Monday, July 12, 2010

Windows 7 - Icons / Shortcuts Disappear from the Desktop

Have you seen my
shortcuts?! They’ve been missing since Windows 7! :-(




UPDATE: 2012-02-28 - Thanks to "Anonymous", the commenter, it has been pointed out that Microsoft has addressed this issue as of 2012-01-11 with a hotfix and registry setting. I'd imagine that it's only a matter of time and this issue is finally addressed in a mainstream patch.
"... After you install this hotfix, you can disable the "Broken Shortcut" task or the "Unused Desktop Icon" task in the System Maintenance troubleshooter by configuring the registry. Detailed steps are described in the "Registry information" section. ..."
http://support.microsoft.com/kb/2642357



We've been deploying Windows 7 for a few months now and we noticed that a few users initially complained that their shortcut icons have been randomly missing or somehow deleted off the desktop. We started putting back old copies of their shortcuts and, lo and behold, they would disappear again in about a week or so.

After digging around on the internet, we found the source of the problem to be the part of the Windows 7's System Action Center scripts. It turns out that the Desktop Cleanup Wizard is now part of the scheduled maintenance. "... The System Maintenance troubleshooter performs a weekly maintenance of the operating system. ... When there are more than four broken shortcuts on the desktop, the System Maintenance troubleshooter automatically removes all broken shortcuts from the desktop. ..." This is also along with unused icons.

Now, knowing the source of the problem, we dug further and found that the scheduled maintenance can be controlled by Active Directory’s GPO policies, but only in an Enable all/On or Disable all/Off fashion. It also turns out that many people have posted how to modify the files responsible for removing those desktop shortcuts, so that their function is disabled without interfering with the other features or causing any errors. We couldn't find a complete solution that would fit our needs. We’re a large orginization and there didn't seem to be an already published way to disable the remove shortcuts feature globally without disable all the features of System Maintenance Troubleshooter and/or manually going to each computer, editing the troubleshooter's power shell script files.

The last few days, I’ve poured through the discussion board posts via Google and brushed up on my VBs scripting skills, and the end result is I came up with a script file to launch via network login on each computer. The script patches the files responisble for removing the shortcuts only once and only if they exist (so, they won't error or annoy any other OS users). The script will also ask the user for UAC elevation to modify the protected files. The original files are backed up using the orginal file names, plus the date the script was run, and plus the '.original' as the file extension. The files modified are: “c:\Windows\diagnostics\scheduled\Maintenance\TS_BrokenShortcuts.ps1” and “c:\Windows\diagnostics\scheduled\Maintenance\TS_UnusedDesktopIcons.ps1”.

Post analysis of our problem described by users: They reported that the icons being deleted seemed to happened more often when they left the computer locked vs. on without being logged in and the shortcuts where to documents saved on mapped network drives vs. the local shortcuts. Your mileage may very as far as exact scenario. Any feedback on your troubles would be great! (Comment below)

So, what would the internet be if we all didn’t all share?! Below are the script we now use and your welcome to it. Just be warned, I warranty NONE of my script; Use my script at your own risk! Please leave my author tag. Thanks! : )

VBS Script (Just copy and paste the below text into notepad and save it as any_filename_you_desire.vbs)


