Windows Enterprise Desktop

September 20, 2017  9:34 AM

Wonky Win10 Colors Require Registry Edits

Ed Tittel Ed Tittel Profile: Ed Tittel
Registry hacks, Tweak UI, Windows 10

Here’s a weird one that popped up for me recently. After a recent Win10 update, the color scheme on my production PC turned an odd shade of yellow. Odd enough, in fact, that I just didn’t like it. I found myself resetting colors for various Windows UI elements to get back to the normal defaults. Then I discovered a terrific set of .reg files to restore the defaults with a trio of double-clicks. Much easier. So if you should find that wonky Win10 colors require registry edits, let me point you to the instructions to build those files for yourself.

My problem was exacerbated by synching themes across my Windows Live account. Thus, when my production desktop went wonky on me, it shared that wonkiness with all of the machines onto which I logged using the same account. Talk about the gift that keeps giving! This was one I couldn’t wait to return…

Where to Turn When Wonky Win10 Colors Require Registry Edits

After poking around in Google, I discovered a peachy article from Ramesh Srinavasan at It’s entitled “How to Reset Windows Color and Appearance Settings,” and it works for Windows 8 and higher-numbered OS versions. When you cut’n’paste the text windows for the three registry keys you’ll work on, be sure to grab the entire files for each one, including the line that reads “Windows Registry Editor Version 5.00.” Otherwise, the files don’t work as registry scripts. Because such scripts execute with a simple double-click (far fewer clicks than manually importing those settings), be sure to grab them in their entirety when you create .reg files in which to house them.

When I created my files, I named them to correspond to their respective registry keys:

Wonky Win10 Colors Require Registry Edits

Three keys translate into three files. You could collapse them all into one file, if you wanted to, though.

Because my production machine seems to reset the color scheme back to “wonky” each time it sleeps, I’ve got these files ready to go at a moment’s notice. Remember to restart after you make your registry changes, and you’ll be back to the default.

September 18, 2017  11:33 AM

CCleaner 5.33 32-bit Carries Malicious Payload

Ed Tittel Ed Tittel Profile: Ed Tittel
Malware prevention, Windows 10, Windows 7, Windows 8

Because I have recommended Piriform’s CCleaner utility in this blog (and in other blogs and articles) over the years, I must pass this important news along. It seems that a signed version CCleaner 5.33 32-bit, as distributed by Avast, somehow got infected by malware. Because CCleaner 5.33 32-bit carries malicious payload, users should check to see which version they’ve got installed. If they are indeed running a potentially infected version, they should uninstall it immediately. And of course, they’ll also want to run a deep and thorough virus scan as well.

If CCleaner 5.33 32-bit Carries Malicious Payload, Is the 64-bit Version a Risk?

Fortunately, it is not. Here’s what the Properties windows for the 64-bit version looks like. Right-click your CCleaner menu entry or .exe file to see what you’ve got:

CCleaner 5.33 32-bit Carries Malicious Payload

The 64-bit version is clearly labeled as such in the .exe filename.

Unless you’re running 32-bit Windows, you’re unlikely to fall prey to this potential infection vector, though. That’s because the CCleaner installer automatically installs the 64-bit version by default on PCs running 64-bit Windows OSes. And today, that represents the majority of PCs running Windows 7, 8, or 10. (Most stats on such things show that only one or two out of every ten PCs runs a 32-bit OS). That said, if a 5.33 download file is present on your machine you’ll want to delete all copies to eliminate any chance of infection. (If present, it’s named ccsetup533.exe,, or ccsetup533_slim.exe) At present, ClamWin AV appears to be the only widely and freely available AV tool that can detect this malware. And sure enough, it found it on my local PCs:


All versions of the CCsetup 5.33 download are likely to be infected: Securely delete them immediately!

Thus, the risk of infection is real and threatening enough to warrant spreading the word. That also means you should take the time to check to see which version is running on PCs with CCleaner installed. The 32-bit version of the program is named “CCleaner.exe” and is around 7 MB in size. By contrast, the 64-bit version is named CCleaner64.exe and is over 9 MB in size. As for myself, I still wait for the “slim” version of CCleaner to come out from Piriform because it includes no added menu extensions or other bloatware in its code base. Those who do likewise would still find the installer file to be infected, however, as shown above. All CCsetup533 versions I found on my PCs were infected.

