Forum Widgets
Latest Discussions
Create snapshots with Active Directory Explorer (AD Explorer) from Sysinternals
Hi Windows Active Directory Friends, Wouldn't it be interesting to know what change there was in our Windows Active Directory? If there was a change, what exactly has changed since yesterday, for example? You can answer exactly such questions when you create snapshots with AD Explorer. You can then compare these snapshots. (Attention, this snapshot is a kind of copy, but is not to be confused with a snapshot like you get from Hyper-V (for example) where you can go back to a previous state.) How this works exactly, I will explain in this post. Let's go! As a first step we organize the AD Explorer from Sysinternals. To do this, you can either navigate directly to the Live Internals page: https://live.sysinternals.com/ or you go to the following URL: https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer I have stored the AD Explorer directly on my domain controller. This does not have to be the case, you can also store the AD Explorer on another system that is a member of the domain. With a double click on the AD Explorer you get a first message. Confirm the EULA. Now we need to establish a connection with the domain controller. Specify the name of the DC, the account of the domain administrator and the password click OK. Now we are connected to the Active Directory. Navigate to File in the menu and select "Create Snapshot". Give the snapshot a name and specify the location and click OK. I placed the snapshot in the C:\Temp drive. Navigate back to the menu on File and select "Connect". But now select the following: "Enter the path of the previous snapshot to load" and navigate to the location of your snapshot. The snapshot is now visible in AD Explorer. Now let's imagine a leap in time. A day later, you create another snapshot, just as you created the first one. Load the second Snapshot into the tool along with the first Snapshot. Mark the first snapshot as in the picture above. Navigate to "Compare" in the menu and select "Compare Snapshot". At "Select an archive to compare to", find your second snapshot. Then click Compare. Bingo! Now you know what has changed in Active Directory between one day. With this great tool from Windows Sysinternals Suite you can super manage and monitor your Windows Active Directory. I hope I could give you a little idea how to use AD Explorer among other things. Thank you and kind regards, Tom WechslerShare your Sysinternals stories!
Starting today, we are hosting a sweepstakes to celebrate the 25th anniversary of Sysinternals! To enter, all you have to do is post a video or text-based story on Twitter or LinkedIn with the hashtag #SysinternalsStorySweepstakes--or as a reply below--talking about your favorite Sysinternals tool. One lucky winner will receive a 30-minute mentoring session with Microsoft Azure CTO and Sysinternals Creator Mark Russinovich! Full rules for the sweepstakes are below. And, don't forget to join us on October 14, 2021 for Sysinternals @ 25--a live event for those who love (or are just learning about Sysinternals). We'll have a 1:1 chat with Mark, deep dives from the experts, live Q&A, and surprise giveaways. ————————————————————– COMMON TERMS USED IN THESE RULES: These are the official rules that govern how the Microsoft Sysinternals Story Sweepstakes will operate (“Sweepstakes”). In these rules, “we,” “our,” and “us” refer to Microsoft Corporation, the sponsor of this Sweepstakes. “You” refers to an eligible Sweepstakes entrant. SWEEPSTAKES DESCRIPTION: For purposes of this Sweepstakes, each submission you post to Twitter or LinkedIn (together “Social Media”) containing the Sweepstakes hashtag #SysinternalsStorySweepstakes will be called an “Entry.” A winner will be selected by random drawing among all eligible entries received during the Entry Period. WHAT ARE THE START AND END DATES? This Sweepstakes starts at 6:00 a.m. Pacific Time (PT) on October 13, 2021, and ends at 11:59 p.m. PT on October 29, 2021 (“Entry Period”). CAN I ENTER? You are eligible to enter this Sweepstakes if you meet the following requirements at time entry: You are 18 years of age or older and have a registered account on one of the Social Media channels; and If you are 18 of age or older, but are considered a minor in your place of residence, you should ask your parent’s or legal guardian’s permission prior to submitting an entry into this Sweepstakes; and You are NOT a resident of any of the following countries: Cuba, Iran, North Korea, Sudan, and Syria. PLEASE NOTE: U.S. export regulations prohibit the export of goods and services to Cuba, Iran, North Korea, Sudan and Syria. Therefore residents of these countries / regions are not eligible to participate. You are NOT an employee of Microsoft Corporation or an employee of a Microsoft subsidiary; and You are NOT involved in any part of the administration and execution of this Sweepstakes; and You are NOT an immediate family (parent, sibling, spouse, child) or household member of a Microsoft employee, an employee of a Microsoft subsidiary, or a person involved in any part of the administration and execution of this Sweepstakes. This Sweepstakes is void outside the geographic area described above and wherever else prohibited by law. HOW DO I ENTER? There are three ways to create an eligible Entry: Post an original video on Twitter or LinkedIn, using your legally registered account, discussing your favorite Sysinternals tool. The post must contain the hashtag ##SysinternalsStorySweepstakes Post a text-based story on LinkedIn, using your legally registered account, discussing your favorite Sysinternals tool. The post must contain the hashtag #SysinternalsStorySweepstakes. Reply to this post with a video-based or text-based story discussing your favorite Sysinternals tool. Entries must be posted to Social Media or as a reply to this post on the Microsoft Tech Community within the Entry Period and must remain posted until October 