What I’m about to say might be a surprise to you… But you don’t need to install any sort of 3rd party software (like 7zip or WinZip) to extract tarball files on WIndows. Windows 10 actually has the functionality built-in. I know, I was just as surprised to learn about it as you are. From the command line, you can use the “Tar” command to easily extract .tar, .gz, or tar.gz files.
For folks out there that don’t know;
A tarball file, ‘.tar’, is just a type of archived file. They are basically, a collection of files that have been merged into one single file.
Gzip files, ‘.gz’, are a type of compressed file and it is used to save on the amount of space that a file uses on the hard drive.
If you’re following along, then you’ll already have realized that a ‘.tar.gz’ file means that it is just a compressed archive file.
Here’s how to extract your tarball file in Windows 10.
Open the ‘Start Menu’ and search for “cmd”. Right-click on “Command Prompt” and select “Run as administrator“.
Enter the following command inside the window.
tar -xvzf "Path to file" -C "Path to destination"
Example:
tar -xvzf C:\Source\file.tar.gz -C C:\Destination\
This example will extract the contents of the ‘file.tar.gz’ file from the “C:\Source\” folder to the “C:\Destination\” folder. Note: Make sure the ‘-C’ parameter before the path to the destination is an uppercase.
The parameters explained:
x — instructs tar to extract the archived content.
v — verbose mode. This is optional to display the extraction process. Otherwise, you will only see a blinking cursor until the process is complete.
z — instructs tar to uncompress the content with gzip.
f — provides tar the name of the file you’re about to extract.
–C — uppercase and with a hypen, this tells tar to change folders to the specified folder
BGinfo is a great utility/tool that I really like and I literally have on every server I deploy. It is totally customize-able and able to display whatever system information that you feel is important to you, right on the desktop background making it easy to see at a glance. It could be used to display anything from the server’s name, IP addresses, hard drive usage, memory usage, OS version, or even the user that you are currently logged in as.
Create a folder, c:\utilities\, and make sure that all users have read and write access to it.
Move the BGInfo utility into the c:\utilities\ folder. I also like to place any other Sysinternals utilities that I am using into this c:\utilities\ folder.
Run the BGinfo utility and take a few minutes to configure what information you wish to be displayed on your background. Then save your configuration to the c:\utilities\ folder.
Create a shortcut to either Bginfo.exe (if you are on a 32-bit machine) or Bginfo64.exe (if are on a 64-bit machine).
Edit the target of that shortcut to include the name of your BGinfo configuration file. In the picture below I’ve named mine “c:\utilities\mybgconfig.bgi”.
A few more handy suggestions to include in your shortcut’s target are:
/timer:0 – to avoid the typical UI popup
/nolicprompt – to make sure new users are not prompted with the EULA
/silent – to silence and errors
Which would result with the target field looking like:
Follow my article about finding the startup folder in Windows, and make a copy of your shortcut into that startup folder. I prefer to copy the shortcut to the “Common Startup” folder, that way it will launch for any user that logs into the machine… But it’s up to you if you want to put it in the “User Startup” or “Common Startup” folder.
Now it’s time to test it out! Try logging out and then logging back in.
In recent years Microsoft has moved around where they “hide” the startup folder. That’s the folder that gets used to launch applications that start automatically when the user logs in. It’s not necessary hard to find, but it is well hidden.
There’s actually two places that startup folder lives. Each user has their own startup folder that will launch programs specific to that user. And there is also a common startup folder which will launch programs for any and all users that log into that machine.
How to find the users’ individual startup folder
Right click on the start menu and select ‘Run’.
Type “shell:startup” and click ok.
The startup folder will open, and you can drag-and-drag and shortcuts or applications you need into.
If you need to manually dive thru folders to get to the user’s startup folder, go to, but remember to change “<USER>” to the one you’re looking for:
Windows makes it incredibly easy to run an application or script as another user on your computer. I find that I most often use this to run administrative or domain tools, when I’m logged in as just a normal user.
Method 1
This is the easiest method. While it took me a little while to remember it, I now use it almost daily and without even thinking about it.
Press and hold down the ‘Shift’ key on your keyboard, while you right-click on the program you want to launch.
This will only work on executable (EXE) files or shortcuts to executable files. If you try this and don’t see the option, then it is not an executable file.
Method 2
This method will create a shortcut that “knows” to launch an application as another user.
Create a shortcut to your executable
Right-click on the shortcut and modify the “Target” to:
runas /user:DOMAIN\USERNAME "path to executable"
Click ‘OK’. Then launch your shortcut. You will get prompted for your password everytime you launch your shortcut.