More Info on CCleaner 5.33 32-bit Carries Malicious Payload

Here’s the announcement that caught my eye at “CCleaner: A Vast Number of Machines at Risk.” It came by way of Tweakhound from the Cisco Talos blog. The Talos post covers the malware payload in detail and also prescribes remediation strategies, for those who may be affected thereby. An easy way to check for infection on suspect machines is to dump the DNS cache to a text file, then to search for domain names that start with the string “ab” (a full list of DGA domains appears at the end of the Talos blog post linked earlier in this paragraph). Likewise, the presence of IP address is also indicative of potential compromise.

Even if you don’t have this problem, it’s still worth reading through the Talos post. It provides a chilling and thorough analysis of how (and why) the incident occurred.

September 15, 2017  3:19 PM

PowerShell Illuminates System Components

Ed Tittel Ed Tittel Profile: Ed Tittel
Powershell, PowerShell cmdlets, PowerShell Scripts, Windows 10

In reading over user requests for information at this morning, I saw a simple-seeming request for info there. It read “How to show SSD and RAM size using terminal.” Basically, it asked for a way to determine total RAM installed on a PC and the presence and size of SSD drives it might house. Knowing that PowerShell illuminates system components nicely, I knew there had to be a way to do this using that toolbox of cmdlets. So I turned to Google to look things up and figure it out. It took about 15 minutes all told, and shows that PowerShell is powerful juju.

1. PowerShell Illuminates System Components: Total RAM

Sure, you can use the old Windows Management Instrumentation (WMI) calls to do this — even in PowerShell — by typing

wmic computersystem get totalphysicalmemory

But I wanted something a little friendlier and easier to read, with memory displayed in GB, not actual bytes. So I turned to Google again and learned that the Get-CimInstance cmdlet could tell me what I needed with a little script manipulation. CIM stands for “Common Information Model” and is based on a computer industry standard for defining device characteristics to make them accessible to and manageable by sysadmins and management programs alike.

In this case, the basic command is Get-CimInstance -class "Cim_PhysicalMemory" | % {$_.Capacity}. But that lists the capacity of each memory module on the PC, and doesn’t add things up. It also produces the string 8589934592 when I’d like to see 8 GB instead. A little script magic whips the whole thing into proper form:

$TotalRAM=(Get-CimInstance -ClassName 'Cim_PhysicalMemory' |
Measure-Object -Property Capacity -Sum).Sum
$TotalRAM /= (1024*1024*1024)
Write-Host "$TotalRAM GB"

The first long line adds up the capacities for all memory modules on the PC. The second line divides that result by 230 to convert bytes into gigabytes. The third line outputs the calculated value followed by “GB” to tell you how much RAM it detected.

This produces the output 32 GB on my PC, which is what I wanted to see, and would do likewise for RAM on other PCs as well. One down, one more to go. Note: the first three lines in the preceding script are actually one line of script broken for display purposes here. If you want to run this script, go to the end of the first line and hit the delete key to pull up the remaining part of that line. Do that again to make the script work properly.

2. PowerShell Illuminates System Components: SSD Presence and Size

This is a little easier to solve because there’s a cmdlet specifically focused on physical disk devices. Not coincidentally, it’s named Get-PhysicalDisk. One single command line will suffice to produce the requested output, with a little selecting and filtering to provide minimal information. Here ’tis:

 get-physicaldisk | Select FriendlyName, MediaType, Size | where-object {$_.MediaType -eq 'SSD'}

Here again, seeing the string on more than one line means you need to delete spurious line breaks if you cut’n’paste it into PowerShell.

The first part of the string grabs physical disk attributes for all disks on the system (up to first pipeline symbol ‘|’). The second part of the string selects the FriendlyName, MediaType and Size attributes for those disks (up to second pipeline symbol). The third part of the string filters out any entries where the MediaType attribute is not “SSD.” The result is a listing of FriendlyName, MediaType and Size for all SSDs on the system where the string is executed. Here’s what that looks like on my production PC:

PowerShell Illuminates System Components

Three out of 8 drives on this system are SSDs.
[Click image for full-sized view.]

