• Tasks for the weekend – August 7, 2021 – plan on taking ownership

    Home » Forums » Newsletter and Homepage topics » Tasks for the weekend – August 7, 2021 – plan on taking ownership

    Author
    Topic
    #2382402

    (Youtube here) This post isn’t about a task I want you to do NOW, rather it’s a task you may need to do. Today I was fixing up an HP envy laptop and s
    [See the full post at: Tasks for the weekend – August 7, 2021 – plan on taking ownership]

    Susan Bradley Patch Lady/Prudent patcher

    2 users thanked author for this post.
    Viewing 7 reply threads
    Author
    Replies
    • #2382403

      Wouldn’t creating a full image of the HDD and restoring to the SSD be faster with no manual intervention ?

      • #2382410

        If you are in a position where you trust in the integrity of the operating system, yes. This was the laptop I was fighting the other day that had “Fast Browser” installed which was causing issues trying to get Chrome installed.  I found evidence of “disabledefender” installed on it and thus pulled the hard drive and replaced it with a SSD. The HP reactivated, I did have to install optional drivers to get rid of the “!” in the device manager section.  I scanned the external hard drive before I put the documents/downloads/pictures back.  I had even tried repair install over the top, no go. Bottom line it was replace the hard drive and clean install time.

        Susan Bradley Patch Lady/Prudent patcher

        2 users thanked author for this post.
        • #2382439

          If you are in a position where you trust in the integrity of the operating system, yes. … I had even tried repair install over the top, no go. Bottom line it was replace the hard drive and clean install time.

          … ANY issue is recoverable if you have a backup.

          I have many backups.  I would have replaced the drive with the SSD and restored a known-good full-drive image.

          Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
          We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

          • #2382509

            You do, she didn’t.  🙂  I could tell this was installed about a year ago, so even if I had a backup chances would have good that it would have been out of date.

            Susan Bradley Patch Lady/Prudent patcher

    • #2382427

      I use reg entries for that as well as send-to, copy-to, and move-to.

      But it seems every time we get the monthly MS Windows Malicious Software Removal Tool in updates, it wipes them away.

      Should I have been hiding that KB all this time, I always thought it was a security feature vs just MS deciding they only wanted their approved software running the way they wanted it.

       

    • #2382479

      Although this is about hard drives, Shawn Brink’s Take Control Reg dnload link you provided FIXED my inability to Save to Desktop. That same approach was suggested in an MS Answers Forum Reply but I was reluctant to try it – Until I saw YOU offer the same link.

      Since my Feb of ’19 new W10 desktop (from W7) THIS was the first real issue I’ve had – and it’s nice to have no issues again. I Appreciate the help!

      W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / Macrium Pd v8 / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

    • #2382532

      An additional way to add Take Ownership to the Right Click Context Menu is to use the free Winaero Tweaker utility / tool. Only need to add a checkmark to the box in the Take Ownership section which is found in the Context Menu section (alphabetically listed down near the bottom). I think the Winaero Tweaker tool is very good and quite handy. Also, as of July 30, 2021 – a new version 1.30 is available. From Sergey Tkachenko:

      “I am happy to release Winaero Tweaker for all interested users. It is version 1.30, and it comes with a number of new features for both Windows 11 and other supported Windows versions. I support Windows 11, Windows 10, Windows 8.1, Windows 8 and Windows 7. However, Windows 7 users must install .NET 4.5 to continue using the app. Well, I guess you already know this. Here’s what’s new.”

      Winaero Tweaker 1.30 is here

      A smile is an inexpensive way to change your looks.
    • #2383066

      In migrating from an “old hard disk” to SSD I find it strange to see little here by way of DISM. It’s command prompt and the switches are fussy but you can do a lot with it and you already have the functionality below unless you’re booting the recovery disk of an unsupported OS.. (was that a hint for those who are?)

      You could use a Windows recovery media at or beyond 1709 (which let’s face it is old hat..), sysprep the installation (a prerequisite – the process generates a “registry error” message if you don’t!!),  (which might fail but at least with volume products the attempt can often count!) and capture the drive as a FFU to an external hard disk, then install the replacement drive and reverse the process. The prerequisite here is of course the replacement drive needs to be larger.. so suggest this is discounted for all bar the brave and those who have already made a full system backup elsewhere..

      Would therefore have to go with the “fresh install” grouping myself, but throw in the use (when installing the same OS) of PNPUTIL /export-driver – which can be easily coaxed in exporting most of what you might not find easily on reinstalling to a folder on external media, and use the folder set saved with the /subdirs /install /reboot switches to set most of it straight one you have the OS installed on the new drive. Extra time available to those who do this a lot by mounting and capturing the install ISO to a WIM so you can run Windows setup off the SSD and use an unattend.txt file.. it’s a lot faster, but don’t be tempted to split the install.WIM / install.ESD of the media to shrink the source files- it installs but you can have servicing issues and use of unattend.txt will fail.

