Can you Recover Data after Re-imaging?

So I have re-imaged a computer and it has been several weeks. I have already re-provisioned the computer and another user has been writing to it obviously. The simple answer on this one is the chances are incredibly slim. Although after speaking with a Kroll Ontrack recovery rep they did say something can still be recovered but highly unlikely it would be what we were looking for. I also had memory of using FTK imager for file investigations. That ended up being far to pricey just to recover data although their product is great for finding lost data or hidden data; A post for another time on FTK..

I tried the free program Recova to see what thatrecovamight unveil and it picked up some deleted PDF files but even the ones it deemed were in excellent condition were too damaged to work in Adobe Acrobat. And of course its advanced feature will at least let you filter through pictures,files,documents etc.. I will say it was good only for recovering images since it seemed to keep them intact. But again only the ones deemed excellent(denoted by the green circles)

Download I tried from Recova at time of post:



Nonetheless in a situation involving a Hard disk data recovery your best bet is to send it to a professional company and even that isn’t a guarantee but if the data is that important maybe it’s worth the cost. A managerial decision to be made.

And of Course another lesson in Backup. Always backup your information. In this case we had the user wait forever to tell us what was needed and with a backup policy that doesn’t include local hard drives it was close to impossible. You move on and leave it in the past.

Downloading Youtube Videos Instead of Streaming on Phone

So there are several programs to use for this but my favorite has become “Youtube-dl”  It’s a simple command line program you can easily use for scripting and more. But simply its just simple to use and straightforward no gui, just type in the commands on your command line and your set!youtube-dlworks

It involves basically taking the Share URL for the video or Playlist you want and then downloading it to your working directory from the CMD prompt. That’s it we just use CMD for this bad boy.


Here are my notes  on the basic uses. I basically just use it to download playlists to play on my phone using my Home internet connection. This saves my phone’s preciously expensive High Speed data!

USING youtube-dl in Powershell
-install python
-Download youtube-dl
-Download the .exe file for windows and create a folder for it in your Program Files C:\program files\youtube-dl
-Now add it to the environemental path for use in powershell and cmd

  • Go to>Start Menu > Right Click “Computer” >Properties> Advanced System Properties > Environmental Variables button at bottom > Under “System Variables” go to the PATH variable
  • Edit and by adding a “;” to the end enter your path C:\program files\youtube-dl

-Start Powershell or CMD.exe(just type them into the start menu search) ChoosingPsOrCmdand use it as any program you would call with the command “youtube-dl” and add any arguments after see below for simple practical uses
-Keep in mind a video downloads to the current working directory displayed in your CMD prompt(Just open file explorer and browse there)



                                           youtube-dl <url from youtube to video>

-Files are downloaded to the working directory.


youtube-dl -cit <url of playlist>

-Go to the Youtube channel click on the play list (not play all) and you should see a “share” button for the play list for which you can download.
ie: the share button on this page will generate the playlist url:

-You had to update before using powershell in admin mode

youtube-dl -U


Dell OptiPlex 9010 Driver Signing Issue

Description: Dells Optiplex 9010 PCs will sometimes become unsigned and the Windows 7 Microsoft Operating system won’t use them rendering the Keyboard and Mouse useless.

Steps to Take:

You can verify this issue by checking your Device Drivers and seeing the problematic drivers(Start Menu>Right Click My Computer>Manage>Device Manager)

Quick Workaround restart your PC and spamming the F8 key to get into the Advanced Boot menu. Then choose to start with Signed Drivers ‘Disabled’. This should boot to Windows with generic drivers and the keyboard and mouse should be working again.

Now the Fix: Replace the affected drivers with good drivers. So first you will need to Copy drivers from a working PC into a share somwhere.

We will need to install the Unlocker.exe program or whatever you choose to be allowed to rename the driver files here: %windir%\System32\drivers

Rename the affected drivers to .OLD and replace them with the good drivers(Click on pic for drivers to pull). Pull the good drivers from a working PC.


Copy and Paste the good drivers into the drivers directory and restart the PC. Walla all good:)

UPDATE: seems to have been an issue related to KB2913431

Remove the update from PCs and try to make sure it doesn’t get distrbuted via WDS or SCCM.



UPDATE: Me and a Colleague wrote a script on the process save this into a .bat file and its automated for you! Just remember to edit the part where you will enter your server-name when mapping to it to copy the files from.

@echo on
rem * Take Owner of files and make new owner the local administrators group *
takeown /f c:\windows\system32\drivers\iusb3hub.sys /a
takeown /f c:\windows\system32\drivers\iusb3xhc.sys /a
takeown /f c:\windows\system32\drivers\usbccgp.sys /a
takeown /f c:\windows\system32\drivers\usbd.sys /a
takeown /f c:\windows\system32\drivers\usbehci.sys /a
takeown /f c:\windows\system32\drivers\usbhub.sys /a
takeown /f c:\windows\system32\drivers\usbport.sys /a

