Recently I had to do a vulnerability scan for a client using OpenVAS. If you haven’t already used OpenVAS then you should, it’s the defacto opensource vulnerability scanner and v9 is a breeze to use. One of the results in the latest vulnerability assessment revealed that there was a webservice running on port 8000 of a server but the process responsible was just plain old ‘System’. With a bit of headscratching, I had to find out what that service was and whether we could/should/would block it or disable it.

Port 8000 was flapping in the wind and suffered some nasty vulnerabilities

The client has an SLA that requires any vulnerability of a with a severity of 7 or above be dealt with within 24 hours of being discovered so we had to find a solution fairly urgently. Viewing port 8000 in a browser didn’t really help.

Port 8000 was determined to not help me out.

The first thing was to use good old netstat to show which process was holding port 8000 open. So running the command netstat -aob|find “8000” told me that the PID was 4.

PID is 4…hmmmm

But PID4 just equates to SYSTEM. Which is about as helpful as one of my kids when the PS4 is turned on. Any service that uses the HTTP API in Windows will effectively be handled by the SYSTEM process, so I couldn’t just look up the process and kill it.

Enter netsh, the under-used command line hero of Windows. You can use netsh to show the list of processes registered to run HTTP services through the SYSTEM process, but the output isn’t awesomely straightforward. The command netsh http show servicestate returns the following information, showing me that something is running on port 8000.

As clear as mud

The output doesn’t actually show the process responsible for the URL. However if we scroll down the (very long) output you will see other blocks of information showing the process numbers of all the processess registering URLs. Unfortunately they don’t include the port numbers so you have no choice but to look up each process number and try disabling that process and then testing the port.

At last, a process number

After testing every process number shown in the output, process 54320 hit gold. This related to the Intel SBMA Provider Service.

Finally!

Disabling the Intel SBMA Provider Service in the services admin tool closed port 8000 up like my wallet on a day out.

Now, obviously you could also close that port with the firewall on the machine, but if possible I prefer to find the root cause and at least make an assessment of the cause first. I’ve also not been able to find out what the Intel SBMA Provider Service actually does, but disabling it has so far not caused any issues, nor has blocking that port. If you know what it does, let me know in the comments below.

The post What’s running on port 8000 ? appeared first on Oliver Marshall.

Those of you (un)lucky enough to own a shiny Dell XPS 9560 15″ MacBook replacement need to watch out for the current bios update labelled 1.2.4. It’s proving to be quite an issue for Dell owners, causing laptops to be bricked and get stuck at the Dell logo at boot.

I’ve just taken delivery of my new laptop – check out the Dell Outlet store for some cracking XPS deals – and I’ve had a hell of time with it, the bios update being just the last of many issues in the 24 hours since I unpacked it. I installed the update and watched as the laptop rebooted, told me it was updating, then sat there. Ten minutes past, then an hour. Nothing.

I found three solutions that might help you if you are in a similar position.

1. Turn the laptop off and then hold the power button down for 25 seconds until the charging light – at the front under the centre of the trackpad – flashes. Then turn it off and on again. This has been said to reset the bios settings and, after having to press F2 to re-enter the BIOS date/time etc you might be lucky. When I tried it it just booted back to the Dell screen.
2. Turn the laptop off and press Fn and the power button. This will cause the laptop to boot in to diagnostic mode. You should see the Dell logo appear along with some yellow text in the top right corner. Going through the diag process has caused some people to become slightly happier with their laptop. This didn’t work for me either. My laptop just sat at the boot screen with the yellow text showing “Entering diagnostic boot”.
3. This one worked for me. Turn the laptop off and press and hold both the Fn and power buttons and keep holding them down. My laptop booted, then flashed the charging light, then rebooted and then sat at the Dell screen. This time I saw a spinning circle of dots under the logo and eventually Windows appeared. When I was in Windows, well, it wasn’t happy, so I decided to go to the Bios and Apply then exit. Next reboot everything was just fine (by fine I mean it was back to normal, which isn’t fine).

I hope this helps for you. Now I just need to get past the laggy performance in Chrome and anything to do with graphics, the absolutely terrible “killer” WiFi connection and also the slowness of the keyboard response when typing.

