How to block third party / junk installations

 

There are a lot of “Free” software solutions to solve your problems out there.   Ranging from Anti-Virus to Uninstallers and even productivity tools like office suites.  These can be very useful but sometimes come with a catch. They install additional software which you do not want or need.  This is not uncommon for free stuff to have a gotcha in the form of advertising for other people.  But it can be annoying and sometime even dangerous in the case of malware.

Microsoft has a solution that can help curb this practice and it is built into Windows 10.  While not perfect, it will stop most third party junk-ware from installing.

You will need to manually activate it with Power Shell (built into Windows also).  To do this you will need to open Power Shell as an administrator.  Once it is open you will need to type in the following:

Set-MpPreference -PUAProtection 1

After that you can exit Power Shell and that’s it!

This is not a 100% solution so, as always, be careful when installing freeware or any software for that matter. 

Repairing Windows System Files

There are some base systems files that Windows must have to operate and to do so efficiently.   For some time now there has been a utility to check these files and report on their well-being.  This System File Check utility will check for damaged or corrupted files and repair what it can.   You only need to run it from an elevated command prompt with the command “SFC /scannow”.  The will initiate a complete of all the essential protected system files that would compromise your computer.

SFC /scannow

It, however, cannot always fix the problems on your system.  Sometimes this due to Windows updates and sometimes it is due to other issues.  When System File Checker cannot fix the system files there is a utility for Windows 8 and up called DISM.   The utility will check the files not only with internal checksums but with checksums over the internet from Microsoft.   There is a scan only option and a restore option.  You can use the restore blindly without scanning but if you want to see if there is anything first you should use the /scanhealth option.  You can run them back to back or use a single command line that will do if for you.

Back to Back would be:

DISM /Online /Cleanup-image /Scanhealth

DISM /Online /Cleanup-image /Restorehealth

Or both together:

DISM /Online /Cleanup-image /Scanhealth && DISM /Online /Cleanup-image /Restorehealth

(there is a space both before and after the &&)

 DISM takes care of matching and fixing files based on what’s current on the Microsoft cloud but SFC is still the go to file checker.  I would recommend running SFC then DISM then SFC once more to check that there are no more errors.  Running SFC first will probably fix most of (if any) errors on your system but if it gives and error you then use DISM as a backup.  Once finished with DISM you run SFC again to see if there are any unresolved errors left.

Both SFC and DISM can take some time to run depending on errors found and corrected.  So, I would recommend doing them when you have down time that you wouldn’t need your computer.

 

Extremely long file names and directory paths.

File Name too long?  Or perhaps along with the directory path it’s too long?

 When copying files for backup from long directory paths you have probably come across an error, every so often, that says something like “directory path too long would you like to skip this file?”.  The reason for this is that you are usually only allowed a maximum of 244 characters in the file name so copying a path which has over 244 characters in the name fails.  This does not happen often but sometimes with networks and programs that tend to nest subdirectories names can become too long for this rule.   With the introduction of Windows 10 (starting at revision 1607) Microsoft removed this limitation. However, this is not enabled by default to maintain compatibility.  You must opt-in for this feature to work.   There are two ways to do this, from the Registry or from the Group Policy editor (Not included in Windows Home).

For those of you that have Windows 10 Pro or above you can open the Group Policy Editor and navigate to Computer Configuration > Administrative Templates > System > Filesystem > Enable NTFS long paths and set it to Enabled.

For any version of Windows 10 (including Home) you can make a Registry change.  Always remember that registry changes can damage your computer to the point of completely ruining it.  Do not make these changes unless you are comfortable with it.

You will need to navigate to:  HKLM\SYSTEM\CurrentControlSet\Control\FileSystem and look for the DWORD: LongPathsEnabled if it is not there, create it as a REG_DWORD 32 Bit. The default value is 0 which is compatibility.  If you change its value to 1 then you will have enabled unlimited File/Path lengths.

I am adding a link to a zip file which has two Registry file modifiers which will do this automatically for you.  Just unzip the files and run the ExtendedFileNames_on to switch it to on and ExtendedFileNames_off to turn it back off.

Extended path / file length registry entry

 

Error “Trust Relationship between Workstation and Primary Domain failed”

The Error “Trust Relationship between Workstation and Primary Domain failed” does not come up often but it is scary when it does.   The quick explanation for this error is that the Active Directory stores a password for the computers connecting to it and the machine that has this error somehow did not sync correctly while using that password.  Microsoft knows about this problem and made these tools specifically to fix it.

Most sites tell you to un-register the computer with the domain, then re-register it.  This, in most cases, will create a new user profile. You will then need to rebuild and copy files and configurations from the old user directories to the new. Fortunately, there is a simpler and easier way of doing this.

Both the above method and the one I am about to describe require you to login to the local machines’ admin account.   Here is a good time to point out that you should retain the username and password for all of your workstations administrator type account just for this purpose.

Up to Windows 2012

Up to Windows Server 2012, you can use the Netdom command from either an elevated PowerShell or command prompt.  In windows 10 and Server 2016 they dropped this command and instead use the Reset-ComputerMachinePassword in PowerShell to accomplish this.  Windows Server 2012 can use either method.

