Category: Windows 7 / Microsoft Office

Mar 02

Download the full Firefox stand-alone installer

There’s nothing more frustrating than downloading an installer that assumes that you’re going to have internet access on the machine that you subsequently intend to run the installer on (called a stub installer).

For example, downloading firefox so that you can get to your enterprise storage arrays java based admin interface without the agony presented by internet explorer’s tendency to throw its toys out the pram over the certificate and the settings are locked down by IE policy, this policy, that policy and the other policy that all exist to make the environment so much more “secure” but actually just don’t allow anything, anywhere, ever.  It’s secure!, it’s been signed off as being suitably unusable to prevent exposing ourselves to any kind of imaginary threat!  Aren’t we clever?.  No.  Rant over.

It’s secure!, it’s been signed off as being suitably unusable to prevent exposing ourselves to any kind of imaginary threat!

I’ve probably digressed, I can’t tell.  I’m too angry.  And you are too probably, if you’ve ended up here.  Installers that assume an internet connection are completely useless in the enterprise environment (best read in the voice of Clarkson).

Whats even more frustrating is that the stub installer is the only apparent option, judging by mozillas website.  Well it isn’t the only option – you can still download the full-fat, stand-alone installer from their ftp site – but ftp is blocked by your firewall!

No bother, just replace ftp:// with http:// at the beginning of the URL, or even better just click here for the 64 bit version (or here for the 32 bit version).

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Feb 06

When Google Chrome won’t start.

So Chrome won’t start and the error message is unhelpful.  Microsoft support won’t help of course and Google’s sledgehammer approach is

“just blow away your User Data and start over”

but you don’t want to loose your bookmarks, stored passwords etc that make your life easier and more efficient.  Plus you can’t remember half your passwords anymore.

Well, here’s what that unhelpful error message should look like in a perfect world…

…It’d save a lot of pain if it did.  You’re welcome Google.

So, using Task Manager, kill off any running Google Chrome processes (from having clicked on it 20 times before realising it’s never going to start).

To get to the folder you need to rename in order to get your Chrome browser up and running again with all your bookmarks intact (mine survived ok),

Click Start, Run,

Rename the Default folder to BackupDefault

Try restarting Chrome.  Hopefully you’re sorted.

If not, Google also recommend deleting the following User Data folder.  I don’t know what will survive if you do.  Fortunately, it never came to that for me.

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Jan 11

Users home directory folders displayed as “My Documents”

When viewing a mounted shared filesystem that contains users home directories, many of the folders will be displayed in Windows Explorer as “My Documents” instead of the logon name e.g. bloggsj.  When you’re looking for a particular users home directory and they’re all called “My Documents” it can get quite frustrating.

This occurs as a result of the users home directory containing a desktop.ini file and your windows client is designed to automatically assume you’re looking at your own home directory.  It’s basically not smart enough to figure out it’s not yours but somebody elses.  You’d think they’d patch this but they haven’t yet and it’s been this way now for years.

So, what to do (other than use command line to do everything)?

In Windows Explorer…

  1. Navigate to share eg \\Server\Users
  2. Right click on column SIZE
  3. Click on More at the bottom
  4. tick Filename
  5. Drag Filename column to the leftmost column and sort on it.  (optional)

You then get an extra column showing the real filename that will totally overcome the problem and give you the visibility you want.

You could make this the default for folders by doing this.

In Windows Explorer

  1. Press ALT (to display the old fashioned menu)
  2. choose Tools->Folder Options->View
  3. Click Apply to Folders

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Oct 31

What groups am I a member of?

Need to know what groups you’re a member of in Active Directory, but don’t have access to AD Users and Groups management snap-in?  Try this command.  It may help to run cmd.exe as Administrator if that privilege is available to you, but may not be necessary.

gpresult /r

The output at the bottom will be something like this, along with any additional Global group names you’re a member of.

gpresult

An alternative is whoami /groups which provides an output similar to this…

whoami

Note: whoami also works on Linux/UNIX systems.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Dec 04

Deleting Windows data where the path length exceeds 260 characters

After migrating Windows data, it can be a royal pain cleaning up the source data using del *.* /s /q /f, especially when the path length exceeds 260 (or thereabouts) characters.  You can manually shorten the folder names and keep trying, but this may be time consuming, tiring and ultimately futile.

The simplest way I’ve found to reliably delete data, irrespective of path length, is to use robocopy.

  1. cd into the directory that you want to empty
  2. create a new empty subdirectory called empty
  3. rename all other adjacent folders 1, 2, 3, 4 etc if possible
  4. robocopy empty 1 /mir /r:1 /w:1
  5. repeat for each adjacent folder, 2, 3, 4 etc.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
May 18

Using Linux commands on WIndows

Wouldn’t it be nice if you could pipe the output from windows commands into non-windows commands like grep, cut, awk, sort etc that are available to you on alternative unix-based operating systems?

 

Download and install GNUWin32 from here and the CoreUtils package here and Grep here that should do it.  There are more packages available though here

Once installed, add the path to the bin directory to your Windows System Environment Variable Path

Environment_variables Path

A few useful commands will now be available on the command line.  My favourite is comm which compares files and can be quite flexible with the output with the -1 -2 or -3 switches to suppress lines that appear in file1, file2 or both files respectively.   You can also combine them e.g. -12 -23, 13 to affect the output, so that only the desired output is achieved.  This takes a bit of playing around with, but is very powerful and very simple.  So much so, that it is my number 1 go to tool for file comparison.  Examples shown the in the screenshots below.

comm-helpcomm-3 comm_windows

Note:  Some Windows tools such as icacls export text to a format other than ANSI.  When viewed using Notepad or Notepad++, all appears fine, but if you cat them , you’ll see there are effectively spaces between each character, meaning grep won’t work.  Such text files will need to be saved in ANSI format first.  You can do this using Notepad++.  After selecting Encode in ANSI, save it, then retry grep for a more successful pattern match!

ANSI

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Apr 14

Comparing text files using Notepad++

Notepad++ is my favourite text editor for Windows.  It’s great, it’s free and you should use it.  I’ll leave you to discover it’s cool little features, including themes under Style Configurator.  My favourite theme is khaki for its ease on the eyes when trawling through logs.  black on white gets pretty tiresome.  Syntax colour highlighting according to your coding language is a nice touch too, for spotting those elusive typos tripping up your code.

http://notepad-plus-plus.org/download/v6.7.5.html

It used to include a plugin called Compare, that you could use to compare different files and highlight their differences, but this was removed due to compatibility issues.  Hopefully it’ll return.  In the meantime, it is possible to download the plugin separately, and copy it to the plugins folder under Program Files (x86)\Notepad++\plugins

http://sourceforge.net/projects/npp-compare/?source=typ_redirect

Expand the zip file and copy the .dll into place…

Compare-plugin

Restart Notepad++ (it conveniently opens whatever files were open before it was closed – another nice feature).  The plugins menu now has the Compare plugin…

notepad_compare

Files are compared and differences highlighted…

notepad_compare2

There is also a convenient navigation pane on the right hand side (not shown) that shows all the red and green areas (mismatches and differences) in the files.

Enjoy the best free text editor and file comparison functionality all in the same app and ask yourself why in 2015 Microsoft’s own Notepad bundled with Windows still doesn’t have any of these essential features built in.

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Oct 24

Excel Password Breaker

For my 100th post on my blog here at cyberfella.co.uk I shall tell you how to recover the passwords used to protect the cells, worksheets and workbooks in Microsoft Excel.  Unlike every other post on my blog, I cannot claim that the vbscript used in the macro editor shown below is my own work.  If I knew the original author I’d gladly credit them, so let me know via the comments if you know who came up with this little gem and once I’ve verified that they are indeed the original author, then due credit will be awarded here!

So, you’re working to a deadline which is fast approaching and you’ve attempted to change the contents of a cell, and received the highly annoying message…

The cell or chart that you are trying to change is protected and therefore read-only

protected

 

Subsequent attempts at unprotecting the spreadsheet results in you being prompted for a password that you have no idea of and neither does anyone else.

No problem.   You’re still gonna make that deadline.

Hit Alt F11 to open the Macro Editor, double click the sheet giving you a problem and paste the following vbscript code into the empty code pane.  

Note below that the tabs in your spreadsheet may not actually appear in the order that they were originally created in, so be sure you click the correct sheet/tab name.

click-sheet

 

WordPress is frankly terrible at formatting code in posts whether they be in quotes or not and syntax can be easily messed up resulting in code that then doesn’t work.

Click on the link below to go to a separate html page where the code will be properly formatted for you to cut and paste into your macro – and is guaranteed to work.

excel-password-breaker-macro

 

 

 

excel-password-breaker

Now run the macro by clicking on the “Play” button on the toolbar (shown below).

macro

There may be a delay of up to a minute or more but the likelihood is that within a few seconds a message box will appear and you’ll be presented with the password.  Make a note of it if you like, but in practice the cells in my spreadsheet were also automatically unlocked.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Aug 21

Applying user specific NTFS permissions to all home directories using CLI

There are lots of useful command line tools for listing and modifying NTFS permissions such as cacls, icacls, subinacl, setacl and System Tools’ dumpsec and I will continue to enhance this post with useful real-world examples of each in time.

I’ll start with using cacls in a for loop to process a bunch of home directories, granting full control to each home directory for the specific user.  This can be useful after migrating home directories between domains, or just as a working example of a loop to process files or directories in some way.

for /f %f IN (‘dir /ad /b X:\homedirs\u*’) DO cacls X:\homedirs\%f /e /p %f:F

(Use %%f in place of %f in batch files)

The dir /ad /b command can also be written as dir /A:D /B and has the effect of listing only names of only directories.  This prevents files being processed, limiting the application of permissions to just the directories.  For additional safety, I’ve also used u* to only list directories beginning with u (this may vary in your own environment).

The cacls command simply adds username:F (username:Full Control) to the DACL on the folder, assuming that the username and directory names match (which they almost certainly do in any Windows environment).

If the command is successful, you should see “Processed dir: X:\homedirs\<foldername>“.  Check the permissions to see the new ACE.

As with all complex commands, test on some dummy data first.

A more detailed account of migrating home directories to emc VNX using the VNX Home Directory functionality can be found here http://www.cyberfella.co.uk/2014/07/30/vnx_homedirectory/

Note: This note was written hosting home directories on a NAS, however if you need to share individual home directories as their own hidden shares on an actual Windows Server, then this additional command will save you hours of repetitiously clicking the wizard over and over again…

Create a hidden share for each users home directory (Note: home directory must have appropriate NTFS security in place)

for /f %%f IN (‘dir /ad /b E:\MigratedData\homedirs\’) DO net share %%f$=E:\MigratedData\homedirs\%%f /GRANT:Everyone,FULL

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Jul 30

Migrating home directories to VNX

Installation and Configuration

The emc CelerraCIFSManagement snap-in for Microsoft Management Console can be used to set up VNX Home Directory.  It’s a nightmare to find unless you still have your CD’s that came with your Celerra/VNX but see my previous post on CAVA for a possible working link to it, assuming you already have a powerlink account with emc (free to set up).

emc Home Directory is a very neat piece of functionality whereby you change the users home directory path in AD to read \\cifsserver\home and upon hitting the home share on cifsserver the user will be automatically dropped into the subfolder containing their home directory files.  If a home directory folder doesn’t already exist, it can (and will by default) create one.

You don’t need to create a home share on the VNX upfront, and if you do, HomeDirectory won’t actually start.  You will need a filesystem though.  You start the homedirectory feature from the CelerraCIFSManagement snap in, but remember to do a custom install and untick UNIX Users and CAVA if you have no intention of using them, since Unix Users will attempt to change your AD schema (but will fail if you’re account is not a schema admins member).  You can always add the other features later by re-installing and HomeDirectory will not be affected.

Once the snap in is installed, you can enable Home Directory.  It’ll warn that theres currently no database and that one should be created.  Once this is created, all you need to do is create a rule for users * with a path to your filesystem\<d>\<u> whereby <d> is the domain name they’ve logged in on and <u> is their username.  This is what controls what folder they get dropped off at and/or the folder structure that needs to be created for them if there’s no pre-existing home directory for that user.

The default security is that the users home directory is fully secured so that only they can get to it.  This can be changed by setting domain admins full control on a top level folder for the domain, and making a registry change to the emc Home Directory settings in HKLM\Software\emc\homedirectory and setting 0 to 1 which turns on inheritance.

The full official doc can be read here  HomeDirectory , but that is the basic gist of it, and I found it worked first time, so it’s pretty straightforward to get installed and running and makes subsequent adminstration of home directories a cinch.

Migrating users Home Directories

You can view my previous post on using robocopy or emcopy to migrate data.  Note that since existing home directories are each individually shared in their own right, you may feel the desire to use sharedup to migrate the shares to the VNX – This is not required since each user maps the same share and the datamover paths them through to their own subfolder.  You may want to set up an adminstrative hidden share on the root of the filesystem though, so that you can get to ALL the home directories for the purpose of deleting old users, dealing with any support problems.

There is another issue which will affect your ability to migrate users home dirs (possibly) and that is that Windows 7 et al, tend to display a users home directory as “My Documents” occasionally.  This is due to the desktop.ini file misbehaving and can easily be fixed by simply deleting it without consequence.  Obviously desktop.ini would need to be deleted for all users, and this can be done using this example forfiles script.

 

forfiles /p x:\homedirs /s /m desktop.ini /c “cmd /c attrib -h -s @path”

forfiles /p x:\homedirs /s /m desktop.ini /c “cmd /c del @path”

Or alternatively, exclude desktop.ini from your robocopy or emcopy using /XF desktop.ini in the command line, e.g.

emcopy \\sourcesvr\homedirs\username \\destsvr\homedirs\username *.* /s /nosec /o /a /i /d /c /xf desktop.ini /th 32 /r:5 /w:3

robocopy \\sourcesvr\homedirs\username \\destsvr\homedirs\username *.* /e /fft /np /xf desktop.ini /r:5 /w:3

If a migrated user logs on and is directed to a non-existent home directory hosted on VNX using VNX HomeDirectory, then one will automatically be created and the permissions automatically secured so that only that user can access it*

*default behaviour assuming registry flag on cifs server is still set to 0 and the rule in cifsmanagement snapin home directory settings is set to autocreate

For all other users being directed by homedirectory to their migrated home directories, the security will be inherited from the root of the filesystem*

*assuming the root has everyone full control, or has specific perms set and the registry flag for home directory on the cifs server is set to 1 to inherit all the way to the users home directory

To subsequently secure migrated home directories, we need to list each home directory and then set the permissions for the user on each one*

*assuming the home directory has the same name as the user – probable scenario given the emc HomeDirectory rules use of the <u> variable to represent the users username when creating their homedirectory.

The following command has been used successfully to add a specific Access Control Entry to the permissions on the users home directory, allowing them Full Control.

for /f %f IN (‘dir /ad /b X:\homedirs\’) DO cacls X:\homedirs\%f /e /p %f:F

Note that to execute this command in a batch file, you need to replace %f with %%f

If your filesystem fills up and you want to move, say all users beginning with u6 to a separate filesystem, then the following command is a working example.  robocopy doesn’t allow you do only copy folders matching a wildcard pattern (although it does allow you to copy all folders, excluding certain patterns).

for /f “delims=” %f IN (‘dir u:\u6* /ad /b’) DO robocopy u:\%f j:\%f /MIR /R:1 /W:1 /B

Update: 28/2/2017  Real World Example: Two passes, two different approaches.  One does inital copy of just usernames beginning with u5, the second generates a list of missing users after the first pass and does a second pass targeting the missing users.

for /f “delims=” %%f IN (‘dir s:\root\u5* /ad /b/ o’) DO robocopy s:\root\%%f t:\root\%%f /COPYALL /R:1 /W:1 /ZB /NP /FFT /LOG+d:\mattb\u5mig.log (does first pass on all u5 users)

dir /ad /b /o s:\root\u5* | tr ‘[:upper:]’ ‘[:lower:]’ | tee t:\src.txt | wc –l      (counts 2113 and writes list of all u5 users to src.txt)

dir /ad/b /o t:\root\u5* | tr ‘[:upper:]’ ‘[:lower:]’ | tee t:\dest.txt | wc –l    (counts 2113 and writes list of all u5 users to dest.txt)

comm -23 t:\src.txt t:\dest.txt | tee t:\missing.txt | wc –l  (counts 0 differences and writes list of any missing u5 users to missing.txt)

for /f “delims=” %%f IN (cat t:\missing.txt) DO robocopy s:\root\%%f t:\root\%%f /COPYALL /R:1 /W:1 /ZB /NP /FFT /LOG+d:\mattb\u5mig.log (does 2nd pass on any missing users only)

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?