• The Old New Thing

    How do I get a window back on the screen when it moved far, far away? Windows 7 (and 8) edition


    Some time ago, I showed how to get a window back on the screen when it moved far, far away. That technique still works in Windows 7 and 8, but there's an easier shortcut that takes advantage of window arrangement features added in Windows 7.

    First, you switch to the application by whatever means. Then hit Win+UpArrow to maximize the window. That should put the window on-screen, albeit at the wrong size. Now you just grab the title bar of the window with the mouse and drag it off the top edge of the screen. Bingo, the window returns to its original position, and you can use the mouse to put it wherever you like.

    This trick doesn't work for windows that cannot be resized (such as Calculator), but for those windows, you can use the old version of the trick.

  • The Old New Thing

    Dangerous setting is dangerous: This is why you shouldn't turn off write cache buffer flushing


    Okay, one more time about the Write-caching policy setting.

    This dialog box takes various forms depending on what version of Windows you are using.

    Windows XP:

      Enable write caching on the disk
    This setting enables write caching in Windows to improve disk performance, but a power outage or equipment failure might result in data loss or corruption.

    Windows Server 2003:

      Enable write caching on the disk
    Recommended only for disks with a backup power supply. This setting further improves disk performance, but it also increases the risk of data loss if the disk loses power.

    Windows Vista:

      Enable advanced performance
    Recommended only for disks with a backup power supply. This setting further improves disk performance, but it also increases the risk of data loss if the disk loses power.

    Windows 7 and 8:

      Turn off Windows write-cache buffer flushing on the device
    To prevent data loss, do not select this check box unless the device has a separate power supply that allows the device to flush its buffer in case of power failure.

    Notice that the warning text gets more and more scary each time it is updated. It starts out just by saying, "If you lose power, you might have data loss or corruption." Then it adds a recommendation, "Recommended only for disks with a backup power supply." And then it comes with a flat-out directive: "Do not select this check box unless the device has a separate power supply."

    The scary warning is there for a reason: If you check the box when your hardware does not satisfy the criteria, you risk data corruption.

    But it seems that even with the sternest warning available, people will still go in and check the box even though their device does not satisfy the criteria, and the dialog box says right there do not select this check box.

    And then they complain, "I checked this box, and my hard drive was corrupted! You need to investigate the issue and release a fix for it."

    Dangerous setting is dangerous.

    At this point, I think the only valid "fix" for this feature would be to remove it entirely. This is why we can't have dangerous things.

  • The Old New Thing

    "Adjust visual effects for best performance" should really be called "Adjust visual effects for crappiest appearance"


    In the Performance Options control panel, on the tab labeled Visual Effects, there is a radio button called Adjust for best performance. If you select it, then all the visual effects are disabled.

    But the name of that radio button has been wrong for a long time. It doesn't actually adjust your visual effects for best performance. It just adjusts them for crappiest appearance.

    Starting in Windows Vista, a lot of visual effects were offloaded to the graphics card. Consequently, the impact on system performance for those visual effects is negligible, and sometimes turning off the effect actually makes your system run slower because you disabled hardware acceleration, forcing operations to be performed in software.

    For example, if desktop composition is enabled, then a backup copy of a window's entire contents is kept in video memory, even if the window is covered by other windows. Without desktop composition, the window manager uses the classic model which follows the principle don't save anything you can recalculate: The contents of an occluded window are not saved anywhere, and when the window becomes exposed, the window receives a WM_PAINT message to tell it to regenerate its contents.

    This means that, for example, when you remove a window from the screen and expose the window underneath, the desktop compositor can show the contents of the underlying window immediately because it saved a copy of the window in video memory and has been keeping it up to date. On the other hand, if you disable desktop composition, you will just stare at a blank window underneath, and then you have to sit and wait for that window to repaint itself.

    Congratulations: By disabling desktop composition, you made the act of uncovering a window run slower. (You will see the same effect when switching between maximized windows.)

    Okay, so if unchecking these visual effects has negligible and sometimes even a negative effect on performance, why do we still present them in the Visual Effects control panel for people to disable?

    Because enthusiasts who think they are so awesomely clever looooove disabling anything that makes the computer look pretty, because they're convinced that effort making the computer look pretty is clearly done at the expense of performance. They observe that if all the visual effects are disabled, their machine runs fast, but that's not a controlled experiment because they failed to measure how fast the computer runs when the effects are enabled. (By similar logic, sticking a banana in your ear keeps the alligators away.)

    These are the people who think that a bare computer motherboard on a table with components hanging off it runs faster than a computer packed into an attractive case. And even if you demonstrate that it doesn't actually run faster, they will still keep their computer in its partially-disassembled state because it adds to their street cred.

    The Visual Effects settings page turned into a sort of unintended psychology experiment.

  • The Old New Thing

    How do I hide Public Libraries on all computers in my organization?


