• oldguy

    oldguy

    @oldguy

    Viewing 11 replies - 421 through 431 (of 431 total)
    Author
    Replies
    • in reply to: Loss of one place to check activation status? #2386408

      Perhaps you can drop to an elevated CMD some how and use:

      slmgr /xpr

      more info by:

      slmgr /dli

      (Not going past 10..)

    • This is a sideways slant on the issue based on a Windows 98 issue, but as Microsoft have been rearranging their printing a lot in recent weeks.. might be worth a shot.. no matter what device/phone/gadget  you plug in..

      You don’t have a MFC (scan and print using SD card) printer do you? (the one I had was an Epson, but I doubt that matters.)

      The problem was the result of a file system on another unrelated device being attached which the “media insertion” detection part of the driver for the printer already installed couldn’t correctly resolve, and thus the printer driver was causing the message, as that became unresponsive when the problem device was connected.. (as it was expecting the “drive” to be a SD card (FAT32 I guess) in a card reader, not an ancient no brand MP3 player which for some reason was FAT formatted by its software and caused the problem when plugged in.)

      Perhaps unplug any other devices, reboot (so their drivers don’t start) and see if the problem goes away? The “10 times” could simply be the result of the number of times that the failing service supporting the driver is set to try restarting.

      1 user thanked author for this post.
    • in reply to: Undeletable folder #2386168

      Typical! just spotted a typo (missing CR) at a critical point which might confuse- the last command is :

      reg unload HKU\temp

       

    • in reply to: Undeletable folder #2386166

      perhaps a less messy solution would be to mount the default hive, remove the onedrive install from the run key (back it up first!), and then create a new user account, and log into that account (to cause Windows to create the account folder set, minus the Onedrive folders, as it never installs Onedrive for that user) before using an administrator account to transfer the items you need over to the newly created account, and disabling the old account (you can clean it up later, best retain it just in case). As to if you put the registry value back, let’s just say Windows survives without it, especially if you also use DISM to remove the office 365 components from the install. If you need to use anything removed, it seems best to get the latest version fresh from Microsoft rather than installing “over the top” of the out of box version.

      The basic sequence (elevated CMD prompt) is below – the last command is IMPORTANT. Skip it and you can break the default profile and may thus need to reinstall. Don’t try to script this change. I have attached picture of location, hopefully.

      ## do this manually ##

      reg load HKU\temp c:\Users\Default\NTUSER.DAT
      Expected reply: operation completed successfully.

      ## do this manually ##

      regedit

      ## do this manually ## reg unload HKU\temp
      Expected reply: operation completed successfully.

    • in reply to: Bitlocker activated during update last night #2386037

      Hmm last post didn’t get through.. this is just for info; I missed that the problem was solved and things had moved on. Apologies..

      In the OEM situation a BIOS technology (HSTI) is used to check the security of the boot environment and relay that information to Windows. If the SMM option is enabled in the BIOS, then Windows applies a suitable security policy propagated from that information pool (or if the OS doesn’t support the policy as it’s a “home” version, fails in the attempt). The policy is detected by Windows setup and the actions (such as enabling bitlocker) are put into effect following the Windows “out of box” stage of setup using credentials from the SMM process, rather then the user.

      If you deselect SMM and reinstall Windows then you have to set BIOS password, remove boot options (including network) and make various other changes or the malicious user could simply power off the machine at the login prompt (leaving the hard disk in a state where Windows file tampering is plausible as various files were in use and thus are in the decrypted state) and access the drive from a boot device using an OS not operating bitlocker in order to effect malicious activity with various tools…

      Reinstalling Windows is the only way I know of to remove the policy – we were deploying W10 1903 LTSC and found a non encrypted GPT disk image placed on the drive still encrypts automatically if you don’t change the setting, and the Windows policies concerned cite insufficient privileges if you try to change them. The recovery image (usually on the last partition) is needless to say not encrypted – you can just format the Windows drive and extract the image to the clean partition from a recovery disk if Dell recovery is broken.

      HSTI:

      https://docs.microsoft.com/en-us/windows-hardware/test/hlk/testref/hardware-security-testability-specification

      SMM on Dell business systems:

      https://www.dell.com/support/kbdoc/en-uk/000125922/dell-recommended-policies-for-dell-encryption-enterprise-bitlocker-manager-dell-data-protection-bitlocker-manager

      So not a mystery (I believe it’s been a thing since Windows 8 in some form. If you can find the old WHQL draft specs for that OS you might even find it in there?) but it is something to be aware of..

       

       

    • in reply to: Bitlocker activated during update last night #2385139

      Just had a thought. On some newer Dell, the BIOS image is saved in a folder on the UEFI boot partition and isn’t cleaned up until the OS boots to desktop. Note by posting this I’m NOT diagnosing it as a BIOS issue but as I understand just how deep the hole you are in is, so any way you can potentially claw your way out, however unlikely, might help..

