Event Viewer – Error – “MMC cannot open the file C:\Windows\system32\eventvwr.msc”

Background

On one of our MS Windows Systems, I  have been Unable to use Event Viewer.

Error

Error Image

MMCCannotOpenTheFile.PNG

Error Text

MMC cannot open the file C:\Windows\system32\eventvwr.msc.

Remediation

Outline

  1. Launch Microsoft Management Console ( MMC.exe) shell
    • mmc.exe
  2. In new empty shell
    • Add Event Viewer SnapIn
      • From the “Available snap-ins”
        • Select “Event Viewer”
      • Click Add Button
      • SnapIn should appear under “Selected Snapins”
    • Save Console
      • Save Console under a new name
  3. Launch new MMC Console
  4. Once happy
    • Once happy, return to MMC and overwrite original Event Viewer

Image

New Empty Shell

Console.MMC.01.PNG

Select Computer

Console.MMC.03.SelectComputer.20190425.0153PM.PNG

Add or Remove Snap-ins

Console.MMC.02.AddAndRemove.20190425.0152PM.PNG

Save SnapIn

Save SnapIn – Save As – 01

OSDesktop.Windows.System32.saveAs.20190425.0256PM

Save SnapIn – Save As – 02

OSDesktop.Windows.System32.saveAs.20190425.0258PM.PNG

Pathping / Day 01

Background

Wanted to talk very little about using pathping to get an idea of the route between one and a destination host.

Syntax

The syntax is generic enough.

Enter pathping and the destination’s hostname or IP Address.

Sample


 pathping Haaretz.com

Output

Tracing Route

pathping.haaretz.01.20190310.0756PM

Computing Statistics

pathping.haaretz.02.20190310.0800PM_x

Interpretation

 

There are two sections to pathping’s output.

The sections are “Tracing Route” and “Computing Statistics“.

 

Tracing Route

Each router that is responsible for forwarding the network packet is listed.

Computing Statistics

Allotted Time

Depending on how many routers are encountered time is allotted for processing.

Each router is pinged one hundred times every 0.25 seconds.

That is, 25 seconds is allotted for each router.

Columns

  1. Hop
    • Increasing number for each router
  2. RTT
    • RTT means Round Trip Time
    • The is how long it took to receive response back from that router
  3. Source to Here / Loss / Sent Percentage ( % )
    • Percentile of packets lost
    • If 100 packets were sent, but only 20 acknowledgement was received
    • This number will be ( 100-20) / 100 or 80%
  4. This Node Link / Loss / Sent Percentage ( % )
    • Packet loss information specific to this router
  5. Address
    • Router’s Address

Summary

  1. If you see 100% packet loss, but entries beyond that point
    • That specific router is likely dropping ICMP traffic

 

Win OS – Error – “An unhandled win32 exception occurred in spoolsv.exe”

Background

Have a few MS Windows 2003 computers running in our LAB.

Error

When I do bother to use them there is an arresting error that I have been receiving.

Error – “An unhandled win32 exception occurred in spoolsv.exe”

Image

spool.20190210.png

Textual


An unhandled win32 exception occurred in spoolsv.exe

Trouble Shooting

Control Panel

Printers and Faxes

Outline

  1. Accessed Control Panel
    • Reviewed Printers and Faxes

Images

controlPanel.printersAndFaxes.20190210.png

Event Viewer

Event Viewer \ System

Outline

  1. Launched Event Viewer
    • Review System Events
      • Event ID :- 7031
        • Event #1
          • Source :- Service Control Manager
          • Event ID :- 7031
          • The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Images

eventViewer.system.20190210.png

 

Remediation

We have an HP LaserJet computer that we have not used in a while.  It is currently turned off.

Outline

  1. Computer
    • Remove HP LaserJet Software installed on computer
    • MS Windows Registry Cleanup

 

Tasks

Remove HP LaserJet Software installed on computer

Removed any installed HP LaserJet software.

