Archive for November, 2012

A special note for those downloading Windows Server Update Services 3.0 Service Pack 2 (KB2734608)

November 23, 2012 Leave a comment

Official information about this update is available here:

This update to WSUS 3.0 SP2 is very significant in that it adds operating system patching support for Windows 8 and Windows Server 2012 WSUS clients. In addition, it also fixes minor issues with KB2720211 (which is included in this update). For stand-alone WSUS environments this update also includes the updated version of the Windows Update Agent (WUA): 7.6.7600.256 which addresses security vulnerabilities of the Windows Update client component.

When KB2734608 is installed and you are leveraging the WSUS server engine as a Software Update Point in Configuration Manager, you may notice that when the new catalog is downloaded, the changes in that catalog structure may trigger some unexpected changes in the existing patch management database. Some existing patches may show as Invalid and may require to be re-download and re-distributed throughout the Configuration Manager hierarchy. It is highly likely that some enterprise administrators may not desire this.  

A Hotfix to the Rescue!

To prevent these actions from occurring, Microsoft released the hotfix (KB2783466.) This hotfix has to be applied to all Configuration Manager SUP/WSUS systems if  the KB2734608 was applied and preferably before the next Patch Tuesday cycle (December 11th, 2012). If you have not applied the hotfix KB2734608, then applying this hotfix prevents the unnecessary re-downloading and re-distribution of existing patches. Official information about the hotfix can be found here:

Information Regarding the Updated Windows Update Agent

As described above, the KB2734608 update includes a new version of the Windows Update Agent. On standard WSUS systems, they will push out the new updated Windows Update Agent automatically to clients once the KB2734608 is installed. However, for Configuration Manager 2007 systems, the Windows Update Agent is not leveraged in the same way as standalone WSUS systems; therefore the update does not occur automatically. The security issue addressed by the Windows Update Agent update does not impact Configuration Manager, as Configuration Manager does not download their content through the Windows Update Agent. It only leverages the WU APIs for scanning and installation. The update binaries delivered through the Configuration Manager Software Update component are delivered directly from the distribution point, not through a WUA call to WU/MU or WSUS for content. There is no vulnerability exposure here for Configuration Manager Software Update Management clients, thus no need to update the Windows Update Agent to this version.

However if customers would like to upgrade WUA to the latest revision it is recommended to create software distribution command line only package from Configuration Manager  using the following command to initiate update process:

wuauclt /detectnow

This package will have to be applied to all managed systems.

Why is Internet Explorer Crashing on Shutdown? An interesting App-V-related Issue . . .

November 20, 2012 Leave a comment

Recently, I came across something very interesting. I was working with a customer who was working with several internally developed applications that leveraged HTML files by creating links that would open them inside the user’s default browser. These applications can easily be virtualized with both App-V 5.0 and 4.6 (VAE, <LOCAL_INTERACTION_ALLOWED>)

What was happening was that these applications were behaving oddly when running virtualized with App-V. The applications would trigger the local browser (running outside the bubble) for these help documents (in this example, Internet Explorer 8.) While there were no issues with this particular function, every time a user would close one of the Internet Explorer windows containing one of these documents, the window would disappear as normal. Then, almost a second or two later, a window would pop up stated that the application had crashed.

Oddly enough, we knew pretty quickly that this had to be somewhat environmental because we could never prove these issues on a vanilla test machine. This was not due to a limitation or a potential code defect within the App-V virtualization engine. After rudimentary elimination of all factors (I.E Settings, App-V, GPO, branding from the IEAK) – we decided to just cut to the chase and debug it with WINDBG to determine why we could not reproduce the issue outside the customer’s environment.

Of course there are several ways to collect user dumps (process dumps.) In this case, the issue was happening on Windows 7 so often, the default AE (Application Experience) debugger – WER (Windows Error Reporting) will suffice. We configured WER to generate a user dump by making a few registry changes.
We gave the customer the following .REG file to import into one of the offending machines.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsWindows Error ReportingLocalDumps]
This created a full user process dump and it put the location of the user dumps in the C:Dumps folder.