      Should you be extremely lucky, the “recovery” method which might allow you to go back to a BIOS which interacts correctly should you determine an update was the cause. On the one I tried the method was is to press F6 at boot which produced a very basic interface to select the roll back BIOS which I seem to recall was in .\efi\dell or .\boot\dell (basically it was in a Dell folder there somewhere on the first partition!). I tried it in a similar situation, but never used the recovery as the procedure basically proved it wasn’t a BIOS update as the file was very old; it was a flaky SSD which I had to hammer to get a diagnostic code for repair. Again, time to go to dell support with your service tag and get the manual, it might help as the key might not be F6:

      https://www.dell.com/support/kbdoc/en-uk/000132453/how-to-recover-the-bios-on-a-dell-computer-or-tablet

      Here’s the MS Stuff on it. Wonders what could happen for those who turn on their TPM so they can have Windows 11. Anyone found their drive unexpectedly bitlockered when setup finishes? (the sign in is done by TPM; you don’t get a prompt unless that process (or Windows) fails)

      https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker

       

      1 user thanked author for this post.
    • in reply to: Bitlocker activated during update last night #2385014

      https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker

      under “Applying firmware updates to devices” says

      “Suspend BitLocker (required for devices bound to PCR[07] only if the firmware update changes the Secure Boot policy)”

      Would be interesting to see is WU is releasing a BIOS update (which definitely happens – seen it) to fix any of CVE-2021-21551,CVE-2021-21571,CVE-2021-21572, CVE-2021-21573, and CVE-2021-21574..and they haven’t remembered that it needs suspending.

      Strange thing is when it does I have seen the given release isn’t always the latest so I guess the other possibility is Dell’s update process hooked the latest update, and Windows update decided not to suspend bitlocker as it queued an older version not changing the policy in the windows update queue..

      Unfortunately this hole is deep – there’s no way to access the drive to resolve whatever is placing it in recovery mode BUT I would guess the relevant BIOS setting might have toggled so if you have never been in the BIOS settings maybe use F2 to access the bios settings, locate and use the load optimised defaults option, then save and exit.. it might get you in.. as if the setting is not set you always get the bitlocker prompt which you need if you need to be using a boot time PIN on a machine with the setting. Could also be informative to see what version the BIOS is while you’re in there as the problem could also be brought on by a flaky Windows drive.

       

    • in reply to: Installing new Hard Drive #2384936

      To use the new drive, simply remove the option for Setup to do anything else.. but make sure you can get to your files afterwards..

      Sense would dictate a full backup before starting but that’s going to be problematic looking at the drive sizes. Best case is to copy anything critical from the windows drive to another 1Tb drive to be sure you have it somewhere should the worst happen. Why will become clear..

      One thing to do before starting is to type “bitlocker” in the search box of the original installation and open its control panel applet. If this is ON you need to write down AND back up the recovery key here to a file on the recovery media. This can be an unexpected event, caused by BIOS settings, so the same setting may be applied to the new installation after setup completes- The new installation will have a different recovery key to record likewise so remember that as without the recovery key you can’t fix things later.

      Shutting down using “shutdown -s -t 30” in an elevated CMD prompt should shut the system down giving plenty of time for things to sort themselves (or for you to cancel with a “shutdown -a” should you realise you forgot to save something..). Yes it can take (a fair bit) longer to start next time if you do this; be patient..

      Suggest getting ready with the disk or USB stick to install Windows, downloaded from Microsoft. For best security would suggest downloading and using the script for a GPT file layout BUT if the system doesn’t boot resolving that can be problematic for a novice so let’s not go there.

      Before installing anything, unplug the two 1Tb original drives having reviewed BIOS settings to checked for a lack of RAID on those drives (if they are a RAID stop and consult someone!<span style=”text-decoration: underline;”>),</span> and (after powering down!) remove the m2 drive from its motherboard slot at the same time, making sure making sure you retain the screw or clip which held it in. You have now placed the content of those drives out of harm’s way. Store the M2 drive in the bag your new drive came in as its static sensitive as it generally hasn’t a full metal jacket to protect it as a SSD has. Note in the systems I have seen if you didn’t fit this drive as it was the one your machine came with, it contains your Windows installation and “recovery software” making it handy to keep as a diagnostic tool.

      Install the new SSD drive (preferably at a port which was unused), insert the installation media and verify the BIOS boot selection key works as you would expect, and you can boot the recovery media, or attempt to boot the new drive (mainly you might need to be sure that works in the future; some BIOS programs can be cranky about what they will boot, or will boot USB every time in default settings with the result the boot menu isn’t produced (which can result in unexpected Windows repair activity which finds no problem as it never tried to boot the SSD).

