April 2026
M	T	W	T	F	S	S
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Archive for the ‘Windows’ Category

Enable Block at First Sight to detect malware in seconds | Microsoft Docs

Posted by jpluimers on 2021/03/12

On my reading list, because I saw it suddenly enabled on a domain based Windows network:

[WayBack] Enable Block at First Sight to detect malware in seconds | Microsoft Docs

Enable the Block at First sight feature to detect and block malware within seconds, and validate that it is configured correctly.

It seems to have been introduced early 2018: Windows Defender – Wikipedia: Advanced Features

Windows 10’s Anniversary Update introduced Limited Periodic Scanning, which optionally allows Windows Defender to scan a system periodically if another antivirus app is installed.^[5] It also introduced Block at First Sight, which uses machine learning to predict whether a file is malicious.^[21]

There is a BAFS – Windows Defender Testground for which you need a Microsoft account.

–jeroen

Posted in Power User, Security, Windows, Windows 10 | Leave a Comment »

Reminder of Windows 10 update “What’s New” location

Posted by jpluimers on 2021/03/02

If you forgot what Microsoft has added, look for a file named like this:

C:\Program Files\WindowsApps\Microsoft.Getstarted_7.3.20251.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe

Disregard any warnings you find through the above link: it is a legit file installed during Windows 10 update.

–jeroen

Posted in Power User, Windows, Windows 10 | Leave a Comment »

Research list: getting rid of the Windows 10 Delivery Content data and service

Posted by jpluimers on 2021/02/15

Not sure yet if this is still possible, but on my research list as it pollutes low-resource Windows 10 VMs and computers the Delivery Content:

[WayBack] Delivery Optimization Service can’t be disabled after the last Windows 10 Update – Super User
[WayBack] Reddit: Can I block an IP range for Windows 10 download? : sysadmin
[WayBack] How To Turn Off Windows 10 Update Delivery Optimization Feature | Redmond Pie
[WayBack] Delivery Optimization service downloading something and using all my bandwidth
[WayBack] Microsoft Clarifies Windows 10 ‘Delivery Optimization’ — Redmond Channel Partner
[WayBack] Delete Delivery Optimization Files and reclaim lost disk space
[WayBack] Disable and turn off Windows Update Delivery Optimization
[WayBack] Windows Update Delivery Optimization or WUDO
[WayBack] windows 10 – Delivery Optimization service is hogging all my bandwidth, how to stop it? – Super User
Windows Update Delivery Optimization: FAQ
How to control Windows Update Delivery Optimization

To stop downloading updates and apps from or sending updates and apps to other Windows 10 devices on the Internet:
1. Select the Start button, then select Settings > Update & Security > Windows Update > Advanced options.
2. Select Delivery Optimization (or Choose how updates are delivered in earlier versions of Windows 10).
3. Select PCs on my local network.
To stop downloading from or uploading to other PCs on the local network:
1. Select the Start button, then select Settings > Update & Security > Windows Update > Advanced options.
2. Select Delivery Optimization.
3. Make sure Allow downloads from other PCs is turned Off. You’ll get updates and apps directly from Windows Update and from Microsoft Store with Delivery Optimization; however, you won’t download from or upload to other PCs.
If you use a metered or capped Internet connection, Delivery Optimization won’t automatically download or send parts of updates or apps to other PCs on the Internet.

To identify a Wi‑Fi or Ethernet connection as metered or capped:
1. Select the Start button, then select Settings > Network & Internet > Wi‑Fi.
2. Select the network you’re using, and then turn on Set as metered connection.

–jeroen

Read the rest of this entry »

Posted in Power User, Windows, Windows 10 | Leave a Comment »

Deleting the WebCache database – The IE browser cache | Apttech’s Blog

Posted by jpluimers on 2021/02/15

[WayBack] Deleting the WebCache database – The IE browser cache | Apttech’s Blog quotes from WayBack: C drive space is using up on terminal server after upgrading to IE10 or IE11 – AsiaTech: Microsoft Azure & Development:

With the new cache implementation, the cache files are saved in %LocalAppData%\Microsoft\Windows\WebCache\ folder. And, the cache files will be created when a new user logs on.

Actually, the database is a file named WebCacheV01.dat in the cache folder, and its initial size could be around 20-32MB. The size of this file will keep increasing along with you browse more and more websites.

