A tale of two drives

So just happened to spot, when running HWiNFO64 to check motherboard version, that my 250GB Crucial MX500 is down to 8% life remaining! What? Couple of months of go when I was checking that value it had 28% life remaining, so all good and plenty of time to plan my next upgrade. Now I’m in panic mode and ordering a new 500GB Crucial MX500 for £43, which is a good price as the 250GB cost me £63 just over four years ago.

HWiNFO64 SMART status
SMART Status from HWiNFO64 v7.26

So what happened? Seems that the Crucial drives have a potential with many small packet writes, this may just be on the model made all those years ago and not on the current models, Crucial have always had a good reputation from reviews. So in the SMART details we can see it has written a lot of data, compared to the other MX500. The failing drive is my boot disk so has the pagefile, core programs (Anit-virus, VirtualBox, Browsers) and applications (Office, VLC, Notepad++) on it.while the other SSD, only a couple of months newer and running the same firmware version, has all the games, documents, photographs and BOINC application.

So the failure drive presumably has all the small packet writes (temporary files, browser cache & cookies, pagefile) while the still okay SSD has the larger writes (photographs, documents).

So just about to install the new 500GB Crucial MX500 replacement drive, and we’ll see how that goes over the coming month. After that the PC will probably be passed on as I should have my new one built and moved into the world of NVMe drives.

Logging “Audit Success” in Windows Logs

I noticed, while reviewing my logs, that I still get masses of “Audit Success” entries in the Security logs. What I mean is 30+ entries every second, seems an insane number to me, even more so as they were all the 4799 event. I mean so a membership was successfully enumerated? Okay move on, but these entries were now in the tens of thousands.

Much hunting round and I found that since Windows 7, I think, logging of successful events is now on by default. So unless you find the process/Service ID GUID of the services triggering the event and turning them off individually or setting them to “Failure”, which would take weeks trying to remove them you’re stuck, well unless your knowledge of audit policy commands is very good.

So welcome to this Superuser.com article, or rather question and answer, to help you out.


Sneak peak is to run this command: auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:enable
To disable successful Credential Manager reads, another frequently logged event, use:
auditpol /set /subcategory:"Credential Validation" /success:disable /failure:enable

The longer version is to read the article and find out how to remove other event types. Either way I’m now down to four or six “Audit Success” events being logged every couple of minutes, and those 4799 events that hid a load of other information are gone now. Woohoo

Remote Desktop – Custom screen size

Sometimes you don’t want to run an RDP session full screen but you do want to want to make use of the real estate more than the default RDP settings allow you to choose. Using the RDP panel you can only select set values from the slider control, there isn’t the ability to be fully flexible.

So you have to customise your RDP session but this time using notepad instead. Generally your RDP session will load its default values from the Default.rdp file, held in your “My Documents” folder. So edit this and change the following two lines to whatever value you want, from the 1920×1080 defaults, in my case.


Exact filename searching on Windows 10

Trying to find a file by filename and file type and getting matches that include the filename and type as well? Windows 10 search seems to have taken a step backwards by being “helpful” in search file contents and filenames, or types, when you use the search box.

Then you need to use the “name” keyword in the quick search box. The name option has two ways of being used:

name: web.config” This does what you don’t want! i.e. it returns files that contain the words “web” and “config”, but it doesn’t return files that have file contents including those words.

name:= web.config” This command will return only matches for “web.config” nothing else.

Windows 10 restarts after shutdown

Currently have an issue where most of the time shutting down the PC just performs a restart, annoying to say the least, been going on since late 2018.
I’m currently trying out this solution to see if it can be resolved.

6-Dec-19: A couple of test shutdowns later and it seems to be working, one to monitor.

Remote Desktop: Map a local drive on the remote host

If you repeatedly use a Remote Desktop session and that session needs access to files on the machine you’re connecting from then you’d normally set up a network drive, possibly mapped as follows:

net use z: \\yourmachine\c$ /persistent:Yes

But, depending on how Draconian your network security is then mapping folders on user machines may actually be blocked. Strange one as this ability is mostly essential when working on a remote machine, especially if a developer. Fortunately you can map using the built in sharing of RDP. Same format as earlier just the machine name changes and effectively becomes a constant, so the mapping is now:

net use z: \\tsclient\c /persistent:Yes

And job done, until the next group policy is introduced blocking that…


Search an MS-SQL database for a specific named column

Need to find a column in a database? The following SQL will return the tables, and columns, that contain a wildcard value

SELECT c.name AS ColumnName,
       t.name AS TableName
FROM sys.columns c
JOIN sys.tables t
 ON c.object_id = t.object_id
WHERE c.name LIKE '%column_name%'
ORDER BY TableName,