March 2026
M	T	W	T	F	S	S
	1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

Archive for the ‘Windows 10’ Category

Windows 10 Home: allow a certain user to have a non-expiring password

Posted by jpluimers on 2021/03/15

Sometimes it makes sense to have a user never expire the password.

On a non-home editions of Windows, this is easy: just run lusrmgr.msc, then in the UI change the property for the user.

On home editions of Windows, you cannot do this in a GUI: those bits are either disabled or completely unavailable.

I did this on a demo VM system on an elevated command-prompt:

C:\>wmic UserAccount where Name='developer' set PasswordExpires=False
Updating property(s) of '\\DEMO-VM\ROOT\CIMV2:Win32_UserAccount.Domain="DEMO-VM",Name="developer"'
Property(s) update successful.

To show the current state (before I changed it):

C:\>wmic UserAccount where Name='developer'
AccountType  Caption           Description  Disabled  Domain      FullName  InstallDate  LocalAccount  Lockout  Name       PasswordChangeable  PasswordExpires  PasswordRequired  SID                                            SIDType  Status 
512          DEMO-VM\developer              FALSE     DEMO-VM                            TRUE          FALSE    developer  TRUE                TRUE             TRUE              S-1-5-21-2478057260-1439466941-978077079-1002  1        OK

Via: [WayBack] Cocosenor: 4 ways to disable or enable Windows 10 password expiration notification

–jeroen

Posted in Power User, Windows, Windows 10 | Leave a Comment »

Windows Users like “Window Manager\DWM-3” are virtual users

Posted by jpluimers on 2021/03/15

Having seen logon failures from user Window Manager\DWM-3 while on a public WiFi network, I did a quick search on [WayBack] “Window Manager\DWM-3” – Google Search.

It appeared somebody trying a dictionary attack on the RDP port of my Windows VM which was on the host Bridged Network (see [Archive.is] Help – VMware Fusion 6 Documentation Center).

This is a virtual user that is part of a series of users that the Desktop Window Manager started using from Windows 8 and up.

The first user always exist, DWM-2 and up are created for new dwm.exe processes (by winlogon.exe) when users start logging on through RDP connections to a Windows machine:

Window Manager\DWM-1
Window Manager\DWM-2
Window Manager\DWM-3
Window Manager\DWM-4

In addition to logging on as a new user, as of Windows 8, these also are created when shutting down and starting up (which Windows fools you by actually doing a kind of hibernate): [Wayback] windows 8 – What is winlogon.exe -SpecialSession? – Super User

–jeroen

Posted in Power User, Windows, Windows 10, Windows 8, Windows 8.1 | Leave a Comment »

Enable Block at First Sight to detect malware in seconds | Microsoft Docs

Posted by jpluimers on 2021/03/12

On my reading list, because I saw it suddenly enabled on a domain based Windows network:

[WayBack] Enable Block at First Sight to detect malware in seconds | Microsoft Docs

Enable the Block at First sight feature to detect and block malware within seconds, and validate that it is configured correctly.

It seems to have been introduced early 2018: Windows Defender – Wikipedia: Advanced Features

Windows 10’s Anniversary Update introduced Limited Periodic Scanning, which optionally allows Windows Defender to scan a system periodically if another antivirus app is installed.^[5] It also introduced Block at First Sight, which uses machine learning to predict whether a file is malicious.^[21]

There is a BAFS – Windows Defender Testground for which you need a Microsoft account.

–jeroen

Posted in Power User, Security, Windows, Windows 10 | Leave a Comment »

Reminder of Windows 10 update “What’s New” location

Posted by jpluimers on 2021/03/02

If you forgot what Microsoft has added, look for a file named like this:

C:\Program Files\WindowsApps\Microsoft.Getstarted_7.3.20251.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe

Disregard any warnings you find through the above link: it is a legit file installed during Windows 10 update.

–jeroen

Posted in Power User, Windows, Windows 10 | Leave a Comment »

Research list: getting rid of the Windows 10 Delivery Content data and service

Posted by jpluimers on 2021/02/15

Not sure yet if this is still possible, but on my research list as it pollutes low-resource Windows 10 VMs and computers the Delivery Content:

[WayBack] Delivery Optimization Service can’t be disabled after the last Windows 10 Update – Super User
[WayBack] Reddit: Can I block an IP range for Windows 10 download? : sysadmin
[WayBack] How To Turn Off Windows 10 Update Delivery Optimization Feature | Redmond Pie
[WayBack] Delivery Optimization service downloading something and using all my bandwidth
[WayBack] Microsoft Clarifies Windows 10 ‘Delivery Optimization’ — Redmond Channel Partner
[WayBack] Delete Delivery Optimization Files and reclaim lost disk space
[WayBack] Disable and turn off Windows Update Delivery Optimization
[WayBack] Windows Update Delivery Optimization or WUDO
[WayBack] windows 10 – Delivery Optimization service is hogging all my bandwidth, how to stop it? – Super User
Windows Update Delivery Optimization: FAQ
How to control Windows Update Delivery Optimization

To stop downloading updates and apps from or sending updates and apps to other Windows 10 devices on the Internet:
1. Select the Start button, then select Settings > Update & Security > Windows Update > Advanced options.
2. Select Delivery Optimization (or Choose how updates are delivered in earlier versions of Windows 10).
3. Select PCs on my local network.
To stop downloading from or uploading to other PCs on the local network:
1. Select the Start button, then select Settings > Update & Security > Windows Update > Advanced options.
2. Select Delivery Optimization.
3. Make sure Allow downloads from other PCs is turned Off. You’ll get updates and apps directly from Windows Update and from Microsoft Store with Delivery Optimization; however, you won’t download from or upload to other PCs.
If you use a metered or capped Internet connection, Delivery Optimization won’t automatically download or send parts of updates or apps to other PCs on the Internet.

To identify a Wi‑Fi or Ethernet connection as metered or capped:
1. Select the Start button, then select Settings > Network & Internet > Wi‑Fi.
2. Select the network you’re using, and then turn on Set as metered connection.

–jeroen

Read the rest of this entry »

Posted in Power User, Windows, Windows 10 | Leave a Comment »

Deleting the WebCache database – The IE browser cache | Apttech’s Blog

Posted by jpluimers on 2021/02/15

[WayBack] Deleting the WebCache database – The IE browser cache | Apttech’s Blog quotes from WayBack: C drive space is using up on terminal server after upgrading to IE10 or IE11 – AsiaTech: Microsoft Azure & Development:

With the new cache implementation, the cache files are saved in %LocalAppData%\Microsoft\Windows\WebCache\ folder. And, the cache files will be created when a new user logs on.

Actually, the database is a file named WebCacheV01.dat in the cache folder, and its initial size could be around 20-32MB. The size of this file will keep increasing along with you browse more and more websites.

…

save the below contents into ClearIECache.cmd file and try to fun this file.
echo OFF
net stop COMSysApp
taskkill /F /IM dllhost.exe
taskkill /F /IM taskhost.exe
taskkill /F /IM taskhostex.exe
del /Q %LocalAppData%\Microsoft\Windows\WebCache\*.*
net start COMSysApp
echo ON
Furthermore, you’d better deploy the batch file to a logoff script of your local GPO, here are the steps.

–jeroen

Posted in Internet Explorer, Power User, Web Browsers, Windows, Windows 10 | Leave a Comment »

Windows events for Remote Desktop connections

Posted by jpluimers on 2021/01/25

Some notes and links, as eventually I want to react on Windows events raised for successful Remote Desktop connections.

Log-files:

Name Microsoft-Windows-TerminalServices-LocalSessionManager/Admin
Path %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
Name Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
Path %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx

EventID 25:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TerminalServices-LocalSessionManager" Guid="{5D896912-022D-40AA-A3A8-4FA5515C76D7}" /> 
<EventID>25</EventID> 
<Version>0</Version> 
<Level>4</Level> 
<Task>0</Task> 
<Opcode>0</Opcode> 
<Keywords>0x1000000000000000</Keywords> 
<TimeCreated SystemTime="2019-02-06T13:48:02.978377900Z" /> 
<EventRecordID>5358</EventRecordID> 
<Correlation ActivityID="{F4203346-1BFB-421E-8668-C7503D590000}" /> 
<Execution ProcessID="308" ThreadID="12552" /> 
<Channel>Microsoft-Windows-TerminalServices-LocalSessionManager/Operational</Channel> 
<Computer>MACHINE-NAME.subdomain.domain</Computer> 
<Security UserID="S-1-5-18" /> 
</System>
<UserData>
<EventXML xmlns="Event_NS">
<User>DOMAIN\jeroen</User> 
<SessionID>2</SessionID> 
<Address>192.168.1.42</Address> 
</EventXML>
</UserData>
</Event>

Links on the events:

[WayBack] Is there a log file for RDP connections?
[WayBack] Windows RDP-Related Event Logs: Identification, Tracking, and Investigation | Ponder The Bits

A cohesive and comprehensive walk-through of the most common and empirically useful RDP-related Windows Event Log Sources and ID’s, grouped by stage of occurrence (Connection, Authentication, Logon, Disconnect/Reconnect, Logoff).

…

Event ID: 25
Provider Name: Microsoft-Windows-TerminalServices-LocalSessionManager
Description: “Remote Desktop Services: Session reconnection succeeded:”
Notes: The user has reconnected to an RDP session, when the “Source Network Address” contains a remote IP address. A “Source Network Address” of “LOCAL” simply indicates a local session reconnection and does NOTindicate a remote RDP session reconnection. Note the “Source Network Address” for the source of the RDP connection. This is typically paired with an Event ID 40. Take note of the SessionID as a means of tracking/associating additional Event Log activity with this user’s RDP session.

TL;DR: The user has reconnected to an existing RDP session, so long as the “Source Network Address” is NOT “LOCAL”.
[WayBack] Jeroen Pluimers on Twitter: “How can I run a script (batch or powershell) when a remote desktop connection starts? (either re-connects to an existing Windows logon session, or starts a new Windows logon session)? I know how to cover the last, but not the first.”
[WayBack] CHUA Chee Wee on Twitter: “Watch Windows event log for RDP events. You’ll figure which one out, then execute a designated script.”
[WayBack] Jeroen Pluimers on Twitter: “Thanks, found it: Log Name Microsoft-Windows-TerminalServices-LocalSessionManager/Operational Log Path %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx EventID 25 Now I need to find how to initiate a script on this.”
[WayBack] CHUA Chee Wee on Twitter: “Manually, it’s within eventvwr, click on the event and right click, select attach task to this event. Programmatically, you’ll need to figure out the equivalent.”
[WayBack] Jeroen Pluimers on Twitter: “Thanks. In the mean time I was collecting some links for a blog post about this which includes blogs.technet.microsoft.com/wincat/… That’s a more elaborate version of what you describe, so both of these will get me going.”

Links on triggers and scripts running because of events:

[WayBack] Automation example using Windows Event as trigger : sysadmin
[WayBack] Trigger a PowerShell Script from a Windows Event – Server and Cloud Partner and Customer Solutions Team Blog
[WayBack] PowerShell: BgInfo Automation script | Wim’s System Center blog
[WayBack] Complex Event Processing (Middleware)—a Technical Reference Guide for Designing Mission-Critical Middleware Solutions
[WayBack] Configure Event Log Forwarding in Windows Server 2012 R2
[WayBack] Run a scheduled task after a Windows service is started – Super User
[WayBack] Advanced XML filtering in the Windows Event Viewer | Ask the Directory Services Team
[WayBack] How to Disable Automatic Updates on Windows 10 | NUCUTA: Disable Windows 10 Update with Windows Task Scheduler

There is no convenient way to disable automatic updates on Windows 10, This guide presents 8 working methods to disable automatic updates with ease.
[WayBack] Trigger a PowerShell Script from a Windows Event – Server and Cloud Partner and Customer Solutions Team Blog

–jeroen

Read the rest of this entry »

Posted in Power User, Windows, Windows 10 | Leave a Comment »

How to remove (disable or hide) User Accounts on the Windows 10 Login Screen – Make Tech Easier

Posted by jpluimers on 2021/01/11

Works on my systems too (I think it works from Windows XP on) to hide users from the home screen: [WayBack] How to Hide User Accounts on the Windows 10 Login Screen – Make Tech Easier.

Show only the last logged on user, but add a switch-user dialog

Run the below .reg file on your machine, or manually add this key (does not need any value): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\DomainStyleLogon

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\DomainStyleLogon]

Note the empty line at the end of the .reg file: that is by intention.

This will show the last logged-on user on the home screen, but still allows users to perform a switch to other users.

Disable the users on the logon screen from interactive logon

Warning: do NOT disable your administrator user this way!

For why not, see the various users that lost access: [WayBack] Hide User Accounts on Windows 7 Logon – Windows 7 IT Pro > Windows 7 User Interface

use net user on the command prompt to list the usernames and note the username you want to hide from the login screen
run regedit to edit the registry
ensure this registry key exists HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Under that key, create a new key SpecialAccounts
Under the SpecialAccounts key, create a new key UserList
Under the UserList key, create a new DWORD (32-bit) value with the Value name equal to the username and the Value data to zero (0, which is the default)
Reboot
Observe that user is not on the login window any more.

Example:

If you lost access because of `SpecialAccounts`

If you would like to unhide the hidden Administrator account on Windows 7:

Boot a Windows 7 Installation DVD or ISO

go to command prompt and type regedit -it

click on HKLM hive and

next navigate File>>Load hive

navigate to C:\Windows\System32\config folder and choose `SOFTWARE` file load it and assign this hive any name for example REM_SOFTWARE

open key HKEY_LOCAL_MACHINE\REM_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList

remove the Administrator account

or better way remove the whole key HKEY_LOCAL_MACHINE\REM_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

–jeroen

Posted in Power User, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1 | Leave a Comment »

Automating the closing of the Creative Cloud signing and ABBY FindReader for ScanSnap 5.0 dialogs

Posted by jpluimers on 2021/01/06

Every time my scan VM logs on I get the dialog on the right.

Every time I finish an OCR scan, I get the dialog below.

There are two reasons I want to close the ABBY dialog:

While open, it will keep both the original PDF and OCR PDF files alive.When after a while, Windows updates auto-reboots the machine, before clicking the OK buttons I have to manually check if the conversion succeeded before removing the non-OCR PDF.This is time consuming.
While open, it still consumes a lot of system resources: about 100 megabyte for a simple single monochrome A4 page. Much more for complex, multi-page or colour documents.When scanning a lot of document this causes the system to run out of memory, after becoming much much slower because the truckload of Window handles and underlying threads drags Windows down.

I do not want to fully get rid of these dialogs, as often being aware of the progress is important, and I always forget how to re-enable things. If you can do without the dialogs, then try these:

Finding the Windows and controls

I did use one nice feature of AutoHotKey: their Windows Spy utility, which is implemented as a AHK script: [WayBack] AutoHotKey-scripts/WindowSpy.ahk at master · elig0n/AutoHotKey-scripts · GitHub. In the past this was a separate executable, so do not start looking for that any more. You can get it either after a full install of the [WayBack] Releases · Lexikos/AutoHotkey_L · GitHub, or by extracting from the most current AutoHotKey.zip from [Archive.is] AutoHotkey Downloads.

Related:

[WayBack] Changes & New Features | AutoHotkey

1.1.27.00 – December 25, 2017

Changes:

Replaced AU3_Spy.exe with WindowSpy.ahk.

…

[WayBack] autohotkey – What is AU3_Spy.exe? Where can I find it? – Stack Overflow

Search for Spy in

[WayBack] AutoHotkey_L/script2.cpp at master · Lexikos/AutoHotkey_L · GitHub

[WayBack] AutoHotkey_L/script_autoit.cpp at master · Lexikos/AutoHotkey_L · GitHub

[WayBack] AutoHotkey_L/script_gui.cpp at master · Lexikos/AutoHotkey_L · GitHub

This gets these for the Create Cloud and ABBY windows:

Automating the click

I contemplated about using AutoIt (freeware, but closed source) or AutoHotKey_L (the current active fork of AutoHotKey).

AutoIt is now closed source, forked in the past as AutoHotKey, which has a lot of half backed – usually poorly documented – scripts needing you to learn a new API wrapper around existing Windows API functionality.

So I reverted back to using the Windows API using Delphi: a simple repeat loop, to check for the existence of the underlying processes, windows and controls, plus some logic to terminate then the user stops the application (Ctrl-C, Ctrl-Break), logs off, or Windows shuts down.

Releated Windows API keywords and posts:

Terminating in time:
- SetConsoleCtrlHandler and HandlerRoutine parameter dwCtrlType values CTRL_C_EVENT, CTRL_BREAK_EVENT, CTRL_CLOSE_EVENT, CTRL_LOGOFF_EVENT and CTRL_SHUTDOWN_EVENT.
  - Remember that the HandlerRoutine is called in a separate thread, implying you should be very careful with what you do. Best is to only set some flags. Worst is to go GUI handling (DO NOT CALL ShowMessage HERE!)
- Delphi related:
- [WayBack] Handling the OS shutdown event using WinAPI describes the SetConsoleCtrlHandler for console applications, the service related RegisterServiceCtrlHandler and RegisterServiceCtrlHandlerEx calls and the Windows messages to watch for GUI applications: WM_QUERYENDSESSION and WM_POWERBROADCAST.
Checking for processes, windows and controls:
- FindWindow
- a

I could have used AutoHotKey with these hints to get it working:

[Archive.is/WayBack] ControlClick – Syntax & Usage | AutoHotkey: The ControlClick command sends a mouse button or mouse wheel event to a control.
- [WayBack] How to click a specific button on a window with autohotkey? – Stack Overflow
- [WayBack] Locating/Clicking buttons in a Windows Application – Ask for Help – AutoHotkey Community
[WayBack] AutoHotkey Webinar- Various ways to use AHK to automate tasks in Windows (videos below the fold)
[Archive.is/WayBack] OnExit() – Syntax & Usage | AutoHotkey: The OnExit function specifies a callback function or subroutine to run automatically when the script exits.
[WayBack] AutoHotKey: Introduction
[WayBack] Repeating things
[WayBack] Category:AutoHotkey – Rosetta Code
[WayBack] Wait for window to open then use WinGetTitle. – Ask for Help – AutoHotkey Community
[WayBack] Wait for a window to finish loading – AutoHotkey Community
[WayBack] How to wait for a window to appear – Ask for Help – AutoHotkey Community
[Archive.is/WayBack] Process – Syntax & Usage | AutoHotkey
[WayBack] AutoHotKey script to automatically close a window when it opens – Super User
[WayBack] Waiting for a button – Ask for Help – AutoHotkey Community
[WayBack] wait till window opens then wait till it closes – Ask for Help – AutoHotkey Community
[WayBack] windows – AutoHotKey – ellegant way of waiting until a system dialog box becomes able to accept keystrokes? – Super User
[WayBack] I want to create an AutoHotKey script that waits for a window and sends some keystrokes to it, but the keystrokes are repeating by default – Super User

MacOS

Note that when you run on MacOS, you need an alternative like for instance the video below shows via [WayBack] Stop ScanSnap From Prompting You When You Scan.

–jeroen

Read the rest of this entry »

Posted in Development, Fujitsu ScanSnap, Hardware, ix100, ix500, Power User, Scanners, Scripting, Software Development, Windows, Windows 10, Windows 8.1 | Leave a Comment »

Windows Sandbox – Microsoft Tech Community – 301849

Posted by jpluimers on 2020/12/21

For my link archive, as I totally missed it when it was released: [WayBack] Windows Sandbox – Microsoft Tech Community – 301849:

Install Windows 10 Pro or Enterprise, Insider build 18305 or newer

Enable virtualization:

If you are using a physical machine, ensure virtualization capabilities are enabled in the BIOS.

If you are using a virtual machine, enable nested virtualization with this PowerShell cmdlet:

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true

Open Windows Features, and then select Windows Sandbox. Select OK to install Windows Sandbox. You might be asked to restart the computer.

Using the Start menu, find Windows Sandbox, run it and allow the elevation

Copy an executable file from the host

Paste the executable file in the window of Windows Sandbox (on the Windows desktop)

Run the executable in the Windows Sandbox; if it is an installer go ahead and install it

Run the application and use it as you normally do

When you’re done experimenting, you can simply close the Windows Sandbox application. All sandbox content will be discarded and permanently deleted

Confirm that the host does not have any of the modifications that you made in Windows Sandbox.

–jeroen

Posted in Power User, Windows, Windows 10 | Leave a Comment »

« Previous Entries

Next Entries »

	Jeroen Wiert Pluimer… on Pie Comic by John McNamee: Mov…
	Attila Kovacs on Crowbarring Windows 95 into Wi…
	Jeroen Wiert Pluimer… on Does Odido (the old T-Mobile N…
	Lars Fosdal on Security alarm provider Woonve…
	Thomas Mueller on Question got closed in May 202…

The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

Twitter Updates

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘Windows 10’ Category

Windows 10 Home: allow a certain user to have a non-expiring password

Windows Users like “Window Manager\DWM-3” are virtual users

Enable Block at First Sight to detect malware in seconds | Microsoft Docs

Reminder of Windows 10 update “What’s New” location

Research list: getting rid of the Windows 10 Delivery Content data and service

How to control Windows Update Delivery Optimization

Deleting the WebCache database – The IE browser cache | Apttech’s Blog

Windows events for Remote Desktop connections

How to remove (disable or hide) User Accounts on the Windows 10 Login Screen – Make Tech Easier

Show only the last logged on user, but add a switch-user dialog

If you lost access because of `SpecialAccounts`

Automating the closing of the Creative Cloud signing and ABBY FindReader for ScanSnap 5.0 dialogs

Finding the Windows and controls

Automating the click

MacOS

Windows Sandbox – Microsoft Tech Community – 301849

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘Windows 10’ Category

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

How to control Windows Update Delivery Optimization

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Show only the last logged on user, but add a switch-user dialog

If you lost access because of SpecialAccounts

Rate this:

Share this:

Finding the Windows and controls

Automating the click

MacOS

Rate this:

Share this:

Rate this:

Share this:

If you lost access because of `SpecialAccounts`