Wednesday, December 15, 2010

Optiplex 980 has new SATA driver

I just unboxed my new 980.  New box, new drivers.  Had to update the driver files in BartPE.  The controller is Intel(R) 5 Series/3400 Series SATA AHCI Controller.  Also new network card. The file is called Intel_Rapid-Storage-Technolo_A04_R264761.exe but it BSODs on GX520s.  Try instead.

Thursday, November 18, 2010

Won't sysprep if Windows updates are pending

Did you know that Windows 7 won't Sysprep if Window's updates are pending?  Need to reboot first.

Wednesday, November 17, 2010

Sysprep command line switches

When using sysprep in Windows 7 with an unattend file, be careful with using /oobe or /audit.  If you have an audit section in unattend.xml and call the following it won't process anything in audit.

sysprep.exe /generalize /quiet /oobe /unattend:c:\windows\system32\sysprep\unattend.xml /reboot

Use this instead

sysprep.exe /generalize /quiet /audit /unattend:c:\windows\system32\sysprep\unattendETS.xml

Tuesday, November 9, 2010

Firefox plugin check

Now this is a useful utility.  In most cases, sends you right to the link.  Too bad there isn't one for IE.

Friday, August 27, 2010

Ghost compression

There are really only two types of compression for ghost32, fast and high. Fast is -z1 and high is -z2. Apparently fast is ok and and high can cause decompression errors in the load.  I've managed to get away with z2 for many years, but now z4 is problematic.  Will go back to z1.

Thursday, August 26, 2010

ATI Radeon 3600 cards are crappy

Apparently there is a fan problem with these cards which causes them to overheat and shutdown.  Well, the machine doesn't shut down, but there is no video, network connectivity is lost and the machine is inaccessible.  It's happened to at least six machines in the last couple of years.

Thursday, August 19, 2010

Autodesk 2010 licensing

The Autodesk 2010 suite has got to be one of the most annoying programs to install.  This is the second time I've tried installing this version and I get different problems every time.  The following information was hard to find so I'm recording it here for posterity.

The location of the license file is in the following registry key. There may be keys for other applications as well.

"ADSKFLEX_LICENSE_FILE"="C:\\Program Files\\AutoCAD Map 3D 2010"

Look for the licpath.lic file in the path – it should contain the name of the license server.

Friday, July 30, 2010

MacAfee is annoying

After malware appeared for the second time this week on my desktop (I probably did a faulty cleaning job the first time) I decided to upgrade my desktop to Windows 7. I loaded on a version of the generic image. Everything migrated over in under 3 hours.
However, IE 8 is very slow to load pages. It takes over a minute to load any page. Firefox loads pages normally. I discovered that something in McAfee is causing this, but I am unable to pinpoint what it is. So I’ve disabled it for now. I did install Microsoft Security Essentials so I am not completely unprotected.

The other thing is that I’ve installed other addons and applications. One of those could be suspect.

Thursday, July 29, 2010


McAfee found a couple of files in my profile\local settings\application data\temp folder that were infected.  It was at 8:15am, before I got into work.  I manually looked for other signs of the virus but did not find any.  I think a reload is in order...

Monday, July 26, 2010

FakeAlert-KW! - Annoying malware

I visited a website that I had been to few times in the past week.  Well this one time I clicked on a link and it installed "Security Tool" on my PC.  Here is info on what I found and how I removed it.

Here's an excerpt:
By Stephen on Dec 10, 2009
A friends computer had this in it and McAfee AntiVirus, but McAfee did not see it as a virus or malicious in any way. In a normal startup it would not allow a McAfee virus scan, nor would it allow task manager to be opened, or even the registry editor.
In order to remove it from the computer:

1) Boot windows into Safe Mode (Tap F8 repeatedly before windows boots to get a list of options, use arow keys to select Safe Mode and press enter).

2) After getting into safe mode find a shortcut to the program, right click and go to properties, in the properties window click on “Open File Location”, take a note of the name of the program for later.

3) Go “up” one level so you are looking at the folder the program is in, right click on the folder and click delete.

4) Search your computer for the name of the program without the .exe (usually a random set of numbers, in my case 26440218).

5) Delete anything matching that string of numbers exactly
6) Open the registry editor by going to run (Start>Run in XP, Start>All Programs>Acessories>Run in Vista) and type regedit.

7) Click Edit>Find and search the registry for the name of the program without the .exe (the string of random numbers), ONLY delete entries specifically matching the name of the program, once an entry is deleted there is no undo.

Search many many times and delete the specific matches to your search until you get the message “Finished searching through the registry.”

9) Close the Registry Editor and restart your computer and let it boot normally and make sure that the program is no longer there. If it is still there follow these steps again until it goes away.

If that still doesn’t work then download one of the removal programs.

This malware changes it installation folder often.  Persistence is the key, the instructions are not up to date.

Here's McAfee's take on it.

McAfee Virusscan Enterprise 8.7i detects but DOES NOT remove it.  Apparently a quick and fast way to do this is to delete the infected user profile.  Also must remove the Windows hosts file.  In XP, is located in c:\windows\system32\drivers\etc\hosts.  The malware changes the location of google and other websites to its own sites.

