All posts by Kapuwa

Microsoft, Microsoft Windows, PowerShell

The Mystery of Random Restarts: Tracing Why Your Windows PC Rebooted

Leave a comment

Not every reboot is a user’s decision. Sometimes, the system whispers its own intentions — through updates, crashes, or power flickers. If your PC restarted without your command, here’s how to uncover the ritual traces left behind.

🧭 Step 1: Use Event Viewer to Decode the Reboot


  • Press Win + R → type eventvwr.msc → Enter
  • Navigate to: Windows Logs → System
  • Look for these Event IDs:
    • 41Kernel-Power (unexpected shutdown or power loss)
    • 1074 → shutdown initiated by a process (e.g., Windows Update)
    • 6008 → previous shutdown was unexpected
    • 1001 → bug check (BSOD)
    • 12, 13, 6005, 6006 → startup/shutdown markers

🧪 PowerShell — Reboot Trace Ritual

PowerShell Get-EventLog -LogName System -Newest 100 | Where-Object {$_.EventID -eq 41 -or $_.EventID -eq 1074 -or $_.EventID -eq 6008}

🧰 Step 3: Reliability Monitor — The Visual Scroll

  • Press Win + R → type perfmon /rel → Enter
  • Look for red Xs or warnings around the reboot time
  • Click entries to see if it was a crash, update, or hardware issue

🔄 Windows Update Rebooted My PC?

Yes — and it leaves behind clear evidence. In Event Viewer, look for:

  • Event ID: 1074
  • Source: USER32

🧪 PowerShell — Windows Update Reboot Check

PowerShell Get-EventLog -LogName System -Newest 1000 | Where-Object {$_.EventID -eq 1074} | Format-Table TimeGenerated, Message -AutoSize

Look for messages like:

The process C:\Windows\servicing\TrustedInstaller.exe has initiated the restart…
The process C:\Windows\uus\packages\preview\AMD64\MoUsoCoreWorker.exe has initiated the restart…

These are system-initiated reboots, not user-triggered. They often occur after cumulative updates or servicing stack operations.

🧠 Reboot Scroll Example

🕰️ Timestamp 🔧 Process Initiated Reboot 🧠 Reason
10/11/2025 5:14:41 AM TrustedInstaller.exe Post-update servicing
10/11/2025 5:07:23 AM MoUsoCoreWorker.exe Update orchestration
10/10/2025 10:57:02 PM TrustedInstaller.exe Cumulative update phase

🧠 Kapothi Scroll Tip

Artifact: Unexpected Reboot
Cause: Windows Update (TrustedInstaller, MoUsoCoreWorker)
Tools: Event Viewer, PowerShell, Reliability Monitor
Tags: Phantom Reboot, Update Ritual, Sonic Scroll Forensics
Notes: Stylize each timestamp as a heartbeat of the system — not user-triggered, but orchestrated by the OS
Storage

What the ‘Reallocated Sectors Count’ on Your Hard Drive Really Means

Leave a comment

In the realm of digital resilience, few metrics speak louder than Reallocated Sectors Count. It’s the heartbeat of your hard disk’s integrity — a silent sentinel that warns of physical decay before disaster strikes.

🧠 Interpreting SMART: Reallocated Sectors Count

FieldMeaning
Current: 100Health score — higher is better. 100 is perfect.
Worst: 100Lowest value ever recorded — still perfect.
Threshold: 50Warning level — if Current drops below this, the drive is considered failing.
Raw Value: 0Actual number of reallocated sectors — zero bad sectors so far.

✅ What This Means

  • The Current and Worst values are ideal (100), far above the threshold (50).
  • No need to worry or replace — this SMART attribute shows zero signs of wear or failure.

…it means your drive has zero bad sectors, and its health is sovereign. But this is just one of many sacred attributes in the SMART codex.

🔍 Other SMART Attributes Worth Archiving

AttributeWhat It MeansWhy It Matters
Reallocated Sectors CountTracks bad sectors swapped outEarly sign of physical damage
Current Pending Sector CountSectors waiting to be re-testedCan cause read/write errors
Uncorrectable Sector CountSectors that failed recoveryIndicates serious data loss risk
Power-On HoursTotal time the drive has runHelps estimate wear and usage
Start/Stop CountNumber of spin-up cyclesHigh count may signal mechanical wear
TemperatureReal-time thermal readingOverheating shortens lifespan
Spin Retry CountFailed spin-up attemptsMechanical failure warning
Seek Error RateErrors during head movementPrecision issues in reading data
Load Cycle CountHead parking/unparking cyclesExcessive cycles = wear on laptop drives

🧠 Kapothi Ritual: SMART Sovereignty Scroll

  • Archive SMART logs monthly
  • Stylize thresholds and alerts with color-coded visuals
  • Create onboarding guides for clients to interpret SMART health
  • Include SMART snapshots in hardware legacy scrolls
Microsoft, Microsoft Windows

🏭 What Is Windows 11 IoT Enterprise — And When Do You Need It?