PowerShell Is Good Stuff!

The more you mess with PowerShell, the more you’ll come to appreciate its many capabilities. Just about any kind of Windows information or action you can think of, you can accomplish using PowerShell. The guy who posted to SuperUser could have spent his time digging into PowerShell himself and solved his issue quickly and easily. The more you learn PowerShell, in fact, the more you’ll end up using it.

September 13, 2017  12:39 PM

Insider Preview 16288 Failing More Than Succeeding

Ed Tittel Ed Tittel Profile: Ed Tittel
Beta Testing, preview, Windows 10

I’ve got two test machines in my office dedicated to running Insider Preview versions of Windows 10. Just yesterday, MS unleashed Build 16288. In trying to get it installed this morning, I succeeded on the desktop test machine, but failed on the hybrid tablet. This produced an interesting error message I’d never seen before. It also led me to discover an online poll at It shows installs of Insider Preview 16288 failing more than succeeding. Go figure: with Fall Creators Update now scheduled for October 17, you’d think things would be fairly solid.

Insider Preview 16288 Failing More Than Succeeding

Surrounding news reports indicate that fixes are being staged in variants, due out starting at 5PM PDT today.

Evidence that Insider Preview 16288 Failing More Than Succeeding

The folks at put up a poll page to gauge user experiences in installing this latest build. Right now, it appears that only about one in ten attempts to install the OS result in complete success. Here are those numbers, after I voted twice. (The status message shown simply indicates that the display shows my votes had already been counted; I saw the proper counters increment after each one):

Insider Preview 16288 Failing More Than Succeeding

As more people vote, these numbers will change, but here’s how things stand at around 11:30 AM Central Time on 9/13/17.

It will be interesting to see how all this rolls out over the next day or two. Usually, Win10 Insider Preview builds either succeed nicely or fail miserably. This one appears to fall in a grey area between those extremes, albeit more on the failing side. That said, if MS delivers the promised fixes, this will no doubt be just a temporary pothole on the road to the Fall Creators Update release next month. Please stay tuned, and I’ll keep you informed. That’s how things sometimes go, when beta-testing software (especially OS releases).

Follow-up: September 13/14

After 5 PM PST, as promised, MS released newer versions of the 16288 build. It worked like a charm on my Dell Venue Pro 11 (7139), as it reportedly has for most others who’ve tried to install since then. This looks like it was a purely temporary hiccup. It’s interesting to see MS being willing to air its dirty laundry and show rapid progress with fixes at the same time. It’s kind of distracting to have to keep checking on stuff when it doesn’t work out the gate, but also heartening to see MS come up with workable fixes in pretty short order.

I got feedback from one blog post reader that people could care less about this kind of thing. But according to my various sources of access tracking, more than 300 people read this post within a day of its release. And so it goes, here in Windows-world!

September 12, 2017  2:15 PM

Trouble with the curve

Colin Steele Colin Steele Profile: Colin Steele
Citrix, cloud, desktop workspaces

Ahead of the curve is a common phrase in IT, and it’s almost always used in a positive light. After all, new technologies and cutting-edge innovations keep the industry growing. Without vendors constantly striving to be ahead of the curve, we’d still be working on unwieldy computer terminals connected to giant mainframes.

But sometimes vendors can go too far and get themselves in trouble. The tipping point is when ahead-of-the-curve technologies and strategies don’t align with customers’ needs.

Workspace suites, as the March issue of Access covered, offer one such example. They aim to provide unified access to and management of all end-user applications and data, which is great. But they combine a lot of different product types, many of which are still emerging, such as enterprise mobility management and identity and access management. Those technologies represent a new way of doing things for both IT and users, and many organizations aren’t ready to adopt them yet — let alone adopt suites that integrate them with other products.

Workspace suites are not at the core of any vendor’s business — at least not yet — and organizations can still buy all their components separately. So while they are too far ahead of the curve, it’s not a huge problem.

Citrix’s push to become a cloud-first vendor focused on security and analytics exemplifies a thornier issue. The company — which changed CEOs in July, citing the need to pivot faster — is betting big on cloud-based management.

