Archive

Archive for January, 2010

Microsoft "How Do I?" Videos

January 28, 2010 Leave a comment

Microsoft has recently assembled a list of short videos for customers to learn how to accomplish specific tasks with Microsoft products. These videos provide step-by-step instructions to help you further develop your skillset.

Microsoft TechNet

Advertisements
Tags: , ,

EvtLogParser

January 16, 2010 37 comments

Updated to version: 1.0.0.5!

Lets say you have many exported EventLog (evt/evtx) files, and need to search for specific event entries on all of them. how do you do it?
Yes. Of course you can use Microsoft Log Parser 2.2 but then you have to write the cumbersome query yourself. bummer.

EvtLogParser EvtLogParser to the rescue!

EvtLogParser uses the LogParser.dll from Microsoft Log Parser 2.2, and provides a simple UI for the query.

EvtLogParser

All you need to do, is drag-and-drop or right-click and select Add EventLog Files...  to add your files to the list, select the query filter using the query filter panel, and click Query.

EvtLogParser: Query Filter Panel

Then, you’ll be able to see the query results in the grid view below.

EvtLogParser: GridView and Context Menu

Right-click to view a specific event, save it as a text file or export all the data to an XML file.

EvtLogParser: View Event

Note that Windows Vista, 7 and Server 2008 uses the new evtx format for event log exports.
Since Log Parser uses system APIs to read event log exports, and the old .evt event log format is not "native" any more on these OS’s you’ll probably get an error message saying "The event log file is corrupted".

So if you want to read evt files on Windows Vista, 7 or Server 2008, you should convert them old-school EventLog files into the shiny new format. You can accomplish this using any of the two methods described below:

1. Through the user interface
just double-click the evt file, wait for it to open, then right-click, select Save Event As, enter the location and filename, click Save and OK.

2. Using the Windows Events Command Line Utility (WevtUTIL)
It’s built in the OS and it’ll convert those old EventLog files from the command line:

wevtutil epl application.evt application.evtx /lf:true

Also, you can copy the text below into Notepad, save it with the .reg extension, and merge it into your registry.
After restarting your system, you’ll be able to right-click an .evt file and select the "Convert to evtx" option from the context menu.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\SystemFileAssociations\.evt]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.evt\shell]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.evt\shell\ConvertToEvtx]
@="Convert to evt&x"
[HKEY_CLASSES_ROOT\SystemFileAssociations\.evt\shell\ConvertToEvtx\command]
@="\"wevtutil.exe\" epl \"%1\" \"%1x\" /lf:true"

 

Download EvtLogParser.1.0.0.5.zip
Please note it requires you to have at least .NET Framework 2.0 installed

Media Files Renamer

January 9, 2010 Leave a comment

A college of mine showed me a utility he was using to rename his pictures.
Although he was very happy with it (simple UI and easy to use), he complained that it wasn’t renaming pictures that he took with his cell phone and he didn’t understand why.
I explained him about EXIF, And told him I’d write him a similar utility that would rename all his pictures (the ones without EXIF information would be renamed according their last modified time stamp).

 

Media Files Renamer 2.1.0.0

Download MediaFilesRenamer.exe
Please note it requires you to have at least .NET Framework 2.0 installed.

Tags: ,

“God Mode” in Windows 7

January 4, 2010 Leave a comment

Everybody is talking about the so called Windows 7 "God Mode."

What is it, you ask? Simply create a new folder, call it GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} and you will have a shortcut to every setting on your computer.

GodMode

Sounds great right? Only if you are the kind of person that likes to navigate through a list of 255 tasks instead of simply typing in what you need.

There are no new features or settings exposed. Only a list of tasks that can be accomplished within the so simple Control Panel search.

The feature is actually not even called God Mode but All Tasks. The All Tasks feature is simply a shell folder you can access a few different ways. Just type shell:::{ED7BA470-8E54-465E-825C-99712043E01C} in the windows explorer address bar and hit <Enter>.  Alternatively, create a folder and name it anything.{ED7BA470-8E54-465E-825C-99712043E01C}.

Someone probably named the folder “GodMode” just to make it sound mysterious and intriguing.

BTW, it also works on VISTA 32bit.

Tags: ,

The Security System detected an authentication error

January 3, 2010 Leave a comment

Last week I came across a weird problem.

I wasn’t able to connect to a share on a remote server using it’s IP Address in the UNC path, but had no problem at all using it’s NetBIOS name or it’s FQDN.

I took a look at the event log and saw these 2 event entries:

Event Properties 40960 Event Properties 14

A quick Google search got me here, and there it reads:

Stored User Names and Passwords is a feature of Microsoft Windows XP and the Windows Server 2003 family that stores user names and passwords for servers. This allows a user to connect to servers using user names and passwords that are different than those used to log on to the network. The user can store these for later reuse.

So I opened up the Stored User Names and Passwords applet, happy to see an entry saved in the Credentials Manager that had my “problematic” IP Address:

Stored User Names and Passwords  

Removed that entry…

Stored User Names and Passwords

and voila! I can access the server again!

 

The Stored User Names and Passwords interface is accessible from the Control Panel -> User Accounts applet (on Windows XP) or Control Panel -> Stored User Names and Passwords applet (on Windows 2003 Server). Also, you can run it using any of the two command lines:

rundll32.exe keymgr.dll,KRShowKeyMgr

control keymgr.dll

 

Since this was such a simple solution to such an annoying problem, I thought I’d share.

Tags: ,