I migrated this blog post to SuperUser.com, yay! :-)

I was attempting to repair the welcome screen on Windows XP for a client yesterday.
Here's a list of the repair steps I attempted:

• Toggled Welcome Screen / Fast User Switching
• Checked control userpasswords2
• Ran System File Checker: sfc /scannow
• Checked Fast User Switching Compatibility service (services.msc)
• Checked Terminal Services service
• Checked Event Viewer (Winlogon) for issues
• Verified no GinaDLL entry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
• Verified HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LogonType was set to 1
• Verified HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon\AllowMultipleTSSessions was set to 1
• Imported the Restore Fast User Switching registry file from kellys-korner-xp.com (includes AllowMultipleTSSessions)
• Checked HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system possibly overriding the above
• Ran XP_FixLogon.exe from dougknox.com to verify the default standard Gina was in use
• Getting desperate: double checked stats of gina files: dir *gina* /p/s/a (even after SFC verified them)
• Getting desperate: used NirSoft's RegScanner to search for strings containing gina in the registry looking for something suspicious

and finally

• Ran Logon Loader Recovery Tool, which finally repaired it!

Daniel Milner (Milner Solutions), you are my hero. I don't know what black magic your tool performs that SFC and registry tweaks couldn't compete with, but I'm deeply intrigued, and grateful.

If Twitter was indexed, then I could count on brief tweeted solutions reaching a public audience, but they're not. So here's a very brief post, with perhaps many more to come, giving a solution to a tricky problem. I hope that it's reliably indexed and found for those experiencing the same issue, even if that audience is very small, solutions deserve to be shared! ;)

There is an issue with the WUSB54G network adapter on Windows 7 (on Vista as well I think). It could only be present on a 64-bit OS, I don't know. The Wifi connection will repeatedly drop, and many times the adapter will completely disappear from device manager, as if it has been unplugged. The only thing to be done is to unplug and replug the adapter.

It seems like a power management issue, but the Power Management tab on the adapter properties in device manager doesn't help. Nor does adjusting USB Selective Suspend in Power Options.

The solution is to install the RT2500USB driver from Ralinktech.com Your device will now appear as an RT2500.

02-01-11 Update: I discovered the true problem was, as might be expected, insufficient power reaching the USB device. It didn't help that I was using a long, light-up, cable, plugged into the front panel of my computer. I moved the plug to a powered USB Hub, reverted the driver, and have had no problems since.

If still having difficulties, try running WLAN Optimizer, perhaps even in streaming mode. Vista was notorious for a terrible background scan lag spike every 60 seconds, which while drastically reduced in Windows 7 doesn't seem entirely gone.

05-16-11 Updated and polished.

In the previous article we established an SSH session with KiTTY. However to take full advantage of Cygwin and SSH it's equally important that your Windows client can connect with Cygwin's ssh.

As Pageant handles authentication for KiTTY, so ssh-agent authenticates for ssh.exe.
But we're on Windows! We like KiTTY, and Pageant has a nice interface, it should be all we need.

Charade is an ssh-agent in Cygwin that proxies requests to Pageant.

Client instructions (Windows-centric variation on keychain)

1. Install Cygwin and hstart and configure environment variables on the client as done previously on the server.
2. Compile Download charade.exe
3. Drop it in C:\cygwin\bin
4. Add another program start action to our Pageant entry in Task Scheduler.
   Program: hstart Arguments: /noconsole "bash -c "charade > ~/.ssh-agent""
   Move this entry up, before Pageant's start action.
5. Append source ~/.ssh-agent to the end of C:\cygwin\home\<User>\.bash_profile
6. Run task, launch local Cygwin shell, connect to your server: ssh <hostname>. Hooray!

With charade operational, we can use rsync and Unison over SSH. Awesome!
Remember when we exported our private key in OpenSSH format (no file extension)? That's the one ssh.exe requires.

Here's an example bash script for pushing changes over a LAN with rsync that handles spaces in filenames.

