Alexander’s Blog

February 4, 2012

How to Delete Inactive Profiles on Windows 7

by @ 9:38 am. Filed under Tools/Utils, Windows 2000, Windows 2003, Windows 2008, Windows 7, Windows Vista, Windows XP

A few years ago I wrote this article Deleting Old User Profiles in Windows 2000/XP/2003 about a User Profile Deletion utility called DelProf.exe. This tool is part of the Windows Server 2003 Resource Kit. Because it was written for older operating systems it won’t work on Windows Vista or later operating systems.

Lucky for us, Microsoft MVP Helge Klein has written a successor utility called DelProf2 that works with newer operating systems, such as Windows 7. DelProf2 works with Windows XP/2003/Vista/Windows 7/Windows 2008/Windows 2008R2.

DelProf2 will even handle profiles that use long paths (i.e. MAX_PATH values of longer than 260). This tool is great if you want to get rid of old profiles that are taking disk space. It will delete all profiles except the current profile. It will leave the necessary system profiles (e.g. Default profile) alone. Default profile is used by the operating system to create a profile for a new user by making a copy of the Default profile. You also have the option to delete locally cached copies of roaming profiles or delete older profiles that have not been used for a certain period of time, such as older than 90 days.

Here is the syntax used by DelProf2.

Usage: delprof2 [/u] [/q] [/i] [/p] [/r] [/c:[\\]<computername>] [/d:<days>]

       /u   Unattended (no confirmation)
       /q   Quiet (no output and no confirmation)
       /i   Ignore errors, continue deleting
       /p   Prompt for confirmation before deleting each profile
       /r   Delete local caches of roaming profiles only, not local profiles
       /c   Delete on remote computer instead of local machine
       /d   Delete only profiles not used in x days
       /l   List only, do not delete (what-if mode)

Helge has some nice examples on his site. You can use DelProf2 to delete inactive profiles remotely (including Windows 7 computers) using their IP addresses.

DelProf2 is a free utility that can be downloaded from Helge’s Web site here. While you are at it, you might want to check out some additional tools that he has written.

November 27, 2011

A Bug Fix to Fix the Previous Bug Fixes: Windows System Update Readiness Tool

by @ 4:12 pm. Filed under SharePoint, Tips & Tricks, Tools/Utils, Windows 2008, Windows 7, Windows Vista

If you are having problems installing Service Pack or software updates on Windows Server 2008 R2, Windows 7 or Windows Vista you are not alone. There are lots of people facing the same issue, including me, and hopefully this article will be helpful in understanding and solving the problem. I should point out that I have encountered this problem of installing Service Pack 1 (SP1) on numerous servers (all new installation) as well as existing Windows 7 client. The focus of this article is on Windows Server 2008 R2 but you can apply the same techniques on Windows 7 and Windows Vista.

It took me three full days to find a solution that worked for me. Needless to say I was searching the Web all this time and trying various solutions but some worked and others didn’t. Unlike the old Windows NT days when the patches were considered a risky business, for the past decade or so Microsoft has done a great job to make the updates and security patches fairly reliable. It’s a daunting task to deal with a gazillion updates on various systems and gain the confidence of consumers. Microsoft gained enough of my confidence that I have been configuring all my computers, including servers, to download and install the Windows Update automatically. Even though I have occasionally encountered a few crashes, overall I have been fairly satisfied with the automatic Windows Update service. Well, lately things have not been so rosy. Windows Updates are causing more problems more frequently and therefore starting this year I decided to manually update my computers because of the fear of system crashes and other unexpected results. Microsoft has confirmed my fears of Windows Update by releasing a patch to fix the patches. The patch is called Windows System Update Readiness Tool, essentially a bug fix that fixes other bug fixes. But these days vendors don’t use the term bugs any more because that is admitting that there was a problem with the software in the first place. Instead they refer to them as “patches”, “updates”, “repairs”, “fixes”, and now there is a new term “tool.” Well, you tell me which one sounds better Windows System Update Readiness Tool or Windows Update Bug Fix? Exactly my point!

