Search This Blog

Loading...

Thursday, June 05, 2014

Sandboxie v4.12 Fail Installation due to VC Redistribution Library


Sandboxie is an awesome on-the-fly sandbox application for Windows! It provides you the functionality of running an application in a sandbox just by a right-click. No VMWare or VM to manage.

Recently, there is a new update to v4.12, but it appears that many people are having issues installing it. The main culprit is the VC++ Redistribution library download and it looks something like this:


Basically, even if you updated your VC++ Redist manually, the download will still happen and likely fail again and again. To overcome this, Sandboxie actually had setup standalone version of their installer and it will solve the problem, but I still strongly suggest you update your VC++ Redist manually first before downloading this and running it.

Get the standalone installer of Sandboxie here:
http://www.sandboxie.com/index.php?AllVersions

Thursday, May 29, 2014

Diyomate K9 Firmware Update A20 14-5-8


Well, it seems that a lot of people had been looking for the firmware to update your Diyomate K9 and it was nowhere to be found, even on Diyomate's website. Actually, to be honest, it IS on Diyomate's site here:
http://www.diyomate.com/DownLoadList.asp?CID=66

But it doesn't say K9 anywhere right? Yes, that is because the K9 box uses a chip call A20 (AllWinner) and Diyomate release the firmware according to the chipset rather than the Box model. Now you will see that there are 2 firmware release in May for A20.
So, what is the differences? Well in case you did not know,the K9 is one of the few model from Diyomate that ships with an option to have either Android or Ali YunOS. So theses 2 files corresponds to the 2 different options. And the good news is that in case you had chosen the wrong version, you just need to reflash it or if you want to change to the other favors, you too can just flash that in.

Ask me, personally, I prefer Ali YunOS and in fact, that is what you actually paid a little bit more for!

Have fun with your upgraded firmware! (Please copy all your important files to your SDCard first before flashing...)

Wednesday, May 28, 2014

Windows XP Extended Support Till 2019 Registry Hack


I am not the first to disclose this registry trick to change your Windows XP into Windows XP POS Edition. The purpose of doing so is that while all other desktop edition of Windows XP had been withdrawn from support, the POS (Point-of-sale) version is however still supported until 2019. This essentially give you extended support on your Windows XP.

HOWEVER, even if this trick works to give you updates until 2019, Microsoft will make some assumptions. For example, people will not be using it wo surf the web, read email, load Youtube of Facebook etc. Because this is a POS system, which is pretty much those dump terminal operated by sales in stores. So what does that mean? It mean you will not be FULLY protected anyway. IE will probably never be fixed. So, my advise is still to just ditch Windows XP and upgrade to Windows 7/8 as a long term solution.

Anyway, here is the simple hack. Put the following into a text file and save it as WinXP2019.reg :

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001

Double click this file to have Regedit execute it. That is all to it.

Thursday, May 15, 2014

Kali Linux Slow Update


For those using Kali, you must had noticed how slow and painful it is to update the Linux. Unless you have a very fast internet, which will not be the case on a oil rig or the space shuttle. Just kidding about that. But its slow. That's a fact.

What I am going to show you here is a simple tweak and it will work much faster. And I am not talking about private or custom repository, which I strongly discourage as these are not verified and could contain something else which you do not want on your Linux.

Let's find a file call sources.lst in /etc/apt. Open it and look for http://http.kali.org.... Now, all you need to do is to change it to http://repo.kali.org..... You should have 2 instances of it if you are using the default installation.

Now do you normal apt-get update && apt-get upgrade and you will see the differences. While Repo and Http are both official Kali sources, there are slightly different, but I do not suppose most users will be affected by this differences.

Well, good luck updating and happy pen-testing!

Wednesday, May 14, 2014

Adobe Flash Player 13 Full Offline Installer - Fixing the stopped at 7% Error


The latest Flash Player 13 may had stopped downloading for some at 7% and giving a message:
"Lost connection. Trying to reconnect..."
And actually it does nothing of that sort...

