Adding Fonts As Non-Admin

I’ve been over the Internet many times over trying to find a free solution to run certain programs as administrator without giving the end user full blown administrator rights.  An example of this is adding fonts.  This task requires administrator rights to do…but do I really need to give the end user full blown admin rights to add fonts?

The answer is no.  Meet: AutoIT.  This is free solution that includes a nifty RunAs command.  As an example we can do this:

RunAs(“srvaccount”, “your_domain”, “Pa$$W0RD”, 4, “C:\fonts\nexusfont.exe”)

Then we can compile that into a nice little EXE which hides the command line from the end user and then we give them that EXE: In this example, I’m using NexusFont since it’s a free font management solution.  NexusFont includes an option to “Copy fonts to system font folder”.  Since NexusFont is running under an account with Administrator rights, it has no problems doing this.

Make sure you give the end users read and execute only rights to the folder and EXE file so they cannot switch it out with another file.

Also, it is possible to reverse engineer the process if you are sophisticated enough and get the password, so don’t use a super sensitive password.  Assumption is that normal users aren’t going to be that sophisticated and there are probably easier ways of gaining admin rights then reverse engineering executables :)

– Soli Deo Gloria

Removing Office 2013 Quietly

We bought a company that had all kinds of versions of Office 2013 installed…that is it could be Office 2013 Standard, Professional, x64 or x86 versions of these two.  Our corporate standard is Office 2010 Professional Plus x86 for various reasons I won’t bore you with.  Using the program ManagePC, I found this uninstall string remotely:

"C:\program files\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL"

Upon running this, I was getting a GUI dialog box asking “do you really want to uninstall?”.  Grr!  The only way to do this is with an XML file.  Example:

<Configuration Product="Standard">

<Display Level="none" CompletionNotice="no" SuppressModal="yes" AcceptEula="yes" />


So the new command line becomes:

"C:\program files\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL /config \\<path_to_file>\SilentUninstallConfigStd.xml

However, there could be 4 variations…how to handle this?  Well, I cheated.  We try all four.  3 will fail, 1 will succeed.  So we set the exit code to 0 so SCCM doesn’t see a failure:

"C:\program files\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL /config \\<path_to_file>\SilentUninstallConfigStd.xml

"C:\program files (x86)\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL /config \\<path_to_file>\SilentUninstallConfigStd.xml

"C:\program files\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL /config \\<path_to_file>\SilentUninstallConfigProplus.xml

"C:\program files(x86)\common files\microsoft shared\office15\office setup controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL /config \\<path_to_file>\SilentUninstallConfigProPlus.xml

echo %errorlevel%
exit 0

Yes this is a dirty, sloppy, rotten hack!  If the Office 2013 uninstall fails, SCCM won’t know about it and will report success.   I had to go back and setup each Outlook profile again anyways, so this wasn’t a really big deal to me.

– Soli Deo Gloria

Moving Windows 7 to New Hardware Part Deux

You may have remember this posting: Moving Windows 7 to New Hardware.  I was called out recently to another site for a down PC.  A Dell Optiplex 3020 had its power supply blown.  I only had a Optiplex 390 at hand to fix the problem, however, upon booting it up with the old hard drive, I would get that wonderful STOP 7B error message.  Here’s another, perhaps easier method of dealing with this problem: Paragon’s Hard Drive Manager 15 Professional. There’s a feature in the WinPE bootcd of this suite called “Adaptive Restore”.  You don’t even need to use the backup feature of the suite to use it…just boot to WinPE, pick Adaptive Restore and viola: you will get a booting system.

A description of this process is here:

  • Change of the Windows kernel settings according to the new configuration. We detect the given hardware profile and automatically install the appropriate Windows HAL and kernel.
  • Installation of drivers for boot critical devices. We detect those without drivers and automatically try to install lacking drivers from the built-in Windows repository. If there’s no driver in the repository, we prompt the user to set a path to an additional driver repository, strongly recommending not to proceed until all drivers for the found boot critical devices are installed. In case drivers for these devices are installed, but disabled, they will be enabled.
  • Installation of drivers for a PS/2 mouse and keyboard. This action will only be accomplished for Windows 2000/XP/Server 2003.
  • Installation of drivers for network cards. We detect those without drivers and automatically try to install lacking drivers from the built-in Windows repository. If there’s no driver in the repository, we prompt the user to set a path to an additional driver repository.

Quite handy for the $99 price tag!

– Soli Deo Gloria

Windows 10 is Here!

Windows 10 has been unleashed on the masses (67 million as of this posting).  I’ve been running Windows 10 in its beta form for the past 8 months on my work PC and it’s been a bit of a bumpy ride…that’s to be expected for beta software. I’ve upgraded my work PC to 10240 as part of the Windows Insider program about 2 weeks ago and 3 computers at home in the past 48 hours with the following results:

1. Sager Laptop

Clicked upgrade through the notification icon in the taskbar and applied upgrade.  Everything came over 100% except my wallpaper.  I reformatted a USB flash drive with diskpart and then Windows 10 wouldn’t see it anymore, however it could see other USB flash drives just fine.  The “bad” USB flash drive works fine on other computers, but no longer on my Windows 10 laptop.

