QuickPost: VMware Player micro-fix

A quick-post in case others search for a solution for this particular issue:

I’ve been running VMware Player 5.0 on my Windows 7 x64 system for a long while now.

This morning when working in all my Modern.IE Tester VM’s (Win7Ent, Win8 & Win8.1) as well as a fully-installed (and licensed) version of XP Home I noticed the following issues:

• No options showing on VMWare Player tool-bar for three-key toggle, etc.
  
• Unity working fine however allowing drag/drop of files between host and client desktops.
• After shutting down the running virtualized OS cleanly (Start--shutdown/power-off), the running vm window just stays black and doesn’t close after any length of time.
• Trying to close or force shutdown with the VMware Player options says it is still running and to wait.
• Checking the running processes showed the sub-process “vmware-unity-helper.exe” still running:
  
• I was able to kill the process tree to close out the window but that seemed very brutal.

I first tried running a “repair” of VMware Player from the “Programs and Features” options but it would not work as it said the core installation files were missing.

I re-downloaded the VMware Player setup file from VMware and then ran it.

I selected the “repair” option and let it do its thing.

Once finished I relaunched the vm’s and all ran fine, my VMware Player toolbar was restored, and after closing the vm out, after a brief pause, the window closed and the running processes terminated normally.

Not sure what caused the issue but all is well again.

VMware Player “repair” is your friend!

--Claus V.

Read More

Network & Network Security Quickpost - Last call NFAT edition

I just couldn’t wrap up the weekend without sharing these links. I’m so going to be nodding off in my training class tomorrow. Must bring Thermos of extra coffee with me! Don’t want to make the teacher unhappy!

So many network tools, tricks, and nuggets came out last week I’m still exciting thinking about how to use them all!

Security Advisory: Two Vulnerabilities in NetworkMiner - NETRESEC Blog - Don’t let the boring post title fool you! Based on this, Erik Hjelmvik has released a new version of NetworkMiner! Now sparkling at version 1.5 (free/pro editions)

NetworkMiner packet analyzer - Download NetworkMiner version 1.5 (free) here.

While I was doing some super-fast (but apparently productive) beta testing for Erik on some Windows 7 and Windows 8/8.1 systems, I noticed I wasn’t getting great results from my test captures made with and being processed in NetworkMiner. My “doh”. Erik kindly reminded me of his post NETRESEC RawCap - A raw socket sniffer for Windows where he pointed out that using Windows raw socket sniffing has some problems. I had forgotten I didn’t yet install Wireshark/WinPcap on these particular test systems. From Erick’s post:

Microsoft's newer operating systems (later than WinXP) have limitations associated with raw socket sniffing of external interfaces, i.e. everything that isn't localhost. Known limitations in Windows Vista and Win7 are:

• Windows 7 - Can't capture incoming packets
• Windows Vista - Can't capture outgoing packets

Due to these limitations in the raw sockets implementations of Microsoft's current operating systems we suggest running RawCap on Windows XP if you need to capture from external interfaces.

Baselining Dropbox With Wireshark (by Tony Fortunato) - LoveMyTool blog video presentation.

Editing Tracefiles With TraceWrangler (by Tony Fortunato) - LoveMyTool blog video presentation. This short video presentation on a new (Alpha release) tool, TraceWranger blew me away. There are methods of sanitizing trace files for sharing/training but they are fraught with challenges for mere mortals. This new tool is amazing and I really hope the developer Jasper Bongertz gets the support needed to encourage his continued refinement and development of this valuable tool for analysts.

• TraceWrangler - (alpha software) - currently at build version 0.1.3. Standalone application. No installation needed. Unzip and go. Written by Jasper Bongertz.
• TraceWrangler Documentation - This is Must Read material if you are interested in using this tool properly
•  Starting TraceWrangler - the basics
• Anonymization Tasks - details for the options
• Trace File Sanitization NG - SEC-04_Trace-File-Sanitization-NG_Jasper-Bongertz (PDF) - Link to his presentation of the tool at Sharkfest 2013.
• Sharkfest 2013 - Trace File Sanitization (Jasper Bongertz) - YouTube. While PDF versions of presentations are nice, on a whim I decided to see if Jasper’s presentation was actually up on YouTube for viewing. It was!
• Trace file sanitization for network analysts - Packet Foo - Jasper’s blog post with additional details on his tool in case you missed the presentation.
• The notorious Wireshark “Out of Memory” problem - Packet Foo. Oh how this has hobbled me over the years! So much so that CLI based captures became my dearest friend!
• Packet Foo RSS - Yeah. It’s that good. Feed yourself on it!

