Solution 1: Buy a license
Solution 2: Switch to MAC or linux
Solution 3: edit the registry key “Start” in the folder HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services – > svsvc | And modify the start entry from 3 to 4 then restart Windows
Solution 4: Through command line 😉
As part of my paranoia when using windows (Fear of ransomware or spyware or otherwise), I allow my web browser to connect via proxy, and the rest of the machine’s apps have no internet access (Which is a KVM virtual machine, with USB and graphics passthrough)
Now, recently, Applications are no longer running on windows 10 ! Instead, I am getting a message that reads :
SmartScreen can't be reached right now. Check your internet connection. Microsoft defender SmartScreen is unreachable and can't help you decide if this app is okay to run. Publisher: xxxx App: xxxx
This seems to be something relevant to Microsoft security, where windows consults with Microsoft before running an app for the first time !
My solution is to disable it, why, because I have to pick one method or the other to protect my computer, and antivirus software, although works if you download torrents etc… doesn’t really detect the latest threats, when they say detects and removes 99% of viruses, this includes all viruses from 1981 onward, and very few of the most recent viruses and threats, so the question remains, if i am not downloading torrents and the like, what are the odds i would meet Michelangelo
So, the steps to disable this are as follows
Recently, Windows defender antivirus has become very hard to disable in Windows 10 (And probably 11), previously, you would disable tamper protection, then open gpedit.msc, navigate to the setting and voila, recently, doing this o longer works, now, as soon as you close group policy editor (gpedit.msc) and open it again, the setting to disable windows defender antivirus pops up again ! You were also abe to do this from the registry, which does not work now.
So, it turns out that you need the following extra steps now, So here are the complete instructions
1- Start as you would by disabling tamper protection, you can do that by going to “Windows security”, then Virus and threat protection, then click on the “Manage settings” button, and finally disable tamper protection
2- Create a file with the .REG extension containing the following and execute it !
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] "Start"=dword:00000004
Now execute the above, if it does not work because “binary values can only be edited manually”, then you will need to visit the locations above in regedit (Run as administrator) and switch the values of both to (4) which means disabled
Now before proceeding to the following procedure (The same OLD procedure), You will need to restart your computer for the settings above to take effect
A message still appears urging me to enable it, Click the three dots at the top of that message and disable this notification so that you won’t accidentally re-enable antivirus by clicking the message
VNC and RDP are great and all, and for so many purposes, they are the goto solution for remoting into a machine.
Now, another solution which is great (And much better if you have the bandwidth) is to broadcast your screen video and do all the work on the server rather than the client
The solution used to be nvidia’s game stream, which was abandoned by nvidia, the new solution based on nvidia would be the sunshine (Server) and moonlight client
The sunshine+moonlight duo work on almost every platform I need, Windows, Mac, Android, iOS, Even LG TVs running web OS… in short, it is a more universal solution. You can even create a virtual non existent monitor under linux and stream that to a different device !
So, let us start with the server (Sunshine)
Installing sunshine on debian is very easy as a .deb installation file is provided, sunshine is not yet in the debian repositories, but if i understand the license correctly, it can be some time in the future
Now, go to the sunshine website, and download the deb file., in my case, I visit this webpage, and download the sunshine-debian-bookworm-amd64.deb file
Now, from the command prompt, su (to run as root), then cd to the directory where your deb file resides, then “sudo apt install ./sunshine-debian-bookworm-amd64.deb”, We should now have the server running and waiting to be opened in the web browser, Now, on the command line , type “sunshine”
Point a web browser to https://localhost:47990/, ignore the problem with self signed certificates, and set your username and password
Now, your debian computer is running a sunshine server, go to any other machine where you want to install the client (moonlight) from here , and connect to your server by its IP address.
You are done !
