Posts
  • LeoPonti Blog

    Install Printer Drivers with PowerShell in Windows 8

    Summary : Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell in Windows 8 to install printer drivers. Microsoft Scripting Guy, Ed Wilson, is here. This morning, it is rainy and overcast here in Charlotte, North Carolina, but it...
  • LeoPonti Blog

    PowerTip: Use PowerShell to Get Printer Configuration

    Summary : Use Windows PowerShell in Windows 8 to find your printer configurations. How can I use Windows PowerShell in Windows 8 to get the printer configuration of all printers? Use the Get-Printer function, and pipe it to Foreach-Object and the...
  • LeoPonti Blog

    Use PowerShell to Create New Printer Ports

    Summary : Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell 3.0 to create new printer ports in Windows 8. Microsoft Scripting Guy, Ed Wilson, is here. One of the exciting things that is happening around the Scripting House is...
  • LeoPonti Blog

    PowerTip: Use PowerShell to Verify Secure Boot Policy

    Summary : Use Windows PowerShell to verify your Secure Boot policy in Windows 8. How can I verify that the Secure Boot policy is enabled in my computers running Windows 8? Use the Get-SecureBootPolicy cmdlet: Get-SecureBootPolicy...( read more...
  • LeoPonti Blog

    Use PowerShell to Test Remote Printers

    Summary : Learn how to use Windows PowerShell to test remote printers. Hey, Scripting Guy! I don’t know what it is, but for some reason printing still seems to be a pain. I mean, we have been using the network for a long time, and something as...
  • LeoPonti Blog

    Autoruns v11.70, Bginfo v4.20, Disk2vhd v1.64, Process Explorer v15.40

    Autoruns v11.70 : This release of Autoruns, a powerful utility for scanning and disabling autostart code, adds a new option to have it show only per-user locations, something that is useful when analyzing the autostarts of different accounts than the one that Autoruns is running under. Bginfo v4.20 : BgInfo, a utility that creates custom desktop backgrounds that display system information, now correctly reports version information for Windows 8.1 and Windows Server 2012 R2. Disk2vhd v1.64 : This update to Disk2Vhd, a tool for converting physical system disks to VHDs for use by virtual machines, now supports disk sizes of up to 2 TB. Process Explorer v15.40 : Process Explorer, a Task Manager replacement, now shows WMI providers hosted in Wmiprvse processes (thanks to Mohamed Elghetany for contributions); includes an option that configures it to automatically run when you logon; and introduces a process view column that shows process DPI awareness support on Windows 8.1 systems.
  • LeoPonti Blog

    Update: Autoruns v11.62

    Autoruns v11.62 : This release fixes a bug in version 11.61’s jump-to-image functionality.
  • LeoPonti Blog

    Updates: Mark's TechEd Sessions, Autoruns v11.61, Strings v2.52, ZoomIt v4.5

    Mark’s TechEd Sessions Available On-Demand : Mark delivered four top-rated sessions at Microsoft’s TechEd US conference two weeks ago, and the recordings are available now for on-demand viewing. In Windows Azure Infrastructure Services, he gives an overview of the deployment and operation of Virtual Machines and Virtual Networks; in Windows Azure Internals Mark goes under the hood of Windows Azure to show its physical and logical datacenter architecture and operation; in Case of the Unexplained you’ll see how to use the Sysinternals tools to solve impossible problems; and in Malware Hunting with the Sysinternals Tools you’ll learn how to use Sysinternals tools to identify and clean malware infestations. Autoruns v11.61 : Autoruns is a utility for managing autostarting applications, DLLs and services. This update adds more autostart locations, fixes a bug that could cause a crash when Autorunsc is directed to calculate file hashes, and fixes a bug in Autoruns’ jump-to-image functionality on 64-bit Windows. Strings v2.52 : This release fixes a bug that prevented the previous one from running on Windows XP. Zoomit v4.5 : Zoomit is a screen zooming and annotation tool for technical presentations. This release introduces better support for zooming in on Windows 8 Windows Store applications.
  • LeoPonti Blog

