Parameter Hunting: Part II

In my last post on the subject, I discussed the concept of using Process Explorer to discover switches you can use for unattended installs/uninstalls used in enterprise software deployment.

Like before, I have a pesky setup.exe package that wants to guide me through an installation GUI, and would not respond to the usual setup.exe /s /q etc. and so forth…

This particular installer was for a very obscure serial hub manufacturer so there was Googling my way out of this; instead I needed to figure out what was used to build the installer, then work backward from there.

Once against, I launched my trusty Process Explorer (as Administrator) and inspected the setup.exe’s process…to my delight, scrolling down the “Strings” tab I came across this:

Note the string, “This installation was built with Inno Setup.” With that in mind, I was able to look up the documentation associated with the package builder to discover the built-in parameters I needed for silent installation.

While this specific technique might not work for every situation, it never hurts to have another tool in your toolbox!

Email Hide and Go Seek: How to locate a specific email (down to the folder) in Office 365 using PowerShell

In many organizations, end users receive too much email to manage effectively. Many utilize rules to filter emails into specific buckets to make them easier to find. Over time, these rules compound, and could eventually lead to unintended consequences (i.e. receiving an email but being unable to find it).

When this happens, I’d typically run a quick message trace to establish whether the email was actually delivered or not. Many admins will stop there, advising the end-user to check their rule settings, but using PowerShell, we can find the email(s) for them!

First, let’s get logged into the Office 365 tenant:

$Credential = Get-Credential
$ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $ExchangeSession

Next, we can determine how many emails match the criteria in case there are more than one (Optional):

search-mailbox -EstimateResultOnly -identity [target user] -searchquery 'from:"[sender emai]" AND subject:"subject"'

Now for the coup de grâce, to reconstruct precisely which folder and sub-folder(s) of where the email(s) that match that criteria are in the user’s inbox:

search-mailbox -identity [recipient] -searchquery 'from:"[sender]" AND subject:"[subject] "' -targetmailbox "[your email] " -targetfolder "SearchResults"

In your inbox, you’ll see a folder called ‘SearchResults’. Using this, you can guide the end-user through the folder structure on their own Inbox that they’ll need to traverse to get to the desired email(s).

A new toolbox…

Almost a decade ago, I started a professional blog on it.toolbox.com called “IT Champloo“. At the time, IT Toolbox was a thriving community of professionals sharing advice, experiences and wisdom.

Over the years, the platform’s performance and usability slowly declined (as did my interest in creating content for a site where banner ads were given more real estate than my articles).

When the domain, yousefalahmad.com became available, I decided to snatch it up and migrate my content to it. This blog will serve as a repository for tips, tricks, commentary and observations in the hopes that they might be use to someone later down the road.

How To: Resolving a System Hang During Patching, Remotely!

Routine patching of systems and software is a crucial piece of any business’ information security strategy. Even so, many systems go unnoticed and unpatched for months, even years until an external threat forces the organization into action (e.g. the recent WannaCry ransomware outbreak).

When that happens, server administrators need to be prepared for irregularities they’re likely to encounter, such as a hang prior to reboot.

In this scenario, we’re going to assume that you’ve just finished patching and clicked the “Restart Now” button. You begin a continuous ping (ping -t [hostname/IP address]) and wait for the server to restart.

Let’s assume a normal reboot takes 5-10 minutes for this machine, and that 25+ minutes have passed.

You check the console, and are greeted by the “‘Preparing to Configure Windows. Do not turn off your computer” message. Time continues to pass while your maintenance window dwindles like falling grains in an hourglass… pressure is mounting, the business won’t wait. Time for action!

Logged in as an Administrator from your workstation check the Windows Module Installer service on the remote system…

  1. Run services.msc
  2. Right-click “Services (Local)” and select “Connect to another computer …”
  3. Make sure the “Another computer” radio button is selected and enter the hostname of the stuck server and click “OK”
  4. Search for “Windows Module Installer” service and verify its status. If it’s “stopping,” then you will need to force it to stop. This can’t be done here, so we’ll need to query its PID and use our old friend TaskKill to manually kill the service

Query the Process ID (PID) of the Windows Module Installer (TrustedInstaller) service…

  1. Open Command Prompt as an Administrator
  2. Run the following command:
sc \\[hostname of the server] queryex trustedinstaller

This will return (among other information) the PID of the stuck service, write it down as you’ll need it for the next step

Kill the hung service remotely using TaskKill…

  1. From the Command Prompt already opened, run the following
command:taskkill /s [hostname of the server] /pid [PIDFromAbove] /f

Congratulations, your system should now be unhung! Check your console or continuous ping to verify that the system is restarting and proceed to the next round of updates.

Windows 10 Woes

Like many others, when Microsoft told me I was entitled to a free upgrade from Windows 8.1 to 10, I decided to take them up on the offer.

I downloaded the installation media, and the upgrade went relatively smoothly. I had a few driver issues at first, but was eventually able to iron everything out.

After a week or two of using the new OS, I started to encounter strange UI bugs…

At first, my start menu tiles stopped accepting mouse clicks. I could still launch applications that were pinned to the taskbar, but could not click on any Windows UI menu elements.

This got progressively worse until no windows or applications would accept mouse input. I could still see the cursor and move it around, I could right click and drag on the desktop, but couldn’t interact with anything else using the mouse.

I could still use Keyboard shortcuts as a work around, but it made things awfully inconvenient. I searched for a fix, but the only thing I came up with was a powershell script that purportedly fixed “Start menu” issues:

Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

This worked for me (after a reboot), but sure enough, the problem came back within a few days. In addition to everything else, it started crashing with a BSOD “Memory_Management” error.

I wasn’t thrilled about disabling all of my devices and enabling them back one-by-one until I found the faulting driver so a clean install started to look more appealing.

I did this, but discovered that I my newly installed Windows 10 wasn’t activated, nor could I activate it as Microsoft’s brilliant new system doesn’t give you an activation key on the free upgrade!

In theory, your PC is supposed to Automagically ™ active itself as soon as it’s connected to the internet. That is, unless there’s a problem with the activation server (as many have encountered) or some other issue…

Microsoft recommends doing a fresh re-installation of whatever previous OS you were on, then running the upgrade again, but that’s nonsense!

All you have to do to fix the activation issue (assuming, like me, you started with the upgrade) is reboot from Windows 10 installation media and select “Reset your PC” with the “Keep my files” option selected.

After several reboots, my Windows 10 installation was repaired – no more UI issues, and successfully activated WITHOUT having to reinstall Windows 8…