Technology Made Simple
Friday October 15th 2021

Insider

Archives

Q&A Monday: hiberfil.sys and deleting it

Question:

Jim,
While doing some spring cleaning on my computer, I’ve come across a file in C: drive called hiberfil.sys file.  When I try to delete the file it wont let me, how do I get rid of hiberfil.sys?

Craig Ridgeway
Kenosha, WI

Answer:

The first thing we need to discuss, is what exactly is that file?  hiberfil.sys is one of the power management options offered in Windows called Hibernate mode.  In hibernate mode, your computer writes all it’s memory data to a file on the hard drive and shuts off the computer.  That’s where our hiberfil.sys file comes in, it’s that file and currently golds the current memory state.  Since it’s a system created file you can’t delete the file directly.

So you need to ask yourself before continuing, do I want the ability to hibernate my computer?   If you never need it, or never use it then you can continue along, but if you do, then you’ll need to live with the file…which is fine, because you now know what it is and what it does.

Disable Hibernate (and delete the file) [ Windows Vista or 7]

You ready?  Ok, open a command prompt as administrator and type:

powercfg -h off

That’s it! The file should be down.

Disable Hibernate (and delete the file) [ Windows XP]

Head to Control Panel –> Power Options, and then go to the Hibernate tab.  Uncheck the box, reboot your PC, and then you can delete the hiberfil.sys file.

Q&A Monday: Determine what Domain Controller authenticated a user

Question:

We have many domain controllers in our environment and while working through troubleshooting, I was wondering if there was a way to find out which domain controller logged the user into the network while sitting at the users PC.  The problem ended up not being related, but the question stuck with me, is there a way to tell which domain controller logged a user in?

Carol Peterson
South Mountain, ON

Answer:

Carol, there is a very simple way of doing this, all you need to do is open a command prompt and type:

set logonserver

or

echo %logonserver%

This will show you what server logged the current user in.

——————————————————————————————–

If you have any questions that you want Jim to answer, from business servers to home computers, drop him a line at me@jimguckin.com, and he’ll try to answer your question. Check back every Monday for a new Question and Answer session, and during the rest of the week for his other technical insights.

Software Update: iOS 5.1 Software Update

Apple released their new version of the iOS software yesterday.  This update contains improvements and bug fixes, including:

  • Japanese language support for Siri (availability may be limited during initial rollout)
  • Photos can now be deleted from Photo Stream
  • Camera shortcut now always visible on Lock Screen for iPhone 4S, iPhone 4, iPhone 3GS and iPod touch (4th generation)
  • Camera face detection now highlights all detected faces
  • Redesigned Camera app for iPad
  • Genius Mixes and Genius playlists for iTunes Match subscribers
  • Audio for TV shows and movies on iPad optimized to sound louder and clearer
  • Podcast controls for playback speed and a 30 second rewind for iPad
  • Updated AT&T network indicator
  • Addresses bugs affecting battery life
  • Fixes an issue that occasionally caused audio to drop for outgoing calls

for more information please visit Apple’s Support site: http://support.apple.com/kb/DL1504

5 ways to limit your DNS Issues

  One of the things most overlook on a network when things are going well, but when they aren’t, are one of the most pain in the butt things imaginable is DNS for a network.  When you start messing with DNS, you’ll find there are many ways things can go wrong or become endlessly complicated.  I’ve find there are 5 rules that can help you keep DNS manageable and keep DNS problems to a minimum.

    1. Limit the number of zones

      Like many things in IT, doing some level of housekeeping, the longer a company is around the more likely they have accumulated more DNS zones, whether it be from projects that no longer exist or a product line no longer offered, or anything else your company might have been doing.  It’s may seem like a daunting task going through all the zones or forwarders, but if there becomes an issue, you’ll be happy you have less to dig through.

    2. Remove all WINS dependencies

      I’m still shocked that many networks out there still have WINS enabled and working.  WINS is really outdated now-a-days and you are only adding another level of troubleshooting if a problem exist.  If you have a mixed environment; Windows, Linux and Mac; only Windows machine will fully take advantage of WINS anyway, so no need to keep it running.

    3.  Separate Internal and External DNS Servers

      This is the security guy inside me, I can’t stand when companies use one DNS server for both internal and external.  For one this is a huge security concern and two this can make managing DNS a little more confusing when you need to make changes or troubleshoot.

    4. Combine DNS and DHCP

      Since most business networks today are Windows based, it doesn’t make the most sense to have a Linux or Mac server doing DNS and/or DHCP, when windows is the OS of the computers.  I’ve used both Linux and Windows based DNS systems and when it comes to troubleshooting and using Windows is better for business is the long run.  It’s hard to type that as someone who uses Linux for other things.

