Windows 10 Shell Commands you can run from the ‘Run’ line

e following shell commands can be ran from the ‘run’ line in Windows 10

shell:AccountPictures	%AppData%\Microsoft\Windows\AccountPictures
shell:AddNewProgramsFolder	Control Panel\All Control Panel Items\Get Programs
shell:Administrative Tools	%AppData%\Microsoft\Windows\Start Menu\Programs\Administrative Tools
shell:AppData	%AppData%
shell:Application Shortcuts	%LocalAppData%\Microsoft\Windows\Application Shortcuts
shell:AppsFolder	Applications
shell:AppUpdatesFolder	Installed Updates
shell:Cache	%LocalAppData%\Microsoft\Windows\INetCache
shell:Camera Roll	%UserProfile%\Pictures\Camera Roll
shell:CD Burning	%LocalAppData%\Microsoft\Windows\Burn\Burn
shell:ChangeRemoveProgramsFolder	Control Panel\All Control Panel Items\Programs and Features
shell:Common Administrative Tools	%ProgramData%\Microsoft\Windows\Start Menu\Programs\Administrative Tools
shell:Common AppData	%ProgramData%
shell:Common Desktop	%Public%\Desktop
shell:Common Documents	%Public%\Documents
shell:CommonDownloads	%Public%\Downloads
shell:CommonMusic	%Public%\Music
shell:CommonPictures	%Public%\Pictures
shell:Common Programs	%ProgramData%\Microsoft\Windows\Start Menu\Programs
shell:CommonRingtones	%ProgramData%\Microsoft\Windows\Ringtones
shell:Common Start Menu	%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
shell:Common Startup	%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
shell:Common Templates	%ProgramData%\Microsoft\Windows\Templates
shell:CommonVideo	%Public%\Videos
shell:ConflictFolder	Control Panel\All Control Panel Items\Sync Center\Conflicts
shell:ConnectionsFolder	Control Panel\All Control Panel Items\Network Connections
shell:Contacts	%UserProfile%\Contacts
shell:ControlPanelFolder	Control Panel\All Control Panel Items
shell:Cookies	%LocalAppData%\Microsoft\Windows\INetCookies
shell:Cookies\Low	%LocalAppData%\Microsoft\Windows\INetCookies\Low
shell:CredentialManager	%AppData%\Microsoft\Credentials
shell:CryptoKeys	%AppData%\Microsoft\Crypto
shell:desktop	Desktop
shell:device Metadata Store	%ProgramData%\Microsoft\Windows\DeviceMetadataStore
shell:documentsLibrary	Libraries\Documents
shell:downloads	%UserProfile%\Downloads
shell:dpapiKeys	%AppData%\Microsoft\Protect
shell:Favorites	%UserProfile%\Favorites
shell:Fonts	%WinDir%\Fonts
shell:Games	Games
shell:GameTasks	%LocalAppData%\Microsoft\Windows\GameExplorer
shell:History	%LocalAppData%\Microsoft\Windows\History
shell:HomeGroupCurrentUserFolder	Homegroup\(user-name)
shell:HomeGroupFolder	Homegroup
shell:ImplicitAppShortcuts	%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts
shell:InternetFolder	Internet Explorer
shell:Libraries	Libraries
shell:Links	%UserProfile%\Links
shell:Local AppData	%LocalAppData%
shell:LocalAppDataLow	%UserProfile%\AppData\LocalLow
shell:MusicLibrary	Libraries\Music
shell:MyComputerFolder	This PC
shell:My Music	%UserProfile%\Music
shell:My Pictures	%UserProfile%\Pictures
