A Microsoft Surface computer that was recently upgraded from Windows 10 directly to Windows 11 25H2 was popping up the “USB device not recognized” every few seconds!
I was able to get the error to go away when the Surface Dock was unplugged – so I did the basics like making sure Firmware was up to date for both the tablet and the Dock, but in the end this was the solution:
Disconnected the Surface from the Surface Dock.
Unplug any USB devices that you can (other than perhaps mouse and keyboard)
Open Device Manager (Windows Key + X, M)
Scrolled down to Universal Serial Bus Controllers
Right click each USB device and click Uninstall (if it asks you to check a box to also uninstall the driver, do not do that).
At some point, if you’re using a traditional Surface, you may even lose access to the detachable mouse and keyboard, but you can use to the touch screen to keep uninstalling all of your USB devices.
Once finished, click the Scan for Hardware Changes icon in the tool bar or Action > Scan for Hardware Changes from the menu bar.
When devices are reinstalled, they will have the correct permissions to COM ports and Serial features of Windows and this should stop the error from popping up over and over.
This would’ve infuriated me… if it weren’t for the fact that it happened on a Virtual Machine and I had backups and snapshots. But hobbyists be warned: Windows 11 changes folder permissions and may make your existing scripts much more dangerous to run!
I have this old script – it’s been around for years and years. Every morning at 6 AM, it resets the print spooler. To do so, I wrote a simple bat file that contains something along the lines of:
net stop spooler C: cd\ cd C:\windows\system32\spool\PRINTERS del *.* /f /s /q net start spooler
As you can see, it changes directory to the PRINTERS spool folder… but Windows 11 has changed permission to that folder. Even when you run command prompt as Administrator:
What does a simple .bat file like that do when it encounters an error? It carries on to the next instruction. Which means it will run “del *.*” on the entire C:\ drive.
Sure, lots of files are write protected, but you’ll still do a lot of damage before you know it. So be warned, be aware, check your scripts… or at least have frequent and reliable snapshots!
In a troubleshooting frenzy trying to fix someone else’s mistake, I spent hours troubleshooting a messy situation where I couldn’t open the Windows store, and in fact, I couldn’t open any “Store” Apps. This was caused by a previous user who had ran some kind of Windows 10 “debloater” script that was causing problems.
I tried method after method of lengthy scripts that caused errors.
Two most powerful commands I’ve seen are:
winget install 9WZDNCRFJ8MP
Which resulted in an error stating “Data required by the source is missing.“
Which resulted in the error “Cannot process argument transformation on parameter ‘Path’. Object reference not set to an instance of an object.”
In a Reddit post that may have cost me my entire presence on Reddit (my account is still banned at this time, evidently, due to my rapid responses seeming like bot activity?), I was able to make some headway.
During the installation, it alerted me that I needed to start services and restart the PC. The following services were disabled: AppXSVC ClipSVC
I probably could’ve enabled them myself (we’ll come back to that), but I simply clicked the offered “Enable and Restart” button and let the computer reboot.
At first, this appeared to have solved the issue – I was then able to open the store and update apps.
However, after a reboot, I could still open the store, but my entire app update history was gone, and trying to continue to update apps failed.
So I went back into services.msc and checked – guess which two services were disabled again? Not just disabled, but fully grayed out so that I couldn’t set them to Automatic, or even manually start them!? Whatever the previous admin of this system did, it had some form of persistence.
I then took a look at REGEDIT and found this gem: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppXSVC had a DWORD value named “Start” that was set to 4 (disabled). Same for ClipSVC. Changing those, and rebooting the computer… didn’t fix the issue.
!!!!!I came to find out that there was a GROUP POLICY set on the DOMAIN CONTROLLER which specifically DISABLED those two services on every single reboot.!!!!!
So, I open Group Policy Management, Right Click on the Policy that was applied to this computer and Edit it. In the Group Policy Management Editor, I went under Computer Configuration, Preferences, Windows Settings, Registry and changed the two offending registry entries to a “2” instead of a 4.” Note:You may be tempted to just delete these, but if you do that, then you’ll have to manually go to each machine and manually re-enable the service in the registry.
Lastly, on the target machine, I went back to the Administrator command prompt and ran a manual gpupdate /force then rebooted the machine. The services were automatically started and I now had control over them for the future.
An entire journey, and we’ll see if it costs me a teen-aged Reddit account to make it happen, but WOW. That was an adventure.
When you’re downloading a file off of the internet, like an installer for a program or even a full disc image for a version of Linux or Windows, it can be hard to know if the file is trustworthy, or if it may have been modified to contain a virus. So how do you know if something is safe to use?