'----------------------------------------------------------------------------------'
'' Disable the Windows 7 Broken Shortcuts and Unused Desktop Shortcuts Scripts    ''
''                                                                                ''
'' Description:  Open up the two power shell scripts responsible for repairing    ''
''  the broken shortcuts and removen unused one, and then stop them from          ''
''  running any longer.  The original files are backed up in the same location.   ''
''                                                                                ''
'' Author - Justin Bennett, 9:24 AM 6/30/2010                                     ''
''          jbennett at msjc d0t edu                                              ''
''                                                                                ''
'' Resources -                                                                    ''
''  http://www.ghacks.net/2010/03/30/fix-windows-7-desktop-shortcuts-disappearing ''
''           - http://www.winhelponline.com/articles/185/1/VBScripts-and-         ''
''                                                              UAC-elevation.html''
''                                                                                ''
''  !!!!!!!!!!!!!!!     NO WARRANTY EXPRESSED OR IMPLIED     !!!!!!!!!!!!!!!!!!   ''
'----------------------------------------------------------------------------------'
'
  'Continue on errors - needed for ...
  'On error resume next 
'
'
' START - Script
'
'
'
' Global Variables
set wshShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'
'
'----------------------------------------------------------------------------------
''
'' START - Patch File Function
''
'' Description:  A function to check a file for existence, size, then replace the
''   line it has been instructed to.  The original file is backed up as
''   'filename.ext.1-1-1990 1.00.00 AM.original' in the original directory.
''
'' filePath - The file path of where the file is.  It is used for adding/removing
''             permissions durning the patching process to create the patched file
''             and backing up the original.
'' fileName - The file name of the file.  It is used making a patched copy of the
''             file and renaming the original file for a backup durning the patching
''             process.
'' reqdSize - The file size in bytes.  Used to verify the file is the correct size.
''             If the file size has changed, it will not be patched.
'' findLine - Which line to replace in the file.
'' replaceWith - The text to be written into the patched file.
''
  function patchFile(filePath, fileName, reqdSize, findLine, replaceWith)
   'Temporary Variables
   dim tmpFilename, curLine
  
   'Check if file exists
   If objFSO.FileExists(filepath&filename) <> True Then
    exit function
   End If
   
   'Check if file is the desired size
   If objFSO.GetFile(filepath&filename).Size <> reqdSize Then
    exit function
   End If
   
   'Check to see if UAC needs elevation
   uacCheck()
   
   'Add permission to modify/create files
   wshShell.Run "takeown /f "&filepath, 0, true
   wshShell.Run "takeown /f "&filepath&filename, 0, true
   wshShell.Run "icacls "&filepath&" /grant %USERNAME%:F", 0, true
   wshShell.Run "icacls "&filepath&filename&" /grant %USERNAME%:F", 0, true
   
   'Open main and temporary files  
   Set myFile = objFSO.OpenTextFile(filepath&filename, 1, True)
   Set myTemp= objFSO.OpenTextFile(filepath&filename&".patch", 2, True)
   
   'Loop through and find my line, then replace it
   curLine = 0
   Do While Not myFile.AtEndofStream
    curLine = curLine+1
    If curLine <> findline Then
  myTemp.WriteLine myfile.ReadLine
  'myFile.Skipline
 Else
  myFile.Skipline
  myTemp.WriteLine replaceWith
 End If
   Loop
   
   'Close the main and temporary files
   myFile.Close
   myTemp.Close
   
   'Temporary new filename
   tmpFilename = filepath&filename&"."&Replace(Replace(Now, ":", "."), "/", "-")&".orginal"
   'Rename input file to filename plus date and .orginal
   objFSO.MoveFile filepath&filename, tmpFilename
   
   'Rename temp file to input filename
   objFSO.MoveFile filepath&filename&".patch", filepath&filename
   
   'Remove granted permission to modify/create files
   wshShell.Run "icacls "&filepath&" /setowner ""nt service\trustedinstaller""", 0, true
   wshShell.Run "icacls "&filepath&filename&" /setowner ""nt service\trustedinstaller""", 0, true
   wshShell.Run "icacls "&tempFilename&" /setowner ""nt service\trustedinstaller""", 0, true
   wshShell.Run "icacls "&tempFilename&" /remove:g %USERNAME%", 0, true
   wshShell.Run "icacls "&filepath&filename&" /remove:g %USERNAME%", 0, true
   wshShell.Run "icacls "&filepath&" /remove:g %USERNAME%", 0, true

  end function
''
'' END - Patch File Function
''
'----------------------------------------------------------------------------------
''

'
' START - Main Subroutine
call main
'
sub main
'On error resume next 
'----------------------------------------------------------------------------------
''
'' START - Launch fix functions
''
''           
  patchFile wshShell.ExpandEnvironmentStrings("%windir%")&"\diagnostics\scheduled\Maintenance\", "TS_BrokenShortcuts.ps1", 2724, 22, "    return """" #removed $list to cancel out script"
  patchFile wshShell.ExpandEnvironmentStrings("%windir%")&"\diagnostics\scheduled\Maintenance\", "TS_UnusedDesktopIcons.ps1", 2567, 36, "    return """" #removed $list to cancel out script"
  