    Updates: Autoruns v11.6, Procexp v15.31, Procmon v3.05, Sigcheck v1.92

    Autoruns v11.6 : Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points. This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc output. Sigcheck v1.92 : Sigcheck is a command-line utility for reporting image version and signature information. With this update, it now includes support for Authenticode SHA256 hashes, which is the same hash type used to identify images by AppLocker. Process Explorer v15.31 : Process Explorer is a powerful process management utility. This update fixes a bug with copying text from the process properties dialog and adds an option to disable the heatmap display in the process view. Process Monitor v3.05 : Process Monitor is a powerful file, registry, process, thread and network monitoring tool. This update adds a context-menu entry that opens the filter edit dialog with contents prepopulated with the specified row and column value.
  • LeoPonti Blog

    Updates: Accesschk v5.11, Procdump v6.0, RAMMap v1.22, Strings v2.51

    AccessChk v5.11 : AccessChk, a command line utility for dumping the effective permissions and security descriptors for files, registry keys, processes, tokens, object manager objects, now prefixes Windows 8 application container SIDs with the word “Package”, and includes several minor bug fixes. Procdump v6.0 : Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and exceptions. Version 6.0 is a major upgrade that adds the ability to specify multiple filters, attach to a process by service name, and display/filter on the message text of a CLR or JScript exception. RAMMap v1.22 : RAMMap is a graphic utility that shows the breakdown of physical memory usage across different dimensions. This release fixes a bug that could cause a crash when accessing the cached files page when a cached file’s name exceeded a certain length. Strings v2.51 : This update to Strings, a command-line utility that prints a file’s embedded Unicode and ASCII strings, fixes a signed file offset printing bug.
  • LeoPonti Blog

    Updates: Autoruns v11.5, Du (Disk Usage) v1.5, Procdump v5.14, Procmon v3.04, Ru (Registry Usage) v1.0

    Autoruns v11.5 : This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved to navigate directly to files rather than their parent directory. Disk Usage (Du) v1.5 : Du, a command-line utility for reporting the disk space consumed by directories and their files, has expanded CSV output that includes file and directory counts, as well as an option for tab-delimiting, which is a format more convenient for import into Excel than comma-delimited. ProcDump v5.14 : This release of Procdump, a command-line utility that enables the capture of process dumps based on numerous trigger types including on-demand, doesn’t report process exceptions unless the exception trigger is specified. Process Monitor v3.04 : Procmon, a power system activity monitor, now includes support for new Windows 8 file information query types and fixes a bug in the tooltip handling. Registry Usage (RU) v1.0 : Ru (Registry Usage) is a new command-line utility that reports the size, value and subkey counts of registry keys. Like its Sysinternals Du (Disk Usage) counterpart, Ru can help you find the keys that contribute to registry bloat.
  • LeoPonti Blog

    Updates: Pendmoves v1.2, Process Explorer v15.3, Sigcheck v1.91, Zoomit v4.42

    Pendmoves v1.2 : This update to Pendmoves adds support for 64-bit directories. Process Explorer v15.3 : This major Process Explorer release includes heat-map display for process CPU, private bytes, working set and GPU columns, sortable security groups in the process properties security page, and tooltip reporting of tasks executing in Windows 8 Taskhostex processes. It also creates dump files that match the bitness of the target process and works around a bug introduced in Windows 8 disk counter reporting. Sigcheck v1.91 : This update to Sigcheck prints the link time for executable files instead of the file last-modified time, and fixes a bug introduced in 1.9 where the –q switch didn’t suppress the print out of the banner. Zoomit v4.42 : Zoomit now includes an option to suppress zoom-in and zoom-out animation to better support remote RDP sessions and fixes a bug that caused static zoom to snap to the top and left side of the screen in some cases.
  • LeoPonti Blog

    Update: Autoruns v11.42

    Autoruns v11.42 : This release fixes a bug in the parsing of network file paths introduced in v11.41.
  • LeoPonti Blog

    Updates: Autoruns v11.41, Handle v3.51, Movefile v1.01, Procdump v5.13, Sigcheck v1.9