Microsoft is aware that even the Windows System Update Readiness Tool may not fix the Windows Update problems with Windows Server 2008 R2 and therefore they have posted an article on TechNet for advanced diagnosing and fixing servicing corruption. The article is listed under the Troubleshooting section as Known Issues with Windows Server 2008 R2. So now we know that Microsoft is aware of this issue and have released a bug fix for the bug fixes and also admitted that the bug fix for the bug fixes may not work and therefore we may need to rely on some advance diagnostics to fix the problems with the corruption in Windows servicing store (more on this servicing store in a minute).

Let’s get back to the problem of installing SP1. As I indicated earlier, lately I have been having lots of issues with installing Windows Server 2008 R2 SP1 on several servers. As far as I recall, I have experienced this issue mostly on new server installations. The problem is that the service pack hangs after a minute or so and the installation fails. After spending a lot of time I finally narrowed the problem down to one particular update (KB2620704). I installed all the updates on my new servers (92 to be exact) and then installed KB2620704 that was causing problems. On some servers KB2620704 failed while on others I was able to install it successfully. However, even after I was able to install all the updates, including KB2620704, I still wasn’t able to install SP1. In addition, I was not able to install SharePoint Server 2010 on one of the servers because when I tried to install the software prerequisites it failed.

At one point Windows Update offered me a new update called System Update Readiness Tool for Windows Server 2008 R2 x64 Edition (KB 947821) [August 2011].

According to Microsoft:

“This tool is being offered because an inconsistency was found in the Windows servicing store which may prevent the successful installation of future updates, service packs, and software. This tool checks your computer for such inconsistencies and tries to resolve issues if found.”

In case you are wondering about the Windows Servicing Store, it’s a component that is required to successfully install the service packs.

There is something very interesting in the above screenshot. Notice that the last update on the list Windows Server 2008 R2 Service Pack 1 x64 Edition (KB976932) is only 13.6MB. If you download SP1 from Microsoft here, the size is 903.2MB. The interesting part was that I was working on several newly installed servers and only one of them showed SP1 as 13.6MB. All the other servers listed KB976932 as 95.5MB – 892.6MB, as shown in the screenshot below.

After installing KB947821 I was still not able to installSP1. I went to the SUR log to see what’s going on. See this article for more information.


I noticed the log pointed to the KB2620704 which I knew was a problem right from the start. On the server where I was able to install KB2620704 everything was fine but on the server where I wasn’t able to install SP1 I knew I had to install KB2620704. I was left with only 2 updates (KB2620704 & the SP1 update KB976932) so I unchecked KB976932 and tried to install KB2620704 but it failed with the error Code 800F0818.

Now you may get lucky after installing KB2620704 but I wasn’t. Here’s what I did next. Per TechNet article Advanced guidelines for diagnosing and fixing servicing corruption I looked at the two files listed at the end of the checksur.log.

servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35~amd64~~6 .1.1.0.mum

Next I started cmd.exe as an administrator and backed up the two files as a precaution.

copy %windir%\servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35 ~amd64~~ c:\temp

copy %windir%\servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35 c:\temp

Then I took ownership of these files so I can copy these files from another server.

takeown /f %windir%\servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35 ~amd64~~

takeown /f %windir%\servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35

Next I used icacls to grant administrators permissions to overwrite the files.

icacls %windir%\servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35 ~amd64~~ /grant administrators:F

icacls %windir%\servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35 /grant administrators:F

Finally, I logged out and then logged back in so I can copy the two files from another server where I was able to successfully install KB2620704 to the server. Even though I was logged in with a domain account that was a member of the local administrators group the permission to copy the files was denied. I went to Windows\servicing\packages folder in Windows Explorer and gave my domain account  full-control permissions to the packages folder. I removed this permission after I was able to copy the two files. I ran the update for KB 2620704 and it was finally successful.