All in all, I’d rather have bored out my own ear than buy this laptop, but you live and learn. Next time, I’m going back to Lenovo.

The post Dell XPS 9560 stuck at Dell logo after bios update 1.2.4 appeared first on Oliver Marshall.

Recently I was struggling with an issue with a clients Windows 2012 Server which refused to check in to Storagecraft’s CMD management portal. Below is the fix that worked for me.

Storagecraft CMD is the free management component for Storagecraft Shadowprotect SPX; perhaps the most ubiquitous SME backup tools and super MSP friendly.

This particular backup server wasn’t checking in to our CMD portal. Despite some emails back and forth to Storagecraft we just couldn’t get it to check in. We ran the gamut of rebooting, re-installing, updating.

Storagecraft CMD showing an us a really information error

We checked the CMD log file, which can be found in C:\ProgramData\StorageCraft\endpt\log, and found the following error:

170426 07:26:21 I [8148] cmd_endpt.core.services.base_factory (203): spx.rest_access.no_response<{"cause": "stcx.NoConnection('Cannot Connect: Connection to 'https://127.0.0.1:13581/spx/version/' failed: HTTPSConnectionPool(host='127.0.0.1', port=13581): Max retries exceeded with url: /spx/version/ (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 403 Forbidden',)))', data=b{})"}

The cannot connect to proxy error was a little confusing. Disabling the firewall on the server didn’t help and we weren’t using a proxy for internet access.

When we tried to access the URL shown in the log, https://127.0.0.1:13581/spx/version/, we got a 404 error rather than the 403 shown in the log. Perhaps that was the clue, what if the files weren’t there because they couldn’t be put in to the right place.

We stopped the Storagecraft SPX service and set the Logon tab to use a domain administrator account. We did the same for the Storagecraft Endpoint Agent service.

After restarting the services we could connect to the URL above and get a response. The agent checked in within about 10 minutes and everything was good.

We subsequently set the Storagecraft SPX service back to log on as the Local System account and everything remains working.

If you found another cause for this then let me know in the comments below.

The post How to fix cannot connect to proxy error in Storagecraft CMD endpoint appeared first on Oliver Marshall.

I recently had to install and configure the amazing AlienVault security appliance at a client site who had recently upgraded their VMware platform to 6.5. Immediately we hit an issue with the deployment of the virtual appliance template when VMware failed to import it with the error “Failed to deploy VM: postNFCdata failed”.

We tried various browsers, including Edge, Chrome and Firefox but the error existed on all of them. We had no problem uploading the OVA file to the datastore but VMware just refused to import the damned OVA to a VM. I even asked nicely!

The Solution

There appears to be a few solutions but the one that worked for me was to use the VMware OVFTool to import the OVA file from the command line. Here’s the working command line.

ovftool --acceptAllEulas --noSSLVerify --skipManifestCheck -ds="datastore1" --diskMode=thin --net:"bridge"="VM Network" <PATH TO ALIENVAULT HERE> vi://root:<YOUR PASS HERE>@<VM SERVER IP HERE>

Run the command from the directory that the OVFTOOL is installed in and you should be good to go.

AlienVault is the provider of the market leading security tools including AlienVault Unified Security Management (USM), the AlienVault Open Threat Exchange and OSSIM, an equally awesome opensource Security Information Event Management (SIEM) tool. If you want to know more then get in touch with us over at Oakson and find out more about AlienVault.

The post Failed to deploy VM: postNFCdata failed when deploying AlienVault to VMware ESXi 6.5 appeared first on Oliver Marshall.

Sometimes you are dumped in to situations at short notice and need to get an answer in fairly short notice. It was in this type of situation that I found myself when I popped in to a friends office and they had a query about certificates for their developer team.

Sometimes you are dumped in to situations at short notice and need to get an answer in fairly short notice. It was in this type of situation that I found myself when I popped in to a friends office and they had a query about certificates for their developer team.Â

It came down to knowing which certificate was being presented by a server for secure LDAP. Their friendly IT bod wasn’t available and I didn’t have access to the server. They just needed to be able to identify the certificate.Â

It turns out that OpenSSL was our friend. Grabbing the Windows version of OpenSSL and extracting the exe was the first point of call.

Then we used the following command, replacing servername with the actual server name

openssl.exe s_client -connect servername:636

This gave us the following output which was enough to identify the certificate and the dev-pidgeon-chap was happy.

CONNECTED(000001CC)
depth=0 CN = server.mycompany.local
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = server.mycompany.local
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/CN=server.mycompany.local
   i:/CN=mycompany-server-CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgITcgAAAJD3L7sNtAF88QAAAAAAkDANBgkqhkiG9w0BAQsF
ADAXMRUwEwYDVQQDDAxXSVNILVJPQ0stQ0EwHhcNMTcwMzEzMTUwMTUxWhcNMTgw
MzEzMTUwMTUxWjAaMRgwFgYDVQQDE6fghdt454fdgagubG9jYWwwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5/Stz1ROQpTB1eT2t+FZplSDEi3DwHCpE
1bYq/yqhFjB35HqnHbSdQPLLKy+kl0ayjzueiVKG7yTFaJDO+cRJs+zkodKdCv9e
qn0fDEtg3BdwfZARXhD+YHIJMcS0CykUby24hBHuWoPPFyVqhd9yhVhMDOaZYKu3
LwkswcbokJ1n2/CyyrHbV6kx2eH40F4wZ7wYbGs1tYp5pZO44apAVhiksgajH/DB
cqfk1CpeYszd7aoPs7Zbhfgteg5fdgdgfIQDsacS9w4K2vtjFKp65aYUHnt6zgQx
xdXJVCfvAo5paKstld4Pchc6CdNsfF3MTcPt4d/c1jk5V1Vc1A3JAgMBAAGjggJV
MIICUTAvBgkrBgEEAYI3FAIEIh4gAEQAbwBtAGEAaQBuAEMAbwBuAHQAcgBvAGwA
bABlAHIwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1UdDwEB/wQE
AwIFoDB4BgkqhkiG9w0BCQ8EazBpMA4GCCqGSIb3DQMCAgIAgDAOBggqhkiG9w0D
BAICAIAwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBLTALBglghkgBZQMEAQIwCwYJ
YIZIAWUDBAEFMAcGBSsOAwIHMAoGCCqGSIb3DQMHMDsGA1UdEQQ0MDKgHwYJKwYB
BAGCNxkBoBIEEO13M6SElcBIuYufgfTGf5sf^%JvY2suV0lTSC5sb2NhbDAdBgNV
HQ4EFgQUqcWV17MNi55qua2Yuo6S4YJQQn0wHwYDVR0jBBgwFoAUzYGReq8f8Q6S
hq0tPkqPGrOCmx8wOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL1JvY2svQ2VydEVu
cm9sbC9XSVNILVJPQ0stQ0EuY3JsMIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYB
BQUHMAKGgZ1sZGFwOi8vL0NOPVdJU0gtUk9DSy1DQSxDTj1BSUEsQ049UHVibGlj
JTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixE
Qz1XSVNILERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1j
ZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBCwUAA4IBAQAPaYWA98CJ
pQGWwOrfFOcrfYhkxt4Ggg4VckMm8ub6dqGbRI1op3Jmg7T+4Oi8t+8GjTVeAE8O
B3qzVtW6W6q7W6oOo/9UDfMH30qaDQWASBXqImc2/s/N+PZTm0y1XCUPNjE45w27
gVhhVyG+p0cnb2LHYWbJ3i6nX93tZoki07qRdpWCujRuF9W+xr4fGVp9BUrOQp6C
kTbJC+Ch3FghtTGgf234PZXNOmDJuWOjDP7w7SdxLWrY+85F9o8QK3AkaVjF8Ij
54rgFGThdfhdfgrtwfdg+tN05subbG9w/J+8sxGtaSNkofxK8+tbew
sMzAHYobAwCD
-----END CERTIFICATE-----
subject=/CN=server.mycompany.local
issuer=/CN=mycompany-server-CA
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1
Peer signing digest: SHA1
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1875 bytes and written 501 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: C727000085D21AFFDBCA98D8BFF070CCAEF952D75175937B078AAF5F5D18B
    Session-ID-ctx:
    Master-Key: 7A51DB49F67057631D1554FDG42DA8210D4B53F18C56AAEC6683258B843GFDRFT534124CB426B1EB4AC9290511884D8F
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1496999812
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
read:errno=10054

The post How to find the SSL certificate used by LDAPS appeared first on Oliver Marshall.

Just today I had to remotely configure a new VM on a virtual host running VMware ESXi 6.0. No problem, I thought, have that running in a jiffy. However when I fired up the Windows installation process I couldn’t use the \ key to finish the deployment of the image. Each time my sweaty digits jabbed the backslash key I was given a #.

This appears to be more than just a keyboard layout issue. I could enter the ascii code for a backslash (092) but that too gave me a hash key. Another option, using ALT and <, gave me nothing at all. The rest of the symbol keys were equally messed around.

The result of my furious bashing of the backslash key

Here’s my quick fix.

1. From the Actions menu in the VMware web console window, choose the French (Swiss) option. This will return the backslash key. However it will also change the rest of the layout, so just use it to enter the backslash and then return it to normal.

   Choose the French Swiss layout

2. Et voila! The backslash is returned. Be sure to return back to English before you type the password.

   And the backslash key is now working

The post Backslash doesn’t work in VMware ESXi when installing Windows appeared first on Oliver Marshall.

Gargh! Why is nothing perfect?!

Right, now that that’s done, I’ve just had an issue with a Windows Server 2012 R2 server which was stuck in constant reboot cycling. An update was installing and then immediately failing with a happy-go-lucky-message that read “We couldn’t complete the updates. Undoing changes. Don’t turn off the server”. It may as well have read “Go boil your head!” for all the good that it did me.

A wonderous message to behold when you reboot your server

Now’s a good time to bemoan the lack of decent offline patch handling in Windows. Within a running live Windows instance the update handling is pretty good and, clearly, you have access to a tonne of tools to help you. However when Windows is offline there’s nothing, bugger all. As my Nan would have said “You’ll be up the creek and told to f*** off!”. What Windows needs is an F8 option to show pending updates, and allow you to easily disable them, remove them, whatever.

Anyway, after desperately trying to tell VMware to slow down enough for me to F8 and get Windows in to recovery mode, I finally got rid of the updates and after a few reboots all was good.

1. Desperately hit F8 when Windows boots and click Recover Windows. Alternatively you can also boot from the Windows Server 2012 R2 ISO/DVD and choose repair.
2. Go in to the Advanced Repair options then choose Command Prompt.
3. Enter your recovery password if asked to do so.
4. At the command prompt type diskpart to enter the diskpart tool
5. Then type list volume to show the current volumes. Note down the drive letter that relates to your servers primary drive. In my case it was D.
6. Type exit to exit the diskpart tool.
7. Now type the following being sure to change D to the drive letter from  the previous step.
   

   move d:\Windows\WinSXS\Pending.xml d:\Windows\WinSXS\Pending.old

8. This will remove the xml that details any pending updates.
9. Exit the command prompt and reboot your server.

You will find that your server might reboot several times as it tries to recover from this. But bear with it and you should be good to go.

The post Windows Server 2012 R2 stuck in reboot cycle due to failed updates appeared first on Oliver Marshall.

We’ve looked at how awesome Tracks in ConnectWise can be. For those of you that don’t know, ConnectWise is one of the leading PSA tools and one of the few pieces of software that I’d actually seek out to use if I had a nugget of choice in the matter. Tracks are workflows that you can action against customer records and which can trigger the sending of emails, the creation of tickets and activities and other useful things.

There are lots of uses for Tracks, as I’ve already looked at 3 ways to use Tracks in ConnectWise, I won’t go over those again, but check out the post and get an idea as to what you can do. For now though, here is how to set up a Track.

1. In the Setup Table in ConnectWise go to the Track table.
   
2. Click the + at the top of the page to add a new Track.
3. Enter a clear description in the Track. This will be seen by your users when selecting Tracks to put customer on. Hit save to show the rest of the form.
   
4. Once you’ve saved the Track you can now add the actions themselves. The list of available actions isn’t long but it should cover most eventualities. Each action also has an option at the end of its settings to determine when the action will be triggered. Currently you can only specify the number of days in the future to trigger the action, but it would be really handy if you could specify dates or even relative periods such as “at the end of the month”.
   • Add to group
     This will add the contact (or primary contact when applied to a company) to a pre-created group.
   • Change Company Status
     This action will allow you to change the status of a company such as Active, Inactive, Delinquent, Not-Approved etc.
   • Create Activity
     This will create an activity against the company or contact record. This uses the standard ConnectWise activity window so you can specify what type of activity and its status.
   • Create Service Ticket
     Allows you to choose a pre-created service template to use to create a ticket in any board.
   • Send Email
     This will allow you to create and send an email using the standard ConnectWise email form so you can use the standard placeholders.
5. Once you’ve added your actions you can save the track and then apply it. To apply the track to a record, open up a Company or Contact and click on the Track tab. From there add your Track. Once it’s added the actions will be triggered, or schedule for triggering based on their settings. You can check back on the Track later on and see the number of actions that have been taken.

The post How to create a Track in Connectwise appeared first on OliverMarshall.net.

The sharing permissions in OneDrive default to allowing anyone to access a document with a link. Whilst very useful, it’s obvious that this level of access might not be ideal for companies and could lead to accidental access to a document. Here’s how to change the default sharing permissions in OneDrive.

1. In Office 365 click on the grid icon and then choose Admin
   
2. Click Admin Centers then SharePoint to open the SharePoint admin portal.
   
3. Click on Sharing on the left side list of links to show the Sharing options screen. Set the default sharing options which can be found under the Default Link Type settings and click Save. I would suggest that you choose “Internal” which will require people to log in to Office 365 before viewing or editing a document. Don’t forget this is just the default, you can override this setting when you share each document.
   
4. Now try to share a document and you’ll see that the default option has changed.
   

The post How to change the default sharing permissions in OneDrive appeared first on OliverMarshall.net.

Ever seen “Guest Contributor” as having just modified a file in OneDrive, and not sure why? You’ve shared the file with some users at your school or workplace and yet their names don’t show up and instead the slightly mis-leading title of “Guest Contributor” floats around and appears as the last modified user. So, why does Office 365 show Guest Contributor as having modified a file?

Who is this mysterious person?.

Office 365 has become the default place to store files and many people are now using it to share data amongst their colleagues and it’s one of these sharing options that’s responsible for this mis-leading oddity appearing. It can make it hard to know who’s working on a document, or even who has managed to make a complete hash of the file that you spent hours making just-so.

The issue arises when the sharing options are set to “Anyone with a link”. This is the default sharing option in many instances and, while it can be perfectly acceptable, it does assume one thing; the user viewing the document is already signed in to Office 365. If the user isn’t already signed in to Office 365 then they won’t be asked to sign in, after all the settings allow anyone to access the document with only the link and so why bother asking them to sign in?

That’s the culprit.

When you share a document the recipient receives an email nicely stating that they can now access the document. The user duly clicks on the link in the email and then the document opens up in a browser. In this situation it may be assumed that the user will be signed in to Outlook in a browser, and thus signed in to Office 365, but that might not be the case. The user might be signed in to Outlook 2016 on the desktop but may not have signed in to Office 365 yet. In this latter case then the user will be taken in to the document without ever being asked to sign in and, even though they are part of the organisation, they will show up as “Guest Contributor”.

But what can be done?

The simplest answer is to ensure that you change the sharing options to something other than “Anyone with a link”. The obvious one is “People in”, which will force the user to sign in so that Office 365 can verify that they are in your organisation.

Now that’s better

You can also change the default sharing permissions in SharePoint which will cause the sharing options in OneDrive to change to something more organisation-friendly. Certainly this might be the preferred option as it means that there is some element of resistance to users sharing files with loose permissions, but still allows them to do so if required.

The post Why does Office 365 show Guest Contributor as having modified a file? appeared first on OliverMarshall.net.

I was asked how to print PDF files and automatically include a filename on the print out. This was for a team of users whose technical diagrams were meant to include the filename of the file but, inevitably, this was missed out. In many applications you can automate this process, include variables in the footer or header, but in this case the users used a variety of tools and really the only common factor was that they delivered the final versions in PDF format.

The solution had to be pretty straightforward, ideally with someone being able to right click the file and print it with a filename stamped on the print out.

The solution is a bit long-winded but it works well and, once done, should just keep on ticking. I’m assuming that all the machines are Windows 10 64bit.

1. Install Irfanview 64-bit from here and install it. Irfanview is a superb opensource image viewer with great batch file and command line features.
2. Install the Irfanview 64-bit plugin pack from here. This will add support for viewing PDFs (as well as loads of other file types).
3. Open Irfanview 64-bit and from there open a PDF file. You may have to change the filename to *.PDF in order to show PDF files.
4. Now print the file by clicking File > Print from the menu bar. We’ll be setting the Footer information to include the filename variable ($F). Be sure to click the SAVE button (highlighted).
   
5. Cancel that box and close Irfanview.
6. Now that the printing aspect is configured we need to add a right click menu. I created a custom context menu entry to send the file to Irfanview and order it to print using the default printer. Download the REG file here. Expand the zip file and double click the reg file you find there. This will add it to your registry. You may need to reboot afterwards but it should just work.
7. You should now see a new right click menu when right clicking PDF files.
   

How does it work?

Irfanview view takes care of adding the filename as a footer to the print out. We’re focusing on a PDF here but it could be any file type that Irfanview supports. As long as you save the printer settings in the printer dialogue then that footer will be included in anything that’s printed out.

The context menu is handled by a registry entry that’s kept in the .reg file. Double-clicking the .reg file imports it. The .reg file itself looks like this;

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\SystemFileAssociations\.pdf]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.pdf\Shell]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.pdf\Shell\PrintwithFile]
@="Print with Filename"
[HKEY_CLASSES_ROOT\SystemFileAssociations\.pdf\Shell\PrintwithFile\command]
@="\"C:\\Program Files\\IrfanView\\i_view64.exe\" \"%1\" /print"

You can see that it assumes the location of Irfanview is “C:\Program Files\IrfanView\i_view64.exe” which is fine for any x64 version of Windows. If you wanted to change this to work with JPG files then you could just edit the .reg file in Notepad and replace .PDF with .JPG, save, and re-import the file.

The post How to print PDF files and automatically include a filename appeared first on OliverMarshall.net.

Up until recently you used to be able to easily create Quick Notes in OneNote for Windows 10. For those of us who use OneNote frequently, this was a godsend. Alas Microsoft have slowly been removing this functionality and it’s pretty much only reliable now for Microsoft Surface users who can trigger a QuickNote using their Surface pen.

However it’s possible to create the same functionality in Windows 10 using the marvelous AutoHotKey app and a bit of copy and paste magic.

1. Download AutoHotKey and install.
2. Right click the desktop (or some other location of your choice) and choose New > AutoHotKey Script.

3. Rename the file that you’ve just created to something meaningful.
4. Right click the file and choose Edit Script. The script is just a text file which can be edited.

5. The script has some default header lines which are best left in place. Hit enter to add a new line and copy the following text to the bottom of the script. This will trigger the command “onenote-cmd://quicknote?onOpen=typing” when you press Win+N.
   
   If you want to change the keyboard shortcut combo then look at the AutoHotKey help page for more info.
   
   Here’s the script to paste in. Once pasted at the bottom of the file, save it as normal.

#n::
Run, onenote-cmd://quicknote?onOpen=typing
return

6. Finally, quickly double click the script file to add it to AutoHotKeys uber-mind and register the keyboard combo. You should see a new H icon appear in the systray.

Now try it out with Win+N and you should get a new QuickNote page appear in the OneNote window, ready to type in. It’s not *exactly* the same as the old quicknote window, but it’s a pretty good way of getting something similar.

Don’t forget to check out the AutoHotKey docs for more info. And let me know if this was useful.

The post How to create quick notes in OneNote for Windows 10 with a keyboard shortcut appeared first on OliverMarshall.net.