Archive for the ‘Windows 8’ Category
Posted by jpluimers on 2022/06/17
Of course you should be careful inserting random USB devices. Apart from USB HID attacks, they could perform other attacks like DMA ones.
To help preventing automated UAC elevation, you can make it harder to activate UAC by requiring a password. I think the below registry trick and policy is supported as of Windows 7, but it could be more recent (i.e. Windows 8.1).
The video below shows the trick, but does not document it in text. So here we go [WayBack] Windows doesn’t ask for your password when changing settings – Windows 10 Forums
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorUser" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableInstallerDetection" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableSecureUIAPaths" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableUIADesktopToggle" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "FilterAdministratorToken" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t REG_DWORD /d "1" /f
(A more elaborate batch file with lots more hardening is at [WayBack] Win 10 edits · GitHub)
The registry trick is especially useful for Home editions of Windows which do not allow you to run the Security Policy control panel applet secpol.msc.
The first two values explained at [WayBack] How to configure Windows UAC prompt behavior for admins and users – gHacks Tech News:
ConsentPromptBehaviorAdmin
This key defines the User Account Control behavior for system administrators. The default value is set to prompt but do not require credentials to be entered. Here are all possible values:
- 0: A value of 0 allows administrators to perform operations that require elevation without consent (meaning prompts) or credentials (meaning authentication).
- 1: A value of 1 requires the admin to enter username and password when operations require elevated privileges on a secure desktop.
- 2: The value of 2 displays the UAC prompt that needs to be permitted or denied on a secure desktop. No authentication is required.
- 3: A value of 3 prompts for credentials.
- 4: A value of 4 prompts for consent by displaying the UAC prompt.
- 5: The default value of 5 prompts for consent for non-Windows binaries.
ConsentPromptBehaviorUser
- 0: A value of 0 will automatically deny any operation that requires elevated privileges if executed by standard users.
- 1: The value of 1 will display a prompt to enter the username and password of an administrator to run the operation with elevated privileges on the secure desktop.
- 3: The default value of 3 prompts for credentials on a secure desktop.
The changes should take effect immediately. You can for instance set the admin behavior to 0 so that no prompts are displayed, and user behavior to 0 as well to prevent them from running operations that require elevated privileges.
Related:
Read the rest of this entry »
Posted in Power User, Windows, Windows 10, Windows 8, Windows 8.1 | Leave a Comment »
Posted by jpluimers on 2022/06/16
Adapted from [Archive.is] How can you export the Visual Studio Code extension list? – Stack Overflow, presuming that code is on the PATH:
- From the command-line interface on MacOS, Linux, BSD or on Windows with
git installed:
code --list-extensions | xargs -L 1 echo code --install-extension
- From the command-line interface on MacOS, Linux, BSD or on Windows without
git installed:
code --list-extensions | % { "code --install-extension $_" }
or, as I think, more clearly (see also [WayBack] syntax – What does “%” (percent) do in PowerShell? – Stack Overflow):
code --list-extensions | foreach { "code --install-extension $_" }
or even more explanatory:
code --list-extensions | ForEach-Object { "code --install-extension $_" }
- From the command-line interface on Windows as a plain
cmd.exe command:
@for /f %l in ('code --list-extensions') do @echo code --install-extension %l
- On Windows as a plain
cmd.exe batch file (in a .bat/.cmd script):
@for /f %%l in ('code --list-extensions') do @echo code --install-extension %%l
- The above two on Windows can also be done using PowerShell:
PowerShell -Command "code --list-extensions | % { """""code --install-extension $_""""" }"
Note that here too, the % can be expanded into foreach or ForEach-Object for clarity.
All of the above prepend “code --install-extension ” (note the trailing space) before each installed Visual Studio Code extension.
They all give you a list like this which you can execute on any machine having Visual Studio Code installed and its code on the PATH, and a working internet connection:
code --install-extension DavidAnson.vscode-markdownlint
code --install-extension ms-vscode.powershell
code --install-extension yzhang.markdown-all-in-onex
(This is about the minimum install for me to edit markdown documents and do useful things with PowerShell).
