24. November 2009 by Myke.

This post contains information on how to edit and modify your Windows Registry.  It is always recommended that you take a backup of the Registry before editing any of the values because any improper editing can cause strange behaviour and at worst could even corrupt your operating system completely, requiring you to re-install Windows.

We encourage you to try out the registry changes,  but only if you know what you are doing and if you do it with care.

After building a brand new Windows 7 ENT x64 laptop I ran into some issues.  The issues started shortly after finishing some updates.  Explorer.exe kept crashing every time I would right-click on an icon or try to use anything that used explorer.exe.  After searching the web for hours I found nothing that actually resolved the issue.  Pretty much everything out there pointed to doing a full restore or a clean installation.  I also found a couple posts that said once they deleted their profile and rebuilt it, everything worked.  Each of these is true but why waste the time and effort.  I am not sure about you but hearing from a Microsoft employee and having them tell you to do a clean install because it is hardware related or due to 3rd party software is getting real old.  Well you are in luck folks, because I have a solution that does not harm the machine and it can be done within 2 minutes.

Here is the error we were getting in our event logs;
The program Explorer.EXE version 6.1.7600.16404 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 810
Start Time: 01ca6d1f1aca747c
Termination Time: 0
Application Path: C:\Windows\Explorer.EXE
Report Id: 3fe9620d-d913-11de-8a55-00242cbe9d84

I ran every application I had that would point me in a direction of figuring out what was causing it and found nothing.  I decided to go through the 34 updates I had applied the day before and found an issue finally.  One of the updates was forcing the CEIP to execute.  *Dear Microsoft, why place something like this in an OS when you know it causes problems?*

The cause of the Windows Explorer crash is related to the SQM Client, which is part of the Customer Experience Improvement Program (CEIP). Under the default setting, where MachineThrottling is enabled in the registry, any calls to WinSqmStartSession in ntdll.dll file will cause Explorer to crash, or Windows Installer installation to fail.

So instead of waiting for a hotfix or an update from Microsoft, just remove and delete the MachineThrottling registry entry from system registry. The MachineThrottling registry entry is located inside the following registry key: HKLM\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions

*NOTE*  If you do not know what you are doing within the registry, stop and do not proceed.  Ask someone for help that knows what they are doing and can recover your registry if a failure occurs.

To make it easy you can just create your own little batch file with the following command;
reg delete HKLM\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions /v MachineThrottling /f

At this point you can close the registry and right-click on your file or icon and you should be good to go.

posted by: Myke Reinhold

Posted in Scripting, Registry, Microsoft, Desktops, Laptops | No Comments »

29. March 2009 by Myke.

There is a ton of buzz all over the media world about this worm and what it will do and how to tell if you have.  As complex as this worm is, it is also very simple to determine if you have it or not.

Step 1 - If you have Automatic Updates turned on, check to see if it is now turned off.  These reason is that this worm actually turns off updates to protect itself.

Step 2 - Manually run Microsoft Updates.  If you can run updates manually on your computer then you are okay.  This worm will actually prevent you from connecting to the update sites.

Now that we know how to check for it, how do you prevent it.  Very simple.  Keep your computer updated and make sure your anti-virus software is running and current.

What do you do if you have this worm?  You will want to contact your anti-virus software vendor and see if they can help you out.  If not and they want to charge you an arm and a leg, give it a go yourself.  There is a couple very easy to use and free tools you can use to remove it but it will take some patience.

• Malwarebytes Anti-Malware - You can grab this GREAT tool from www.malwarebytes.org.
• LavaSoft Ad-Aware - You can grab this great little removal tool from www.lavasoft.com.

Now that you have a couple of removal tools, start running them and cleaning.  A great tip is to update both pieces of this software and then run them from Safe Mode with your computer not on the network/Internet.

Good luck and happy hunting, so to speak.

Posted in Networking, Internet, Registry, Scripting, Security, Technical Questions, Laptops, Desktops, Microsoft, General Hardware, Servers | 1 Comment »

24. January 2009 by admin.

Now, when I say “pesky annoyance” I mean down right frustrating. Say your thumbnails won’t work on your xbox 360 when viewing items thrown out over media sharing and you’ve got this wonderful errors blasting around your event log:

Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Event ID:      10016
Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Now, just think about how tech-savvy you really are. You know what’s up. You’re going to go find out what application this is by finding the AppID in the registry then head over to Component Services and go fix this up, right? You start “dcomcnfg” and you browse over to “Thumbnail Cache Out of Proc Server” and try to modify it… no love. Greyed out options and all you’ve just been denied by your trusty operating system. You know you’re and administrator but behold, you’ve been given the finger by Windows.

No worries.

Someone, somewhere decided that they would make a security consideration here and grant only “Trustedinstaller” full control permission instead of Administrators. How dare they huh? To fix this up, do the following:

    1. Open Registry Editor and browse over to ‘HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AppID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}’
    2. Right click on the {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} key and choose “Permissions…”
    3. Just as you would a file, take ownership and assign it to ‘Administrators’ then go back and grant ‘Administrators’ the ‘full control’ permission.
    4. Restart dcomcnfg and modify away.

Once you’ve made your modifications and granted Local Activation permissions to NETWORK SERVICE, you should eliminate those errors.

This trick can be applied to ANY CLISD you can’t modify in Component Services DCOM Configuration.

Posted in Registry | No Comments »