BreakthePaywall now available in Google Chrome

BreakthePaywall is now available as a Google Chrome Extension.

Visit the Breakthepaywall home page:

Or search in the Chrome store for ‘BreakthePaywall’

Or click this direct link:

The Chrome version utilises referer and agent hacks but does not perform any cookie deletion or other storage manipulation. However, this should be enough for most paywall websites.

The Extension adds a simple BTPW button to the Chrome toolbar which you can use to toggle BreakthePaywall on and off. When it’s coloured blue it’s on and grey is off.

Completely disable IPv6 in Windows

You can’t get rid of IPv6 stuff from windows completely but you can effectively turn it off.

IPv6 seems to cause all sorts of problems under Windows and in most cases nobody needs it – yet….the fear is that IPv4 IP numbers are running out and therefore we have to start moving to IPv6 with it’s huge address range (IPv4 just under 4.3billion addresses, IPv6 3.4×1038 or 340 undecillion i.e. vastly more).

However, apart from the fact that there are still masses of unused IPv4 addresses and address ranges out there – I personally know of 2 class C address ranges for companies that I have worked for in the past, handed back to the ISP when not required anymore and are still listed under that companies name as being used – the software and hardware manufacturers need to make easy to transition and co-exist with both address ranges, otherwise it just aint gonna happen. And this is where MS windows seems to fall down in it’s implementation.

My view is, if you don’t need IPv6 yet then turn it off until you do.

My investigations of how to do this were prompted by noticing rogue network adapters listed under Windows 7 AND 8. Running IPCONFIG in the command prompt brought up several strangly named adapters with names such as Toredo tunneling adapter, MS ISATAP adapter.

The toredo adpaters are described on Wikipedia as:

In computer networking, Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts which are on the IPv4 Internet but which have no direct native connection to an IPv6 network. Compared to other similar protocols its distinguishing feature is that it is able to perform its function even from behind network address translation (NAT) devices such as home routers.


ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) is an IPv6 transition mechanism meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network.

I would say that both those functions are better suited to gateway devices i.e routers and switches. Most people on home or business networks will carry on using IPv4 locally for ever – there is no need to upgrade to IPv6 addressing on these networks. Therefore, the translation of one addressing schema to another should be carried out at the edge of these networks – on the hardware devices that connect us to the rest of the internet.

So to get rid of these adapters and turn off IPv6 this is what I have gathered so far:

The Toredo and ISATAP adapters are invoked on demand but stay in your system. They are not listed in the normal Network and Sharing centres network connections. They only appear under and IPCONFIG command or within the device manager as hidden devices:

  • Goto device manager under the control panel.
  • Select Show hidden devices from the View menu.
  • Right click on Toredo or MS ISATAP adapters and select uninstall.

Next you need to disable IPv6 on all network connections.

  • Goto Network and Sharing centre in the control panel.
  • Select Change adapter settings from the left hand side.
  • Right click on each adapter and select properties.
  • Untick the TCP/IPv6 component:


Make sure you do this on all adapters including virtual ones.

Next you need to add a registry entry under the following registry key:

  • [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesTCPIP6Parameters]
  • Add A Dword parameter named: DisabledComponents
  • With the value: ffffffff

This is documented here: expand the Disable IPv6 entry and the bottom of the article for a full list of parameter values.

As far as I know that’s about as far as you can go at present at disabling IPv6.

WSUS Forcing reporting, downloading and installing using powershell


# Powershell Script to force clients check into WSUS server

# Import Active Directory PS Modules CMDLETS
Import-Module ActiveDirectory

$comps = Get-ADComputer -Filter {operatingsystem -like “*server*”}

$cred = Get-Credential

Foreach ($comp in $comps) {

Invoke-Command -computername $comp.Name -credential $cred { wuauclt.exe /detectnow }
Write-Host Forced WSUS Detect on $comp.Name

Invoke-Command -computername $comp.Name -credential $cred { wuauclt.exe /reportnow }
Write-Host Forced WSUS Report-In on $comp.Name



You can change “*server*” to “*” to invoke on all systems.

MSCHAP-v2 for Cisco ASA VPN connections using Radius on Windows Server 2008

When we upgraded our Windows domain servers to 2008 we found the default authentication methods had changed – PAP/SPAP was no longer enabled by default:


Consequently our VPN users could not connect as it turned out they were using PAP/SPAP by default.

We wanted to MS-CHAP-v2 for obvious security reasons so we needed to find out how to change our VPN tunnel groups on the Cisco ASA unit to use the stronger authentication method.

Within each tunnel group:

Configuration -> Remote Access VPN -> IPSEC (IKEv1) Connection Profiles (or whatever type of VPN you use)

Under Advanced -> Password Management

Enable the password management option:


You can also set the password expiration notification here if you use that on your network – this is the Active Directory password expiration i.e. you are prompted every so often to change your network password. If you have users that are permanently on VPN connections then this can be set to warn them well before their expiration so that your IT team does not get calls regarding passwords not working 🙂

The Password Management turns on MS-CHAP-v2 for your VPN connections so you can keep your Radius servers using MS-CHAP-v2 only and ensure you are using the strongest authentication on your VPN connections.

