CSI Toolkit
New Rohitab API Monitor: Windows 8 and Saving Traces Print E-mail
Written by Darwin Sanoy   
Friday, May 10, 2013 3:01pm

I am a big fan of Rohitab API Monitor.  When Procmon cannot pull the details I am looking for, I resort to Rohitab API Monitor.  In fact, I've used Rohitab API Monitor to figure out why procmon would not load!  The coolest new feature in the latest version is saving traces.

Easy MSI Icon and GUID Extraction for SCCM 2012 Application Catalog (CSI_ExtractMSIGUIDAndIcons.vbs) Print E-mail
Written by Darwin Sanoy   
Saturday, March 16, 2013 12:25pm

Are you moving your many packages to the SCCM 2012 Application Catalog?  It can be a challenge getting the icons out of those huge MSI packages if you don’t want to install each one!  Not any more…

CSI_Reset_IE_32-bit_Shortcuts Updated to 2.0 Print E-mail
Written by Darwin Sanoy   
Thursday, August 2, 2012 11:00pm

CSI_Reset_IE_32-bit_Shortcuts now handles all users and the default user - so you can run it from your software distribution system.  It intelligently processes user profiles so that...

Updated CSI_GetSpecialFolderToCMD Print E-mail
Written by Darwin Sanoy   
Wednesday, May 23, 2012 8:55am

The script CSI_GetSpecialFolder has been updated and renamed CSI_GetSpecialFolderToCMD.  It now sports...

CSI_INI2MST.vbs - Programmatically Creating MSI Property Transforms (MSTs) Using an INI File and a Script Print E-mail
Written by Darwin Sanoy   
Tuesday, May 15, 2012 12:27pm

Most everyone is familiar with creating Windows Installer Transforms (.MSTs) using an authoring tool.  CSI_INI2MST.vbs allows you to create transforms using just an INI file - or a whole set of INI files!  First let's talk about the usefulness of being able to create MSTs using a script and an INI file...

CSI_Reset_IE_32-bit_Shortcuts - Reset Internet Explorer Shortcuts to 32-bit IE Print E-mail
Written by Darwin Sanoy   
Friday, March 2, 2012 3:52pm

It is an increasingly common circumstance to hear of individuals or organizations who have had all their IE shortcuts pointed to 64-bit version of IE.  It does not take long for them to realize this was a mistake!  The attached script will help reset the IE Desktop and Start Menu shortcuts to the 32-bit version.

Major Upgrade to CSI_IsAdmin (.vbs, .cmd, .ps1) Print E-mail
Written by Darwin Sanoy   
Thursday, October 6, 2011 2:05pm

The CSI_IsAdmin script kit provides a quick and passive (doesn't try to change anything) way to check for admin rights on XP through Windows 7.  It includes code for VBScript (VBS), PowerShell (PS1) and Shell Scripting (.CMD/.BAT).  The previous version could report incorrect results under specific circumstances.

Supporting 64-bit: Using Registry Links On Your Corporate Software Tracking Registry Key Print E-mail
Written by Darwin Sanoy   
Monday, May 23, 2011 11:45am

It is a common practice to have a corporate software registry key for tagging software installations that were performed by an official company prepared package.  Many times these keys are stored under HKLM\Software.  On 64-bit Windows this registry key is different for 32-bit and 64-bit applications - but it doesn't have to be!

JauntePE - Do It Yourself, Robust Application Virtualization for Portablizing Apps Print E-mail
Written by Darwin Sanoy   
Monday, April 25, 2011 9:19am

Portable applications can be run without an installation.  Portabilization is the act of making an application run portably even though it was not designed to do so.  Although portable apps are generally used on a flash drive to allow someone to carry their productivity applications anywhere, they can also be very handy for running various IT utility on any server or VM without installation.  This solution is a true hidden gem!

Win32_Product WMI Class Replacement Print E-mail
Written by Darwin Sanoy   
Tuesday, April 19, 2011 11:06am

Using the Win32_Product WMI class to inventory installed MSI products does some very unexpected and nasty things.  If you are using this class locally to retrieve product data we have a replacement that is not only much safer, it is a million times faster (roughly).


