Category Archives: Tips’N’Tricks

Tooth/Dollar exchange rate

imageIn Russian we have an idiom “Zub dash?” or “Zub dam!”, which means roughly: “will you bet your tooth on this?” and “I’ll bet my tooth on this!”, correspondingly (both ways, it’s not exactly posh). We usually ask the first question, when we want to know if our companion is serious about something. And usually the answer is “sure!”, without even shadow of doubt, so we go away, reassured that we’ve got the deal.

Sometimes, though, nothing happens. I’m not sure, why. It may be because no one thinks I’m going to pull out their tooth for this (they’re right, unfortunately). Or there is some other reason, but it seems like the answer “yes” to the idiom isn’t taken too seriously.

But I found a solution. I just changed the price: instead of tooth I ask for, say, $100. And now they’re thinking before the answer. Which is, if you think it over, rather strange, because a tooth is obviously more precious thing than $100. But then, I will definitely not go for you tooth (see the previous paragraph), as for the $100, there are chances I will.

Or maybe the question isn’t too familiar and wakes our consciousness.

Anyway, that’s the trick I use now a lot and if you have similar problems, you may use it too.

Time’s math

imageIt’s absolutely unavoidable to rest if you want to work.

Ok, I officially admit, that I’m not a hipster. I’m absolutely mainstream. They’ve been talking for years around me about how one should treat themselves better and give them more space and sleep well… Ok, here I am, after many books on anti-procrastination, getting things done, making yourself productive, you name it.

As a result, I understood some things, among them a very stupid one: you don’t have 24 hours a day. No, not even on Friday. And, no, you don’t have another 48 hours at weekends. And the more you act like you don’t know that stupid thing, the less good it does to you. Ok, say, you’re one of those mindless zombies, who sleeps 4-5 hours a day (you sleep less than that? WHAT THE HELL ARE YOU!?). Like I was just several years ago. You still have 19 to 20 hours a day, do you? Of course you do! That’s the math, it cannot lie. Unless… Unless you’re eating, telecommuting, going to bathroom, drinking, just stalking around because you don’t have the slightest idea what you were doing right now (4 hours a day sleep makes wonders) and all other stuff. And you definitely don’t do fun. Just not to be forgotten: meetings. I know, they also are your job, but usually you have some work other than meetings, and when you say “job” you don’t imagine some meeting. Usually it is getting ready for the meeting, or writing a report, or investigating something. So, actually, you don’t have 24, 19 or even 12 hours a day for your job.

I understood that, when I tried to map my own day on work (and, mind you, I worked more than 10 hours a day at the time). Actually, I was trying to find out, how much continuous time I do have throughout a work week. I started with jotting out my lunches. Then I took some time every day for doing my emails (quite a chunk of time, I dare say). And a bit more for the weekly reviews of my productivity system. And for my weekly report. After that I put into the schedule (and removed out of my life!) some regular meetings: with my direct reports and my boss, change advisory boards, and Change Management Post Implementation Reviews. And some more things. And it looks like from 40 hours a week only 19 are available for anything what haven’t been planned yet. Wow.

Now I’m taking my calendar and peek into it looking for non-regular meetings, which arise ad hoc, or are necessary to move some tasks forward. I’m counting how much of them do I have on average week and I remove them from my budget too. What I’m left with is mind-boggling 8 hours a week. Yep. 8 hours.

What should any sensible guy do after such a discovery? Of course work MORE. That solves the problem, doesn’t it? Work more – do more. It’s actually, self-explanatory and self-evident. Well, I don’t know. There are times, when one should work 20 hours a day. I’m a lucky man, last time I did it for some time was last year. I even found out, that during such times you need to take proper care of your body and your mind and thus it wasn’t worthless. So, it is a solution, sometimes. But what if we don’t take it to the extreme, if we just add a couple of hours to our work schedule. It’s just 10, not 20. Like, “I’m not ruining anything everything, I’m just working a bit more”. But then, stop and think about it again:

·         You work 10 hours

·         You sleep 8 hours (lucky us)

·         You commute 2 hours a day (in my city it’s counted as good time)

·         You eat, say, an hour (three meals a day, one at your office’s canteen with a reasonable line)

·         You have to spare at least an hour to your hygiene

·         And after all that you scarcely have ego left to miss your chance to “just look” at your social network. For two hours if you were counting with me. And, even more, if you decide, that this particular “tomorrow” will be ok with just 6 hours of sleep.

How’s that for “I need to fix this plumbing” or “I’d like to draw at least an hour a day”?