2. Main Rig

Upgrade icon was there, but was not offering the download/install yet.  Grabbed the ISO off the Internet and did the installation manually.  Wouldn’t activate right away.  Makes Edge browser the default handler for HTTP links…this browser doesn’t support extensions yet and is a bit buggy (doesn’t work properly with the realtor site FlexMLS…Chrome does).   Video driver on my GTX 670 was completely kicked out…had to download a fresh/updated driver directly from NVIDIA.

3. File server

This went fine over RDP using the ISO download from #2 (wasn’t allowing me to pick download/install either), except RDP doesn’t work at the “welcome back” screen.  Had to switch over with my KVM and input my password, then RDP flipped on just fine.

Also noticed that the upgrade disables the local Administrator account, so I had to re-enable it again on all computers.

In terms of activation…this much has been confirmed:

If you upgrade an activated copy of Windows 7, Windows 8 or Windows 8.1 to Windows 10, you can wipe the hard drive clean and reinstall Windows 10 and it will find your activation status (based on MAC and serial # of the computer and possibly other components).  If you spin up a VM with a blank hard drive and install Windows 10: it will NOT activate without a purchased product key.  This has been proven by people on Reddit.

A service release (called SR1) is due for Windows 10 in 2 weeks to fix some of the bugs.

– Soli Deo Gloria

Dear HP Laserjet 400: I hate you

Seriously, HP, what is your problem?  Every time I go to install a HP Laserjet 400, it takes 15 minutes or more to install the drivers.  Why, why, why?  This isn’t just isolated to one computer either.  Your installer also doesn’t like UAC.  It doesn’t matter if you are an administrator or not: if you login with an account with administrator rights and UAC is turned on (which is the out of the box default), it either doesn’t find the printer (web drivers) or comes up with some bogus error about not being able to create a folder (built-in drivers).

You have to login with the local administrator account which has UAC turned off.  Seriously?  If your installer doesn’t work with with UAC, how about detecting that it is turned on and throwing up a reasonable error message with instructions on a work around?

It’s 2015…wake the heck up!

– Soli Deo Gloria

Keeping Everything Up-to-date

So how do you keep your installed software up-to-date?  In the past I’ve used Securnia PSI.  More recently, Filehippo, but that seems to be more intrusive with ads.

Lately, I’ve been using the Glarysoft Software updater:

No frills, no thrills: just scan your system and see what programs are out of date.  That’s it and it’s free.

– Soli Deo Gloria

System Info Made Easy

Was looking for a way for our end users to quickly and easily determine their system information, such as IP address and their computer’s name.  Something free, not flashy and not resource intensive.   Solution… Systeminfo by Intelliadmin:

This will place a yellow “star” icon in their task bar and gives information such as LAN IP address, public IP address, computer name and uptime.  Hoover over it with your mouse and you get the IP address, computer name and logged in user name.  Double-click on it and you get a more detailed description pop-up. One little problem I noticed when I put it in the autostart key under HKLM is that it would populate multiple times as people logged in and out of the computer.  To get around this, just run taskkill first to kill anything named systeminfo.exe, then launch systeminfo.exe.

Sample VBScript:

Set ws=CreateObject("Wscript.Shell")
ws.Run "taskkill /im systeminfo.exe",0,true
ws.Run chr(34) & "C:\systeminfo.exe" & chr(34) & "/tray /no_exit_menu /no_url" & chr(34),0

Depending on the speed of the computer, users will notice a black CMD window with cscript on the top during login that will disappear within a few seconds.

– Soli Deo Gloria

Data Breach Mania

In light of the recent ebay databreach, I decided it was finally time for a password manager.  I typically use a permutation of about 5 different passwords and sometimes the same password across multiple sites.  I’m already up to 21 accounts on various sites: who can remember them all?  “To the cloud!” you say…well, I don’t trust the cloud.  Given that the Adobe cloud service was down for nearly a day and I can’t tell what the other guy is doing with my data on the other end, I prefer a more “manual” solution.  Enter: Keepass.  Keepass keeps all of the passwords in one KDBX file encrypted.  No cloud, no man behind the curtain.  Keepass will keep working even if the company goes out of business and the source code is completely open.

It gets even better, because there’s an Android app that can read and write to KDBX files as well. I have Keepass on an encrypted USB key (Locker+ G2) from Kingston for on-the-go situations and on Google Drive so I can get to it from my phone.  You can copy and paste the passwords from Keepass into your web browser.

– Soli Deo Gloria

Windows 10: Pushy!

Been running build 9926 on my PC for a while now.  I was in the “Fast” ring and was pushed build 10041 through Windows Update.  Rebooted and install would not progress past 8%.  It rolled back gracefully to 9926, then I changed the updating to the slow ring.  Of course, the SAME build gets pushed to me again.  ARGH!  This time it goes to 5%. Rollback.  The problem is of course you cannot turn off Windows Update in Windows 10 anymore (probably someone will figure out a way eventually…) and they kept pushing this same build out to me over and over again.  You can suppress the update for 8 hours, but then…BOOM, installing build 10041, fail and rollback again!

Finally, they offered an ISO version of 10041 and I was able to install that just fine…but this does scare me a bit.   I get that an update should not be deferred forever, but only 8 hours?  It should be days, weeks…not hours.

– Soli Deo Gloria

Download Windows 7 and 8.1 from Microsoft

Need to rebuild your PC?  Now you can re-download Windows 7 and 8.1 from Microsoft, provided you have a serial # for them.

Windows 7:

Windows 8.1

– Soli Deo Gloria