#!/bin/bash
receiver=$1
# escape spaces in file paths
# (the escapes won't be visible if you echo... you'd need to triple escape... which we don't want)
src=`cygpath $2`
src="echo $src | sed 's/ /\\ /g'"
src=`eval $src`
if [ $# = 2 ]
then
dest=$src
#src=$src/
else
dest=`cygpath $3`
dest="echo $dest | sed 's/ /\\ /g'"
dest=`eval $dest`
fi
source ~/.ssh-agent
# rsync
# -a, archival mode, does:
#	-r (recursive)
#	-l (copy symlinks as symlinks)
#	-p (preserive permissions)
#	-t (preserve modification times)
#	-g (preserve group)
#	-o (preserve owner)
#	-D (preserve device & special files)
# -v, verbose
# --delete, delete extraneous files from destination dirs (DANGEROUS)
# --rsh, the remote shell to use
# -z, compress file data during the transfer
# ssh
# -a, disables agent forwarding
# -x, disables x11 forwarding
# -c, set the cipher specification (blowfish being the quickest)
#LAN rsync:
rsync -s -av --delete --rsh="ssh -ax -c blowfish" "$src" $receiver:"$dest"
#WAN rsync:
#rsync -s -avz --delete --rsh="ssh -ax" "$src" $receiver:"$dest"

I call the script from within my text editor like this: cmd /c bash ~/push.sh Chris-Laptop 'C:\abc\some_source_dir' 'C:\some_dest_dir'
(or 'C:\abc\source_dir\' 'C:\abc\dest_dir\', or just a single 'C:\abc\source_dest\' if the path is equivalent at the destination.)

It's important to understand the distinction of a trailing slash on the source folder with rsync (especially with --delete). Back up your data before experimenting.

More to come!

10-15-11 Polished.

Configuring Secure Shell on Windows 7 (or Vista) requires a bit of a special configuration for full ass-kicking. User Account Control should be enabled (duh).

Server installation & configuration

1. Install Cygwin. You could use copssh, but don't. More on that later.
2. Include package: openssh. Also rsync and unison, because they're amazing.
3. Run Cygwin Bash Shell as Administrator.
4. Execute: ssh-host-config
5. Answer Yes to privilege separation, and yes to a new local account.
6. Answer No to installing as a service. This is critical. Explanation further down.
7. Execute (including the > symbol):

   mkdir ~/.ssh
   > ~/.ssh/authorized_keys
   

   Creating this file from the terminal assigns the appropriate permissions (Cygwin's None account is granted read access).
8. Edit /etc/sshd_config in a text editor such as WordPad (not Notepad).
9. Uncomment and change PasswordAuthentication to No. We're using public-key cryptography.

Public-key encryption

1. Run PuTTYGen on the client.
2. 1024 bits is useful for SSH from a smartphone (which is quite valuable), especially with low signal, as it will negotiate a connection quicker. Use 2048 if you wish. Generate.
3. Comment it: User@Server-PC, e.g. Chris@Chris-PC
4. Absolutely give it a passphrase.
5. Save private key to the drive as User@Server-PC.ppk
6. Conversions -> Export OpenSSH key, as User@Server-PC (no extension). You'll want this later.
7. Save public key as User@Server-PC.pub, you may want this later too. (Note this is not the same format as in the next step.)
8. Open C:\cygwin\home\User\.ssh\authorized_keys on the server.
9. Paste the public key displayed at the top of PuTTYGen on the client into this file on the server. (A secure local Remote Desktop connection works well for this.)

Preliminary

This will allow us to store certain standalone executables, and omit their full path when launching them. It will also allow us to launch the server from outside of a Cygwin Bash Shell. (Note that Cygwin's bin directories will appropriately take precedence, as seen in the file C:\cygwin\etc\profile.)

1. Create C:\Executables
2. Press WindowsKey+PauseBreak, click Advanced system settings.
3. Open Environment Variables..., under System variables double click the PATH variable.
4. Add: ;C:\Executables;C:\cygwin\bin with leading semicolon, at the end. (You may prefer C:\Executables in the User PATH instead.)

Launching SSH daemon (server)

1. Unzip hstart.exe to C:\Executables. Hstart will help hide a console window, but it's also very useful for (de)elevating applications, as you'll see later.
2. Open Task scheduler on the server. (Why task scheduler? To bypass the prompt for application elevation on startup.)
3. Create Task..., name it SSHD, check Run with highest privileges.
4. Is the server a laptop? Uncheck Start the task only if the computer is on AC power under the Conditions tab.
5. Set it to launch when you log on under Triggers.
6. Under the Actions tab click New... Program: hstart Arguments: /noconsole "C:\cygwin\usr\sbin\sshd.exe -D"
7. Confirm all, F5 refresh, and Run that sucker! You may need to Allow access through the firewall.