shell:My Video	%UserProfile%\Videos
shell:NetHood	%AppData%\Microsoft\Windows\Network Shortcuts
shell:NetworkPlacesFolder	Network
shell:OneDrive	OneDrive
shell:OneDriveCameraRoll	%UserProfile%\OneDrive\Pictures\Camera Roll
shell:OneDriveDocuments	%UserProfile%\OneDrive\Documents
shell:OneDriveMusic	%UserProfile%\OneDrive\Music
shell:OneDrivePictures	%UserProfile%\OneDrive\Pictures
shell:Personal	%UserProfile%\Documents
shell:PicturesLibrary	Libraries\Pictures
shell:PrintersFolder	All Control Panel Items\Printers
shell:PrintHood	%AppData%\Microsoft\Windows\Printer Shortcuts
shell:Profile	%UserProfile%
shell:ProgramFiles	%ProgramFiles%
shell:ProgramFilesCommon	%ProgramFiles%\Common Files
shell:ProgramFilesCommonX64	%ProgramFiles%\Common Files
shell:ProgramFilesCommonX86	%ProgramFiles(x86)%\Common Files
shell:ProgramFilesX64	%ProgramFiles%
shell:ProgramFilesX86	%ProgramFiles(x86)%
shell:Programs	%AppData%\Microsoft\Windows\Start Menu\Programs
shell:Public	%Public%
shell:PublicAccountPictures	%Public%\AccountPictures
shell:PublicGameTasks	%ProgramData%\Microsoft\Windows\GameExplorer
shell:PublicLibraries	%Public%\Libraries
shell:Quick Launch	%AppData%\Microsoft\Internet Explorer\Quick Launch
shell:Recent	%AppData%\Microsoft\Windows\Recent
shell:RecordedTVLibrary	Libraries\Recorded TV
shell:RecycleBinFolder	Recycle Bin
shell:ResourceDir	%WinDir%\Resources
shell:Ringtones	%ProgramData%\Microsoft\Windows\Ringtones
shell:Roamed Tile Images	%LocalAppData%\Microsoft\Windows\RoamedTileImages
shell:Roaming Tiles	%AppData%\Microsoft\Windows\RoamingTiles
shell:SavedGames	%UserProfile%\Saved Games
shell:Screenshots	%UserProfile%\Pictures\Screenshots
shell:Searches	%UserProfile%\Searches
shell:SearchHistoryFolder	%LocalAppData%\Microsoft\Windows\ConnectedSearch\History
shell:SearchHomeFolder	search-ms:
shell:SearchTemplatesFolder	%LocalAppData%\Microsoft\Windows\ConnectedSearch\Templates
shell:SendTo	%AppData%\Microsoft\Windows\SendTo
shell:Start Menu	%AppData%\Microsoft\Windows\Start Menu
shell:StartMenuAllPrograms	StartMenuAllPrograms
shell:Startup	%AppData%\Microsoft\Windows\Start Menu\Programs\Startup
shell:SyncCenterFolder	Control Panel\All Control Panel Items\Sync Center
shell:SyncResultsFolder	Control Panel\All Control Panel Items\Sync Center\Sync Results
shell:SyncSetupFolder	Control Panel\All Control Panel Items\Sync Center\Sync Setup
shell:System	%WinDir%\System32
shell:SystemCertificates	%AppData%\Microsoft\SystemCertificates
shell:SystemX86	%WinDir%\SysWOW64
shell:Templates	%AppData%\Microsoft\Windows\Templates
shell:ThisPCDesktopFolder	Desktop
shell:UsersFilesFolder	%UserProfile%
shell:User Pinned	%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned
shell:UserProfiles	%HomeDrive%\Users
shell:UserProgramFiles	%LocalAppData%\Programs
shell:UserProgramFilesCommon	%LocalAppData%\Programs\Common
shell:UsersLibrariesFolder	Libraries
shell:VideosLibrary	Libraries\Videos
shell:Windows	%WinDir%