The best method is by using a “checksum” or a file-hash. These are often long strings of letters and numbers and are almost always provided by the site you’re downloading from. It’s like a fingerprint, unique to that file – which means if the version number of the program has changed, you can bet that the checksum has, too! So here’s a great little tutorial for learning how to use checksums.
Although I’m a big believer in the usefulness of a Microsoft account, there are times that I want to set up a new device with a LOCAL account first, and then add a Microsoft account, or maybe even join the machine to a domain for work purposes. So, what’s the easiest way to do that?
I’ve talked about running a SAMBA Domain Controller before. It definitely has its ups and downs, but damn Microsoft loves being hostile to SAMBA.
I have deployed multiple computers with Windows 11, including the latest 24H2 update, but we recently had a specific Device, a Microsoft Surface Pro 9 to be precise, which received the 24H2 update “naturally” via Windows Update.
As soon as it rebooted, the user ran in to an issue.
Upon trying to login, the user was greeted with the following error: “insufficient system resources exist to complete the requested service.”
In 2017, I had stumbled on an issue with Facebook: while you are entering your password, adding a superfluous extra character at the end of the password would STILL allow you to login to https://Facebook.com.
I’m not a I’m not a quantum physicist, nor a computer scientist. But Microsoft released this video a few months ago which sparked a thought.
Microsoft & Photonic demonstrate distributed quantum entanglement
While they were quick to point out the obvious benefits of “teleporting” the quantum state, i.e. the computational results, from one pair of entangled qubits to another.
This quickly begged the question: given the hyper-advanced nature of supply chain attacks (see Israel planting explosives in the pagers of Hezbollah operatives, recently), could a nation-state simply take entangled qubits of an adversary’s quantum computer and see what it is they are working on at any given time? Further, could communications networks be compromised for real time ‘eavesdropping,’ so to speak? Perhaps not even internationally, but perhaps in an intelligence gathering platform akin to the NSA’s own PRISM program? If there is, according to some theories, no limit to the number of particles that share an entangled state, nobody would know if you simply “cloned” a few more, right?
Am I understanding that well enough? Or would it not be the Qubits that become entangled, and only the ‘data’ that flows through them?
I’m not the person to write the research paper on this topic. But I certainly hope someone out there will produce it – because I would love to read through it. Just an interesting thought I had with an eye on the future. Whether that future is 20 years, 50 years, or even further out is another question.
We have an Ubuntu based mini computer at which serves as little more than a network switch. CPU and other resource utilization should be next to nothing, but frequently this computer would have CPU temperatures around 80 degrees Celsius, and when you would watch the resource monitor the CPU activity was all over the place. Despite the computer only really showing a few percent of CPU usage, if you went toe the Resources Tab of System Monitor, the per-core CPU activity was all over the place.
As I mentioned, the computer in question is a simple network appliance that would never need to print, and upon closer inspection, it was the Linux “CUPS” Service. Once we disabled that, the CPU settled right down.
A co-worker came to me recently because they had an Ubuntu Linux 22.04 computer on which restored a “Timeshift” backup, but suddenly Firefox wasn’t working. How or why it became corrupted was beyond me, but by the time I was ‘called in’ he had already tried several troubleshooting techniques, which had only seemed to make things worse. He had tried resetting, removing, and purging Firefox, and as other errors popped up they became things like cannot locate base snap core 22, or something about an inability to run certain hooks. I honestly didn’t even get a shot of the error message, but the good news was, that I had a fix.
The simple fix for this is to have your core runtime environment (the Core 22 base snap, or Core 20, or any other core you may be having this issue with) switch over to the beta branch, and then immediately switch it back to the production / stable branch. Two quick commands will take care of this:
Sometimes you need a self-signed SSL certificate for an internal project, but perhaps you’re restricted from using a 3rd party tool such as OpenSSL. Maybe this is for security reasons, a lack of external internet connectivity, or maybe you’re just working on something small and you need a quick solution. Well, Microsoft has you covered, as the ability to self-sign a certificate in Windows is quite simple.
Open a Powershell Command Line as an Administrator, then enter the following command (changing “computerhostname” to the hostname of the server the file will reside on, using the FQDN (ex. computername.local) if you can): New-SelfSignedCertificate -DnsName “computerhostname” -CertStoreLocation “cert:\LocalMachine\My”
Then, Windows Key+R to open the run menu, type certlm.msc and press enter or click OK. This will open the Certificate Manager for the Local Machine.
To export the public and private certificate and key as a Private Information Exchange or PFX file (a Personal Information Exchange public/private key combo file) follow these steps:
On the left side of Certificate Manager, expand “Personal” then click Certificates.