Then once we had the user dump we took a look at the stack trace of the corrupting shutdown thread inside of WINDBG:

0:000> k
ChildEBP RetAddr 
0013f714 77476a04 ntdll!KiFastSystemCallRet
0013f718 75656a36 ntdll!NtWaitForMultipleObjects+0xc
0013f7b4 75dfbd1e KERNELBASE!WaitForMultipleObjectsEx+0x100
0013f7fc 75dfbd8c kernel32!WaitForMultipleObjectsExImplementation+0xe0
0013f818 75e105df kernel32!WaitForMultipleObjects+0x18
0013f884 75e1087a kernel32!WerpReportFaultInternal+0x186
0013f898 75e10828 kernel32!WerpReportFault+0x70
0013f8a8 75e107a3 kernel32!BasepReportFault+0x20
0013f934 774a7f02 kernel32!UnhandledExceptionFilter+0x1af
0013f93c 7744e324 ntdll!__RtlUserThreadStart+0x62
0013f950 7744e1b4 ntdll!_EH4_CallFilterFunc+0x12
0013f978 77477199 ntdll!_except_handler4+0x8e
0013f99c 7747716b ntdll!ExecuteHandler2+0x26
0013f9c0 7744f98f ntdll!ExecuteHandler+0x24
0013fa4c 77476ff7 ntdll!RtlDispatchException+0x127
0013fa4c 5483ccd4 ntdll!KiUserExceptionDispatcher+0xf
WARNING: Frame IP not in any known module. Following frames may be wrong.
0013fd60 7748d690 <Unloaded_PseudoServerInproc.dll>+0xccd4
0013fd7c 7748e3d9 ntdll!RtlProcessFlsData+0x57
0013fe14 7748e12f ntdll!LdrShutdownProcess+0xbd
0013fe28 75e0bbd6 ntdll!RtlExitUserProcess+0x74
0013fe3c 775836dc kernel32!ExitProcessStub+0x12
0013fe48 77583371 msvcrt!__crtExitProcess+0x17
0013fe80 775836bb msvcrt!doexit+0xac
0013fe94 0103129e msvcrt!exit+0x11
0013ff1c 75dfed4c iexplore!__wmainCRTStartup+0x164
0013ff28 7749377b kernel32!BaseThreadInitThunk+0xe
0013ff68 7749374e ntdll!__RtlUserThreadStart+0x70
0013ff80 00000000 ntdll!_RtlUserThreadStart+0x1b
There was this external DLL (not part of the standard Windows build) that was loaded into the stack and ad appeared to be partially or fully unloaded by the time that WER could capture the exception. We wanted to see if this DLL was being injected by way of AppInit_DLLs key. At the time, we did not know what this particular DLL was part of. All we knew was PseudoServerInproc.dll appears to be an unknown DLL that was injected into the IE process
We went to AppInits_DLL in the registry and found the MFAHook which is a commonly known master hook DLL used in Citrix products. We disengaged all DLLS in that Key by using the following .REG file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
The issue immediately went away. Now that we knew it was tied to one of ythe Citrix products being leveraged on the machine, we went back to the AppInit_DLL key to examine MFAHook. This will require us going further to investigate which specific hook DLL is the issue. We know the DLL was PseudoServerInproc.dll
So we went into the Citrix configuration to get all of the specific hook agents and the processes they inject into and found our DLL under the following registry key:
Key: HKEY_LOCAL_MACHINESOFTWARECitrixCtxHookAppInit_DllsHDXMediaStreamForFlash
Value: FilePathName
Data: C:\Program Files\Citrix\ICAService\PseudoServerInproc.dll

A subkey denotes the exe’s it hooks into:
We found that by deleting it – this also fixed the issue. Upon further investigation with Citrix, we found that this was related to a known issue with one of there products from their VDI suite – AND – they already had a fix for this issue (which worked like a champ!~)