 

Good tweak or bad tweak? TweakHound helps you decide.

An excellent site to look at tweaks and optimization of your operating system is TweakHound.   TweakHound gives step by step guides and hundreds of tweaks – they also help you look at these individually and explain why they are good or bad.

Go check them out.

 

 

Display Driver Uninstaller

If you are a gamer or in IT, you may have noticed a performance degradation after changing your video card or after upgrading the driver.

Display Driver Uninstaller helps to remove orphaned files and registry keys.

Go over to TECHSPOT and download the uninstaller.

Is your AHCI Link Power Management viewable from the Power Options Console?

TCAT Shelbyville - ITIM

If you can’t see your AHCI Link Power Management from the Power Options, there is a way to add it.  Always backup your computer before modifying the registry.

You can add the GUID to the registry by going opening the registry (regedit) and creating  a key under the following key -0012ee47-9041-4b5d-9b77-535fba8b1442

The easiest way is to copy the information in italics to notepad or notepad++ and save as AHCI.reg.

After saving this, double click on the .reg file and reboot.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPowerPowerSettings

View original post

Error 1935 while installing Office

If you receive the error 1935, take the following steps-

• Make sure you have C++ Redistributables  Link 
• Uninstall Office (Make sure you have any documents backed up)
  • Run the Office Installation Cleaner (easy fix two found in Option Two at the following link)
• Delete the following key in your registry

 

Need to optimize your network? Look at adjusting LocalPriority, HostPriority, DNSPriority or NetBTPriority.

TCAT Shelbyville - ITIM

Need to optimize your network? Look at adjusting LocalPriority, HostPriority, DNSPriority or NetBTPriority.  (Host/DNS resolution)

The tweak works by increasing the priority of four processes.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipServiceProvider
LocalPriority = 4 (DWORD, the default is 499, change to 4)
HostPriority = 5 (DWORD, the default is 500, change to 5)
DnsPriority = 6 (DWORD, the default is 2000, change to 6)
NetbtPriority = 7 (DWORD, the default is 2001, change to 7)

You can use this script at a command prompt (as Admin) or in PowerShell (as Admin)-

reg add HKLMSystemCurrentControlSetServicesTcpIpServiceProvider /v “LocalPriority” /t REG_DWORD /D 4 /F

reg add HKLMSystemCurrentControlSetServicesTcpIpServiceProvider /v “HostsPriority” /t REG_DWORD /D 5 /F

reg add HKLMSystemCurrentControlSetServicesTcpIpServiceProvider /v “DnsPriority” /t REG_DWORD /D 6 /F

reg add HKLMSystemCurrentControlSetServicesTcpIpServiceProvider /v “NetBtPriority” /t REG_DWORD /D 7 /F

taskkill /f /im explorer.exe

start explorer.exe

View original post

High Resource Utilization – It could be your memory compression

Have you noticed high resource utilization?  CPU, Memory or Disk at 100%? Of course this could be malware, a virus, a startup app or program. It could also be memory compression.

Windows 10 offers memory compression which takes little-used elements and stores them in RAM.   This saves memory and is faster than your pagefile.

If you experience latency or high memory utilization, you can turn off memory compression by using PowerShell.

Open PowerShell and type the following-

Get-mmagent

You should see Memory Compression is True.

If you are having issues with memory, Open PowerShell as an admin and type –
Disable-MMAgent -mc

This will disable memory compression

Reboot

You can enable memory compression by typing-

Enable-MMAgent -mc

There truly is no reason why you should disable memory compression.  Users have reported what they believed was corrupt compressed memory.   After disabling and re-enabling, users reported their systems had stabilized.

If the performance has improved with memory compression disabled, you can leave  Windows 10 with the compressed memory disabled.

You can also see Memory Compression by using the Task Manager or  Resource Monitor.

 

You can also use set-mmagent and use the maximum number of prefetch files  from 1 through 8192.  

Computer not responding? Restart your graphics driver

Computer not responding? Restart your graphics driver by using the following shortcut keys-

Win+Ctrl+Shift+B

It’s not always Ctrl+Alt+Del …

An interview with Fabian Wosar, EMSISOFT’s ransomare killer

Fabian Wosar, CTO of EMSISOFT is known as the most prolific ransomware killer in the world.   We reached out to Fabian and asked him ten questions.

Look for our Live Interview and video late next week…

Steve: You’re the cybercriminal…Create ransomware or steal and sell data?  Why?

Fabian: There can be a whole bunch of motivations at play. Some people are just interested in the challenge. They just want to proof that it is possible to break a system or to write malware for a certain system. Then you have people who just do it “for the lulz” or are somehow politically motivated. These people usually want to highlight certain issues or just want to have fun. The vast majority however, especially when it comes to ransomware, are financially motivated. Decently successful ransomware groups make tens of millions of dollars each month. Gandcrab for example managed to generate 2 billion US dollars worth of ransom money within about a year.