MS Windows Registry Cleanup

Outline

Cleanup MS Windows Registry using regedit :-

  1. Start regedit
  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers
  3. Export Registry sub-key out to a file for safe keeping
  4. Under this key, there will be the keys Version-2 and Version-3
    • The sub-keys under these contain the printer driver configuration information
    • One or the other of these may be absent – not a problem
  5. Maintain each Sub-key
  6. But, search each sub-key for drivers no longer present on the computer
    • On each found sub-key, remove found sub-key
    • In our case
      • HP Laser Jet 2100
      • HP Laser Jet 2100 PCL6

Images

Image – Before

registry.noor.20190210.0159PM.png

Image – After

registry.noor.20190210.0308PM.png

Crediting

Crediting Mr. Shafique Cheena ( Profile )

Shafique Cheena

Event ID 7031 Print Spooler terminated unexpectedly

Link

credit.shafique.20190210

Win OS :- Remove Temporary Internet Files

Background

Wanted to remove left behind temporary Internet files.

Folder Stats

C:\Users

WinDirStat

Images

Image – WinDirStat

winDirStat.20181218.0249PM.PNG

Explanation
  1. 16 GB

Windows Explorer

Images

Image – Windows Explorer

folderExplorer.TemporaryInternetFiles.20181218.0228PM.PNG

Explanation
  1. 15.9 GB

Script

Script- Dos/Batch

@echo off

rem *************************************************************************************************

    rem https://community.f-secure.com/t5/Common-topics/Cleaning-temporary-Internet/ta-p/18280

    rem In Windows XP, the folder is located here:

        rem C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5
        rem Note: If you only have one user account on Windows XP, use Administrator as the username.

    rem In Windows Vista and 7, the folder is located here:

        rem C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
        rem C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5

    rem In Windows 8 and 8.1, the folder is located here:
        rem C:\Users\\AppData\Local\Microsoft\Windows\INetCache

    rem *************************************************************************************************

setlocal enabledelayedexpansion

IF "%OS%"=="" GOTO WIN9X

REM Clear Local Variables
rem set "_folderSuffix="
rem set "_folderLowSuffix="

set _folderSuffix=
set _folderLowSuffix=

if exist "%SystemDrive%\Users\%username%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5"  (

	set "_folderSuffix=AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5"
	set "_folderLowSuffix=AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5"

)

if exist "%SystemDrive%\Users\%username%\AppData\Local\Microsoft\Windows\INetCache"  (

	set "_folderSuffix=AppData\Local\Microsoft\Windows\INetCache"

)

set "_users=%SystemDrive%\Users"

FOR /D %%F in ("%_users%\*") do (

     set _folder=%%F

     set "_folderContent=%%F\%_folderSuffix%"    

	 if not "%_folderLowSuffix%"=="" (
		set "_folderLowContent=%%F\%_folderLowSuffix%"

		)

     echo Folder Base is !_folder!

     echo Folder Content Regular is !_folderContent!

     dir "!_folderContent!"\* /s 2>nul | find /v /c "::"

     if exist "!%_folderLowContent%" (

		echo Folder Content Low is !_folderLowContent!

		dir "!_folderLowContent!"\* /s 2>nul | find /v /c "::"

	)		

     echo *******************************************************************

     rem dir
     if "%1"=="dir" dir "!_folderContent!"\* /s /Q 2>nul 

     if exist "%%F\%_folderLowSuffix%" (

		if "%1"=="dir" dir "!_folderLowContent!"\* /s /Q 2>nul      

	 )		

     rem del
     if "%1"=="del" del "!_folderContent!"\* /s /Q 2>nul 

     if exist "%%F\%_folderLowSuffix%" (

		if "%1"=="del" del "!_folderLowContent!"\* /s /Q 2>nul      

	)	

)

:GOTO END

:WIN9X

REM - WIN9X systems are currently not supported.