    5.  Make DNS highly available

      DNS is really a network service that you want to keep up and running as much as possible and Windows DNS can be made highly available.  This can be done by using more than two DNS servers.  The advanced tab of the networking configuration panel for the Windows system allows for a tertiary or higher DNS server to be entered. The advantage of this, if one of the servers is down, DNS can still look up the chain and resolve DNS for your network, giving you a level of fault tolerance in your network.  This works great when physically in different areas.

    I’m sure this isn’t a complete list of ways to Limit DNS issues in your company, so if you have any please list them in the comments below.

    Q&A Monday: Mapping admin C$ Share on Windows 7

    Question:

    On my Windows XP machines I am able to use \\hostname\C$ to map to the C drive on that computer, but when I try it with my new Windows 7 machines, I can’t get it to map.

    Answer:

    This isn’t just a Windows 7 issue, this issue also occurred on Windows Vista machines as well.  This is caused by the UAC (User Access Control) doesn’t allow account elevation over the network with a local user account.  Now there is a registry change you can make that, but I really want you to think long and hard before doing this, because it does make your system less secure.

    so good to understand how Windows works.

    Manual Registry Hack

    Open regedit.exe through the start menu search or run box, and then navigate down to the following key, creating a new key if it doesn’t exist.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

     

    On the right-hand side, add a new 32-bit DWORD value named LocalAccountTokenFilterPolicy and set the value to 1.  To remove this, all you need to do is set the value to 0 or just delete the key.  You just need file sharing turned on now, and you can now map the C$ drive on Vista or 7.

    ——————————————————————————————–
    If you have any questions that you want Jim to answer, from business servers to home computers, drop him a line at me@jimguckin.com, and he’ll try to answer your question. Check back every Monday for a new Question and Answer session, and during the rest of the week for his other technical insights.

    Please don’t daisy chain switches

    There are many times that I would walk into a business to help troubleshoot a problem, to find that someone didn’t take the proper time to do something right, and instead took the easy way.  Usually this come in the form of switches (or even worse hubs) that are daisy chained together one after another…and sometimes, after another.
    I understand, I made this mistake early in my career, pressured to  get lines in a new area of the office, but not given the money to do it properly.  There were even times, when I really did intend to come back to correct the problem only to get endlessly sidetracked and never get back to fix the temporary solution, hence making in permanent.
    The problem is after time this problem can compound by either endlessly daisy chaining switches (either purposely or accidentally) and more likely than not, these new switches are not on UPS power, just plugged into a wall.  This is fine as long as there are no power outages or spikes.  I’ve run into the problem multiple times where a client is complaining about no connection to the network, only to find a switch in the way that needed to be power cycled to work again.
    Rather than run the risk of having problem, I always suggest that you use stack-able switches and make sure they are powered by UPS.  If it’s done right the first time, the client or your company will have less problems in long run, and that’s the information you need to pass along to them.
    In my early days, I wouldn’t even bother to make the objection to adding switches to make extra connections, but experience has taught me, this isn’t good.  They cause another level of failure and can cost additional money in trying to troubleshoot a connection issue or buy a new server when all you needed to do was remove an old switch that was hidden. (At one company, there was an old 10MB switch that was forgotten in the ceiling, of course they found out after spending a couple grand on a new server that wasn’t needed).  This is why it’s better to just do it once and correctly. It may take a little more time/month/both but in the long run it will make things run a lot smoother.

     

    Q&A Monday: IIS 7.5 Error 401.3

    Question:

    I’m trying to test my ASP.Net website and I keep getting this error:
    HTTP Error 401.3 – Unauthorized
    You do not have permission to view this directory or page because of
    the access control list (ACL) configuration or encryption settings for
    this resource on the Web server.

    I tested the site both from the IP address, as I have locally on that server to make sure it wasn’t something else.  I have the following users on the website application folder, with full read/write permissions:

    • NETWORK SERVICE, IIS_IUSRS, SYSTEM, Administrators, Helpdesk, PJordon (my account)

    Is there something I am missing, to get me able to view the site?  Could I have set up something wrong?

    Patrick Jordan
    Penderyn, UK

     

    Answer:

    IIS7 created another user account which may be the cause of these problems, IUSR.  Check to make sure this user has read access to the folder and files you are trying to access.  You can do this by checking the security tab and seeing if this user in that list.  If not add them, and you should be on your way.

     

    ——————————————————————————————–
    If you have any questions that you want Jim to answer, from business servers to home computers, drop him a line at me@jimguckin.com, and he’ll try to answer your question. Check back every Monday for a new Question and Answer session, and during the rest of the week for his other technical insights.

