Creating Event ID’s Manually

If you have ever needed to test a monitoring system like Overseer that monitors Event ID’s in the system log then this article is for you.

Say for example you set up a monitoring system to look for low disk space, or attacks on your  database. These kinds of alters might be hard to set up since you would need the event to actually occur before it will show up in the event viewer. So how can you test low disk space without actually causing your fileserver to come to a griding halt?

Issue – I need to create a event ID  without  actually creating an the issue that would normally generate the ID.

Solution – Open up a new command line (Start > CMD).
Then type the following text into the command line, dont worry Ill explain it in a seconds just dont hit eneter yet.

EventCreate /S HOSTNAME /ID 18456 /L Application /SO TestHacker /T Information /D “The quick brown fox jumps over the lazy dog”

Ok now lets take a look and see what we have here.
EventCreate – this is the windows function we are calling.
/S – this tells the command that we want to create a event on a remote computer, if you want to create the event on the computer your logged onto right friggin now, dont put this in.
HOSTNAME – this is going to be the server name or IP address that you want the event created on.
/ID 18456 – fill in the EventID number you want to create.
Application – this states that the event will be created by an application not the system.
/SO TestHacker – this is the source name
/T Information– This is the type of the event, there are 4 levels Warning, Error, Information,
Success.
/D – This is the text that the event ID will contain.

And there you have it!

Enable Administrative C$ Shares on Windows 8

With every new OS there will be new challenges, and Windows 8 is no exception. For example in windows you can commonly access the files on a PC (provided you have the authority) by simply typing the hostname and the disk letter followed by a $. I have outlined an example below:

3-6-2013 3-11-46 PM\\hostname\c$
\\hostname\e$
\\192.168.0.101\c$
You get the point, well in Windows 8 these are disabled by default, I know right. So instead of setting up your shares again lets just re-enable it really quickly!

 

Issue – Unable to connect to Windows 8 C$ shares

Solution – First of all you will need to be an  administrator  to access the registry.
On the computer you want to add the shares to start a new notepad document and paste in the following information:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
“LocalAccountTokenFilterPolicy”=dword:00000001

Now click File > Save As > Enable Shares.REG 
Now that you have saved the file simply run it to add it to the registry, you may need to reboot before it takes effect but from here on you will be able to access the shares.

 

 

 

 

Using Powershell to manage Data Deduplication | Server 2012 and Windows 8

Here is a quick guide on how to quickly check how well and when data deduplication will occur on Server 2012, and Windows 8 (if you have that installed, covered in  another  guide). Deduplication is a great way to save tons of space, its also built into Windows Server 2012 and can be added to Windows 8.

Issue – (any of the below)
I want to see how well deduplication is working,
I want to see when its running,
I want to force a data deduplication right now.
I hacked Windows 8 and dont have the server manager to see my disk space savings.
Windows 2012’s Server Manager takes a year to open, I just want to see some stats here people.


Solution –  First open up PowerShell, if you have removed it from the task bar then do a search for it then open it up.

/ ! \ It is important to note, you can not enable deduplication on the partition that windows is on. This will throw an error when you attempt to try and do this.

Once powershell is open we will be using the Get-Dedup commands see below for them.

First if you have not already enabled dedupe on a disk thats ok we can do that now. I will be using the drive letter E:\ as my example you will fill in your own disk where ever you see E:\ Type in Enable-DedupVolume E:

Set-DedupVolume E: -MinimumFileAgeDays 0 (This will set deduplication to run 24/7 as the file age is set to nothing this may cause high resource usage if you have lots of storage as it constly will try to  optimize  the system, I  recommended  3 days for a home file server. Microsoft  recommends 5 days.)

Start-DedupJob E: –Type Optimization (Now we want to run a single dedupe job to see how much we can save, since I dont want to wait for the system to check the age on all my files on my disk so lets just run it now. Give it about a  minute  to kick off the job and then we will check and see if its running.)

3-6-2013 2-57-18 PMGet-DedupStatus (This will output a simple list of your disks and how much space you have saved on them).

 

There you go! Dont forget to set the file age on the command Set-DedupVolume E: -MinimumFileAgeDays 5 or it will run constantly in the background! If your looking to add data deduplication to Windows 8 follow my guide here.

 

 

 

Adding Files and Documents to Windows 8 Metro UI

Recently I we recieved some tablets for new users and seeing as these were the first Windows 8 devices there are going to be tons of new questions, how do you combat this? Guides. Since in Windows 8 the default screen is the Metro UI it just makes sense to pin documents (PDF’s and whatnot) right there so the user can see them right when they start.

3-6-2013 1-13-21 PMIssue – Unable to pin Documents or Files to the Metro UI
When you try to Send To… or right click on the file in the Metro UI you will notice there is no pin option. Good news is this can simply be resolved.

 

 

3-6-2013 1-1-28 PMSolution – Take your document and create a new shortcut to to it by right click > Send to > Desktop (Create Shortcut).

Now you will need to put that new shortcut into: C:\ProgramData\Microsoft\Windows\Start Menu\Programs

 

3-6-2013 1-34-47 PMOnce the shortcut file is there simply open the Metro UI and hit Windows  keys; this will open the charms, hit Search on the top right.

Dont search for anything yet, you will see your shortcut that you just copied in the last step under the Apps section.

 

3-6-2013 1-37-15 PMSimply right click it (or pull down for touch devices) and you will see a Pin to Start button. Press it and your done!

There you go now you can add a bunch of guides, documents, and files right to the start menu of the computer.

Disable Windows 8 Store | Group Policy and Registry Edit

If your looking to keep users from opening the store and running apps there is good news! There are settings in both the registry and in group policy that allow you to do this. Here is a quick little guide on how its done.

3-4-2013 12-26-51 PMIssue – Users are accessing the store and installing apps.

Solution –
 If your not on a domain or dont want to use Group Policy then scroll down to the bottom for the registry edit. If not then start here.

 

3-4-2013 12-24-24 PM

First create a new group policy and open the Group Policy Management  Editor.
You will be looking under User Configuration / Policies / Administrative Templates / Windows Components / Store.

You will want to Enable this option.

 

 

Non-Domain / Registry method will be quicker however it would be more efficient in the future to use  Group Policy.

3-4-2013 12-49-30 PM

First open regedit (Press Start > Run > type regedit).

 

 

Then navigate to: HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsStore\
Create a new DWORD called “RemoveWindowsStore” set the value to 1.

There you have it! Store is officially closed so your users can get back to work.

-store-enable-disable-windows-8-store-disabled

 

Black Bar in right side of Internet Explorer

Recently I noticed a trend where some users were getting a  strange  black bar on the right side of their screen. Clicking in the empty space or on the scroll bar would cause  weird  behavior on the system and in Internet Explorer 9. So I have written a little guide on how to resolve this!

1Issue – Unable to remove black bar from the right side of Internet Explorer. Here is an image of Internet Explorer in Windows 7, you can clearly see the black bar on the right side of the browser.

 

 

 

2Solution –  First with Internet Explorer open press the Alt button on your keyboard, a menu will appear.

Navigate to the Tools tab.

Go down to Internet Options and click it. A new window will appear.

 

4In the Internet Options windows select the Advanced tab.

After choosing the Advanced Tab you will see Accelerated Graphics, this box will be unchecked. Check the box so it is no longer empty.  Now you will need to close then re-open Internet Explorer

5And here you are! No more black bar!
If you found this guide helpful please leave a comment!

 

 

 

Did this post help you resolve your issue? if so please leave me a note!