As far as I understand from my own experience, some forums and books, it is a common problem: people just don’t leave themselves time to live. My own problem was greatly diminished by what I pictured in the previous lines. I haven’t resolved it completely, but I sleep 7 to 9 hours a day, I do sports 3 to 6 hours a week, I write my blogs more or less regularly, I read (and not only in a bus), I play games, I doodle, I bake sometimes and even do my home chores. I’m not yet into something dramatic, as you see, but it is much more than what I had just a couple years ago. So, it worked for me and why don’t you try it if it is a problem for you too?

If you want to make even more impact on yourself, you may follow Neil Fiore’s approach (he calls ithappy-o-meter счастьемер Unschedule) from the book I read just recently. He says that putting all your day-to-day activities into your schedule is not enough. On contraire: you should start from putting there all you want to get from your life and what’s absolutely necessary to have one (no, it is not you weekly report): sleep, sport, fun, games, meditation, food, leisure and everything else. And only after that start with all your job activities. That’s almost my idea, I explained earlier, but in its ultimate form. Start with that if my idea doesn’t work for you. Live for several weeks with such unscheduled. And then just look back and compare your emotions, your physical state and your level of happiness to the previous levels (it may be necessary to keep a diary for some people to make real comparison). I hope, you’ll like new you better 😉

Crouching manager, hidden engineer

clip_image002Late last year I won Kaspersky Lab’s own “Oscar” for best cinematography. And quite recently I walked away with a “Golden Globe” of sorts (the best bla-bla-bla expert on the company’s intranet portal). I believe this could mean that I have almost succeeded as a manager. Ergo, it is high time I wrote about the trials and tribulations of being one. After four years since I last worked as an engineer, I am in a position to say the following: being a manager is more challenging. And more interesting. But more challenging. Aaaaaand more interesting 😉

Judge for yourself:

1) Clarity of objectives:

a. Back in my engineer days, I could tell the managing director of an entire region that business did not need that new-fangled thing he came up with. That’s how I earned my moniker “Business Does Not Need This”.

b. Now I no longer have any idea what business needs: the old clarity of business vision is gone. Business now seems like something complicated and arcane, and I’ll be damned if I knew what it really needed.

2) What we manage:

a. Equipment (even computer hardware) is a simple and understandable thing most of the time. If something gets broken, it’s the fault some ham-handed Indian halfway across the globe, and the support team will get it fixed. If not, support will tell you it’s your own fault and ask you “not to do it again.”

b. On the other hand, from our enlightened point of view, regular people are not only hard to understand but sometimes are also real nutjobs. How can a mature and mentally competent person having a legal license for software that needs to be installed on one of the directors’ workstations go and download this software from a torrent tracker? Or, for that matter, after one of the cluster nodes crashes because he did something, he goes to “try it out” on the other three.

3) And the relationships? That’s something altogether unthinkable!

a. When I was an engineer, I could simply tell a person that he was an imbecile.
This was an obvious thing to a point where it did not require any supporting arguments and even helped you get your work done: the guy just left and let you get on with your work.

b. When you’re a manager, it may suddenly turn out (texts are in Russian) that the imbecile is not necessarily the person on the remote end of the conversation. What’s more, even if that person is the actual fool, saying this to his face does not necessarily mean that this would help your work move along. Rather the opposite: your work will hit a dead end because now your job is not interacting with a server (which is much easier when you are left alone to whatever you’re doing) but with that particular hypothetical “imbecile”. So when you call him like that to his face, he will lose all interest in you and stop listening, and will instead be mulling on the insult and thinking of a way to get back at you.

4) Selection of toys. This is very similar to the first item on this list, and all sorts of product managers will be able to relate to this.

a. Engineer: “OMG! Check out the features! This coffee maker can also wash your dirty socks!” This is where absolutely anybody who wants to buy a different coffee maker for a third of the price but without the sock washing feature is looked upon like a total idiot.

b. The manager (who was an engineer quite recently and would also like a coffee machine with sock washing functionality) observes all of this with sadness and remembers the requirements of the customer, who clearly said he needed a cheap coffee machine that will not make coffee with an aftertaste of dirty socks, because the customer is allergic to socks.

