set your machine to "Large Fonts" and don't tell your testers. You'll be the only one in your company that will catch all the "Large Fonts"-related bugs in your software.

Hardware

Afraid your computer will be obsolete once you open the box? There's a real simple solution. Always buy old used computers. This way you already know you're behind the times, and you spent significantly less money getting there.

Kids

Don't buy educational computer games for your kids. They are a huge waste of time and money. Do you honestly think a machine can teach your kid? Teach them yourself. It's more fun that way. Teach them a drawing application (Paint is fine). At one time we had over 20 "educational" games installed on one of our machines. Without fail, the children would find the "paint" program that was embedded in each of them, and play with that to the exclusion of the rest of the program. Then I showed them Paint, and they never used those games again. Teach them a word processing application (Word, whatever). Those will get the most mileage in the long and short run.

Teach Your Kids to Program

When they hit 9 or 10 (give or take a few) start teaching them programming with Logo and QBASIC. Logo is a quick and dirty way to introduce programming with the turtle. Loops and procedures are relatively painless in Logo. I usually stop there, though, since the rest of Logo is very different from languages commonly used by professionals.

After this introduction with Logo, it's time for QBASIC which is a more conventional programming language. QBASIC is as close to C/C++ as you should get with kids. While the syntax and concepts are similar, you don't have to teach all the pitfalls inherent in pointers, arrays, and C's concept of a string. QBASIC compilers and interpreters are available all over the 'net. Search for "qb11.zip" and you should find the 1.1 interpreter (simple and easy to teach with) and the 4.5 and 7.1 compilers for more advanced programming.

You can find more info on my Teaching Kids to Program page.

Laptops

The price gap between laptops and desktops is closing rapidly. Consider a (used) laptop for your next machine. Just be real careful about the display. LCD displays are the most fragile part of a laptop. Make sure it works fine before buying one used. Compaq has the best legacy support for their laptops in terms of drivers and other downloads. The merge with HP might cause trouble in the future, however, so be careful.

Windows

Don't ever upgrade windows. Always buy the OEM version along with a new hard drive, and do a fresh install.

Windows

While Windows ME does have a handful of nifty features, Windows 98SE was more stable. For legacy machines go with Windows 98SE. Only when hard drive space is tight should you consider Windows 95 OSR2, which was also quite good.

Backups

Don't use tape drives for backups. They can't keep up with the rising capacity of hard drives. Use an external USB or FireWire drive and 7-zip to do your backups.

More details are on my Using 7-zip for Backups page.

Defragmenting

If you really must defragment your hard disk, Norton Utilities' Speed Disk is the best defrag utility. It's the same as the one that comes with windows, but it is substantially improved. Like the version included with windows, it is thorough. Unlike the version that comes with windows, Speed Disk is very fast.

Software Developers

If you don't have the "luxury" of using (or the patience to put up with) a version control system, and instead like to save complete snapshots of your source code, you can identify the date of the last change within a directory (including all subdirectories and files) using "Find | Files or Folders..." in Windows Explorer.

From Windows Explorer, go to "Find | Files or Folders...". Put the appropriate location in the "Look in:" field. Leave all other fields blank. Make sure the Date tab has "Any" selected. Check the Advanced tab to be sure it has no size specified, and "All Files and Folders" selected. This search will essentially find everything. When the results list comes up, maximize the window, then sort by Modified. Sift through and you should be able to easily spot the date of the last source file modification.

Windows Administration

By using the "Date" tab within Windows Explorer's "Find | Files or Folders...", you can find changes made to your entire computer within the last day or two. Sort the results by Modified date, and you can detect many types of tampering.

CD Recorders

Ever record a data CD, then put it back in your CD recorder only to have it recognized as an audio CD with one track on it called TRACK01.CDA? It's probably time to clean your CD recorder. I use discwasher's CDL3 CD Laser Lens Cleaner. That clears the problem up. Remember that all those fans in a PC case will suck dusty air through the CD recorder causing a potentially huge build-up of dust. It's probably a good idea to clean a recorder at least monthly.

Floppies

Remember floppies? The DOS format command has always had an "undocumented" switch "/u" which performs an unconditional format of your floppy instead of doing a quick format. When combined with the "/c" switch to check bad clusters you will get a true reformat of a floppy. Don't leave home without it. Unfortunately, this isn't supported in the NT versions of Windows (NT4, 2000, XP, Vista). Yet another reason to keep an old Windows 98SE machine around.

Hyperstudio Sucks

Quick Software Review. I played with Hyperstudio for a while, and it is a very promising program. But, the user interface is awful. How many clicks of the mouse does it take just to get a text box on a card? Way too many. Since this is probably the most common thing used in Hyperstudio, it should be the easiest. Another thing the designers of Hyperstudio have failed to grasp is that children use their product. Hyperstudio needs to be an object-oriented drawing tool. One where kids can make mistakes, then correct them simply by moving things, or deleting them. Hyperstudio falls flat on its face in this regard. Of course, they're probably just plain lazy like all software developers. Not recommended. Teach your kids LibreOffice.

<- Back to my Technology page

Copyright ©2001, Ted Felix