w w w . t j e e n a . s e

The digital life of Jörgen Larsson

By

Installing fonts from a script

On a lab-machine install the font by right-click and Install.
Open regedit and browse to

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts"

Find the font you just installed and copy the full name. It will be used in the script below.

The fonts will not appear in windows until the computer has been rebooted.

copy "%~dp0DroidSans.ttf" "%windir%\Fonts" /V /Y
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" /v "Droid Sans (TrueType)" /t REG_SZ /d DroidSans.ttf /f

By

File and registry permissions

Sometimes we have to raise the white flag. Some programs are poorly written and no matter how you repackage or tweak the installation, regular users can’t run them.

The last resort is opening up the problematic folder or registry key so that the program can do it’s thing.

Two great commands for doing this is: setACL.exe and icacls.exe
Icacls is built into Windows 7 but setACL is not. It’s available as both x86 and x64 from various sources on the internet https://helgeklein.com/download/#

Grant builtin_users full permissions in registry

setacl32.exe" -on "HKLM\SOFTWARE\Classes\StupidKey" -ot reg -actn ace -ace "n:S-1-5-32-545;p:full"

Grant authenticated users modify permission to folder and subfolders

icacls.exe "%PROGRAMFILES%\StupidProgram" /grant *S-1-5-11:(OI)(CI)(M) /C /Q

By

DIY Movie popcorn in the micro

Getting tired of all the chemicals in the microwave popcorn bags? Want to eat healthier popcorn?

A good movie requires good popcorn!

Here’s a recipe I am running almost on a daily basis without any weird additives. The ingredients are the same as in many movie theatres. Feel free to experiment. With the Léuké bowl is even possible to pop without any oil at all but I think the popcorn gets a bit too dry and the salt doesn’t stick so well without it.

Ingredients:
1 Léuké Silicon microwave popcorn bowl
1/2 – 1 tablespoon of good rapeseed oil or preferably neutral virgin coconut oil
1 dl (70grams) of good popcorn kernels
1/2 – 2/3 teaspoon Flavacol salt (with or without butter flavor)

How:
Put the oil in the bowl. If using coconut oil melt it in the micro first (about 1 minute). Pour in the popcorn and stirr them around so all of them gets coated in oil.
Sprinkle the flavacol salt on top of the popcorn, do not mix afterwards.

Put the lid on the bowl and put it in the micro. If you have a rotating plate put the bowl about 5 cm (2″) off centre.

A good starting time is 2:10 at full power but every microwave oven is different so feel free to experiment.

Sources (in Sweden):
Léuké Silicon popcorn bowl – TeknikmagasinetCoolstuff.se
Flavacol salt – Biospecialisten.se

By

Mixed CMD commands

Taskkill

Silent exe:	taskkill /f /im iexplore.exe /fi "memusage gt 2" >nul
Regular exe:	taskkill /f /im iexplore.exe
Window:	        taskkill /FI "WINDOWTITLE eq CutePDF*"

Check if x86 or x64

if "%PROCESSOR_ARCHITECTURE%"=="AMD64" goto AMD64 (or "x86" if that's your flavor)

Copy files to Windows\System32 on x64 Windows 7 (uses 32-bit cmd)

%SystemRoot%\SysWoW64\cmd.exe /copy "C:\file.txt" "%SystemRoot%\SysNative\" /y

Path to where .cmd is run from

%~dp0    (automatically adds trailing \ to the end of path)

Remove stubborn unremovable/corrupt bad folder/file on file server.
Create an empty directory somewhere. Run the commandline, then delete both folders.

robocopy.exe newemptydirpath oldbaddirpath /MIR

Grant authenticated users modify permission to specified folder and subfolders

icacls.exe "%PROGRAMFILES%\APP" /grant *S-1-5-11:(OI)(CI)(M) /C /Q

Delete scheduled task

schtasks /Delete /TN "Adobe Flash Player Updater" /F

Run cmd on first startup (as user), then automatially gets deleted

%WINDIR%\Setup\Scripts\SetupComplete.cmd

Swedish characters in batch-file (there’s one after Å= but it’s invisible)

å=†   ä=„   ö=”   Å=    Ä=Ž   Ö=™

By

Mixed reghacks

Add driverpath to Windows 7

HKLM/Software/Microsoft/Windows/CurrentVersion  DevicePath  REG_EXPAND_SZ  %SystemRoot%\inf;c:\YOURPATH;

Remove “Speed up browsing by disabling add-ons” in IE 11

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext /v "DisableAddonLoadTimePerformanceNotifications" /t REG_DWORD /d 1 /f

Disable IE11 “Install new versions automatically” (checkbox in “About IE”)

reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\Main" /v EnableAutoUpgrade /t REG_DWORD /d 0 /f

Show verbose Startup / Shutdown in Windows 7

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v VerboseStatus /t REG_DWORD /d 1 /f

By

UEFI notification HTA in Task Sequence

We had to post a message to our technicians that warned about UEFI not being turned on in BIOS. Some of our machines doesn’t support UEFI so it more of a notification.

Create a text document ending with .HTA, paste the code into it.