      Install Windows on the new drive as you feel confident to, and when you have a desktop shut the machine down and remove the installation media. Visit the BIOS settings and set the (only) new drive as the default boot drive, save, exit and shut down, and then check that setting remains after connecting the other 1Tb drives. Windows should sort the rest though you will need to take ownership of files on the drives connected.

      Consider, is it really worth reinstalling that M2 drive? It’s fast but might be forced as boot device. I have seen that on some Dell machines in default configuration (SMM on, which is also the one which forces bitlocker on but also lets a lot of the smart login tech function). That would mean you need to use the BIOS boot menu to boot the new drive, and that leaves you in the hairy situation of directing the boot from that drive to the right drive with BCDEDIT and potentially undoing that should the M2 drive fail. Hope you don’t go there.. please don’t even try if the machine insists on booting that drive even with the BIOS set in opposition.

      If it all goes south you should at least be able to put everything back as it was if you haven’t changed the contents of the original drives, in order to get help if nothing else (so remember to write down any BIOS setting changed and what the original setting was, and to label connectors so you can put them back exactly.)  Note in the unlikely event this is a laptop that M2 and various other connectors can look much the same and even “fit” but won’t work (or could break something badly). Note the slot the M2 was in if you have a couple of slots.. nothing needs much force here so be gentle – the main board manual probably defines the “lift and slide” needed to get the M2 drive in and out, so maybe consult it first if not familiar with the process. Sometimes the “lift” is tiny (just clears a small lip surrounding the hole in the pillar the securing screw goes in to.. sometimes the M2 needs to go in and out at near 45 degrees from the installed position, and folding it down to reach the fixing closes the contacts firmly on M2, method depends totally on the connector manufacturer.

      Best of luck. Hopefully you’ll find nothing goes that badly wrong and the above is more verbose then the process is problematic, here’s hoping..

       

    • A relatively expensive but definitely effective solution you have there.. I haven’t got one because my machine contains a shed load of rubbish and relevant reinstallation info which is backed up several times elsewhere anyway..

      Perhaps you should look again as this can affect you if your system is OEM in build or motherboard source.

      What isn’t too well known is the BIOS settings can cause Windows to effectively activate bitlocker with a key generated from the hardware post install, so from the get go the data can not be exfiltrated by boot media or relocating the drive to another machine. That is to say, if you play with BIOS settings to get Windows 11 you can inadvertently activate the bitlocker feature.

      If you are sector imaging to back up it seems unlikely you would even know the drive was encrypted as the hardware is unchanged and seems likely your drives are the same make / model.. bet you don’t even need to reactivate.. it just works..

      Here’s the MS blurb on the tech I was referring to:

      https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker

      No reason to believe with the “extra security” Windows 11 that they won’t be pushing every capable system to bitlocker

      When I was last working the Dell laptops and desktops all came in set to automatically bitlocker which meant we had to change the settings (SMM as I recall) before loading the right product (customer has a site license, enterprise product.) and manually encrypting with manage-BDE as the customer policy was start up PIN to be enforced – the policy change is not possible with the SMM setting enabled and changing the BIOS setting does not stop Windows clinging to that security policy like a limpet…

      Lets hope MS don’t hit the update problem detailed at the URL below again as it would make for a pretty wide zero day if they push that policy.. as  who would bother recording the key if they didn’t know what it was for? probably just IT guys.. the number of retail users we had who lost / discarded the printed recovery key we supplied in the document pack was high..

      https://www.bleepingcomputer.com/news/microsoft/windows-10-secure-boot-update-triggers-bitlocker-key-recovery/

      Yawwnnn.. drifted somewhat off subject haven’t we?

    • The problem with a whole disk image is you can unwittingly import a problem with the Windows installation (caused by a media defect affecting a compressed file silently, for example) which could render the installation unserviceable at a later date (basically part of the Microsoft “Compact OS” technology is used in Windows 10 {as WinSxS, the “component store” and more generally} to reduce the impact of “wardrobe files” needed to provide historical and newly required system files and files which are seldom used, the presence of those files in uncompressed form would otherwise hinder installation to machines with smaller system drives. A bit akin to the way you can mount a WIM archive with DISM to copy files in and out and unmount (with or without committing changes)

      Of course if you want quick fix a disk clone is fine, but going for the reinstall is just as easy if you have the media, know how to lay out a GPT partition structure, have drivers, servicing stack update, the “full package” cumulative update (and grabbed the update which enforces 64 bit signing on the Windows defender updates should you be installing an older version so you can use the Microsoft wdsi definitions to protect while Windows sorts its self out..)- so let’s face it if it’s important enough to back up the data before you start work, it’s  probably worth leaving any potential unpleasantness on the old drive! If you don’t take that precaution, you might not enjoy the consequences at some point. I played the game a lot and needed to be sure the software was good.