Updated: ManifestUtils Print E-mail
Written by Darwin Sanoy   
Tuesday, April 12, 2011 10:19pm

Our standard manifest templates have been updated to work with 64-bit EXEs.

CSI_GetBitness.vbs Update Print E-mail
Written by Darwin Sanoy   
Thursday, December 16, 2010 4:02pm

After feedback from readers, this script has been enhanced to be able to sense when it is running under the 32-bit subsystem of 64-bit Windows.  Other improvements include...


CSI_GetBitness One Liner Script to Detect 32-bit or 64-bit Windows Print E-mail
Written by Darwin Sanoy   
Monday, December 13, 2010 10:22am

For our BGInfo template I searched high and low for the best way to detect the Windows OS Bits (bit-ness) to display on the destop background.  Here is some script code that does the same thing - the implementation is uber-simple via some WMI code techniques you many not have seen before.

Great Free PE Editor for Internal Manifests (and a Tutorial) Print E-mail
Written by Darwin Sanoy   
Thursday, December 2, 2010 10:40am

Have you ever need to view, update or add an internal manifest in an EXE?  Here is a tool that is Free, User Friendly, supports 64bit and is kept up to date.

Update: CSIMsgQ.vbs Version 2.3 Print E-mail
Written by Darwin Sanoy   
Sunday, November 28, 2010 2:56pm
This script has been updated to version 2.3.  The updates include the following improvements:

Critical Updates to CSI_ListUACVirtRegKeys.vbs Print E-mail
Written by Darwin Sanoy   
Tuesday, November 16, 2010 2:01pm
Some problems with how CSI_ListUACVirtRegKeys.vbs determined SIDs and user names were fixed.
Show UAC Virtualized Registry Keys for All Users (Updated 1.2) Print E-mail
Written by Darwin Sanoy   
Wednesday, October 20, 2010 8:02am

Problem determination can be made more difficult by UAC Virtualization.  This is especially true of registry virtualization.  Since the VirtualStore registry key is specific to each user, you cannot get a global view of UAC registry key virtualization or even view it for a single user.  This script can list UAC virtualizated registry keys for another user or for ALL other users.

An API Monitor That Speaks My Language – Perfect for AppCompat and Application Virtualization (and it’s Free)! Print E-mail
Written by Darwin Sanoy   
Sunday, September 26, 2010 8:00pm

I am an unapologetic WinDbg illiterate.  I can’t read it and don’t understand it.  My 3 GB, dual-core computer can functionally translate any web page I visit into my native human language – does tracing Windows applications really have to be THIS difficult?  Not anymore.

.Manifest Tracing and Preferring External Manifests Print E-mail
Written by Darwin Sanoy   
Thursday, September 23, 2010 6:59am

If you are using internal or external manifests, it can be difficult to diagnose why they do not seem to be working correctly.  Sxstrace.exe is a utility built into Windows Vista and later that can diagnose these problems.  There is also a registry key that will cause Windows Vista and later to prefer external manifests (just like it is on XP).

UPDATED: ConfigureCaptureMachine - Preparing An Application Capture Reference Machine Print E-mail
Written by Darwin Sanoy   
Thursday, July 29, 2010 9:02am

Appendix A of Microsoft's App-V 4.5 Sequencing Guide has 12 pages of screenshots that comprise two of their three best practice configuration steps for a sequencing machine. These steps are good for any type application capture - whether you are doing traditional application packaging or virtualization with any product. We've scripted those steps for you.              (WKU2ANAAY3Z6)

Script To Extract All MSI Errors From a Windows Installer Log Print E-mail
Written by Darwin Sanoy   
Wednesday, July 21, 2010 11:00pm
Are you tired of plowing through Windows Installer logs looking for the same old evidence of the same old problems?  CSI_GetMSIErrors allows you to build scripts to do that boring stuff!  You can even design automated handling of these errors once you are able to grab them with this hand routine.
App-V Deployment MSI Fixups: Proper Rollback on Failure and Installing to Stand-Alone Clients From Network Print E-mail
Written by Darwin Sanoy   
Tuesday, July 13, 2010 11:00pm

If you are running the App-V client in a stand alone mode, you have probably run into some frustrating situations trying to get the MSI to install properly.  Worse yet, when the MSI package fails, it does not completely rollback the package addition to the client – so you end up with a half-baked deployment.  Let's take a look at the details and then give you some files and transforms that do all the work for you.

