Windows - Notes on Microsoft's operating systems

How to disable SMB1 on Windows clients ?

There are several methods depending of the Windows version :

Procedure for a Windows 7 client

  1. start the shell (cmd.exe) with Administrator privileges (otherwise, you may not be allowed to change some system settings)
  2. check whether SMB1 is enabled or not :
    sc.exe qc lanmanworkstation
    [SC] QueryServiceConfig réussite(s)
    
    SERVICE_NAME: lanmanworkstation
    	TYPE               : 20  WIN32_SHARE_PROCESS
    	START_TYPE         : 2   AUTO_START
    	ERROR_CONTROL      : 1   NORMAL
    	BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetworkService
    	LOAD_ORDER_GROUP   : NetworkProvider
    	TAG                : 0
    	DISPLAY_NAME       : Station de travail
    	DEPENDENCIES       : Bowser
    	                   : MRxSmb10
    	                   : MRxSmb20
    	                   : NSI
    	SERVICE_START_NAME : NT AUTHORITY\NetworkService
  3. Disable SMB1 :
    sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
    [SC] ChangeServiceConfig réussite(s)
    sc.exe config mrxsmb10 start= disabled
    [SC] ChangeServiceConfig réussite(s)
  4. check it with the same command :
    [SC] QueryServiceConfig réussite(s)
    
    SERVICE_NAME: lanmanworkstation
    	TYPE               : 20  WIN32_SHARE_PROCESS
    	START_TYPE         : 2   AUTO_START
    	ERROR_CONTROL      : 1   NORMAL
    	BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetworkService
    	LOAD_ORDER_GROUP   : NetworkProvider
    	TAG                : 0
    	DISPLAY_NAME       : Station de travail
    	DEPENDENCIES       : bowser
    	                   : mrxsmb20
    	                   : nsi
    	SERVICE_START_NAME : NT AUTHORITY\NetworkService
  5. should you wish to re-enable it :
    sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
    sc.exe config mrxsmb10 start= auto
  6. reboot so that changes take effect

Finding duplicates in an Excel column

  1. let's assume the column containing duplicates is the F column
  2. insert an empty column (the G column) next to the column to investigate for duplicates
  3. in G1 (or G2 if column have headers), insert the formula =NB.SI($F$2:$F$120;F2)>1
    • $F$2:$F$120 is the range of cells to search into
    • F2 is the value to look for
    • =NB.SI(range;value) counts the occurrences of value in range. Unique values occur just once, hence the >1 to highlight duplicates
  4. drag'n'copy this formula until the bottom of the G column
  5. lines containing duplicates in the F column show a true in the G column

Advanced formula : =SI(NB.SI($F$2:$F$120;F2)>1;"DOUBLON !!";"")

When Outlook complains : "the set of directories could not be opened..."

Situation :

Not possible anymore to open Outlook, which outputs the error message : "Cannot start Microsoft Office Outlook. Unable to open Outlook window. The set of directories could not be opened."

Details :

This is due to a corrupted .ost file. These files contain the "local copy" of the Outlook inbox.

Solution :

Scan and repair the damaged .ost file with the scanost.exe utility. This was found in C:\Program Files\Common Files\System\MSMAPI\1033 on my computer.

  1. type 1 in an empty cell, then Rclick cell | copy
  2. hold CTRL and select all cells where hyperlinks have to be removed
  3. Rclick any of the selected cells (containing hyperlink to remove), then "collage spécial"
  4. In the Opération area, select multiplication | OK

How to tell Windows 7 to use a different default network card ?

Situation :

This question occurred while trying to configure / use an Android smartphone as a USB modem on a Windows 7 workstation, which is already connected to the Internet via its built-in wired network card.

The setup is fairly straightforward : plug the smartphone via USB on the PC, then on the phone side, enable network sharing. Windows should detect a new network card and install drivers.

Details :

At that time, some existing network connections _may_ miserably timeout. This is because the new interface has a lower network metric than the regular one. The new network card has become the preferred interface to the network (because of its lower metric), but since it's not connected to the LAN, links to local resources are broken.

