Home Articles | Tutorials | Troubleshooting | Tweaks | Windows Server 2012 | Subsribe to RSS Feed Subscribe to RSS Affiliated sites

Follow me  Follow gusac on Twitter  Subscribe  Subscribe to RSS

Find file / folder owner information using PowerShell or command prompt

23.Aug.2014 | by Gusac | Filed in: Articles, Tutorials

PowerShell GET-ACL "$Path"| select path, Owner -expand access .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; }   where “$Path” could be a variable of the folder path or you can replace with the value like “c:\temp”   If you notice, the Path attribute has some unwanted value ‘Microsoft.PowerShell.Core\Filesystem'::’  To further format the output, we can modify the above command as: GET-ACL "$Path"| select path, Owner -expand access | select @{n="Path";e={$_.Path.replace("Microsoft.PowerShell.Core\FileSystem::","")}}, Owner, IdentityReference, FileSystemRights, AccessControlType, IsInherited   Command Prompt DIR command switches have not been explored to the core. The DIR command not only lists all available files and directories in the current directory but also can show the last modification date and time, file size and lot more. All we need to do is run the below command to find the owner of the folder DIR /Q <Folder Path> Add the /S switch to browse through the subdirectories and files Add the /AD switch to list only the directories

Get Serial Number using command line and PowerShell

10.Apr.2014 | by Gusac | Filed in: Articles, Tutorials

System’s serial number information is stored in WMI. The WMI class is Win32_Bios and there are different ways to query it. We are going to discuss two methods: Command Line Open the command prompt and type the following command: wmic bios get serialnumber     If you want query a remote system, add the switch /NODE:SERVERNAME, where SERVERNAME is the name of the remote system you want to query.   wmic /node:RemoteSVR01 bios get serialnumber   In above example, the command queries the remote system with name ‘RemoteSvr01’. PowerShell For local system:   Get-WmiObject -Class Win32_Bios   To query a remote system named ‘RemoteSvr01’: Get-WmiObject -Class Win32_Bios -ComputerName RemoteSvr01

Fix: “C:\Windows\System32\Config\SystemProfile\Desktop” refers to a location that is unavailable.

13.Jun.2013 | by Gusac | Filed in: Articles

Issue: While logging to the server or opening My Computer the system throws error message with description: Title: Location is not available Description: C:\Windows\system32\config\systemprofile\Desktop refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might h ave been moved to a different location. Suggestions: 1. Open Windows Explorer and navigate to: C:\Windows\system32\config\systemprofile and verify if it has the Desktop folder there. 2. If the Desktop folder does not exist, then create an new folder and rename it to Desktop or copy it from C:\users\Default\Desktop location. Note: C:\Users\Default is hidden by default.

Turn IE Enhanced Security Configuration On or Off on Windows Server 2012

3.Jan.2013 | by Gusac | Filed in: Articles, Tutorials

Steps to enable or disable Internet explorer security Configuration:   1.  Open Server Manager 2.  Click Configure this local server to open the Local Server configuration page. 3.  Then, in the Properties area, next to IE Enhanced Security Configuration, click On to open the Internet Explorer Enhanced Security Configuration dialog. 3.  To allow members of the local Administrators group to use Internet Explorer in its default client configuration, under Administrators click Off. 4.  To allow members of all other groups to use Internet Explorer in its default client configuration, under Users click Off. 5.  Click OK to apply your changes. Once the Internet Explorer Enhanced Configuration is turned off for one set of users, Server Manager will display Off next to Internet Explorer Enhanced Security Configuration.