More info here:

On a side note, if you want to use a more extensive tool for collecting these kind of crashes for analysis, I would highly encourage you to download ProcDump and configure it to be your default application experience debugger. You can enable it by importing the following .REG file:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAeDebug]
“Debugger”=”C:\procdump\procdump.exe /accepteula -ma %ld C:\Dumps”

[HKEY_LOCAL_MACHINESOFTWAREWoW6432NodeMicrosoftWindows NTCurrentVersionAeDebug]
“Debugger”=”C:\procdump\procdump.exe /accepteula -ma %ld C:\Dumps”

“Debugger”=”C:\procdump\procdump.exe /accepteula -ma %ld C:\Dumps”

“Debugger”=”C:\procdump\procdump.exe /accepteula -ma %ld C:\Dumps”
This will register Procdump as the default post-mortem debugger instead of WER. It will intercept the exception and will store a dump file in the specified folder.

Windows 8: For Those of us who Still Prefer Keyboard Shortcuts to Touch Screens – WE SALUTE YOU!!

November 12, 2012 2 comments

Yes, I admit it. I am using Windows 8 on both a traditional desktop PC and a laptop (They’ll take my Lenovo W520 from MY COLD DEAD HAND!)

So the Start Screen is not touch enabled on these devices, true. But it does not mean we cannot take advantage of this new feature in Windows 8 from a keyboard perspective. If you came of age in the 1980’s like me (yes, I am aware I am revealing my age) you are more comfortable with the keyboard. Well, Windows 8 is full of keyboard shortcuts that allow those of us who came of digital age in the last century – a way to quickly navigate this new interface.

Below is a comprehensive list of nifty keyboard shortcuts that leverage the “Windows” key. You know, the special key that started to appear on PC’s after the release of Windows ’95. I hope you find them as useful for your productivity as I have!


Windows key: Switch between Modern Desktop Start screen and the last accessed application

Windows key + C: Access the charms bar

Windows key + Tab: Access the Modern Desktop Taskbar

Windows key + I: Access the Settings charm

Windows key + H: Access the Share charm

Windows key + K: Access the Devices charm

Windows key + Q: Access the Apps Search screen

Windows key + F: Access the Files Search screen

Windows key + W: Access the Settings Search screen

Windows key + P: Access the Second Screen bar

Windows key + Z: Brings up the App Bar when you have a Modern Desktop App running

Windows key + X: Access the Windows Tools Menu

Windows key + O: Lock screen orientation

Windows key + . : Move the screen split to the right

Windows key + Shift + . : Move the screen split to the left

Windows key + V: View all active Toasts/Notifications

Windows key + Shift + V: View all active Toasts/Notifications in reverse order

Windows key + PrtScn: Takes a screenshot of the screen and automatically saves it in the Pictures folder as Screenshot

Windows key + Enter: Launch Narrator        

Windows key + E: Open Computer

Windows key + R: Open the Run dialog box

Windows key + U: Open Ease of Access Center

Windows key + Ctrl + F: Open Find Computers dialog box

Windows key + Pause/Break: Open the System page

Windows key + 1..10: Launch a program pinned on the Taskbar in the position indicated by the number

Windows key + Shift + 1..10: Launch a new instance of a program pinned on the Taskbar in the position indicated by the number

Windows key + Ctrl + 1..10: Access the last active instance of a program pinned on the Taskbar in the position indicated by the number

Windows key + Alt + 1..10: Access the Jump List of a program pinned on the Taskbar in the position indicated by the number

Windows key + B: Select the first item in the Notification Area and then use the arrow keys to cycle through the items Press Enter to open the selected item

Windows key + Ctrl + B: Access the program that is displaying a message in the Notification Area

Windows key + T: Cycle through the items on the Taskbar

Windows key + M: Minimize all windows

Windows key + Shift + M: Restore all minimized windows

Windows key + D: Show/Hide Desktop (minimize/restore all windows)

Windows key + L: Lock computer

Windows key + Up Arrow: Maximize current window

Windows key + Down Arrow: Minimize/restore current window

Windows key + Home: Minimize all but the current window

Windows key + Left Arrow: Tile window on the left side of the screen

Windows key + Right Arrow: Tile window on the right side of the screen

Windows key + Shift + Up Arrow: Extend current window from the top to the bottom of the screen

Windows key + Shift + Left/Right Arrow: Move the current window from one monitor to the next

Windows key + F1: Launch Windows Help and Support

PageUp: Scroll forward on the Modern Desktop Start screen

PageDown: Scroll backward on the Modern Desktop Start screen

Esc: Close  a charm

Ctrl + Esc: Switch between Modern Desktop Start screen and the last accessed application

Ctrl + Mouse scroll wheel: Activate the Semantic Zoom on the Modern Desktop screen

Alt: Display a hidden Menu Bar

Alt + D: Select the Address Bar

Alt + P: Display the Preview Pane in Windows Explorer

Alt + Tab: Cycle forward through open windows

Alt + Shift + Tab: Cycle backward through open windows

Alt + F: Close the current window Open the Shut Down Windows dialog box from the Desktop

Alt + Spacebar: Access the Shortcut menu for current window

Alt + Esc: Cycle between open programs in the order that they were opened

Alt + Enter: Open the Properties dialog box of the selected item

Alt + PrtScn: Take a screen shot of the active Window and
place it in the clipboard

Alt + Up Arrow: Move up one folder level in Windows Explorer
(Like the Up Arrow in XP)

Alt + Left Arrow: Display the previous folder

Alt + Right Arrow: Display the next folder

Shift + Insert: CD/DVD Load CD/DVD without triggering
Autoplay or Autorun

Shift + Delete: Permanently delete the item (rather than
sending it to the Recycle Bin)

Shift + F6: Cycle backward through elements in a window or
dialog box

Shift + F10: Access the context menu for the selected item

Shift + Tab: Cycle backward through elements in a window or
dialog box

Shift + Click: Select a consecutive group of items

Shift + Click on a Taskbar button: Launch a new instance of
a program

Shift + Right-click on a Taskbar button: Access the context
menu for the selected item



Ctrl + A: Select all items

Ctrl + C: Copy the selected item

Ctrl + X: Cut the selected item

Ctrl + V: Paste the selected item

Ctrl + D: Delete selected item

Ctrl + Z: Undo an action

Ctrl + Y: Redo an action

Ctrl + N: Open a new window in Windows Explorer

Ctrl + W: Close current window in Windows Explorer

Ctrl + E: Select the Search box in the upper right corner of
a window

Ctrl + Shift + N: Create new folder

Ctrl + Shift + Esc: Open the Windows Task Manager

Ctrl + Alt + Tab: Use arrow keys to cycle through open

Ctrl + Alt + Delete: Access the Windows Security screen 

Ctrl + Click: Select multiple individual items

Ctrl + Click and drag an item: Copies that item in the same

Ctrl + Shift + Click and drag an item: Creates a shortcut
for that item in the same folder

Ctrl + Tab:  Move
forward through tabs

Ctrl + Shift + Tab: Move backward through tabs

Ctrl + Shift + Click on a Taskbar button: Launch a new
instance of a program as an Administrator

Ctrl + Click on a grouped Taskbar button: Cycle through the
instances of a program in the group



F1: Display Help

F2: Rename a file

F3: Open Search

F4: Display the Address Bar list

F5: Refresh display

F6: Cycle forward through elements in a window or dialog box

F7: Display command history in a Command Prompt

F10: Display hidden Menu Bar

F11: Toggle full screen display

Tab: Cycle forward through elements in a window or dialog

PrtScn: Take a screen shot of the entire screen and place it
in the clipboard


Home: Move to the top of the active window

End: Move to the bottom of the active window

Delete: Delete the selected item

Backspace: Display the previous folder in Windows
Explorer  Move up one folder level in
Open or Save dialog box