rem * break inheritance, grant modify permission to the local administrators group *
icacls c:\windows\system32\drivers\iusb3hub.sys /inheritance:r /grant:r “Administrators”:M
icacls c:\windows\system32\drivers\iusb3xhc.sys /inheritance:r /grant:r “Administrators”:M
icacls c:\windows\system32\drivers\usbccgp.sys /inheritance:r /grant:r “Administrators”:M
icacls c:\windows\system32\drivers\usbd.sys /inheritance:r /grant:r “Administrators”:M
icacls c:\windows\system32\drivers\usbehci.sys /inheritance:r /grant:r “Administrators”:M
icacls c:\windows\system32\drivers\usbhub.sys /inheritance:r /grant:r “Administrators”:M
icacls c:\windows\system32\drivers\usbport.sys /inheritance:r /grant:r “Administrators”:M

rem * rename the “bad” files*
ren c:\windows\system32\drivers\iusb3hub.sys iusb3hub.sysOLD
ren c:\windows\system32\drivers\iusb3xhc.sys iusb3xhc.sysOLD
ren c:\windows\system32\drivers\usbccgp.sys usbccgp.sysOLD
ren c:\windows\system32\drivers\usbd.sys usbd.sysOLD
ren c:\windows\system32\drivers\usbehci.sys usbehci.sysOLD
ren c:\windows\system32\drivers\usbhub.sys usbhub.sysOLD
ren c:\windows\system32\drivers\usbport.sys usbport.sysOLD

rem * map drive with the “good” files *
net use z: “\\YourServer\Location Of Good Driver Files”

rem * copy the “good” files to the local computer *
copy z:\iusb3hub.sys c:\windows\system32\drivers\iusb3hub.sys
copy z:\iusb3xhc.sys c:\windows\system32\drivers\iusb3xhc.sys
copy z:\usbccgp.sys c:\windows\system32\drivers\usbccgp.sys
copy z:\usbd.sys c:\windows\system32\drivers\usbd.sys
copy z:\usbehci.sys c:\windows\system32\drivers\usbehci.sys
copy z:\usbhub.sys c:\windows\system32\drivers\usbhub.sys
copy z:\usbport.sys c:\windows\system32\drivers\usbport.sys

rem * remove the drive map *
net use z: /delete

rem * reboot local computer *
shutdown -r -t 0 -f


Microsoft KB3114717 Issue

Funny how we have to protect ourselves from Microsoft’s own mishaps along with malicious software,oblivious users and all the like… But that’s the IT game.

And so it happens; Your users start to experience freezing across their Microsoft office programs out of nowhere and you need to become a detective. In my experience this has always been because of a recent update that has been applied to your organizations computers. Not sure how everyone else goes about applying updates but in this case It is controlled by a WDS server and then further controlled by System Center Configuration Manager. After checking the sites device collections I found that all affected computers were within the collection that receives all of the most recent Microsoft updates. Upon further research I found that it was linked to installed KB3114717 recently pushed by microsoft on 02/09/2016(Feburary’s Patch Tuesday 2016)

Uninstall this KB and walla; issues gone. Just another thing to look out for and another great reason to put together a Microsoft WDS server that will control which updates to push. This combined with Update groups and Device Collections in SCCM makes isolating and keeping machines from being patched to only a minimum which will serve to keep user outcry to only the selected test machines. Afterwards we just move that affected KB into a “do not deploy” group and collect the rest for deployment to the entire domain of computers.

If your reading this and just need to know how to uninstall it manually use this quick little guide:

Start Menu > Search Bar > type ‘appwiz.cpl’ > click “View Installed Updates” > Search for KB3114717 in the upper right hand corner of the Pane> Find it and uninstall itkbuninstal

As always make sure the users run with the programs for a day before you mark this issue as resolved.





My Overview on RIP Version 2 Routing


  1. Classless
  2. Sends Subnet Information
  3. VLSMS
  4. CIDR
  5. authentication
  6. key management


Devices: Cisco 2811 Router


  • router rip—Enable RIP routing from Global Configuratoin Mode
    • version 2—Enable RIP V2. Default is Version 1
    • network <network ID>——Make sure to add the networks of the configured interfaces.
      Tip: everything is basically configured the same as RIP V1
    • no auto summary—–disable summarization to advertise sub-netted classless routes. It is enabled by default.

debug ip rip ————turn this on from privileged exec mode    to see the router display rip packets/routers being sent in advertisements. Use the ‘no form’ when finished to stop the processes

Video Play:

Cyber Organisms

Cyber Organisms; What was I thinking?
Well the idea here is incredibly abstract at best but I hope this will make some sense. We know that in our real analog world the rules of nature and Darwinian evolution have evolved almost every creature we encounter on this earth and the same process on other worlds could be discovered as well.
These creatures including our own ape like species can be called an organism. An organism; kinda sounds like what it is. An organized compilation of parts forming a completed ‘ism’ so to speak that we might name Homo Sapiens or German Shepard. I tie this to our cyber world created and for the most part evolved by us humans. And in this digital realm we have organisms similar in context to the flora and fauna of the analog world. This is my though on ‘Cyber Organisms.’ These organisms would be made up of the hardware, software and below it all the programming languages and machine code that makes the instruction set for the software and hardware. All human derived but eerily similar to genetic code in biological animals and like an instruction set for us in the animal kingdom we can say our genetic codes perform very similar functions to that of the machines.