How to Reset File History to Default in Windows 10

File History was first introduced in Windows 8, and has been improved in Windows 10.

You can use File History to automatically back up versions of your files on a schedule to a location you select to save to. You can select to save backups to an internal hard drive, externally connected drive (ex: USB drive), or you can save to a drive on a network. You can add, remove, and exclude folders to be backed up by File History.

Over time, you’ll have a complete history of your files. If the originals are lost, damaged, or deleted, you can restore them. You can also browse and restore different versions of your files.

This tutorial will show you how to completely reset File History back to default for your account in Windows 10.

Read more…

MVP Award – Thank You!

Thanks Microsoft and Visual C++ Team for my 10th MVP Award!

MVP Logo

MVP Logo

How to Change Color of Sticky Notes in Windows 10

Sticky Notes allow you to create and save notes to the desktop of your Windows 10 PC and customize them in little ways through size and color.

This tutorial will show you how to change the color of sticky notes on the desktop of your account in Windows 10.

Read more…

First nail in PowerShell’s coffin?

The MSDN pages describing the installation and use of containers

https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start_images

 

seems to have removed all of the PowerShell code and just supply examples in Docker.

 

After 10 years is this the first sign that PowerShell is going away?

An end to forced Windows 10 Upgrades? We’ll see

Looks like MS has finally acknowledged what most of us have been saying for months: they went to far. It’s one thing to nag someone. It’s another to force it down their throats. Unfortunately, they realized this at the end of the offer (it ends July 29) and the damage has been done.

Microsoft ends its deceptive Windows 10 upgrades

 

10 things that define a true professional

Nice summary and very true. Thanks to Greg Carmack on Yammer for finding this.

10 things that define a true professional

More Ransomware Attacks on Smart Phones

Ransomware has finally come to the smart phones.

Mobile ransomware use jumps, blocking access to phones

NetGear and Symantec vulnerabilities

NetGear Web GUI Password Recovery and Exposure Security Vulnerability:
http://kb.netgear.com/app/answers/detail/a_id/30632

“NETGEAR is aware of the security issue that can expose web GUI login passwords while the password recovery feature is disabled. This vulnerability occurs when an attacker can access the internal network or when remote management is enabled on the router.”

Norton vulnerability: unclicked links and unopened e-mail messages
http://fortune.com/2016/06/29/symantec-norton-vulnerability/

“Google’s “project zero” team, a group of security analysts tasked with hunting for computer bugs, discovered a heap of critical vulnerabilities in Symantec SYMC 0.93% and Norton security products. The flaws allow hackers to completely compromise people’s machines simply by sending them malicious self-replicating code through unopened emails or un-clicked links.

The vulnerabilities affect millions of people who run the company’s endpoint security and antivirus software, rather ironically to protect their devices. Indeed, the flaws rendered all 17 enterprise products (Symantec brand) and eight consumer and small business products (Norton brand) open to attack.”

PowerShell Direct

PowerShell Direct is a PowerShell 5.1 feature available in Windows 2016 TP5 and above and the later builds of Windows 10.

It adds 3 parameters:

-VMId

-VMGuid

-VMName

 

To these cmdlets

Enter-PSsession 

Invoke-Command 

New-PSsession

 

but NOT New-Cimsession

 

The VMId & ID parameters access a GUID. VMname is probably easiest to use

VMName                : W16TP5SC01
VMId                  : 2fad20ad-5a34-4a55-a7ec-2ec208ec4f0c

 

The –VMGuid parameter presumably uses the Id property on the VM which matches the GUID in VMId

 

The great thing about it is that enables you to work remotely with virtual machines – across the VM bus. It therefore bypasses a lot of the problems for remoting to non-domain joined machines. As long as they’re VMs on Hyper-V you’re golden.

 

I’ve just started experimenting with it but if you’re not using DSC it saves a lot of effort with trusted hosts or certificates when setting up machines.

Once you have a remote session established you can also copy files across it.

 

You need to run this from the Hyper-V host and you also need the credentials for the remote machine

 

See – https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/user_guide/vmsession

Removal instructions for Mass Sea

What is Mass Sea?

The Malwarebytes research team has determined that Mass Sea is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

https://forums.malwarebytes.org/topic/185236-removal-instructions-for-mass-sea/

How to Enable or Disable Insights on Sticky Notes in Windows 10

Sticky Notes allow you to create and save notes to the desktop of your Windows 10 PC and customize them in little ways through size and color.

Starting with Windows 10 Insider Preview Build 14328, the Windows Ink Workspace feature was added that brings together all the ink-powered features and apps on your PC in one curated and easy-to-access UX canvas. Windows Ink puts the power of Windows in the tip of your pen, enabling you to write on your device as you do on paper, creating sticky notes, drawing on a whiteboard, and easily sharing your analog thoughts in the digital world.

Starting with Windows 10 Insider Preview Build 14352, Sticky Notes got smarter with the addition of the insights feature. Insights give you the ability to create Cortana reminders from your notes that will flow with you across your Cortana enabled devices. You can also ink or type a phone number and it readies itself for calling; write an email address and launch directly to email, write a URL and launch into Microsoft Edge right from the Note. A few jotted-down bulleted items become an easy-to-manage checklist.

Starting with the Windows 10 Anniversary Update, smart Sticky Notes help you remember common tasks like reminding you of flight times or offering directions using Maps. Sticky Notes will help users realize the power of their pen and turn their handwriting into a smart digital tool without them having to think twice.