Nmap - Now at version 6.40 - Free Security Scanner For Network Exploration & Security Audits.

• Nmap Change Log
• Download Nmap Security Scanner - for Linux/MAC/UNIX or Windows

Message Analyzer Beta3 Refresh has Been Released (Build 6215) - MessageAnalyzer - Lost in all the news was a quiet announcement of the next generation of Microsoft’s own network traffic analysis tool MessageAnalyzer getting a Beta 3 refresh release. The interface is very different (to me) from Wireshark, but since I used NetMon a ton to supplement my Wireshark work, it is taking some getting used to.

HolisticInfoSec: toolsmith: C3CM Part 1 – Nfsight with Nfdump and Nfsen - HolisticInfoSec blog - Russ McRee’s post rocks on so many levels. Well worth the read and review.

Firefox Developer Tool Features for Firefox 23 - Mozilla Hacks – the Web developer blog. In case you missed it, Firefox 23 was released last week. Included in it (besides the new app icon update) was a new network tool called “Network Monitor.” 

I so love this! “F12” is the new “must know” hotkey in these modern browsers!

If only Mozilla (or Chrome or IE 10) were “approved” web-browsers in our enterprise. This feature alone would so help with network and web-app diagnostics and troubleshooting from the end-user desktops.

What’s that you say? One single element of your cloud-based web-application seems to time out in IE 8, crashing your session? The network is fine, site bandwidth is fine. Your PC is fine. Seems like it could be a server-side application issue. Let me make a ticket for your issue and send it up. (Response often comes back, “There is no problem…must be a client-side issue…check the PC and bandwidth, follow our response template and let us know…”) (Sigh…)

• Network Monitor, now in Firefox Beta - Mozilla Hacks – the Web developer blog - More details on the feature.
• A look at Firefox's new Network Monitor - Ghacks - Martin Brinkmann does an outstanding job introducing it as well.

Turns out Chrome web browser can do this trick as well

• Evaluating network performance - Chrome DevTools — Google Developers
• Performance profiling with the Timeline - Chrome DevTools — Google Developers
• Chrome Dev Tools: Networking and the Console - Nettuts+
• Google Chrome Dev Tools: Network Panel - TechRepublic

Turns out that Internet Explorer (IE9, IE10, IE11) also have a “F12” feature for network analysis in the browser.

• Introduction to F12 Developer Tools (Windows) - IE Dev Center
• Navigating the F12 Developer Tools Interface (Internet Explorer) - IE Dev Center
• Internet Explorer's F12 Developers Tools: A feature walk-through - TechRepublic
• A Peek at Internet Explorer’s Developer Tools - Nettuts+
• Network Traffic Capturing with IE9 Developer Tools - LINQED.NET

And in IE11, it’s about to bring the house down on the competition!

Debugging and Tuning Web Sites and Apps with F12 Developer Tools in IE11- IEBlog. OMG!!! I am so crushing on the new “F12” profiling and responsiveness tool interface in IE 11! Please tell me this is going to be backwards compatible with Win 7. (Why yes, Virginia, it is…)

Anyway, back to more Firefox 23 release news and details.

• Firefox 23 lands with a new logo and mixed content blocking - Ars Technica
• Firefox Notes - Desktop - Mozilla.org
• Firefox 23 enables mixed content blocking, consolidates search settings - BetaNews
• A Look At What's New In Firefox 23 - Addictive Tips blog

Troubleshooting TCP/IP Connectivity Issues with This Command-Line Utility Portqry.exe - Next of Windows. Been using portqry.exe from the command line along with the PortQueryUI GUI fro some time. Dead helpful in a pinch!

PuTTY: a free telnet/ssh client - just released at version beta 0.63 for you console fans! See the extensive Changes page for all the details

• PuTTY Portable 0.63 - PortableApps.com build version as well is available and updated.

KiTTY - let’s not forget about this fork version of PuTTY that has some additional bells-and-whistles!

• News - latest KiTTY news is update 0.62.2.3 minor update in late May 2013.
• Recent changes - tracking site-changes at KiTTY’s house
• KiTTY Portable - why “yes” there is a PortableApps.com build version as well for KiTTY fans.

