SafeNet ProtectDrive – using the 16-bit boot loader

We’ve started using SafeNet ProtectDrive for encrypting all our XP laptops (and Bitlocker for all the rest that are using Windows 7), and occasionally we’ve found that one or two laptops refuse to get past the 32-bit vxBios boot loader screen. For whatever reason that it happens the temporary way around this is to press the shift key whilst the system powers-on and the 16-bit boot loader will kick in and let you in.

Unfortunately the administration guide for ProtectDrive does not explain how to make the 16-bit boot loader a permanent choice for the few machines that just can’t handle the 32-bit loader. So after contacting support and getting the answer I thought I’d post here how to do it to save someone else waiting the usual 6 hours or so before America wakes up and responds to the support query.

To make the 16-bit boot loader the default option when using ProtectDrive all you have to do is boot the machine up using the temporary method (pressing shift whilst it boots) then after logging in drop to the command line and run setpb /16 from the Tools folder on the original installation media. That changes the mbr to the 16-bit version.
You can also run setpb /32 to switch back to the 32-bit loader too.

Hope that helps someone!

Signing a freeware un-signed app for a Symbian phone

When you install an app on a Nokia phone these days it won’t install unless it’s been signed with a trusted certificate. Problem is you have to pay to get a certificate you can use to allow anyone to install software. That’s why you get a lot of free software for Nokias at the moment that you just can’t install because they haven’t been signed.

So how do we install the software?! The only easy solution is to get a certificate that only works on your phone, and is locked to your phone’s IMEI number. The easiest way to do this is to use a free site in China that will give you the bits you need.

1. Go to
2. Click register at the top right
3. Fill in the details and register
4. Once you’ve registered click the “My Certificate” link at the top and log in
5. Now click the orange “Apply cer” button near the top right
6. Fill in the details, the only bit that matters in this page is your IMEA number (get it using *#06# on your mobile), the rest of the fields are to help you identify your certificate
7. After clicking the button you’ll go to the My Certificate page where you certificates get listed. It’ll show your newly applied for certificate and that it’s in the ‘apply’ stage
8. Now go down the shops or play your favourite computer game and wait a few hours. It took about 3 hours for my first one to get approved. Perhaps they’re running the system on a 486 or maybe it’s a manual approval thing, either way it takes a while. I’ve heard it ‘can’ take 24 hours sometimes. So keep coming back every few hours. The site will time our after a little while so you’ll need to log in again.
9. When your certificate is approved you will be able to click the “Signing” link on the certificate line that’s been approved. You can then upload your .sis file that you want signed and then download a signed version.

Easy! Pity the Symbian Foundation or Nokia couldn’t make it that easy.

How to update your Forefront Client Security deployment share

Microsoft recently created up to date Forefront Client Security installation packages. According to KB976669 these are only available within WSUS. So at least existing installs can get the latest version of the client via WSUS. But what about newly installed clients? Why should we have to install an out of date 2007 version and then do an update just to get the latest client. I want the latest version installed right at the beginning dammit!!!

Well there’s a way of finding the install files if you’re prepared to crawl the WSUS SQL database.

Here are the direct links to the install files with their associated language and architecture.

fcsclientpackage language 2052 x64
fcsclientpackage language 1028 x64
fcsclientpackage language 1033 x64 English
fcsclientpackage language 1040 x64 Italian
fcsclientpackage language 3082 x64
fcsclientpackage language 1041 x64 Japanese
fcsclientpackage language 1031 x64 German
fcsclientpackage language 1042 x64
fcsclientpackage language 1036 x64 French
fcsclientpackage language 1033 x86 English
fcsclientpackage language 2052 x86
fcsclientpackage language 1028 x86
fcsclientpackage language 1041 x86 Japanese
fcsclientpackage language 1040 x86 Italian
fcsclientpackage language 3082 x86
fcsclientpackage language 1031 x86 German
fcsclientpackage language 1042 x86
fcsclientpackage language 1036 x86 French

Basically download the one/s you want and extract to a folder by using /extract
You will then have a folder with the files you should use to overwrite your FCS deployment share.