Error: 0x800f081f while installing service pack 1 for Windows 2008 R2

26.Aug.2012 | by Gusac | Filed in: Articles

Issue: Windows 2008 R2 Service Pack 1 installation fails with the error (as shown below).  If you click on the Details link on the error page, it displays the error code 0x800f081f Installation was not successful A system error prevented the service pack from installing. Please download and run the "Check for System Update Readiness" tool at http://go.microsoft.com/fwlink/?LinkId=122602   Additionally,  the event log displays two error event ids in the system logs: Event ID 7 and Event ID 8 from source: Service pack installer   Solution: 1.  First step, though not seldom useful for this issue, is to run System Update Readiness tool and let it fix the corrupt manifest or you can check the logs and replace them. Click here is a reference to an article that shows how to troubleshoot using System Update Readiness tool 2.  Check the Event ID 8 in the system log. It would show you the update that is causing the issue. In this case, it is KB 976932 Notice the value for Identity in the above screenshot. To fix this, remove this package. Here is the command: dism /online /remove-package /packagename:PACKAGE_NAME .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; } where PACKAGE_NAME is the exact name string provided in the Identity section of the error. You can also get this value from the CheckSUR.log from the step 1.   So, in our case the actual command would look like: dism /online /remove-package /packagename:Package_for_KB976932~31bf3856ad364e35~amd64~~ 3. Reboot the server once the above command completes successfully and start the Windows 2008 R2 SP1 setup again. It should succeed this time.

Windows - Its NT versions and build numbers

6.Apr.2012 | by Gusac | Filed in: Articles

This post is to give a brief idea on NT version of each Windows edition. Though Microsoft started using names commercially for Windows, the version is still very relevant and has continued ever since Windows 1.0. This is how you can understand the Windows version number and identify the which Windows is installed by looking at its version and build. This is the format of Windows Version and build number: MajorVersion.MinorVersion.MajorBuild.MinorBuild Here is the list of Windows build versions till date. Windows NT Version Build Server 8 beta 6.2 .8250 8 CTP 6.2 .8250 Server 2008 R2 6.1 .7600 Server 2008 R2 w/ SP1 6.1 .7601 7 RTM 6.1 .7600 7 w/ SP1 6.1 .7601 Server 2008 RTM 6.0 .6000 Server 2008 w/ SP1 6.0 .6001 Server 2008 w/ SP2 6.0 .6002 Vista RTM 6.0 .6000 Vista w/ SP1 6.0 .6001 Vista w/ SP2 6.0 .6002 Server 2003 R2 5.2 .3790 Server 2003 5.2 .3790 XP x64 5.2 .3790 XP 5.1 .2600 2000 5.0 .2195   How to check the version and build of your Windows? Simply open the command prompt and type VER (and hit ENTER, ofcourse)   Where does Windows store this information? In Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion CurrentVersion CurrentBuildNumber ProductName

Permalink | Tags:

Troubleshooting Event ID 333

18.Jul.2011 | by Gusac | Filed in: Articles, Troubleshoot

Event ID 333 basically occurs when system registry fails to flush operation to the disk. In most of the cases, Event ID 333 is more of a byproduct rather than an issue itself. Event id 333 occurs when there is some performance issue or when memory/disk is not keeping up with the load. Generally when the issue occurs, you would see other Event IDs as well pointing towards the actual cause that triggered Event ID 333. There are 4 likely causes for getting 333: · Memory pressure- Physical or Virtual memory bottleneck, low System PTEs, Working set trimming etc. · Disk pressure – Bottleneck, performance issue etc. · Filter driver – Bad driver keeping registry from being flushed. · Lock Pages In Memory – This behaviour can result if the SQL service account is given the user right ‘Lock Pages in Memory’   Troubleshooting The following are the troubleshooting steps for this issue. Please note, all the steps do not fit in all scenarios and should not be applied as silver bullets.   Event Log First this is to check for the Event IDs. Look for any other Event id related to disk, memory, server (SRV) in System log. Key event ids are: 2019, 2020, 51, 55, 52, 58   Perfmon · Look for key counters: - Memory\%Committed Bytes in Use - Memory\Available Mbytes - Memory\Cache Bytes - Memory\Commit Limit - Free System Page Table Entries - Memory\Pool Nonpaged Bytes - Memory\Pool Paged Bytes Physical disk or Logical Disk - %disk Time - Avg. Disk Bytes/Transfer (Read and Write) - Avg. Disk Queue Length - Avg Disk sec/Transfer - Disk bytes/sec - Split IO/sec Paging File\%Usage System\%Registry Quota in use   Disk · Enable disk write cache Enable disk write cache to increase disk performance. (Refer to KB 324446) - This would enable the caching of data in memory instead of immediate write to disk. This reduces the load (queue length) on the disk and system can schedule flush the data to disk later.     · Perfmon Monitor disk sec/transfer, idle time, split I/O, Data byes/sec - Split I/O counter represent how fragment the drive is. It is best to defrag the drive as it has a major hit on the disk performance. - Sec/Transfer represents the time it takes to transfer data. It gives the disk throughput · Configure RegistryLazyFlushInterval to 60 secs. (Reference: KB317357 and KB324446) - Setting value to 60, tells system to write registry changes to disk after 60 seconds. The more the number of writes, the more disk I/O. The value 60 is recommended by Microsoft.   · Event logs Check for any disk related event ids. Most common sources are fdisk, disk. Common causes are corrupt/bad sector, controller issue or driver issues. - Upgrade firmware drivers for controller, - Run chkdsk if required if we have event if pointing to corrupt sector/cluster on the disk.     Memory There could be contention in either physical or virtual memory on the system. The causes can be several and they do not have straight forward troubleshooting. It is recommended to have an understanding of memory concept before making changes as it can easily make the system unstable.   · Boot.ini - On Windows 2003 x86 server, check Boot.ini, if we have /3GB switch in place and also keep the role of the server in mind. Try to modify the switch by adding /USERVA so that we can give more room to kernel memory. Visit the link to understand /3GB and /UserVA switches: http://technet.microsoft.com/fr-fr/library/cc784475(WS.10).aspx - On windows 2008, we don’t have boot.ini - Use of /PAE and /3GB is not recommended as it has adverse effect on system performance.   · SQL Server Consideration - Configure SQL to use less memory for the buffer pool.   - SQL Server has it own memory manager (MM) and it doesn’t use windows MM. IT can be set to reserve X amount of memory, which windows cannot use.   - Configure Perfmon with SQL object and monitor the memory specific counters. This is when we have low physical memory issue on Windows system. - 918483 How to reduce paging of buffer pool memory in the 64-bit version of SQL Server 2005 You can enable the lock pages in memory permissions to prevent SQL Server 2005 64-bit buffer pool memory from being paged out of physical memory http://support.microsoft.com/?id=918483   · Disable Hot Add memory - When the Hot Add Memory feature is enabled, the operating system pre-allocates kernel resources to handle any future memory that may be added to the computer. Kernel resources are allocated based on the capabilities of the computer instead of on the RAM that is actually installed. The kernel may allocate significant resources to RAM that may never be installed. Therefore, the Hot Add Memory feature may cause the maximum size of the paged pool to be much smaller than expected. - To disable the feature: http://support.microsoft.com/?id=913568   · Pool memory leak Look for Event id 2020 or 2019 for paged-pool or nonpaged-pool exhaustion. Configure poolmon.exe with appropriate interval and monitor the tag which has highest consumption at the time of issue. - There are few articles for pool memory exhaustion but it is not recommended to apply without getting the poolmon data. KB 312362 is for maximizing the Paged-Pool limit on the box in case of Event ID 2020. But this is helpful when we have high memory consumption and not memory leak.   · Increase page file - Again this is helpful if we have perfmon data to confirm the need.     · Apply patch - For NTOSKRNL.EXE, as memory manager is implemented in windows kernel and ntoskrnl.exe is the executable. [KB 935926: A Windows Server 2003-based computer stops responding when the registry is in heavy use]   · Free system PTEs. - Look for perfmon counter value Free System Page Table Entries Filter driver Check for 3rd party drivers on the box which are outdated. You can use msinfo32 or Microsoft MPS utility to list out the drivers.   Last Resort – Complete memory dump If the above troubleshooting does not help, configure the box for generating manual complete memory dump and trigger it when issue occurs. Send the dump to Microsoft for analysis.   Reference:   Troubleshooting Event ID 333 Errors http://blogs.technet.com/b/askperf/archive/2007/10/30/troubleshooting-event-id-333-errors.aspx How to generate a kernel dump file or a complete memory dump file in Windows Server 2003 http://support.microsoft.com/kb/972110   177415 How to Use Memory Pool Monitor (Poolmon.exe) to Troubleshoot Kernel Mode Memory Leaks http://support.microsoft.com/?id=177415 298102 How to find pool tags that are used by third-party drivers http://support.microsoft.com/?id=298102 248345 How to create a log using System Monitor in Windows http://support.microsoft.com/?id=248345 244139 Windows feature lets you generate a memory dump file by using the keyboard http://support.microsoft.com/?id=244139 315263 How to read the small memory dump files that Windows creates for debugging http://support.microsoft.com/?id=315263