The Flash installer had been one of the worse nightmare ever. For a start, its a EXE executable, but because of whatever reason, something its saved as a ZIP and you can imagine the mess of confusion it is to average user.

Then the download is horrible and I get 10% success rates only in some places.

To top that up, the installer is ALWAYS deleted once it is ran and no matter if it is successful or not! Obviously a waste of bandwidth.

I had talked about it again and again in the past:
http://blog.winston-avalon.com/2011/11/flash-player-11-download-fail-at-12.html

My advise is DON'T use Flash. Really. Given the track record, its probably one of the easiest door to open on your PC if not the MOST. And most of the bigger players had long given up on Flash, like Apple (not surprising) and finally Google in Android 4.4.

But if you really have no choice, need to run it in a VM etc, there is still the option to download it.
Just go to :
http://www.adobe.com/products/flashplayer/distribution3.html

And I really want to stop hot-linking the direct EXE file now since Flash is updated ever so often and that last thing I need is to misdirect someone into downloading a old version.

But hopefully, I will not need to post this for Flash 14 (if it will ever exist...)

Tuesday, May 06, 2014

Change in Domain

From the old http://blog.90283600.com, the blog is now moved to http://blog.winston-avalon.com.
You may want to update your bookmark etc.

Thanks for the support for all these years!

Wednesday, April 09, 2014

System Restore Saves the Day!

Microsoft System Restore
http://windows.microsoft.com/en-SG/windows7/products/features/system-restore


This has been in system a long time ago, since XP perhaps. While most of the time, we only hear about how this feature waste space and cause delay during installation, we had totally forgotten when it would become useful.

In fact, for me, even in the days of Windows 8.1, this feature prove to be useful. What actually happened to me was that I was migrating one of my PC from a ATI (AMD) graphics card to a Nvidia one.

 

It is no surprise that ATI and Nvidia driver would not play nice together. The fatal mistake was however my own. I had forgotten to remove the old ATI driver before shutting down and plug in my Nvidia card. After testing, I wanted to change back to my ATI card and this time, even when I remember to uninstall the Nvidia driver, it just give me the famous "Black Screen of Death" at the Windows 8 login. I had tried reinstalling the ATI driver (but it won't install when the Nvidia card is in) and install-remove the Nvidia driver, but it just wont boot up when the ATI card is in, but perfectly OK on the Nvidia. I guess it could be a "feature" so that you won't switch back to your own card... LOL

Anyway, in the end, during the boot option, I click "Advance Option" and decided to try a System Restore, fortunately was just before the swap since the Direct X was updated. Guess, what? It solved all the issue and I got it up on the very next reboot (even though System Restore did took a while).

So, ask yourself is that little bit more of HDD space worth it? To me, definitely, since HDD space is cheap nowadays and System Restore actually manages itself not to overuse the space anyway. And one thing is for sure, I would add more restore point in the future. And lastly, Thanks Microsoft for implementing this nice feature! 

Monday, April 07, 2014

Uninstall Orbit from Chrome

I am sure at some point of time you may uninstall one of the downloaders such as Orbit:
http://www.orbitdownloader.com/


Don't get me wrong, I am not saying its a bad downloader, but it just happen that I could not use it effectively in office.

Anyway, what I am going to described probably may affect some of you out there. What happened to me was that during the installation, my Google did not exist completely. I had manually close Chrome, but somehow one of the instance must still be running during the uninstallation. Anyway, the result is that Orbit is not cleanly uninstalled. Whenever I tried to download something, it would still redirect to Orbit (and worse, it doesn't work anymore)

So, let's see how to clean up this mess.
1. Before you start, make sure Orbit is no more around (uninstallation from Control Panel)
2. Close all instances of Chrome. (Use task manager to check that here is no more instances running too)
3. Now, let's find the file "nporbit.dll". You can use search or under these directories:
%localappdata%\Google\Chrome\Application\Plugins
4. Delete the file.
5. Open up chrome and type "chrome://plugins/"
6. Find Orbit Downloader and disable it.

That's all you need to. Well to fully clean everything, you can always reinstall Orbit. Reboot and uninstall Orbit... But its just kinda of troublesome...


Wednesday, April 02, 2014

Agnitum Outpost Security Suite Pro v9.1

Ok, I promised I will be giving (technically, I am just linking) a 1 year free license to a paid AV. The good news is that, it is not only an AV, but a full Security Suite including the firewall and all. So, which one is it? Its Outpost Security Suite Pro v9.1.


So, how good do you think it is? Outpost had always been a really good firewall, and at a time, even the best FREE firewall around. It had also been winning awards from many popular polls such as VB100.

See the awards here:
http://www.agnitum.com/news/awards.php


Some of the features:
  • Anti-Malware module with greater detection accuracy
  • Two-way firewall for secure network connections
  • Proactive Protection module to preemptively block unknown and zero-day threats
  • SmartDecision technology to facilitate secure decision-making
  • Web control with fast web content filtering to protect your PC from web-borne threats
  • System and Applications Guard to keep installed software and OS protected
  • Self-protection technology to maintain continuity of protection
  • The 4th generation of SmartScan optimization technology for fast subsequent malware scans
  • USB virus protection to prevent malware which spreads via USB devices
  • Program activity tracker to review file and registry activity in real time
  • Entertainment mode (for games and video) and Auto-Learn 2.0 (for beginners)
Read more about Outpost Security Suite v9.1
http://www.agnitum.com/products/security-suite/

I hope that had gotten you excited. Now, you must be screaming how to get this free?
Thanks to Computerbild, visit this page in Russian:
http://www.agnitum.ru/promo/computerbild/

But not to worry, this is roughly what it translates to:


And this is the important part. You need to key in this Key (manually) :
8IJDI-G2KWK-4SG8S-8SWGS-GWG5X

I suggest you key in your email so that you would received support information from Agnitum.
Then in the next page you should get a key (with many alphanumeric letters). Make sure you copy and paste it into notepad and SAVE IT! It will not be send to your email again.

Just download one of the following installers here:
32 Bits Installer
64 Bits Installer
Do a installation and proceed to register your product. Paste in ONLY the bunch of alphanumeric letters, skip the name, email etc. I know its not straight forward, but just make sure no extra line break and such and you will get it right.

Enjoy your 1 year free of Outpost Security Suite Pro!
Please leave a thanks if you appreciate this. And do pick up a copy of Computerbild while you are in Moscow!

What AV Survey End


It had been a long time since I updated the Antivirus poll and I know its not fantastic, but at least it seems to me that people who voted made good use of FREE antivirus such as Microsoft or Avast (FREE version I presumed). Well, maybe that will guide my direction that more people actually wants to get hold of a good paid AV.

The results however does not tally with the real market trends out there, but of course that because its only for visitor on my blog. But don't worry, the poll is not a waste effort. In fact in the next 5 minutes, I would share a 1 year license of a paid AV with you!

Thursday, March 13, 2014

Problem with HDMI Deep Color

Recall that life was very different after I had gotten my Onkyo Amplifier. Not just in terms of better entertainment, but I had to get in touch with lots of troubleshooting and face with new terms like HDMI, ARC, optical channels etc. Well, if you had read my previous posts, you will know I had a fair amount of problems with Diyomate. Well, to be fair, Diyomate is actually pretty goo, just that it does not play too well with my Onkyo.

So today, I am going to talk about a feature in the HDMI that is known as "Deep Color". A pictures says more than 1000 words, so here:



I think its needless to say that with an option like "Deep Color" I would not think twice to enable it. This is exactly what I did on my Measy X5.


Measy X5 is a fantastic 3D Player with a build in HDD bay and it really works very well. Except until I played with this "Deep color" feature. Normally, this would problem not cause a lot of issue. But it happens that Onkyo does not like the additional data in the video send by this "Deep Color" feature. What happened was that I often get video off (black screen) while the sound goes on (also carried by the HDMI cable). It is very irritating especially when I cannot even finish watching a 20+ anime without hitting this a few times. In addition, sometimes the Onkyo will display an error message that goes something about an incompatible video stream was detected...

So, I did my research and guess what? Almost nothing support the "Deep Color" feature. Not your common DVD or BLu-ray player. Not your common amplifier. Not even some of the TV! I wondered why I like to create so much problem for myself!

Anyway, in short, I finally switched it off and found out that this is indeed the option that had created the problem for me. So now, my Measy X5 doesn't output "Deep Color" and everything is working once again. I really hope this helps anyone who has a similar issue out there!

Smart File Advisor Crapware Removal


If you had come to this page, you are more likely than not to have installed a perfectly legit software which had bundled with this software known as "Smart File Advisor" also known as SFA. One known one is Alcohol 52% FE.

While what SFA tries to do is to keep track of your file associations, but in a very dangerous way. Instead of letting Windows manage it, it checks for a php online everytime a new file type is used. In addition, it messes around with your registry at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations
And this is where the real danger lies in. In theory (if it had not already been taking places) is that whenever you try to download a file, it would poll that php scripts and it CAN do really bad things like redirecting you to another file instead (and renaming it to be your original - Its not even hard), make you run some scripts which captures information form your PC, insert codes into your return pages which can do almost anything a page can do and more.

In short. SPYWARE. And its not just me doing all the bullshiting here! Even AVG backs me by flagging SFA as a virus!

So, if I have convince you to uninstall SFA. Good. But this is just the point where you find that if you try to uninstall it from the Add/Remove or "Programs and Features" (in Windows 8), you will either find that SFA will threaten to remove your other software as well and most likely it will fail to uninstall anyway.

So, is there a uninstaller? Yes, but after looking through the page I found, I find the "uninstaller" rather fishy by itself too, so I really won't recommend it. So, let's do it manually. You will need to make sure you close the stupid SFA program from the tray and in memory (Task Manager). Then you will need to perform the following which involve deleting of a folder (usually just 1, 32 or 64 bits). And then you will need to remove some registry entries away. I had it packed into a reg file for you to cut and paste into your editor and save it.

1. Delete away these directories if you have any of them:
C:\Program Files\Smart File Advisor
C:\Program Files (x86)\Smart File Advisor

2. Here is the "Remove SFA.reg":
Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\*\shell\sfa_checksum]

[-HKEY_CLASSES_ROOT\*\shell\!sfa]

[-HKEY_CLASSES_ROOT\Unknown]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\sfa_checksum]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\!sfa]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Smart File Advisor"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SFAUpdater"=""

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Smart File Advisor_is1]

Monday, March 10, 2014

Removing the "Special Offer" or Ads in Kindle Paperwhite


Recently, I just bought an Amazon Paperwhite device for reading. Unlike the normal tablets out there be it Android or Apple, this is not too bright and it is in fact very nice for the eyes when compared to the other tablets. The secret is in its special ink technology and therefore, you will also need to get a special type of screen protector for it too.

Amazon Paperwhite:
http://www.amazon.com/Kindle-Paperwhite-Ereader/dp/B00AWH595M

Well more on that next time. What I want to talk about today in about the "Special Offer" you might had mistaken opt in for during the purchase of Paperwhite or another Kindle device. In plain simple text, "Special Offer" = Advertisements. Yes, that is basically all to it. And you CAN actually pay additional $20-30 to buy the non-"Special Offer" edition. But I guess if you are reading this, its too late anyway.

Well, not really, if you live in USA, you can still pay the difference and have it removed. Or if you think you can convince Amazon that you are not in the USA, then you can have it done for FREE! Yes, I am not joking. Because all the ads are targeted for USA, non of them will work anyway even if you click on them! On this basis, there is an excuse to remove the ads since it is a waste of bandwidth (and precious reading space).

So, how would one go about with this? First, login to your Amazon account (which no-brainer should be a non-USA account). Then lodge in a request for support and select through the options ending up with something like "the advertisements link does not work". If not, just manually complain this. In any case, tell the support personal (nicely) that you are not in the USA and request them to remove the ads. They will.

Well, not to encourage everyone to use this exploit, but I think some of the offers are good if you can use them. But otherwise, I think this is a great idea to claim back some reading space (and USD$20) from Amazon.


HDMI Issues with Diyomate

It seems that the HDMI ARC control is really screwed up by a Diyomate device. Confirmed. In fact, I had gotten hold of yet another device - Diyomate X12 and a consistence behavior is observed.



Diyomate X12:
http://www.diyomate.com/productInfo.asp?PID=493

Without the device, my TV and Amplifier plays nice ARC controlling the sound. Once the X12 is plugged in, the whole ARC connection is screwed up and does not work anymore. So the big question is this. What does the Diyomate device do to the HDMI signal? Or rather what are they sending that is causing the rest of the device to be confused. That is something rather interesting to know, but not easily resolved unfortunately.

Meanwhile, I would still want to use my Diyomate here and then, but in order to make my whole Home Theater System works, I have to unplug the Diyomate's HDMI whenever I do not use it. Hope this helps some of you out there.

Tuesday, February 04, 2014

ARC issue continued...

In a previous post, I talked about connecting my amplifier Onkyo TR-NX515 with my Sharp LC-60LE640X LED TV and having ARC control issue.

http://blog.90283600.com/2014/01/onkyo-tx-nr515-hdmi-with-arc.html

Well, just to follow up, the problem was resolved the moment I pull out my Diyomate K9 IPTV player:
It's definitely puzzling. At first, I suspected it was my HDMI 7 on my Onkyo because it was designated for the TV/OUT if I am not using the ARC HDMI 1, but it turns out that its ok when I plug in my Playstation on that port. So, it has to be the Diyomate K9:


http://www.diyomate.com/productInfo.asp?PID=483

I give up connecting it to the amplifier and uses HDMI 2 on the TV instead. But guess what? After a brief 30 minutes after I plug it into the TV, my TV Aquos Link went crazy again, switching off Audio SP to SP and back to where I started when my ARC did not work.

So, why did it not work? Does the K9 has some signal that it send back to the TV telling it to off the Audio SP? Or does it interfere with the HDMI signal such that it does not work. That is something I will need to find out. OF course, saying that means I have another solution in mind, but I shall keep it to the next post, while I wait for my cable to arrive from China.

Meanwhile, at least some good news is that I got BPL on my IPTV. Yes, its amazing when you look wider and broader and the solution is actually right in front of you. Not that I am a big soccer fan though.

https://www.facebook.com/photo.php?v=10152008125713375&l=7888317694320294621


Monday, January 20, 2014

Onkyo TX-NR515 HDMI with ARC Troubleshooting

Recently I had been playing around with amplifiers and sound systems quite a bit and to be honest, this is LIFE if you really want entertainment at home. All the previous 5.1 bundled with DVD/Bluray players system just doesn't come close to it.

This is the Amplifier which I got myself, the Onkyo TX-NR515.
Honestly speaking, this is the best model although its of 2012. On some of the newer models, the number of HDMI ports had been nerfed from 8 to 6. Anyway, what I want to talk about in this post is about the feature known as ARC or Audio Return Channel.

Imagine without ARC. You got x number of device connected to your amp and you have 1 that is connect to the TV or even your over-the-air tv programme for example does not go through the amp and as such, sound sux. Well, if you want to pass it through the amp, you can use a optical cable to link your tv out (if it has one) to your optical in in you amp. Not so good, because 1 extar wire and good optical audio cable is expensive.

With ARC, what happens is that it could use the HDMI connector from your amp out to tv in and use that very same cable to send audio from the tv to the amp in the reverse direction. According to some people, as long as its a HDMI 1.4+, it suppost ARC, but to be on the safe side, you can buy one that explicitly says it support ARC. All you need to do is to make sure you plug it into the ARC support HDMI port (tv, amp all have some designated ARC HDMI port) and then your speakers will be linked. You will have tv sound muted and output to your amp and no more double sound problem, if you know what I mean.

That is if ALL goes well. I have the following TV and it is one of the started model that fully support ARC.

Sharp LC-60LE640X LED TV
http://www.sharpmea.com/cps/rde/xchg/ae/hs.xsl/-/html/product-details.htm?product=LC60LE640X&cat=111



The whole HDMI and ARC link has different name in different company. Anynet for Samsung and its Aquos Link for Sharp. However, recently when configuring the amp with my devices, eventually I hit a wall. This is what should happen if the AquosLink and ARC is working:

  • TV turns on the AMP automatically
  • TV links speaks to amp. It will default output to amp and mute TV speakers
  • TV off turns off the AMP automatically
Well, I do not have any of the above. In fact, even the ARC light did not turn up despite all the configurations done on both the amp and the TV. I had tried to reset both to factory and it doesn't help. I had tried to powered down and unplug wall socket. No luck there too.

Eventually, this is something rather unique I do not see on the internet AT ALL. What I did was to disconnect ALL devices. That means all the HDMI. And I start to reconnect the TV one first with ARC. Jackpot. We got Aquos Audio SP. Then I add in my devices slowly one by one, xbox, playstation etc... 

The point is eventually I found 1 device that, after adding its HDMI in, disabled by HDMI links and ARC. That happens to be the new IPTV box I had gotten from China recently. But I need to stress that its neither the HDMI is not working or there is something wrong with the box either. It works perfectly connected to my TV directly. 

Diyomate K9 IPTV


I still have not found the reason why it failed, but my suspicions is from the HDMI cable provided along with the box. I am not sure if it is the official HDMI, but it is a white flat HDMI like this.


I had read somewhere that flat HDMI cables are not as good as the fat ones because of the cables space is smaller, but I am not sure if that is the problem. I guess, there is only 1 way to find out. Just change the cable and see if it works!

I will update again on the results.



Friday, October 18, 2013

Install Chrome Offline


Ever had a problem trying to install Chrome on a new PC which does not have Internet set up yet? Or trapped in a client site with limited access?

The first question most people asked is : Is there even such a thing as a Offline Installer for Chrome.
Well, apparantly there is:
https://support.google.com/installer/answer/126299?hl=en

You will need to choose the one which suits you. I think the main differences is where Chrome is installed. So for most users, you would want to choose to install only for yourself, while Integrators will want to install for everyone using that PC or laptop.

Grab your Offline Chrome today!

Friday, July 19, 2013

VMWare Failed to lock the file...


Although I had switched to Virtual Box for a while, I still have no choice but to open up some older VMs in VMWare to migrate or retrieve information from them. One such VM gave a similar error as above and in fact, it is not even a persistence VM. The very thought that I have to rebuild this VM strike horror in my heart, but luckily the good news is that I did not need to do that to resolve this issue.

It turns out that this usually happens after you had not power up the VM for a while and over a few version of VMWare upgrade. Somehow the lock file just get corrupted. Go into your VM Machine's directory and you will see some directories with *lck* and maybe 1 or 2 tiny files inside. Well those are are source of the issues.

Simply delete all those directories with the tiny files with the lck extension or keyword in them. That fixed my problem and the VM is back booting up happily. If you want to be safe, you can always make a copy of the VM or a copy of those directories before you go ahead with the deletion.

It is a simple problem, but VMWare seems to make it into such a big issue that your VM no longer starts. But luckily the fix is just as simple.