Steve: Do you see patterns from the “cyber gangs” in the reuse of code when they program new ransomware or variants? Are these ‘gangs’ becoming smarter?  Are they recruiting better programmers?

Fabian: It very much depends on the gang and campaign. Ransomware code is readily available not only on blackmarkets but also on places like Github. So the barrier of entry is somewhat low. There are also a whole bunch of “Ransomware as a Service” offers available, where everyone who is interested in getting into ransomware can just sign up, infect a bunch of people, and then get a cut of the revenue generated. That is how Gandcrab operated for example.

The gangs behind ransomware haven’t necessarily have become smarter, but they adjusted and changed tactics a lot. While in the beginning, ransomware very much was a home user problem, the focus has shifted towards companies in the recent years. Instead of spreading ransomware through spam, exploit kits and pirated software, attackers try to break into systems directly in order to encrypt them.

Steve: Are you seeing a collaboration of cybercriminals where opposing criminals are ‘teaming’ up with one another?

Fabian: There definitely is a lot of teaming up going on. Take a look at Ryuk for example, which is often deployed through existing bot infections. Whether the bot herders are behind Ryuk itself or whether the Ryuk gang is buying infected systems from the bot herders isn’t exactly clear. There is obviously also a lot of auxiliary stuff going on. It’s one thing obtaining a large amount of bitcoin. It’s another to turn that bitcoin into clean cash that you can use and buy things with. So the same organised crime structures that are involved in money laundering are present in cyber crime as well.

Steve: Is Microsoft keeping up with updates and patches and are you seeing more neglect from IT personnel?

Fabian: There certainly is a bit of apathy going on. Every couple of weeks there is a new big vulnerability threatening your security. It becomes difficult to keep up, especially when you have lengthy test cycles for new patches to make sure they work in your environment or if you rely on certified hardware and software, that can’t be easily patched without breaking the certification.

Outsourcing was often seen as a solution to this problem, but especially recently there have been attacks on MSPs, often with catastrophic results. We have seen cases where MSPs got hacked and thousands of their clients got hit by ransomware that was deployed through the RMM sytems used by those MSPs.

Steve: IoT and Network Area Storage is getting hit by Ransomware today.   Do you foresee new threats that go into Automotive/Transportation, SCADA/PLC, Linux and Mac Oss that involve a more sophisticated Ransomware?

Fabian: We have already seen some of those cases. A while ago a bunch of PHPBB communities got targeted by a rather unique ransomware. They replaced the database driver on those communities with one that would transparently encrypt and decrypt all data during access. The forums continue to work fine, often for months, until the attacker pulls the key out of the driver, making the database inaccessible. Since the driver often has been there for months, backups may have already been rotated out. But even if they weren’t, a large portion of content that was added since the attack may be encrypted with no recovery possible. I would suggest more of these types of attacks in the future.

Steve: When did you first notice code in Ransomware had your name in it?  Were you shocked?  Is this something you are seeing more of?  Are you constantly receiving threats?

Fabian: The first time it happened was about 3 years ago in a ransomware called Radamant. I wasn’t exactly shocked to be honest. I was more surprised and also a little bit proud. It’s the greatest form of compliment you can get in my line of work. It still happens occasionally in addition to ransomware authors contacting me directly on Twitter or in various online communities. The threats have become less, but they still happen occasionally. The biggest reason for that is that I am less public about my work and often help victims directly or provide information to other researchers who then release the decrypters.

Steve: Generally how long does it take to reverse engineer ransomware and provide keys if possible?

Fabian: That very much depends on the ransomware. But on average, it takes me less than 30 minutes to take the ransomware apart, find the encryption routines, and figure out whether the encryption scheme is secure or not. Writing a decrypter then takes another couple of hours. About 4 on average I would say. A lot of QA and testing goes into these decrypters. The last thing we want is damage the user’s files after all. So we tend focus on being careful instead of being the first. However, more often than not we are the first anyway.

Steve: Are you seeing more shady security companies who negotiate with the cybercriminals without the victim knowing?