…

save the below contents into ClearIECache.cmd file and try to fun this file.
echo OFF
net stop COMSysApp
taskkill /F /IM dllhost.exe
taskkill /F /IM taskhost.exe
taskkill /F /IM taskhostex.exe
del /Q %LocalAppData%\Microsoft\Windows\WebCache\*.*
net start COMSysApp
echo ON
Furthermore, you’d better deploy the batch file to a logoff script of your local GPO, here are the steps.

–jeroen

Posted in Internet Explorer, Power User, Web Browsers, Windows, Windows 10 | Leave a Comment »

Everything force rescan all volumes – via voidtools forum

Posted by jpluimers on 2021/02/08

Sometimes the Everything search tool gets out of sync with the actual contents on disk, so this tip from [WayBack] Everything 1.3.1.636b does not “refresh” – voidtools forum will rescan all volumes and update the database:

To rebuild the Everything database:

In Everything, from the Tools menu, click Options.

Click the Indexes tab.

Click Force Rebuild.

If that fails, you can always remove/add the volumes:

–jeroen

Posted in Everything by VoidTools, Power User, Windows | Leave a Comment »

Chris Foster: Windows Development in a KVM Virtual Machine

Posted by jpluimers on 2021/02/04

For my link archive: [WayBack] Chris Foster: Windows Development in a KVM Virtual Machine covering among others much (mostly based [WayBack] libvirt: The virtualization API) stuff:

virt-manager (Virtual Machine Manager – Wikipedia)
[WayBack] QEMU guest agent
VirtIO drivers like these (there are more, see [WayBack] Virtio – OSDev Wiki and [WayBack] Windows Guest Virtual Machines on Red Hat Enterprise Linux 7)
- [WayBack] Balloon driver
- [WayBack] NetKVM
- vioserial
- viostor

A choco install list

Posted by jpluimers on 2021/02/03

Sometimes I forget the choco install mnemonics for various tools, so here is a small list below.

Of course you have to start with an administrative command prompt, and have a basic Chocolatey Installation in place.

If you want to clean cruft:

choco install --yes choco-cleaner

Basic install:

choco install --yes 7zip
choco install --yes everything
choco install --yes notepadplusplus
choco install --yes beyondcompare
choco install --yes git.install --params "/GitAndUnixToolsOnPath /NoGitLfs /SChannel /NoAutoCrlf /WindowsTerminal"
choco install --yes hg
choco install --yes sourcetree
choco install --yes sysinternals

For VMs (pic one):

choco install --yes vmware-tools
choco install --yes virtio-drivers

For browsing (not sure yet about Chrome as that one has a non-admin installer as well):

choco install --yes firefox

For file transfer (though be aware that some versions of Filezilla contained adware):

choco install --yes filezilla
choco install --yes winscp

For coding:

choco install --yes vscode
choco install --yes atom

For SQL server:

choco install --yes sql-server-management-studio

For web development / power user:

choco install --yes fiddler

For SOAP and REST:

choco install --yes soapui

If you don’t like manually downloading SequoiaView at gist.github.com/jpluimers/b0df9c2dba49010454ca6df406bc5f3d (e8efd031d667de8a1808d6ea73548d77949e7864.zip):

choco install --yes windirstat

For drawing, image manipulation (paint.net last, as it needs a UI action):

choco install --yes gimp
choco install --yes imagemagick
choco install --yes paint.net

For ISO image mounting in pre Windows 10:

choco install --yes wincdemu

For hard disk management:

choco install --yes hdtune
choco install --yes seatools
choco install --yes speedfan

For Fujitsu ScanSnap scanners (not sure yet this includes PDF support):

choco install --yes scansnapmanager

–jeroen

Posted in 7zip, atom editor, Beyond Compare, Chocolatey, Compression, Database Development, Development, DVCS - Distributed Version Control, Everything by VoidTools, Fiddler, Firefox, Fujitsu ScanSnap, git, Hardware, Mercurial/Hg, Power User, Scanners, SOAP/WebServices, Software Development, Source Code Management, SQL Server, SSMS SQL Server Management Studio, SysInternals, Text Editors, Versioning, Virtualization, VMware, VMware ESXi, vscode Visual Studio Code, Web Browsers, Web Development, Windows | Leave a Comment »

Windows events for Remote Desktop connections

Posted by jpluimers on 2021/01/25

Some notes and links, as eventually I want to react on Windows events raised for successful Remote Desktop connections.

Log-files:

Name Microsoft-Windows-TerminalServices-LocalSessionManager/Admin
Path %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
Name Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
Path %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx

EventID 25:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TerminalServices-LocalSessionManager" Guid="{5D896912-022D-40AA-A3A8-4FA5515C76D7}" /> 
<EventID>25</EventID> 
<Version>0</Version> 
<Level>4</Level> 
<Task>0</Task> 
<Opcode>0</Opcode> 
<Keywords>0x1000000000000000</Keywords> 
<TimeCreated SystemTime="2019-02-06T13:48:02.978377900Z" /> 
<EventRecordID>5358</EventRecordID> 
<Correlation ActivityID="{F4203346-1BFB-421E-8668-C7503D590000}" /> 
<Execution ProcessID="308" ThreadID="12552" /> 
<Channel>Microsoft-Windows-TerminalServices-LocalSessionManager/Operational</Channel> 
<Computer>MACHINE-NAME.subdomain.domain</Computer> 
<Security UserID="S-1-5-18" /> 
</System>
<UserData>
<EventXML xmlns="Event_NS">
<User>DOMAIN\jeroen</User> 
<SessionID>2</SessionID> 
<Address>192.168.1.42</Address> 
</EventXML>
</UserData>
</Event>

Links on the events:

[WayBack] Is there a log file for RDP connections?
[WayBack] Windows RDP-Related Event Logs: Identification, Tracking, and Investigation | Ponder The Bits

A cohesive and comprehensive walk-through of the most common and empirically useful RDP-related Windows Event Log Sources and ID’s, grouped by stage of occurrence (Connection, Authentication, Logon, Disconnect/Reconnect, Logoff).

…

Event ID: 25
Provider Name: Microsoft-Windows-TerminalServices-LocalSessionManager
Description: “Remote Desktop Services: Session reconnection succeeded:”
Notes: The user has reconnected to an RDP session, when the “Source Network Address” contains a remote IP address. A “Source Network Address” of “LOCAL” simply indicates a local session reconnection and does NOTindicate a remote RDP session reconnection. Note the “Source Network Address” for the source of the RDP connection. This is typically paired with an Event ID 40. Take note of the SessionID as a means of tracking/associating additional Event Log activity with this user’s RDP session.

TL;DR: The user has reconnected to an existing RDP session, so long as the “Source Network Address” is NOT “LOCAL”.
[WayBack] Jeroen Pluimers on Twitter: “How can I run a script (batch or powershell) when a remote desktop connection starts? (either re-connects to an existing Windows logon session, or starts a new Windows logon session)? I know how to cover the last, but not the first.”
[WayBack] CHUA Chee Wee on Twitter: “Watch Windows event log for RDP events. You’ll figure which one out, then execute a designated script.”
[WayBack] Jeroen Pluimers on Twitter: “Thanks, found it: Log Name Microsoft-Windows-TerminalServices-LocalSessionManager/Operational Log Path %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx EventID 25 Now I need to find how to initiate a script on this.”
[WayBack] CHUA Chee Wee on Twitter: “Manually, it’s within eventvwr, click on the event and right click, select attach task to this event. Programmatically, you’ll need to figure out the equivalent.”
[WayBack] Jeroen Pluimers on Twitter: “Thanks. In the mean time I was collecting some links for a blog post about this which includes blogs.technet.microsoft.com/wincat/… That’s a more elaborate version of what you describe, so both of these will get me going.”

Links on triggers and scripts running because of events:

[WayBack] Automation example using Windows Event as trigger : sysadmin
[WayBack] Trigger a PowerShell Script from a Windows Event – Server and Cloud Partner and Customer Solutions Team Blog
[WayBack] PowerShell: BgInfo Automation script | Wim’s System Center blog
[WayBack] Complex Event Processing (Middleware)—a Technical Reference Guide for Designing Mission-Critical Middleware Solutions
[WayBack] Configure Event Log Forwarding in Windows Server 2012 R2
[WayBack] Run a scheduled task after a Windows service is started – Super User
[WayBack] Advanced XML filtering in the Windows Event Viewer | Ask the Directory Services Team
[WayBack] How to Disable Automatic Updates on Windows 10 | NUCUTA: Disable Windows 10 Update with Windows Task Scheduler

There is no convenient way to disable automatic updates on Windows 10, This guide presents 8 working methods to disable automatic updates with ease.
[WayBack] Trigger a PowerShell Script from a Windows Event – Server and Cloud Partner and Customer Solutions Team Blog

–jeroen

Read the rest of this entry »

Posted in Power User, Windows, Windows 10 | Leave a Comment »

How to remove (disable or hide) User Accounts on the Windows 10 Login Screen – Make Tech Easier

Posted by jpluimers on 2021/01/11

Works on my systems too (I think it works from Windows XP on) to hide users from the home screen: [WayBack] How to Hide User Accounts on the Windows 10 Login Screen – Make Tech Easier.

Show only the last logged on user, but add a switch-user dialog

Run the below .reg file on your machine, or manually add this key (does not need any value): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\DomainStyleLogon

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\DomainStyleLogon]

Note the empty line at the end of the .reg file: that is by intention.

This will show the last logged-on user on the home screen, but still allows users to perform a switch to other users.

Disable the users on the logon screen from interactive logon

Warning: do NOT disable your administrator user this way!

For why not, see the various users that lost access: [WayBack] Hide User Accounts on Windows 7 Logon – Windows 7 IT Pro > Windows 7 User Interface

use net user on the command prompt to list the usernames and note the username you want to hide from the login screen
run regedit to edit the registry
ensure this registry key exists HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Under that key, create a new key SpecialAccounts
Under the SpecialAccounts key, create a new key UserList
Under the UserList key, create a new DWORD (32-bit) value with the Value name equal to the username and the Value data to zero (0, which is the default)
Reboot
Observe that user is not on the login window any more.

Example:

If you lost access because of `SpecialAccounts`

If you would like to unhide the hidden Administrator account on Windows 7:

Boot a Windows 7 Installation DVD or ISO

go to command prompt and type regedit -it

click on HKLM hive and

next navigate File>>Load hive

navigate to C:\Windows\System32\config folder and choose `SOFTWARE` file load it and assign this hive any name for example REM_SOFTWARE

open key HKEY_LOCAL_MACHINE\REM_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList

remove the Administrator account

or better way remove the whole key HKEY_LOCAL_MACHINE\REM_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

–jeroen

Posted in Power User, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1 | Leave a Comment »

Automating the closing of the Creative Cloud signing and ABBY FindReader for ScanSnap 5.0 dialogs

Posted by jpluimers on 2021/01/06

Every time my scan VM logs on I get the dialog on the right.

Every time I finish an OCR scan, I get the dialog below.

There are two reasons I want to close the ABBY dialog:

While open, it will keep both the original PDF and OCR PDF files alive.When after a while, Windows updates auto-reboots the machine, before clicking the OK buttons I have to manually check if the conversion succeeded before removing the non-OCR PDF.This is time consuming.
While open, it still consumes a lot of system resources: about 100 megabyte for a simple single monochrome A4 page. Much more for complex, multi-page or colour documents.When scanning a lot of document this causes the system to run out of memory, after becoming much much slower because the truckload of Window handles and underlying threads drags Windows down.

I do not want to fully get rid of these dialogs, as often being aware of the progress is important, and I always forget how to re-enable things. If you can do without the dialogs, then try these:

Finding the Windows and controls

I did use one nice feature of AutoHotKey: their Windows Spy utility, which is implemented as a AHK script: [WayBack] AutoHotKey-scripts/WindowSpy.ahk at master · elig0n/AutoHotKey-scripts · GitHub. In the past this was a separate executable, so do not start looking for that any more. You can get it either after a full install of the [WayBack] Releases · Lexikos/AutoHotkey_L · GitHub, or by extracting from the most current AutoHotKey.zip from [Archive.is] AutoHotkey Downloads.

Related:

[WayBack] Changes & New Features | AutoHotkey

1.1.27.00 – December 25, 2017

Changes:

Replaced AU3_Spy.exe with WindowSpy.ahk.

…

[WayBack] autohotkey – What is AU3_Spy.exe? Where can I find it? – Stack Overflow

Search for Spy in

[WayBack] AutoHotkey_L/script2.cpp at master · Lexikos/AutoHotkey_L · GitHub

[WayBack] AutoHotkey_L/script_autoit.cpp at master · Lexikos/AutoHotkey_L · GitHub

[WayBack] AutoHotkey_L/script_gui.cpp at master · Lexikos/AutoHotkey_L · GitHub

This gets these for the Create Cloud and ABBY windows:

Automating the click

I contemplated about using AutoIt (freeware, but closed source) or AutoHotKey_L (the current active fork of AutoHotKey).

AutoIt is now closed source, forked in the past as AutoHotKey, which has a lot of half backed – usually poorly documented – scripts needing you to learn a new API wrapper around existing Windows API functionality.

So I reverted back to using the Windows API using Delphi: a simple repeat loop, to check for the existence of the underlying processes, windows and controls, plus some logic to terminate then the user stops the application (Ctrl-C, Ctrl-Break), logs off, or Windows shuts down.