    A customer wanted to know how to hide the libraries named Public (Documents), Public Pictures, and Public Videos on all computers in their organization.

    It turns out that this is already documented in TechNet under the topic Administrative How-to Guides (I found this page by issuing a Web search for ⟨library-ms⟩.)

    The customer is specifically interested in the section titled How to Customize and Deploy Libraries.

    I'll let you read that Web page for the details. I'm just posting this here so that the next customer won't burn an expensive support call on something that's already documented on TechNet. (Though if you're the type of customer who can't find the answer via a Web search, then there's a good chance you won't find this page either...)

  • The Old New Thing

    Why do Explorer and the command prompt interpret file times differently?


    A customer observed that if they use Explorer to view the timestamp on a file, it is not always in agreement with the value shown if they run a plain DIR in a command prompt. They are sometimes off by an hour. Why is that?

    Whenever you hear the phrase "off by an hour" you should immediately think "Daylight Saving Time".

    The formatting of file timestamps shown by Explorer has changed over time. The most recent algorithm (at the time of this writing) is to use the time zone that was in effect at your current location at the time the timestamp was created. For example, a file created at noon in June 22 will show its timestamp as noon, even if you view it in the middle of December. That's because Explorer says, "Well, on June 22, Daylight Saving Time was not in effect, even though it's in effect now, so I will interpret that time zone as if Daylight Saving Time were not active." (Hey, Raymond, didn't you get that backward? Answer: The customer who asked this question is in New Zealand.)¹

    The old-style function for converting a UTC timestamp into a local timestmap is File­Time­To­Local­File­Time. The documentation for that function points you at the sequence of operations you need to perform if you want to use the time zone of the timestamp instead of the current time zone.

    Explorer switched to using the time zone of the timestamp, but the command processor continues using the old-style conversion.

    Why doesn't the command processor get with the program?

    Well, for one thing, the people who decide what Explorer does are not the same people who decide what the command processor does. (The Explorer folks can certainly make suggestions, but they can't force the command processor to do anything.) It's like asking why Taco Bell puts the men's room on the left, but Pizza Hut puts it on the right.

    The command processor is an old and cranky program. The command processor yells at Explorer to get off his lawn. The command processor gets upset when his Internet connection flakes out while he's watching Matlock online. The command processor doesn't care about your fancy-pants localized file names; it shows the raw file system names. The command processor has hundreds of thousands of scripts, and there's no way of knowing how many of them depend on the exact way it formats dates.

    You may be able to wheedle the command processor into making some changes for you, but you'd better have a really good reason, and he's going to be really grumpy about it. The command processor was once cajoled into changing its date format to four-digit years back in the late 20th century, and he did it only because everybody insisted that it was soooooooo important. But he was so grumpy about it, he had an option to go back.

    ¹ Actually, that's not true. The customer who asked the question was in Texas, but I moved him to New Zealand for the purpose of the story. People in the Southern Hemisphere always have to put up with us Northerners assuming that summer starts in June, so I figured I'd turn the tables for once.

  • The Old New Thing

    Poisoning your own DNS for fun and profit


    When you type a phrase into the Windows Vista Start menu's search box and click Search the Internet, then the Start menu hands the query off to your default Internet search provider.

    Or at least that's what the Illuminati would have you believe.

    A customer reported that when they typed a phrase into the Search box and clicked Search the Internet, they got a screenful of advertisements disguised to look like search results.

    What kind of evil Microsoft shenanigans is this?

    If you looked carefully at the URL for the bogus search "results", the results were not coming from Windows Live Search. They were coming from a server controlled by the customer's ISP.

    That was the key to the rest of the investigation. Here's what's going on:

    The ISP configured all its customers to use the ISP's custom DNS servers by default. That custom DNS server, when asked for the location of, returned not the actual IP address of Windows Live Search but rather the IP address of a machine hosted by the ISP. (This was confirmed by manually running nslookup on the customer machine and seeing that the wrong IP addresses were being returned.) The ISP was stealing traffic from Windows Live Search. It then studied the URL you requested, and if it is the URL used by the Start menu Search feature, then it sent you to the page of fake search results. Otherwise, it redirected you to the real Windows Live Search, and you're none the wiser, aside from your Web search taking a fraction of a second longer than usual. (Okay, snarky commenters, and aside from the fact that it was Windows Live Search.)

    The fake results page does have an About This Page link, but that page only talks about how the ISP intercepts failed DNS queries (which has by now become common practice). It doesn't talk about redirecting successful DNS queries.

    I remember when people noticed widespread hijacking of search traffic, and my response to myself was, "Well, duh. I've know about this for years."

    Bonus chatter: It so happens that the offending ISP's Acceptable Use Policy explicitly lists as a forbidden activity "to spoof the URL, DNS, or IP addresses of «ISP» or any other entity." In other words, they were violating their own AUP.


