Image Remote Disks with Norton Ghost

Symantec Ghost has been my favorite tool since high school as the user interface is minimalistic (runs fast) yet intuitive. It pretty much has every single feature (use case) you can imagine organized in a sensible way (unlike the fucking linux man pages that drown you with 4 dozens of command switches not logically organized so you have to skim through the entire thing to find out what is relevant).

The software is well made in general so we can get a lot mileage out of old versions. I recently had to clone a drive over the network yet I don’t want to share the image file. My initial plan is to have the remote computer I plan to image the disk attached to it run as slave (in Master-Slave mode Peer-To_Peer over TCP mode), but there are a few hurdles:

  • The documentation didn’t say which port is used. I have to use TCPview to figure it out. It’s Port 6668.
  • Turns out slave mode does not support restoring from a image file located from the (puppet-)master. In other words, the when you connect to the slave session, the file dialog box of “From Image” only shows the files on the slave side! WTF!

It’s strange that you can clone a raw drive / partition from master session to slave session, but you cannot choose image file as a source in place of the source drive. I tried the command line before and no avail. After some web searching I realized that I’m not insane. It was the way Ghost is:

The rules inferred from this table means:

  • image files ALWAYS stay at the slave session
  • direct drive/partition copies is always master pushing data to slave.
  • slave drives are never cloned (read)
  • master cannot read its own files to find image files
  • master can only select remote (slave) image files

First of all, direct drive-to-drive copy are bidirectional. The above list is not entirely accurate, so I stroke through the conclusion derived from the incorrect assumptions above. Y:

The rules for image files do not make much sense to me. Just can’t come up with a good excuse for it. The session have full access to both storage from both sides, and ghost command line’s logic is to make image files fungible with direct drives/partitions. It doesn’t discourage accidental overwrites or prevent one side’s data from being siphoned. All they did is to tease the user by not allowing them to read files/images from the master computer where the user interaction is.


The first instinct is to restore the GHO image I want to push to the server onto a disk and do the direct clone. This is logically fungible with creating a VHD, mount it, restore the GHO image to the mounted drive, then use direct ‘virtual disk’-to-disk clone to restore the remote (slave) disk. Luckily, newer Ghost has tools to simplify these steps. We’ll need this 3 pieces of clues to figure it out:

  1. Virtual machine disk image files such as VHD can be used as source or destination
  2. There’s a command switch to mount virtual machine disk image files internally WITHIN the ghost session (no side effects: windows won’t see it. Won’t persist between ghost sessions)
  3. GHO files are not directly mountable as a virtual disk even internally within ghost session

So the complicated process can be shorten to converting GHO to VHD and then internally mount the VHD as a direct drive through command switch launching Ghost. Use DEMO.gho as an example:

REM Convert DEMO.gho to DEMO.vhd
ghost -clone,mode=restore,src=DEMO.gho,dst=DEMO.vhd

REM Launch Ghost with DEMO.vhd internally mapped as a (direct) logical drive
ghost -ad=DEMO.vhd

I ran into some obscure error messages like “ABORT: 11030, Invalid destination drive” when trying to specify the full absolute path. So instead of fussing with the syntax that breaks the code, I added ghost to my Windows %PATH% environmental variable and run ghost directly at the folder where the files are. I suspect it can be fixed with /translate command switch to make sure the drive letter is not ambigious whether it’s local or remote, but that’s something for later if I have a project that require scripting this reliably.


My cliff notes here.

Run Ghost as slave mode

ghost -tcps

Do this at Ghost master computer

REM Convert DEMO.gho to DEMO.vhd
ghost -clone,mode=restore,src=DEMO.gho,dst=DEMO.vhd

REM Launch Ghost with DEMO.vhd internally mapped as a (direct) logical drive
ghost -ad=DEMO.vhd -tcpm:{IP address of the slave computer}

Remember to open port 6668 at the Ghost slave computer.


Appendix

Technically, it’s possible to restore from an image file located AT THE SLAVE side, but it’d be a stupid idea. Initially I thought Ghost would be smart enough to directly use the image file locally on the slave session to clone the drive locally. However, given the speed and my observation with TCPview, this is not the case. It’s doing the stupid thing of crawling the contents of image file from the slave machine in chunks and send it back to the slave!