Overview of Printer Driver Isolation

23.Mar.2011 | by Gusac | Filed in: Articles, Tutorials

Print spooler crash isn't a rare phenomenon in IT Administration world. It is something that leaves an admin scratching his head, figuring out what is causing it. Most of the time it's due to some faulty printer driver and bigger the environment, harder it is to identify the culprit driver. But that's going to be the thing of past now. With Windows 2008 R2 and Windows 7 comes the Printer Driver Isolation. As the name suggests, Printer Driver Isolation or PDI isolate the printer drivers files into a different process than Print spooler (spoolsv.exe). The isolated printer drivers are not loaded in the process space of spoolsv.exe but instead a different process. So, if any problem that occurs in the faulty drivers will cause the process they are loading in to fail instead of spoolsv.exe, hence preventing the production down time for Print servers. The process that host the isolated printer driver files is PrintIsolationHost.exe. This process host the printer drivers which are set to be run isolated. If anything goes wrong with these drivers, they will cause PrintIsolationHost.exe to crash and not spoolsv.exe. The purpose of the driver isolation feature is to prevent print drivers that fail or behave badly from adversely affecting the print spooler process There are three modes of Printer Driver Isolation: None - Printer drivers are loaded in the spooler process, just like before. Shared - Printer drivers set to run in a single shared instance of PrintIsolationHost.exe process, separated from the spooler process. This is the default mode. Isolated - Each Printer driver is set to run in its own separate instance of PrintIsolationHost.exe process. To check if Printer Driver support PDI: Navigate to the following registry location: HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\<environment>\Drivers\Version-3\<driver>\PrinterDriverAttributes Possible values: 0: Printer driver does not support PDI 2: Printer driver supports PDI If the value is missing, it defaults to 0, that is, the driver does not support PDI   How to change the Printer Driver Isolation mode There are three ways to determine Isolation mode for Printer drivers: INF files associated with the printer driver Print Management Console (PMC) Group Policy   INF files associated with the printer driver The printer driver inf files advertises whether the driver supports PDI or not. The inf files contains a the keyword DriverIsolation to indicate its support for the PDI. As mentioned above, value 0 indicates that the driver does not support PDI and the value 1 indicates it supports it. So, in an inf file, it should look like: DriverIsolation=0 DriverIsolation=2 Again, If the keyword is not there then it defaults to 0       Print Management Console (PMC) The print management console or PMC lets you manage the driver isolation easily. If you open the PMC and go to the Drivers for the print server you want to manage, it will list all the print drivers installed on that server along with their Isolation state. Below is the screenshot for your reference: To change the Driver isolation, right click on the printer driver and select the option 'Set Driver Isolation. The drop down menu will all the available options. Please note: The System Default option is the setting defined in the driver itself by default or by group policy. If group policy ‘Execute Print drivers in isolated processes’ is Disabled, then you cannot change the isolation mode. Registry value for PDI settings: The driver names, for which PDI mode was set explictly, are stored in registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\ [PrintDriverIsolationGroups] The value data is stored in a format to differentiate the Isolation state. the format is: <None>\<None>\\<Shared>\<Shared>\\<Isolated>\<Isolated> The three groups (None, Shared & Isolated) are separated by double slashes ‘\\’ and within each group, drivers are separated by single slash ‘\’ Please note: For drivers which have Driver Isolation state as System Default, will not be listed in the registry. The registry contains names for the drivers for which PDI mode was change explicitly. If you do not have any driver in one group then it will be left as it is but double slashes \\ would still be there.   Group Policy There are two group policies for PDI ad they can be found under: Computer Configuration\Administrative Templates\Printers. The Group policies are: Execute print drivers in isolated processes Override print driver execution compatibility setting reported by print driver Policy: Execute print drivers in isolate processes: This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes), a print driver failure will not cause the print spooler service to fail. If you enable or do not configure this policy setting, the print spooler will execute print drivers in an isolated process by default. If you disable this policy setting, the print spooler will execute print drivers in the print spooler process. Notes: -Other system or driver policy settings may alter the process in which a print driver is executed. -This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected. -This policy setting takes effect without restarting the print spooler service.   Policy: Override print driver execution compatibility setting reported by print driver: This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process, even if the driver does not report compatibility. If you enable this policy setting, the print spooler will ignore the Driver Isolation compatibility flag value reported by the print driver. If you disable or do not configure this policy setting, the print spooler will use the Driver Isolation compatibility flag value reported by the print driver. Notes: -Other system or driver policy settings may alter the process in which a print driver is executed. -This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected. -This policy setting takes effect without restarting the print spooler service.