Whenever i get the following message
mount /dev/sdd1 /hds/sgt2tb The disk contains an unclean file system (0, 0). Metadata kept in Windows cache, refused to mount. Falling back to read-only mount because the NTFS partition is in an unsafe state. Please resume and shutdown Windows fully (no hibernation or fast restarting.) Could not mount read-write, trying read-only
The command
ntfsfix /dev/sdd1
resolves the issue, and produces the following message
Mounting volume... The disk contains an unclean file system (0, 0). Metadata kept in Windows cache, refused to mount. FAILED Attempting to correct errors... Processing $MFT and $MFTMirr... Reading $MFT... OK Reading $MFTMirr... OK Comparing $MFTMirr to $MFT... OK Processing of $MFT and $MFTMirr completed successfully. Setting required flags on partition... OK Going to empty the journal ($LogFile)... OK Checking the alternate boot sector... OK NTFS volume version is 3.1. NTFS partition /dev/sdd1 was processed successfully
The same mount command you see here will now work flawlessly
mount /dev/sdd1 /hds/sgt2tb
I am still unsure what process from the mentioned above is responsible, as this oftentimes pops up on drives that were never system drives, so there is no hibernation file problem
You can do this in many ways, the most popular of which is SAMBA, but this is not the software we are using, here we are using SSHFS
The software this post is about is SSHFS, if you are reading this, you probably know what SSH is (Secure shell), and FS stands for File System
Ironically, you will only need to have SFTP and not SSH with shell access, so here is the first surprise, Now, to continue with this tutorial, you might want to visit the page I have posted here to create that user and give him/her access to the directory to be mounted, don’t worry, there is a link back here at the bottom of that page !
So, now that you have created that user account on the remote system, let’s get down to business
You will need 2 peices of software, or 3 if you would like to use private/public key authentication
For the following software, look on their websites for the latest installers for your version of Windows (Usually you are looking for the msi of the 64bit version of windows)
1- WinFsp, short for Windows File System Proxy, What this basically does is enabled the developer of SSHFS-Win to make it look like a windows drive, not some separate SFTP application where you have to move the files manually, when you present it as a drive, you can modify files directly on it, which is the main advantage, and it will do the work in the background, it is a driver that presents itself on/to windows as a disk, while cheating the disk contents from another application, the github page for it is at https://github.com/winfsp/winfsp, or to save you time, Just go directly to the download page here https://github.com/winfsp/winfsp/releases/tag/v1.11 , When presented with optional components, if you are not a developer, you will only ever need the Core package, which is the installer’s default
Once WinFsp is installed, we are done with the part that allows us to display file systems that are not really filesystems, the next step is to have something feed that with data from an actual filesystem somewhere else ! via SFTP, and that software would be
2- SSHFS-Win, which is the system that sits in the middle, between the SFTP server, and WinFsp which is an illusion of a hard drive on your windows machine ! it’s home on github is at https://github.com/winfsp/sshfs-win, To get the latest from this one, go here https://github.com/winfsp/sshfs-win/releases and look for the one that says latest (Not pre-release), download and install it
There is no software to install on the remote side, as most Linux systems already have the functionality ! and you have already setup a user in the previous post that I pointed you to a minute ago, So let us mount !
Now, you can (But don’t do it just yet) open file explorer in Windows, right click “This PC”, and click on Map Network Drive, A dialogue appears, enter your connection string, which should be something like
\\sshfs\username@serverhostname\
You should then be prompted with a password dialogue box, you enter the SFTP password, and you should now be all set, but why are we not doing this right now ? we are not doing this because when you create files in that drive, they will remotely have rwx permissions for owner, and no permissions for group or others, wo work around this, you need to pass the following arguments to the mount
webdev@10.10.20.41:/ create_file_umask=0000,create_dir_umask=0000,umask=0000,idmap=user,StrictHostKeyChecking=no
which is only available via command line and does not survive reboots, a better alternative is to use sshfs-win-manager, which seamlessly mounts those remote file systems using SFTP , the long and short of it is that it just works
Another program that has a different set of permission issues (I can write files, but can’t write to them again even though i own the files on the remote system and the permissions should allow) is SiriKali (https://github.com/mhogomchungu/sirikali), you should be able to find the line to download for your platform here (https://mhogomchungu.github.io/sirikali/)
SiriKali also allows you to use other types of authentication which are beyond the scope of this post
So in SiriKali, you need to fill the above information, luckily that information is loaded by default.