Right click the certificate you just created, then click All Tasks, then Export.
Next > YES > Next > leave the defaults (Personal Information Exchange, with “Include…” and “Enabled…” checked) > Next > Password (enter your desired password, which you will need later to use the PFX file), change the Encryption to AES256-SHA256 > Next > Browse and give the PFX file a destination and a name (demo.pfx) > Next > Finish > OK.
OpenSSL has become THE standard for generating certificates for casual needs. Here’s how quickly you can create your own self-signed certificate and and a cert/key. Whether you need a .PEM, .CER, .Key, or .PFX, this article has you covered.
Open an elevated command prompt as Administrator.
Browse to C:\Program Files\OpenSSL-Win64\bin or C:\Program Files (x86)\OpenSSL-Win32\bin (or wherever you installed OpenSSL).
In step 3, you can use 2048 bits on slower machines, or 4096 bits for higher security. These days most anything can handle higher bit encryption, so I just stick with 4096. In the screenshot you’ll see I used SHA1 in step 5, but you can use SHA512 for additional security as it is fully supported nearly anywhere you’re going to use these certificates in 2024 and beyond.
In Step 5, you can replace “.key” and “.crt” with “.pem” if you prefer, the file will still be compatible.
Also in step 5, you can specify a number of days – since this certificate is self-signed it can be anything you want. 365 for one year, 3650 for 10 years, or even 36500 for a 100 year certificate!
After you press enter, it will ask a series of questions that should be simple to answer. When it asks for server name or FQDN, it’s best to enter the local machine name you’ll be using the certificate on (ex. computername.local).
The result will be a pair of files in the “bin” folder from step 2! You should be able to upload these and use them wherever you need them!
But what about PFX files?
If you also need a PFX file (a Personal Information Exchange public/private key combo file which can be more easily shared) you can generate one with one, simple additional command: Step 6: openssl pkcs12 -export -out demo.pfx -inkey demo.key -in demo.crt
This will prompt you for a password that you will need to remember in order to use the PFX file in its final place.
Back in September, I purchased the Robo & Kala 2 in 1 Laptop. I was looking for tablet that specifically ran Windows. Unfortunately, Windows tablets are few and far between, and those that exist are quite underpowered. That’s not to say that this device is a powerhouse, and we’ll talk about that more in a moment. But I was about to travel internationally for the first time in many years, and I was looking for a laptop that met two important requirements: battery life, and lightweight.
A few weeks ago I was making changes to a firewall rule in a pfSense+ 23.05.1-RELEASE version firewall. But after I clicked the “save” button – there was no way to “Apply Changes” – the green banner that would normally appear at the top of the page was simply not appearing.
While I consider myself a long way from being an absolute master, I think I have more experience with Microsoft Hyper-V Virtual Machines than your average Joe. I have had to convert a few virtual machines If you have an existing Generation 1 virtual machine, converting it to a Generation 2 and, these days, it can be remarkably simple. At least if the computer already has Windows 10 or 11 installed.
I recently had to troubleshoot an issue where a new Surface Pro 9 for an employee of an existing company. IT staff unboxed the device and began the initial set up, including Windows 11 22H2 Pro. Initially, the machine joined to the domain, but upon reboot, after joining the domain, absolutely nothing would let us log in to the domain. We tried normal users, domain Administrators, and in the end we had to go back to local users to continue troubleshooting.
We didn’t believe there was a problem with the Domain Controller because all of the other computers in the building are behaving fine. Why just this one brand new computer? In the end, we realized it was because Windows 22H2 (Windows 10 or 11) doesn’t like a Linux-based SAMBA Active Directory server.
I sometimes work in an environment that has reasonably tight security requirements. One of those requirements as that a device’s MAC Address / Hardware Address be entered into a table on the router before it can be assigned an IP address.
I recently showed up on site with a brand new in box Surface Pro 9, but I had no idea how to get the MAC Address of the device because I could not log in and open a command prompt. Or so I thought.
I got to the wifi screen telling me to create a connection, then pressed “Control+Alt+Escape” which brings up Task Manager. Although it did not appear on my screen, I suspected it was running behind the overlay locked to the forefront of my screen. I pressed “Alt+Tab” and was able to confirm my suspicion. I then used the keyboard combination of “Alt+F” to open the file menu, pressed Enter knowing that “Run” was highlighted, typed “cmd” and pressed enter to open a Command Prompt window. All of this was happening behind the “Let’s Connect You to a Network” screen, but as veteran of the keyboard era of Windows, all of this was second nature to me.
From there I was able to run the familiar ipconfig /all command, then, with the help of my phone’s camera, I could take a photo of the output of the command prompt and see the MAC Address that I was looking for.