Leave a comment

As Microsoft continues to evolve Windows 11, one edition remains quietly powerful: Windows 11 IoT Enterprise. Unlike the consumer or business editions, this version is designed for fixed-purpose, mission-critical devices — the kind that run one job, reliably, for years.

🧠 What Is Windows 11 IoT Enterprise?

Windows 11 IoT Enterprise is a specialized operating system built for embedded systems. It offers the full power of Windows 11, but with tools to lock down, stabilize, and extend the life of devices that need to stay consistent and secure.

🛠️ When Should You Use It?

If you’re deploying devices that must perform a single, focused task — and do it without interruption — IoT Enterprise is the scroll you need.

Use CaseWhy IoT Enterprise Fits
🏧 ATMs & Banking TerminalsRequires 10-year support, no UI changes
🏥 Medical DevicesRegulatory compliance, predictable OS behavior
🏨 Hotel Kiosks & POS SystemsSingle-app mode, USB lockdown, no feature updates
🏭 Factory Automation PCsStability over time, no forced reboots
🖥️ Digital SignageAssigned Access, Unified Write Filter (UWF)
🚛 Fleet Management ConsolesRemote control, Azure IoT integration

🔐 Key Features

  • LTSC (Long-Term Servicing Channel) — 10 years of support, no feature updates
  • No Microsoft Store, Cortana, or consumer bloatware
  • Enhanced lockdown tools — USB restrictions, kiosk mode, write filters
  • Security-first — TPM 2.0, Secure Boot, BitLocker, Defender Application Control
  • Azure IoT integration — for cloud-connected telemetry or remote management

🌀 Editorial Insight

Windows 11 IoT Enterprise isn’t for browsing or multitasking — it’s for sovereign devices that must run silently, securely, and predictably. Whether you’re building kiosks, signage, or industrial control systems, this edition offers the ritual stability your infrastructure deserves.

“When uptime is sacred, IoT Enterprise stands guard.”

5G, Mobile

5G Beyond the Label — What You Need to Know Before Buying a 5G Phone

Leave a comment

5G Beyond the Label — What You Need to Know Before Buying a 5G Phone

In today’s mobile market, nearly every phone claims to support 5G. But does that mean they all deliver the same speed and performance?

Not at all.

Let’s break down the truth behind the label — so you can make an informed decision before your next phone purchase.

📊 Real-World 5G Speed Comparison

Phone TypeTypical 5G Download Speed
Flagship Phones (e.g., iPhone 15 Pro, Galaxy S23)400–900 Mbps
Mid-Range Phones (e.g., Pixel 6a, Galaxy A54)150–400 Mbps
Budget Phones (entry-level 5G models)60–150 Mbps

🔍 Why 5G Performance Varies by Phone

FactorImpact
Modem TypePhones with advanced 5G modems (like Qualcomm X70 or MediaTek M80) offer faster speeds and better signal handling.
5G Bands SupportedPhones with mmWave support offer ultra-fast speeds; sub-6GHz is slower but has wider coverage.
Carrier AggregationPremium phones combine multiple signals for better performance.
Thermal DesignBetter cooling systems prevent speed drops during heavy use.
Network ConditionsYour mobile provider’s 5G rollout and tower proximity affect real-world speeds.

🛡️ Kapothi’s Advice

Don’t choose a phone just because it says “5G.”
Choose one that’s built to deliver real speed, stable connectivity, and future-ready performance.

🌀 Closing Thoughts

At Kapothi, we believe in truthful tech guidance.
This post is part of our commitment to helping clients, elders, and entrepreneurs make smart, confident decisions — whether it’s choosing a phone, securing autofill, or building resilient infrastructure.

Microsoft Windows, Windows 11

With Windows 11 version 25H2, Microsoft has officially ended support for 32-bit (x86) processors

Leave a comment

🛑 Farewell to x86: Windows 11 25H2 Marks the End of 32-Bit Support

With the release of Windows 11 version 25H2, Microsoft has officially retired support for 32-bit (x86) processors, closing a chapter that began nearly four decades ago.

