How to properly configure GPO’s for security groups

July 3, 2016 Leave a comment

I’m sure this used to work ok but I’ve recently been pulling my hair out trying to get group policies to apply properly on family PC’s.

Since upgrading to Server 2012R2 it seems to have broken.

Anyway, it turns out you shouldn’t remove Authenticated Users from the security delegation. Instead to into security /advanced and un check apply.

It’s all detailed very well here:


Categories: Uncategorized

Free Anti Virus for Windows Server 2012 R2

March 19, 2016 Leave a comment

After a recent run in with DMA Locker I’m looking for affordable ways of beefing up my security. As an IT Pro I run a Windows Server 2012 R2 environment at home for trial and test purposes. The problem with this is that Windows Server does not have Anti Virus built in and you need a third party product. Server AV is ‘business grade’ meaning ‘expensive’ and out of reach of the enthusiast.

Enter System Center Endpoint Professional (SCEP)

SCEP client comes as part of the System Center Configuration Manager (SCCM) product which you can download as a trial. It’s then a simple task of extracting the Client installer from the package and installing.

Now your done. I’m not sure of the legality of this exactly, you are after all running software downloaded from Microsoft. I also don’t know at time of writing if this Client subset expires along with the SCCM trial. I’ll let you know.

Categories: Tech Tags: , ,

A Close Shave with DMA Locker

March 19, 2016 Leave a comment

I’ve been recently infected with DMA Locker. DMA Locker is part of the growing trend of malware called ‘ransomware’ which silently encrypts all your data files and all drives it can access. It then presents you with a big red warning screen that looks like this:


This is not just a slight irritation as many viruses are, this is the real deal. If you get this there is a significant chance that if you have no good backup strategy, you’ve lost your data. Also, since version three there is no way (currently) of circumventing the encryption.

You can read more about it here, there’s little documented information around so I thought i’d share my findings in the hope that others can learn.

I don’t actually know how I obtained the malware, all I know is both my PC and Server were showing the above error on the evening of 14th March. From file timestamps I can see that encryption had taken place the prior evening around 1800 onward.

Close Shave

I have been lucky. I’d been playing a movie on the 13th around the time mentioned and performance had been very choppy. I had restarted my server. On analysis it looks like only some of my files have been encrypted, all I can assume is that I’ve interrupted the encryption process and the malware isn’t clever enough to resume itself. I have no evidence that this is the case, perhaps the malware failed part way but the result is that it hasn’t eaten into my most important data including my family photos.

Removing the Malware

I’ve been using Malware Bytes Anti Malware (MBAM) for a couple of years now. This is the most reliable free tool for cleaning malware. After getting infected I immediately downloaded MBAM, booted the PC’s in Safe Mode and ran MBAM. MBAM did remove the virus, only in my haste i didn’t record exactly what it discovered, I just hit the clean button. Since running MBAM I do appear to be clear of the malware. However I do have a lot of encrypted data sitting on my drives.


Presumably a good AV program will protect you. I hadn’t gotten round to reinstalling my AV which I deeply regret. Hasherzade at the above link suggests creating dummy files in the correct locations to fool DMA Locker into thinking it’s finished:

PREVENTION TIP: Create these files to protect yourself from this version of DMA Locker. Content doesn’t matter. In presence of these files, the program will go by other path of execution and display the red message only – but not deploy the encryption.

    C:\Documents and Settings\All Users\decrypting.txt

    C:\Documents and Settings\All Users\start.txt



    This trick works only as a PREVENTION – once your files are encrypted, it is not going to help. For more info about why it happens, please read this post.

    There’s not a lot of advice out there for what will guarantee your safety but the growing trend of ransomware will surely change this.


    As i’ve said, once your files are encrypted, unless you can pay, or restore from backup they are gone. It appears (at the moment at least) that i haven’t lost any critical data. For information, you know that a file is encrypted because it won’t load. On the surface it looks the same but try to open it and fails, for obvious reasons.