This tutorial will show you how to enable or disable insights on Sticky Notes for your account in Windows 10.

Read more…

Wireless on Windows 2016 TP5

Windows Server 2016 TP5 which appeared at the end of April has a major flaw. It doesn’t work with wireless cards!

 

I use a relatively high-spec laptop as my lab machine. Not being able to get the wireless card working means no Internet access and makes activation a lot more difficult.

 

The June Cumulative Update KB3163016 appears to fix the issue. https://support.microsoft.com/en-gb/kb/3163016

 

Install Windows 2016 TP5. Then immediately install KB3163016. Install the Wireless LAN Service (needs a reboot) through Add Roles and features or

Add-WindowsFeature –Name Wireless-Networking

 

The Wireless LAN Service defaults to disabled so you’ll need to change the start type to automatic and start the service.

 

Then you can install whatever Windows features you need.

 

One thing I’ve noticed is that the wireless card doesn’t seem to keep its connection to the wireless network between reboots. Its an annoyance in a TP would be beyond aggravating in final version

You may want to skip this Android keyboard app

It seems that this app (Flash Keyboard) isn’t malicious in and of itself, but does things that make it possible for it (or others) to take over an Android phone.

Dangerous keyboard app has more than 50 million downloads

Critical Symantec flash need updates ASAP

The press will most likely push this a a disaster waiting to happen. While these flaws are very serious, if you automatically update or have a strong policy of monitoring updates, you have a minimal exposure. It’s those who put things like this off or don’t update at all who will may get hit hard.

Wormable flaws in Symantec products expose millions of computers to hacking

“Anniversary” Update for W10 is August 2nd.

Interesting that the “Anniversary Update” is 4 days after the “free” W10 upgrade program ends.

Microsoft’s big Windows 10 update launches on August 2

Removal instructions for OtherSearch

What is OtherSearch?

The Malwarebytes research team has determined that OtherSearch is a LSP hijacker. These so-called “LSP hijackers” manipulate your internet traffic, for example to change your content. This one also displays advertisements.

https://forums.malwarebytes.org/topic/185179-removal-instructions-for-othersearch/

Cleaning up entries on Remote Desktop Connection

I use RDP between my main laptop and the machine on which my lab resides. When I rebuild the lab the entries in the Remote Desktop Connection for the old machine still remain.

 

There isn’t a direct way to remove those entries. But you can remove them from the registry.

 

First view the entries

Get-ChildItem -Path ‘HKCU:SOFTWAREMicrosoftTerminal Server Client’

    Hive: HKEY_CURRENT_USERSOFTWAREMicrosoftTerminal Server Client

Name                           Property
—-                           ——–
Default                        MRU0 : RSLaptop01
                               MRU1 : serverrs01
                               MRU2 : server02

 

The partial list above shows you that the property names are MRU* 

 

You can view individual entries

Get-ItemProperty -Path ‘HKCU:SOFTWAREMicrosoftTerminal Server ClientDefault’ -Name MRU2

MRU2         : server02
PSPath       : Microsoft.PowerShell.CoreRegistry::HKEY_CURRENT_USERSOFTWAREMicrosoftTerminal
               Server ClientDefault
PSParentPath : Microsoft.PowerShell.CoreRegistry::HKEY_CURRENT_USERSOFTWAREMicrosoftTerminal
               Server Client
PSChildName  : Default
PSDrive      : HKCU
PSProvider   : Microsoft.PowerShell.CoreRegistry

 

You can now delete as required – for instance

 

Remove-ItemProperty -Path ‘HKCU:SOFTWAREMicrosoftTerminal Server ClientDefault’ -Name MRU2

Removal instructions for Youndoo

What is Youndoo?

The Malwarebytes research team has determined that Youndoo is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.
This one belongs to the GsearchFinder family that adds an extra Firefox profile.

https://forums.malwarebytes.org/topic/185148-removal-instructions-for-youndoo/

Spybot Search & Destroy Weekly Update – June 29, 2016

2016-06-29
Adware
++ Ad.BatBrowse + Ad.BrowseMark ++ Ad.RockTurner ++ Ad.SolteraTop + Win32.Kraddare
Malware
+ Win32.StartPage
PUPS
+ Live-Player
Trojans
+ Win32.VB.ik
Total: 2619713 fingerprints in 830851 rules for 7670 products.

»www.safer-networking.org ··· updates/

Boolean in Where-Object filter

I was testing some code yesterday and realised there was a quirk in the way the original where syntax (with {}) worked and the way the newer syntax worked.

 

To demonstrate this I created a set of objects

$i = 0

$tests = while ($i -lt 25){
  New-Object -TypeName PSObject -Property @{
    Index = $i
    Current = if (-not($i % 2)){$true} else {$false}
  }
  $i++
}

 

Object properties are a numeric index and a boolean value

 

If you want just the $true values many people write this

$tests | where {$_.Current -eq $true}

 

or if using the newer syntax use this

$tests | where Current -eq $true

 

This is unnecessary typing as you can do this

$tests | where {$_.Current}

$tests | where Current

 

The reason is that the filter you are creating tests a property of the current object against your criteria and passes is if the result is true. A boolean property will by definition either be true of false so just need to test directly

 

if you want to double negative type test i.e. – not $true (which I don’t recommend as its very easy to get into  logic mess) then you have to do this

$tests | where {-not $_.Current}

 

as this fails
$tests | where –not Current

 

You could do this

$tests | where Current -ne $true

 

but it negates the whole code simplification objective

Recent Comments

Archives