Finally, at home I run Mozilla Firefox, Portable Edition and Google Chrome Portable rather than installing them directly on my system. However I was trying to use some of NirSoft’s Browser Tools to explore and check my Google Chrome(ium) cache and wasn’t finding anything at all.

Strange.  Bug in the tool?

Turns out the answer was “of course not dummy” it’s the dummy’s bug.

Where is the Google Chrome Portable cache folder? - PortableApps.com. Bruce Pascoe kindly puts it like this:

Chrome Portable, like FFP, doesn't save the cache by default.

Note that unlike Firefox however, there's no way to turn the cache off completely in Chrome, so while it's running the cache is stored in the local temp directory (%TEMP%), but then it's immediately deleted when you exit Chrome.

So anyway, yeah, no surprise that you couldn't find it.

and cleared up a bit by “The MAZZTer”

The cache folder is saved in %TEMP%\GoogleChromePortable.

Where the %TEMP% is the user’s temporary file location under their profile.

This is interesting as it explains why the NirSoft tool ChromeCacheView wasn’t finding anything while pointing to the default user profile location in my Portable Apps application structure that ChromeHistoryView didn’t seem to have any issue with parsing. So even though the files were removed when the program terminated, it most likely did not “secure” delete them, so (depending on overwrite activity of the file system/free-space scrubber utilities) it might be possible to carve and recover them from a system that the portable-apps version of Chrome was used on. And that sounds like a challenge for another day…

Cheers!

--Claus Valca

Read More

Security-minded - QuickPost

And now for a change of pace, these caught my eye this week.

Presented in no known order.

• Everything you wanted to know about SQL injection (but were afraid to ask) - Troy Hunt’s blog
• Kali Linux - Penetration Testing Platform - Kali Linux
• Pass-The-Hash: Protect Your Windows Computers! (Part 1) :: Viruses, trojans and other malware - WindowSecurity.com
• Pass the Hash and Other Credential Theft and Reuse: Preventing Lateral Movement and Privilege Escalation - TechEd North America 2013 | Channel 9
• Techniques malware authors use to evade detection - Help Net Security post.
• ZeroAcces rootkit dominates, adds new persistence techniques - Help Net Security post.

My kind friend the TinyApps bloggist tipped me to these super-juicy fruits.

• Sprites mods - Hard disk hacking - Intro - SpritesMods.com
• Hard drive hack provides root access, even after reinstall | Hacker News
• Researchers demo exploits that bypass Windows 8 Secure Boot | ITworld

Which led to a fun correspondence, from which I then jumped and found this great resource:

• Hard Drive Circuit Board Replacement Guide or How To Swap HDD PCB - Donor Drives

Moving on we also have…

• Quickpost: Rovnix PCAP - Didier Stevens. Didier graciously provided a PCAP file for download and analysis of this clever litter bugger. So you don’t have to risk your system. For more info on the nasty; The evolution of Rovnix: Private TCP/IP stacks - Microsoft Malware Protection Center.

The RSA Blog has some great material here for incident responders:

• Responding When the Attacker has a Foothold - Part 1 - Speaking of Security - The RSA Blog
• Analysis Techniques: Responding When the Attacker has a Foothold – Part II - Speaking of Security - The RSA Blog
• Analysis Techniques: The Attacker Has a Foothold – Part III, Assessing Scope - Speaking of Security - The RSA Blog 

Finally,

• List of keys parsed by RegRipper Plugins /Generated by 3R - RegRipper Ripper v0.2/ - Hexacorn blog - Amazing resource for you RegRipper fans!  Spotted via this 3R update post.
• Making the build even easier - Windows Forensic Environment - The always WinFE restless guru Brett Shavers is teasing us with news of a WinBuilder project to create a standalone “push-button” WinFE build project. Sweet!

Constant Vigilance!

--Claus Valca

Read More

Utility updates and stuff - Quickpost

Updated recently.

• Autoruns v11.70, Bginfo v4.20, Disk2vhd v1.64, Process Explorer v15.40 - Sysinternals Site Discussion
• Download PeStudio 7.35 - updated - Winitor.com
• PhotoRec - Digital Picture and File Recovery - now released at stable version 6.14.
• TestDisk - CGSecurity- now released at stable version 6.14.
• FreeFixer: Free Tool To Remove Potentially Unwanted Software - The Windows Club - Use with caution!
• Spybot promises better performance, smoother installation - Betanews
• Spybot - Search & Destroy from Safer-Networking Ltd.
• EventLogSourcesView - NirSoft - new utility release to view all event log sources install on your system. Interesting.
• dUninstaller | Computer Technician - PC Repair Software |Foolish IT LLC - Neat uninstaller tool for technicians. Not for the common man or woman. Definitely not for children and unattended noobies.