This architectural shift means that new installations of Windows 11 will require 64-bit (x64 or ARM64) processors. Devices running legacy x86 hardware will no longer be eligible for upgrades, signaling a clear move toward modern, secure, and performance-optimized computing.

🧠 Why This Matters

  • x86 architecture, once the backbone of personal computing, is limited to ~4 GB of RAM and narrower CPU registers.
  • x64 systems, by contrast, can theoretically address up to 18.4 million TB of memory, enabling richer multitasking, virtualization, and security features.
  • Microsoft’s decision aligns with industry trends — most operating systems, apps, and hardware vendors have already phased out 32-bit support.

🌀 What It Means for You

  • If your device runs on x64 hardware, the transition is seamless — 25H2 arrives as a lightweight enablement package.
  • If you still rely on x86 systems, it’s time to plan your upgrade path. While older versions of Windows may continue to function, they’ll no longer receive the latest features or security updates.

📜 Editorial Note

At KAPOTHI, we see this not as an end, but as a ritualized evolution — a farewell to legacy constraints and a step toward sovereign computing. Whether you’re an archivist of old machines or a builder of future infrastructure, this moment deserves to be remembered.

“Legacy dissolves. Architecture evolves. 25H2 marks the silent farewell.”

Windows Defender

🛡️ Windows Defender Management Commands

Leave a comment

🛡️ Windows Defender Management Commands

✅ Check if Defender is Running

PowerShell Get-Service -Name WinDefend

📅 Check Last Update Time

PowerShell Get-MpComputerStatus | Select-Object AntivirusSignatureLastUpdated

🔄 Force Update Definitions

PowerShell Update-MpSignature

🧠 Check Overall Defender Status

PowerShell Get-MpComputerStatus

🚀 Run a Quick Scan

PowerShell Start-MpScan -ScanType QuickScan

🧹 Run a Full Scan

PowerShell Start-MpScan -ScanType FullScan

📂 Exclude a Folder

PowerShell Add-MpPreference -ExclusionPath “C:\Your\Folder\Path”

📄 Exclude a File

PowerShell Add-MpPreference -ExclusionProcess “C:\Your\Folder\app.exe”

🧩 Exclude a File Extension

PowerShell Add-MpPreference -ExclusionExtension “.log”

❌ Remove Folder Exclusion

PowerShell Remove-MpPreference -ExclusionPath “C:\Your\Folder\Path”

📋 View All Exclusions

PowerShell Get-MpPreference | Select-Object -ExpandProperty Exclusion*

⏸️ Disable Real-Time Protection

PowerShell Set-MpPreference -DisableRealtimeMonitoring $true

▶️ Re-enable Real-Time Protection

PowerShell Set-MpPreference -DisableRealtimeMonitoring $false

🛡️ Enable Defender Tray Icon on Windows Server

PowerShell Set-MpPreference -UILockdown $false

🧠 Registry Tweak (Optional)

Registry Path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\UX Configuration
DWORD Value Notification_Systray = 1

After applying these, restart or log off to see the Defender shield icon in your system tray. This works on Windows Server 2016, 2019, and 2022.

🧭 Force Update via CMD

Command Prompt “%ProgramFiles%\Windows Defender\MpCmdRun.exe” -SignatureUpdate

🧭 Run Quick Scan via CMD

Command Prompt “%ProgramFiles%\Windows Defender\MpCmdRun.exe” -Scan -ScanType 1

🧭 Run Full Scan via CMD

Command Prompt “%ProgramFiles%\Windows Defender\MpCmdRun.exe” -Scan -ScanType 2

These commands help you ritualize Defender’s vigilance—ensuring your server remains clean, updated, and ready to archive without interruption.

Microsoft Windows, PowerShell

Guide: Find the Real Windows Process Behind a PID

Here’s a precise worthy guide to help you identify which Windows process is truly using a specific PID (Process ID)

🔍 1. Use Task Manager (Quick View)

  • Press Ctrl + Shift + Esc to open Task Manager.
  • Go to Details tab.
  • Locate the PID column (enable it via right-click on column headers if hidden).
  • Match your target PID to its Image Name (e.g., svchost.exe, chrome.exe).

⚠️ This shows the process name, but not the full command line or parent-child relationships.

🧰 2. Use Command Line (Precise & Scriptable)

A. Find Process by PID

tasklist /FI "PID eq 1234"

Replace 1234 with your actual PID.