The approach makes sense for Citrix. From a financial perspective, selling software on a subscription basis strengthens the customer relationship and makes revenues more predictable. Plus, when existing customers are locked in for the duration of a subscription, it frees up sales staff to pursue new business.

And from a technology perspective, cloud is the future. As users, apps and data become more distributed, the cloud will become not only more convenient but necessary for connecting to and managing these assets.

Many customers aren’t buying in, however.

“With the shift to cloud, is Citrix focusing on the wrong thing?” asked Tim Riegler, a systems engineering manager at a Citrix shop in the healthcare industry. “Lots of Citrix loads run on premises, especially legacy applications or anything that requires large file access. Plus, there are a host of issues with cloud: access, cost, complexity, management.”

In addition, organizations have made significant investments in on-premises management software. It needs to make financial sense for IT departments to abandon their existing investments in favor of cloud, and that’s not always the case these days.

Cloud-first management is an ahead-of-the-curve strategy for Citrix. But it doesn’t align with many IT departments’ current needs. And that’s a problem.

This post originally appeared in the September 2017 issue of Access Magazine.

September 11, 2017  5:40 PM

German Court Case Foils Aggressive MS Updates

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows Upgrades

Maybe, to mangle Shakespeare, we don’t need to kill ALL the lawyers. A recent suit in Baden-Wuerttemberg, Germany, brought by its consumer protection agency has settled. It originated from the 6GB of pre-staged upgrade files for Windows 10. If you’ll recall, MS uploaded a raft of files to PCs prior to the first Windows 10 upgrade. It affected Windows 7 and 8.1 users alike. It also caused consternation for those on limited or metered Internet service plans. Not only did MS provide no prior warning, it gave users no opt-out, either. But before the court could rule against Microsoft, the company voluntarily agreed to quit such behavior. Thus, this German court case foils aggressive MS updates going forward. With the Fall Creators Update just weeks away, that means Win10 users need expect no big mystery downloads to hit their PCs.

German Court Case Foils Aggressive MS Updates

Lots of users got steamed when they realized that “never” was NOT an option for downloading upgrades to Windows 10

If a German Court Case Foils Aggressive MS Updates, What Does This Mean?

I got my information from the UK website, According to its voluntary agreement, Microsoft is “obliged to avoid placing installation data for new operating systems on Windows users’ hard drives without their permission.” Now, MS must ask for permission to pre-stage upgrade files to our PCs. Given the time lag on some PCs in receiving the Spring Creators Update (Version 1703) this year, it may not have been a problem anyway. But it’s comforting to know that MS promises to “play nice” going forward, when it comes to parceling out big upgrade files in advance. Now, if I could just figure out when my older PCs would get the upgrade automatically, I’d be a happy camper… Maybe I should ask the Verbraucherzentrale (literally translated “User Central”) group to look into this, too?

September 9, 2017  1:43 PM

Build Install ISO for Current Win10 Image

Ed Tittel Ed Tittel Profile: Ed Tittel
DISM, Windows 10, windows installer

Huh! Turns out there’s an easy way to use a reference Windows installation to create an ISO file. This might not sound like a big deal, but give it some thought. For one thing, it means admins can use a customized Windows 10 installation to spawn as many copies as they like. For another thing, it means power users can snapshot their current installation to create an installer from that image. In turn, this means they can restore or reinstall that image any time they like. Better yet, it’s easy to build install ISO for current Win10 image, if you follow the right steps.

Caveats to Build Install ISO for Current Win10 Image

This approach works only when all elements and user accounts reside on the default Windows drive, aka %windir%. For most installs, this means the C: drive. If any data has been relocated to some other drive, including any or all files or folders for user files, the Documents folder, and so forth, a Windows image file based on the install will not work to (re)install the Windows OS. Unless you’re 100% sure this applies to a reference or target install, you may do the work only to discover that the install doesn’t work. In such a case, it’s best to start over with a clean Windows install and do the work necessary to customize it the old-fashioned way. After that, you can proceed with the steps described to build the custom .wim file confident that it will work the next time you try.