5) Communication. In our industry, managers traditionally grow out of the best engineers. While this may not be totally right, it is what it is. And what is a good engineer most likely? Right: an introvert (no matter how anti-scientific this may sound).

a. I was the kind of engineer who kept addressing my superior formally for half a year even though everybody else was on a first name basis in the company. I never went to team-building events because “WhatTheHeckAmISupposedToDoThere”. I got to communicate with others a couple times in a year: while speaking at MCP Club or other events. Excellante!

b. Now I’m a manager. As one of my subordinates aptly said: “You’re a manager. For you, shutting up is like cleaning up your desk.” Communication takes up to 80% (and sometimes 100%) of my time now: phone, email, meetings, simply walking down the corridor. As a manager, you learn to communicate so that even your simple “yes” would not sound like “get lost”. You learn to communicate even when there is no topic for communication. You have to master this darned smalltalk. And you keep on communicating in such manner as to be heard. Incidentally, this is important because:

6) It does not matter what you say; what matters is what they hear.

a. An engineer says what’s on his mind and thinks that’s enough. “But I told you that the firmware had to be upgraded. What do you mean it doesn’t read “downtime” for you?”

b. In reality, people lose some of the information even before we start talking to them. In lieu of an explanation, here’s this old meme:


Those who consider this a joke never had to take 40 minutes to write a four-line email.

7) Last but not least: both a good engineer and a good manager read a text all the way through before forming an opinion on it. This article is not about an engineer or manager, but about a good high-earning employee as opposed to a bad low-earning employee who is bad for the team. It’s no simple task being a good professional in whatever you do. Take care 😉

#RuTeched: answering the questions. Does the Dynamic Access Control work over replication?

imageAs I said previously my labs were a success, still I wasn’t able to answer some questions and promised to answer them later. the time has come for the first of them. One of the visitors told me that he had had an experience when some of files’ attributes wouldn’t replicate over DFSR and asked me if there is any problem with DAC in the same situation. I could definitely experiment myself (and I will), but any experiment of mine would just give me an answer: “yes” or “no”. Or “may be” for that matter. It wouldn’t explain why. As I’m not great with the replication, I had to beg for help and, luckily, I knew were to get it: the AskDS blog.

In no time a received the answer. The short one is: “everything will be ok with your files”. The long one I will just cite here:

“Let me clarify some aspects of your question as I answer each part

When enabling Dynamic Access Control on files and folders there are multiple aspects to consider that are stored on the files and folders.

Resource Properties

– Resource Properties are defined in AD and used as a template to stamp additional metadata on a file or folder that can be used during an authorization decision.  That information is stored in an alternate data stream on the file or folder.  This would replicate with the file, the same as the security descriptor

Security Descriptor

The security descriptor replicates with the file or folder.  Therefore, any conditional expression would replicate in the security descriptor.

All of this occurs outside of Dynamic Access Control– it is a result of replicating the file throughout the topology, for example if using DFSR.  Central Access Policy has nothing to do with these results.

Central Access Policy

Central Access Policy is a way to distribute permissions without writing them directly to the DACL of a security descriptor. So, when a Central Access Policy is deployed to a server, the administrator must then link the policy to a folder on the file system.  This linking is accomplish by inserting a special ACE in the auditing portion of the security descriptor informs Windows that the file/folder is protected by a Central Access Policy.  The permissions in the Central Access Policy are then combined with Share and NTFS permissions to create an effective permission.

If the a file/folder is replicated to a server that does not have the Central Access Policy deployed to it then the Central Access Policy is not valid on that server.  The permissions would not apply”.

Thanks, guys. You’re the best Winking smile

FeedDemon + Windows 8: overcoming problems

Will anyone be surprised to hear that I’m trying to move to windows 8 right now? No? Right. At the moment a couple issues make my stay on it uncomfortable or impossible:

  • I still don’t have proper drivers for etoken for the OS.
  • Evernote in the new OS with the new interface (we don’t use term “Metro” anymore) sucks.
  • FeedDemon keeps giving me error messages in huge amount.

And it seems as the latter problem now has a solution. First of all, here is the message:


Untitled picture0

or in text: “Error saving file: The process cannot access the file because it is being used by another process (32)” and then states some file in the Temp folder.

I really don’t understand the connection between those files and the solution (or, rather, I’d name it workaround), but it works:

1. Go to Personalize

2. And change color schema from Automatic (top-left) to any other.

Untitled picture

Voila! No more error messages.

Troubleshooting articles.

imageOnce I have run into some article which was actually a list of references to the Windows IT Pro articles. I don’t even remember where I saw the article (probably it was WinITPro itself), but I all of a sudden remembered, that it was useful for me.

The list was named in my collection as “troubleshooting learning path” and it truly is. below is the list. What you need to access any article stated here is to enter an InstantDoc ID in search on the main page of WinITPro.