If you need to store the password with your shortcut, then modify the “Target” to this instead:
runas /savecred /user:DOMAIN\USERNAME "path to executable"
Click ‘OK’. Then right-click and select “Run as Administrator” the first time you use the shortcut. You will be prompted for the user password and it will get saved. From then on, just clicking the shortcut will launch it as your desired user.
Method 2.5
Alright this is basically the same method as above, so I didn’t feel right calling it a third method.
You can take the same trick from “Method 2” and just use it to run an application from a command prompt window.
C:\> runas /user:DOMAIN\USERNAME "path to executable"
Most companies will use a certificate to sign their applications before they release their software to the world. This helps the user know to that the software they are running actually came from the software vendor, and hasn’t been altered or changed by someone.
Certificates are based on key pairs. There is a public key, and a private key. In terms of digitally signing an application, the public key is often just referred to as the Certificate.
How it works, in simpified terms… The software vendor holds a private key, and they guard it, keeping it safe in their organization. You can also think of is their fingerprint that they’ll use when signing something as it is unique. The public key is what we can see. Using a hash in the digitally signed application, we can use their public key, to see is if the hash value can be verified. If it checks out then we know that the digital signature is valid. If it doesn’t, well then we know the signature has been altered.
The I’ll show you below how you can pull the public half of the Certificate from an application. In this example we’ll pull Adobe’s certificate from Adobe Reader DC.
Right click on the application you want the signature of and select “Properties”
Click the “Digital Signature” tab, select the signature, then click the “Details” button.
Note: If you do not see the “Digital Signature” tab, then the file is not digitally signed.
Click the “View Certificate” button.
Click the “Details” tab and then select the “Copy to File” button.
Follow the “Certificate Export Wizard”.
After completing the export wizard, you’ll have the digital signature certificate of the digitally signed application.
Using GPOs is a great way to allow or block programs from running on your corporate network. Just be careful and limit yourself to only blocking the applications which you actually have a need to block. Don’t go too crazy locking down programs
Microsoft first made the introduction of “Software Restriction Policies” in Windows Server 2008 and they’ve continued to evolve. Today I will show you four ways which Microsoft allows us to restrict programs from running.
File Path / File Name Rule
Network Zone Rule
Hash Rule
Certificate Rule
To begin, fire up the Group Policy Management Editor. Click on the start menu and type “gpmc.msc”. If you are on a Domain Controller it should work. If you’re on a workstation you’ll likely have to run Server Manager as a Domain Admin (or other user with the correct administrative privileges), choose “Group Policy Management” from the ‘Tools’ dropdown.
Once it’s open, scroll down to the folder “Group Policy Objects” and right-click on it to create a “New ” policy object. Give it an appropriate name, something like “Software Restrictions – Test”. Now find and right-click on your new policy and select “Edit…”.
The software restriction policy exists under both “Computer Configuration” and “User Configuration”. So depending on your needs, you can lock down either the user or the computer.
Drill down into the policy… “Policies” -> “Windows Settings” -> “Security Settings” -> “Software Restriction Policies”.
Right-click on “Software Restriction Policies” and click “New Software Restriction Policies”
Select and open the “Additional Rules” folder.
Right-click under the two pre-existing default entries, and then from that drop-down menu select the type of rule you want to create. I’ll expand on the four methods below…
There are three security levels used in all of these rules:
DISALLOWED: Software will not run, regardless of the access rights of the user.
BASIC USER: Allows programs to run only as standard user. Removes the ability to “Run as Administrator”.
UNRESTRICTED: No changes made by this policy – Software access rights are determined by the file access rights of the user.
My examples below all show how to block software with ‘dissallowed’ rules. But just remember that you can just as easily allow for software by using ‘basic user’ and ‘unrestricted’ rules. Use them wisely!
1. Block by File Path / File Name Rule
In this example I will show you how to lock down the computer from running WordPad.
Select “New Path Rule”.
Type, or use the “Browse…” button, to enter the file path or file name you wish to block. Make sure that the ‘Security level’ is set to “Dissallow”. Then click ‘OK’.
Note: System variables will all function in the rule, variables such as %windir%, %ProgramFiles(x86)%, %AppData%, %userprofile%, and others.
It is important to note that many applications launch in more than just one way. So you may have to block multiple executables to fully block the application, just fyi.
You also need to take note of where/how software get launched from, as some applications have multiple ways they can be launched. Just FYI, in case you start banging your head as to why some block rule doesn’t seem to be working.
Also be careful using just the file name itself to try to block a program from running. If you were to block just the file name ‘update.exe’ for example, hundreds of applications all ship with an ‘update’ executable and they would all be hindered and unable run.