      Then if going that far would also suggest localising the family of Office 365 ODT if you use that – the product will sort itself out by way of updates, minor versions, and activation once joined to your account so it’s worth squirreling major builds if you do enough.

      User data wise, dism /capture-image with the right switches saves your data from a restore CD – capture the c:\users folder (assuming the system is UEFI with a GPT file layout obvs..) to a file on external media BUT in restoring it note the original drive is unchanged and removed from the machine, so you can work with it should things go off the rails, and IMPORTANTLY the special attributes are replicated so restore this archive to a folder INSIDE a folder on the root of the new drive or you get two “users” folders in GUI which is a bit problematic. Obviously restoring to the new install users folder will break everything as the user GUID on the folders / user registries wont  match those in the Windows installation- so those wanting to get past a forgotten password will find no joy there.

      Clearing the temp folders can make life a lot easier if space is tight – but as you haven’t taken ownership or such, you can still boot the old drive (suggest offline where possible) to sort out the problem. Of course if space permits there is no reason you can’t caddy the old drive on USB and save the image straight to the windows drive of the new install as SSD to SSD image expansion is really fast- remember to trim the replacement SSD drive when you’ve done the data restore!

      The hot tip for this method is that if half way through the restore CD CMD prompt backup the drive shows a hidden failure by failing on a specific file or folder, you can at least move that item from its USERS folder location to the root of the drive for example (which is just a MFT operation so the bad patch remains with the file. only complication can be you might have to use attrib to clear attributes so move an operate on it. Never had to use ICACLS.) – so you can try again immediately in the attempt to get the rest of your data backed up before the drive fails! The SMART checks following a read fail I have found can disrupt the handling of the BIOS boot source select key you probably used to select the recovery media as the drive takes that bit longer to be available.

      Of course you still need to take ownership of the files and folder (start with the root folder holding the folder containing the restored information) and then you can just use an administrator account to cut and paste files to their destinations. Due to the attributes you may have to remove the folder from an elevated CMD prompt when done..

      Hopefully those in the know can guide themselves as to what I’m saying and those who can’t will have sense to leave it alone or read the copious Microsoft content on the tools involved.. 30 years “in the trade” (small OEM systems and repairs- started one day course up from TV repair man.) and this is my first blog post ever. Quite emotional really.. (The statement on the world is IT is the fourth major field of occupation I’ve worked in. Never in the same one twice, and not in the electronics I originally qualified in!)

       

      • #2383083

        Of course you still need to take ownership of the files and folder (start with the root folder holding the folder containing the restored information) and then you can just use an administrator account to cut and paste files to their destinations. Due to the attributes you may have to remove the folder from an elevated CMD prompt when done.

        Every drive I have ever replaced/upgraded, including failed drives, upgrading from HDD to SSD, has been accomplished via drive imaging.  The “new” drive can be smaller, as long as it has enough room for the total amount of 1’s and 0’s on the original drive.

        It does not involve taking ownership, cutting and pasting, or any other tedium.  Just restore a full drive image to a new drive using the imaging software’s options to align to target, and it’s one and done.

        Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
        We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

    • #2383113

      The problem with a whole disk image is you can unwittingly import a problem with the Windows installation (caused by a media defect affecting a compressed file silently, for example) which could render the installation unserviceable at a later date (basically part of the Microsoft “Compact OS” technology is used in Windows 10 {as WinSxS, the “component store” and more generally} to reduce the impact of “wardrobe files” needed to provide historical and newly required system files and files which are seldom used, the presence of those files in uncompressed form would otherwise hinder installation to machines with smaller system drives. A bit akin to the way you can mount a WIM archive with DISM to copy files in and out and unmount (with or without committing changes)

      Of course if you want quick fix a disk clone is fine, but going for the reinstall is just as easy if you have the media, know how to lay out a GPT partition structure, have drivers, servicing stack update, the “full package” cumulative update (and grabbed the update which enforces 64 bit signing on the Windows defender updates should you be installing an older version so you can use the Microsoft wdsi definitions to protect while Windows sorts its self out..)- so let’s face it if it’s important enough to back up the data before you start work, it’s  probably worth leaving any potential unpleasantness on the old drive! If you don’t take that precaution, you might not enjoy the consequences at some point. I played the game a lot and needed to be sure the software was good.