You also need to clean up your system completely before making a snapshot of the image to create the .wim file for the ISO. A TenForums tutorial on this topic is available (follow the instructions in Option Two “To Open and Use Extended Disk Cleanup”). Here again, such cleanup is essential to achieving a successful outcome for your efforts.

The image creation process requires use of the Windows install media, which should be the most current version available. (Visit the Download Windows 10 page to find this.) Boot to the install media, then start the Windows installation process. You’ll press Shift+F10 to launch the Command Prompt window once you see the screen for region and format election.  Then you’ll use diskpart to identify your source partition for the Windows image, and the dism (Deployment Image Servicing and Management) command to snapshot your image and create a .wim file. The process is time-consuming and requires close attention to dism syntax, but is otherwise straightforward. The final step is to replace the default (non-custom) install.wim on the Media Creation Tool (MCT) USB with the custom install.wim you just built. After that you can use your customized MCT to install your tailored Windows 10 image as you see fit.

Build Install ISO for Current Win10 Image

When you see this screen, click Shift+F10 to get into the Command Prompt window…

Get All the Gory Details

The devil is in the details, of course. And that’s where my friend and co-author, Kari Finn, sheds ample light on this subject. His TenForums tutorial on this topic provides nicely-illustrated step-by-step instructions on how to do this. That tutorial is called “Create Windows 10  ISO Image from Existing Installation & Upgrade” and is eminently worth checking out. Then, you too can easily build Install ISO for current Win10 image. Enjoy!

September 5, 2017  11:37 AM

Win10 Fall Creators Update Hits October 17

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows Upgrades

OK,  now we’ve got a date for the next major public upgrade to Windows 10. In a post to the Windows blogs, EVP Terry Myerson made it official. Here’s the first sentence : “The next update of Windows 10, the Fall Creators Update, will be available worldwide October 17.” He goes on to tout “an evolution to the photos experience” that lets users put visuals together with “photos, videos and 3D effects.” He also mentions “enhancements in gaming, security, accessibility, and …Mixed Reality,” too. This raises the question “When the Win10 Fall Creators update hits October 17,” how will this new release be received?

Win10 Fall Creators Update Hits October 17

The blog post headline puts the 10/17 date right out there.

What to Expect When Win10 Fall Creators Update Hits October 17

After the 1703 build went out the door in April, we witnessed a loooooong rollout to the user base.  I gave up waiting on my wife’s PC in August, myself. I’d decided to hold back and wait for MS to push the update to that machine to see when MS got around to it. But when August came and had almost gone, I decided to jump to 1703 anyway, and used the media creation tool (MCT) to force matters to completion. In fact, some PCs still haven’t received the previous upgrade, even as the new one gets queued up with about five weeks to go before release day. One wonders if the next upgrade will be subject to the same long, drawn-out process.

I’ll probably end up jumping early on most of my PCs, using the Download Windows 10 page to grab a current version of the MCT on or after October 17. I imagine many others will do likewise. It should be interesting to see how quickly the user base jumps on the upgrade bandwagon. It will also be interesting to see if more business users climb onto the Current Branch for Business (CBB), currently at Version 1607 (Build 14393.1593), which will probably increment to 1703 (at whatever Build is current come October 17, 2017) when Win10 Fall Creators Update hits October 17. As of May 2017, about 12.5% of the estimated 500 million Windows 10 users were in businesses (source:

September 1, 2017  12:44 PM

LockHunter Reports Locked Windows Files

Ed Tittel Ed Tittel Profile: Ed Tittel
File locks, File management, Folder Lock, Windows 10

In my never-ending quest for good Windows utilities, I’m always on the prowl for cool tools. In trolling over TenForums recently, I came across mention of a utility called LockHunter.  As the blog post title says, LockHunter reports locked Windows files. That is, it identifies the Windows process that is locking a file. It can also schedule such a file for deletion the next time the system reboots. From time to time this sort of thing comes in handy, so I took the tool for an extended spin. I liked what I found, so I’m recommending it here.

When LockHunter Reports Locked Windows Files, What Does It Do?

That turns out to be a pretty good question. If the file really is locked, LockHunter reports something that looks like this:

LockHunter Reports Locked Windows Files

In Windows, a running process locks files it needs and uses.

