• The Old New Thing

    How do I log on using a dial-up connection on Windows Vista?


    Mike Stephens from the Group Policy Team Blog explains how to get "Log on using dial-up connections" working on Windows Vista.

    But I'm posting to respond to a comment on that page, since that falls under the category of "When people ask for security holes as features."

    The only problem is all users need to have access to an account with local admin privileges [in order to set this up].

    The implied request is that non-administrative users be allowed to create dial-up connections that can be used for logging on. This request falls into the category of When people ask for security holes as features; in this case, it's a repudiation security vulnerability. Here's how.

    A non-administrative user creates a dial-up networking connectoid and marks it as available for use during logon. For the phone number, the non-administrative user uses a voting number for a television reality show, one that charges $2 per call. (If you are more mercenary, you can arrange to set up a phone number that charges $50/minute and agree to split the profits.) The non-administrative user then logs off and waits.

    When the show starts, the non-administrative user then goes up to the computer and instead of logging on normally, goes to the dial-up connection button and selects the dial-up connectoid. The non-administrative user then proceeds to make dozens of failed logon attempts with that connectoid, under bogus user names like SanjayaRocks or WilliamHung4Ever. Each failed logon attempt casts a vote for the contestant, and (here's the important part) since nobody is actually logged on, you can't prove who made the calls.

    Some time later, the non-administrative user logs on and deletes the dial-up networking connectoid, to clean up afterward.

    The next month, the system administrator gets the phone bill and sees $100 worth of calls to the television show. The system administrator goes to the audit logs to see who made those calls, only to find that they were made by nobody. Even if the system administrator finds the logs for the non-administrative user having created and subsequently deleted the offending dial-up networking connectoid, that's just circumstantial evidence. "I created those for fun, as a joke. I never actually used them. It must've been just somebody walking past the machine who saw that they could use it to vote for Sanjaya."

  • The Old New Thing

    Wait a second, I thought we stopped doing this back in 2003


    It looks like Verizon's default DNS server for their customers is redirecting all failed DNS queries to their own site, calling the feature Advanced Web Search. Fortunately, they have instructions on how to opt out. The short version: Go to your DNS settings and change the last octet from .12 to .14.

  • The Old New Thing

    Controlling which devices will wake the computer out of sleep


    I haven't experienced this problem, but I know of people who have. They'll put their laptop into suspend or standby mode, and after a few seconds, the laptop will spontaneously wake itself up. Someone gave me this tip that might (might) help you figure out what is wrong.

    Open a command prompt and run the command

    powercfg -devicequery wake_from_any

    This lists all the hardware devices that are capable of waking up the computer from standby. But the operating system typically ignores most of them. To see the ones that are not being ignored, run the command

    powercfg -devicequery wake_armed

    This second list is typically much shorter. On my computer, it listed just the keyboard, the mouse, and the modem. (The modem? I never use that thing!)

    You can disable each of these devices one by one until you find the one that is waking up the computer.

    powercfg -devicedisablewake "device name"

    (How is this different from unchecking Allow this device to wake the computer from the device properties in Device Manager? Beats me.)

    Once you find the one that is causing problems, you can re-enable the others.

    powercfg -deviceenablewake "device name"

    I would start by disabling wake-up for the keyboard and mouse. Maybe the optical mouse is detecting tiny vibrations in your room. Or the device might simply be "chatty", generating activity even though you aren't touching it.

    This may not solve your problem, but at least's something you can try. I've never actually tried it myself, so who knows whether it works.

    Exercise: Count how many disclaimers there are in this article, and predict how many people will ignore them.

  • The Old New Thing

    The classic start menu is even more classic than it looks


    In Windows 95, the Find option took its place on the Start menu between Settings and Help. In Windows 2000, the option was still there, but its name changed to Search, a name which persist today if you use the classic Start menu.

    When the menu option changed its name, the keyboard accelerator changed accordingly. Whereas Find used F as its accelerator, Search uses C. Here's a secret: The classic Start menu still responds to F as the keyboard accelerator for Search. The work to make this happen was undertaken as a concession to people who imprinted on the old Start menu and whose "muscle memory" still wants to press F to open what used to be the Find menu.

    The totally redesigned Start menu for Windows XP changed the keyboard model radically, but if you're still attached to your muscle memory, you can switch to the classic Start menu and keep using all the old keyboard shortcuts from Windows versions past.

  • The Old New Thing

    How does the calculator percent key work?


