O R G A N I C / F E R T I L I Z E R: 05.14

May 30, 2014

misc: power savings problem with snagit 12

I have been a fan of snagit for very long time now. when I saw snagit 12 was released, I had to get my hands on it! as a mvp, one of the many benefits you get is nfr (not for resale) licenses for a lot of different software by a lot of vendors.

I won’t pretend there was some immediate correlation I drew to the problem I started having after installing snagit. it wasn’t something immediate or evident. my monitors will go into low power mode after 10 minutes of inactivity. I noticed after coming back to my desk several times that it wasn’t happening anymore.

I checked all my power settings to make sure nothing changed. everything looked fine. I recalled at some point that powercfg was a utility I had seen and played with some while back that could be useful in narrowing down where the issue might be.



the first thing I did (other than figuring out how to use the tool) was run an energy report.

powercfg /energy /output "energy.html"


without the /duration switch, the default collection period is 60 seconds. this seemed more than plenty to catch what I needed to see. looking through my report (energy.html) I found these lines:

System Availability Requests:System Required Request
The program has made a request to prevent the system from automatically entering sleep.
Requesting Process \Device\HarddiskVolume3\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
System Availability Requests:Display Required Request
The program has made a request to prevent the display from automatically entering a low-power mode.
Requesting Process \Device\HarddiskVolume3\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe


I was able to verify what was displayed here by looking at the current requests:

powercfg /requests


as you can see, the snagit32.exe process is clearly registered as a process in two places.

[PROCESS] \Device\HarddiskVolume3\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
[PROCESS] \Device\HarddiskVolume3\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe


I ran a very quick test to make sure I could reproduce the effect (as I had intended to open a bug.) sure enough, when I closed the snagit program and ran powercfg /requests, it no longer appeared. when I turn on snagit, it still doesn’t register anything. it happens only after you initiate a screen capture.

it would appear proper that it should request not to go into a low power mode while the capture is occurring. I think where it’s failing is removing the request after it completes the capture. bug filed.



powercfg has another useful switch: requestsoverride. it’s not one of the more friendlier switches since it doesn’t provide any positive feedback if you do something right. (it ain’t your mama.) I like to have snagit running all the time. you never know when I need to capture a picture of a cat and create a quick meme. it happens.


since, in my scenario, the snagit32.exe process is registered in two places (display and system,) I ran the requestsoverride switch like this:

powercfg /requestsoverride process snagit32.exe display system


and when I hit enter, nothing. validation was only found running the switch with no parameters:

snagit32.exe DISPLAY SYSTEM

now my monitors switch into low power mode just fine with snagit running. hurray for cats!



I’m sure there must be a hidden switch to do this in powercfg, but I wasn’t able to find it. I took a guess that the overrides were written to the registry somewhere and thus fired up procmon. tracing powercfg.exe to find it was cake.



jumping over to this section in the registry confirmed that this is where the overrides are:


so… if you need to clear them, just delete the values of interest.



techsmith is a great company to work with. I used their support forum to file a bug indicating that I could easily repro it. the same day, techsmith responded with their acknowledgment. :]

Hi Marcus,

This is a bug we have logged and are hoping to get this fixed for an upcoming release we're working on. Im really sorry for the trouble.

Please let me know if there is anything else I can do to help.

Kind Regards,
Senior Support Specialist

May 20, 2014

atlanta techstravaganza 06.06.2014

did you save the date? well, it’s not too late!

what is atlanta techstravaganza you ask? it’s a yearly group meeting where atlanta systems management user group, the atlanta powershell user group, and the atlanta windows infrastructure and virtualization user group come together for a gigantic event.

we have three tracks running concurrently providing information from topics on system center, powershell, and windows server. along with that, we have a BYOD hands-on lab. along with great content, networking opportunities, and free food, we always end the event with some great giveaways.

we’ve moved locations this year from the microsoft alpharetta campus to the georgia tech research institute. while we love and appreciate what microsoft does for us, their campus size was unfortunately limited to 100 people. at GTRI, we have doubled the capacity!

having twice the space doesn’t mean you should wait. seats will go fast, and as in previous years, we are likely to completely sell out. come get educated with a fully belly and meet some of your atlanta peers! look forward to seeing you at the event.

registration link is available here: http://www.atltechstravaganza.com/

May 19, 2014

managing local admin passwords

one of the missing features that gives some windows administrators (and ALL security administrators) heartburn on the windows desktop platform is the lack of built-in controls to manage local passwords. group policy preferences was one of the ways you could get around this problem, but as you probably already know, it was quite insecure and recently addressed by a security update. okay, so where does that leave us?

recently, tom ausburne wrote this bang up article which goes into quite a few things, like the insecurity of group policy preferences, the jiri method, and pass the hash. it’s definitely worth the read and provides all the steps necessary to set up the jiri method in your environment.

so what’s this jiri method? it basically changes the local admin password to something random and stores the value in AD. the disclaimer is that the password is stored unencrypted in clear text. tom’s article goes a bit into protecting the attribute (a concept called confidential bit.)


helpful links:

how to automate changing the local administrator password
pass-the-hash (PtH) whitepaper
group policy preferences elevation vulnerability
the jiri solution
confidential attributes (or bits as i came to know it)