My rule of thumb is to always use the full path unless it’s truly a unique file name, and even then I still prefer to use the full path.
2. Block by Network Zone Rule
Select “New Network Rule”.
Select the Network zone you want to block. Make sure that the ‘Security level’ is set to “Dissallow”. Then click ‘OK’.
These rules allow you to block programs if they come from sites you’ve designated into a zone, like your Restricted sites. Or in the case that you were to be creating an allow rule, your local Intranet. While this option exists, it seems unlikely to me that most SMBs ever use it.
3. Block by Hash Rule
In this example I will show you how to lock down the computer from running WordPad.
Select “New Hash Rule”.
Use the “Browse…” button to navigate to the file which you are wanting to block. Select the file and click ‘Open’. It will automatically pull the needed file information and the “hash” it needs from the file you selected. Make sure that the ‘Security level’ is set to “Dissallow”. Then click ‘OK’.
The only problem this method has is that file hashes change any time there is ANY change to file. It doesn’t matter how small of a change is made, it will always create a new hash. That means that hash rules are best applied to older software that you are trying to kill, and not for programs that get updated often.
4. Block by Certificate Rule
In this example we will be blocking applications signed by Adobe Inc.
Select “New Certificate Rule”.
Use the “Browse…” button to navigate to the certificate file which you are wanting to use to block signed software. Select the file and click ‘Open’. Make sure that the ‘Security level’ is set to “Dissallow”. Then click ‘OK’.
Certificate rules are by far one of the most secure rules as they rely on certificates from trusted publishers. Because of this but they require more work on the PC’s part as it goes out and tries to verify the validity of the certificate, so they may significantly effect performance. I can’t tell you how much of an impact they’ll create, but it’s enough that MS warns us. Also, if the certificate ever expires, you’ll need create a new rule.
The Quick Access links is a feature in Windows that gives the user an easy way to access the folders which use frequently by pinning them to the top of the left pane in ‘File Explorer’. Sometimes the file that stores the pinned items can get corrupted and thus you loose access to the Quick Access pinned items. Here’s a few ways to fix it.
Method 1
We can reset the Quick Access Recent Items. This method will only apply to “stuck” recent folders, and won’t affect your pinned folders.
Right click on the Quick Access star icon and then click on ‘Options’.
Click the ‘Clear’ button under ‘Privacy’.
All of your Recent folders will be cleared from the Quick Access list.
Method 2
This method will reset and clear the Quick access shortcuts. But in my opinion this is the better way to fix it, as you can always re-pin your shortcuts.
Open File Explorer and copy/paste the following folder location:
Look for and then delete this file from the folder:
cmd.exe /c del “%AppData%\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms”
*Or you can open a ‘Run’ dialog (Windows key + R) and copy/paste the following command into it to delete the file.
cmd.exe /c del "%AppData%\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms"
This method will remove and clear any custom pinned items and frequent items from the Quick Access list. Windows will automatically regenerate the “f01b4d95cf55d32a.automaticDestinations-ms” file the next time that you launch File Explorer and wil list the default Quick Access links which you can expand upon.
A bad user profile could happen to any one of your users. It could happen in Windows desktop or on a server. The user will log in and instead of their profile getting loaded, the OS decides it wants to load a temporary profile the the user. The user will a pop up message stating “You have been logged on with a Temporary Profile” and that any changes won’t get saved.
It can be frustrating for the user, for sure. However, once you know where to go to fix it, it’s not too big of a deal.
Why does it happen? Well there are a variety of reasons. It could be corrupt. It could be delayed, likely from an antivirus program, or some service not responding, or many other operations. Once Windows has loaded a temporary profile for a user, it will continue to do so. That user will always load their temporary profile until you fix it.
How to fix it? You can try to reboot the computer. Depending on whether this is a desktop or server, that may or may not be an easy task to try. If that doesn’t resolve the issue, follow my steps below to fix it. It should work in almost all cases.
1. Login as an ‘Administrator’ to the machine.
2. Click the start button
3. Type “reedit” and then right-click on program to ‘Run as Administrator’. Click ‘Yes’ to any UAC pop up.
5. You will see a list of all of the profile names. Two will be named the same, with one of them ending with “.bak”.
The temporary profile does not have the ‘.bak’ at the end of it. The original or “old” profile has the ‘.bak’ at the end of it.
6. Now that we know which profile is which, we need to rename them.
We need to rename the temporary profile by adding a ‘tmp’ to the end of it.
Next we will rename the original profile by removing the ‘.bak’ from the end of it.
7. Reboot the computer to complete the process.
8. Log back in as the affected user and it should now load the original profile.
9. Once the original profile has been restored, as an administrator you can re-open the regedit tool and navigate back to the same entry from “Step 4”. Right-click on the temporary profile that ends in ‘.tmp’ and select “Delete” to permanently remove it.