Apparently, Microsoft Security Essentials detects and removes it.  Will find out shortly.

Monday, June 28, 2010

Internet Explorer cannot find the Active Desktop HTML file

So the problem with IE is the error “Internet Explorer cannot find the Active Desktop HTML file” shows up and the background is messed up. The solution is either to delete the user profile, or create Documents and Settings\%User%\application data\Microsoft\Internet Explorer where user is the affected user.

Apparently, this can also be caused by a profile deletion script that runs after reboot at 6am.  Not sure why this would be the case.

Monday, June 21, 2010

When does runonce not run?

When the user you're logged in as is not an administrator on the computer.  Post-sysprep2.bat did not run because the user was logged into the domain, but was not a local admin.  Easy to fix, just change the logon back to local.

Thursday, June 3, 2010

BartPE - stop 0x07b error

Well I'm trying to make BartPE faster by removing the ramdisk portion.  One of my colleagues uses Grub4dos.  My compile out of the box does not work.  A modification of the fixes it nicely.

An excerpt:

I am having the same problem. Replacing the modified does not solve the problem for me
I got it to work after I change the sata mode in bios from AHCI to compatibility. Any idea why

Honestly it puzzles me a lot. This error basically means, that your boot device is no longer accessible. Since during Text mode the boot device is your USB disk/stick, what drivers you have for your disk controller should NOT matter, it simply wouldn't find your hard disk.

The modified resolves problems with some buggy BIOSes, when USB bus is reset and USB peripherals re-enumerated. Many Dells have this problem. And it makes sense to get BSOD 7B in that case.
We use Dell, almost exclusively....

Wednesday, May 19, 2010

BartPE "windows out of virtual memory" error while using Ghost 11.5

I noticed that when I tried running Ghost 11.5 from BartPE that I get a "windows out of virtual memory" error.  I don't think its a problem, here's why.

Friday, April 23, 2010


Think this could be my problem.  Can't use a 32 bit unattend on a 64 bit installation

*bang head* *on wall*

Problems with Sysprep in Windows 7 64 bit

Trying to sysprep the 64 bit version with the working 32 bit version.

Well, it is able to enable Administrator.  But it thinks the username or password is incorrect, even though I can  type it manually.  Here are my observations:

It will then hang with the wallpaper on.  But one can CTRL-ALT-DEL, switch user, login as another admin, delete the remaining sysprep files (otherwise on reboot it will have the Windows failed to install and needs to restart reboot loop).

1) If I run audit mode without the unattend.xml at least it will manually logon as Administrator and not hang.
2) I manually run the scripts there is no problem.  So it is compatible with 64 bit.
3) Turned off CTRL-ALT-DEL that wasn't the problem.

Will try without resetting the administrator password.  It failed on my original install.

Wednesday, April 14, 2010

Changing text color in Photoshop CS4

I'm not sure why it is so difficult to change text color in PS CS4.

1) Right click on the choosen layer. Click Blending Options.
2) Select Color Overlay.
3) Click on the color (next to blend mode) to select the color, click OK when finished.

Friday, April 9, 2010

Renaming computer and joining a domain in Windows 7

These code snippets run during sysprep.

Ensure that your machine is appropriately named in the auditUser mode.

Reboot into OOBE.  This will join the domain

powershell "set-executionpolicy unrestricted"

powershell ".\joindomain.ps1"

The contents of joindomain.ps1 are:

$creds = New-Object System.Management.Automation.PsCredential("domain\user", (ConvertTo-SecureString "password" -AsPlainText -Force))

add-computer -DomainName domain  -Credential $creds -PassThru
The downside is that the password is still in plaintext.  Will need to find a way to encrypt it.  Will post my failed method later.

Wednesday, April 7, 2010

Powershell is annoying

Ok.  I figured out how to make an unsigned script run in powershell.

Case 1:
Set execution policy to unrestricted and try to run from server.  Still prompts for a security warning.

Case 2:
Set execution policy to remotesigned and copy the file locally.

Problem fixed

Wednesday, March 31, 2010

[Shell Unattend] AutoLogon: failed to enable local account 'Administrator'

Looking in the c:\windows\panther\UnattendedGC\setupact.log, I get the above error. "[Shell Unattend] AutoLogon: failed to enable local account 'Administrator' ".  It doesn't seem to like the autologon in the AuditSystem pass. It reboots with an error similar to Windows being unable to process Shell-Unattend-Setup and Windows must reboot to continue.  Then it is a loop of error messages and rebooting.

Which I don't understand.  Off a fresh install, just using sysprep /generalize /audit without an Administrator password, my souped up Declone works.  But after running it once, it breaks forever.

Here's what I think is happening.  The various shades of autologon are using a cached password, or the original administrator password has been corrupted.

The solution is to deliberately set the administrator password to something known and put that in the unattend.xml file.

Thursday, March 4, 2010

Windows 7 is ugly

I thought Vista was ugly.  Windows 7 you shouldn't look at.  At least from a sysadmin's perspective.

