Monday, June 29, 2015

Alternative Data Streams

I've now run into this twice which means I need a way to remember this problem solution.

Windows NTFS has a method for recording Alternative Data Streams with files.  When you download files from the Internet IE may add an Alt. data stream that includes the Internet Zone the file was downloaded from.  There is a neat PowerShell command for viewing the stream called get-item filename.exe -stream *.

You can use SysInternals stream.exe to view and delete these alternative data streams.  I have not found a way to delete streams within PowerShell.

Here is the best article about the topic:

http://blogs.technet.com/b/askcore/archive/2013/03/24/alternate-data-streams-in-ntfs.aspx

Edit:
Found the PowerShell method

get-item <filename> -stream *
remove-item <filename> -stream zone.identifier

Tuesday, June 2, 2015

COM+ Permission Issue on Win7

Here is a subtle problem I started finding in my environment.  I've only seen it on 3-Win7 machines but now I'm worried there are more machines out there broken but without an easy way to identify the machines.

COM+ has a permission issue if you use USMT 4.0 to migrate from 32-bit to 64-bit machines (https://support.microsoft.com/en-us/kb/2481190).  We only noticed the problem because Outlook Add-ins started failing to load and seemed to crash.  Specifically, a user was not able to preview a PowerPoint presentation within the Outlook preview window unless they were running Outlook elevated as an administrator but a newer machine worked just fine running Outlook as a standard user.

We then noticed that Component Services showed "My Computer" with a red arrow and a message saying "You do not have permission to perform the requested action..."

We probably used USMT 4.0 for a year with who knows how many migrations from 32-bit to 64-bit.  I'm going to see if I can find a way to test a machine for this error and maybe create an SCCM compliance test.