Wednesday, July 17, 2013

Windows Update Unlocked and Manual Trigger


Ever seen this before? Well, this is an old version of Windows, but it would look somewhat similar when you have policies that preset and prevents you from doing a Windows Update. Usually there is nothing you can do about it and hope that you will eventually get the patch, thanks to your company, but if you are the owner of this machine and has admin rights, then read on.

Usually this is caused by GPO or similar policies preventing you from updating. Or you are not in the administrator group. To solve the GPO, you will need to fire up regedit.


  1. Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate \ AU. 
  2. Delete the keys AUOptions and NoAutoUpdate.
  3. Go to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ WindowsUpdate.
  4. Delete the key DisableWindowsUpdateAccess.
Alternatively, you can also use the Group Policy Editor. 
  1. Fire up GP Editor by running "gpedit.msc" in command prompt.
  2. Go to Computer Configuration\Administrative Templates\Windows Components\Windows Update.
  3. Set "Configure Automatic Updates" to "Not Configured".
  4. Got to User Configuration\Administrative Templates\Windows Components\Windows Update.
  5. Set "Remove Access" to All  and "Windows Update features" to Not Configured.
On server, you may be able to run "gpupdate /force" to restart the policies, but a reboot is one sure way to get it done.

Next, we sometimes wants to fire up Windows Update and do a on demand update. But in a company wide deployment, often you will get a no access page at Microsoft because the Windows Update Server is set to local. So, here is the way to get it done, via script of in command prompt.

You can skip this steps sometimes, but I find that the sure way to trigger the update is sometimes to shutdown and restart the Windows Update Service like this:

net stop wuauserv
net start wuauserv

After this, you can start the actual trigger to Windows Update:

wuauclt /detectnow

This should make the yellow shield at the tray pops up. You may want to see a update status by:

wuauclt /r /ReportNow

This will communicate with the update server and takes a few minutes. 

And when something does crap out, there is always a very detail log in %systemroot%/WindowsUpdate.log. You will find all your problems inside be it wrong server, connection timeout etc.

Now, the above can definitely be put into a script to be run by schedule and you have your own "Automatic Update" so to speak. Have fun updating Windows (and other Microsoft Products)




Friday, July 12, 2013

Patch Tuesday July 2013


Usually I do not talk much about Patch Tuesday from Microsoft, but this time round, it totals to about 30 or so updates on most system with Windows and Office. I think that is would the mention. Not only that, there are 6 rated CRITICAL and many which does not have full details on what and how it is exploited as Microsoft got the vulnerability in private. Doesn't that worry you? It should. For all you know some of these vulnerabilities had already been used in the wild, so I suggest you roll in these patches as soon as possible. (How about NOW??)

So, what are fixed in this round? Here is a summary of it:

  • Kernel driver bug due to TTF (yes, I know your WTF look, why would a TTF font be injected into kernel...?) This allow escalation and there is full source code available.
  • Several .Net Framework and Silver patches 
  • Vulnerability in GDI+. Seriously, I think they will never get this fix since it comes back every time.
  • IE. For once, IE 10 is badly hit. Usually most vulnerability would not affect IE 10 (on Win8 especially). Well, this is really the patch you need to install ASAP since IE will be your first point of contact.
  • Directshow with GIF files. Makes you think how a simple file format thing like PDF, PNG (oh yes, last month we just had one), DOCX or sort. It does seems to have a trend of attacking file formats nowadays.
  • Windows Media Format. WMF. There we have it, just to prove my previous point.
  • Windows Defender. It's a path transversal. Well, even the big giants has faults sometimes. But the scary part is Microsoft does patch it... Do you see other AV vendors patching their main program much (I know you get updates, but those are AV signatures, they are different things)?
And other patches involving SD card removal, new camera models, language pack and fonts. 

So, you can see its going to be a busy busy week. And whoever is using those exploits will probably be sweating or trying their last strike to make good use of it before you patch your computer. 

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008 nemesisv.blogspot.com, All rights reserved.