To use the Netdom command you will need to first login as a local administrative user.   If you forgot the password there are methods of recovering it but I won’t discuss them in this article.   After logging in you will need to open the command prompt with Administrator privileges.  Then run the command as follows:

netdom resetpwd /server:DC_NAME /userd:USERNAME /password:PASSWORD

You will want to change the following to match your system:

  1. DC NAME to the name of your Domain Controller.
  2. USERNAME to a domain user that has rights to join new computers to the Domain.
  3. PASSWORD to either the above USERNAME’s password or use an * to have the computer prompt you for it.

After this completes you can just reboot your computer and login again under your Domain.  Everything should work as normal.

Windows 2012 to current

For Windows 2012 and beyond the same method is accomplished in PowerShell using the Reset- ComputerMachinePassword commandlet

Again, you will need to login with a local Administrator privileged account.  Then Open PowerShell with Administrator Privileges.  Once PowerShell is open you will use the following commandlet :

Reset-ComputerMachinePassword -Server “DC01” -Credential Domain01\Admin01

You will want to change the following to match your system:

DC01 to the name of your Domain Controller.

Domain01\Admin01 to your domain before the \ and a user that has rights to join new computers to the Domain after the \.

This will then prompt you for the Password for the user you specified.

Afterwards exit PowerShell and reboot your computer and login in again under your Domain.  Everything should work as normal.

 

Disable video auto-play in Firefox

If you do not want all those videos auto-playing in Mozilla Firefox then you can just turn them off.

From a tab in Firefox enter the following:

about:config

Search for the option “media.autoplay”  the value should be true click on it to change it to false.  You can now close the tab and you are done.

 

MSI installation fail

When you get:

“The feature you are trying to use is on a network resource that is unavailable”

During and installation of a MSI file you may just be dealing with a registry error.  MSI installations sometimes get messed up and won’t install.   One of the causes of this is prior installation attempts or removals that didn’t quite finish the job. 

Then this is likely the situation.   Along with the error above it will tell you it cannot find the file and ask you to search for it.  You probably won’t be able to find this file but there is a solution.   It involves using the registry so if you are uncomfortable with this I would advise having someone knowledgeable do this.  My usual advice would be not to attempt this yourself.

First open the registry editor and make sure you are at the root.  Once there, search for the file your program is requesting (program.msi).  It will be associated with a key that will look something like (example only not actual key) {ACDA0F20-94F0-449E-B81F-F8179E3DE605} You will need to delete the entire key that is associated with that MSI file.   There should only be one key in the registry so to make sure you may want to continue the search before deleting this key then start from the beginning to find it again before deleting it.

 

Disable automatic reboots for Windows Update version 7, 8 and 10

There are two ways of doing this without disabling automatic updates.  The first way will work on Home, Pro, and Enterprise editions.  The second method involves the Group Policy Editor and will only work in Pro and Enterprise editions.

The first solution involves making a registry modification.  I do not suggest this method since it involves modifying the registry and anything involving modifying the registry is not the best practice, since you can wreck your computer this way.

 

Open the registry editor.
Navigate to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
(If the key doesn’t exist you will need to create it)
Create a new DWORD value called AUOptions and enter a value of either 2 or 3.
(2 = Notify before download)
(3 = Automatically download and notify of installation)

Restart your PC

 

The cleaner solution is to use the group policy editor as follows:

 

Open the Group Policy Editor (gpedit.msc)
Navigate to
Computer Configuration \ Administrative Templates \ Windows Components \ Windows Update
Open
Configure Automatic Updates
Enable the policy and make any changes here you want.

Optionally you may want to also enable
Re-prompt for restart with scheduled installations
and set the interval to the largest possible value (1440 which is 24 hours) just so you don’t keep getting the pop up every 10 minutes after it actually does an update.

Restart your PC

Note: Restarting or shutting down from the start menu doesn’t seem to trigger the install process after this.

 

Dead Laptop Battery

If you have a laptop battery that won’t hold a charge usually it is a good idea to just replace it. But if you want to try a homebrew method to restore it there is some hope.

Put your dead battery in a zip lock back and freeze it for 12 hours. Afterwards, dry it off with a towel and put it in your laptop and charge it fully. Leave your laptop on until it is sufficiently drained and repeat this two more times.

This should help your battery memory so that it will hold a decent charge for awhile.

WoL (Wake on Lan)

WoL is useful for remote computers that perform specific tasks that do not require users. It can also be used for remote maintenance: if you shut down your computer and the technician needs access to it with WoL they can start it up, do their maintenance, then shut it down.

There is the problem of getting it to work, however. With the introduction of Windows 8, Microsoft added a “Fast User Switching” feature. With this introduction came a system to completely shut down your computer without any monitoring. Imagine you turn off your TV then the remote will not turn it back on because it turned off even the circuit that monitors that. With “Fast User Switching” Windows does exactly that. You will need to go the power settings under “what the computer does when you press the power button” to turn off this feature.

Another problem with some computers that is not Windows related, but essentially does the same thing, is in the BIOS you can tell the computer to go into a very deep sleep. This effectively does the same thing but at the machine level. You will need to go into the BIOS and turn this off or to a less deep sleep. While you are there you will also need to turn on the network adaptors WoL feature.

You can find several good programs on the internet that will wake up a computer and some with timers that will turn them on and off on a schedule.