Sysinternals at TechEd US 2014

I’ll be presenting “TWC: Sysinternals Primer: TechEd 2014 Edition” in Houston, Tuesday, May 13, 2014, 5:00pm-6:15pm US Central Time.  Lots of cool stuff, including the “App Install Recorder” (I will post the scripts on this blog); great new features that Mark Russinovich has added to AccessChk, SigCheck, Process Explorer, and how you can use them proactively to…

2

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11

Although the US Government has not published a US Government Configuration Baseline (USGCB) standard for Windows 8 or Windows 8.1, Microsoft has just published a beta release of Microsoft security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11.  It includes documentation, GPOs, and scripts for installing the recommended settings to local group…

0

My Ian MacKaye / Dischord Records interview on WTJU.net

A long time ago, before the introduction of the IBM Personal Computer, I was a DJ at the University of Virginia’s college radio station, WTJU-FM.  Also around that time, Dischord Records in Washington, DC, released their first record, an 8-song 7″ EP by the DC hardcore punk band, The Teen Idles.  Being an ardent fan of the DC…

0

I’ll be on Defrag Tools (Channel 9)

Earlier today I finally got the chance to go into the studio to appear on the “Defrag Tools” show on Channel 9.  We talked about the upcoming Sysinternals book I’m writing with Mark Russinovich, and demonstrated a very cool “App Install Recorder” built with Process Monitor and some PowerShell scripts. The episode will go live next Monday,…

6

Speaking at Washington DC IT Pro Camp, Sat. Feb. 22, 2014

Microsoft is pleased to announce the first Washington DC IT Pro Camp on Saturday, February 22 2014 from 8:00 am to 5:00 pm at Microsoft Training Center 5404 Wisconsin Ave, Suite 700 Chevy Chase, Maryland 20815 Parking and admittance to this event is free. Lunch will  provided. Please Register soon and let friends and colleagues know about this…

0

Knowledge Base updates about UAC

I should be working on the Sysinternals book, but there were a couple of KB articles about User Account Control that needed some work.  Writing KBs is not normally part of my job; in the past 15 years I’ve authored two that I can remember (the ones described here) and been a major contributor to just two or…

0

EventCreate and "ERROR: Source parameter is used to identify custom applications/scripts only"

EventCreate.exe is a command line utility that comes with Windows that lets you write events into the Windows event log and to create custom event sources.  For example, this command line creates an Information event in the Application log, associated with the source “MyStuff”: EventCreate /L APPLICATION /SO MyStuff /ID 1 /T INFORMATION /D “Text…

1

Redefining what "Never doing that again" means… Troubleshooting with the Windows Sysinternals Tools, Second Edition

When people asked me what it was like writing a book, I’d invariably answer, “It was a once in a lifetime experience.  I hope.”  When they asked, “Are you going to write another one?” my answer was always, “No.”  (Actually, my answer was more emphatic than that, but this professional blog site’s policies don’t permit me…

8

VirtMemTest: a utility to exercise memory and other operations

I wrote the first versions of VirtMemTest while working on the Windows Sysinternals Administrator’s Reference.  The utility made it easy for me to perform a variety of memory operations and to observe how different Sysinternals utilities reacted to them.  I eventually added CPU-stress capabilities, hung UI simulation, and crash-on-exit, particularly for exercising ProcDump.  I have…

3

Sysinternals – and Pass the Hash – at TechEd next week.

There are five talks highlighting the Sysinternals utilities at TechEd North America next week in New Orleans.  They all happen to be on Thursday, June 6.  Click the session titles for more information.  The videos should be on Channel 9 within 24 hours of the talks. Hardcore Debugging Andrew RichardsJune 6, 2013 from 10:15AM to…

1