NTUSER.DAT.START My Windows 7 logon time could be measured in minutes.  So I tidied up my Roaming Profile.  4GB of space savings later, I was removing the last of the files in the 5 to 20MB range.  One of these files was NTUSER.DAT.START.

NTUSER.DAT is a copy of the user’s HKCU registry settings and is used with Roaming Profiles.

But this NTUSER.DAT.START file?

As it turns out, it’s created by the Citrix UPM product.

NTUSER.DAT is read at profile load and we copy it to NTUSER.DAT.START.

At the end we compare NTUSER.DAT.START and end of session NTUSER.DAT and create a difference file called NTUSER.DAT.NET.

At logoff we merge the changes in NTUSER.DAT.NET (apart from exclusions) into the NTUSER.DAT on the network file share.

At logoff it supposed to be deleted.  In my case it wasn’t, and since I didn’t have any Citrix sessions running, I deleted it.

Performance wise, it improved Windows 7 logon time by 15%

It, being a Microsoft enterprise hotfix rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1.

And the 15% logon time improvement was just when I applied it to the Windows 7 client.  We’re yet to apply it to our Windows 2008 server farm.

I first saw this hotfix mentioned at the Microsoft “Dude where’s my PFE?” blog.

Update 18th April:
It may cause issues with esri’s suite of products (ArcGIS, ArcInfo …)

How to recover a “WiFi” password from a Windows PC.

Or, “I’ve forgotten my Wireless password and don’t know how to retrieve it from my Windows 7 PC.”

I didn’t either, until today.

The background was that a customer was trying to add an iPad to their home network, and wasn’t able to, because they forgot their WiFi password.  So they called up.

There are three ways I found to recover a WiFI password.

1. WirelessKeyView by NirSoft.
This utility works, but some anti-virus products report it as malware.  That is a bit of a put off for (less experienced) end users.

WirelessKeyiew has the advantage of working on Windows XP as well.

2. LastPass.
The LastPass password manager has a built-in WiFi password import tool.  It works very well, but the flaw with LastPass is that you need to convince your user to install it, which means getting the user to sign up for a free account.
Lastpass WiFi 

3. Use the built-in Windows “netsh” command.
From an administrator command line, type:
     netsh wlan export profile key=clear
and then press Enter.

Interface profile "GoldFish" is saved in file ".\Wireless Network Connection
-GoldFish.xml" successfully.

This will cause “Wireless profile file(s)” to be written to the current directory.  Here is the contents of the Wireless Network Connection file for my GoldFish WiFi network.

<?xml version="1.0"?>
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
                <keyMaterial>T-Man Colt 1911 These Boy Billards</keyMaterial>


My GoldFish WiFi is highlighted in blue above, between the <keyMaterial> fields.
ie. “T-Man Colt 1911 These Boy Billards”

Slow startup and/or logon times with Windows 7?

Our users were complaining of slow startup and logon performance with our Windows 7 fleet.  We got Microsoft in.  One of the things they recommended was deploying two hotfixes:

An update that improves the startup performance of Windows 7 and of Windows Server 2008 R2 is available
Svchost.exe holds a lock on a service when the libraries for the service are loaded. This behavior prevents other services in the same Svchost.exe instance from starting until the call to the LoadLibrary function is returned.


You experience a long domain logon time in Windows 7 or in Windows Server 2008 R2 after you deploy Group Policy preferences to the computer
Issue 1
Assume that you have a client computer that is running Windows 7 or Windows Server 2008 R2 in a domain environment. You deploy Group Policy preferences (GPP) to the client computer by using item-level targeting using security groups. In this situation, a user of the client computer experiences a long domain logon time. This issue becomes more noticeable if the domain controller is only reachable over a slow link.
Issue 2
When you apply GPP by using item level targeting for security groups, local ports are leaked in an OPEN_WAIT state. After some time, the nonpaged pool is depleted and the computer stops responding.

They both worked very well in our environment.

Busted laptop–one of those Family/Friends/Neighbour deals.

The friend reported that their Windows 7 Dell laptop was bluescreen-ing.