CSI_ForceUNCRef: Elevating a Script When It Is Running From a Drive Letter Print E-mail
Written by Darwin Sanoy   
Wednesday, June 16, 2010 3:40pm

Windows 7 does not preserve drive letter mappings when a Protected Admin elevates to their full admin token.  This can be a pain when triggering elevation from a script that has started from a network mapped drive letter.  Here is a simple VBScript function to get around this problem.

Scripting Around Session 0 Isolation Print E-mail
Written by Darwin Sanoy   
Thursday, May 27, 2010 6:42am

Millions of administrators worldwide depend on the ability of a Windows Service to display a message on the user desktop for coordination of software distribution activities. Generally this involves communications such as allowing the user to defer software distribution jobs, notification that a distribution job is underway in the background or informing that a software installation is complete. The new security feature in Windows 7 known as “Session 0 Isolation” now blocks this communication from occurring. This CSI-Windows.com Toolkit addition presents a reasonable secure, simple method for getting around the Session 0 barrier.

VBScript UAC Prompting Kit Print E-mail
Written by Darwin Sanoy   
Wednesday, April 21, 2010 12:31pm

The VBScriptUACkit consists of a group of VBScript procedures that allow a script to check whether it is running with full admin rights and to relaunch elevated if needed.

It is able to check whether a user is a protected admin (unelevated admin) so that it can prompt only if admin permissions can be given.  This allows a better user experience and it allows proper status reporting, rather than script failures.

CSI_IsSession: VBScript Function to Discover Almost Anything About Your Current Login Session Print E-mail
Written by Darwin Sanoy   
Monday, April 5, 2010 1:00am

Last year I wrote the VBScript Function “IfUserPerms” to enable scripts to determine if the current user/session was a protected administrator (an administrator capable of elevating, but who is currently not elevated). It worked reasonably well, but had a few warts that needed clipping for its re-release with the upcoming CSI-Windows.com VBScript UAC Kit…

UPDATED: bginfo template 1.6 Print E-mail
Written by Darwin Sanoy   
Wednesday, March 17, 2010 1:00am

Our Bginfo template has been updated to version 1.6.  It has been updated to accurately report whether the OS is 32 bit or 64 bit and whether the Hardware is 32 Bit or 64 Bit.

UPDATED: CSI_IsAdmin: Test for Admin Rights - Fast, Small, Efficient, Universal Script Code in VBScript (VBS), PowerShell (PS1) and CMD/BAT Print E-mail
Written by Darwin Sanoy   
Tuesday, January 26, 2010 12:20pm

This script code uses a fast and efficient method for determining whether the current session (process) has admin rights.  The compact code is provided in VBS (9 lines) and CMD/BAT (3 lines).  It works with XP / Server 2003 through Windows 7 / Server 2008.  It works with UAC (reports admin rights only if session / process elevated).  It uses passive methods to determine rights – in other words, it does not try to change anything on the target system.

UPDATED: bginfo template 1.5 Print E-mail
Written by Darwin Sanoy   
Wednesday, December 2, 2009 3:39pm

Our Bginfo template has been updated to version 1.5.  The template content is the same, but the installer now handles XP, checking for a copy of bginfo.exe next to script, checking for elevated admin on Vista and later (Version 6 and later).  You can use the installer script to see a simple Shell (.BAT, .CMD) scripting method to check if someone is an elevated admin...