I then tried to install SP1 (KB976932) again. By that time I knew all these KB article numbers better than my address and phone number. Fortunately, this time it worked and I was able to install SP1 on my Windows Server 2008 R2. It only took about 40 hours in three days. Piece of cake!

SharePoint Server 2010 Installation

The rest of the article only applies to you if you are installing SharePoint Server 2010 on a new server. Once the service pack was installed, I should be able to install SharePoint, right? Wrong! This time the software prerequisites tool was able to install a couple of prerequisites, including the Web Server (IIS) Role, but was unable to install the hotfix KB976462.

Okay, no problem. I downloaded the hotfix KB976462 for my x64 system (Windows6.1-KB976462-v2-x64.msu) from here and tried to run it but got an error “The update is not applicable to your computer.” Here’s how I worked around that hurdle. I followed the instructions in yet another KB article KB934307.

  1. I created a folder C:\KB976462 and downloaded the file Windows6.1-KB976462-v2-x64.msu into that folder.
  2. I created a folder C:\TEMP.
  3. I opened command prompt as an administrator and ran the following command to expand the MSU file to the temp folder which resulted in 4 files in the TEMP folder.
    expand -f:* “C:\KB976462\Windows6.1-KB976462-v2-x64.msu” C:\TEMP
  4. Then I ran the following command.
    pkgmgr.exe /n:c:\temp\Windows6.1-KB976462-v2-x64.xml
    You will not see any message after you run this command successfully. Just wait a minute or so until the command prompt is returned and that’s how you will know if the command was successfully executed. The only time you will see a message is if something went wrong.
  5. Next I double-clicked the Windows6.1-KB976462-v2-x64.msu file in the C:\KB976462 folder where I originally downloaded it. I got a pop up message that “The update is not applicable to your computer.” This is the same message I received when I had double-clicked the file the first time. By the way, some people have reported that they get the message that the patch is already installed.
    NOTE: Regardless of what message you see, you should simply ignore it and go to the next step and you will be a happy camper.
  6. I ignored the notice and ran the SharePoint software prerequisites tool again. This time everything worked and I was able to install the software prerequisites.
  7. I deleted both the C:\KB976462 and the C:\TEMP folders.
  8. I rebooted the server. Even though I had not received any notices or warnings that I need to restart the server, when I tried to install SharePoint the wizard indicated that I must reboot first before proceeding to install SharePoint.
  9. After the reboot I continued on with SharePoint Server 2010 installation without a hitch.


Here are the download links for Windows System Update Readiness Tool for Windows Server 2008 R2, Windows 7 and Windows Vista (KB947821).

  1. System Update Readiness Tool for Windows Server 2008 R2 x64 Edition (KB947821) [August 2011] 315.6MB
  2. System Update Readiness Tool for Windows 7 106.6MB
  3. System Update Readiness Tool for Windows Vista 121.8MB

Here’s another related article KB947366 that might also help.

KB947366: How to troubleshoot Windows Vista and Windows Server 2008 service pack installation issues

A hotfix for the.NET Framework 3.5 Service Pack 1 is available for Windows 7 and for Windows Server 2008 R2 as a prerequisite for Microsoft Office SharePoint Server 2010.

KB976462: Prerequisite hotfix for Microsoft Office SharePoint Server 2010

This is the hotfix mentioned in the above link. It’s called SharePoint Shared Services Roll-up for Windows Server 2008 R2. Instead of going through all the hoops, you can download this hotfix from the following link.

KB976462: Download link for the prerequisite SharePoint Shared Services Roll-up

And finally here’s an article which describes the Windows Update Stand-alone Installer. I was able to use the information in this article to get over the last hurdle.

KB934307: Description of the Windows Update Stand-alone Installer (Wusa.exe) and of.msu files in Windows Vista, Windows 7, Windows Server 2008 and in Windows Server 2008 R2

Copyright ©2011 Zubair Alexander. All rights reserved.