Now this was going to be a post about how simple it was to fix, but as it turns out, it was one of the more difficult problems I’ve worked on. If it was a customer laptop, I would have just re-imaged it and that would have been that. But as it was for a friend, there was the issue of no Dell Recovery Disks and no backups. And there was the small matter of pride involved …

Long story short:
The laptop had two viruses, removing those viruses broke the Dell Recovery partition and the laptop now constantly blue screened. I created a custom Windows 7 install USB stick to fix the laptop.

The long story follows below

Loading up the Action Center, the Bluescreen code was 0000001E. Windows 7 suggested that the fix was Microsoft Security Advisory: Update for the Windows Operating System Loader. But before applying that patch, I ran the Malicious Software Removal Tool. It found the Trojan:DOS/Alureon.a virus.

The laptop had McAfee AV installed.
Now McAfee in my opinion is a piece of crap. Certainly didn’t do much protecting in this case. I grabbed a copy of Microsoft Security Essentials and installed it. It detected TrojanDownloader:Win32/Unruy.H

At the end of the scan, after trying to completely remove the virus, Microsoft Security Essentials suggested that I download the System Security Sweeper. Which has now been renamed Windows Defender Offline. Windows Defender Offline is, essentially a version of Microsoft Security Essentials, on it’s own boot CD/USB.

Windows Defender Offline removed the virus. But it broke the Dell Recovery partition, and Windows boot loader.

At this stage, if it was MY laptop, I would have just thrown on a generic Windows 7 Home Premium edition. But this was a friend’s Dell laptop which came bundled with Office 2010 and other stuff, such as webcam software. To give you some idea of the amount of extra “stuff” Dell bundled, consider this. A standard Windows 7 image file is 2.1GB in size. The Dell one? 6.1GB. Close to 3 times the size.

Remember earlier I said I didn’t have the Dell Recovery DVDs? The tech consensus is that “if you don’t have a copy of the Recovery DVDs, you’re screwed.“. And most of the time, they’d be right.
I had copies of the Dell image files (preload.wim & factory.wim). I didn’t have a way to create the Recovery DVDs. So I was stuck with a 6.1GB image file I couldn’t use. But I did have a generic Windows 7 Home Premium install USB stick.

The Windows 7 Home Premium install USB stick.
I created the USB stick from the Home Premium ISO file, by using the Windows USB creator utility. The reason for using a USB stick is that it allowed me to replace the generic install.wim image file with the Dell factory.wim image. And this worked! Yay for me! I was able to re-image the laptop with the Dell factory image.

After the new Dell install.
The first thing I did was install Windows Service Pack 1. It was a toss up between installing that first, or the Microsoft Security Essentials (MSE) anti-virus program. My thought was that it was better to get the SP1 done first, then install other programs on top of that.

The rest was easy. Installed the security updates for Windows 7, Acrobat Reader, Skype and assorted Dell utilities.

And I removed McAfee anti-virus. 🙂

MaxPatchCacheSize and Windows 7

So I was building a Windows 7 virtual machine, so I could play “Gardens of Time” as GoT doesn’t work on my Windows 2008 R2 box …, and I went looking for MaxPatchCacheSize setting in the registry.

I didn’t have access to the internet* and I wanted to set the setting so I could save space on my VM.  But the setting isn’t in the registry by default!

So as it’s a “policies” registry setting, I was able to find it in the Local Group Policy Editor (gpedit.msc):
Baseline file cache maximum size

The policy is called “Baseline file cache size”:

This policy controls the percentage of disk space available to the Windows Installer baseline file cache.

The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied.

If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache.

If you set the baseline cache size to 0, the Windows Installer will stop populating the baseline cache for new updates. The existing cached files will remain on disk and will be deleted when the product is removed.

If you set the baseline cache to 100, the Windows Installer will use available free space for the baseline file cache.

If you disable this policy setting or if it is not configured the Windows Installer will uses a default value of 10 percent for the baseline file cache maximum size.

Changing the setting in the Local Group Policy Editor created the HKLM\Software\Policies\Microsoft\Windows\Installer\MaxPatchCacheSize key.

* – if I did have access to the internet, I would have remembered that I could have done this with a simple reg.exe command:
reg add HKLM\Software\Policies\Microsoft\Windows\Installer /v MaxPatchCacheSize /t REG_DWORD /d 0 /f

I wrote about that here.