    The encryption process places a header at the beginning of each encrypted file, if you open one of the encrypted files in a text editor you’ll see it:


    Try this with a small file. Note the ‘!DMALOCK3.0’ at the beginning. That’s your proof!

    The following command will process all files and subfolders and create a text file called DMA_Encrypted_Files.txt. You’ll need the sysinternals Strings utility first too.

    E.g. to check your C:\ drive:

    • Put Strings.exe in the root of C:
    • Open a command prompt.
    • Navigate to root of C: (using CD \)
    • Run this command: strings -b 11 -n 11 -s *.* | findstr !DMALOCK3.0 > DMA_Encrypted_Files.txt

    You can use the output of this to examine what has been encrypted to plan your recovery options.

    Next Steps

    I’m still in the process of recovery. I’m considering cost effective options for Server AV and Cloud Backup and I’ve got a few good ideas. I’ll post here when I’ve had chance to explore further.

    Categories: Tech Tags: , ,

    Edge browser opens then closes immediately – fix

    December 21, 2015 Leave a comment

    I’ve been running Windows 10 for a while and it’s been pretty ok really, however suddenly Edge refuses to run. When I launch Edge is displays for a moment, then promptly closes.
    I actually use IE as my default browser anyway as I’m a RoboForm devotee and can’t do without it. Maybe if Edge starts supporting plugins I’ll switch.
    It was a tricky one as no errors were displayed in the Event Log. I’ll show you the couple of things I tried.
    Note: I don’t know specifically which once fixed it. Really sorry but I couldn’t really go re-break it to work it out.

    Anyway here’s what I did:
    First: Rename the corrupted Microsoft Edge Folder. “C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe”
    I just added a _OLD to the end.
    Next: (note it may be only one of these fixes it but i’ll give you all three)
    Run PowerShell as Administrator:

    Try this:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml” -Verbose}

    Or this:
    Add-AppxPackage -register “C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\appxmanifest.xml” -DisableDevelopmentMode

    Or this:
    Get-AppXPackage -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml” -Verbose}

    Thanks to my sources:

    Categories: Tech Tags: ,

    Great way to delete stubborn folders in windows

    December 12, 2015 2 comments

    I’m utterly sick of getting “source path too long” errors in windows when trying to delete folders. I found a really neat solution here:

    In a nutshell, do the following in a  windows command shell:

    mkdir empty_dir
    robocopy empty_dir the_dir_to_delete /s /mir
    rmdir empty_dir
    rmdir the_dir_to_delete


    Categories: Tech, Uncategorized

    I wish i’d known about this 10 years ago…

    May 14, 2015 Leave a comment

    Scenario: Your in windows explorer a few folder deep, and you want to send a link to a file. You could click the toolbar path but that won’t include the filename. Plus if there’s any spaces in file or folder names you’ll have to enclose your link in quotes.

    Solution: Hold Shift + Right-click the file and select ‘copy as path’. This copies exactly what you want to the clipboard ready to paste into your email.

    Categories: Tech Tags:

    How I upgraded my HTC One M7 (EE) to Google Play Edition GPE 5.0.1 Lollipop

    February 15, 2015 2 comments

    I’m going to try and summarise the painful process I’ve been through lately. I was sick of the sent UI on my HTC M7, it looks nice but it’s not intuitive enough. I wanted a clean stock build. After some searching I found that it is possible to convert your phone to the GPE edition.

    This process is extremely confusing, there’s so much information out there it’s difficult to separate the good stuff from the rubbish. It’s taken me basically a week to trawl through and work it out.

    It goes without saying that you should backup everything before you begin. Also there is a chance you could brick your device so take heed: on your head be it!

    Here is a basic summary if you’re interested:

    Root your device

    Great guide here:

    In a nutshell:

    Goto Settings > Developer options make sure USB Debugging is ON

    Download and upzip to a folder

    Install the HTC USB drivers (HTCDriver_4.1.0.001.exe) in above zip if you don’t have them installed already

    Open a command shell at the unzip folder and run the following commands:

    cd Downloads

    cd HTCOneRoot

    adb backup -apk -all -f backup.ab

    I think this backs up your apps

    Turn off your HTC One. Then hold down Volume Down and Power buttons together for about 3-5 seconds until you see bootloader menu

    Hit the Power button to enter Fastboot mode

    Connect micro-USB cable from your HTC One to your computer

    Type the following in your command prompt/terminal:

    fastboot oem get_identifier_token

    Copy the identifier token exactly

    Go to and log-in. If you don’t have an account, register then log-in

    Follow the instructions to unlock the bootloader, when successful you will receive an Unlock_code.bin via email, when you have this move on…

    Save your Unlock_code.bin to your unzip folder

    Go back to your command shell and type:

    fastboot flash unlocktoken Unlock_code.bin

    Go to your phone and choose “Yes” using Volume Up button then hit the Power button. Your HTC One will reboot in about 5 seconds.

    Once rebooted, your HTC One should be completely wiped and you should get Welcome message just like the day you got your phone. Sign in through the setup process then copy the file in HTCOneRoot folder to anywhere on your HTC One’s internal storage.
    *Note – For Android 4.3 or 4.4, please use the file “” instead of v1.30.

    Power off your phone then re-boot into bootloader menu to fastboot mode

    Back to the command shell:

    fastboot flash recovery openrecovery-twrp-

    fastboot erase cache

    Choose “Bootloader” and hit the Power button

    Choose “Recovery” and hit the Power button

    Once in TWRP recovery, choose “Install”

    Choose the file you copied earlier

    Swipe to flash this file. This will root your HTC One by installing SuperSU superuser app and SU binaries.

    Choose “Reboot System” to reboot

    That’s it, we are rooted with a TWRP custom recovery

    Obtain S-OFF

    What is S-OFF? Hey I don’t really know other than it’s a security thing that prevent important stuff being overwritten in your phone. If you boot to bootloader you’ll see the S-ON setting at the top.

    To do good stuff you need to turn this to S-OFF. Finding out how to do this was near impossible as it seems that Firewater the most popular tool has been discontinued. After much searching I found rumrunner:

    Download rumrunner from here:

    Review the instructions, which are essentially: disable locks, use usb2 and be rooted

    Unzip rumrunner into your unzip folder and run soju.exe

    Watch the magic happen

    There’s load of stuff online. Many have posted bad experiences with rumrunner, I wasn’t convinced it would work and it came as a pleasant surprise when it did. It took about 20 minutes to S-OFF my handset.

    Install the Google Play Edition RUU

    There’s a great guy out there called GraffixNYC, check out his video here that has everything you need:

    Download the appropriate RUU from here:

    Ensure your phone CID matches one in the list, if it doesn’t change is using command:

    Fastboot oem writecid GOOGL001

    You can check the CID by running

    Fastboot oem readcid

    Now do the following to copy the new RUU to your phone:

    1. adb reboot bootloader

    2. fastboot oem rebootRUU

    3. fastboot flash zip (note your zip may be different)

    4. You will get a FAILED message first time – this is normal

    5. Redo the same command again

    6. The process will run for about 10 minutes until if finishes wait until it finishes

    7. fastboot reboot



    Well I can safely say that Android 5 on an M7 is rubbish. The screen doesn’t lock consistently when holding the device to your ear, so you find yourself pressing  buttons with your ear! Not amusing.

    So I figured I’d flash it back to Android 4.4.2: easier said than done. Although my handset was Unlocked with S-OFF it consistently refused to take any flash command with the following error:

    FAILED (remote: not allowed)

    Finally I found the following article:

    It took me ages to find this but once I did it turns out the solution was the same as i’d already blogged above haha I should read my own stuff:

    1. adb reboot bootloader
    2. Fastboot oem rebootRUU
    3. Fastboot flash zip
    4. (redo above again, as it needs a second run at it)
    5. Fastboot reboot-bootloader
    Categories: Tech Tags: , ,