 60 total views

rsync/Deltacopy gotchas (especially Windows transfers)

Deltacopy is a GUI wrapper around rsync, a feature-packed tool to copy files locally AND remotely, AND differentially (automatically figure out the parts that are different and resend. Excellent for repair) through hash comparisons. For non-programmers, hash is a unique ID computed for a chunk of data that are expected to change wildly even at the slightest data/file change/corruption).

Deltacopy is very useful if you just want to do the basic stuff and not know the rsync syntax and switch combinations off the top of your head. It also provides a windows port of rsync based on Cygwin (a tiny Linux runtime environment for windows). This is the only free alternative to cwRsync, a paid Windows port of rsync.

rsync is a Swiss Army Knife that can also work from one local path to another. Deltacopy is intended for remote file transfer.

Deltacopy server is basically this:

rsync --daemon 

However in Windows, since it’s cygwin, it’s looking for linux’s /etc/rsyncd.conf by default if you do not specify the config file through --config switch.

Deltacopy client basically help you generate the command to transfer files. Most of the features are done through right-click (context) menu, not toolbar or pull-down menus, which might confuse some people. You set up your tasks as Profile, which can be scheduled (the bottom panel) or executed immediately by right clicking on the profile:

Run is pushing file to the server, Restore is pulling files from the server. Run Now and Restore are for executing the command (aka task) immediately. You can peek into what it generated by right-clicking on the profile and choose “Display Run/Restore Command”. First time users might not be able to find it since the only place to access it is through context menus.

There are some tricky parts (gotchas) for specifying the files/folders to copy. First of all, even though you use Add Folder/Add Files button for entries

Basically you can make a (source, destination) pair by modifying the selection and target path. It’s just passed onto rsync command verbatim. The target path is relative to the virtual directory set on he server (see Deltacopy Server’s directory)

The destination path which is endowed with the branch folder name (one-level). In other words, if your source is C:/foo/bar, Deltacopy by default set the destination to /bar instead of /. This is probably to avoid the temptation of lumping all contents in the same remote destination root. If you just want to simply lay the files at the root virtual folder at the destination (my most common use case), you’ll have to edit and clear out the (relative) destination path.

As for the source, the author of rsync chose to do it the logical (more conservative) way but not intuitive way: by default it reconstruct the source folder’s FULL path structure at the destination! For example if you intend to copy everything under C:\foo over, the destination will create {destination root}\foo in the process and put everything under it instead of directly at {destination root}. The design choice was supposed to prevent accidental overwrites as multiple source subfolders try to write over each other with the same names at the destination.

Luckily, there’s a way around it! See man pages for -R –relative: Put a dot (.) at the place where the relative path starts! For example, the source is C:\foo\bar\baz and you do not want /foo to be created at the destination and want it to start with /bar instead. You should enter C:\foo\.\bar\baz as source. Everything the left of the dot (refers to self-folder) are stripped from the destination path structure.


ACL support for Windows sucks because rsync lives on cygwin, which has POSIX (unix/linux) type of permissions/ACL.

https://unix.stackexchange.com/questions/547275/how-do-i-use-rsync-to-reliably-transfer-permissions-acls-when-copying-from-ntf

In my opinion, the best way to go about it is to not transfer ACLs from the source and follow the preexisting ACLs at the destination. I’d also leave the groups and owners alone (inherit at destination) as well I might not be on the same active directory (or workgroup user management) as the destination computer so accounts with the same name might not be actually the same accounts.

--no-p --no-g --no-o

–no-{command} is the complement prefix that does the opposite of the -{command}, so the above means skipping -p (perms/permissions), -g (group), -o (owner) and make sure it has full permissions for everybody.


Sometimes a remote path can be mistaken as a relative local path with the hostname/IP address as the folder name if there’s no username. Start it with rsync:// as the URL scheme and the syntax is like ftp:// as far as username is concerned.

Deltacopy protects the source and destination paths with double quotes (“). It’s a good practice that we should do it even with direct rsync calls.

 34 total views

Not missing Windows after trying Ubuntu Cinnamon Remix

Given that I grew up as a power DOS/Windows user, I often have gripes about how frustrating Linux is and they were almost never ready for people who just want to get common things done by intuitively guessing where the feature is (therefore having to RTFM or search the web for answers).