The Case of the Windows FTP.EXE not working from the corporate network.

The heading alone should tell you the answer, particularly if I add ACTIVE FTP to it.

You see, most Corporate IT people consider ACTIVE FTP a bad thing, and block it at the internet gateway.  Sure FTP works within the company network, but as soon as you try to FTP something from outside the company network, it will fail.

The FTP clients that ship with Windows do not support passive mode. Therefore, they always need to negotiate a data port when issuing a command that returns data.
Windows FTP Client Receives Error Message 425 (MS KB271078)

But here’s the strange thing, it DID work on our network until two months ago.  I suspect our corporate IT security people have finally gotten around to locking down ACTIVE FTP, which was identified as a vulnerability back in 2000.

After much searching around, I settled on MOVEit Freely, as it’s a “drop-in” alternative to Microsoft’s FTP.EXE.

Some of the alternatives I looked at:

Send quote PASV within the FTP client.
Does not work.  It only sets the server to PASSIVE mode, not the client.

FTP_FOR_WIN32 from the GNU Project
Works, except it’s missing a couple of features, such as –s batch command(s).

NcFTP Client
Works, except it’s missing a couple of features, such as –s batch command(s).

MOVEit Freely
This is the one I decided to use, first saw it discussed here:
FTP Clients – Part 5: MOVEit Freely Command-Line Secure FTP Client

Passive FTP
Would definitely work, except that it’s a commercial product (at $29.95USD).  We’d prefer free.

TransSoft FTP Performer
Commercial product 🙁

GNU Wget
Yes it works, but the customer would have to modify their VBA scripts quite a bit to work with it.

Removing old update backup files from Windows XP and Windows 7

Windows XP Update Remover

Before I release a new Windows XP standard operating system image, I use a utility called “Windows XP Update Remover”.  I do this to reduce the number of “$NTuninstall” directories and to save some disk space.

Sure, 400MB isn’t that much in the world of 1000 gigabyte drives, but if it reduces the GHOST image size but that much, it should make a desktop deployment just that little bit faster.

With Windows 7, I’d just use the built-in Disk Cleanup Utility.


Programs I always install on my work PC.

Back in February 2009, I wrote the “21 programs I always install on my work PC” post.

It’s time to revisit that, as I’m supporting Windows 7 & Windows XP environments these days.

Application WinXP Win7 Reason
Adobe Flash X X Everything on the web seems to be Flash based now.
AWE Sync   X Syncs my Lotus Notes calendar entries to my Google Calendar
CD Burner XP   X A freeware CD/DVD burner which is really good.
Firefox Browser   X Website testing
Google Chrome  / Enterprise version   X Website testing
Group Policy Management Console X   Group Policy Management
HTTPS Everywhere plugin   X  
ImgBurn   X Lightweight CD/DVD image burning application.
IZarc X   For creation of self extracting archives.
KB SSL Enforcer X X  
Paint.Net X X A free image and photo editor for Windows.
Password Manager XP     It’s the password manager I use for work related passwords.
Process Explorer X X Troubleshooting
Process Monitor X X Troubleshooting
PrimalScript 2007 X X The best VBscript editor and debugger I have ever used.
SCCM Client Center X X SMS/SCCM Management
Systems Management Server 2003 Toolkit 2 X   I work with SMS servers …
SyncBackSE   X It’s backup software. I use it to keep my portable hard drive synced my work computer.
Sun Java X X Like Adobe Flash, everything seems Java based as well.
TrueCrypt   X TrueCrypt is a disk encryption program, which I use to secure USB memory sticks , and my portable hard disk, with.
Windows Grep X X A text file search tool. Very handy for searching log files quickly.
W2K3 SP2 Admin Tools X   Active Directory tools


Only installed when I need it.

Beyond Compare
Used for comparing files and directories to see what is different.

Cool Timer
A countdown timer program which I use to remind me to check things at intervals.

File and disk deleting software.  I talked about it in Deleting files so they can’t be recovered

Takes a screenshot of your screen every x seconds.  As I have to fill in a timesheet, it helps me to remember what things I’ve done during the day.  The product itself can do a bundle more than what I use it for.

Bookmark and Share