Have fun:


Name InstantDoc ID
Administrators’ Intro to Debugging 101818
Conquer Desktop Heap Problems 101701
Disk2vhd: The Windows Troubleshooter’s New Best Friend 102980
Examining Xperf 102054
Find the Binary File for Any WMI Class 102615
Further Adventures in Debugging 102867
Get a Handle on Windows Performance Analysis 101162
Got High-CPU Usage Problems? ProcDump ‘Em! 102479
Reap the Power of MPS_Reports Data 101468
Resolve Memory Leaks Faster 99933
Resolve WMI Problems Quickly with WMIDiag 100845
Say ‘Whoa!’ to Runaway Processes 100212
Simplify Process Troubleshooting with DebugDiag 100577
Troubleshooting the Infamous Event ID 333 Errors 101059
Under the Covers with Xperf 102263

Creating your own troubleshooting pack


Take notice: My new feed address is now Please re-subscribe.

As I wrote in one of my blogs, you not only can tell your user which exactly troubleshooting pack to run, you can also create one of your own. Finally I decided to learn how and to tell you. I was pretty sure it was very hard, creating those. But I was plain wrong: it’s easy. Moreover it’s fun, because for creating it you should collect all the components of a geek’s fun:

1) Use GUI

2) Use scripting

3) Run the automation and see the result!

So, let’s begin.

Unfortunately, you cannot just create a pack with Notepad. Well, probably there is a method, but I believe it is far less convenient than the following. First of all you need to download and install Windows 7 SDK. I, honestly, don’t know which component exactly contains the feature we are going to use, so you can find it out yourself, or just follow me and care not about it. After installation you’ll have a menu entry for Troubleshooting Pack Designer:


You only need to decide what is the problem you’re going to solve with the pack. In my example, I’m going to automatically detect and fix one simple yet annoying defect: my Dell notebook sometimes cannot detect network speed while on a dock-station. Disabling and re-enabling the interface is one of the workarounds, which I don’t erally hate, but which I’d like to automate. (ok, I know that just a two line script would be enough, but then I wouldn’t have had a simple enough scenario to show you Winking smile)So, I launch the designer:


and create a new project:



(take notice of “Privacy URL” field: it is mandatory) Everything else is pretty straightforward from now on. Add a new root cause (you can add several of them). In my case it is “A Network is detected 10Mbps instead of 100”:


and hit “Design Troubleshooter” button. You’ll be presented with several settings. Troubleshooter – whether to run it elevated and interact with a user. In my case I set both to No:


Then configure a resolver and in the same way:


Surely we want our tool to check whether the actions taken had fixed all the problems, therefore we need to configure a verifier:


And finally, create and input scripts for them.


# TroubleshooterScript – This script checks for the presence of a root cause

# Key Cmdlets:

# — update-diagrootcause flags the status of a root cause and can be used to pass parameters

# — get-diaginput invokes an interactions and returns the response

# — write-diagprogress displays a progress string to the user


$RootCauseID = “NetIs10”


# Your detection Logic Here

$speed = (Get-WmiObject -Class Win32_NetworkAdapter | Where-Object { $_.Speed -ne $null -and $_.MACAddress `

-ne $null -and $ -like “*82567lm*”}).speed

if ($speed -ne 100000000)


      $RootCauseDetected = $true


      #Replace “$true” with the result of your detection logic


#The following line notifies Windows Troubleshooting Platform of the status of this root cause

update-diagrootcause -id $RootCauseId -detected $RootCauseDetected

It’s a very primitive script, which just checks if the network interface has speed of 100Mbps. Resolver:

# Resolver Script – This script fixes the root cause. It only runs if the Troubleshooter detects the root cause.

# Key cmdlets:

# — get-diaginput invokes an interactions and returns the response

# — write-diagprogress displays a progress string to the user


# Your logic to fix the root cause here

$network = Get-WMIObject Win32_NetworkAdapter | where {$ -like “*82567lm*”}


Start-Sleep 4


Even more simple script: just re-enables the interface.

Now just compile (some questions about certificate arise, you can use a test self-signed certificate or configure a right one in options) the pack and use it.


Well, at least for me it was some great experience with a good outcome: I now have an instrument to check and fix everything =)

Where’s mah mail, dude?! (meme edition)

One of the recent requests from a user stated that all his mail without even visiting Inbox went right into … Deleted Items folder. No problem – just find the rule which does that and remove or fix it.


Simple as “one, two, three, doesn’t work”. Yep, after I had deleted all the rules the Inbox still lacked the mail.


Now what? Moving mailbox to another location? Probably that would help, probably not, but it is not a solution, actually (neither was the workaround we have found).