I deal with HP/Agilent/Keysight instruments a lot and appreciated their effort put on user experience (UX) design. It’s not that user who’s stupid if they have to dig through 5+ levels of menu buttons to measure a Vpp (peak to peak voltage) and the software aren’t smart enough to default to the only channel in use. That’s what Tektronix did to their nasty user interface and raised a generation of Stockholm Syndrome patients who keep buying Tek because they are traumatized by the steep learning curve and would rather walk on broken glass than having to learn a new interface from another vendor (that’s called vendor lock in).

I certainly appreciate Cinnamon desktop environment (came with Linux mint) designers willing to not insist on the ‘right way of doing things’ and follow a path that’s most intuitive for users coming from a Windows background.

The last time I used Linux Mint was 19. There’s still quite a lot of rough edges. Some services got stuck (time-outs) right out of the box and systemd went through slowly. It’s just not fast and responsive. When I tried it again when Mint 20.1 was released, my old i3 computer boots to the GUI in 5 seconds and I was hell of impressed. The icons and menus are also now sized balanced proportions like Windows (can’t stand the big and thick default menu-item fonts like Ubuntu).

However, there’s one big impeding factor for me to make Linux Mint my primary computer: the packages repositories are one generation behind Ubuntu (the most widely supported distro)! Software often have bugs that the developers solved, living with old, ‘proven’ software slows down the iterative process.

I’ve been through hell trying to access Bitlocker volume with Linux Mint 20.1 as not only it doesn’t work right of the box like Windows, I’m stuck with a command line dislocker that doesn’t integrated with the file manager (like Nemo). The zuluCrypt available with Mint 20.1 is too old to support Bitlocker properly. Trying to upgrade it to 6.0 has Qt dependencies which is unsolvable. I was able to download the unsanctioned old revision in debian package but there’s more unsolvable dependencies.

The alternative option of compiling from the source is met with more dependencies fuckery and now the restrictive Mint repository might not have the exact version of the compiler required by the source code package. Aargh!

I was about to give up Linux Mint and install Ubuntu and try to hold my nose changing the desktop to Cinnamon. Luckily I’ve found somebody who read my mind: there’s Ubuntu Cinnamon Remix!

Not only Ubuntu Cinnamon Remix supported Bitlocker right out of the box (no need to fuck with zuluCrypt which doesn’t integrate with the file explorer anyway)! Most of the defaults make sense, buttons are often where I expect them to be. Even Win+P key works identically! The names/lingo are close to Windows whenever possible, and honestly the default Yari theme is visually slightly more pleasing than Windows as it makes very good use of the visual spaces!

Here’s a few transition tips

Windows Ubuntu/Cinnamon
WallpaperBackground
Device Manager(No equivalent) Install hardinfo for System Information
Task ManagerSystem monitor
Windows KeySuper Key
ShortcutLauncher
Lingo
Windows Linux
Foobar2000deadbeef
Notepad++notepadqq
Greenshotksnip
Apps and its near equivalents

I use Winsplit-Revolution in Windows (old version is freeware) that uses the numeric keypad to lock the window to the 9 squares grid using Ctrl+Alt+{Numpad 1-9}. Save the keyboard shortcuts in case if you want to install it again on another computer:

dconf dump /org/cinnamon/desktop/keybindings/ > dconf-settings.conf
dconf load /org/cinnamon/desktop/keybindings/ < dconf-settings.conf

There’s no Ctrl+Shift-Esc key which I often use to call Task Manager (called System monitor). I had to make the shortcut as well to feel at home.

WindowsLinux
(Explorer) Alt-D for address bar(Nemo) Ctrl+L

 49 total views

Qemu for Windows Host Quirks

I’m trying to cross compile my router’s firmware as I made a few edits override the update DDNS update frequency. Turns out it doesn’t work on the latest Linux so I’d need to run an older Ubuntu just to keep it happy.

RANT: Package servers keeps pulling to rug on outdated linux is frustrating. Very often developers didn’t make a whole installer it so we are often wedged between downloading a package at the mercy of its availability from package managers and their servers or compiling the damn source code!

With the promise that Qemu might have less overhead than Hyper-V or VirtualBox (indeed it observably is), I tried installing Qemu on Windows host and it turned out to be a frustrating nightmare.