29, 2021 to be eligible. This promotion is in no way sponsored, endorsed, or administered by, or associated with, Twitter, or LinkedIn. Limit one video Entry or one text-based Entry per person. We are not responsible for entries that we do not receive for any reason, or for entries that we receive but are not decipherable for any reason. We will automatically disqualify: Any incomplete or illegible entry; and Any entries that we receive from you that are in excess of the entry limit described above. WHAT CONSTITUTES AN ELIGIBLE ENTRY? To be eligible for judging an entry must meet the following content / technical requirements: your entry must be your own original work; and your entry cannot have been selected as a winner in any other contest; and you must have obtained any and all consents, approvals or licenses required for you to submit your entry; and your entry may not include any third party trademarks (logos, names) or copyrighted materials (music, images, video, recognizable people) unless you have obtained permission to use the materials. You may include Microsoft trademarks, logos, and designs, for which Microsoft grants you a limited license to use for the sole purposes of submitting an entry into this Sweepstakes. Entries may NOT contain, as determined by us, in our sole and absolute discretion, any content that: is sexually explicit, unnecessarily violent or derogatory of any ethnic, racial, gender, religious, professional or age group; profane or pornographic; promotes alcohol, illegal drugs, tobacco, firearms/weapons (or the use of any of the foregoing) or a particular political agenda; is obscene or offensive; defames, misrepresents or contains disparaging remarks about other people or companies; contains materials embodying the names, likenesses, voices, or other indicia identifying any person, (other than the member of your family or community for you have received consent) including, without limitation, celebrities and/or other public or private figures, living or dead; contains look-alikes of celebrities or other public or private figures, living or dead; communicates messages or images inconsistent with the positive images and/or good will to which we wish to associate; and/or violates any law; We reserve the right to reject any entry, in our sole and absolute discretion, that we determine does not meet the above criteria. HOW WILL MY ENTRY BE POTENTIALLY USED? Other than what is set forth below, we are not claiming any ownership rights to your entry. However, by submitting your entry, you: are granting us an irrevocable, royalty-free, worldwide right and license to: (i) use, review, assess, test and otherwise analyze your entry and all its content in connection with this Sweepstakes and Microsoft products; and (ii) feature your entry and all content in connection with the advertising, marketing, sale, or promotion of this Sweepstakes and Microsoft products (including but not limited to internal and external sales meetings, conference presentations, tradeshows, and screen shots of the Sweepstakes entry in press releases) in all media (now known or later developed) agree to sign any necessary documentation that may be required for us and our designees to make use of the rights you granted above; understand and acknowledge that the Sponsor(s) may have developed or commissioned materials similar or identical to your submission and you waive any claims you may have resulting from any similarities to your entry; understand that we cannot control the incoming information you will disclose to our representatives in the course of entering, or what our representatives will remember about your entry. You also understand that we will not restrict work assignments of representatives who have had access to your entry. By entering this Sweepstakes, you agree that use of information in our representatives’ unaided memories in the development or deployment of our products or services does not create liability for us under this agreement or copyright or trade secret law; understand that you will not receive any compensation or credit for use of your entry, other than what is described in these Official Rules Please note that following the end of this Sweepstakes, your entry may be posted on a website selected by us for viewing by visitors to that website. We are not responsible for any unauthorized use of your entry by visitors to this website. While we reserve these rights, we are not obligated to use your entry for any purpose, even if it has been selected as a winning entry. If you do not want to grant us these rights to your entry, please do not enter this Sweepstakes. WINNER DETERMINATION AND PRIZES On November 1, 2021 winner, one (1) Grand Prize winner will be drawn from among all entries. Sweepstakes Prizes One (1) Grand Prize. A 30-minute mentoring session with Microsoft Azure CTO Mark Russinovich. Approximate Retail Value (ARV) USD $0 If you are a potential winner, we will notify you by sending a message to the e-mail address, the phone number, or mailing address (if any) provided at time of entry within seven (7) days following completion of judging. If the notification that we send is returned as undeliverable, or you are otherwise unreachable for any reason, we may award to a runner-up. If there is a dispute as to who is the potential winner, we will consider the potential winner to be the authorized account holder of the e-mail address used to enter the Sweepstakes. If you are a potential winner, we may require you to sign an Affidavit of Eligibility, Liability/Publicity Release and a W-9 tax form or W-8 BEN tax form within 10 days of notification. If you are a potential winner and you are 18 or older, but are considered a minor in your place of legal residence, we may require your parent or legal guardian to sign all required forms on your behalf. If you do not complete the required forms as instructed and/or return the required forms within the time period listed on the winner notification message, we may disqualify you and select a runner-up. If you are confirmed as a winner of this Sweepstakes: You may not exchange your prize for cash or any other merchandise or services. However, if for any reason an advertised prize is unavailable, we reserve the right to substitute a prize of equal or greater value; and You may not designate someone else as the winner. If you are unable or unwilling to accept your prize, we may award it to a runner up; and If you accept a prize, you will be solely responsible for all applicable taxes related to accepting the prize; and If you are otherwise eligible for this Sweepstakes, but are considered a minor in your place of residence, we may award the prize to your parent/legal guardian on your behalf; and Unless otherwise noted, all prizes are subject to their manufacturer’s warranty and / or terms and conditions. We will only award one (1) prize per person. WHAT ARE YOUR ODDS OF WINNING? Your odds of winning this Sweepstakes depend on the number of eligible entries we receive. WHAT OTHER CONDITIONS AM I AGREEING TO BY ENTERING? By entering this Sweepstakes you agree: To abide by these Official Rules; and To release and hold harmless Microsoft and its respective parents, subsidiaries, affiliates, employees and agents from any and all liability or any injury, loss or damage of any kind arising from or in connection with this Sweepstakes, or any prize won; and That Microsoft’s decisions will be final and binding on all matters related to this Sweepstakes; and That, by accepting a prize, Microsoft may use of your proper name and state of residence online and in print, or in any other media, in connection with this Sweepstakes, without payment or compensation to you, except where prohibited by law. WHAT LAWS GOVERN THE WAY THIS SWEEPSTAKES IS EXECUTED AND ADMINISTRATED? This Sweepstakes will be governed by the laws of the State of Washington, and you consent to the exclusive jurisdiction and venue of the courts of the State of Washington for any disputes arising out of this Sweepstakes. WHAT IF SOMETHING UNEXPECTED HAPPENS AND THE SWEEPSTAKES CAN’T RUN AS PLANNED? If someone cheats, or a virus, bug, catastrophic event, or any other unforeseen or unexpected event that cannot be reasonably anticipated or controlled, (also referred to as force majeure) affects the fairness and / or integrity of this Sweepstakes, we reserve the right to cancel, change or suspend this Sweepstakes. This right is reserved whether the event is due to human or technical error. If a solution cannot be found to restore the integrity of the Sweepstakes, we reserve the right to select winners from among all eligible entries received before we had to cancel, change or suspend the Sweepstakes. If you attempt to compromise the integrity or the legitimate operation of this Sweepstakes by hacking or by cheating or committing fraud in ANY way, we may seek damages from you to the fullest extent permitted by law. Further, we may ban you from participating in any of our future Sweepstakes, so please play fairly. HOW CAN I FIND OUT WHO WON? If you send an email to SysinternalsSweepstakes@outlook.com within 30 days of winner selection, we will provide you with the name of the winner. WHO IS SPONSORING THIS CONTEST? Microsoft Corporation One Microsoft Way Redmond, WA 98052
Issue with Autoruns v14.11 – Offline System Registry Hives Not Unmounted
When using the Analyze Offline System option leaves registry hives mounted, risking system corruption. Steps to Reproduce: Open Autoruns v14.11. Use File > Analyze Offline System. Close AutoRuns. Observe that registry hives remain mounted after the process has terminated. (Regedit.exe > HKLM > autoruns.software / autoruns.system / autoruns.user) Impact: Can render the offline system unbootable. Prevents you from using Analyze Offline System again as the HKLM\autoruns.* mountpoints are already in use. Workaround: Use v13.100, which works correctly.
Autoruns renders system unbootable
Autoruns renders system unbootable, while using it from within WinPE: Autoruns -> Files -> Analyze Offline System... Last version causing no trouble using it this way is 13.100. https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns Running Autoruns from a fully installed system and using this method does not cause any problems so far. Affected registry hives are SOFTWARE and SYSTEM. Recovering the system or at least some entries is only successful with an (older) existing backup of the registry files. The corrupted registry file SYSTEM even lost the computername. All information off the harddrives are lost too. Registry Recon confirms it. All red entries have been damaged. I am not sure where exactly i should report this. It can easily be reproduced by running it under any WinPE, it happens every time i used it. I like to use the newest versions under PE again. Maybe there is a way to recover the lost entries. I appreciate any help. With kind regardsRemote Connection Manager (RDMon)
For those who use Remote Desktop Connection Manager, v2.93 I'm trying to utilize the feature of Hot Keys. From the menu -> Tools -> Options -> Hot Keys (tab) -> Previous session. I use the ctrl-alt-insert for full screen all the time. Problem is the ctrl-alt-rightarrow / left arrow are not working. I'm expecting it to cycle to the next open VM. I've used this in the past but now it doesn't seem to work anymore.
How to detect when my application window is screen shared
How can I detect on Windows OS level when any of my application window is screen shared by any screen sharing tool. I am sure any screen sharing tool can not do screen sharing to remote user until there is a support from Windows OS. I want to know what is that "something" which is set/done when any app window is screen shared. I am writing an app and want to behave differently when my app window is screen shared. I am looking for a generic solution and not specific to screen sharing tool. Any pointer or code snippet around this will be of great help. Thank you.
