Microsoft Outlook has got to be one of the most common business applications that just about everyone uses. So when it fails to open, it can feel like the start of a bad day. One error message that I have encountered a few times now is the “Invalid XML” message when trying to launch Outlook. The most common reason for this error is that the XML file that contains the settings for Outlook’s navigation pane has become corrupted. The navigation pane is the one that is on the left side of Outlook and lets you change between your mailbox, folders, calendar, contacts, tasks, etc.
So how do we fix the error? The first thing to try is to simply reset the navigation pane.
Hit ‘Windows+R‘ on your keyboard to open the ‘Run‘ window.
Type in the following command: Outlook.exe /resetnavpane
Hit the ‘OK‘ button.
Then re-launch Outlook to verify that everything is working.
If the above action did not resolve your Outlook issue, then the next course of action would be to delete the actual XML file and force Outlook to generate a new/fresh file the next time it opens. Here’s how we can do that.
Hit ‘Windows+R‘ on your keyboard to open the ‘Run‘ window.
Type in the following command: %AppData%\Microsoft\Outlook
Hit the ‘OK‘ button.
It will open ‘File Explorer’ and take you to the directory that the XML file resides in. Look for a file named ‘Outlook.xml‘
Delete the XML file.
Then re-launch Outlook to check that it is working now.
That is how to fix the Outlook ‘Invalid XML’ error. I hope one of these methods worked for you so you can get back to your emails.
If you’re like me you probably use one machine heavily. You have all of the hosts and devices which you connect to regularly, saved in Putty. but what if you want to conveniently share all of those saved settings with a coworker, or back them up so you can restore them in the future to a new PC.
Putty saves all of those ‘saved’ sessions in the Windows registry. While you’re not able to export them directly from Putty, you can use the command line to export either just the sessions, or all settings, from putty.
Note: These instructions only work with the ‘regular’ installed version of Putty on Windows. They will not work with the portable version.
Open a Command Prompt (or PowerShell) as an Administrator.
This will create a “reg” file on the desktop of the current user. It will not export SSH keys. Do not replace “SimonTathom” with your username, Simon is the author of Putty and that is the name that particular folder inside the registry where the settings are saved.
Copy the reg file to the machine which you want to import the putty settings on.
Double-click on the .reg file and accept the import.
BGinfo is a great utility/tool that I really like and I literally have on every server I deploy. It is totally customize-able and able to display whatever system information that you feel is important to you, right on the desktop background making it easy to see at a glance. It could be used to display anything from the server’s name, IP addresses, hard drive usage, memory usage, OS version, or even the user that you are currently logged in as.
Follow my article about finding the startup folder in Windows, and make a copy of your shortcut into that startup folder. I prefer to copy the shortcut to the “Common Startup” folder, that way it will launch for any user that logs into the machine… But it’s up to you if you want to put it in the “User Startup” or “Common Startup” folder.
Now it’s time to test it out! Try logging out and then logging back in.
In recent years Microsoft has moved around where they “hide” the startup folder. That’s the folder that gets used to launch applications that start automatically when the user logs in. It’s not necessary hard to find, but it is well hidden.
There’s actually two places that startup folder lives. Each user has their own startup folder that will launch programs specific to that user. And there is also a common startup folder which will launch programs for any and all users that log into that machine.
How to find the users’ individual startup folder
Right click on the start menu and select ‘Run’.
Type “shell:startup” and click ok.
The startup folder will open, and you can drag-and-drag and shortcuts or applications you need into.
If you need to manually dive thru folders to get to the user’s startup folder, go to, but remember to change “<USER>” to the one you’re looking for:
Windows makes it incredibly easy to run an application or script as another user on your computer. I find that I most often use this to run administrative or domain tools, when I’m logged in as just a normal user.
This is the easiest method. While it took me a little while to remember it, I now use it almost daily and without even thinking about it.
Press and hold down the ‘Shift’ key on your keyboard, while you right-click on the program you want to launch.
This will only work on executable (EXE) files or shortcuts to executable files. If you try this and don’t see the option, then it is not an executable file.
This method will create a shortcut that “knows” to launch an application as another user.
Create a shortcut to your executable
Right-click on the shortcut and modify the “Target” to:
runas /user:DOMAIN\USERNAME "path to executable"
Click ‘OK’. Then launch your shortcut. You will get prompted for your password everytime you launch your shortcut.
If you need to store the password with your shortcut, then modify the “Target” to this instead:
runas /savecred /user:DOMAIN\USERNAME "path to executable"
Click ‘OK’. Then right-click and select “Run as Administrator” the first time you use the shortcut. You will be prompted for the user password and it will get saved. From then on, just clicking the shortcut will launch it as your desired user.
Alright this is basically the same method as above, so I didn’t feel right calling it a third method.
You can take the same trick from “Method 2” and just use it to run an application from a command prompt window.
C:\> runas /user:DOMAIN\USERNAME "path to executable"
Most companies will use a certificate to sign their applications before they release their software to the world. This helps the user know to that the software they are running actually came from the software vendor, and hasn’t been altered or changed by someone.
Certificates are based on key pairs. There is a public key, and a private key. In terms of digitally signing an application, the public key is often just referred to as the Certificate.
How it works, in simpified terms… The software vendor holds a private key, and they guard it, keeping it safe in their organization. You can also think of is their fingerprint that they’ll use when signing something as it is unique. The public key is what we can see. Using a hash in the digitally signed application, we can use their public key, to see is if the hash value can be verified. If it checks out then we know that the digital signature is valid. If it doesn’t, well then we know the signature has been altered.
The I’ll show you below how you can pull the public half of the Certificate from an application. In this example we’ll pull Adobe’s certificate from Adobe Reader DC.
Right click on the application you want the signature of and select “Properties”
Click the “Digital Signature” tab, select the signature, then click the “Details” button.
Note: If you do not see the “Digital Signature” tab, then the file is not digitally signed.
Click the “View Certificate” button.
Click the “Details” tab and then select the “Copy to File” button.
Follow the “Certificate Export Wizard”.
After completing the export wizard, you’ll have the digital signature certificate of the digitally signed application.
Using GPOs is a great way to allow or block programs from running on your corporate network. Just be careful and limit yourself to only blocking the applications which you actually have a need to block. Don’t go too crazy locking down programs
Microsoft first made the introduction of “Software Restriction Policies” in Windows Server 2008 and they’ve continued to evolve. Today I will show you four ways which Microsoft allows us to restrict programs from running.
File Path / File Name Rule
Network Zone Rule
To begin, fire up the Group Policy Management Editor. Click on the start menu and type “gpmc.msc”. If you are on a Domain Controller it should work. If you’re on a workstation you’ll likely have to run Server Manager as a Domain Admin (or other user with the correct administrative privileges), choose “Group Policy Management” from the ‘Tools’ dropdown.
Once it’s open, scroll down to the folder “Group Policy Objects” and right-click on it to create a “New ” policy object. Give it an appropriate name, something like “Software Restrictions – Test”. Now find and right-click on your new policy and select “Edit…”.
The software restriction policy exists under both “Computer Configuration” and “User Configuration”. So depending on your needs, you can lock down either the user or the computer.
Drill down into the policy… “Policies” -> “Windows Settings” -> “Security Settings” -> “Software Restriction Policies”.
Right-click on “Software Restriction Policies” and click “New Software Restriction Policies”
Select and open the “Additional Rules” folder.
Right-click under the two pre-existing default entries, and then from that drop-down menu select the type of rule you want to create. I’ll expand on the four methods below…
There are three security levels used in all of these rules:
DISALLOWED: Software will not run, regardless of the access rights of the user.
BASIC USER: Allows programs to run only as standard user. Removes the ability to “Run as Administrator”.
UNRESTRICTED: No changes made by this policy – Software access rights are determined by the file access rights of the user.
My examples below all show how to block software with ‘dissallowed’ rules. But just remember that you can just as easily allow for software by using ‘basic user’ and ‘unrestricted’ rules. Use them wisely!
1. Block by File Path / File Name Rule
In this example I will show you how to lock down the computer from running WordPad.
Select “New Path Rule”.
Type, or use the “Browse…” button, to enter the file path or file name you wish to block. Make sure that the ‘Security level’ is set to “Dissallow”. Then click ‘OK’.
Note: System variables will all function in the rule, variables such as %windir%, %ProgramFiles(x86)%, %AppData%, %userprofile%, and others.
It is important to note that many applications launch in more than just one way. So you may have to block multiple executables to fully block the application, just fyi.
You also need to take note of where/how software get launched from, as some applications have multiple ways they can be launched. Just FYI, in case you start banging your head as to why some block rule doesn’t seem to be working.
Also be careful using just the file name itself to try to block a program from running. If you were to block just the file name ‘update.exe’ for example, hundreds of applications all ship with an ‘update’ executable and they would all be hindered and unable run.
My rule of thumb is to always use the full path unless it’s truly a unique file name, and even then I still prefer to use the full path.
2. Block by Network Zone Rule
Select “New Network Rule”.
Select the Network zone you want to block. Make sure that the ‘Security level’ is set to “Dissallow”. Then click ‘OK’.
These rules allow you to block programs if they come from sites you’ve designated into a zone, like your Restricted sites. Or in the case that you were to be creating an allow rule, your local Intranet. While this option exists, it seems unlikely to me that most SMBs ever use it.
3. Block by Hash Rule
In this example I will show you how to lock down the computer from running WordPad.
Select “New Hash Rule”.
Use the “Browse…” button to navigate to the file which you are wanting to block. Select the file and click ‘Open’. It will automatically pull the needed file information and the “hash” it needs from the file you selected. Make sure that the ‘Security level’ is set to “Dissallow”. Then click ‘OK’.
The only problem this method has is that file hashes change any time there is ANY change to file. It doesn’t matter how small of a change is made, it will always create a new hash. That means that hash rules are best applied to older software that you are trying to kill, and not for programs that get updated often.
4. Block by Certificate Rule
In this example we will be blocking applications signed by Adobe Inc.
Select “New Certificate Rule”.
Use the “Browse…” button to navigate to the certificate file which you are wanting to use to block signed software. Select the file and click ‘Open’. Make sure that the ‘Security level’ is set to “Dissallow”. Then click ‘OK’.
Certificate rules are by far one of the most secure rules as they rely on certificates from trusted publishers. Because of this but they require more work on the PC’s part as it goes out and tries to verify the validity of the certificate, so they may significantly effect performance. I can’t tell you how much of an impact they’ll create, but it’s enough that MS warns us. Also, if the certificate ever expires, you’ll need create a new rule.
The Quick Access links is a feature in Windows that gives the user an easy way to access the folders which use frequently by pinning them to the top of the left pane in ‘File Explorer’. Sometimes the file that stores the pinned items can get corrupted and thus you loose access to the Quick Access pinned items. Here’s a few ways to fix it.
We can reset the Quick Access Recent Items. This method will only apply to “stuck” recent folders, and won’t affect your pinned folders.
Right click on the Quick Access star icon and then click on ‘Options’.
Click the ‘Clear’ button under ‘Privacy’.
All of your Recent folders will be cleared from the Quick Access list.
This method will reset and clear the Quick access shortcuts. But in my opinion this is the better way to fix it, as you can always re-pin your shortcuts.
Open File Explorer and copy/paste the following folder location:
Look for and then delete this file from the folder:
cmd.exe /c del “%AppData%\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms”
*Or you can open a ‘Run’ dialog (Windows key + R) and copy/paste the following command into it to delete the file.
cmd.exe /c del "%AppData%\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms"
This method will remove and clear any custom pinned items and frequent items from the Quick Access list. Windows will automatically regenerate the “f01b4d95cf55d32a.automaticDestinations-ms” file the next time that you launch File Explorer and wil list the default Quick Access links which you can expand upon.
A bad user profile could happen to any one of your users. It could happen in Windows desktop or on a server. The user will log in and instead of their profile getting loaded, the OS decides it wants to load a temporary profile the the user. The user will a pop up message stating “You have been logged on with a Temporary Profile” and that any changes won’t get saved.
It can be frustrating for the user, for sure. However, once you know where to go to fix it, it’s not too big of a deal.
Why does it happen? Well there are a variety of reasons. It could be corrupt. It could be delayed, likely from an antivirus program, or some service not responding, or many other operations. Once Windows has loaded a temporary profile for a user, it will continue to do so. That user will always load their temporary profile until you fix it.
How to fix it? You can try to reboot the computer. Depending on whether this is a desktop or server, that may or may not be an easy task to try. If that doesn’t resolve the issue, follow my steps below to fix it. It should work in almost all cases.
1. Login as an ‘Administrator’ to the machine.
2. Click the start button
3. Type “reedit” and then right-click on program to ‘Run as Administrator’. Click ‘Yes’ to any UAC pop up.
5. You will see a list of all of the profile names. Two will be named the same, with one of them ending with “.bak”.
The temporary profile does not have the ‘.bak’ at the end of it. The original or “old” profile has the ‘.bak’ at the end of it.
6. Now that we know which profile is which, we need to rename them.
We need to rename the temporary profile by adding a ‘tmp’ to the end of it.
Next we will rename the original profile by removing the ‘.bak’ from the end of it.
7. Reboot the computer to complete the process.
8. Log back in as the affected user and it should now load the original profile.
9. Once the original profile has been restored, as an administrator you can re-open the regedit tool and navigate back to the same entry from “Step 4”. Right-click on the temporary profile that ends in ‘.tmp’ and select “Delete” to permanently remove it.
If the did not help, then your only other option would be to create a new user profile. To do this, you’d need to, as an administrator, delete the user profile before having the user log back onto the machine. Everything such as user documents and files would be lost though. Hopefully you have a good backup of your data that you restore from.
The Folding@Home (F@H) team has released v7 (currently v7.5.1) of their F@H software. It has a newer simpler graphical interface aimed at making it easier for people to install and contribute to the project. Here is how to make it run on your Windows computer.