RANT: Linux is not free. The geniuses did the most sophisticated work for free but users pay time and energy cleaning after them (aka a support network dealing with daily frustrations) to made these inventions useable. There’s a company that does the clean up to make BSD (same umbrella as Linux/Unix) useable and made a lot of money: it’s called Apple Computers since Steve Jobs return.

qemu is just the core components. System integration (simplifying common use cases) are practically non-existent. Think of them as the one who produced an ASIC (chip) and the end-user happens to be the application engineers. There’s a few tutorials on qemu Linux hosts for moderately complex scenarios, but you are pretty much on your own trying to piece it altogether for Windows because there are some conceptual and terminology differences. The man page --help for the qemu’s Windows host’s VM engine was blindly copied from the Linux hosts counterpart, so it tells you about qemu-bridge-helper which is missing.

I stupidly went down the rabbit hole and drained my time on qemu. So I documented the quirks to help the next poor sap who has to get qemu running on Windows 10 host efficiently over Bridged-Adapter (VirtualBox lingo) networking mode.

  • Preparation work to get HAXM accelerator set up
    • Release VT-d (hardware assisted virtualizations) so HAXM can acquire it
      • You’ll need to remove Hyper-V completely as it will hoard VT-d’s control
        • Windows Sandbox and Windows Subsystem for Linux (WSL2) uses Hyper-V. If you just unchecked Hyper-V in Windows Optional Features leaving any of these 2 on, Hyper-V is still active (it only removes the icons)
    • HAXM v7.6.6 not recognized by qemu on clean install. Install v7.6.5 first, then remove it and install v7.6.6. Likely they forgot a step in v7.6.6’s installer
    • Turn on optimization by: -accel hax
  • Command line qemu engine
    • qemu-system-{architecture name}.exe is what runs the show
    • qemu-system-{architecture name}w.exe is the silent version of the above engine. Won’t give you a clue if something fails (like invalid parameters)
    • qemu-img create -f {format such as vhd/qcow2} {hard drive image name} {size like 10G}
  • QtEmu sucks, and they lack any better GUIs out there!
    • It’s basically a rudimentary command line’s GUI wrapper
    • It only has user mode (SLIRP) networking (default)
    • It’s not maintained actively so it doesn’t keep up with the parameter syntax changes (i.e. can generate invalid combinations)
    • Since it uses the silent (with a w suffix) engine, likely to avoid a lingering command window, it also won’t tell you shit and why if something fails. It just ignores you when you press the start button unless all the stars align (you got everything right)
  • Basic command line parameters
    • Set aside 10G for the VM: -m 10G
    • 1 core if unspecified. Number of available threads (in hyper-threaded system) show up as # of processors. It’s referring to logical processors, not physical cores.
      • Windows: -smp %NUMBER_OF_PROCESSORS%
      • Linux: -smp $(nproc)
    • Attach virtual hard drive: -hda {virtual hard drive file name}
    • Attach optical drive (iso): -cdrom {iso file}

I typically want Bridged-Adapter option from VirtualBox, which means the virtual NIC plugs into the same router as the host and just appears as another computer on the same network as host. This is broken into a few components in qemu and you have to manage them separately. Great for learning about how Bridged-Adapter really works, but a lot of swearwords coming from people who just want to get basic things done.

Networking in QEMU is another can of worms if you deviate from the default SLIRP (user mode). I figured out how to work it, but the network bridge is faulty and it keeps crashing my windows with BSOD on bridge.sys with varying error tag. I have short glimpse of it working if I move very fast. Looks like the TAP driver is corrupting the memory as the bridge became very erratic that I see error messages deleting it and have persistent BSOD when the bridge starts after the VM hanged at the TAP bridge on boot.

I listed the steps below to show what should have been done to get the Bridge-Adapter (VirtualBox) equivalent function if there are no bugs in the software, but hell I’m throwing qemu for Windows to trash as it’s half-baked.

First, of all, you need to install OpenVPN to steal its TAP-Win32 virtual network card. It’s not VMware or Virtualbox that it’s part of the package. Qemu didn’t care to tightly integrate or test this driver properly.

Then you’ll need to bridge the “TAP-Windows Adapter (V#) for OpenVPN” with the network interface you want it to piggy back on.

The name of the TAP adapter is what you enter as ifname= parameter of the tap interface in qemu command line. You have to tell qemu which specifically interface you want to engage in. I named the virtual network card as ‘TAP’ above. After bridging it looks like this:

You are not done yet! The bridged network (seen as one logical interface) is confused and it won’t be able to configure with your physical network card’s DHCP client. You’ll have to go to the properties of the Network Bridge and configure the IPv4 with static IP.