June 14, 2011

Eliminating Authentication Prompts in a SharePoint Environment

by @ 6:45 am. Filed under Articles, ISA Server, SharePoint, Tips & Tricks, Windows 7, Windows Vista

Authentication prompts have been a pain in the neck for a lot of SharePoint users over the years both in SharePoint 2007 and SharePoint 2010 environments. There are several reasons for the prompts. I can’t cover all the possible solutions but I have documented multiple solutions to different authentication prompt issues.


In SharePoint 2010, you have multiple site collections on your intranet that you access on a regular basis. When you access these sites remotely from an external network and connect to the first site you are prompted for authentication. You logon successfully. Then you try to connect to the second, third and fourth Site Collection but you are prompted for authentication each time. You want to have access to all the sites without being prompted for authentication each time.


Add the intranet sites to the Local intranet zone in Internet Explorer (IE).

  1. In IE8 or IE9 go to Tools, Internet Options, Security tab, Local intranet, Sites, Advanced and add all the Site Collections to the zone.
  2. Click close three times to close all windows.
  3. Restart Internet Explorer.

Now once you logon to the first intranet site, you should be able to access all the other sites in different Site Collections without entering your username and password.

NOTE: There are lots of other scenarios where you may experience multiple authentication prompts and depending on the scenario you may have to use a different solution. One setting that you should be aware of is located in the Internet Explorer’s options.

  1. Go to Tools, Internet options, and select the Security tab.
  2. Select the appropriate zone (e.g. Internet zone).
  3. Click Custom level.
  4. In the User Authentication section select the appropriate setting (e.g. Automatic logon with current user name and password).
  5. Click OK twice.

NOTE: You can deploy this setting to client computers using Group Policy. Go to User Configuration -> Policies -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Trusted Sites Zone. In the right-hand pane locate “Logon options” double-click it. First Enable the option and then in the drop-down box select the option “Automatic logon with current username and password.” On the client computer run gpupdate /force at the command prompt to refresh the Group Policy.

Prompt for Credentials When Accessing FQDN Sites From a Windows Vista or Windows 7 Computer

There is another issue that you may run into that is documented in the KB article 943280. Sometimes you may get prompted for authentication when you open a Microsoft Office document in SharePoint. Here are the steps documented in the KB article 943280 to resolve the issue in Windows 7 clients.

  1. Click Start, type regedit in the Start Search box, and then press ENTER.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Paramet ers
  3. On the Edit menu, point to New, and then click Multi-String Value.
  4. Type AuthForwardServerList, and then press ENTER.
  5. On the Edit menu, click Modify.
  6. In the Value data box, type the URL of the server that hosts the Web share, and then click OK.Note You can also type a list of URLs in the Value data box. Here’s a sample.




  7. Exit Registry Editor.
  8. After this registry entry is created, the WebClient service will read the entry value. If the client computer tries to access a URL that matches any of the expressions in the list, the user credential will be sent successfully to authenticate the user, even if no proxy is configured.

    Note You have to restart the WebClient service after you modify the registry.

    Things to avoid in the URL list

    • Do not add an asterisk (*) character at the end of a URL. When you do this, a security risk may result.
    • Do not add an asterisk (*) before or after a string. When you do this, the WebClient service can send user credentials to more servers. See the following examples:
      • http://*Contoso.comIn this example, the service also sends user credentials to
      • http://Contoso*.comIn this example, the service also sends user credentials to
    • In the URL list, do not type the UNC name of a host. For example, do not use the following:
    • In the URL list, do not include the share name or the port number to be used. For example, do not use the following:
      • http://*
      • http://*
    • Do not use IPv6 in the URL list.

    Important This URL list does not affect the security zone settings. This URL list is used only for the specific purpose of forwarding the credentials to WebDAV servers. The list should be created as restrictively as possible to avoid any security issues. Also, because there is no specific deny list, the credentials are forwarded to all the servers that match this list.

NOTE: You can deploy the above setting to clients using Group Policy.

Disabling Authentication Prompts in SharePoint 2010

In SharePoint 2010, another thing you can try to disable authentication prompts is to modify the Web.config file.



