- Hardening AppLocker - Thu, Jun 25 2020
- AppLocker Audit vs. Enforced mode - Tue, Jun 23 2020
- Creating AppLocker rules from the Windows event log - Wed, Jun 17 2020
Here are a few examples I have gotten from my end users. The first one gives me no information (and has a normal comment in it about IT's job being to break computers):
On the other hand, this piece of paper was once delivered to my desktop:
Getting informative messages starts with making it easier for the end user to capture the error messages returned by the system. Here, I offer some easy-to-teach tips on doing just that.
Every error message in Windows includes copy/paste functionality. When you get an error message such as this one, just press Ctrl+C. This copies the text from the error message to the clipboard.
You can then open an email and paste it there. I'll just use Notepad here.
If the error is not from Windows or for some reason doesn't allow copy/paste, you can use OneNote. Just capture the message with any screen capturing tool (Snipping tool, Snagit, etc.). I'll do that from OneNote in this example.
If you used a tool other than OneNote itself, paste the picture into OneNote. Now right-click the picture, and choose Copy Text from Picture. Then just paste it out again. It uses optical character recognition (OCR), so it works on anything; on the other hand, it is not perfect.
Now that you have the error in text format it's also easy to paste it to a search engine. I'll just paste it right back to OneNote.
Our users often think we know all the error codes by heart. But there are 32,768 error messages in Windows, so we really don't. This is a common conversation I have, as people honestly think they are doing a good job as they took note of the error number.
Customer: "Sami, I had error 1617."
Me: "What did it say?"
Customer: "No idea but I wrote down the number."
Luckily, we can translate these. This is a skill I use myself all the time, as event logs often show only the number. As do error messages.
There is an older tool that takes in decimal values and it's in NET.exe. Here is an example:
NET HELPMSG 1617
If you have a hex value, you can use the newer version in WinRM.exe like this:
WINRM HELPMSG 0x651
Some error messages are quite funny. Try my favorite one out!
Subscribe to 4sysops newsletter!
"When you are married and you go to a company party, you need to remember NET HELPMSG 4006."