You can use ipconfig /all to find out the relevant adapters acquired DHCP settings and enter it as static IP. Coordinate with the network administrator (can be yourself) to make sure you own that IP address so you won’t run into IP conflict if you reboot and somebody took your IP.

After these are all set up the parameter to add to qemu call is:

-nic tap,ifname=TAP

There are complicated settings like -net nic and -netdev -device. These are old ways to do it and have bloated abstractions. -nic switch combined them into one switch.

Then welcome to the world of Windows 10 bridge.sys crashing frequently and you might get a short window of opportunity that it boots and ifconfig acquire the IP address settings from your router (or network the physical adapter is on)’s DHCP server.

It’s like a damn research project finding out something is technically feasible but definitely not ready for production. Welcome to FOSS jungle!

Postscript: I put Hyper-V back and realized it’s insanely slow with Linux Mint as it does not support hardware graphics acceleration. It’s night and day of a difference. Qemu is fast, but it crashes on Windows 10 if I bridge the adapters!

 102 total views

Use old email clients (like outlook express and Windows Live Mail) with SSL email servers after TLS 1.0/1.1 support ended

My email service provider has recently pulled the plug on TLS 1.0/1.1 support as they reached end-of-life. This means old email clients not written for TLS 1.2 and above will not work when it tries to connect to the server with SSL support!

Google did this in 2014 but offered a compatibility option called “allow less secure clients”. Back then I didn’t know it means TLS 1.0/1.1 until I learned it the hard way when my shared hosting email provider pulled the plug on the old TLS protocols and I scrambled to figure out my email stopped working with cryptic IMAP errors (like suggesting my computer might be lacking memory, which is not true).


Stunnel config that needs to be changed from defaults. If stunnel was installed by entware (opkg), the config file is in /opt/etc/stunnel/stunnel.conf.

  1. Disable (comment out) drop privileges
  2. Remove the [dummy] section since we are going to set up sections for each (server, port) pair. stunnel won’t start without any port forwarding sections.
  3. It already has an [imap] section that’s commented out. Change the local port number and the target server url:port to your liking. Do [pop] if you use POP3 email instead of SMTP
  4. Do the same by adding a [smtp] section for outgoing email

You might need to comment out

; You might need to comment out this drop privilege (3rd line in default conf file)
;setgid = nogroup

; Examples of forward sections with a '50' prefix to SSL port numbers to 'convert it to non-SSL' heading to stunnel
[imap]
client = yes
accept = 50993
connect = target_server:993


[smtp]
client = yes
accept = 50465
connect = target_server:465

Can look at the log by just executing stunnel. Use Ctrl+C to quit monitoring the logs.

Of course you want to make sure the stunnel service/server is always started on boot. If you are using entware (or jffs scripts) for your router, add the call to stunnel to /jffs/scripts/post-mount and make sure you set the script to executable so it’ll run:

#!/bin/sh
...
stunnel

Note that it’s post-mount because entware packages are installed on persistent storage (like USB drive or SD card in your router) that needs to be mounted before the files can even be read.

Remember to go to your old email client and change the email server address to computer running stunnel service (can be the same computer as the client, a raspberry pi, or a router). Unless you are managing a company with many old email clients, I recommend installing and configuring stunnel on the same OS which the old mail program runs instead of relying on a centralized router to manage it because it’d be very confusing if the centralized stunnel service is down and you don’t get any warnings that are not cryptic (as mentioned at the beginning of this article).

 90 total views

Off the Matrix Notes

Namecheap Shared Hosting

  • Free Dynamic DNS with domain (Namecheap has a free Windows client. Use zoneclient for Linux)
  • Email (IMAP): usese Maildir (for those who need migration)
  • Contacts: CardDav (use DavX5 adapter on Android)
  • Calendar: CalDav (use DavX5 adapter on Android)
  • Notes/Tasks: NextCloud (can sync with NextCloud’s built-in CalDav server)
  • Blog: WordPress
  • And of course, your own website!

VPS Hosting

  • NextCloud has File-On-Demand (like OneDrive) called Virtual File System (VFS)
  • YunoHost: easy to use modular self-hosting
  • UBOS Linux: distro for self-hosting. Even works for Raspberry Pi
  • Awesome-Selfhosted: has many free web services packages

Phone (Android only)

  • De-google your phone with microG Project
  • Play store: F-droid (Bonus: many open source apps that are paid apps on Google store offer the full version for free on F-droid to encourage you to move away from Google Play), Yalp Store

Research

  • restoreprivacy.com
  • Rob Braxman Tech (He knows about the nasty dictators like the Chinese Communist Party. Don’t think you are safe in America. The reach of the Chinese Communist Party Mafia, formerly known as the Chinese SOVIET Republic) is beyond our imagination.