Even Google Almighty wasn’t able to find the solution (I found it later, when I new what to look for), so we went to our final resort: Microsoft Premier Support (yep, we didn’t want to breed a new variety of users: those who read their email in deleted items and store business critical documents in the recycled bin). The workaround was quite simple: set AutomateProcessing for the mailbox into AutoUpdate. After doing that:

Get-Mailbox | Set-CalendarProcessing -AutomateProcessing AutoUpdate

everything went back to normal. And you know what? I’m fine with it, even it wasn’t me, who found the solution =)

Network trace without NetMon, wireShark, etc… Part 2

MC91021636214As I told you in the previous episode, there is more than just capturing without installing any software. Much more, actually. There is a .cab file which contains many files: 33 to be accurate (at least in my case). The files contain the heck of information about the computer’s networking configuration as well as logs. Let’s take a look at those files:


1) adapterinfo.txt: contains info about your NICs’ drivers:


How can this be useful? Easily, say, you see the driver for a physical NIC which was issued 5 years ago: why not to upgrade it first? Anyway, this can give you the starting point for troubleshooting.

2) dns.txt: this one contains the output for ipconfig /displaydns command which gives us the content of the DNS client cache


3) envinfo.txt: all you want and even more about the wireless network. Drivers with supported authentication and cipher options, interfaces and their state, hosted networks, WLAN settings, profiles and more and more…


4) filesharing.txt: nbtstat –n, nbtstat –c, net config rdr, net config srv, net share


5) gpresult.txt: no comments

6) neighbors.txt: arp –a, netsh interface ipv6 show neighbors (yeah, calling netsh from netsh… inception… 😉 )

7) netiostate.txt: in my case there were Terede settings


8) osinfo.txt: at first it looks like systeminfo output, but actually it is somewhat different, yet can prove useful.


9) Report.etl: trace log file. I haven’t yet took a look into it. Probably it can be good for a deep troubleshooting

10) wcninfo.txt: wireless computer network information. Services status, files information and again interfaces info, ipconfig, and more…


11) wfpfilters.xml: I haven’t yet undertook a close investigation on the file, but seems like the file contains firewall rules in XML format

12) windowsfirewallconfig.txt: config for the firewall. Is it turned on, global settings and all that stuff

13) several other files, which contain various event logs related to networking, registry keys dumps and other info


14) Report.html: an .html file which contains links to the files above


Well, that’s it. Actually, while troubleshooting some incidents I was forced to request some info several time, just because I didn’t know what exactly I was going to need and I didn’t want to frustrate users with many commands or sending them a .bat file. Now I can give them only two commands and voila! I love it, really. IMHO this ability is just awesome even without taking network traffic capture, so I strongly advise to remember it!

Network trace without NetMon, WireShark, etc…

MC910216362[1]It is often necessary to capture and analyze some network traffic to troubleshoot a problem. Usually, it requires to install some software package similar to several stated in the subject to this article. It’s ok, when the computer in question is, say, your laptop, or its user is at least advanced user, has administrative permissions and it is permitted by a security policy to install some new software. But what if it is not the case? A user is some sales manager who don’t want to spend their time installing anything? Or this is a server, where you cannot change anything?

To cut a long story short, recently I’ve run into a totally awesome blogpost, where among other truly interesting things (the blog is in the top 5 of my most favorite, if not the most interesting, BTW) there was a solution for such a situation.

In short, you don’t have to install, say, Network Monitor onto a Windows7/2008 R2 box to get network capture. It can be done with the built-in tool, that is netsh. You still need

1) to be a local admin on the computer you are tracing

2) NetMon to analyze the package you receive after the capture is complete. But you can do it on any computer you wish.

How does it work? Just excellent 😉

1) Start the trace

netsh trace start capture=yes tracefile=<PathToFile>


2) Then reproduce the problem. I started my chrome (to much open tabs in IE 😉 ) and went to

3) Then stop the trace:

netsh trace stop


Please notice, that the trace created two files: .etl and .cab. The ETL one is where our network trace is placed. The second… It makes the method even more awesome, but I will dedicate the next blog post to it.

4) Open the trace on any computer where you have Network Monitor installed:


Oops… What’s with parsers? If we take a closer look at the interface we’ll see the following:

Process: Windows stub parser: Requires full Common parsers. See the “How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)” help topic for tips on loading these parser sets.

Well, some parsers are definitely not turned on. Let’s do it now, it’s easy (I have NetMon 3.4). Go to tools->options


Look at Parser Profiles tab:


and turn on the Windows profile by right clicking it and selecting Set As Active option:


That’s what we were looking for:


5) Now do all the NetMon stuff, for example I was looking for Chrome activity and, say, I need to look at DNS requests:


Isn’t that great? No, it is simply awesome, because we haven’t yet take a look at .cab file, which contains tons of useful info. But we’ll do it in the next article.