Update on handedness (menu location)

A while back I wrote how to change the handedness (which seems to be the correct term, instead of the dreadful ‘Menu on the wrong side with a touch screen’).

I got a machine in my hands which exhibited the previously mentioned problem. However Tablet PC Settings weren’t installed, so we couldn’t open the tab.

After searching the bowels of the internet I found the following shell shortcut:


Putting this in Winkey+R, or in the Windows 7/8(.1) search box will open the Tablet PC Settings, and if you don’t have a touch screen, will default to the Other tab, where you can change the handedness of your menus!

Menus appear to the right of your hand.

Have a good one,


Menu on the wrong side with a touch screen?

When you’re reading this you probably have a touch screen.

So, I never use my touch screen. Almost never. But I did notice that by default my menus in Windows (from a menu bar, not a ribbon) appear (when possible) on the right side of the clicked menu item.

Like this:

Menu appears on left side of the menu toolbar item.
Menu appears on left side of the menu toolbar item.

Goosebumps. Something is off. It took me a while to realize this,

The menu expanded to the left!

So, what is this. I can’t remember what exactly I searched for, but the change you need to make is in Tablet PC Settings.

When your menus are expanded to the left you’ll see something like this:

Menus appear to the left of your hand.
Menus appear to the left of your hand.

This is different from the default that I’ve been used to since I’ve been using Windows 95.

Change it to ‘Left-handed’:

Menus appear to the right of your hand.
Menus appear to the right of your hand.

Hit apply, and restart any offending programs, open a menu and enjoy:

Menu appears on right side of the menu toolbar item.
Menu appears on right side of the menu toolbar item.

I can easy again…

Make sure unattended.xml is not encrypted!

I was playing around with Sysprep using unattended.xml when I hit a weird issue with VirtualBox and Encrypted folders on the host.


  • unattended.xml on the host, encrypted (with Windows EFS).
  • Virtual Machine, hosted in VirtualBox

I mounted the folder with unattended.xml (and other files) inside the VirtualBox and started sysprep (sysprep+shutdown.cmd just executes the sysprep with the unattended.xml from the location and copies a SetupComplete.cmd to c:\Windows\Scripts).

Windows Setup encountered an internal error while loading or searching for an unattended answer file.
Windows Setup encountered an internal error while loading or searching for an unattended answer file.

When booting the VM I got the following error:

sysprep files

To investigate the error I hit up Shift+F10 and checked c:\Windows\Panther\setuperr.log, which had the following error:

[setup.exe] UnattendSearchExplicitPath: Found unattend file at [C:\Windows\Panther\unattend.xml] but unable to deserialize it; status = 0x80070005, hrResult = 0x0.

Googling for the error string didn’t help. Googling for the error code did help. It meant Access Denied. Now what could it be. I had a suspicion that it was the encryption. Let’s find out:

By using the command

cipher /s:c:\Windows\Panther

I saw this:


Notice the E, which means, Encrypted.


notepad c:\Windows\Panther\unattended.xml

confirmed my suspicion:


After removing the file with a Windows disk BEFORE the first boot (afterwards it doesn’t work it seems) the boot went fine, I sysprepped it again (with a non-encrypted unattended.xml) and all went fine.

So make sure you don’t copy unattended.xml to a machine that is encrypted. The keys are lost upon sysprepping!

Clear all event logs on Windows using PowerShell

I was bored with the vast amount of data in the eventlogs which were really not useful for me. So, in order to improve readability on my machine I decided to look for something to clear all of the eventlogs. Easy.

Since I always use the Administrative Events filter to view every warning and error I get a lot of junk (who cares for Kernel-Power warnings?)

Administrative Events

Since I didn’t feel like doing the following steps for each frigging event log there is on my machine. You would need to go to the following steps:

Step 1

Step 2

Now this is an excerpt  from the eventlogs I have on this machine:

Internet Explorer
Key Management Service
Microsoft-Windows-AppLocker/EXE and DLL
Microsoft-Windows-AppLocker/MSI and Script
Microsoft-Windows-Application Server-Applications/Admin
Microsoft-Windows-Application Server-Applications/Analytic
Microsoft-Windows-Application Server-Applications/Debug

And so on (for about 10 times as large). I’m not going to clear them by hand.

So let’s call Powershell to the rescue! (Play Thunderbirds theme song!)

First of all (and nothing to do with Powershell): wevtutil

We’re going to use this tool to display every available event source on this machine:

wevtutil el

The help states:

el | enum-logs          List log names.

Good, that’s what we need. Next up, we pass every line of this list to a command using a pipe and the Powershell Foreach-Object cmdlet

wevtutil el | Foreach-Object { … commands go here … }

The commands are going to be

wevtutil cl “$_”

The help states:

cl | clear-log          Clear a log.

And $_ is the current variable in the enumeration of Foreach-Object. I added the quotes since there are event sources with spaces and we need to have the full name in order to have wevtutil to be able to clear that log.

Now let’s add some diagnostics output to see which one we’re currently clearing:

wevtutil el | Foreach-Object {Write-Host "Clearing $_"; wevtutil cl "$_"}

Now just run it through Powershell, and bam, a clean event log.



Small update on enabling shares in Windows 7.

Execute this line in the CMD as Administrator (start > type ‘cmd’ > hit control+shift+enter) and paste this line (rightmousebutton > paste).

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1

Be sure to DISABLE your Homegroup and to enable file sharing in the Network & Sharing Center

Format after BitLocker.

So yesterday I reinstalled my laptop because some beta driver was acting up, no big deal. I had both of my partitions secured with Bitlocker (and a BIOS password set up) so that my laptop is secure.

After formatting I noticed that my C drive wasn’t encrypted anymore (which is obvious, it was formatted).

But my D drive looked like this:


It was locked. Fortunately I printed my recovery key so I was able to unlock the drive.

Please print the keys, and keep them safe!