Alternatives to Big Tech respecting privacy (for now)

  • Search (Google): DuckDuckGo
  • Browser (Chrome): Brave
  • Email (Gmail): see above (self-host) or ProtonMail (zero knowledge encryption)
  • Cloud (Google Drive, OneDrive, Dropbox, etc): see above (self-host) or use zero-knowledge encryption
  • Text/Chat (Whatsapp, Line): Signal App
  • Calling: Telegram has better voice quality than signal, but sometimes it has weird behavior on certain phones. Telegram does not have zero-knowledge proof, so it’s up to Pavel Durov (he’s usually good at not bending to totalitarians).

Alternatives to Big Tech that refuses to censor and manipulate users (for now)

  • Video (Youtube): Odysee (LBRY), Rumble
  • Facebook: MeWe
  • Twitter: Gab, Safechat, CloutHub has a crappy search feature, Parler now has PC bots patrolling and misfiring

Zero-knowledge encryption means the server have no access to the info you put in there as they are all encrypted and protected by a password which only you have (preferably use zero-knowledge proof so the owner of the server do not have any master keys to see your data: you lost the key and the data is practically gone forever)

 61 total views

Share with Catch! Fuck you Disc Soft Daemon Tools!

I just noticed there’s a new context menu item when I right click on my folders:

WTF is Catch!? After some Google search, it seems like it’s something that has to do with Daemon Tools. I do not recall installing such thing, went to Daemon Tools Lite’s settings, and found Catch! in there and it was enabled. I immediately disabled it:

NOT COOL Disc Soft! It’s not even free software. I paid for it. Here’s their serious offenses:

  • Pushing software features (enabling by default) without giving ample notice to users
  • The feature involves adding security risks such as opening ports and sharing files (ok if the users are aware of their presence)
  • Intruding user attention space by taking up a space in their file context menu.

And finally, the FUCKING uninformative name like “Catch!”. Who the fuck do you think you are Disc Soft! Nobody knows its your fucking product as part of Daemon Tools Lite if you silently sneak it in and the name shows up on the context menu! You think you are the Redmond demon who has abusive powers over their PAID customers! It’s almost handled like bloatware.

Even worse, the name “Catch!” is fucking generic that it’s hard to get specific result in web search. I’m writing the blog post so that if I came across that again, I don’t have to do the research all over again.

Dilbert and HR: Top Ten Tips from their Interaction | Creativeconflictwisdom's Blog
Disc Soft Demon Tools: Evil Evil Evil

 79 total views

Dissociating Windows 10 account with Microsoft (online) account

I’ve recently closed my Microsoft account (finding big tech too intrusive and too eager to make users subjects of their social experiments, aka data harvesting) and do not want Windows to link to it.

After tons of research on forums, I’ve found that Microsoft removed “Sign in with a local account instead” button/link in “Settings->Accounts->Your Info” page since 2017. So this method won’t work anymore:

So far nobody offered a solution that does not involve starting over with a new local account, but in involves moving your user specific settings and desktop folders, which is a pain in the butt.

After exhausting publicly available avenues so that I’m not reinventing the wheel, I decided to go back to first principles trying to ‘crack the code’. The first thing I thought of, based off my intuition about Windows system since middle school, is to search for my associated Microsoft Account ID (the email account string) in the registry. Turns out it only appears only in two keys (branches):

#1: HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\UserExtendedProperties\{Microsoft ID}

#2: HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\{Microsoft ID}
#3: HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\{Microsoft ID}\{SID}

Replace {Microsoft ID} with your Microsoft (Web) Account Email address. {SID} is the security identifier of the underlying local/domain user account (starts with “S-1-” followed by a long string of numbers with dashes)

If your Microsoft (Web) account is associated with only one local/domain account (SID), simply delete the two registry branches (called keys) #1 and #2 that ends with your {Microsoft ID}. The line #3 is just a sub-key (sub-folder/ranch) under line #2, so if you delete the whole line #2 branch, the rest below it is gone.