Other uninstallers worth considering (for the common folk)

• MyUninstaller - NirSoft - Alternative uninstaller to the standard Windows Add / Remove module - This is my “go-to” uninstaller, especially for Windows XP systems.
• GeekUninstaller - This one is really growing on my fast, especially for Win7/8 systems. My # 2 favorite, may be my new favorite after a few more dates.
• IObit Uninstaller Portable - PortableApps.com
• Revo Uninstaller Portable - PortableApps.com
• ZSoft Uninstaller Portable - PortableApps.com
• Wise Program Uninstaller Portable - PortableApps.com
• Uninstall Tool - Portablefreeware.com - I used to love, love, love this tool back when I was first getting started in my “technicians” career. A much modernized version (no longer freeware) is now available but if you want v1.6.6 (the last freeware version), you will have to grab it from here.
• Free Uninstaller 1.1 - Freeware replacement for the system applet - Jacek Pazera. Like Uninstall Tool above, I still carry this one on my USB stick but I never use it. Hasn’t been updated for a very long time but hey, it works on all systems from NT to Vista, so if you need an uninstaller tool for your NT/Win2K/Me/98 box, this might be the girl you are looking to dance with!

Cheers.

Claus V.

Read More

Some Notes for a Certain Project

Just some scratch notes for a special project I am working on.

Nothing of interest for most other folks.

Remote Desktop and Automatic Login - Microsoft Visual Studio Forum

try using this
   mstsc /admin /v:ComputerName

or these
   mstsc /console /v:ComputerName

Be sure to “Log Off” rather than click the “X” to leave the session running if you aren’t coming back. Kinda like your mom telling you to shut the door behind you on the way out of the house when you were a kid. Heard it all the time…

Generally it seems you cannot use Microsoft’s Remote Desktop Connection service to establish an interactive remote control session with the logged in/active user’s desktop (session 0 ?)  unless you do it with the appropriate above arguments. However doing so may make a mess of things depending on how you exit…at least this appears to be my current understanding.

• Use command line parameters with Remote Desktop Connection - Microsoft Windows.
• Access Remote Desktop Via Commandline - TechNet Articles - TechNet Wiki
• Mstsc - Microsoft TechNet - Windows Server
• MSTSC - RDP / Terminal Server Connection - SS64.com

Just because you can doesn’t mean you should, and if you don’t log off properly…like I said you can make a mess for others coming behind you. If you find just such a mess, these tips might help clean things up.

• How to Remotely Terminate and Disconnect Remote Desktop (Terminal Services) Connections or Sessions -My Digital Life
• How to logoff remote desktop sessions via command line tools? - ..:::: Anand ::::..
• Kill a remote user session remotely - Kode’s thoughts

In the end, RDC/RDP might be great or it might be messy.

If you are fortunate to be able to run UltraVNC services on some of your systems, you have some more options…especially if you are making a “headless” server box on a desktop OS platform. I’m personally more of a TightVNC guy myself but hey, close enough.

One of the problems might be that you want it to be a secure (AD/Domain) authenticated connection, but you don’t want someone to have to click “Allow/Disallow” on the headless system to approve that connection.

Fortunately there are options!

• Can you disable the "Accept - Reject" window? - UltraVNC Forum - Yes, yes you can..
• Install - UltraVNC
• UltraVnc Configuration - UltraVNC
• First Server Run - UltraVNC
• Rolling out UltraVNC - pre configure VNC Password - UltraVNC Forum
• ultravnc.ini - UltraVNC

And then…

• Deploying UltraVNC within an Active Directory environment using Group Policy - Virtually Impossible
• How do I setup MS Logon I or II? - UltraVNC Forum

User Redge wrote:

configure and set MS Logon I or II required only at VNC server.
a) following the doc...
http://www.uvnc.com/features/authentication.html
b) no if the UltraVNC setup was followed and exactly.
http://www.uvnc.com/install/installation.html
c) MS Logon I = Require MS Logon
http://www.uvnc.com/features/authentica ... l#mslogon1
d) MS Logon II = New MS Logon
http://www.uvnc.com/features/authentica ... l#mslogon2
Should set and required only at vnc server.
Important:
do not set vnc server as New MS Logon II on XP Home, won't work at all.