Solution :

  1. Before plugging the phone :

    route print

    
    IPv4 Table de routage
    ===========================================================================
    Itinéraires actifs :
    Destination réseau	Masque réseau	Adr. passerelle	Adr. interface	Métrique
    0.0.0.0			0.0.0.0		10.29.19.254	10.29.19.125	20
    
  2. After plugging the phone :

    ipconfig

    Carte Ethernet Connexion au réseau local 2 :				this is my phone
    	Suffixe DNS propre à la connexion. . . :
    	Adresse IPv4. . . . . . . . . . . . . .: 192.168.42.41
    	Masque de sous-réseau. . . . . . . . . : 255.255.255.0
    	Passerelle par défaut. . . . . . . . . : 192.168.42.129
    
    Carte Ethernet Connexion au réseau local :				this is the regular LAN connection
    	Suffixe DNS propre à la connexion. . . : acme.corp.com
    	Adresse IPv4. . . . . . . . . . . . . .: 10.29.19.125
    	Masque de sous-réseau. . . . . . . . . : 255.255.255.0
    	Passerelle par défaut. . . . . . . . . : 10.29.19.254
  3. Then the routing table again :

    route print

    
    IPv4 Table de routage
    ===========================================================================
    Itinéraires actifs :
    Destination réseau	Masque réseau	Adr. passerelle	Adr. interface	Métrique
    0.0.0.0			0.0.0.0		192.168.42.129	192.168.42.41	10		phone
    0.0.0.0			0.0.0.0		10.29.19.254	10.29.19.125	20		regular LAN connection
    
  4. At that point, the LAN connection must become the preferred interface anew. To do so, we can :
    • either increase the metric value of the USB interface
    • or decrease the metric value of the regular LAN interface

    Altering the USB interface works fine, but these settings will be lost after disconnecting the phone, and the same problem will pop again the next time it is plugged in. So let's workaround this by setting the metric of the LAN interface to the lowest possible value : 1.

  5. Open the network properties :
    • Control Panel | Network and Internet | Network Connections
    • or : | type connexions réseau in the search box | Afficher les connexions réseau
  6. Select the LAN interface, right-click then Properties
  7. Internet Protocol Version 4 (TCP/IPv4) | Properties | Advanced.
  8. Untick Automatic Metric and set the interface metric to 1.
  9. OK | OK | ... until you close the Network Adapter properties.
  10. Check :

    route print

    
    IPv4 Table de routage
    ===========================================================================
    Destination réseau	Masque réseau	Adr. passerelle	Adr. interface	Métrique
    0.0.0.0			0.0.0.0		10.29.19.254	10.29.19.125	1
    0.0.0.0			0.0.0.0		192.168.42.129	192.168.42.41	10
    

hosts file

OS File
Windows XP, Windows 7 C:\WINDOWS\system32\drivers\etc\hosts
it can be found in : %systemroot%\system32\drivers\etc\
Windows 2000 C:\WINNT\system32\drivers\etc\hosts
Windows 98 C:\Windows\hosts.sam
On Windows XP, Firefox may ignore the hosts file if it's configured to connect to Internet through a proxy (details). To workaround this, add your custom host name in the No proxy for... list.

Playing with NTFS's ADS

Notes on ADS

  • The concept of ADS is to hide data into a container file.
  • ADS works only on NTFS volumes. ADS may survive a copy to another NTFS volume (either local or through LAN) but in any other case (different filesystem type, FTP, email, Zip, ...) the ADS is lost.
  • From my (short) experience, the type of the container file doesn't matter.
  • The stream name doesn't seem to matter as well.
  • There seem to be no limitation on the number of streams attached to a container file.

Examples

  • Store text : echo foo > anyFile.txt:streamName
  • Read text : more < anyFile.txt:streamName
  • Store image : type img.png > cic.dll:streamName
  • Read image : %SystemRoot%\system32\mspaint.exe cic.dll:streamName
  • Store executable : type calc.exe > img.png:anything.exe
  • Run executable : start .\img.png:anything.exe
    • .\ and .exe are mandatory
    • the task manager will display img.png:anything.exe as the task name
  • Store several streams :
    1. echo foo > anyFile.txt:stream1
    2. echo bar > anyFile.txt:stream2
    3. echo baz > anyFile.txt:stream3

Environment variables

List environment variables :

In a shell, just type set

Print the value of a variable :

echo %temp%

Common variables :

Variable Name Value Details
SystemRoot c:\windows

How to run a command or .exe as another user on Windows ?

  1. Open the Start Menu
  2. Browse to the application name or find it with the Search box
  3. Right-click the application name / icon, then select Run As Administrator
  4. Enter Administrator's credentials
  5. Enjoy !

How to register a new .dll in Windows XP / 2003 ?

.dll files are supposed to be found in C:\WINDOWS\system32

To register a new .dll :

regsvr32 my_new_dll_file.dll

To un-register an existing .dll :

regsvr32 /u existing_dll_file.dll

Windows XP file tree

C:\ system root
WINDOWS
system32
drivers
etc
Documents and Settings
All Users
Menu Démarrer
Programmes
Démarrage Programs to launch when any user opens a session
userName
Application Data
Microsoft
Internet Explorer
Quick Launch Lists icons of favorites apps in the taskbar
Menu Démarrer
Programmes
Démarrage Programs to launch when userName opens a session