In the task sequence add Run Command Line and the Condition below. The built in variable _SMSTSBootUEFI is automatically set to false is UEFI is not detected.

uefi_hta




UEFI-Warning
  








You have started an installation without having UEFI/Secure Boot enabled in BIOS!

If you know that this computer doesn't support UEFI/SecureBoot click Continue, otherwise click Reboot and change the settings in BIOS manually.

This is what the HTA will look like:
uefi-warning

By

Sophos Endpoint Protection uninstall script

We were in the process of deploying System Center Endpoint Protection and unfortunately Sophos isn’t one of the vendors it can uninstall.

I created a collection that simply checks if “System Center Endpoint Protection” is present in add/remove programs then runs the sophos_uninstall.bat

After much testing I found out that to reach a 99% success rate all the taskkill and net stop must be there. Sometimes Sophos is performing an update when the script runs and if not terminated properly it will reinstall or just stay there broken.
We have tamper protection enabled in Sophos but this script is run with SCCM (admin) privileges so shutting down the tasks/services is no problem.

You will have to insert the path to your Sophos Endpoint deployment server at the YOUR-SERVER-HERE (line 38).

@echo off 

:: Checks if Sophos is present in registry. If yes it will be uninstalled.

reg query HKEY_LOCAL_MACHINE\SOFTWARE |find "Sophos" && GOTO Uninstall
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node |find "Sophos" && GOTO Uninstall

EXIT 0


:Uninstall

:: Shutting down running processes and stopping/disabling services

sc config "Sophos AutoUpdate Service" start= disabled
sc config "Sophos Agent" start= disabled
sc config "SAVService" start= disabled
sc config "SAVAdminService" start= disabled
sc config "Sophos Message Router" start= disabled
sc config "Sophos Web Control Service" start= disabled
sc config "swi_service" start= disabled
sc config "swi_update" start= disabled

net stop "Sophos AutoUpdate Service"
net stop "Sophos Agent"
net stop "SAVService"
net stop "SAVAdminService"
net stop "Sophos Message Router"
net stop "Sophos Web Control Service"
net stop "swi_service"
net stop "swi_update"

taskkill /f /im ALUpdate.exe
taskkill /f /im swi_service.exe
taskkill /f /im swc_service.exe
taskkill /f /im RouterNT.exe
taskkill /f /im ALMon.exe
taskkill /f /im ALsvc.exe
taskkill /f /im ManagementAgentNT.exe
taskkill /f /im SAVAdminService.exe
taskkill /f /im sav32cli.exe
taskkill /f /im savcleanupservice.exe
taskkill /f /im savmain.exe
taskkill /f /im savprogress.exe
taskkill /f /im backgroundscanclient.exe
taskkill /f /im savproxy.exe
taskkill /f /im sdcdevcon.exe
taskkill /f /im sdcservice.exe
taskkill /f /im wscclient.exe
taskkill /f /im clientmrinit.exe
taskkill /f /im emlibupdateagentnt.exe
taskkill /f /im agentapi.exe
taskkill /f /im agentasst.exe
taskkill /f /im SavService.exe
taskkill /f /im swc_service.exe
taskkill /f /im swi_service.exe
taskkill /f /im scfmanager.exe
taskkill /f /im autoupdateagentnt.exe

sc config "Sophos AutoUpdate Service" start= disabled
sc config "Sophos Agent" start= disabled
sc config "SAVService" start= disabled
sc config "SAVAdminService" start= disabled
sc config "Sophos Message Router" start= disabled
sc config "Sophos Web Control Service" start= disabled
sc config "swi_service" start= disabled
sc config "swi_update" start= disabled

net stop "Sophos AutoUpdate Service"
net stop "Sophos Agent"
net stop "SAVService"
net stop "SAVAdminService"
net stop "Sophos Message Router"
net stop "Sophos Web Control Service"
net stop "swi_service"
net stop "swi_update"

taskkill /f /im ALUpdate.exe
taskkill /f /im swi_service.exe
taskkill /f /im swc_service.exe
taskkill /f /im RouterNT.exe
taskkill /f /im ALMon.exe
taskkill /f /im ALsvc.exe
taskkill /f /im ManagementAgentNT.exe
taskkill /f /im SAVAdminService.exe
taskkill /f /im sav32cli.exe
taskkill /f /im savcleanupservice.exe
taskkill /f /im savmain.exe
taskkill /f /im savprogress.exe
taskkill /f /im backgroundscanclient.exe
taskkill /f /im savproxy.exe
taskkill /f /im sdcdevcon.exe
taskkill /f /im sdcservice.exe
taskkill /f /im wscclient.exe
taskkill /f /im clientmrinit.exe
taskkill /f /im emlibupdateagentnt.exe
taskkill /f /im agentapi.exe
taskkill /f /im agentasst.exe
taskkill /f /im SavService.exe
taskkill /f /im swc_service.exe
taskkill /f /im swi_service.exe
taskkill /f /im scfmanager.exe
taskkill /f /im autoupdateagentnt.exe

sc config "Sophos AutoUpdate Service" start= disabled
sc config "Sophos Agent" start= disabled
sc config "SAVService" start= disabled
sc config "SAVAdminService" start= disabled
sc config "Sophos Message Router" start= disabled
sc config "Sophos Web Control Service" start= disabled
sc config "swi_service" start= disabled
sc config "swi_update" start= disabled

net stop "Sophos AutoUpdate Service"
net stop "Sophos Agent"
net stop "SAVService"
net stop "SAVAdminService"
net stop "Sophos Message Router"
net stop "Sophos Web Control Service"
net stop "swi_service"
net stop "swi_update"