    Upgrade BackTrack 5 R1 to the new R2

    If you are anything like me, you hate to wait for things and here’s a time you can get the information before the release.  BackTrack R2 will be released on March 1st 2012, but there are directions to make all the upgrades today, all you need to do is follow the directions below, and you’ll get the newest kernel, security updates and tools today.

    Directions:

    1. Update and upgrade your BackTrack  R1 installation.  Open Terminal and type :

    apt-get update
    apt-get dist-upgrade
    apt-get install beef
    reboot

    Now we have the newest kernel installed as well as any last updates we have for the official R2 release. You need to reboot to have the 3.2.6 kernel kick in.

    2. Now you can install all of the new tools featured in BackTrack 5 R2:

    apt-get install pipal findmyhash metasploit joomscan hashcat-gui golismero easy-creds pyrit sqlsus vega libhijack tlssled hash-identifier wol-e dirb reaver wce sslyze magictree nipper-ng rec-studio hotpatch xspy arduino rebind horst watobo patator thc-ssl-dos redfang findmyhash killerbee goofile bt-audit bluelog extundelete se-toolkit casefile sucrack dpscan dnschef

    3. Now we need to add the new security updates repository to /etc/apt/sources.list, and run another upgrade  In Terminal type.

    echo “deb http://updates.repository.backtrack-linux.org revolution main microverse non-free testing” >> /etc/apt/sources.list

    apt-get update
    apt-get dist-upgrade

    During this time around updating you’ll be asked what you want to do about the file revision updates. As it ask you what you want to do, just accept all the default settings, and when it asks about grub, keep the local file.

    4. Now most people who use the BackTrack software like to keep services in the stopped position unless they are currently using them, so you’ll want to stop some of the newly installed services from auto-starting, in Terminal:

    /etc/init.d/apache2 stop
    /etc/init.d/cups stop
    /etc/init.d/winbind stop

    update-rc.d -f cups remove
    update-rc.d -f apache2 remove
    update-rc.d -f winbind remove

    That’s it now you have the newest BackTrack kernel, software and security updates.  All this 6 days before the software is officially released on the site on March 1st.  Hope this was a help to you.

    Q&A Monday: Windows 7 Hide Accounts from Welcome Menu

    Question:

    We are deploying Windows 7 machines to users that are not the domain, and I want to add some accounts for administration to the machine, but I only want the users to be give the option of seeing the one account they are going to use.  Is there any way to hide the other accounts?

     John Higgins
    Oakland, CA

    Answer:

    *NOTE: To do this involves making changes to the registry, please make sure you know what you are doing, making an incorrect change could cause your computer to no longer work.  Also make a backup of the registry prior to making the change, just in case*

    Open up RegEdit.exe

    Browse to the following location:

    HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon

    In the left panel of Registry Editor, right click on Winlogon key and click New then Key.  This will allow you to create a new key under Winlogon, name this new key:  SpecialAccounts, then do the same steps to create another key under SpecialAccounts called: UserList and press Enter.

    Now we finally move into the right panel of registry editor, in the blank area right clikc and create a DWORD(32bit) with the name of the user account you want to hide.  (i.e. if your username is Helpdesk, then you’ll name the DWORD Helpdesk)  Double click the newly created DWORD and make the value:

    0 to hide

    1 to show it again
    Now, if you have a have a Windows XP machine that you need to do this with, the directions are a little different please see our other article: Q&A Monday: Hide Accounts from XP Welcome Screen

    ——————————————————————————————–
    If you have any questions that you want Jim to answer, from business servers to home computers, drop him a line at me@jimguckin.com, and he’ll try to answer your question. Check back every Monday for a new Question and Answer session, and during the rest of the week for his other technical insights.

    SysPrep a Windows 7 Upgraded Machine

    When working in any kind of company, I love imaging computers.  When there is a problem with a machine you can quickly blow down the company image and get the computer or laptop back to the user as quickly as possible.  Recently when working on a Windows 7 image that I had inherited from a previous administrator I ran into an interesting error while trying to run SysPrep on that Windows 7 machine:

    sysprep cannot run on a computer that has been upgraded from a previous version

    After doing some background research, I found that the Windows 7 image on the server was an updated image, the original laptops came in with Windows Vista, and was upgraded to 7 before the image was created.  So I went online to see if there was anyway to do SysPrep with an upgraded Windows 7 install.  Most articles that I found, just gave you normal directions on doing a SysPrep and none answered this question.  So finally I was able to find the answer, it all lies within a single registry key:

    HKEY_LOCAL_MACHINE\system\setup

    There was a key called “upgrade”, that once deleted lets you run SysPrep like normal.  Delete that key and you are good.

     

     Page 5 of 19  « First  ... « 3  4  5  6  7 » ...  Last »