      Also, obvious you haven’t been in the situation with bitlocker active (or Intel PPM and TPM enabled in BIOS which triggers disk encryption with BIOS supplied credentials) which can make a sector backup meaningless as a hardware change (ie a different drive) alters the hash for the encryption in some configurations, and only those that know would back up the bitlocker recovery keys for source and destination installations in advance (so getting back in to an installation can become a no go if something breaks a file system). Windows 11 is going to be fun for the uninitiated, as will be using manage-bde to mount the encrypted drives so you can transfer files… thankfully I didn’t need to go there.

      the erstwhile defender update to take the current signatures off line is this one I believe, should hyperlinks work here..

      https://support.microsoft.com/en-us/topic/microsoft-defender-update-for-windows-operating-system-installation-images-1c89630b-61ff-00a1-04e2-2d1f3865450d

      • #2383127

        The problem with a whole disk image is you can unwittingly import a problem …

        I routinely test my drive images by restoring them.  Which is to say, I am always running on a restored drive image, except immediately after an upgrade (such as is coming in October).  A week or two into that one, I will again test my drive images by restoring my latest, and once again I will be running on a restored drive image.

        Needless to say, after more than two decades of this practice, I am quite satisfied that my drive images are good, reliable, and without issue of any kind.  As for whole disk images, I have done that many, many times, every time I have replaced a failed drive and every time I have upgraded an older drive.  I’m now running on six SSD’s, all of which began their service life running whole drive images, and are now running on restored logical drive images.  I am very many image/restore cycles removed from any original installation/upgrade.

        Also, obvious you haven’t been in the situation with bitlocker active …

        I have never, and likely will never run bitlocker.  I have neither need nor desire to encrypt my drives.

        We all have our own reasons for doing the things that we do.  What I do works flawlessly for me.  YMMV

        Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
        We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

    • #2383235

      A relatively expensive but definitely effective solution you have there.. I haven’t got one because my machine contains a shed load of rubbish and relevant reinstallation info which is backed up several times elsewhere anyway..

      Perhaps you should look again as this can affect you if your system is OEM in build or motherboard source.

      What isn’t too well known is the BIOS settings can cause Windows to effectively activate bitlocker with a key generated from the hardware post install, so from the get go the data can not be exfiltrated by boot media or relocating the drive to another machine. That is to say, if you play with BIOS settings to get Windows 11 you can inadvertently activate the bitlocker feature.

      If you are sector imaging to back up it seems unlikely you would even know the drive was encrypted as the hardware is unchanged and seems likely your drives are the same make / model.. bet you don’t even need to reactivate.. it just works..

      Here’s the MS blurb on the tech I was referring to:

      https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker

      No reason to believe with the “extra security” Windows 11 that they won’t be pushing every capable system to bitlocker

      When I was last working the Dell laptops and desktops all came in set to automatically bitlocker which meant we had to change the settings (SMM as I recall) before loading the right product (customer has a site license, enterprise product.) and manually encrypting with manage-BDE as the customer policy was start up PIN to be enforced – the policy change is not possible with the SMM setting enabled and changing the BIOS setting does not stop Windows clinging to that security policy like a limpet…

      Lets hope MS don’t hit the update problem detailed at the URL below again as it would make for a pretty wide zero day if they push that policy.. as  who would bother recording the key if they didn’t know what it was for? probably just IT guys.. the number of retail users we had who lost / discarded the printed recovery key we supplied in the document pack was high..

      https://www.bleepingcomputer.com/news/microsoft/windows-10-secure-boot-update-triggers-bitlocker-key-recovery/

      Yawwnnn.. drifted somewhat off subject haven’t we?

      • #2383278

        … drifted somewhat off subject haven’t we?

        Actually, we haven’t.  The subject is

        … plan on taking ownership

        and my methods don’t require taking ownership.

        A relatively expensive but definitely effective solution you have there.. I haven’t got one because my machine contains a shed load of rubbish and relevant reinstallation info which is backed up several times elsewhere anyway.

        Actually not very expensive.  And I don’t know the measure of a “shed load”, but I have 1.9TB on my daily driver, imaged several times elsewhere (including offline) as well as multiple copies elsewhere (including offline).

        Perhaps you should look again as this can affect you if your system is OEM in build or motherboard source.

        My systems are DIY.  My motherboard is fourth generation Intel DH87RL—doesn’t fit the hardware requirements for Windows 11.

        That is to say, if you play with BIOS settings to get Windows 11 you can inadvertently activate the bitlocker feature.

        I will be playing with Windows 11 to get Windows 11, no need to go into BIOS, and I won’t inadvertently activate bitlocker.

        No reason to believe with the “extra security” Windows 11 that they won’t be pushing every capable system to bitlocker

        Since mine is not a “capable system”, it won’t be pushed into bitlocker.  It has a TPM header, disabled, no module installed.  And with my motherboard/BIOS, disabled means that it is inaccessible by the OS.  No worries about bitlocker.

        Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
        We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

    • #2383544

      I like the suggestion of adding “take ownership” to the right-click menu! Now if I can just figure out how to do that…

      Group "L" (Linux Mint)
      with Windows 10 running on a separate hard drive
    Viewing 7 reply threads
    Reply To: Tasks for the weekend – August 7, 2021 – plan on taking ownership

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: