WDAGUtilityAccount Windows Security Log

The event ID 4797 with a description of “An attempt was made to query the existence of a blank password for an account.” is related to Windows Defender Application Guard. It was found during digging through event logs because of separate issue.
If you see an alert in your log solution for a new local account created for username: WDAGUtilityAccount (event id 4720 or 4722).

This account is part of Windows Defender Application Guard which is included with RS3 (aka windows 10 fall update). The account is disabled also WDAG is not enabled.
Basically you have user enrolled in the Windows 10 insider program and their box was updated with a new build that includes the WDAG bits.

How to Remove OneDrive from Quick Access

OneDrive comes built-in on Windows 10, and even if you uninstall it via PowerShell’s Remove-AppxPackage, the GUI or a program like Windows XApp Remover it will remain in the left pane in File Explorer Quick Access. While Windows 10 doesn’t include an option to remove the OneDrive shortcut, we’ll show you how to remove OneDrive from Quick Access by jumping into the Registry and removing the shortcut manually. In this Windows 10 guide, we’ll walk you through the steps to tweak the Registry to remove the OneDrive entry in the left pane of File Explorer, but without ditching the service completely in case you need to manage or upload files to the cloud.

OneDrive (previously SkyDrive, Windows Live SkyDrive, and Windows Live Folders) is a file-hosting service operated by Microsoft as part of its suite of online services. It allows users to store files as well as other personal data like Windows settings or BitLocker recovery keys in the cloud. Files can be synced to a PC and accessed from a web browser or a mobile device, as well as shared publicly or with specific people.

How to Create Symbolic Links on Windows

Windows 10, 8, 7, and Vista all support symbolic links, also known as symlinks, that point to a file or folder on your system.
Symbolic links are basically advanced shortcuts. Create a symbolic link to an individual file or folder, and that link will appear to be the same as the file or folder to Windows—even though it’s just a link pointing at the file or folder.

For example, let’s say you have a program that needs its files at C:\Program. You’d really like to store this directory at D:\Stuff, but the program requires that its files be at C:\Program. You could move the original directory from C:\Program to D:\Stuff, and then create a symbolic link at C:\Program pointing to D:\Stuff. When you relaunch the program, it will try to access its directory at C:\Program. Windows will automatically redirect it to D:\Stuff, and everything will just work as if it were in C:\Program.

Windows Performance Monitor Disk Counters Explained

Why the Performance Monitor?
When it comes to the subject of disk performance in Windows, the majority of questions can be quickly answered by Performance Monitor alone. Performance Monitor is very low overhead, does a great job with averages and can also capture and store data over long periods of time. It is an excellent choice to record a performance baseline and to troubleshoot.
For short in this text, we are going to call the Windows Performance Monitor by its nickname: Perfmon. The nickname comes from its executable file located at %systemroot%system32Perfmon.exe.

Hot-add Memory to Linux Guest in VMware

Memory you have hot added in Linux guest virtual machines is not registered using the free or top commands.
This issue occurs when Linux requires manual intervention to expose the newly added memory in the guest. The process is called setting the memory to online.
To resolve this issue, set the memory online in RHEL/CentOS, and Ubuntu/Debian.

    Advertisment ad adsense adlogger