    The Windows calculator percent sign works the same way as those cheap pocket calculators (which are often called four-function calculators even though they have around six function nowadays). What you first have to understand is that the percent key on those pocket calculators was not designed for mathematicians and engineers. It was designed for your everyday person doing some simple calculations. Therefore, the behavior of the key to you, an engineer, seems bizarrely counter-intuitive and even buggy. But to an everyday person, it makes perfect sense. Or at least that's the theory.

    Let's look at it from the point of view of that everyday person. Suppose you want to compute how much a $72 sweater will cost after including 5% tax.¹ Pull out your handy pocket calculator² (or fire up Calc if you don't have a pocket calculator) and type

    72 + 5% =

    The result is 75.6, or $75.60, which is the correct answer, because 5% of 72 is 3.6. Add that to 72 and you get 75.6.

    Similarly, suppose that sweater was on sale at 20% off. What is the sale price?

    72 − 20% =

    The result is 57.6 or $57.60. This is the correct answer, because 20% of 72 is 14.4. Subtract that from 72 and you get 57.6.

    You can chain these percentage operations, too. For example, how much will you have to pay for that 20%-off sweater after adding 5% tax?

    72 − 20% + 5% =

    The result is 60.48. A mathematician or engineer would have calculated the same result via the equivalent computation:

    72 × 0.80 × 1.05 =

    Okay, now that we see how the calculator product designer intended the percent key to be used, let's look at what the calculator engineer it has to do in order to match the specification. When the user enters A + B % =, the result should be A × (1 + B/100) or A + (A × B/100) after you distribute the multiplication over the addition. Similarly, when the user enters A − B % =, the result should be A × (1 − B/100) or A − (A × B/100).

    Aha, the calculator engineer says, we can achieve this result by defining the percent key as follows:

    When the user enters a value, an operator, a second value, and then the percent key, the first two values are multiplied and the product divided by 100, and that result replaces the second value in the ongoing computation.

    Let's walk through that algorithm with our first example.

    You typeRemarks
    72First value is 72
    +Operation is addition
    5Second value is 5
    %72 × 5 ÷ 100 = 3.6
    3.6 becomes the new second value
    =72 + 3.6 = 75.6, the final result

    If you watch the display as you go through this exercise, you will even see the number 3.6 appear in the display once you press the % key. The percentage is calculated and replaces the original value in the ongoing computation.

    This algorithm also works for the chained percentages.

    You typeRemarks
    72First value is 72
    Operation is subtraction
    20Second value is 20
    %72 × 20 ÷ 100 = 14.4
    14.4 becomes the new second value
    +72 − 14.4 = 57.6, intermediate result
    57.6 is the new first value
    Operation is addition
    5Second value is 5
    %57.6 × 5 ÷ 100 = 2.88
    2.88 becomes the new second value
    =57.6 + 2.88 = 60.48, the final result

    This even works for multiplication and division, but there is much less call for multiplying or dividing a number by a percentage of itself.

    500 × 5 % =

    The result of this is 12,500 because you are multiplying 500 by 5% of 500 (which is 25). The result of 500 × 25 is 12,500. You aren't computing five percent of 500. You're multiplying 500 by 5% of 500. (It appears that the authors of this Knowledge Base article didn't consult with the calculator engineer before writing up their analysis. The percent key is behaving as designed. The problem is that the percent key is not designed for engineers.)

    What if you want to compute 5% of 500? Just pick a dummy operation and view the result when you press the percent key.

    500 + 5 %

    When you hit the percent key, the answer appears: 25. You could've used the minus key, multiplication key, or division key instead of the addition key. It doesn't matter since all you care about is the percentage, not the combined operation. Once you hit the % key, you get your answer, and then you can hit Clear to start a new calculation.


    ¹In the United States, quoted prices typically do not include applicable taxes.

    ²In my limited experiments, it appears that no two manufacturers of pocket calculators handle the percent key in exactly the same way. Casio appears to handle it in a manner closest to the engineering way. TI is closer to the layman algorithm. And when you get into cases like 1 ÷ 2 %, calculators start wandering all over the map. Should the answer be 50, since 1/2 is equal to 50%? Or should it be 0.005 since that is the numeric value of 0.5%? Should that answer appear immediately or should it wait for you to hit the equals sign? I don't know what the intuitive result should be either.