1) Figure out how to install image using a combination the following code:

format C: /fs:ntfs /q /y

set /p User=Enter the Username:
net use R: \\labsrv1\images\current\Win7 /user:domain\%User% *
E:\imagex /apply R:\win7img.wim 1 c:\
bcdboot c:\windows /l en-us
wpeutil reboot

2) Install the WAIK, but it is not supported on XP for the technician machine.  Download the ISO and you must burn  to a DVD before installing.  Don't forget to have the source DVD handy otherwise you won't be creating anything.
I want to use the Vista unattend.xml file.  I wonder if it will let me...

Friday, January 22, 2010

Compressing files

To save space in sysprep you can compress all those driver files using

compress -z -r 945g\*.*

It renames all files in the 945g folder replacing the last letter in the filename with an _.  Alternatively, use expand to expand them.  Oh and don't compress the inf file...

Drivers for Intel graphics adapters

We support everything from GX270 to 960 around here.  And the many Intel graphics adapters that go with it.  In a nutshell:

winxp_14324.exe - 945G drivers work with GX520, GX620

The desktop supported chipsets according to the readme:

* Intel(R) 945G Express Chipset
* Intel(R) 945GZ Express Chipset
* Intel(R) 946GZ Express Chipset
* Intel(R) G31 Express Chipset
* Intel(R) G33 Express Chipset
* Intel(R) G35 Express Chipset
* Intel(R) G965 Express Chipset
* Intel(R) Q33 Express Chipset
* Intel(R) Q35 Express Chipset
* Intel(R) Q963 Express Chipset
* Intel(R) Q965 Express Chipset

I think there is a mistake as Q35 is supported by win2k_xp14371.exe which supports Q33 and Q43/Q45 as well.  These are used on Optiplex 755 (Q35) and 960 respectively.

The desktop supported chipsets according to the readme:
* Intel(R) G31 Express Chipset
* Intel(R) G33 Express Chipset
* Intel(R) G35 Express Chipset
* Intel(R) G41 Express Chipset
* Intel(R) G43 Express Chipset
* Intel(R) G45 Express Chipset
* Intel(R) Q33 Express Chipset
* Intel(R) Q35 Express Chipset
* Intel(R) Q43 Express Chipset
* Intel(R) Q45 Express Chipset

Instead of DD, use Universal Extractor to extract the goodies from the exe files.

Wednesday, January 20, 2010

Beware of oem*.inf files

If you are having problems with add new hardware wizard or sysprepping trying to install the wrong driver, maybe you should delete your oem*.inf and oem*.pnf files.  The *.pnfs point to the locations of files for infs that were installed at some point.  An outdated inf file could cause the wrong driver to be searched for, or even installed.

So... another thing.  If you don't check what the contents are you might regret it.  I just blew away my network driver.  Only really safe to delete the 0 byte files.

Which drivers does sysprep need?

Ok. So I thought I solved the classic problem of figuring out which drivers sysprep needs.  Double Driver. Problem gone. Nada.  Here are the hiccups:

1) Even though DD finds the drivers, it may not use the preferred inf from the orginal install.  I'm installing a Radeon 3450.  DD picks up oem35.inf while the proper inf is CX_73177.inf. This might be ok, we shall see...

2) Even though all the files are there, the install still cannot find certain files and it is looking for them in a certain folder which does not exist.

The solution. There is usually a subfolder below the level of the inf file where the drivers are stored, for example, B_72960.  There is a parameter in the inf called


1 = %DiskId%,,,.\B_72960

Change this to

1 = %DiskId%,,,.\.

3) You do not need to expand the files.  But in case you ever want to, you could do the following:

expand -r .\*.* <folder of choice>

Not expanding them will save on disk space.

Monday, January 18, 2010

Drivers in Sysprep

If you ever had to build a reference image for sysprep, especially with network, chipset and video drivers, you will appreciate the following tips.

1) I lost the install files/have no idea what drivers I need. How do I get the drivers from the Windows folder?

2) How do I get sysprep to find them.

Two programs that will save a lot of hassle.  Use Double Driver for #1 and Sysprep Driver Scanner for #2.

Sysprep Issues

After looking for a needle in the haystack I found it.  Except it was in the wrong haystack.

I used to have the password be anything than what it was supposed to be in sysprep.inf And after I switched around a few of my scripts, the autologon stopped working.  It is known that you either have sysprep blank the password and set after sysprep, or you type in the admin password in plain text to allow autologon to work.

The real problem was in a script that I used to import the autologon settings.  I think it overrides those found in sysprep.inf.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

This worked fine, but I wanted to use reg.exe instead.

echo Setting Autologon...

c:\windows\scripts\reg update "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceAutoLogon=1"
c:\windows\scripts\reg update "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon=1"
echo Setting DefaultUser...
c:\windows\scripts\reg update "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName=admin"
echo Setting DefaultPassword...
c:\windows\scripts\reg update "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword=password"

The problem was in the last line, I used reg add.  I'm pretty sure the entry didn't exist, so it should have worked.  But I changed it to update. Problem solved.