Remember to select the checkboxes you need,
One problem i face when developing using Hyper-v is that I need static addresses, and the default switch keeps changing the ip range
The simplest solution to this is to create a new switch of type internal ! this only connects the virtual machines to each other (Static IP etc…), and can not access the internet
Right after creating an INTERNAL switch in the switch manager, you go to “Manage network adapter settings” on the host computer, and assign an IP such as 10.10.20.1 to the adapter and a subnet of 255.255.255.0, no gateway, and nothing but those IPs.
Once that is done, you add a second adapter to all the virtual machines, and in the /etc/network/interfaces file, you leave eth0 the way it was (For internet) and add a metric 10 under the last line for eth0, then add the following stanza for the new adapter (Assuming eth1), eth 1 has a higher cost in it’s metric, so unless the remote is on the eth1 subnet, it will go through the eth0
auto eth1 iface eth1 inet static address 10.10.20.41/24 metric 100
And you are done, those virtual machines can address each other with their 10.10.20.x addresses, and access the outside world via the other network interface.
To install Hyper-v, you typically open the add features menu in windows and add Hyper-v, this works in Windows Pro, but does not work in windows Home
In Windows Home, it is a very simple process
Create a file and name it (hv.bat), mind you, this is the whole name, where bet is the new file extension, make sure you don’t have an hv.bat.txt undreneath (Make sure windows is showing you the extensions)
Now, All you need to do is put the following text in the batch file (hv.bat), then Run it as administrator
pushd "%~dp0"
dir /b %SystemRoot%\servicing\Packages\*Hyper-V*.mum >hv.txt
for /f %%i in ('findstr /i . hv.txt 2^>nul') do dism /online /norestart /add-package:"%SystemRoot%\servicing\Packages\%%i"
del hv.txt
Dism /online /enable-feature /featurename:Microsoft-Hyper-V -All /LimitAccess /ALL
pause
Once done, the command prompt will ask you whether you would like to restart your computer to apply changes, I would suggest you respond with N (For no) and take your time closing all your applications etc… then restart manually
Right after the restart, hit the windows key on your computer, and type hyper-v, the application should appear and you can run it, it works just like it does on the pro version
Happy computing 😉
I am not that great with windows, a look at all the posts on this blog will tell you that, Now with that said, I need to lock my laptop (Windows !) after a few minutes of inactivity.
Windows 11 HOME shipped without this tool, as it came in the pro and the enterprise. to figure out if you have the tool, Hit start and start typing secpol.msc, if all you see is a suggestion to do a web search instead of an Application, you do not have it, the next step will explain how to install it, If it is indeed there, you can skip step 2 and go to step 3 right away
You only need to do this if in the step above it turned out that Group Policy is not installed on your system.
To Install/Enable Local Security Policy (secpol.msc), you will need to install Group Policy, to get that directly from Microsoft, you can run the following script as administrator (Download link also provided gpedit-enabler.bat), this is courtesy of Major Geeks
@echo off
@echo "This batch file from MajorGeeks.Com will enable Group Policy Editor (Gpedit.msc) on Windows 10 Home."
@echo "If this method fails, there are other methods to try at https://tinyurl.com/majorgeeksgpedit"
pushd "%~dp0"
dir /b %SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~3*.mum >List.txt
dir /b %SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~3*.mum >>List.txt
for /f %%i in ('findstr /i . List.txt 2^>nul') do dism /online /norestart /add-package:"%SystemRoot%\servicing\Packages\%%i"
pause
To do that, you run secpol.msc, then look for Local Policies > Security Options “Interactive Logon: Machine inactivity limit” and set that to 1200 (20 minutes), then restart the computer
and there you have it, the windows login screen will appear after 20 minutes of inactivity, you don’t need to set a screensaver or even connect this to your screen timeout (which is 10 minutes in my case)
Running the above batch file as administrator should result in the following being printed.