NOTE: Once MS-CHAP-v2 is working you will notice that a extra box appears for domain in your VPN Client logon dialog box – you should enter your Windows Active Directory root domain in this box.


WMI Event errors in Windows 2008 32bit

We were getting WMI errors in the event log after installing Windows Server 2008 32bit:

Windows Management Instrumentation has stopped WMIPRVSE.EXE because a quota reached a warning value. Quota: HandleCount Value: 4117 Maximum value: 4096 WMIPRVSE PID: 2352

Everywhere we looked seemed to suggest a rebuild of the WMI repository.

But that seemed a bit drastic instead we found that recompiling the MOF files worked. Here’s how:

1. Open a CMD prompt 

2. Change directory: cd%windir%System32WBEM (for X64 use SysWOW64WBEM)

3. Execute the following:

FOR /f %s in ('dir /b /s *.dll') do regsvr32 /s %s
Net stop /y winmgmt
FOR /f %s in ('dir /b *.mof *.mfl') do mofcomp %s
Net start winmgmt

You can just copy from here and paste into the command prompt each instruction in turn.

No more messages received after this.

Windows RDP Keyboard Shortcuts

Just pressing Ctrl+Alt+Del when in an RDP session sends the keystrokes to your local desktop – how do you do Ctrl+Alt+Del in a remote desktop session? Here is how to do it and some other useful keyboard shortcuts:

Ctrl+Alt+End – Equivalent of Ctrl-Alt-Del – Security dialog box is opened where you can lock, log off, change password etc.

Ctrl+Alt+Break – Toggles between full screen and window mode.

Alt+Page Up – Equivalent of Alt+Tab – switches between application windows.

Alt+Home – Equivalent of pressing start menu – opens the start menu.

Ctrl+Alt+plus sign (+) – Equivalent of Print Screen button – copies just the RDP session window not your whole screen.

Ctrl+Alt+minus sign (-) – Equivalent of Alt-Print Screen button – copies just the window that has focus within your RDP session.

Exchange 2003 services erratic or stopped after FSMO role transfer and DC demotion

We had problems with Exchange 2003 server after transferring FSMO roles from the DC server to a different DC server and demoting the original server to a basic file server (Exchange server was completely separate i.e. not a DC).

The process of transferring FSMO roles and demotion as described in these MS articles:

went through without any problems but later in the day we had reports from Exchange users that they could not get email – Exchange server was acting erratically and eventually services stopped altogether.

It transpired that the Recipient Update Server (RSU) was at fault. The RUS needs to use a Global Catalog server (typically there is only one per domain). It was looking at the old server for the Global Catalog. I tried to change it to the correct server but ran into an error when trying to select the DC stating ‘The operation failed. ID no 80004005 Exchange System Manager’.

I checked there were no rogue records in AD of old DC servers using Petri’s excellent article:, but no old servers were listed.

As I could not change the RUS settings through the system manager I looked for another way to change them and found this solved the problem:

Open ADSI Edit and navigate to ConfigurationServicesMicrosoft Exchange<Organization Name>Address Lists ContainerRecipient Update Services.

On the right side, you will see the RUS links listed.

Right click on the relevant RUS and select Properties.

Where you see “Select a property to view:” select msExchServer1NetworkAddress.

You should see the current Domain Controller listed.

Click on the Clear button

Change to correct server and click Set and OK

Restart the Microsoft Exchange System Attendant Service


Windows Server Strict Naming not allowing server alias names (CNAME DNS records)

By default Microsoft Windows Server only allows clients to access it via file manager (SMB access) using the name of the server. It will not allow you to use an alias e.g. a CNAME alias setup in the DNS server records.

To rectify this follow instructions in this Microsoft article:

This opens up all sorts of possibilities e.g. for SQL mirroring we can give servers names like SQL_Principal, SQL_Mirror, SQL_Witness rather than their actual names which means if we bring a new server online we can simply change the DNS record to the new IP of the server. Or our Exchange server has an alias of Exchange and all our Outlook clients point to Exchange on our domain rather than the actual server name – again a simple DNS change is all that is required to swap servers.

DNS Records not updating for DHCP clients

When we setup Microsoft DHCP and DNS servers we found that when client machines obtained new DHCP IP addresses on the local subnet the relevant A and PTR records were not added to the DNS server. This manifested itself when client machines could not be pinged.

Apparently the DNS records are not updated unless a client machine requests it – which does not happen when a new address is obtained.

To change this behaviour:

This is a modified configuration supported for Windows Server 2003-based DHCP servers and clients that are running Windows Server 2003, Windows 2000, or Windows XP. In this mode, the DHCP server always performs updates of the client’s FQDN and leased IP address information regardless of whether the client has requested to perform its own updates.

To configure a DHCP server to register and to update client information with its configured DNS servers, follow these steps:

  1. Open the DHCP properties for the server
  2. Click DNS, click Properties, click to select the Enable DNS dynamic updates according to the settings below check box, and then click Always dynamically update DNS A and PTR records.