B. Get Full Command Line

wmic process where processid=1234 get Caption,Commandline

C. Get Parent Process

wmic process where processid=1234 get ParentProcessId

Then:

tasklist /FI "PID eq <ParentPID>"

🧪 3. Use PowerShell (Editorial Precision)

A. Get Process Info

Get-Process -Id 1234 | Select-Object Name,Id,Path

B. Full Command Line

Get-CimInstance Win32_Process -Filter "ProcessId = 1234" | Select-Object CommandLine

C. Parent Process

(Get-CimInstance Win32_Process -Filter "ProcessId = 1234").ParentProcessId

🧠 4. Use Process Explorer (GUI + Deep Insight)

  • Download from Microsoft Sysinternals.
  • Launch as Administrator.
  • Press Ctrl + F and enter the PID.
  • View full tree, command line, DLLs, handles, and parent-child lineage.

Server

How to Install Remote Desktop Session Host on a Standalone Windows Server (Workgroup Mode)

Leave a comment

This guide walks you through installing and configuring Remote Desktop Session Host (RDSH) on a standalone Windows Server—no domain join required. Perfect for labs, sovereign setups, or lightweight deployments.

✅ Step 1: Install RDS Roles via PowerShell

Open PowerShell as Administrator and run:

Install-WindowsFeature -Name RDS-RD-Server, RDS-Licensing -IncludeManagementTools
Restart-Computer

This installs:

  • Remote Desktop Session Host
  • Remote Desktop Licensing

✅ Step 2: Create Licensing Registry Key

After reboot, create the missing registry path:

New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "Licensing Core" -Force
Continue reading How to Install Remote Desktop Session Host on a Standalone Windows Server (Workgroup Mode)
Windows 11

Windows 11 25H2: The Vanishing Local Account and the Rise of Cloud-Only Identity

Leave a comment

and yes, Windows 11 version 25H2 does make it harder to create local accounts, especially during setup. But here’s the twist: it’s still possible, just not obvious.

What Microsoft Changed

  • In 25H2, Microsoft enforces Microsoft account sign-in during installation for most editions (Home, Pro)
  • The usual tricks like entering a fake email or skipping Wi-Fi no longer work reliably
  • This is part of their push toward cloud-connected experiences, syncing, and telemetry

🛠️ How You Can Still Create a Local Account in Windows 11 25H2

Microsoft enforces Microsoft account sign-in during setup, but there are still hidden ways to create a local account. These are unofficial workarounds and may change in future builds.

🔹 Command Prompt Trick

Use this hidden command during setup:

Command Prompt # On the setup screen, press Shift + F10
start ms-cxh:localonly

This launches a hidden flow that lets you create a local account without needing a Microsoft login.

🔹 Registry Hack (if needed)

If the above fails, you can add a registry key to bypass the requirement:

Command Prompt reg add “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE” /v BypassNRO /t REG_DWORD /d 1 /f

Restart setup after adding this key, and you’ll be able to create a local account.

🌐 Cloud vs Local Identity in Windows 11

Microsoft is moving toward cloud-only identity, but local accounts still matter for sovereignty and control. Here’s a clear comparison:

☁️ Cloud Identity (Microsoft Account / Entra ID)

Pros • Easy password recovery
• Syncs settings, files, and apps across devices
• Integrated with OneDrive, Outlook, Microsoft Store
• Required for some features (Copilot, Widgets, Teams)
Cons • Requires internet during setup
• More telemetry and data sharing
• Less control for offline or sovereign setups
• Dependency on Microsoft ecosystem

🖥️ Local Identity (Traditional Local Account)

Pros • Works fully offline
• Greater privacy and sovereignty
• No dependency on Microsoft services
• Ideal for test labs, archival machines, or secure setups
Cons • Harder to set up in 25H2
• No automatic sync or recovery
• Some features disabled or hidden
• Requires manual backups and updates

⚖️ Bottom line: Cloud identity offers convenience and integration, while local identity preserves sovereignty and offline control. Choose based on your needs.

⚠️ Important Note

These methods are unofficial and may stop working in future updates. They are best used for testing, offline machines, or sovereign setups where cloud identity is not desired.

Other

“Starlink in Sri Lanka: Key Questions I Asked Gemini”

Leave a comment

“Do people in the U.S. choose to buy Starlink instead of using their existing home internet services, or do most stick with what they already have because it’s fast and reliable enough? Is Starlink mainly popular among those living in remote or underserved areas?”

That’s an insightful question and gets to the core of Starlink’s business model and target market in a place like the United States.

You are correct: the vast majority of people in the USA who buy Starlink are those in rural or remote areas where traditional internet options are either non-existent or extremely poor.

Here’s why Starlink isn’t a widespread competitor to fiber and cable internet in urban and suburban areas:

Continue reading “Starlink in Sri Lanka: Key Questions I Asked Gemini”