    Autoruns v11.41 : This Autoruns update reports the hosting image target of link shortcut references. Handle v3.51 : This minor update to Handle, a command-line utility that dumps process handle tables, fixes a bug in its file share drive letter formatting. Movefile v1.01 : Movefile, a utility for scheduling file delete and rename operations for when the system reboots, now correctly handles 64-bit system paths. Procdump v5.13 : This update to Procdump, a command-line utility that generates on-demand and trigger-based process crash dump files, now supports triggers for when process CPU usage, memory consumption or arbitrary performance counters fall below a specified value. Sigcheck v1.9 : Sigcheck, a command-line file-version and signature verification tool, now reports certificate publisher names, capitalizes hash values, and fixes a certificate chain validation bug.
  • LeoPonti Blog

    Updates: Autoruns v11.4, ProcDump v5.12, SDelete v1.61

    Autoruns v11.4 : Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug. Procdump v5.12 : This Procdump update fixes a bug introduced in v5.11 where it doesn’t save information required by the !runaway debugger command. SDelete v1.61 : SDelete v1.61 fixes drive letter syntax consistency in its parsing of command line arguments.
  • LeoPonti Blog

    Hunting Down and Killing Ransomware

    Scareware, a type of malware that mimics antimalware software, has been around for a decade and shows no sign of going away. The goal of scareware is to fool a user into thinking that their computer is heavily infected with malware and the most convenient...( read more )
  • LeoPonti Blog

    Update: ZoomIt v4.41

    ZoomIt v4.41 : This update fixes a bug in ZoomIt v4.4 that prevented it from running on 32-bit Windows XP.
  • LeoPonti Blog

    Updates: DebugView v4.81, ProcDump v5.11, ZoomIt v4.4

    DebugView v4.81 : Version 4.81 of DebugView, a utility that logs user and kernel-mode debug output messages, fixes a bug that could cause it on some executions to fail to capture debug output and enter a CPU-bound loop. ProcDump v5.11 : This release of ProcDump fixes a bug introduced in version 5.1 that prevented it from working on 32-bit Windows XP. ZoomIt v4.4 : This update to ZoomIt, a screen magnification and annotation utility, includes smoother zooming behavior, adds the ability to specify the initial zoom level, and maintains the window focus when initiating live zooming.
  • LeoPonti Blog

    Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1

    AdExplorer v1.44 : This release fixes a bug that caused AdExplorer to crash when it encountered corrupted extended rights schemas. Contig v1.7 : Contig is a command-line file defragmentation and fragmentation analysis utility. v1.7 has more detailed fragmentation analysis reporting, fixes a bug that enables creation of contiguous files larger than 8GB, and adds support for setting the valid data length on files to avoid zero-fill overhead. Coreinfo v3.2 : Coreinfo, a command-line utility that dumps processor topology and feature support, now reports the presence of many additional features, including SMAP, RDSEED, BMI1, ADX, HLE, RTM, and INVPCID. Procdump v5.1 : This major update to Procdump, a command-line utility for creating process crash dump files based on triggers or on-demand, adds support for Silverlight applications and the ability to register Procdump as the just-in-time (JIT) debugger for more advanced scenarios.
  • LeoPonti Blog

    The Case of the Unexplained FTP Connections

    A key part of any cybersecurity plan is “continuous monitoring”, or enabling auditing and monitoring throughout a network environment and configuring automated analysis of the resulting logs to identify anomalous behaviors that merit investigation. This...( read more )
  • LeoPonti Blog

    Updates: Coreinfo v3.1, Desktops v2.0, Livekd v5.3, PsPasswd v1.23, Testlimit v5.22, Whois v1.11