Different ways to check System’s uptime

30.Dec.2010 | by Gusac | Filed in: Articles

There are different ways to check computer system’s uptime (boot time) or time when it was booted last. We are going to discuss four of them here. They are: Uptime.exe command line utility Systeminfo command line Perfmon NET command Task Manager (Vista and above)   Uptime.exe The tool, Uptime.exe, is available for displaying system availability. Uptime.exe can be used to display the current uptime of the local and remote system. Optionally, It can also scan Event log for key system event system events such as system restart of computers that are not responding (hanging). The utility Uptime.exe can be downloaded from Microsoft Download site. Here is the url: http://download.microsoft.com/download/winntsrv40/install/uptime_1.01/nt4/en-us/uptime.exe Download and save the uptime.exe Son local computer. Open command prompt and go to the location where uptime.exe is saved. To check uptime for local system, run the following command:   Systeminfo Systeminfo is an inbuilt utility that comes with Windows. The Systeminfo shows the System Boot Time. This shows the time system was last booted (started). So, we can calculate the time the system has been up for. Here are the steps: Open command prompt, and type the command: SYSTEMINFO Scroll to the line that says: System Boot Time. Perfmon Performance Monitor tool or Perfmon in Windows system also has a counter to keep track of the system’s uptime. Here are the steps to use Perfmon: Note: This would require the knowledge of configuring Perfmon tool. Start > Run and type PERFMON.SYS Add the counter System\Sytem Up Time. The System Up Time shows the uptime in seconds. So, we need to convert the seconds into minutes or hours. ‘   Net Statistics command   Open the command prompt and type the command: net statistics workstation The command shows the system’s statistics since the time it is ON or started. We are not concerned about the system’s statistics but the time since it is running.   Task Manager On Windows Vista and later operating system, we can also use Task Manager to view system up time. Simply, open task manager and go to the Performance tab. Down below the graph, we have a section called System.  We have UP Time in the System section, showing duration in DD:HH:MM: SS format. Here is the screenshot for your reference:

How to remove Phantom Network adapter

20.Dec.2010 | by Gusac | Filed in: Articles, Troubleshoot

Phantom or Ghost Network adapters are created when the network adapter is removed without removing the drivers. These ghost network adapter (NICs) are hidden and are not listed in device manager. [More]