Esc: Close a dialog box


Num Lock Enabled + Plus (+): Display the contents of the
selected folder 

Num Lock Enabled + Minus (-): Collapse the selected folder

Num Lock Enabled + Asterisk (*): Expand all subfolders under
the selected folder    


Press Shift 5 times Turn StickyKeys on or off

 Hold down right Shift
for 8 seconds Turn FilterKeys on or off

 Hold down Num Lock
for 5 seconds Turn ToggleKeys on or off

Windows 8: Shutdown, Logoff, and Restart

November 12, 2012 4 comments

I’ve noticed that there has been a lot of adjustments and learning curves to Windows 8 – from both consumer and enterprise customers.
Moving from a Start Menu to a Start Screen seems like a significant paradigm shift at first, but once you start working with Windows 8 on a standard laptop or PC, you will find that once you get your desktop and taskbar re-customized with your pinned preferences and shortcuts, the experience for desktop, taskbar, and file exploration is very similar with some subtle enhancements.

For those who are using touch devices, such as the Surface or the Samsung Series tablets, the Start screen is very user-friendly and quite simple to navigate. It is an interface optimized for the touch screen experience. But for those of us (including myself) who are using Windows 8 on a traditional PC or laptop without a touch screen, there will be a simple, short learning curve. One that took me all of 24 hours to adjust to the new screen. One of the first things I noticed was the fact that there was not a default visible key on the start screen for Shutdown, Logoff and Reboot. So I decided to do what a lot of my peers were doing: a little customization! If you would like to
find Log Off, Shutdown, and Restart options added to your modern UI, you can do so with this convenient little script. Just follow these simple steps:

1.)   Open up Notepad on your Windows 8 machine.

2.)   Paste the following code into your document

set WshShell = WScript.CreateObject(“WScript.Shell”)

strStartMenu = WshShell.SpecialFolders(“StartMenu”)

set oShellLink = WshShell.CreateShortcut(strStartMenu & “Shutdown.lnk”)

oShellLink.TargetPath = “%systemroot%System32shutdown.exe”

oShellLink.Arguments = “-s -t 0”

oShellLink.WindowStyle = 1

oShellLink.IconLocation = “%systemroot%System32shell32.dll,27”

oShellLink.Description = “Shutdown Computer (Power Off)”

oShellLink.WorkingDirectory = “%systemroot%System32”


Set oShellLink = Nothing

set oShellLink = WshShell.CreateShortcut(strStartMenu & “Log Off.lnk”)

oShellLink.TargetPath = “%systemroot%System32shutdown.exe”

oShellLink.Arguments = “-l”

oShellLink.WindowStyle = 1

oShellLink.IconLocation = “%systemroot%System32shell32.dll,44”

oShellLink.Description = “Log Off (Switch User)”

oShellLink.WorkingDirectory = “%systemroot%System32”


Set oShellLink = Nothing

set oShellLink = WshShell.CreateShortcut(strStartMenu & “Restart.lnk”)

oShellLink.TargetPath = “%systemroot%System32shutdown.exe”

oShellLink.Arguments = “-r -t 0”

oShellLink.WindowStyle = 1

oShellLink.IconLocation = “%systemroot%System32shell32.dll,176”

oShellLink.Description = “Restart Computer (Reboot)”

oShellLink.WorkingDirectory = “%systemroot%System32”


Set oShellLink = Nothing

Wscript.Echo “Created Shutdown, Restart and Log Off buttons in your Programs Menu. You can now pin them to the Start Screen of your Windows 8 computer.”

3.)   Save the file as Button.vbs on to your desktop.

4.)   Close Notepad.

5.)   Navigate to your Windows Desktop. NOTE: there is a tile on your desktop for it.

6.)   Double-click on the button.vbs file to execute the script, and click “OK” on the message.

7.)   Press the Windows key and VOILA! You will find Log Off, Shutdown and Restart icons added on the Windows 8 Modern Desktop.

Categories: Uncategorized Tags: ,