Q: Why did we go to this trouble instead of allowing ssh-host-config to install SSHD as a service?
A: So that the daemon runs as a child process of explorer.exe. Although you can allow a service to interact with the desktop, it won't have the desired effect. This way we can launch notepad remotely and have it open under our user session on the server, a child of explorer, fully visible and ready for input, and that's super awesome!

Client configuration

1. Download KiTTY.exe to C:\Executables, a Windows only fork of PuTTY with considerable advantages.
2. Create or download C:\Executables\kitty.ini with the following entries:

   [PuTTY]
   keys=load
   

   This will copy KiTTY's configuration to PuTTY's registry keys on each exit, maintaining compatibility with tools such as plink and Pageant.
3. However it won't work unless the HKEY_CURRENT_USER\Software\SimonTatham\PuTTY registry key already exists. The fast solution is to import this .reg.
4. Rename kitty.exe to putty.exe, for compatibility with Pageant.
5. Download Pageant.exe to C:\Executables.
6. Create a log on triggered entry Pageant in Task Scheduler on the client, as we did for the server. Except do not run with highest privileges (more on that later). Program: pageant Arguments: C:\path\to\User@Server-PC.ppk
7. Run the task! Type in your passphrase.
8. You'll see Pageant in the notification area. Right click, New Session (if you don't see this double check steps 2, 3, and 4).
9. Add the host name or IP, jump to Connection -> Data and add only your username, then jump to SSH -> Auth and browse to the private key.
10. Back under Session, type in a session name (how about User@User-PC) and Save.
11. Click Open to connect!

Now when the client machine boots, Pageant will prompt for your passphrase to access the private key. After which you can launch an SSH session through Pageant's Saved Sessions in the notification area, and Pageant will automate key verification. Sweet!

File browsing

Now install WinSCP wherever. Configure nothing. With KiTTY fully connected, click on its top-left icon. Select Start WinSCP. Like whoa! Full SFTP access without even configuring WinSCP, awesome! (If it failed to connect, you may have already had WinSCP installed, reinstalling it opting to delete configuration files is one solution.)

Launching applications

As our SSH daemon runs with administrative privileges, we have full remote system access. Often, however, we will want to launch an application with non-elevated privileges. For this you can use hstart.exe /nonelevated. An even more convenient way is to create an alias in .bashrc in your Cygwin home directory on the server (C:\cygwin\home\User\.bashrc). Consider adding the following:

alias med='hstart.exe /nonelevated '

You can reload the file with source ~/.bashrc. Now you may launch an application like: med notepad, and it will run with a Medium (non-elevated) integrity level, as a standard program would.

There will be more to cover in Part 2, which will illuminate some of our choices and the strength of this configuration.

I have 26 folders in my My Documents folder. Do you know how many of those I intentionally created myself? Nope, lower. Okay, I'll tell you: zero. Applications dump their garbage in there like crazy, and it's annoying as hell, I thought this was where I put my documents! Windows is designed for users to save here, they've made it quite convenient. If only it wasn't so damn polluted!

I'll be honest, when I first saw Libraries in Windows 7 I thought, "Uh oh." Then after hearing Joel Spolsky talk about it on this Stack Overflow podcast I thought, "Oh no."

Well guess what? Libraries in Windows 7 might actually be quite the clever and elegant solution to User Space Pollution, and that, my friend, is a very good thing.

It's simple really, the Common Dialogs of Windows 7 (open/save file...) are designed for conveniently saving to libraries in general now, and no longer My Documents.

So the solution is simple. Create a new folder in %UserProfile% (that's C:\Users\<Name>), and name it something like Own Documents. Now click on your Documents library, and then where it says Includes: x locations. Add your new folder, and right click it and set it as the default save location. I strongly recommend removing My Documents from the list entirely.

Applications don't use the library interface, they will pollute "My Documents" specifically, and you no longer have to see it! Furthermore, the Documents library will now point to and hold your actual own documents. ;) Eureka.