"This batch file from MajorGeeks.Com will enable Group Policy Editor (Gpedit.msc) on Windows 10 Home." "If this method fails, there are other methods to try at https://tinyurl.com/majorgeeksgpedit" Deployment Image Servicing and Management tool Version: 10.0.22621.1 Image Version: 10.0.22621.608 Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~ar-SA~10.0.22621.1 [==========================100.0%==========================] The operation completed successfully. Deployment Image Servicing and Management tool Version: 10.0.22621.1 Image Version: 10.0.22621.608 Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~en-US~10.0.22621.1 [==========================100.0%==========================] The operation completed successfully. Deployment Image Servicing and Management tool Version: 10.0.22621.1 Image Version: 10.0.22621.608 Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~10.0.22621.521 [==========================100.0%==========================] The operation completed successfully. Deployment Image Servicing and Management tool Version: 10.0.22621.1 Image Version: 10.0.22621.608 Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~10.0.22621.608 [==========================100.0%==========================] The operation completed successfully. Deployment Image Servicing and Management tool Version: 10.0.22621.1 Image Version: 10.0.22621.608 Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~ar-SA~10.0.22621.1 [==========================100.0%==========================] The operation completed successfully. Deployment Image Servicing and Management tool Version: 10.0.22621.1 Image Version: 10.0.22621.608 Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~ar-SA~10.0.22621.608 [==========================100.0%==========================] The operation completed successfully. Deployment Image Servicing and Management tool Version: 10.0.22621.1 Image Version: 10.0.22621.608 Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~en-US~10.0.22621.457 [==========================100.0%==========================] The operation completed successfully. Deployment Image Servicing and Management tool Version: 10.0.22621.1 Image Version: 10.0.22621.608 Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~en-US~10.0.22621.608 [==========================100.0%==========================] The operation completed successfully. Deployment Image Servicing and Management tool Version: 10.0.22621.1 Image Version: 10.0.22621.608 Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~10.0.22621.457 [==========================100.0%==========================] The operation completed successfully. Deployment Image Servicing and Management tool Version: 10.0.22621.1 Image Version: 10.0.22621.608 Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~10.0.22621.608 [==========================100.0%==========================] The operation completed successfully. Press any key to continue . . .
In addition to the above, A file should be produced in the same folder as the batch file named List.txt, in my case, the file had the following contents
Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~ar-SA~10.0.22621.1.mum Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~en-US~10.0.22621.1.mum Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~10.0.22621.521.mum Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~10.0.22621.608.mum Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~ar-SA~10.0.22621.1.mum Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~ar-SA~10.0.22621.608.mum Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~en-US~10.0.22621.457.mum Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~en-US~10.0.22621.608.mum Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~10.0.22621.457.mum Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~10.0.22621.608.mum
SSDs are the best thing that happened to computer boot time (and many other things) since the invention of the abacus
But for some reason, booting up is faster than shutting down, much faster, Shut downs are taking a long time (Or reboots)
So let me see what i can do about this
1- Windows ClearPageFileAtShutdown is something that happens before shut down, and is my first guess to why this is happening
So let us set the following key to zero (0) and see if this speeds up shutdown time.
HKEY_LOCAL_MACHINE\CurrentControlSet\Control\SessionManager\Memory Management then ClearPageFileAtShutdown set to (0)
This session should shut down slowly, the next time you boot, shutdown will be much faster.
The other thing that i am thinking is relevant is changing the location of the indexing service index files to my spinning disk, this is because the spinning disk has thousands of files, and i would like to keep my SSD fast for certain other applications.