MSLogon can work, require turn OFF simple file sharing
windows XP

Open an Explorer window>Tools>Folder Options>View>The bottom check box

Headless systems are a pain…even if a modern BIOS can support booting without keyboard/mouse attached, and even if you can admin-pw lock the BIOS settings to prevent the USB ports from being active and used. Your system still may not boot if the NTLDR doesn’t see a proper video driver.

Headless System (Windows Embedded Standard 2009)  - Microsoft Developer Network post

• Creating headless systems - Windows Embedded Blog

In Windows Embedded Standard 2009 the support for headless devices starts with the availability of null-drivers for the standard MMI devices. Of course, the BIOS needs to support this kind of configuration, as well, but this should not be a problem on recent systems. The generic keyboard and mouse drivers in Standard are still present as well, when no hardware is connected, but the null driver for the VGA adapter needs to be added to the configuration. This requires the following components:

VGA Save could be left out, if there really is no VGA compatible chip on the board. This will create a dependency error, which in this case can be disregarded. Nevertheless, the benefit of having VGA Save in the image is that any time a graphics adapter card is plugged into the system VGA Save gets loaded instead of the Headless VGA driver. This enables screen output e.g. for field personnel troubleshooting the device. The VGA Boot Driver is required by NTLDR at boot time.

• Making the Server Appliance Headless - Microsoft Developer Network post
• Headless VGA Driver - Microsoft Developer Network post
• Headless Device Video Driver Processing - Microsoft Developer Network post
• Adding Support for a Headless System to your Configuration ... - Microsoft Developer Network post
• Headless VGA driver - Setting display resolution - Windows XP ... - RealGeek

One last element,

The BIOS should be configured to “re-spawn” like a good digital soldier in the event that the power is lost (even a UPS dies if power is off too long) or if someone hits the Power-off button perchance.

Likewise, if the Windows system is NOT on an AD Domain, and logging into a local workstation/workgroup account profile, then you lock it down pretty well (to the bare minimums to function, and enable the auto-login to the set profile: Tip: Auto-Login Your Windows 7 User Account | Cool Stuff | Channel 9. Pretty easy stuff for the auto-login.

The challenge comes up if you want to add it to the AD Domain and use a domain-based account for security/auditing purposes.

There are a number of ways to do this, each with their nuances. Some work better than others. Some are more secure than others. Consider the risk carefully before choosing grasshopper!

[SOLVED] Windows 7 - Auto Logon With Domain Computer - Mockbox.net post.  Easy enough with this registry-based solution BUT the user account and password are stored in the registry in clear-text.  You can roll your own .REG files for deployment with this method. However this could be a big security risk!

WindowsAutoLogin - freeware - IntelliAdmin. One nice feature of this application is that you can also control the number of times it allows an auto-login to occur and then after that “X” number of logins specified, it becomes disabled. That could be handy for some unattended (but brief) service events that require multiple reboots.

Autologon - Microsoft Sysinternals - Much better and easy enough to use. Per this post Safely setting autologon for Windows from the “Confessions of a Microsoft Consultant” TechNet Blog, we learn that AutoLogin saves the account/password string in the registry as a LSA secret.  That’s better than storing it in the Registry in plain-text, but it still is “easy enough” to penetrate and capture:

• LSASecretsDump - Dump LSA secrets from the Registry - NirSoft utility
• Use PowerShell to Decrypt LSA Secrets from the Registry - Hey, Scripting Guy! Blog - Why not since we are trying to learn PowerShell here too!
• Dump Windows password hashes efficiently - Part 1 - Bernardo Damele A.G. weblog
• Dump Windows password hashes efficiently - Part 2 - Bernardo Damele A.G. weblog
• Dump Windows password hashes efficiently - Part 3 - Bernardo Damele A.G. weblog - LSA Secrets info is here.
• Dump Windows password hashes efficiently - Part 4 - Bernardo Damele A.G. weblog
• Dump Windows password hashes efficiently - Part 5 - Bernardo Damele A.G. weblog
• Late night thoughts on security: LSA Secrets - ins3cure blog “Late night thoughts on security”
• LSA Secrets - WindowsNetworking.com
• Microsoft Windows Security Fundamentals: For Windows 2003 SP1 and R2 - Page 41 - Google Books Result

Autologon - commercial product from LogonExpert . I haven’t tried this product but it says it stores the logon information encrypted in AES 256, interacting directly with the WinLogon service to ensure nothing can grab the data. It has some really, really neat features.  The author has an overview of Free Solutions like what I have outlined above, as well as a Learn More about the product. There is an active download link from the page but I’m not sure if it is a limited-trial version or what. This may be a product that can provide both the “setup” features to enable AD-based auto-login and the security-needed for implementation. I’m really intrigued by this particular product.