Fabian: It continues to happen, yes. It’s important to drag these companies into the open and tell people what they are doing. People often think I am against paying the ransom under any circumstance. While that would obviously be the ideal, I am well aware that when it comes push to shove, people prefer to part with a large sum of cash rather than kiss their entire livelihood goodbye. So I am not against paying the ransoms per se, if there truly is no other way, and I also don’t think that a data recovery company should be ashamed of paying ransoms. Quite frankly engaging with a company that has experience with these types of negotiations can be quite beneficial. Not to mention that your accountants will probably prefer you paying a legitimate third party instead of buying bitcoins and sending them somewhere without any kind of invoice.

Ideally data recovery companies should just be honest about how they came up with the amount they charge their clients and outline exactly what they are doing. That doing so can make you hugely successful can be seen in the case of Coveware for example, who are very open about their processes and cost structure.

Steve: How did you get involved in Information Technology?

Fabian: I bought my first PC when I was about 10 years old. It didn’t take long until I got my first computer virus (Tequila.B). I was really fascinated by the concept, so I went into the library (sort of an offline Wikipedia for the young people out there ;)) and they actually had a bunch of books about computer viruses. So I got really into the topic, which led me to eventually learning assembly and Pascal programming and writing my own little anti-virus tools when I was about 11 years old. I never really moved away from that.

Steve: Finally, what is your recommendation other than the usual protection methods that someone can use to protect themselves against ransomware?

Fabian: Backups are by far the best protection. I recommend everyone who isn’t on some data limited plan to go with a cloud based backup solution. Preferably one that can operate using “zero-knowledge”, so that your data is encrypted on your system and the backup provider has no knowledge of what data is being stored on their service. Besides backups, practicing proper cyber hygiene is key. Stick to well known software and keep it updated. Don’t download and install software from places that aren’t trustworthy. Don’t have your data laying around openly on the internet. Have all access points to your network and systems protected using strong authentication (ideally based on certificates, not passwords; but if you have passwords, make sure they are of high complexity). Things like that.

Security software can obviously help quite a bit as well, but there are limits. I am always surprised how customers who had RDP enabled on their systems and trivial passwords complain that our product didn’t protect them. No product will in those cases. The attacker can just turn them off or uninstall them before running their ransomware. Once someone gained access to your system like that, it is game over.

Best regards,

Fabian Wosar
Chief Technology Officer EMSISOFT

EMSISOFT

Need to optimize and check a MySQL database on Windows?

Need to optimize and check a MySQL database on a Windows computer?

Open a command prompt as an administrator.

Change into the folder where your MySQL is located.

An example is below –

type cd\Program Files\MySQL\MySQL Server 5.7\bin

Hit enter

type mysqlcheck -u root -p –optimize –databases {enter your database name here}

Hit enter

Be patient and wait.  You may be asked to enter your root password for your MySQL when prompted

 

Moodle 3.7+ Notifications – Cron failed to run in 200 seconds

If you receive “Cron failed to run in 200 seconds, you can write a batch file and place the batch file in a folder under c: drive (name the folder cron).  The script below is if you are running Moodle on a Windows based server.

The content of the batch file should contain the follow:
echo on
c:
rem enter the path to your php on the next line
cd\Program Files\php\v7130
php c:\inetpub\wwwroot\{your moodle directory}admin\cli\cron.php
echo Cron Job Success!
rem the next line waits 180 seconds to prevent resource usage

timeout 180
cd\cron\cronhourly
start cmd /k Call c:\cron\cronhourly.bat
exit

2019 Middle Tennessee Cyber Conference Agenda

The TN Department of Safety and Homeland Security along with TCAT Shelbyville and the Cyber Conference committee are working on the 2019 Middle TN Cyber Conference agenda.  Look for speakers such as Jayson E. Street (http://jaysonestreet.com/), Brent White of We Hack People, (https://wehackpeople.wordpress.com/), Daniel Elliot (National Cybersecurity Alliance) and Mark Burnett, Derek Rush, & Bill Dean (LBMC-Anatomy of a Hack).
Other speakers will be announced soon.
Join the 400+ professionals and register at:
https://middletncyberconf.com

2019 Middle TN Cyber Conference

Register now for the 2019 Middle Tennessee Cyber Conference – Register Now

Rockwell Directory Configuration Wizard Unknown Error 0x80005000

Have the above error?  Copy and paste this in a command prompt as administrator.   This will work a majority of the time.   This configuration error re-registers the dlls that may have issues during or after an upgrade.

cd\
cd\windows\system32
For /F %s in (‘dir /b *.dll’) do regsvr32 /s %s
cd\
cd\Program Files (x86)\Common Files\Rockwell
For /F %s in (‘dir /b *.dll’) do regsvr32 /s %s

pause

Note:  You may have to replace the ‘ symbol with the apostrophe.  Also this often corrects other programs that display this error.

 

what3words – Did you know the world has been divided into 3m x 3m squares?

The world is divided into a grid of 3m x 3m squares and each grid is assigned a unique 3 word address.

Because most of the world is not addressed, you can locate any place on the planet by three words.   Take a look at the technology and features behind what3words –  https://what3words.com/about/

 

Error Writing to Database – Moodle after an upgrade

If you get an error on Moodle that states “Error Writing to Database” generally when logging on, that WAS working prior to upgrading, clear or purge the Moodle Cache.  Generally when you shutdown Apache or IIS to upgrade, the sessions or cached sessions may be corrupt.

By purging the cache, it will flush the cache and new sessions will be initiated. This is why it is important to announced maintenance at a predetermined time and to place Moodle in Maintenance Mode.

Where do you Purge all cache?  Go to Site Administration, Development and Purge All Caches.

Remember, if you get “Error Writing to Database other than logging in (randomly), try purging the cache first.

Cannot connect to Microsoft SQL server after installing an IIS SSL Certificate

If you cannot connect to your Microsoft SQL Server after installing a web SSL Certificate, you may need to get the thumbprint of your certificate and copy it (without spaces) to your registry.

Go to Hkey_Local_Machine\software\Microsoft\Microsoft SQL Server\{Find your instance of SQL}\MSSQLServer\SuperSocketNetLib

There you will find a string that says Certificate – put the thumbprint of your certificate there without spaces – reboot your computer.

If the string does not exist, create a string that says certificate

Remember – Always have a backup of your server (configuration, database and other information) before working with the registry.

AlphiMAX PTP Estimator provides an excellent way to align your wireless antennas

It is important to perform a wi-fi survey so that you can determine not only the perfect place to locate your access point or bridge but to gain an understanding of the channel co-existence challenge you may face.  With wireless access points in surrounding neighborhoods and businesses, you will need to  perform a survey by walking around and mapping out the BSAs (Basic Service Area) of wireless that surrounds you and your organization.

Below is an example of our school’s perimeter.  Matt, Chris and James, students in the Computer Information Technology, class performed a survey using a Microsoft GPS and Vistumbler.  This survey revealed access points and their channels of current wireless at our institution and  includes APs in surrounding businesses and neighborhoods.  These were mapped using Google Earth after exporting their KML file from Vistumbler.

This type of survey allows IT professionals to analyze data exported to ensure the correct channels can be used at their organization.

After exporting the wireless information, you can analyze each access point or wireless device by clicking on it.  Below is an example of the information exported into Google Earth.   Each device shows SSID, Network Type, Mac Address, Channel, Security, Encryption Type, Data Rates, Latitude, Longitude and Manufacturer information.   Analyst using this information can also determine the best placement of wireless devices along with channel information.

Channel co-existence is when access points share channels that are very close to one another.

802.11 wireless on 2.4 Ghz has three non-overlapping channels.  These channels are 1, 6 and 11.  The closer channels are, the more likely interference will take place.  With the amount of wi-fi in use today, IT professionals have to chose between 2.4 Ghz and 5 Ghz and and try to select channels that are not in use if possible.   Professional access points and bridges can also adjust power as necessary.   A dense population can make this very challenging.

If you look at the students’ survey by zooming out to see how many access points can be seen, this is what you are looking at!  Now you can see why site surveys are important at your organization.

In addition to this survey, a secondary survey using a spectrum analyzer is very important to search for interference from other sources.  (See our review of the Airview Spectrum Analyzer)

Channel information (Chart from Wikipedia)

Here’s another look at a wireless survey showing vertical lines and signal strength.  (James M. KML survey)

Atheros Wireless Drivers

Need an update and stable version of your Atheros Wireless Drivers?