Malware Scanners Missing Stuff – Procmon Install Spy To The Rescue… Print E-mail
Written by Darwin Sanoy   
Monday, November 23, 2009 11:06am

I had two different scenarios in two days where some of the top malware scanners completely ignored very concerning changes to systems I was working on…

How Do I UAC Prompt Thee? Let Me Count The Ways. (The Definitive UAC Prompt Guide) Print E-mail
Written by Darwin Sanoy   
Thursday, November 12, 2009 12:18pm

UAC has caused a lot of buzz ever since Vista was released. Sometimes even I wonder if the topic of UAC comprises a measurable amount of the total web and email conversations about technology for the last two years ;)

The main concern about UAC has always been those pesky prompts asking your permission to do innocuous activities like deleting kernel32.dll. Sometimes you get them when you don’t want them and sometimes you don’t get them when you should. It turns out there are many ways to cause or suppress UAC prompts – this post attempts to document them all…

Sample Template Application Manifest [Updated] Print E-mail
Written by Darwin Sanoy   
Wednesday, November 11, 2009 12:21pm

If you are just getting started with using manifest files to configure UAC elevation prompts, it can be difficult to remember what the options are and what to do if there is already a manifest. The following is a complete sample template of an application manifest and is commented so that you can…

File Recovery Sweetness – Free Beats The Pants Off Paying Print E-mail
Written by Darwin Sanoy   
Friday, June 12, 2009 7:04am

Oh that sinking feeling after deleting a file that is your only good copy of a script.  However, the second sinking feeling of knowing there is no recycler copy because the deletion happened via another machine over the network is even worse!  I ended up using two products to attempt recovery – my paid for copy of Stellar Phoenix ($99) and the free and famous Recuva.  Guess which one out performed in multiple was…

VBScript UAC Function for Snooping Permissions Print E-mail
Written by Darwin Sanoy   
Thursday, June 11, 2009 3:55pm

4/5/2010 Update: This script function has been superceded by the much more capable
"IsSession.vbs" available here.

Maybe you have come across some of the UAC VBScript snippets for figuring out whether the current user is an administrator and even whether they are elevated or not. I wanted a quick and lightweight solution to figure our whether a user was admin and whether they were elevated. Once I got started, it didn’t take much to add checks for all the other groups and special permissions. And it’s all done in 40 lines…

CSI Toolkit: Windows Services Optimizer (WinServicesOptimizer.vbs) Print E-mail
Written by Darwin Sanoy   
Friday, May 15, 2009 3:20am

Disabling unnecessary Windows services can result in significant performance gains for production machines and virtual machines. This script helps you manage and share templates for services optmization - including only starting services when they are needed. Some services optimization templates are included and instructions are included for converting from other services optimization tools. Click "Read More" for much more information about the benefits, uses and implementation of the script.

CSI Toolkit: bginfo template for Windows 7 Testing Print E-mail
Written by Darwin Sanoy   
Tuesday, April 28, 2009 9:27am

The attached file contains a .bgi template for Sysinternals BGInfo and an installation shell script. We use it on the virtual machines for all our courses. It places all the security and UAC details of a Windows 7 (or Vista) machine on the background bitmap. I have seem many threads on the net about trying to get bginfo to run for all standard users and do it without admin rights. Just run the installation script (bginfoinst.bat) in an elevated command prompt and then bginfo will run for all users who login, whether or not they are admins or elevated.

RegScanner – Google for your registry Print E-mail
Written by Darwin Sanoy   
Saturday, April 25, 2009 12:51am

RegScanner is a very cool little utility for finding things in the registry.  RegEdit's built-in search functionality is similar to notepad.  Type your search string and keep pounding F3 until you find something similar to what you're looking for.  Lots of wasted time.

Here's some things I love about RegScanner:

RELEASED: Application Compatibility Toolkit 5.5 Print E-mail
Written by Darwin Sanoy   
Thursday, April 23, 2009 1:00am

ACT 5.5 has been released.  Microsoft has made sure that the entire toolset is Windows 7 ready.  The help documents have been enhanced with more information on Shims - Microsoft has been making big improvements on the help documents for over a year.

View | Download (11MB)