Back to it

So, don’t you just love it when you fix one issue and a new one appears...just lovely. After fixing the pen lag, I noticed that Photoshop would no longer support pressure sensitivity. 

The main point of having a Wacom tablet and pen is using pressure sensitivity...When checking the settings, I noticed that there is a small triangle with an exclamation mark on it. When hovering on it, I got a message saying something similar to Photoshop can’t find a pressure sensitive pen...

I noticed that I re-check ‘Use Windows Ink’ on the Wacom settings application, pressure sensitivity is restore...and so is the dreaded lag...

I couldn’t find a solution until I stumbled upon a thread on the Adober forums: https://forums.adobe.com/thread/1152988?start=40&tstart=0

Vladimir M. came up with a solution:

1. Uncheck ‘Use Windows Ink’ in the driver.

2. Create a file that contains instructions to revert to the WinTab functionality.

How to create the file and where to put it:

a. Create a text file in a text editor such as Notepad.

Type in the following lines:

# Use WinTab

UseSystemStylus 0

b. Save the file as a plain text file named PSUserConfig.txt .

c. put (copy) the file into the Photoshop settings folder: C:\Users\[User Name]\AppData\Roaming\Adobe\Adobe Photoshop CC 2015\Adobe Photoshop CC 2015 Settings\

Tada!!!!

I started using a Wacom tablet for Photoshop work. It wasn’t an easy transition, and it took me a while to customize it to my needs. In the last couple of days I started feeling comfortable with it...

As usual, nothing can be perfect: I noticed that there is a very slight delay when using the pen (It was extremely annoying when using Liquify). 

The web has the answer- after a hefty search, I found that on the Wacom Tablet Properties>Mapping, you need to uncheck the Use Windows Ink option...

I encountered something extremely curious. I was trying to delete a folder, yet the OS (Win10) reacted with a very odd error message:

At first, I thought that the folder (or one of the folders in the structure) must be read-only. This happens once in a while, and since we mostly no longer use these attributes they tend to be overlooked.

After checking the attribute, I found that this wasn’t the case. At this stage I tried the security tab- I received an error message saying that it can’t be displayed.

Trying ‘cacls’ rendered the error message: ‘The system cannot find the file specified.’.

Another worry was that the file system has been corrupted. After running ‘chkdsk’ I found no issues either. 

My only suspicion was the fact that the directory name started with a ‘+’. In general, I don’t see an issue with this, yet at this stage I was grasping for straws.

Trying to rename the directory didn’t help either...

Going back to the old days of DOS, filenames used to represented by a 8.3 format. filename.ext

Long file names (such as mine) had a representation in the short file name structure. You could see the short names by running the following command:

‘dir /x’

After running that, I have obtained the short name of the directory, and tried to delete it by using the ‘RMDIR’ command.

If you upgrade your system to Windows 10 (free upgrade, might I say), you are still able to roll it back to your previous setup (7/8/8.1). An important note about this: the rollback is available for 30 days only.

There are some options to circumvent this limit, but personally i think that if you passed the 30 day mark, you will be staying with Windows 10.

Another important thing about this rollback options is that it will save the old Windows directory on your C drive. Now since a large number of modern PCs use smaller SSDs as their C drive, these directories might take up expensive space.

If you are sure that you will not rollback to your previous OS, you can run the ‘Disk Cleanup’ app. Choose drive C and then click on ‘Clean up system files’.

You should see something similar to this:

One major change I noticed in Windows 10 is that when you open Windows Explorer it starts with Quick Access.

The Quick Access is a reincarnation of the old Favorites, which I never really used...Oddly though, I have grown quite fond of the new feature. 

The Quick Access area is made up of two main sections:

1. Frequent folders - This area is divided in two. Permanently pinned folders and frequently used folders.

2. Recent files - well, recently used files. 

Now you can customize these new features in several ways:

1. This PC - If you don’t like the Quick Access as a default, you can change it back to This PC. This can be done by accessing the Options (View>Options) for Windows Explorer. Then, change the ‘Open File Explorer’ drop down.

2. Remove Recently/Frequently used items from Quick Access. This is in the same place, under Privacy.

Once in a while, I need to share a path (via IM or e-mail). Usually, I just go to the address bar of Explorer and I click it. This will allow me to copy the path to the directory that I am viewing.

Yesterday, I wanted to share a direct path to a specific file. I was really surprised that there is no real way of doing that...(shortcuts just don’t seem the right way in this case)

After a quick search, I have found a Codeplex projects that resolves this exact issues. It also has a few additional advanced features, that I recommend you explore.

After installing the project, it extends the context menu in Explorer by adding a menu/entry called: “Path Copy”. Under it, you will find the option to copy the path for a file/directory.

https://pathcopycopy.codeplex.com/

So we are always distracted...whatever we do we are distracted. E-mail, phones, instant messaging, pop-ups...we are distracted! These days, trying to concentrate on a task requires real effort. Since i am getting old, I actually remember the days when I was really excited about applications alerting me about new e-mails...that used to be fun.

In our day and age, considering the quantities of -email we receive, I found that actually turning off those alerts help me. At first, I was skeptical, but I tried it. I turned off the Desktop alert feature on Outlook...and left it off.

After an year (more or less), I replaced my laptop. Due to the reinstall and the default setting, the alerts came back- and now they really annoy me!

So if you think that e-mails can wait (if it’s urgent, they can call), try turning the Desktop alert feature off:

DNS is the little black book of the Internet (and our networks). Calling little is somewhat of a understatement, as currently the Domain Name System provides name resolution for the Internet (and the Internet is definitely not little). 

As such, if you ever left your phone unlocked (and you have devious enough friends) I’m sure you have experienced the fun of sending a message to your girl/boyfrined just to find out that it was routed to your mom/dad.

[That was an extreme oversimplification of what happens when someone messes with records on a DNS server].

DNS servers, resolve names to IP addresses (similar to how a contact list resolves a name to a phone number). 

To improve the functionality of DNS in general, DNS uses a hierarchical and distributed structure.  When you access your web browser, and you type an adderss (e.g. www.gmail.com), you OS will contact it’s configured server and ask for an IP address (yes, there are a few steps I left out for brevity....if you are looking for an accurate account of how DNS works, look elsewhere please...).

“Your” DNS server doesn’t hold all the names and addresses on the Internet (hierarchical and distributed, remember?), so it will query the relevant servers (starting at the root, going to the relevant top level domain (TLD) server) and eventually getting an answer. 

This answer, is returned to you- and you access your destination. In this case it’s the GMAIL service. The GMAIL website greets you and asks you for your username and password...you provide them. Sadly, you receive a message saying that the servers are under maintenance and that you should reconnect in an hour...Unhappy, you come back in an hour, just to find out that your GMAIL/Facebook/Twitter/etc. account has been hacked.

How did this happen?

Well, someone switched between your girlfriends and your mom’s phone numbers on your contact list...kinda.

To improve the DNS servers ability to reply to queries, it uses a local cache. Meaning that once it has resolved a query for WWW.GMAIL.COM it’s going to cache it (for a while-TTL). This saves a lot of traffic, especially for popular queries (how many people access GMAIL/Facebook/Twitter from your network).

A malicious person (love the word malicious), can poison that cache by:

Sending a query for a site (e.g. www.gmail.com)

Sending replies of it’s own for the query 

Making it worse by adding additional information about other domains and name server responsible for those domains to the fake reply

Essentially, it’s a race. After the original query is created, bombarding the server with replies hoping it will accept one of them and use them...but wait, how can this happen? Is “our” DNS server so stupid that it doesn’t understand that the replies are coming from someone else? [Yes]

Since the process is managed by UDP, with a predictable port (53) and predictable sequence numbers, the answer is yes.

Once the information is committed to the server’s cache, all subsequent answers will have incorrect information.

So how can this be mitigated: randomization. First of all lets randomize the port that the DNS server is using. Windows 2012 R2 uses a pool of 2500 ports that it can choose from.

dnscmd /info /socketpoolsize

dnscmd /config /socketpoolsize <range>

https://technet.microsoft.com/en-us/library/ee649174(v=ws.10).aspx

https://support.microsoft.com/en-us/kb/956188

Another interesting option to consider is DNS Cache Locking. This feature will protect cached entries until their TTL runs out. In other words, from now on instead of ignoring TTL within the cache, TTL has say. In my humble opinion this is a two edged sword, since if your cache is poisoned, correct replies won’t be able to fix the problem.

On the other hand, if you have been compromised by receiving an answer for one site[gmail] (and this answer included additional information about a bank, which is the real vector of attack), this is useful. 

Default setting is 100%.

dnscmd /Config /CacheLockingPercent <percent>

Additional and extremely interesting reading on the topic:

http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html

https://engineering.purdue.edu/kak/compsec/NewLectures/Lecture17.pdf

PowerShell is an extremely useful tool when managing servers. It allows simplifying and accelerating administrative processes. One of it’s strength is to present just the data you are looking for.

A great article on how to filter data can be found here.

It’s an odd decision to no longer have it installed by default. In my opinion, it’s one of the most useful tools you have...I mean you have Paint installed by default on a GUI enabled system...so?

[I have a similar struggle with not having the Telnet client installed...]

So you have several options:

Use the Ctrl+PrtScn comb and paste the result

Install the Desktop Experience Feature (under User Interfaces and Infrastructures)

Or use PowerShell to install:

Install-WindowsFeature Desktop-Experience

It’s been a long journey, but it’s finally here...Fine Grained Password Policies, will allow you to set specific password policies based on your needs. You create the policies by creating Password Settings Objects (PSO).

A PSO, can be linked directly to users (not recommended), or to Global Groups. The Password Policy is determined by evaluating all the PSOs that affect a specific user:

Only one PSO applies to a user.

PSOs set on global groups are applied based on precedence (the lower the precedence setting (1) the higher it’s value).

If a PSO is assigned to a user, the group PSOs are ignored.

Join a domain while offline...yes, possible...

So seriously, how many of you remember the write protect option? Even worse, how many of you had a writes protect sticker peel off and get stuck in the floppy drive?

Old age is creeping up...and write protect is back!

Kind of, with Active Directory...since 2008.

So, why shouldn’t an Infrastructure Master be ever placed on a GC?

Well, the reason is not as straightforward as it seems. Furthermore, in some cases it’s actually OK to place in on a GC. To put it simply the Infrastructure Master, updates references of objects from other domains within it’s own domain (aka phantom objects).

If you have two domains in your forest, the Infrastructure Master for domain A, will update references to objects (e.g. users) from domain B within domain A.

Errrm...yeah, so lets say a Domain Local group from domain A has a member from domain B...The Infra Master will update this reference. How does it do so?

it uses the Global Catalog, that already has a reference of all the objects found in the forest...the problem is that if you place the Infra master on a DC that is also a GC, the infra Master will never notice that the reference to objects from other domains have became stale...because the GC has fresh updates...

There are a couple of exceptions to this rule:

1. All the DCs of the domain are GCs

If you try to demote a DC (Windows 2012 R2), you might notice that the primary DNS suffix of the domain is preserved. I also noticed that this might cause issues when you try to promote it as a DC again...

So, just remove the suffix by choosing to change it’s name, clicking on ‘More’ and removing the suffix.