Releated Windows API keywords and posts:

Terminating in time:
- SetConsoleCtrlHandler and HandlerRoutine parameter dwCtrlType values CTRL_C_EVENT, CTRL_BREAK_EVENT, CTRL_CLOSE_EVENT, CTRL_LOGOFF_EVENT and CTRL_SHUTDOWN_EVENT.
  - Remember that the HandlerRoutine is called in a separate thread, implying you should be very careful with what you do. Best is to only set some flags. Worst is to go GUI handling (DO NOT CALL ShowMessage HERE!)
- Delphi related:
- [WayBack] Handling the OS shutdown event using WinAPI describes the SetConsoleCtrlHandler for console applications, the service related RegisterServiceCtrlHandler and RegisterServiceCtrlHandlerEx calls and the Windows messages to watch for GUI applications: WM_QUERYENDSESSION and WM_POWERBROADCAST.
Checking for processes, windows and controls:
- FindWindow
- a

I could have used AutoHotKey with these hints to get it working:

[Archive.is/WayBack] ControlClick – Syntax & Usage | AutoHotkey: The ControlClick command sends a mouse button or mouse wheel event to a control.
- [WayBack] How to click a specific button on a window with autohotkey? – Stack Overflow
- [WayBack] Locating/Clicking buttons in a Windows Application – Ask for Help – AutoHotkey Community
[WayBack] AutoHotkey Webinar- Various ways to use AHK to automate tasks in Windows (videos below the fold)
[Archive.is/WayBack] OnExit() – Syntax & Usage | AutoHotkey: The OnExit function specifies a callback function or subroutine to run automatically when the script exits.
[WayBack] AutoHotKey: Introduction
[WayBack] Repeating things
[WayBack] Category:AutoHotkey – Rosetta Code
[WayBack] Wait for window to open then use WinGetTitle. – Ask for Help – AutoHotkey Community
[WayBack] Wait for a window to finish loading – AutoHotkey Community
[WayBack] How to wait for a window to appear – Ask for Help – AutoHotkey Community
[Archive.is/WayBack] Process – Syntax & Usage | AutoHotkey
[WayBack] AutoHotKey script to automatically close a window when it opens – Super User
[WayBack] Waiting for a button – Ask for Help – AutoHotkey Community
[WayBack] wait till window opens then wait till it closes – Ask for Help – AutoHotkey Community
[WayBack] windows – AutoHotKey – ellegant way of waiting until a system dialog box becomes able to accept keystrokes? – Super User
[WayBack] I want to create an AutoHotKey script that waits for a window and sends some keystrokes to it, but the keystrokes are repeating by default – Super User

MacOS

Note that when you run on MacOS, you need an alternative like for instance the video below shows via [WayBack] Stop ScanSnap From Prompting You When You Scan.

–jeroen

Read the rest of this entry »

Posted in Development, Fujitsu ScanSnap, Hardware, ix100, ix500, Power User, Scanners, Scripting, Software Development, Windows, Windows 10, Windows 8.1 | Leave a Comment »

« Previous Entries

Next Entries »

	Attila Kovacs on Crowbarring Windows 95 into Wi…
	Jeroen Wiert Pluimer… on Does Odido (the old T-Mobile N…
	Lars Fosdal on Security alarm provider Woonve…
	Thomas Mueller on Question got closed in May 202…
	Thaddy de Koning on Formulier voor bewindvoerders…

The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

Twitter Updates

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘Windows’ Category

Enable Block at First Sight to detect malware in seconds | Microsoft Docs

Reminder of Windows 10 update “What’s New” location

Research list: getting rid of the Windows 10 Delivery Content data and service

How to control Windows Update Delivery Optimization

Deleting the WebCache database – The IE browser cache | Apttech’s Blog

Everything force rescan all volumes – via voidtools forum

Chris Foster: Windows Development in a KVM Virtual Machine

A choco install list

Windows events for Remote Desktop connections

How to remove (disable or hide) User Accounts on the Windows 10 Login Screen – Make Tech Easier

Show only the last logged on user, but add a switch-user dialog

If you lost access because of `SpecialAccounts`

Automating the closing of the Creative Cloud signing and ABBY FindReader for ScanSnap 5.0 dialogs

Finding the Windows and controls

Automating the click

MacOS

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘Windows’ Category

Rate this:

Share this:

Rate this:

Share this:

How to control Windows Update Delivery Optimization

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Show only the last logged on user, but add a switch-user dialog

If you lost access because of SpecialAccounts

Rate this:

Share this:

Finding the Windows and controls

Automating the click

MacOS

Rate this:

Share this:

If you lost access because of `SpecialAccounts`