Of course it’s possible these links might change, in which case you will have to crawl WSUS yourself. The secret is to query the dbo.tbFile table for a value like %fcsclientpackage% in the FileName column. Reasonably easy when you know what to look for 🙂

How to download individual updates when using Vista or Windows 7

If you want to get hold of updates for Windows 7 or Vista when you’re running Vista or Win 7 already, you can get the updates via the updates catalog (catalogue): (the pages require IE of course).

I actually had to run up my virtual xp machine to get hold of that link! I simply couldn’t remember the word “catalog”. Heh.

What inspired this blog entry was that I thought I’d have a go at making a fully up to date disc of Win7 before I put it on my wife’s PC, i.e. mount the wim with imagex, and use dism with the latest updates. Thought that would be fun, but then I couldn’t get hold of the updates of course. Sorted.

Removing Troublesome Crapware

My mum just got a new Dell Studio laptop. The thing completely rocks and blows even my desktop PC out of the water. There’s a small problem, and that is of course that it’s a Dell and it came filled with crapware! So naturally I’ve removed it all. However one of the applications was a real pig….

The culprit was the “Dell DataSafe Local” client. It has two components, a support component and an application component. The support part removed easily, I expect it was just documentation. However when I ran the uninstaller for the application part (elevated of course – this is a Vista x64 machine) the uninstall would begin but after a little while taskmgr shows it’s using 100% of one of the CPU cores (thank god for dual-core!) and the memory usage is rising heading for infinity, a nice little memory leak. Great that’s not going to work.

So I think maybe a reboot and a repair then uninstall again will help. No, can’t do that as the installation source media is not on the original application support DVDs. Most likely it’s buried somewhere inside a hidden .wim file on the support partition – I’m not downloading the WAIK on a brand new laptop just to get to that! OK so now what? Surgically remove it from the registry and unregister all the dll’s? No way, it’s hundreds of MB and I expect it’ll leave crap everywhere and mess up this lovely new laptop in the process.

I’ll stop wasting time…the answer with most problems like this is to use the fantastic sysinternals tools from the godlike Mark Russinovich (he has a great blog by the way). So I grab psexec, drop to an elevated command line and – the naughty bit – I run a cmd.exe as the system user… running the setup from there as system works like a charm and the crapware is dust 🙂
In all likelihood the problem was the usual crap installshield uninstaller and it was probably wrongly changing elevated states so couldn’t gain access to the files it needed to delete.

Anyway, if you have trouble uninstalling something, try removing it as the system user using psexec, it more than often will sort the problem good and proper.

How to remove “Dell DataSafe Local”:
click the start button
cmd.exe (ctrl+shift+alt return) [this runs cmd.exe as an elevated user]
psexec -d -s -i %comspec% [runs cmd.exe as system, interactively, and without waiting for it to close]
– switch to the new cmd window that has opened –
"C:Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe"

Download Orca for Vista

There’s a new version of Orca available (4.5.6001) that is suitable for Vista. You get it by downloading and installing the Windows Installer 4.5 SDK, available here (6.79 MB).

After the SDK is installed it will have delivered the installer for Orca into the program files folder (“%ProgramFiles%\Windows Installer 4.5\SDKTOOLS\orca.msi”). At this point you install it by double-clicking.
I recommend you archive the orca.msi file somewhere for the next time you need it.

Enjoy 🙂

Put Internet Explorer back on the Vista desktop

Microsoft keep being forced into how we are allowed to use Windows. With each new version of Windows and IE they’ve been removing IE from the desktop and making it harder to put it back.
I keep seeing the same thing all the time on users’ computers – they want IE on the desktop, can’t find out how to do it properly, and end up creating a shortcut to it. It does the job but they’ve lost the right-click functionality they had before
By properly of course I mean that like the Outlook icon (which they also took away – which I show how to fix here), you can right click on the Internet Explorer icon and get to your internet options easily.
Here’s how you get it back:-
Copy the following text into notepad, save it as a .reg file somewhere, right-click and import…

For all users on the computer:

Windows Registry Editor Version 5.00

For just the current user:

Windows Registry Editor Version 5.00

After you’ve done that, just refresh the desktop (click on it and press F5) and IE is back.

Get internet radio on a Nokia N-series phone!

I’ve been waiting for this for YEARS! Finally, I can now listen to my favourite radio station wherever I am, purely by plugging into my phone. Nokia have at last released “Nokia Internet Radio” for N-series users. It may be in beta at the time of writing but it sure works well.

Here’s the link to it: (updated 31-08-2009)
The N95 and E-series phones are supported.

There are masses of different stations to choose from and it looks like Nokia are plugging into the same internet radio station directory that the popular mp3 player WinAMP uses.

So far I’m very happy with it, is working like a dream, and with my monthly quota of 2GB of 3G lovliness from T-mobile for only £7.50 a month I can happily listen for over 90 hours! Doubt I’ll use that up any time soon 🙂

Thankfully for those of you who don’t get a good data package from your mobile provider (let alone a good signal all the time – which I don’t) it does support WiFi if your phone has it built-in and will adjust the data-rate upwards accordingly.

So we can now use our bluetooth headphones and wander around the office listening to endless trance and never need to rip a single track. Fantastic!

Find a computer’s model using the command line or in a batch file

Say you’ve got a script and you want to run something in that script that only runs if you’re on a specific type of machine, what can we do to find out what machine we are on?
Some might say “use vbscript and do a wmi call”. Well yes you could do that, but that’s needlessly hard! Use this simple command instead…

wmic csproduct get name

On my machine that returns two lines, one saying Name and another with my machine’s model name: HP Compaq dc7600 Small Form Factor
How cool is that!! Basically here we’re using a WMI command line tool. There’s lots to it, just type: wmic /?

So to use this in a script we’ll need to check for the existence of a particular machine name being returned, we can use the find command a different way and return the number of lines with a specific word in it. If we get 1 or more lines with that word then we’re on the machine we’re looking for.
Here’s an answer:

wmic csproduct get name | find /c /i "7600"

On my machine that returns a 1, so we just need to parse that into a variable and use a simple if statement and we’re there:

@echo off
for /f "delims==" %%a in ('wmic csproduct get name ^| find /c /i "7600"') do set /a machine=%%a
if %machine% geq 1 (
echo Running on a 7600 machine
) else (
echo Not running on a 7600 machine

[script now works, thanks to the comment pointing to the pipe-char issue]

You could modify that to do a goto to jump to another part of your script I guess. Just change the "7600" part for something that uniquely identifies the machine you’re looking for in your environment.

Ths works on XP and Vista. I think it should work in WinPE too as long as you have the WMI add-in installed.

— Updated 2011-10-06 —

And now here’s a better version of my script which will help people who want to use it to batch things a bit more easily!

REM do a wmi query to get the info we want and put it in a variable
FOR /F "tokens=2 delims==" %%A IN ('WMIC csproduct GET Name /VALUE ^| FIND /I "Name="') DO SET machine=%%A
ECHO Computer model: "%machine%"

REM Now we have the model in a variable we can do some logic and run commands, for example...
REM Watch for stray spaces at the end, take out all spaces with: SET machine=%machine: =%
IF /I "%machine%" == "Latitude E6410" (
REM do something specific for an E6410
) ELSE (
REM do something for other types

— Updated 2013-09-21: new version of this article using PowerShell here

How to remove the “Click to Activate” annoyance in IE before April 2008

We all know and hate the click to activate functionality that Microsoft had to add to Internet Explorer, but the good news is that Microsoft are finally allowed to get rid of it. Problem is the lazy buggers won’t get the feature removed until the April 2008 cumulative update for IE.
However there is an interim solution! Yay! And here it is: KB947518

The alternative for Vista users of course is to install SP1, but then Microsoft hasn’t let everyone get that yet have they. Unless you know where to look…

Enjoy 🙂