Often the wireless drivers found at,  https://www.atheros-drivers.com/atheros-network-drivers.html  , are more stable than the manufacturer.

Slow SQL Connection or Network in Windows 10 – Update

Finally found a small problem with Windows 7, 8, 8.1 and 10.  After upgrading, we have discovered that Windows  was responding slow to our SQL Server 2008 and SQL Server / other versions.  What we discovered is below.

Slow response times in Windows to a SQL Server can be due to the LLMNR protocol.  This may be resolved by turning off the LLMNR protocol.

LLMNR is a protocol that allows both IPv6/4 computers to perform name resolution for the NetBIOS names of other computers without requiring a DNS server.

IPv4 hosts can use NetBIOS over TCP/IP (NetBT) to resolve computer names to IPv4 addresses for neighboring computers by broadcasting a NetBIOS Query.

All IPv4-based LLMNR hosts listen on the IPv4 multicast address 224.0.0.252 instruct their Ethernet network adapters to listen for Ethernet frames with a destination multicast address.

Windows -based LLMNR computers do not send or respond to unicast queries.

To disable LLMNR:

Modify Group Policy – Go to Search – Type GPEdit.msc – Enter – Navigate to the following and make sure Enabled is checked –

Computer Configuration\Administrative Templates\Network\DNS Client
\Turn off Multicast Name Resolution = Enabled

How does Multicasting Work?  Here’s a good explanation

Update –

LLMNR

Windows Vista and Windows Server “Longhorn” support Link-Local Multicast Name Resolution (LLMNR), which allows IPv6 hosts on a single subnet without a DNS server to resolve each other’s names. This capability is useful for single-subnet home networks and ad hoc wireless networks. Rather than unicasting a DNS query to a DNS server, LLMNR nodes send their DNS queries to a multicast address on which all the LLMNR-capable nodes of the subnet are listening. The owner of the queried name sends a unicast response. IPv4 nodes can also use LLMNR to perform local subnet name resolution without having to rely on NetBIOS over TCP/IP broadcasts.

Dawn M. Babian, GSAE
Instructor

Disabling LLMNR (Below)

Professional or Enterprise (Gpedit.msc)

Home Edition

Create a registry key as follows –

You also should go to your network adapter properties and disable all of the settings under the advanced properties such as TCP/Offload and other advanced settings.  Remember, not all adapters have advanced options – disable any settings that allow you to do so….

Disable your anti-virus and check the speed.  Is your anti-virus causing issues?

See our article –

Phrases you may hear in IT

GUI Maintenace Program for MSSQL or MYSQL

Want an excellent program to manage your MySQL server from Windows?  With MySQL, you can download MySQL Workbench.  MySQL Workbench offers great graphics on your MySQL incident and an interface that offers features such as queries and status of your server.

But what if you want to run maintenance programs such as Analyze, Backup, Check, Checksum, Optimize or to Repair your database quickly?  HeidiSQL offers dozens of features including an excellent maintenance option.  (Support for MySQL and MSSQL)

• Support for MySQL
• Support for MSSQL
• Support for PostgresSQL

Features from HeidiSQL

• Free for everyone, OpenSource since 9 years of active development.
• Connect to multiple servers in one window
• Connect to servers via commandline
• Connect via SSH tunnel, or pass SSL settings
• Create and edit tables, views, stored routines, triggers and scheduled events.
• Generate nice SQL-exports, compress these afterwards, or put them on the clipboard.
• Export from one server/database directly to another server/database
• Manage user-privileges
• Import text-files
• Export table rows as CSV, HTML, XML, SQL, LaTeX, Wiki Markup and PHP Array
• Browse and edit table-data using a comfortable grid
• Bulk edit tables (move to db, change engine, collation etc.)
• Batch-insert ascii or binary files into tables
• Write queries with customizable syntax-highlighting and code-completion
• Pretty reformat disordered SQL
• Monitor and kill client-processes
• Find specific text in all tables of all databases of one server
• Optimize and repair tables in a batch manner
• Launch a parallel mysql.exe command line window using your current connection settings

More information on MYSQL Maintenace

https://dev.mysql.com/doc/refman/5.6/en/table-maintenance-sql.html