If the did not help, then your only other option would be to create a new user profile. To do this, you’d need to, as an administrator, delete the user profile before having the user log back onto the machine. Everything such as user documents and files would be lost though. Hopefully you have a good backup of your data that you restore from.
MDT is a powerful tool but it really needs an operating system, to deploy or capture, if you really want to utilize it’s full potential. Match that with Microsoft’s release schedule of Windows and you will find yourself needing to import a new OS at least once year, if not more. Today we’re going to take a look at importing Windows 10 v1909 into our MDT server.
The first thing that you will need to do is acquire a Windows Installation ISO or or use a captured custom install. Ultimately, we will need a file that is in the Windows Image (.WIM) format. FWIW – Microsoft has been using the WIM format in it’s installation media (DVDs and ISOs) since Windows Vista. Once you have acquired your installation media, either insert your DVD into your machine, or mount the ISO file so it can be accessed.
Open your Deployment Workbench and open the deployment share that you wish to import the OS into. Drill down into it’s folder and click onto Operating Systems. In the Actions pane on the right side of the console, click on New Folder, and create a folder appropriately named for the OS you wish to import and complete the wizard. I’m only importing the 64-bit iso, but if you were import both 32-bit and 64-bit, you might want to specific that in the folder’s name.
In the Deployment Workbench, right-click onto the new Windows 10 folder that you just created. Once selected, Import Operating System.
That will open the Import Operating System Wizard. Unless you are using a custom installation file, you will be selecting Full set of source files to import the WIM file from your DVD or ISO, then click NEXT.
Select your source folder. As i mentioned above, this will be your DVD or mounted ISO, click OK, then click NEXT.
Give your Destination directory a name and click NEXT.
Click NEXT on the Summary page.
You’ll see a progress window as MDT imports your OS.
When the import is complete, you see a message the the process was successful and you can click FINISH.
Because I’m importing from an ISO that has Enterprise, Education, and Profession in it, you can see that that it imported about ten different WIM files. Thats okay… We can delete the versions which we know we won’t use. Select and highlight the versions that you don’t want, right click and select Delete.
There will be a wizard that you can click NEXT through to complete the removal of the unwanted versions of the OS.
That completes importing an OS into MDT. Now we can use the newly imported versions of our OS in our Task Sequences.
This was fun… Lets update Windows. Okay, done. Now lets open VMware Workstation and get back to work on that vm that I needed to do something on…
VMware Workstation Pro can’t run on Windows
Check for an updated version of this app that runs on Windows.
Compatibility Assistant
What the!!! Umm, I’m not re-purchasing Workstation, I just bought it a couple months ago! 🤬 😤
If you have tried running VMware’s Workstation Player/Pro version 12 or 14 on Windows 10 1903 (or above), there’s a pretty good chance that you went through the same conversation with yourself that I did above. Apparently the release schedules for Windows 10 and for Workstation, don’t align, and older releases of Workstation will get put on a sort of program “blacklist”.
As part of a MS Cumulative Update (Sept 26, 2019; OS Build 18362.387+), it will update a database of programs that are prohibited by MS. Their “Compatibility Assistant” component now prevents older versions of Workstation from even running. So how do we get around this and use Workstation?
The best solution would be to become a paid “Advantage” member of the VMware User Group (VMUG). By spendign $200 and becoming an VMUG Advantage member, one of the biggest perks is that you get access to evaluation licenses of basically all of VMware’s products. So, you can download, install, run with the most current and non-“Compatibility Assistant” blocked version of Worstation.
Okay, so you don’t want to spend any additional money. I totally understand. In that case, the simplest way to fix this is going to be to make a registry edit. The registry edit is necessary to override the “Compatibility Asisstant” default behavior, thus allowing us the ability to run Workstation again.
Backup your registry… Disclaimer: I’m not responsible for any unintentional mishaps you have while you edit your registry.
Open a text editor, and copy/paste the code below into it.
Save it as a ‘.reg’ file. Go ahead and name it something like “VMworkstation.reg”.
Open and apply your “VMworkstation.reg” file to modify your registry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags]
"{3d9912c3-cb54-4f34-ab71-1d429553bf96}"=dword:00000077
"{66f21bbc-149a-411b-8e11-880af7c1266c}"=dword:00000077
Note: This method is also suitable to deploy via Group Policy.
The last option available, would be to replace the “Compatibily Assistant” database file with an older version of itself. I’m personally not a fan of this method, so I’m not going to expand on it. But with a little googling you can learn how this would be done.