Of course you can pipe these to a text-file script to execute them later on.
The double-quote escaping is based on [Wayback/Archive.is] How to escape PowerShell double quotes from a .bat file – Stack Overflow:
you need to escape the " on the command line, inside a double quoted string. From my testing, the only thing that seems to work is quadruple double quotes """" inside the quoted parameter:
powershell.exe -command "echo '""""X""""'"
Via: [Archive.is] how to save your visual studio code extension list – Google Search
--jeroen
Posted in *nix, *nix-tools, .NET, bash, Batch-Files, CommandLine, Console (command prompt window), Development, Mac OS X / OS X / MacOS, Power User, PowerShell, PowerShell, Software Development, Visual Studio and tools, vscode Visual Studio Code, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Development, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, WSL Windows Subsystem for Linux, xargs | Leave a Comment »
Posted by jpluimers on 2022/06/08
Posted in Chocolatey, CommandLine, Development, Microsoft Surface on Windows 7, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2 | Leave a Comment »
Posted by jpluimers on 2022/05/26
Vista!
Shutting down or rebooting Windows allowing existing applications to reopen
Windows Vista introduced the /g switch in shutdown.exe and was unchanged in Windows 7:
/g Shutdown and restart the computer. After the system is
rebooted, restart any registered applications.
I never noticed it until Windows 10 which began actively use it when applying system updates: then suddenly many of the previously running applications would reopen during startup.
Read the rest of this entry »
Posted in Power User, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Vista, Windows XP | Leave a Comment »
Posted by jpluimers on 2022/04/01
By sheer luck, Jen Gentleman pointed out that winfile.exe still lives on:
The source is at [Wayback/Archive.is] microsoft/winfile: Original Windows File Manager (winfile) with enhancements, and it looks exactly like the Windows 3.x through Windows NT 4.0 days.
Read the rest of this entry »
Posted in Apri1st, Fun, Power User, Windows, Windows 10, Windows 3.11, Windows 7, Windows 8, Windows 8.1, Windows NT | Leave a Comment »
Posted by jpluimers on 2022/03/01
I bumped into an old draft on notes on NTFS boot issues.
A while ago, I wanted to boot in the Windows 10 “Safe Mode” console, but the F8 option during the boot process was gone.
So I wondered how to get there. There seem to be a few ways, of which almost all require a functioning Windows installation. When you have one, it is relatively easy, as these options will work as summarised from [Wayback] How to open the Windows 10 recovery console:
- Hold the physical
Shift key when choosing “Reboot” in the user interface. There are various ways to get to the “Power” button:
- in the lower right corner at the logon-screen
- in the lower right corner at the lock-screen
- in the lower right corner after pressing
Ctrl–Alt–Del
- in the lower left corner of the “Start” menu
- In the Settings app, there used to be an “Advanced Startup” feature, but I could not find that any more in Windows 10 version 21H1 any more
- From a console Window, run either of these commands (the second waits zero seconds before rebooting, the first 30)
shutdown.exe /r /oshutdown.exe /r /o /t 0
There is also a possibility to restore the F8 functionality, but you need installation media for it. [Wayback] 3 ways to boot into Safe Mode on Windows 10 version 21H1 explains how to.
Some “notes on NTFS boot issues” links for my archive
(Note that for some of the links, only the [Wayback] ones work: link-rot of the links I saved 6 years ago)
–jeroen
Read the rest of this entry »
Posted in Internet, link rot, Power User, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, WWW - the World Wide Web of information | Leave a Comment »
Posted by jpluimers on 2022/02/18
A while ago I needed to quickly rename a Windows 10 machine, but again they moved around the way to get into the right dialog (each new Windows 10 release more options seem to move around from the classic Control Panel or Computer Properties into hard to memorise places).
So I was glad to find out that either of these work from the command-line:
sysdm.cpl,1SystemPropertiesComputerName
I already was aware of editing the user environment variables through "C:\Windows\System32\rundll32.exe" sysdm.cpl,EditEnvironmentVariables
Glad changing the computer name was so easy.
From [Wayback] Easy Ways to Open System Properties in Windows 10 | Password Recovery, I learned there were more equivalence commands for the rest of the “System Properties” tabs:
- Computer Name
sysdm.cpl,1SystemPropertiesComputerName
- Hardware
sysdm.cpl,2SystemPropertiesHardware
- Advanced
sysdm.cpl,3SystemPropertiesAdvanced
- System Protection
sysdm.cpl,4SystemPropertiesProtection
- Remote
sysdm.cpl,5SystemPropertiesRemote
Searching for [Wayback] “EditEnvironmentVariables” “SystemPropertiesComputerName” – Google Search, I found a truckload more of these command-line tricks at [Wayback] 运行(WIN+R)中能使用的命令:ms-settings:,shell:,cpl,mmc… – Bob-wei – 博客园.
–jeroen
Posted in Power User, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1 | Leave a Comment »
Posted by jpluimers on 2022/01/03
Great post [WayBack] The Evolution of Windows Search | Windows Search Platform, covering some 3 decades of search:
- 1991 (Cairo with WinFS)
- 1996 (Windows NT 4.0)
- 2000 (Windows 2000)
- 2001 (Windows XP)
- 2007 (Windows Vista)
- 2009 (Windows 7)
- 2012 (Windows 8.x)
- 2015 (Windows 10)
It is part 1 of a series of 4 posts by [WayBack] Brendan Flynn, Author at Windows Search Platform:
- The Evolution of Windows Search 👈 You Are here
- Windows Search Configuration and Settings
- What’s in my index?
- How to make the most of search on Windows
When grabbing them, only the first two parts were available. Part two was about [WayBack] Configuration and Settings | Windows Search Platform with an in depth coverage of both the old style Control Panel applet as the new Windows 10 Settings page.
Via: [Archive.is] Immo Landwerth on Twitter: “If you like Raymond Chen’s The Old New Thing, then you might love this new developer focused blog too. It starts with an interesting history of Windows Search, by @brflynn_ms. Enjoy & subscribe!”
–jeroen
Posted in Power User, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows NT, Windows Server 2000, Windows Vista, Windows XP | Leave a Comment »
Posted by jpluimers on 2021/08/31
This helped me big time finding failed logon attempts: [WayBack] Event Log Hell (finding user logon & logoff) – Ars Technica OpenForum
Alternatively, you can use the XPath query mechanism included in the Windows 7 event viewer. In the event viewer, select “Filter Current Log…”, choose the XML tab, tick “Edit query manually”, then copy the following to the textbox:
Code:
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[System[EventID=4624] and EventData[Data[@Name='TargetUserName'] = 'USERNAME']]</Select>
</Query>
</QueryList>
This selects all events from the Security log with EventID 4624 where the EventData contains a Data node with a Name value of TargetUserName that is equal to USERNAME. Remember to replace USERNAME with the name of the user you’re looking for.
If you need to be even more specific, you can use additional XPath querying – have a look at the detail view of an event and select the XML view to see the data that you are querying into.
Thanks user Hamstro!
Notes:
- you need to perform this using
eventvwr.exe running as an elevated process using an Administrative user CUA token.
USERNAME needs to be the name of the user in UPPERCASE.- replacing
TargetUserName with subjectUsername (as suggested by [WayBack] How to Filter Event Logs by Username in Windows 2008 and higher | Windows OS Hub) fails.
- there are more relevant EventID values you might want to filter on (all links have screenshot and XML example of an event):
- blank (empty passwords) can only be used for local logon, so they disable network logon. That can be a useful security strategy.
Related:
–jeroen
Posted in Development, Microsoft Surface on Windows 7, Power User, Software Development, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Vista, Windows XP, XML/XSD | Leave a Comment »
The Wiert Corner - irregular stream of stuff 