''
'' END - Launch fix functions
''
''
'
'
' END - Main Subroutine
end sub
'
'
'----------------------------------------------------------------------------------
''
'' START - UAC Check Function
''
''
  function uacCheck()
'''Check to make sure this is a Vista or 2008 server first
   strComputer = "."
   Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
   Set colOperatingSystems = objWMIService.ExecQuery _
    ("Select Caption from Win32_OperatingSystem Where Caption like '%Vista%' or Caption like '%2008%' or Caption like '%Windows 7%'")
   For Each objOperatingSystem in colOperatingSystems 
    If WScript.Arguments.length =0 Then
     Set objShelluac = CreateObject("Shell.Application")
     'Pass a bogus argument with leading blank space, say [ uac]
     objShelluac.ShellExecute "wscript.exe", Chr(34) &  WScript.ScriptFullName & Chr(34) & " uac", "", "runas", 1
     wscript.quit
    End If
   next
''
  end function
''
'' END - UAC Check Function
''
' END - SCRIPT



Here's how we're launching it from our batch network login script

::Disable Deleting Broken/Unused Shortcuts (Windows 7)
:: 12:55 PM 7/12/2010 Justin
::
if "%ALLUSERSPROFILE%"=="%SYSTEMDRIVE%\ProgramData" ( call cscript "\\domainname\netlogon\_patch_Windows_7_ScheduledMaint-Stop_Icons_Disappearing.vbs" )




References:
http://www.ghacks.net/2010/03/30/fix-windows-7-desktop-shortcuts-disappearing
http://www.winhelponline.com/articles/185/1/VBScripts-and-UAC-elevation.html
http://support.microsoft.com/kb/978980

Friday, May 7, 2010

System Status and Operation Indicators

Ok... I'm jealous... I want this too geek additions at last.fm's control center. We have laptops with displays of our paging system on the screens, but no light up bears!!!  Now, how would you work a budget change proposal request to include a system that would light plastic toys during system/network outages as necessary purchase.  Illuminated plastic molded ursus arctos horribilis indicators for system status indication perhaps??? : )

http://blog.last.fm/2008/08/01/quality-control






Friday, April 23, 2010

McAfee Virus Protection Attacks svchost.exe on Windows XP

Luckilly, we only use McAfee on a few machines and they happen to not be the OS affected by the latest problem with virus definition 5958.

When I heard about this, it reminded me when we use to have McAfee Virus Protection across all of our computers on our network (back in 2000 in the Windows 95-98 days.)  We had a very similar problem with machines at 100% CPU usage.  I did some hunting and found a news post back from when we had that problem.

New McAfee virus update can freeze some computers - [http://archives.cnn.com/2000/TECH/computing/11/07/mcafee.windows.freeze.idg/index.html]
"...
November 7, 2000
Web posted at: 9:23 a.m. EST (1423 GMT)
...
(IDG) -- The latest virus definition update for Network Associates' McAfee VirusScan can freeze computer systems, Network Associates has confirmed.

"It can cause the CPU utilization of the machine to go to 100%, effectively freezing the system for an extended period of time," said Simon Leech, an Amsterdam security engineer for Network Associates.
..."

I feel for all the customers struggling with fixing their machines from this mishap.  One thing positive, at least it wasn't malicious and/or a data breach to add further insult to injury.

McAfee should have learned something from The Website is Down, episode #4, "Sales Demolination".  "... Fake a virus attack. ... How do you think I made it 20 years in I.T. ..."  [http://www.thewebsiteisdown.com/]

Tuesday, April 13, 2010

Microsoft's Cloud Computing

I went to the Microsoft Virtualization Summit today in Irvine, CA.  It ended up being about how all the components of virtualization aggregate into cloud computing, how to use cloud computing to be greener, and how cloud computing will be more transparent to applications and design in the future.

What I took away from today:
Here's the obligatory pun, "I had my head in the Clouds at Microsoft's conference today".

Saturday, March 27, 2010

Moved from Altiris Deployment Solution to Windows Deployment Services (WDS)

We have been using Altiris for years and since Symantec bought them out, the price structure has been too cost prohibitive for us to continue to re-license it. As we prepare for Windows 7, we were able to setup two Windows Deployment Service servers fairly easy. I was happy that we were able to capture Windows XP images, so that as we transition we don't have to worry about holding onto our old Altiris setup.

I used the Windows Deployment Services Step-by-Step Guide and the Windows Deployment Services Getting Started Guide to setup the systems (which those URLs at the bottom of this post).  The following is a quick overview of our settings.

Our Configuration
  • Two stand-alone Windows 2008 R2 servers running Windows Deployment Services
  • Two subnets
  • Independent DHCP servers per subnet
Setting up the stand-alone Windows Deployment Services servers:
  1. Installed Windows 2008 R2 Standard Server
  2. Installed the Windows Deployment Services Role - Deployment and Transport Services
  3. Configured my settings and added the boot and install images off my Windows 7 and Vista DVDs.
Adding the PXE Boot settings to our independent DHCP servers
  1. Opened the DHCP Administrative utility
  2. Opened the scope options
  3. Added options 66 and 67 ("server1" for option 66 and "\boot\x86\wdsnbp.com" for option 67)
Conclusion
  • Everything went very smoothly and faster than expected to transition.  We all trained on Windows Deployment Services one afternoon and were able to install and capture images quite easily.  I do want to note, since I didn't read this anywhere in the documentation, that it appears that you can only capture one disk image at a time per image group.  We started four machines at once to capture an updated Windows 7 image and only one machine captured with the other three erring out.  The reason why is we were trying to capture an image from each machine to one image group.  Each image group has a database type file that the images are stored to and it appears only one write sequence can occur at a time.  It's not a frequent occurrence that multiple images would be captured, but I thought it was worth noting.

    We are very pleased and within one more day of testing, we stopped using Altiris Deployment Solution all together.
References

Monday, March 8, 2010

Battery Chargers Be Warned


Energizer®'s USB Port Duo Battery Charger, which charges your batteries via your computer's USB port, has backdoor that may allow a remote attacker to view files or launch software. The software is supposed to allow the user to see how the battery charging progresses is going on. It also loads a .dll and sets it to load automatically every time the computer is started by adding to Windows Start-Up and launching arucer.dll.

I just want to know who thought this was a good idea anyway? Wait only 10 hours to charge two AA rechargeable batteries and stress my USB port's power, were do I pickup one of these gems?!!? :P



References:

http://www.kb.cert.org/vuls/id/154421
http://www.us-cert.gov/current/index.html#engergizer_duo_usb_battery_charger
http://www.energizer.com/SiteCollectionDocuments/pdf/rechargeable/chusb_instructions_english.pdf

Thursday, February 4, 2010

No Flash photography! Please!

No Flash Please!

Last year seemed to have been the year of Adobe software exploits as depicted in the "10 Most Vulnerable Software Apps of 2009". Their most popular products Acrobat Reader, Flash Player and Shockwave have been the central point for the latest viruses and spyware. On an enterprise level, it's wreaking havoc for many system administrators and security experts.

Adobe has made attempts to write up white papers for Acrobat and Flash that describe how to deploy and maintain their key products, but with half hearted effort at best.  There's also a storm of custom script files, packages, group policy templates that are floating around by other administrators.  We have our own piecemeal scripts and GPOs currently in place at my job to do the best that we can at maintaining the latest "safe" versions.

Microsoft's products have not been the most secure over the years, but they have long given administrators proper tools deploy, maintain, and update their products and stay ahead. Windows Server Update Services, for example, allows administrators to get a view of machines on their network and maintain the vast amount of Microsoft's software.  When updates are released, WSUS will allow you to get a report showing how many machines needed, push out the update and even set a deadline to force installation.

Adobe has taken such a market share of web content, but when will they take security seriously and offer an enterprise level solution?  For now, No Flash, Please!!!