Given the registry key structure, I’d anticipate that if you have associated the same {Microsoft ID} to a few windows local/domain accounts, and only wanted to just break its link to specific local/domain accounts without affecting the rest, you might want to just get rid of this

HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\{Microsoft ID}\{SID}

instead of the first two registry paths that covers information about the {Microsoft ID} unrelated to the local/domain account. To find out which {SID} refers to the local/domain account you want to delete, go to command prompt and type this

WMIC useraccount get name,sid

and it will show you a table that maps your Windows local/domain account name to SIDs so you can pick out the right registry key path (#3) to delete.

Of course, after you’ve deleted the last SID associating {Microsoft ID} on your computer, you might as well delete all references to the {Microsoft ID} to avoid orphan registry keys that confuse people.

 74 total views

Windows Live Mail (2012) IMAP Folder Setup – cPanel Email

My web hosting package comes with cPanel email, which comes with Calendar/Tasks (CalDAV) and Contact list (CardDAV) in one convenient package.

Default setup often causes a few user experience problem

  • Special storage folders not working (hint: path incorrect)
  • Sent email not saved in ‘Sent’ folder

Turns out that every ISP has their own IMAP folder structure. My ISP structured everything, from system special folders (Sent, Drafts, Trash, Spam) to user-defined folder, into subfolders under Inbox.

So the settings in Windows Live Mail should be:

I chose to assign a user-defined folder Archive in place of system folder Trash so I can reroute delete operation to archiving

DO NOT FORGET to set the root folder Inbox! Subfolders are internally accessed as Inbox.Sent, Inbox.Drafts, etc. Using DOT (.) as seperator! Do not use slash like Gmail. It doesn’t work!

If you specify the “Root folder path” and have the special folders relative to that, the Windows Live Mail client will show a flat layout (Just like the webmail client):

Alternatively, I tried entering the special folders’s full path individually one by one

but I’m pleased to see that doing so VISUALLY placed ALL folders (system or use-created) into a nice tree structure that follows its native structure!

Having a root folder “Inbox” implied a prefix “Inbox.” (with the dot at the end) to all special folders path. Again, slash do not work as it’s not Gmail. The separator is dot in cPanel.

Seems like the whether ‘Root folder path‘ is specified determines if the folders are flattened or have the native tree structure in Windows Live Mail’s display.

Special folders settings can be invalid, which the Windows Live Mail Client will quietly ignore them and operate in local storage folders instead.

How did I discovered it? I saw the tool-tip INBOX.sent when I hover over the ‘Sent’ folder in Horder WebMail.

 99 total views

Windows Live Mail (2012) IMAP Folder Setup – Gmail

Many years ago, Gmail changed their folder structure so some of the IMAP settings tutorials are not correct anymore. Since Windows Live Mail (WLM) auto-configures Gmail, the special folders are automatically determined and they cannot be specified. Please leave Root folder path alone like this:

Gmail IMAP folder settings are automatically configured when established automatically in Windows Live Mail
Do NOT change the settings. If you do manual configuration, make sure you mirror these settings.

Basically Gmail decided with the exception of Inbox, which stays at root, all “System labels” goes under the subfolder [Gmail]. However user-created labels (simply called “Labels“) stay at root folder level. For example, I have a user folder called Save enabled for IMAP, the folder tree with the Gmail account looks like this:

Example of Gmail IMAP folder structure. Inbox and user-created labels stays on top.
ALL system labels go under the subfolder [Gmail]

Because you cannot specify where the Trash folder is, delete button really mean delete (to a recycle bin that’s purged in 30 days), not archive to a folder.

Also because Gmail is smart enough to save a copy in your [Gmail]/Sent Mail folder if you use their SMTP (out-going mail) server, the “Save copy of sent message in ‘Sent Items’ folder” setting on Windows Live Mail is irrelevant: you cannot choose not to save it.

And yes, I tried it checking this (for other non-Gmail accounts), and confirmed that Gmail is smart enough to save one copy (not one from the SMTP and one executed by the client).

So here’s a summary:

  • Gmail automatically configures and dictates IMAP’s special folders. You have no choice
  • No special folder choice means you cannot reroute ‘delete’ to mean archive/move
  • If you use Gmail’s SMTP server (likely), it will save a copy of outgoing mail to [Gmail]/Sent Mail folder. You cannot turn this off.
  • Save copy of sent message in the ‘Sent Items’ folder‘ is irrelevant if you use Gmail’s SMTP server. It will correctly save only one copy of the sent mail.

 96 total views