<requestFiltering allowDoubleEscaping=”true”>

<verbs allowUnlisted=”true”>

<add verb=”OPTIONS” allowed=”false” />

<add verb=”PROPFIND” allowed=”false” />




Disable “Remember my credentials” Option

If the users check the option “Remember my credentials” and then they change their password, they will keep getting prompted for authentication. It is not a good idea to remember passwords for security reasons and when working with SharePoint you might want to disable this feature. You can disable this feature using a Group Policy. Open the Group Policy (e.g. Default Domain Policy) and go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options and enable the setting “Network access: Do not allow storage of passwords and credentials for network authentication.”

Use Credential Manager in Windows 7

Yet another method to avoid authentication prompt is to use Windows 7′s Credential Manager. Go to Control Panel -> User Accounts and in the upper left hand corner select Manage your credentials.

Select Add a Windows credential and provide the logon information.

There is no need to reboot the computer. You should be able to access the site in your browser without being prompted for logon credentials.

Additional References

Here are some additional references that you may find useful.

  1. Authentication requests when you open Office documents
  2. Office 2003/2007 Integration and Forms based authentication (FBA) with SharePoint (MOSS)
  3. Unable to “Check Out” a Document in MOSS 2007 Published Through ISA Server 2006
  4. Understand duplicate authentication prompts ISA 2006 publishing MOSS using FBA

Updated: March 22, 2012 cate-authentication-prompts-isa-2006-publishing-moss-using-fba.aspx

Copyright ©2011 Zubair Alexander. All rights reserved.

June 1, 2011

How to Back & Restore VMware ESXi Configuration Using vSphere CLI

by @ 7:40 am. Filed under Tips & Tricks, Tools/Utils, Virtualization, Windows 7

The vSphere Command-Line Interface (vSphere CLI) command set allows you to run common system administration commands against ESX/ESXi systems from any machine with network access to those systems. vSphere CLI commands are especially useful for ESXi hosts because ESXi does not include a service console. You can use within vSphere CLI to backup or restore your VMware ESXi 4.1 server configuration or to reset the host to factory settings.


The vicfg-cfgbackup command backs up and restores ESXi configuration data. You can back up the host configuration, restore the configuration to the host, force the restore of the configuration, and reset the host to factory settings.

WARNING! This command is supported for ESXi hosts but not for ESX hosts.

[--force |
--help |
--load <backupfile> |
--reset |
--save <backupfile>]

You can use the following options with vicfg-cfgbackup.

Specifies the target server and authentication information if required. Run vicfg-cfgbackup –help for a list of all connection options.

–force | -f
Forces the restore of the configuration.

Prints a help message for each command-specific and each connection option. Calling the script with no arguments or with –help has the same effect.

–load | -l <backupfile>
Restores configuration from <backupfile> onto the host.

–save | -s <backupfile>
Backs up the host configuration.

Include the number of the build that is running on the host that you are backing up in the backup filename. If you are running the vSphere CLI from vMA, the backup file is saved locally on vMA. Local storage for backup files is safe because vMA is stored in the /vmfs/volumes/<datastore> directory, which is separate from the ESXi image and configuration files.

--reset | -r
Resets the host to factory settings.

–quiet | -q
Performs all operations without prompting for confirmation.

Step-by-Step Instructions

Follow the instructions below for backing up and restoring your ESXi 4.1 server configuration from your Windows computer.

Backing Up the Configuration

  1. Install vSphere CLI on your Windows computer. I like to install it on Windows 7 and manage my ESXi server using vSphere Client GUI and vSphere CLI. You can download vSphere CLI here.
  2. Go to Start -> All Programs -> VMware -> VMware vSphere Client -> Command Prompt.
  3. Change directory to the folder where the is located. This will typically be in the C:\Program Files (x86)\VMware\VMware vSphere CLI\bin folder. Obviously, if you add the path to your system path you can run the command from any folder.
  4. Use the following syntax at the vCLI prompt: –server ip-address –username root –password your-password –save filename
    For example, type the following command and press Enter: –server –username root –password MySecretPassword –save esxi41.bak
    Where 192.1681.200 is your ESXi server’s IP address, MySecretPassword is your password, and esxi41.bak is the name of the backup file that will contain the server configuration settings. Note that there is a space after each double dash (–) but not after the double dash.
  5. After you run the command you should see the following notification and your file will be backed in the folder where you ran the command, e.g. in the VMware vSphere Client\bin folder.
    Saving firmware configuration to esxi4.1.bak …
    Make sure you verify that the file exists by running the dir *.bak command at the command prompt.