:END

endlocal

Source Code Control

GitHub

DanielAdeniji/winOSInternetTempfilesCleanup
Link

 

MS Windows – List Groups a user belongs to

Background

Let us use built-in tools to review our Active Directory group memberships.

Outline

  1. whoami
    • whoami /groups
  2. dsquery
    • dsquery | dsget

Machine

whoami

whoami – List Local Groups

Script

whoami /groups /fo csv | find /V "%USERDOMAIN%\" | more

Output

whoami – List Domain Groups

Script

whoami /groups /fo csv | find "%USERDOMAIN%\" | more

 

Domain

dsquery

dsquery | dsget

Script

dsquery user -samid %username% | dsget user -memberof

Output

dsquery_dsget_20170929_0400pm.png

References

  1. whoami
    • Command Line Reference
      Link
    • John Savill
      • How can I determine which groups I’m a member of for my current logon session?
        Link
  2. dsquery // dsget
    • ss64.com
      • DSQuery user (installable option either via RSAT /AD DS or adminpack.msi)
        Link
      • StackExchange
        • superuser.com
          • Using the “net user” command in Windows XP to list all group memberships for a specific Active Directory user
            Link

Keep your laptop running when LID is Closed

Background

There is really not much need to keep a laptop’s lid opened when connected to an external monitor.

OS

Linux

Outline

  1. Launch terminal
  2. sudo to root
  3. edit /etc/systemd/logind.conf
    • Change folder to /etc/systemd
    • Backup current logind.conf
    • Launch editor ( vi) and pass along file name ( logind.conf )
    • Keep current HandleLidSwitch=suspend commented out
    • Add HandleLidSwitch=lock
    • Save Changes
    • Exit Editor
  4. Restart Services
    • Restart systemd-logind.service
      • Command :- systemctl restart systemd-logind.service

 

Images

logind.conf
logind.conf – Original

logind.conf.20181108.0740PM.PNG

logind.conf – Revised

logind.conf.20181108.0746PM.PNG

 

Windows

Outline

  1. Access Control Panel \ Power Options\ System Settings
    • Select “Choose what the Power Buttons do”
    • The “Control Panel\All Control Panel Items\Power Options\System Settings” window appears
      • Access the “Power and sleep buttons and lid settings” group box
      • Focus on “when I close the lid” area
        • There are two options
        • The first been “On Battery” and the other “When plugged in”

Images

Control Panel \ All Control Panel Items \ Power Options \ System Settings

Original

systemSettings.closeLid.20181108.0756PM.PNG

Revised

systemSettings.closeLid.20181108.0758PM.PNG

 

Validation

The steps above were validated on the OSes listed below:

  1. Linux
    • Cent OS
  2. MS Windows
    • Version 10

References

  1. Redhat
    • Products & Services > Product Documentation > Red Hat Enterprise Linux > 7 > Desktop Migration and Administration Guide
      • 13.10. Preventing the Computer from Suspending when Closing the Lid
        Link

grep & findstr

Background

Depending on your OS, grep on Linux and findstr on Windows might be one of your better friends.

Wish

Let us digest DB/2 Buffer Pool utilization on Linux and MS Windows.

OS

Linux

Syntax


db2 GET SNAPSHOT FOR BUFFERPOOLS ON [database] | grep 'pattern-1\|pattern-2'

Sample


db2 GET SNAPSHOT FOR BUFFERPOOLS ON WideWrld | grep 'Bufferpool name\|Current size'

Output

metadata.currentSize.20181106.0315PM.PNG

MS Windows

Syntax


db2 GET SNAPSHOT FOR BUFFERPOOLS ON [database] | findstr /C 'pattern-1' /C 'pattern-2'

Sample


db2 GET SNAPSHOT for bufferpools on WIDEWRLD | findstr /C:"Bufferpool name" /C:"Current size"<span id="mce_SELREST_start" style="overflow:hidden;line-height:0;">&#65279;</span>

Output

metadata.currentSize.WIDEWRLD.20181106.0349PM