Use this information wisely!

--Claus Valca

Read More

Regarding the Modern.IE Tester VM’s

I’ve spend much of the weekend building and tweaking the various Internet Explorer | modern.IE Virtual Machine builds. I went with the VMware Player versions as I tend to use that platform for Windows systems while using VirtualBox for Linux machines.

Anyway, this wasn’t for kicks and grins. Rather I needed to do some platform testing of different remote-control access and these seemed perfect, after some modifications.

Again, carefully read Rey Bango’s blog post and the comments to get a good sense of these systems; Making Internet Explorer Testing Easier with new IE VMs

Time Limits on the VMs

All of the VMs have a time limit 90 days of total time from the moment you first use the VM. Basically it’s 30 days usage with two 30-day rearms. To rearm, go into a command prompt with Administrator privileges and type in “slmgr –rearm”

At the end of the 90 days, you’ll be able to use the VM for an hour before it shuts down. At this point, you’ll need to decide if that’s okay or if you’d like to recreate the VM and use it for another 90 days. Remember, you can reuse the same files you originally downloaded to recreate the VM so don’t delete them (unless you just love downloading big files).

After I enabled Remote Desktop access to the first system (Windows 7 Enterprise) and then started trying to use mstsc.exe (Remote Desktop Connection), it would connect…then instantly through an error and disconnect. Remote Desktop Access is disabled on these VM’s by default. I assume you know how to enable them but if not…Enabling Remote Desktop Connections in Windows 7 | 7 Tutorials

Took me awhile to figure it out, but the system was also configured with the single profile account and to automatically log into the account. Once I connected to the account with remote desktop, it logged the running account off, then that caused it to force the relogin of the same account, knocking me off!

This then required me to disable the “auto-login” feature for the accounts. Again, I’m sure all my dear readers know how to do that but if not…Tip: Auto-Login Your Windows 7 User Account | Cool Stuff | Channel 9 except in this case after first running “control userpasswords2”, for step 4 you want to “Check the option “User must enter a user name and password to use this computer.”  Now you won’t get kicked off when you use Windows Remote Desktop Connection to reach it.

Of course, if you do that, you will now need to enter the default password for these systems.  You do know the default user account password for the VM’s right? No?

I found it clearly documented in this provided PDF: Modern.IE VM Notes - 6-24-2013. The PDF is interesting as the file name says 06-27-2013 but the internal document date is 06-24-2013. Oh well. Here is another earlier version as well: Modern.IE VM Notes. Rey Bango actually references the first one in his post if you can find it in the last sentence of the last paragraph of his “Installing the VMs” section.

What else…Oh…as I was setting these up in VMWare Player, for one of them I somehow configured it to use Home Groups. Oopsie.  It ended up creating a non-delete-able HomeGroup icon on my host desktop. Hmmm. Followed this tip from “reminore reminore” to get it cleared off: Unable to remove Homegroup Icon - Microsoft Community. There are a couple of techniques in the post but this did it simply for me.

This worked for me win 7 - 64 bit home premium
1) Drive to "Folder Options"
2) Click "View"
3) Scroll down to "Use Sharing Wizard (Recommended)" it must be checked
4) Un-Check  the Check -box
5) Click "Apply"......the Icon will be removed from your desktop
6) Re-Check the Check-box .....the icon will not be back

HomeGroup Desktop Icon - Add or Remove - Windows 7 Help Forums has some additional pre-packaged .REG file fixes if that is your thing, or the above doesn’t work.

One last tip. Once I finished tweaking the user-account/settings and adding some core files/portable apps to it in the profile folder, to make future rebuilding of these systems super-easy, I just ran the Easy Transfer Wizard on one of them to build an “myaccount.mig" file and off-loaded it back to my host system. Then after I set up the Win 7 system I could semi-clone that profile setup to the rest of them with much less setup time than the first one, and when I have to rebuild them after the 90-day period ends. How to Use Easy Transfer in Windows 7 - For Dummies

--Cheers.

Claus Valca.

Read More