This was convenient enough, but the thought of just being connected to wifi without ever logging in to the machine and then being able to take advantage of this “defaultuser0” account to open a terminal, and then utilize wget to download and execute potential malware before the computer has ever even been set up… fascinating. I’m sure this isn’t “breaking news” to anyone, infact the feature is probably left in, intentionally, for cases just like my original issue! But it does force me to take pause and think of what I can do with this.
People often get a lot of annoying pop ups down by their clocks in Windows 10 and 11, and what they don’t realize is that they have accidentally allowed “notifications” to come from advertising driven websites that are sending them notifications even when they aren’t visiting that website!
In my opinion, the “notification” feature was the worst thing ever added to modern web browsers, but they all have it: Chrome, Edge, and Firefox all include this ability and with more and more browsers being powered by Chrome (Brave, Opera, etc…) this feature doesn’t look like it’s going away anytime soon. So here’s how to disable it!
Originally published on Reddit in the /r/Sysadmin subreddit which was often filled with negativity and frustration, I shared this:
I’m probably the very last of a generation.
I wasn’t part of the earliest days of silicon valley. I grew up watching them, wishing I was just 10 years older.
My first computer was a Commodore 64. Then I had a Packard Bell w/ an Intel 486DX4 80Mhz, Windows 3.11, 8MB of RAM, and a 600MB HDD. We upgraded the HDD to a whopping 4.2 GB, added another 16GB of RAM, and eventually upgraded to Windows 95. My first modem was 19.2Kbps. I watched the first “dot com” bubble burst. I was an unabashed geek who loved learning things, but I could never wrap my head around math skills. I was told there was no way I could make it in “computers” because of my weak mathematics.
I went off to college, got a degree in English because I thought I was going to be a school teacher. Couldn’t find a job as a journalist, teaching jobs required years of being a substitute before you could find something good, so I fell back on my geeky skill set. I found a place that was willing to take a chance on me in an entry level help desk. I think I’m the very last of a generation that was able to get into this line of work without a formal background or degree or even certificates.
I then worked from one position to another… technician’s jobs at small companies where a title was more of career stepping stone than the work I did while I was there… another help desk, a “Director” title at a job where I was the only IT guy… now I’ve pivoted to a place where I’m the “IT Administrator” but I’m doing all kinds of things I never thought I would do.
I never learned programming languages… after all, I am still pretty bad at math. The company I work for is small enough that I can work directly with end-users and see that I still make a difference when I solve their problems. I’ve always loved that feeling. But I have zero formal training, and I’ve made a pretty great career out of “I don’t know everything, but I know that I can figure it out.” My attitude is always if there’s a problem, there’s a solution.
Last night I spent two hours troubleshooting an Ubuntu Linux server because I’ve spent the last 35+ years of my life being a “Windows Guy” and only the last 14 months or so learning about Linux. I called a friend of mine when I took this job (full time RHEL admin) and he basically had nothing but encouraging things to say! ‘You’ve spent your whole life figuring things out, this is just something new to figure out!’
ARE there times when an end user tries to throw the IT Department under the bus? Sure. Bring your receipts, show your logs where the email was delivered to their inbox, and it’s not that it wasn’t delivered, it’s just that they didn’t see it. ARE there times when an end user frustrates me? Sure, but there are days when those same people make me laugh. It’s all “water off a duck’s ass” as my dad used to say; it’s very rare that you have to completely avoid someone for the sake of your own sanity, and even when there are people like that, you learn which ones. ARE there times when I wish the biggest decision I had to make today was which font to use on a graphic or on which date I need to ship something out to make sure it doesn’t arrive too early or too late for an event? Absolutely. ARE there times when I’m overcome with existential dread that if I my backups don’t work correctly the whole company is sunk and dozens of people are out of a job and all I want to do is vomit at the mere thought of how much weight rests on my shoulders? Occasionally.
But DAMN I love what I do. I love knowing that I fixed a problem and made a difference that day. I love the tangible nature of puzzle solving. I love that I always get to tinker with something new. Even in small dead end IT jobs where the work is repetitive – make a project up for yourself! Download something new and tinker with it! I love that just because I don’t have any credentials that require “Continuing Education” credits doesn’t mean that I should ever just STOP learning new things!
What gets YOU excited these days? What got you excited when you first STARTED this career? Let’s have a thread that’s different from all of the rants!
I have a Virtual Machine running Ubuntu Linux that I use for testing purposes, but it recently started popping up this message saying “Pending Update of Snap-Store, Close the App to Avoid Disruption.”
No matter what I thought I closed correctly or how many times I rebooted the VM, the error message still came back.