      Also, obvious you haven’t been in the situation with bitlocker active (or Intel PPM and TPM enabled in BIOS which triggers disk encryption with BIOS supplied credentials) which can make a sector backup meaningless as a hardware change (ie a different drive) alters the hash for the encryption in some configurations, and only those that know would back up the bitlocker recovery keys for source and destination installations in advance (so getting back in to an installation can become a no go if something breaks a file system). Windows 11 is going to be fun for the uninitiated, as will be using manage-bde to mount the encrypted drives so you can transfer files… thankfully I didn’t need to go there.

      the erstwhile defender update to take the current signatures off line is this one I believe, should hyperlinks work here..

      https://support.microsoft.com/en-us/topic/microsoft-defender-update-for-windows-operating-system-installation-images-1c89630b-61ff-00a1-04e2-2d1f3865450d

    • In migrating from an “old hard disk” to SSD I find it strange to see little here by way of DISM. It’s command prompt and the switches are fussy but you can do a lot with it and you already have the functionality below unless you’re booting the recovery disk of an unsupported OS.. (was that a hint for those who are?)

      You could use a Windows recovery media at or beyond 1709 (which let’s face it is old hat..), sysprep the installation (a prerequisite – the process generates a “registry error” message if you don’t!!),  (which might fail but at least with volume products the attempt can often count!) and capture the drive as a FFU to an external hard disk, then install the replacement drive and reverse the process. The prerequisite here is of course the replacement drive needs to be larger.. so suggest this is discounted for all bar the brave and those who have already made a full system backup elsewhere..

      Would therefore have to go with the “fresh install” grouping myself, but throw in the use (when installing the same OS) of PNPUTIL /export-driver – which can be easily coaxed in exporting most of what you might not find easily on reinstalling to a folder on external media, and use the folder set saved with the /subdirs /install /reboot switches to set most of it straight one you have the OS installed on the new drive. Extra time available to those who do this a lot by mounting and capturing the install ISO to a WIM so you can run Windows setup off the SSD and use an unattend.txt file.. it’s a lot faster, but don’t be tempted to split the install.WIM / install.ESD of the media to shrink the source files- it installs but you can have servicing issues and use of unattend.txt will fail.

      Then if going that far would also suggest localising the family of Office 365 ODT if you use that – the product will sort itself out by way of updates, minor versions, and activation once joined to your account so it’s worth squirreling major builds if you do enough.

      User data wise, dism /capture-image with the right switches saves your data from a restore CD – capture the c:\users folder (assuming the system is UEFI with a GPT file layout obvs..) to a file on external media BUT in restoring it note the original drive is unchanged and removed from the machine, so you can work with it should things go off the rails, and IMPORTANTLY the special attributes are replicated so restore this archive to a folder INSIDE a folder on the root of the new drive or you get two “users” folders in GUI which is a bit problematic. Obviously restoring to the new install users folder will break everything as the user GUID on the folders / user registries wont  match those in the Windows installation- so those wanting to get past a forgotten password will find no joy there.

      Clearing the temp folders can make life a lot easier if space is tight – but as you haven’t taken ownership or such, you can still boot the old drive (suggest offline where possible) to sort out the problem. Of course if space permits there is no reason you can’t caddy the old drive on USB and save the image straight to the windows drive of the new install as SSD to SSD image expansion is really fast- remember to trim the replacement SSD drive when you’ve done the data restore!

      The hot tip for this method is that if half way through the restore CD CMD prompt backup the drive shows a hidden failure by failing on a specific file or folder, you can at least move that item from its USERS folder location to the root of the drive for example (which is just a MFT operation so the bad patch remains with the file. only complication can be you might have to use attrib to clear attributes so move an operate on it. Never had to use ICACLS.) – so you can try again immediately in the attempt to get the rest of your data backed up before the drive fails! The SMART checks following a read fail I have found can disrupt the handling of the BIOS boot source select key you probably used to select the recovery media as the drive takes that bit longer to be available.

      Of course you still need to take ownership of the files and folder (start with the root folder holding the folder containing the restored information) and then you can just use an administrator account to cut and paste files to their destinations. Due to the attributes you may have to remove the folder from an elevated CMD prompt when done..

      Hopefully those in the know can guide themselves as to what I’m saying and those who can’t will have sense to leave it alone or read the copious Microsoft content on the tools involved.. 30 years “in the trade” (small OEM systems and repairs- started one day course up from TV repair man.) and this is my first blog post ever. Quite emotional really.. (The statement on the world is IT is the fourth major field of occupation I’ve worked in. Never in the same one twice, and not in the electronics I originally qualified in!)

       

    Viewing 11 replies - 421 through 431 (of 431 total)