Restoring the Configuration

To restore your VMware ESXi 4.1 server configuration use the same command.

  1. Go to Start -> All Programs -> VMware -> VMware vSphere Client -> Command Prompt.
  2. Change directory to the folder where the is located. This will typically be in the C:\Program Files (x86)\VMware\VMware vSphere CLI\bin folder.
  3. Use the following syntax at the vCLI prompt: –server ip-address  –username root –password your-password –load esxi41.bak -f -q
    For example, type the following command and press Enter: –server –username root –password MySecretPassword –load esxi41.bak -f -q
    Where 192.1681.200 is your ESXi server’s IP address, MySecretPassword is your password, and esxi41.bak was the name of the backup file that contains the server configuration settings. Note that there is a space after each double dash (–) but not after the double dashes.

In order to restore your configuration, you need to place your new ESXi 4.1 server into evaluation mode. This may not be necessary if you have recently installed your server and have not added your license key. If you have already added your license key then simply use the vSphere Client and set the server to evaluation mode. Another thing to keep in mind if your restore fails is to use the -f option, which forces a restore.

Helpful Links

  1. More information and documentation for vSphere CLI is available here.
  2. A complete reference for vSphere CLI is available here.
  3. vSphere CLI is available for download here.

Copyright ©2011 Zubair Alexander. All rights reserved.

May 30, 2011

Turn Windows 7 into a Free Wireless Router

by @ 9:04 am. Filed under Applications, Windows 2008, Windows 7, Wireless/Mobile

You may have seen software that turns your Windows 7 computer into a wireless router. In the past, I have downloaded Connectify software. On paper it looked good but when I installed the free version of Connectify I discovered that I could only use WEP. There was no support for WPA2-PSK as advertised on their homepage. I am guessing they must have a paid version of Connectify that will allow people to use security. Anyone referring to WEP protocol as secure loses credibility right off the bat. WEP does not provide end-to-end security and is not considered secure by most security experts today. If that wasn’t bad, Connectify only allowed me to use a password that was limited to something like 4-12 characters and the password was limited to numbers 0-9 and letters a-f. That’s right, you can only use letters a-f. Bottom line: Do not let your friends and family install the free version of Connectify. It’s security a joke.

Recently I ran across another software, developed by a fellow MVP by the name of Chris Pietschmann. Chris is a Windows Live Platform MVP and his free, virtual router software is available from Microsoft’s CodePlex community site, which is a distribution point for open source software. The Virtual Router software turns any Windows 7 or Windows Server 2008 R2 computer into a WiFi Hotspot using Windows 7′s Wireless Hosted Network (Virtual WiFi) technology. Virtual Router allows you to wirelessly share any Internet connection (LAN, WiFi, Cable Modem, Cellular, or even dial-up modem) with any WiFi device (Laptop, Smart Phone, iPod Touch, iPhone, Android Phone, Zune, Netbook, wireless printer, etc.).

The software, written entirely in C#, does not have the password limitations of Connectify. Another good thing about the Virtual Router is that it is completely free of ads. And the best thing about the Virtual Router is that it defaults to WPA2 for secure wireless connectivity. WPA2 is one of the most, if not the most, secure wireless encryption available today.

The software is currently in its beta version. You can download beta 0.9 here.

Contact E-mail | Terms of Use | Privacy Policy

Copyright ©2002-2013 Zubair Alexander. All rights reserved.

Internal Links

Search Blog



April 2014
« Mar    

RSS Feeds

TechGalaxy Visitors

30 queries. 0.712 seconds