:: Uninstalling 

msiexec /x "%ProgramData%\Sophos\AutoUpdate\Cache\rms\Sophos Remote Management System.msi" /qn REBOOT=SUPPRESS /PASSIVE

msiexec /x "%ProgramData%\Sophos\AutoUpdate\Cache\sau\Sophos AutoUpdate.msi" /qn REBOOT=SUPPRESS /PASSIVE

msiexec /x "%ProgramData%\Sophos\AutoUpdate\Cache\savxp\Sophos Anti-Virus.msi" /qn REBOOT=SUPPRESS /PASSIVE


:: Removing Sophos Remote Management System
	:: 4.0.2
	MsiExec.exe /X {FED1005D-CBC8-45D5-A288-FFC7BB304121} /qn REBOOT=SUPPRESS /PASSIVE


:: Removing Sophos Anti-Virus using the most recent MSI from the server
        Msiexec /x "\\YOUR-SERVER-HERE\sophosupdate\CIDs\S004\SAVSCFXP\savxp\Sophos Anti-Virus.msi" /qn REBOOT=SUPPRESS /l*v c:\SAVUninstall.log 

	:: 10.3.12
	MsiExec.exe /X {D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4} /qn REBOOT=SUPPRESS /PASSIVE
	MsiExec.exe /X {9ACB414D-9347-40B6-A453-5EFB2DB59DFA} /qn REBOOT=SUPPRESS /PASSIVE


:: Removing Sophos Update Manager
	MsiExec.exe /X {2C7A82DB-69BC-4198-AC26-BB862F1BE4D0} /qn REBOOT=SUPPRESS /PASSIVE


:: Removing Sophos AutoUpdater
	:: 4.1.0.273
	MsiExec.exe /X {7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16} /qn REBOOT=SUPPRESS /PASSIVE
	:: 4.10.64
	MsiExec.exe /X {15C418EB-7675-42be-B2B3-281952DA014D} /qn REBOOT=SUPPRESS /PASSIVE


:: Cleaning up stuff that might me left behind

if exist "%PROGRAMFILES%\Sophos" rd "%PROGRAMFILES%\Sophos" /S /Q
if exist "%PROGRAMFILES(x86)%\Sophos" rd "%PROGRAMFILES(x86)%\Sophos" /S /Q

if exist "%ALLUSERSPROFILE%\Sophos" rd "%ALLUSERSPROFILE%\Sophos" /S /Q

if exist "%CommonProgramFiles%\Sophos" rd "%CommonProgramFiles%\Sophos" /S /Q
if exist "%CommonProgramFiles(x86)%\Sophos" rd "%CommonProgramFiles(x86)%\Sophos" /S /Q

if exist "c:\Documents and Settings\All users\Sophos" rd "c:\Documents and Settings\All users\Sophos" /S /Q


reg query HKEY_LOCAL_MACHINE\SOFTWARE |find "Sophos Temp" && REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Sophos Temp" /f
reg query HKEY_LOCAL_MACHINE\SOFTWARE |find "Sophos" && REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Sophos /f

reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node |find "Sophos Temp" && REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos Temp" /f
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node |find "Sophos" && REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos /f

EXIT 0

By

Windows 10 lock screen

Add path to custom lock screen image:

reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization /v LockScreenImage /t REG_SZ /d C:\Windows\Web\Screen\Background.jpg /f

Prevent users from changing the lock screen image:

reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization /v NoChangingLockScreen /t REG_DWORD /d 1 /f

To remove the lock screen completely:

reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1 /f

By

Turn on UAC for built-in Admin Windows 10

Built in Administrator cannot run MS Store and Edge on Windows 10

If you login to a Windows 10 machine using built in Administrator nothing happens when you click Store or Edge.
This is because all Apps require UAC to be on and for the administrator account UAC is disabled.

A simple reg key needs to be switched and the computer rebooted:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken /t REG_DWORD /d 1 /f

To turn off UAC again just replace the 1 with 0.

By

Plasti Dip from www.matt-pack.co.uk

After a whole lot of research I decided to try and Plasti Dip my Fiero.

Plasti Dip is a DIY removable rubber coating. I bought a complete kit from http://www.matt-pack.co.uk/.

Day 1. Remove trim, wash car to remove wax, let dry overnight.
Day 2. Rub car with isopropanol. Mask off. Rub it again. Paint 7 coats. I needed 13 liters of premixed dip.
Day 3. Airbrush with .8 nozzle and 30% thinned dip to touch up imperfections, mostly in the seams around the hood.