  • The Old New Thing

    When you compress a drive, some files are exempted, but you can force it, and then it's your problem


    On the drive property sheet for an NTFS volume, there is a checkbox called "Compress drive to save disk space." If you check that box, the shell marks the drive as "compress all newly-created files" and also goes through and compresses all the existing files on the drive.

    Well, almost all the file.

    Some files are exempted by default.

    Examples of exempted files are the files involved in booting the system (NTLDR, NTDETECT.COM, HIBERFIL.SYS) and files for which write requests must succeed (PAGEFILE.SYS). (If a file is compressed, then a write to previously-committed file data may fail if the new data does not compress as well as the old data and there is no more disk space.) These files are exempted on all drives, even if they're not your system drive.

    On the other hand, if you right-click one of these exempted files and explicitly compress it, then the shell will compress it (or at least try to). For boot files, this will typically succeed since boot files are used only at boot; once the system is running, they aren't needed any more and therefore there aren't any open handles to the file with restrictive sharing modes.

    Of course, if you do this to your system drive, it won't boot any more. So don't do that.

    Like with many things in the physical world, if you force it too hard, it may break.

  • The Old New Thing

    Hidden gotcha: The command processor's AutoRun setting


    If you type cmd /? at a command prompt, the command processor will spit out pages upon pages of strange geeky text. I'm not sure why the command processor folks decided to write documentation this way rather than the more traditional manner of putting it into MSDN or the online help. Maybe because that way they don't have to deal with annoying people like "editors" telling them that their documentation contains grammatical errors or is hard to understand.

    Anyway, buried deep in the text is this little gem:

    If /D was NOT specified on the command line, then when CMD.EXE starts, it
    looks for the following REG_SZ/REG_EXPAND_SZ registry variables, and if
    either or both are present, they are executed first.
        HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun
        HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun

    I sure hope there is some legitimate use for this setting, because the only time I see anybody mention it is when it caused them massive grief.

    I must be losing my mind, but I can't even write a stupid for command to parse the output of a command.

    C:\test>for /f "usebackq delims=" %i in (`dir /ahd/b`) do @echo %i

    When I run this command, I get

    System Volume Information

    Yet when I type the command manually, I get completely different output!

    C:\test>dir /ahd/b

    Have I gone completely bonkers?

    The original problem was actually much more bizarro because the command whose output the customer was trying to parse merely printed a strange error message, yet running the command manually generated the expected output.

    After an hour and a half of head-scratching, somebody suggested taking a look at the command processor's AutoRun setting, and lo and behold, it was set!

    C:\test>reg query "HKCU\Software\Microsoft\Command Processor" /v AutoRun
    HKEY_CURRENT_USER\Software\Microsoft\Command Processor
        AutoRun     REG_SZ  cd\

    The customer had no idea how that setting got there, but it explained everything. When the command processor ran the dir /ahd/b command as a child process (in order to parse its output), it first ran the AutoRun command, which changed the current directory to the drive's root. As a result, the dir /ahd/b produced a listing of the hidden subdirectories of the root directory rather than the hidden subdirectories of the C:\test directory.

    In the original formulation of the problem, the command the customer was trying to run looked for its configuration files in the current directory, and the cd\ in the AutoRun meant that the program looked for its configuration files in the root directory instead of the C:\test directory. Thus came the error message ("Configuration file not found") and the plea for help that was titled, "Why can't the XYZ command find a configuration file that's right there in front of it?"

    Like I said, I'm sure there must be some valid reason for the AutoRun setting, but I haven't yet found one. All I've seen is the havoc it plays.

  • The Old New Thing

    You can't change it, but you can hide it and add something that looks like it


    Today we have another case of "Now you have two problems." The corporate customer already solved their problem halfway and needed help on the other half. The impossible half.

    We want to change the Add or Remove Programs icon in the Windows XP control panel so it runs our custom install management program instead of running the one built into Windows. In other words, we want to change what happens when the user clicks the Add or Remove Programs icon. Is this possible?

    What they specifically request isn't possible because the icon is provided by Add or Remove Programs itself, but you can easily get the same effect. This is why it's important to understand why somebody wants to do something even though they are asking how to do it. Once you understand why they're doing something, you can unwind the steps they've taken and come up with something that doesn't answer the specific question but still solves the bigger problem.

    You can't redirect an icon but you can remove the existing icon and replace it with something else. Set a policy to remove the existing Add or Remove Programs icon from the control panel and then write your own control panel called Add or Remove Programs.