    Coreinfo v3.1 : This update to Coreinfo, a command line utility that reports detailed information about a system’s processor topology, CPU features, and cache topology, fixes a bug affecting the calculation of NUMA node costs and adds support for several more processor features, including RDRAND, LAHF/SAHF, Prefetchw and Intel Speedstep. Desktops v2.0 : Desktops, a virtual desktop utility for Windows that lets you create up to three additional workspaces, is now compatible with Windows 8, properly supporting Winkey hotkey sequences (like Winkey+R to bring up the Run dialog) on alternate desktops and switching back to the primary desktop’s start screen when you hit Winkey. Livekd v5.3 : LiveKd, a command-line utility that enables you to use the Windows kernel debuggers to examine live systems as well as virtual machines, now support Windows 8. PsPasswd v1.23 : PsPasswd, a Pstools utility for remoting changing local machine passwords, now includes support for changing domain account passwords. Testlimit v5.22 : This release of TestLimit, an educational tool for testing the way Windows handles exhaustion of various resource types such as system commit, fixes an output formatting bug that could have it report KB instead of MB. Whois v1.11 : Whois v1.11, a tool for looking up domain name registration information, includes bug fixes that could cause it to crash if provided with malformed domain name input strings.
  • LeoPonti Blog

    Windows Internals 6th Edition Part 2 Published, and Mark Talks Sysinternals History on Defrag Tools

    Windows Internals 6th Edition, Part 2 Published : Part 2 of Windows Internals 6th Edition, is now available. The 6th edition covers kernel and system changes in Windows 7 and Windows Server 2008 R2 and adds 250 pages of expanded feature coverage and hand-on experiments. Mark Talks Sysinternals History on Defrag Tools : Defrag Tools, a Channel 9 series that features diagnostic and troubleshooting utilities including Sysinternals tools, invited Mark on to talk about how Sysinternals started, the evolution of the tools and how Mark decides when to add features and write new tools.
  • LeoPonti Blog

    New: PsPing v1.0; Updates: DebugView v4.8, Process Explorer v15.23, Sigcheck v1.81

    PsPing v1.0 : PsPing is a new Sysinternals PsTools command-line utility for measuring network performance. In addition to standard ICMP ping functionality, it can report the latency of connecting to TCP ports, the latency of TCP round-trip communication between systems, and the TCP bandwidth available to a connection between systems. Besides obtaining min, max, and average values in 0.01ms resolution, you can also use PsPing to generate histograms of the results that are easy to import into spreadsheets. DebugView v4.8 : This release of DebugView, a debug output monitoring utility, addresses a bug that could cause DebugView to blue screen on “checked build” (debug) versions of Windows. Process Explorer v15.23 : This update to Process Explorer adds the ability to view the process token of protected processes, fixes a bug that causes a crash when viewing thread stacks on Windows XP, and fixes a bug that causes a crash when running on Windows PE. Sigcheck v1.81 : This update to Sigcheck, a command-line utility for analyzing the digital signatures of executable images, fixes a bug that could cause it to crash when reporting the signing status of images that have invalid signatures.
  • LeoPonti Blog

    Updates: Autoruns v11.34, ProcDump v5.0, Sigcheck v1.8, VMMap v3.11

    Autoruns v11.34 : This release of Autoruns fixes a bug that caused it to not show some Internet Explorer extensions. ProcDump v5.0 : Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and exceptions. Version 5.0 is a major upgrade that adds the ability to configure exception filters based on managed and native exception types, extends support to Windows 8 modern applications, and integrates with Process Monitor’s debug output logging. Sigcheck v1.8 : This update to Sigcheck, a command-line file version and digital signature verification utility, shows detailed certificate information such as certificate usage, validity dates, and thumbprints, and also shows a file’s counter-signing chain if it has one. VMMap v3.11 : VMMap, a utility that shows detailed information about a process’ virtual and physical memory usage, now reports commit usage instead of working set in its timeline view and fixes a bug that enables export of captures of 32-bit processes.
  • LeoPonti Blog

    Windows Azure Host Updates: Why, When, and How

    Windows Azure’s compute platform, which includes Web Roles, Worker Roles, and Virtual Machines, is based on machine virtualization. It’s the deep access to the underlying operating system that makes Windows Azure’s Platform-as-a-Service (PaaS) uniquely...( read more )
Page 4 of 6 (126 items) «23456