Windows Off-screen

Just had another client puzzled by this issue, their IT provider couldn’t figure out what was wrong either. The application (in this instance ACT!) appeared to start, but wasn’t visible. Ultimately, the window was off screen. They had used an external monitor and had been using the app on that second screen. They’d shutdown, removed the external monitor, now the app was not ‘there’ even tho it was in the windows task bar.

The solution? ALT-Space | Down Arrow | Enter | use the arrow keys to reposition the window onto the current active screen. Or use this utility: Sheepdog to do it for you.

Sheepdog rounds up windows

One of the tools I’ve found very useful is SheepDog. Like the real world sheep dogs, it rounds things up, in this case stray windows.

Working with a laptop, I often plugin a second monitor, however, when I next fire up the laptop, windows may open up but not be visible on my laptop screen, they ‘remember’ that they were placed on the second screen, which is no longer connected. SheepDog rounds them up and moves them back to my primary monitor.

If you’re using a laptop or netbook, I recommend you take a look at it.

Using registry values in scripts

I’m often writing scripts to do stuff. It makes my job easier. I’ve often wanted to be able to script the discovery of registry values in the Windows Registry.

Thus here is a short example on using the vanilla windows command line to find the value of a Windows registry key. From my testing these commands are all present by default in Windows XP, Vista, 7, Server 2003 and Server 2008.

Assume we want to find the Microsoft Windows Common Files directory. Using `Regedit` we can find that here: `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir`

So the first thing we want to do is query the registry, we do that with the command line tool `reg` as follows ([more about reg][]):

[more about reg]:
“Read up on how to use the reg command for more than just a query”

`reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion /v CommonFilesDir >1.tmp`

This will spit out the following into the text file `1.tmp`:

CommonFilesDir REG_SZ C:\Program Files\Common Files

However, this isn’t of much use in a script. Really, we just want the value of the folder itself, not all the extra info.

So what we do is use the command line tool ‘findstr’ which essentially is a windows regex tool ([more about findstr][]). We use it to do this:

[more about findstr]:
“Read up on findstr – regex goodness on windows by default”

`findstr /r REG_SZ 1.tmp >2.tmp`

This spits out just the line that contains REG_SZ and puts it into the text file `2.tmp`. Now that we’ve just just the one line, we want to strip the first 32 characters off it. We do this by first setting it as an enviroment variale and then trimming it down using the following two commands ([more on set][]):

[more on set]:
“Using file contents to set enviroment variables”

`set /p CommFiles=<2.tmp` And then we shorten that ([more on trimming][]): [more on trimming]: "Read up on using set to trim environment variables" `set CommFiles=%CommFiles:~32%` Then we can echo the result to the screen using: `Echo The Common Files directory is: %CommFiles%` And here it is all in one easy to copy set: --- Set CommFiles=C:\Temp reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion /v CommonFilesDir >1.tmp
findstr /r REG_SZ 1.tmp >2.tmp
set /p CommFiles=<2.tmp set CommFiles=%CommFiles:~32% Echo The Common Files directory is: %CommFiles% --- With a little editing I'm sure that you can turn this to your own uses, pulling out the value of registry keys and using them in script files. You're not limited to this registry key, you can use it to access all sorts of registry keys. Please do tell me what uses you put this to. Enjoy.

Finding user SID

Occasionally you may want to know the [SID][] of a windows user. If that made no sense to you, read no futher, this snippet is not for you.

“Read a definition of what the SID is”

Open up REGEDIT and browse to this key:

`HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList`

Here you will find a list of SID’s, under each is a subkey containing the name of the user it is associated with. Run through them until you find the username you’re looking for and bingo, it’s parent key is that users SID.

Found via [][]

“ is a wealth of tech goodness”

[Bonus link][]

[Bonus link]:
“More explaination of SID’s, decoding them etc”

Open Source administrator tools

Spotted this great list of open source tools for system administrators: 24 Great Open Source Apps for Admins & Technicians.

I can personally vouch for a number of these:

  • Angry IP Scanner
  • PuTTY
  • DBAN
  • DeltaCopy

For some tools that are not open source but free, you can’t go past (details here) – now owned by Microsoft themselves these tools make a Windows Sysadmin job much easier.

Resurrecting Terminal Server

A Terminal Server I was attempting to work on today gave quite a lot of grief. The first hint was that users were unable to login to it. When I then tried to login, it gave an error message of:
Login Failed
You are connected to the remote computer. Howerver, an error occured while an initial user program was starting, so you are being logged off. Contact the system administrator for assistance.

So I rebooted it remotely using the command shutdown /r /f /m \\TSERVER1 while having a continuous ping running, from the ping results I could see it go down, come back up. However on trying to login now, after entering a username/password I could see the logon script run, but no taskbar, start button appeared. Right clicking the desktop didn’t give any menu.

I could however navigate to the hard drive on that machine by pointing My Computer to \\tserver1\c$\.

Copying some of the tools at I was able to view the event logs, no issues apparent, check status of various services, all ok.

So I connected via RDP once more (mstsc /v:tserver1 /console) and viewed the background (still no start button or taskbar) and pressed CTRL-ALT-END which allowed me to start the Task Manager. This allowed me to run a new task (File | New tas (run...)) so now I was able to copy the sysinternals autoruns program to the root of the C: partition, and run it from the affected terminal server. Running c:\windows\explorer.exe didn’t work tho.

Delving into it’s depths I found an entry for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer – renaming this entry then allowed Explorer to run. So I’ve exported the key (in case I do want it sometime) and then deleted it.

Rebooted the server once more and bingo, it lets everyone log in. Very satisfying after a couple of hours of mad hair tearing.

Registry utility I would love to have

I don’t have this, but I certainly would use it.
A simple utility to do search and replace in the Microsoft Windows registry.

Ideally it would do the following:

  • Specify a list of values to delete – it would then remove ALL those values
  • Specify a value and what to replace it with
  • Specify a key and what key to replace it with
  • Specify a key and what value to make it

My immediate use is removing entries that a virus (WORM actually) has entered in. Using regedit is a pain pain pain!

Ubuntu VPN goodness

I’m now running Ubuntu 7.10 on my personal laptop (it dual boots with MS Vista Ultimate, but defaults to Ubuntu). Of course I want to do it all, including connecting to MS Windows VPN’s.

The short set of instructions over at tipotheday were spot-on.

My only addition would be to have the Ubuntu 7.10 install CD (or ISO) handy. Personally I used the command line (CLI) version, worked a treat.