    I'm not sure what happened next, but they acted as if I wrote, "Could you please repeat the question?"

    Raymond, we need to replace the link in the Control Panel with a custom program that elevates the user's privileges so that they can manage the programs on the computer. Is there any registry key or setting that specifies how the control panel applet is launched that we could inject an EXE into? This EXE would just be a wrapper for launching the original CPL.

    I'm assuming that the extra wrinkle of "And then we want to re-launch the original CPL" made them think their situation was somehow special, so that regular-grade advice wasn't good advice. They needed premium.

    You can still follow the original suggestion. Remove the original CPL via policy and add your custom EXE (which then launches the original CPL after doing whatever it wants).

    But no, that wasn't the problem. They simply missed the point entirely. They were so focused on looking for the sentence "Here is how you change what the icon launches" that they completely missed the point of the suggestion. They're looking for a solution to the specific problem instead of the bigger problem.

    How do you configure the policy to launch our EXE instead of the CPL?

    At this point I pulled out my bad analogy gun.

    In your car there is an ignition switch. It is wired to the starter. You want to make the driver take a breathalyzer test before they can start the car.

    Plan A (what you are proposing): Patch into the wire connecting the ignition switch to the starter so it goes through a breathalyzer. Unfortunately the wire is sheathed in kevlar and cannot be cut open. The designers of the wire did not include any hooks for breathalyzers.

    Plan B (my suggestion): Remove the old ignition switch and install a new ignition switch that is connected to a breathalyzer. If the driver passes the breathalyzer test, then your ignition switch turns the original ignition switch. Notice that this method doesn't require you to bust open the kevlar sheathing that protects the wire between the old ignition switch and the starter.

    All the driver sees is a keyhole. They stick the key in and turn the key. If you're really clever you make your new ignition switch's faceplate look just like the original so the driver can't tell the difference between the two methods (all they see is a keyhole, a breathalyzer, and if they pass, the car starts).

    • The existing CPL is the old ignition switch.
    • Your replacement program is the new ignition switch.
    • Deploying the Hide the Add or Remove Programs control panel policy is removing the old ignition switch.
    • The Add or Remove Programs icon is the keyhole.
    • The way Windows XP works, the keyhole leads to the old ignition switch.
    • Plan B: Use policy to remove the old ignition switch, and install new ignition switch (your replacement program). Use some paint to make the new keyhole look just like old keyhole. The person in driver's seat is none the wiser.

    You know you're in trouble when I have to pull out my bad analogy gun.

    Note: I don't know whether this trick will actually work, but it seemed a useful example of the principle of "Just because it has to look like something doesn't mean it has to be that something."

  • The Old New Thing

    How do I delay the automatic logon process?


    To solve some problems you need to place one foot outside the box.

    We have a number of kiosk machines that are networked wirelessly. Each machine is configured with automatic logon so that things return to normal after power is restored after an outage. The problem is that the wireless switch takes a long time to recover from a power failure, so when the kiosk machines try to log on, they can't. We have to go around to all the machines and manually log them on after waiting a few minutes for the switch to get itself back up. Is there a way we can delay the automatic logon or convince automatic logon to pause and retry?

    Your first reaction may be to write a custom logon provider or otherwise control the GINA. But there's a much lower-tech solution.

    Go to your boot.ini file (or if you're using Windows Vista, use bcdedit) to increase the boot menu timeout. The timeout value in boot.ini can go as high as 11 million seconds (about four months). If your wireless switch takes more than four months to get itself into a ready state, then you've got worse problems.

  • The Old New Thing

    Why does ICE16 complain about product names longer than 63 characters?


    If you merge in the Internal Consistency Evaluators into your MSI package, you may run into error ICE16, complaining that the product name is longer than 63 characters. Why is this so bad?

    Well, it isn't really, at least not any more. The original Windows 95 version of the Add/Remove Programs control panel did limit product names to 63 characters. (If you had a longer name, it didn't show up at all because the call to RegQueryValueEx failed with ERROR_MORE_DATA.) This limit was raised to around 259 characters starting with Windows 2000, the version that introduced the fancy list with icons and sizes. However, ICE rule 16 still checks against the old limitation because it doesn't know whether or not your program was designed to run on versions of Windows prior to Windows 2000.

    If your program doesn't install on those older versions of Windows, then you can disregard the 63-character limit; the new limit is approximately 259 characters.

Page 19 of 27 (261 items) «1718192021»