  • The Old New Thing

    If NTFS is a robust journaling file system, why do you have to be careful when using it with a USB thumb drive?


    Some time ago, I noted that in order to format a USB drive as NTFS, you have to promise to go through the removal dialog.

    But wait, NTFS is a journaling file system. The whole point of a journaling file system is that it is robust to these sorts of catastrophic failures. So how can surprise removal of an NTFS-formatted USB drive result in corruption?

    Well, no it doesn't result in corruption, at least from NTFS's point of view. The file system data structures remain intact (or at least can be repaired from the change journal) regardless of when you yank the drive out of the computer. So from the file system's point of view, the answer is "Go ahead, yank the drive any time you want!"

    This is a case of looking at the world through filesystem-colored glasses.

    Sure, the file system data structures are intact, but what about the user's data? The file system's autopilot system was careful to land the plane, but yanking the drive killed the passengers.

    Consider this from the user's point of view: The user copies a large file to the USB thumb drive. Chug chug chug. Eventually, the file copy dialog reports 100% success. As soon as that happens, the user yanks the USB thumb drive out of the computer.

    The user goes home and plugs in the USB thumb drive, and finds that the file is corrupted.

    "Wait, you told me the file was copied!"

    Here's what happened:

    • The file copy dialog creates the destination file and sets the size to the final size. (This allows NTFS to allocate contiguous clusters to the file.)
    • The file copy dialog writes a bunch of data to the file, and then closes the handle.
    • The file system writes the data into the disk cache and returns success.
    • The file copy dialog says, "All done!"
    • The user yanks the USB thumb drive out of the computer.
    • At some point, the disk cache tries to flush the data to the USB thumb drive, but discovers that the drive is gone! Oops, all the dirty data sitting in the disk cache never made it to the drive.

    Now you insert the USB drive into another computer. Since NTFS is a journaling file system, it can auto-repair the internal data structures that are used to keep track of files, so the drive itself remains logically consistent. The file is correctly set to the final size, and its directory entry is properly linked in. But the data you wrote to the file? It never made it. The journal didn't have a copy of the data you wrote in step 2. It only got as far as the metadata updates from step 1.

    That's why the default for USB thumb drives is to optimize for Quick Removal. Because people expect to be able to yank USB thumb drives out of the computer as soon as the computer says that it's done.

    If you want to format a USB thumb drive as NTFS, you have to specify that you are Optimizing for Performance and that you promise to warn the file system before yanking the drive, so that it can flush out all the data sitting in the disk cache.

    Even though NTFS is robust and can recover from the surprise removal, that robustness does not extend to the internal consistency of the data you lost. From NTFS's point of view, that's just a passenger.

    Update: It seems that people missed the first sentence of this article. Write-behind caching is disabled by default on removable drives. You get into this mess only if you override the default. And on the dialog box that lets you override the default, there is a warning message that says that when you enable write-behind caching, you must use the Safely Remove Hardware icon instead of just yanking the drive. In other words, this problem occurs because you explicitly changed a setting from the safe setting to the dangerous one, and you ignored the warning that came with the dangerous setting, and now you're complaining that the setting is dangerous.

  • The Old New Thing

    You too can use your psychic powers: Spaces in paths


    I'm going to be lazy today and make you solve the problem.

    Did a recent security hotfix change change the way we handle UNC paths with spaces? Normally, if we open the Run dialog and type \\server\share\Support Library\, the Support Library folder opens. But recently it stopped working. Instead of opening the Support Library folder, we get the Open With dialog:

    Open with

    Choose the program you want to use to open this file:

    File: Support

      Contoso Chess Challenger 5.0
      Contoso Music Studio
      Fabrikam Chart 2.0
      Litware 2010
    $   Woodgrove Bank Online
      Happy Holidays!
      Always use the selected program to open this kind of file


    Can you figure out what happened recently that introduced this problem? You have all the information you need.

  • The Old New Thing

    How do I use group policy to improve security of USB thumb drives in my organization?


    A customer wanted to know how they could improve the security of USB thumb drives in their organization. Specifically, they wanted to block access to removable media devices (primarily USB thumb drives), but provide a list of exceptions for specific thumb drives. Fortunately, there's a whitepaper that covers exactly this topic and explains how to set up your policies to accomplish this.

    Step-By-Step Guide to Controlling Device Installation Using Group Policy

  • The Old New Thing

    Keyboard shortcut for resizing all columns in a listview control to fit


    The keyboard shortcut for resizing all columns in a report-mode (also known as Details mode) list view control to fit the current content width is Ctrl+Num+. That's the + key on the numeric keypad. (If you're using Explorer, you can also right-click the column header and choose Size All Columns to Fit.)

    Note that this command is a verb, not a state, so it takes into account the contents of the listview at the time you press the hotkey. If the contents change and you want the columns resize based on the new contents, you'll have to press the hotkey again.

Page 4 of 25 (243 items) «23456»