In setting up the preceding screenshot, I used the File Explorer shell extension that LockHunter adds to the right click menu for filenames. That menu entry reads “What is locking this file?” and it shows the Lockhunter icon, like so:

LockHunter Reports Locked Windows Files

If you click on this menu entry, LockHunter launches itself with the selected file as its focus. To produce the first screenshot, I launched Task Manager, then ran LockHunter against the .exe file for the program itself. Because running programs are always locked to keep them working, I knew this would report a locked file. And by no coincidence at all, the Task Manager process is responsible for the lock on its own executable file!

At this point, you could choose to unlock it (not wise for a running .exe file, but something worth trying for a file subject to a “mystery lock”). You can also choose to delete that file (not wise for a Windows OS component). Other options available include:

  • Delete at Next System Restart
  • Unlock & Rename
  • Unlock & Copy
  • Terminate Locking Processes
  • Delete Locking Processes From Disk

Helpful stuff, all the way around.

What If the File Isn’t Locked, But You Can’t Delete It Anyway?

Sometimes a file may resist deletion even if it isn’t locked by a process. I set up a typical example by creating a file named Test test test.docx in Word, and left it open in that program. Windows won’t let you delete open files, even if they aren’t locked. Thus, I wanted to see what would happen using LockHunter against an open file. When I right-clicked that file and picked the “What is locking…?” option, then tried to delete it, here’s what showed up on my desktop:

LockHunter Reports Locked Windows Files

Windows won’t let you delete an open file, either. The application that opened it must close it before Explorer can do anything to it.

LockHunter can still work on this file, though it can’t delete it immediately. As the button at the bottom of the screencap states, it can schedule that file for deletion at the next system restart. The remaining “Other” options from the programs bottom control button may also be applied to the file as well. Again: good stuff!

A Bit of Background on LockHunter

LockHunter comes from Crystal Rich Ltd, a software development company based in St. Petersburg, Russian Federation. This might raise an eyebrow or two, or at least, prompt some security concerns. No worries. reports that 0 out of the 64 virus check engines it ran against the utility report cause for concern on the downloadable .exe file, LockHunter_v3.2.3.exe. It also comes recommended on and, two sites I’ve found completely reliable. Don’t let its country of origin stop you from using this excellent tool. It’s a great addition to the Windows admin toolkit.

August 30, 2017  2:32 PM

MS Stops Insider Preview Issues Lists

Ed Tittel Ed Tittel Profile: Ed Tittel
Beta Testing, Release management, Windows 10

Here’s an interesting and counter-intuitive bit of Windows 10 news for you. As of  Build 16273, MS no longer includes known issues in its Insider Preview release info. That was the section I read first and foremost. It helped me decide if I wanted to update my test machines to the latest Fast Ring build. But as this Twitter snippet shows, MS is not planning to document issues at present. Rather, they plan to skip it and report only on “high impact issues for a large portion of Insiders.” Thus, as MS stops Insider Preview issues lists for new builds, we poor beta testers must take the plunge less informed than for past builds.

MS Stops Insider Preview Issues Lists’s Rafael Rivera jumps right on top of this missing matter. Glad he did!
[Click on image for full-sized view. Source: MS/Dona Sarkar/Brandon LeBlanc.]

When MS Stops Insider Preview Issues Lists, What Does That Mean?

From a practical perspective, this means that Insiders will be less well-armed with information. This offers no help in making a go/no-go decision on upgrading to the latest build. Some Windows watchers apparently have no issue with that (for example, Sergey Tkachenko of Others find this somewhere from potentially vexing (ZDnet’s Liam Tung) to downright infuriating (ComputerWorld’s Steven J Vaughan-Nichols). Indeed, I’m willing to grant some credence to MS’s assertion that with the Fall Creators Update weeks away from public release, the software is pretty stable. Nevertheless, I lean toward the latter camp. That’s because I’ve already fallen into enough potholes on the Insider Preview release trail to want to steer around them.

This is one decision I hope is only temporary (until the next major upgrade is set), or that will be reversed as the next release gets going. Where potential problems are present, one can never have too much information to assist in avoiding them.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: