Category Archives: Microsoft Windows

HP, Microsoft Windows

How to Modify HP BIOS Settings from Windows (Using HP BCU)

Leave a comment
ENGLISH VERSION

How to Modify HP BIOS Settings Directly from Windows using HP BCU

Tech Guide & Tutorial | For System Administrators

Managing BIOS configurations across multiple machines usually requires manual reboots and physical access to the UEFI/BIOS interface. However, for HP enterprise desktops and laptops (such as the EliteDesk and ProDesk series), HP provides a powerful command-line utility called the HP BIOS Configuration Utility (BCU). This allows administrators to read and modify BIOS settings natively inside the Windows environment without interrupting live operations.

This guide demonstrates how to capture your current BIOS configuration into a text file, modify parameters (such as configuring the machine to automatically power on after an unexpected power outage), and reapply the configuration instantly.

Prerequisites

  • An HP Business-class computer (EliteDesk, ProDesk, ProBook, EliteBook, Z-Workstation).
  • Windows Operating System running with Administrative privileges.
  • The HP BIOS Configuration Utility (BCU) executable installed or copied to the system.

Step 1: Export Current BIOS Settings

To safely modify any parameter, you must first export the existing state of the BIOS to a plain text configuration file. Open your Command Prompt as an Administrator, navigate to the BCU installation directory, and execute the following command:

BiosConfigUtility64.exe /getconfig:bios_settings.txt

This creates a structured text file named bios_settings.txt in your current directory containing all available BIOS settings, supported values, and active selections marked with an asterisk (*).

Step 2: Modify Specific Parameters

To alter a configuration, you can target specific settings directly via the command line. A common administrative requirement is ensuring servers or desktop nodes automatically restart when power is restored after a blackout.

Example: Setting “After Power Loss” to Automatically Turn On

Run the following command to update the power recovery state:

BiosConfigUtility64.exe /setvalue:"After Power Loss","On"

Alternatively, if you prefer the machine to return to whatever power state it was in right before the failure, you can assign it to the "Previous State" parameter:

BiosConfigUtility64.exe /setvalue:"After Power Loss","Previous State"
Note on Setup Passwords: If your machine’s BIOS is secured with an Administrator password, you must append the password flag to the end of your modifications:
BiosConfigUtility64.exe /setvalue:"After Power Loss","On" /cspwd:"YourBiosPassword"

Step 3: Verification

Once the command returns a success message, you can verify changes by running the /getconfig command again and inspecting the newly generated text file. The asterisk should now reside seamlessly next to your chosen value.

🌐 Click here to read in Sinhala / සිංහලෙන් කියවීමට මෙතන ක්ලික් කරන්න
සිංහල පරිවර්තනය (SINHALA VERSION)

HP BIOS Configuration Utility (BCU) මඟින් Windows ඇතුළේ සිට HP BIOS Settings වෙනස් කරමු

තාක්ෂණික උපදෙස් සහ මඟපෙන්වීම්

සාමාන්‍යයෙන් පරිගණකයක BIOS Settings වෙනස් කිරීමට නම් අපට පරිගණකය Restart කර, එය පණගැන්වෙන අවස්ථාවේදීම (Boot time) අදාළ BIOS Key එක ඔබා BIOS Menu එකට ඇතුළු වීමට සිදුවේ. නමුත් HP Business-class (EliteDesk, ProDesk ආදී) පරිගණක සඳහා HP ආයතනය විසින් HP BIOS Configuration Utility (BCU) නමින් සුවිශේෂී Command-line Tool එකක් හඳුන්වා දී ඇත. මේ හරහා Windows මෙහෙයුම් පද්ධතිය ක්‍රියාත්මක වෙමින් පවතින අතරතුරදීම (Live Environment) ඉතා පහසුවෙන් BIOS settings කියවීමට සහ වෙනස් කිරීමට හැකියාව ලැබේ.

මෙම ලිපිය මඟින් දැනට පවතින BIOS Settings ෆයිල් එකක් ලෙස පිටතට ගන්නා ආකාරයත්, විදුලි බිඳ වැටීමකදී (Power failure) පරිගණකය ස්වයංක්‍රීයවම On වන ආකාරයට සෙටින්ග්ස් සකසන ආකාරයත් පියවරෙන් පියවර පැහැදිලි කර දෙයි.

අවශ්‍යතාවයන්

  • HP Business-class පරිගණකයක් වීම (EliteDesk, ProDesk, Z-Workstation ආදී).
  • Windows OS එක ඇතුළේ Administrator බලතල (Administrative Privileges) තිබීම.
  • HP BIOS Configuration Utility (BCU) මෘදුකාංගය පරිගණකය තුළ තිබීම.

පියවර 1: දැනට පවතින BIOS Settings Export කරගැනීම

පළමුවෙන්ම දැනට පවතින සෙටින්ග්ස් ටික text ෆයිල් එකකට ලබාගත යුතුය. ඒ සඳහා Command Prompt එක Run as Administrator ලෙස open කර, BCU ෆයිල් එක ඇති තැනට ගොස් පහත කමාන්ඩ් එක ක්‍රියාත්මක කරන්න:

BiosConfigUtility64.exe /getconfig:bios_settings.txt

මෙමඟින් bios_settings.txt නමින් ෆයිල් එකක් නිර්මාණය වන අතර, එහි දැනට ක්‍රියාත්මක වන සෙටින්ග්ස් ඉදිරියෙන් තරුවක් (*) ලකුණු වී ඇති අයුරු බලාගත හැක.

පියවර 2: අවශ්‍ය Settings වෙනස් කිරීම

මුළු ෆයිල් එකම එඩිට් කරන්නේ නැතිව, අපට අවශ්‍ය සෙටින්ග් එක පමණක් Command Line එක හරහා සෘජුවම වෙනස් කළ හැක. උදාහරණයක් ලෙස, කරන්ට් එක ගොස් ආපසු ආ සැනින් පරිගණකය ස්වයංක්‍රීයවම ක්‍රියාත්මක වීමට (Auto Power On) පහත පරිදි සැකසිය හැක.

උදාහරණය: “After Power Loss” සෙටින්ග් එක වෙනස් කිරීම

කරන්ට් එක ආ විගස පීසී එක Auto On වීමට පහත කමාන්ඩ් එක ඇතුළත් කරන්න:

BiosConfigUtility64.exe /setvalue:"After Power Loss","On"

එසේත් නැත්නම්, කරන්ට් එක යන්නට මොහොතකට පෙර පරිගණකය තිබූ තත්වයටම (එනම් On තිබුණොත් On වීමටත්, Off තිබුණොත් Off වී තිබීමටත්) සැකසීමට අවශ්‍ය නම් පහත කමාන්ඩ් එක භාවිතා කරන්න:

BiosConfigUtility64.exe /setvalue:"After Power Loss","Previous State"
BIOS සතු Password පිළිබඳ වැදගත් සටහන: ඔබගේ පරිගණකයේ BIOS වලට Administrator Password එකක් දමා ඇත්නම්, කමාන්ඩ් එක අවසානයට /cspwd:"ඔබගේ_පාස්වර්ඩ්_එක" ලෙස එකතු කිරීමට අමතක නොකරන්න.

පියවර 3: තහවුරු කරගැනීම (Verification)

කමාන්ඩ් එක සාර්ථකව අවසන් වූ පසු, නැවත වරක් /getconfig කමාන්ඩ් එක ක්‍රියාත්මක කර සාදාගත් text ෆයිල් එක පරීක්ෂා කිරීමෙන් ඔබ වෙනස් කළ අගය ඉදිරියට තරුව (*) පැමිණ ඇති බව තහවුරු කරගත හැක.

Microsoft Windows

Cipher vs SDelete: How to Permanently Delete Files in Windows

Leave a comment

Ever wondered if the files you delete from your Windows machine are truly gone? Hint: They aren’t. Standard deletion only removes the file pointer, leaving the actual data on your storage drive until it gets overwritten. Anyone with a basic data recovery tool can sniff it out.

To permanently obliterate sensitive data, Windows professionals rely on two powerful command-line methods: Cipher and SDelete. While both achieve data sanitization, they work in entirely different ways.

1. Built-in Security: The Cipher Command

The cipher command is built directly into Windows. It is designed to wipe the Free Space on your hard drive. This means it overwrites data that has already been deleted, ensuring recovery software cannot retrieve it.

How it works:

Cipher runs a 3-pass overwrite process on the unallocated space:

  • Pass 1: Overwrites with all zeros (0x00)
  • Pass 2: Overwrites with all ones (0xFF)
  • Pass 3: Overwrites with random numbers

How to use it:

Open Command Prompt as an Administrator and run the following command:

cipher /w:C

Note: Replace “C” with the drive letter you want to wipe. The /w switch stands for “Wipe Free Space”. Existing files will NOT be affected.

2. Surgical Precision: SDelete (Sysinternals)

Unlike Cipher, SDelete (Secure Delete) does not come built-in. It is an official tool from Microsoft’s Sysinternals Suite, heavily utilized by cybersecurity experts. Instead of wiping the entire drive’s free space, SDelete lets you target and permanently shred a specific file or folder that still exists on your system.

How to Download SDelete:

  1. Go to the official Microsoft Sysinternals page: Download SDelete
  2. Click “Download SDelete” to grab the ZIP file.
  3. Extract the contents (you will see sdelete.exe and sdelete64.exe).
  4. For easy use, copy the executable into your C:\Windows\System32 folder, or shift-right-click inside the extracted folder and select “Open Command Prompt/PowerShell here”.

How to use it:

To securely delete a specific file or directory using 3 passes (default), run:

sdelete -p 3 -s "C:\Path\To\Your\SecretFolder"

Syntax Breakdown:

  • -p 3: Specifies the number of overwrite passes (3 passes is standard DOD security compliance).
  • -s: Recurses subdirectories (wipes everything inside the target folder).

Quick Comparison: Cipher vs. SDelete

Feature Cipher Command SDelete Tool
Installation Built-in to Windows OS External Download (Microsoft Sysinternals)
Primary Function Wipes already deleted data (Free Space) Shreds existing files/folders instantly
Target Scope Entire Drive partition Specific File or Folder pathways
Execution Time Slow (Takes hours depending on drive size) Fast (Only processes the targeted files)
⚠️ Important Tech Note for SSD Users: Modern Solid State Drives (SSDs) utilize Wear Leveling algorithms to distribute data evenly across flash cells. Because of this, block-level overwrite commands like Cipher and SDelete might not guarantee 100% data destruction on SSDs like they do on old HDDs. For ultimate SSD sanitization, implementing BitLocker Encryption and purging the key (Crypto-shredding) is recommended.
👉 Click here to read this article in Sinhala (සිංහලෙන් කියවන්න ක්ලික් කරන්න)

ඔබ පරිගණකයෙන් Delete කරන ෆයිල් ඇත්තටම මැකී යනවා කියා ඔබ සිතනවාද? නැත. සාමාන්‍ය Deletion එකකදී සිදුවන්නේ එම ෆයිල් එක තිබෙන තැන පෙන්වන ‘Pointer’ එක ඉවත් කිරීම පමණි. වෙනත් දත්ත එම ස්ථානය මත Overwrite වන තෙක් සැබෑ දත්ත Hard Drive එක තුළ සුරක්ෂිතව පවතී. ඕනෑම සරල Data Recovery මෘදුකාංගයකින් මේවා නැවත ලබාගත හැක.

මේ නිසා, රහස්‍ය දත්ත සදහටම විනාශ කිරීම (Wipe කිරීම) සඳහා Windows පරිශීලකයින් ප්‍රධාන Command-line ක්‍රම දෙකක් භාවිතා කරයි: Cipher සහ SDelete.

1. Cipher Command එක (Windows සමඟම ලැබෙන ක්‍රමය)

මෙය Windows වලම built-in එන එකකි. මෙයින් කරන්නේ දැනටමත් Delete කර ඇති ෆයිල් තිබූ ඉඩකඩ (Free Space) සම්පූර්ණයෙන්ම අතුගා දැමීමයි. එම නිදහස් ඉඩ මත 3 වතාවක් වෙනත් දත්ත Overwrite කරමින් Recovery මෘදුකාංග වලට ඒවා හසු නොවන ලෙස විනාශ කරයි.

භාවිතා කරන ආකාරය: CMD එක Administrator ලෙස open කර පහත කේතය ක්‍රියාත්මක කරන්න:

cipher /w:C

(මෙහි C වෙනුවට ඔබට අවශ්‍ය Drive එකේ අකුර යොදන්න. දැනට ඩ්‍රයිව් එකේ ඇති හොඳ ෆයිල් වලට මෙයින් හානියක් නොවේ).

2. SDelete Tool එක (Surgical Precision)

මෙය Windows වල කෙලින්ම එන්නේ නැත. මෙය Microsoft Sysinternals වෙතින් වෙනම බාගත (Download) කරගත යුතු ආරක්ෂිත Tool එකකි. මෙයින් කරන්නේ මුළු ඩ්‍රයිව් එකම Wipe කරන්නේ නැතිව, දැනට පරිගණකයේ පවතින නිශ්චිත එක ෆයිල් එකක් හෝ ෆෝල්ඩර් එකක් ඉලක්ක කර එය සදහටම නැතිවී යන ලෙස ඩීලිට් කිරීමයි.

බාගත කරගන්නා ආකාරය: Microsoft Sysinternals නිල වෙබ් අඩවියෙන් SDelete ZIP ෆයිල් එක ඩවුන්ලෝඩ් කර Extract කරගන්න. පහසුව සඳහා එහි ඇති sdelete64.exe එක C:\Windows\System32 ෆෝල්ඩරය තුළට පේස්ට් කරගන්න.

භාවිතා කරන ආකාරය:

sdelete -p 3 -s "C:\Path\To\Your\SecretFolder"

(මෙහි -p 3 මගින් තෙවරක් Overwrite කිරීමටත්, -s මගින් ෆෝල්ඩරය ඇතුළේ ඇති සියලුම දේ විනාශ කිරීමටත් නියෝග කරයි).

💡 SSD පරිශීලකයින් සඳහා විශේෂ සටහන: Modern SSD ධාවකයන් තුළ ඇති Wear Leveling තාක්ෂණය නිසා HDD වල මෙන් මේ ක්‍රම මගින් 100% ක්ම දත්ත විනාශ කිරීම සහතික කළ නොහැක. SSD එකක් ආරක්ෂිතව Wipe කිරීමට හොඳම ක්‍රමය වන්නේ BitLocker දමා එහි Encryption Key එක Delete කර දැමීමයි (Crypto-shredding).

Microsoft Windows

Kapothi Case Study: Trailing Dot Ghost Files

Leave a comment

Fixing Windows Item Not Found Ghost Files

Sometimes Windows Explorer shows Item Not Found when you try to delete or move a file. One common cause is a filename ending with a trailing dot (.). NTFS stores it, but Explorer refuses to handle it properly. Here’s the Kapothi workflow to fix it.

# Symptom
Windows Explorer shows “Item Not Found”
File cannot be deleted or moved
# Cause
Filename ends with trailing dot (e.g. DOC-20220602-WA0000.)
NTFS stores it, Explorer trims it → ghost entry
# Fix (Delete)
del "\\?\D:\XperiaXZ3\Full before reset\Android\media\com.whatsapp\WhatsApp\Media\WhatsApp Documents\Sent\DOC-20220602-WA0000."
# Fix (Rename)
ren "\\?\D:\...\DOC-20220602-WA0000." DOC-20220602-WA0000

💡 Kapothi Lesson: Avoid trailing dots or spaces in filenames. They create ghost files that Explorer cannot handle.

Microsoft Windows, PowerShell

Kapothi Guide: Uninstalling Software with PowerShell & Winget

Leave a comment

Why This Matters: Uninstalling software from the command line is faster, scriptable, and avoids digging through Control Panel menus. With PowerShell and Winget, you can remove apps cleanly and automate the process.

⚙️ Command Method (WMIC / WMIObject)

# List installed programs
wmic product get name

# Uninstall by exact name
wmic product where name="Software Name" call uninstall

💡 Alternative modern PowerShell:

Get-WmiObject -Class Win32_Product |
  Where-Object { $_.Name -eq "Software Name" } |
  ForEach-Object { $_.Uninstall() }

⚙️ Winget Method (Modern Windows Package Manager)

# List all installed apps
winget list

# Uninstall by name
winget uninstall "System Mechanic"

# Batch uninstall multiple apps
winget uninstall "Viber"
winget uninstall "Webex"

📌 Takeaway

With these two methods, Kapothi admins can keep their systems clean and efficient without ever opening Control Panel.

Microsoft, Microsoft Windows

Kapothi Wi‑Fi Ritual: Backup & Restore Your Wireless Keys

Leave a comment

අපේ Kapothi ගැටලුවක්: Windows reinstall or new PC එකක් ගන්නකොට Wi‑Fi password එක මතක නැතිව offline වෙලා යන එක. මේකේ solution එක තමයි Wi‑Fi profiles backup & restore ritual එක.

Kapothi Note 🪶:
Before running the backup command, create a folder where you want to save your Wi‑Fi profiles — for example, C:\WiFiBackup.

⚠️ If you created the backup folder on your C drive, make sure to copy that folder to another drive or external storage before formatting or restoring your computer. Otherwise, your Wi‑Fi backups will be lost during the reinstall.
Kapothi Command Box — Backup
# Step 1: Run CMD as Administrator
→ Win+R → cmd → Ctrl+Shift+Enter

# Step 2: Export all Wi-Fi profiles with passwords
netsh wlan export profile folder=C:\WiFiBackup key=clear

# Output:
→ XML files saved in C:\WiFiBackup
→ Each file contains SSID + password
Kapothi Command Box — Restore
# Step 1: Copy XML files to target PC
→ Example: C:\WiFiBackup

# Step 2: Import profile back
netsh wlan add profile filename="C:\WiFiBackup\ProfileName.xml"

# Result:
→ Wi-Fi network restored with original password

Notes

  • netsh wlan show profiles → Lists saved SSIDs.
  • netsh wlan export profile → Dumps all profiles into XML.
  • netsh wlan add profile → Restores them on another PC.
  • Handle XML files carefully — they contain plain text passwords.
Active Directory, Audit, PowerShell

Active Directory Audit Checklist: Privileged Access & Inactive User Reviews with PowerShell

Leave a comment

🧾 Kapothi Audit Scroll: Forgotten Access Reviews

Auditors flagged: “User access reviews and privileged access reviews are not being conducted for users within Active Directory.” — a classic Kapothi moment.

When auditors raise this finding, it means the organization has not been regularly checking who has access to Active Directory and whether those users still need it. In practice, accounts may remain active long after employees leave, contractors finish projects, or service accounts are created without proper documentation. Privileged groups like Domain Admins or Enterprise Admins may also accumulate members who no longer require elevated rights. This creates a serious security gap — attackers love stale accounts and unused privileges because they are rarely monitored.

The IT department’s responsibility is to close this gap by:

  • Reviewing privileged groups — Identify all members of high‑risk groups and confirm with management that each one still requires access.
  • Checking inactive accounts — Generate reports of users who haven’t logged in for 30 or 60+ days, then disable or remove them after manual review.
  • Documenting approvals — Keep CSV exports and manager sign‑offs as audit evidence to prove reviews are being conducted.
  • Maintaining service accounts — Ensure every service account has a clear owner, documented purpose, and is excluded from bulk disable actions.
  • Repeating regularly — Schedule these reviews (monthly or quarterly) so auditors see a consistent compliance routine.

In short, the audit flag is a warning that access hygiene has slipped. The IT team must demonstrate control by producing evidence of reviews, showing that inactive accounts are cleaned up, and proving that privileged access is tightly managed. That’s how the Kapothi moment is turned into compliance success.

⚡ Privileged Access Review


  # List privileged accounts
  Get-ADGroup -Filter {Name -like "*Admin*"} |
  ForEach-Object { Get-ADGroupMember $_ |
  Select-Object @{Name="Group";Expression={$_.objectClass}}, Name, SamAccountName }

⚡ Inactive User Review (30 Days)


# Find enabled accounts inactive for 30 days
Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 30.00:00:00 |
Where-Object { $_.Enabled -eq $true } |
Select-Object Name, SamAccountName, LastLogonDate


# Export inactive accounts (30 days) to CSV for audit evidence
Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 30.00:00:00 |
Where-Object { $_.Enabled -eq $true } |
Select-Object Name, SamAccountName, LastLogonDate |
Export-Csv "InactiveUsers_30Days.csv" -NoTypeInformation

⚡ Optional Cleanup (Disable 60+ Days)


# OPTIONAL ⚠️ Cleanup Command
# Risk: This can disable service accounts or rarely used but valid accounts.
# Recommended: First run the 30-day inactive user listing command above, review manually,
# and only disable accounts after confirming they are safe to remove.
Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 60.00:00:00 |
Where-Object { $_.Enabled -eq $true } |
Disable-ADAccount

⚡ Sensitive Group Memberships


  # Export key group memberships
  $groups="Domain Admins","Enterprise Admins","Schema Admins","Remote Desktop Users","Backup Operators";
  $groups | ForEach-Object {
    Get-ADGroupMember -Identity $_ |
    Select-Object @{Name="Group";Expression={$_}},Name,SamAccountName
  } | Export-Csv "AD_GroupMemberships.csv" -NoTypeInformation

⚡ Full AD Group Memberships (One Line)


  # Export all groups with members
  Get-ADGroup -Filter * | ForEach-Object { $g=$_.Name; 
    Get-ADGroupMember $g |
    Select-Object @{Name="Group";Expression={$g}},Name,SamAccountName 
  } | Export-Csv "All_AD_GroupMemberships.csv" -NoTypeInformation

Thus the Kapothi was resolved: from audit red flag to compliance evidence, with scrolls of PowerShell wisdom.

Microsoft, Microsoft Windows

HWID Activation in Windows 10/11 – The Digital License That Never Expires

Leave a comment

🔑 HWID Activation in Microsoft

HWID (Hardware ID) Activation is a Microsoft digital license method that permanently activates Windows 10/11 by tying the activation to your device’s hardware profile. Once activated, the license is stored online and automatically reapplied after reinstallations, as long as the hardware remains the same.

🔎 What HWID Activation Means

  • HWID = Hardware ID → A unique fingerprint of your PC’s hardware (CPU, motherboard, etc.) is generated and registered with Microsoft’s activation servers.
  • Digital License → Instead of a product key, Windows uses this hardware fingerprint to grant a permanent license.
  • Persistence → If you reinstall Windows 10/11 on the same machine, it will auto‑activate again once connected to the internet.
  • Scope → Works for Windows 10/11 Home, Pro, Education, Enterprise editions. Not supported for Windows Server or older versions like Windows 7/8.1.

⚡ Key Characteristics

  • Permanent Activation: No expiry, unlike KMS (180 days).
  • Internet Required: At least once, to register the hardware fingerprint with Microsoft.
  • No Product Key Needed: After initial activation, reinstallations don’t require re‑entering a key.
  • Device‑Bound: Major hardware changes (like motherboard replacement) may invalidate the HWID license.

🧩 Comparison with Other Activation Methods

Method Products Supported Duration Internet Needed Notes
HWID Windows 10/11 Permanent Yes Digital license tied to hardware
KMS (Online) Windows/Office 180 days Yes Needs renewal task
Ohook Office Permanent No For Office products
TSforge Windows/Office/ESU Permanent Yes (new builds) Used for extended security updates

⚠️ Risks & Considerations

  • Legitimacy: HWID activation is official, but many third‑party “HWID activators” exploit it. These are not authorized by Microsoft and may violate licensing terms.
  • Security: Downloading activators from unverified sources can expose you to malware.
  • Hardware Changes: Major upgrades (motherboard replacement) may invalidate the HWID license.

✅ Practical Takeaway

HWID activation is Microsoft’s way of giving you a lifetime digital license for Windows 10/11 tied to your hardware. If you’re using genuine Windows, you don’t need to worry about product keys after the first activation. If you’re considering third‑party activators, be cautious — they replicate Microsoft’s HWID process but are unofficial and carry risks.

Windows 10, Windows 11

Fix Bluetooth Earbud Sound by Disabling Hands‑Free Telephony in Windows

Leave a comment
Fix Bluetooth Earbud Sound: Disable Hands-Free Telephony Windows

Fix Bluetooth Earbud Sound by Disabling Hands‑Free Telephony in Windows

Many Bluetooth earbuds sound great on phones but poor on laptops. This happens because Windows often connects them in Hands‑Free Telephony (HFP/HSP) mode, which prioritizes the mic but drastically reduces audio quality. To get rich stereo sound, you need to force Stereo (A2DP) mode.

Step 1: Check Playback Devices

  1. Right‑click the speaker icon in the taskbar.
    • Windows 10: Choose Sounds.
    • Windows 11: Choose Sound Settings, scroll down, and click More sound settings.
  2. Go to the Playback tab.
  3. Look for two entries for your earbuds:
    • Headset (Hands‑Free AG Audio): Low quality, mono sound.
    • Headphones (Stereo): High quality, rich audio.
  4. Select Headphones (Stereo) and click Set Default.

Step 2: Disable Hands‑Free Telephony

This is the “permanent fix” that prevents Windows from switching back to low-quality audio.

  1. Open Control PanelHardware and SoundDevices and Printers.
  2. Find your earbuds under the “Devices” section. Right‑click them and choose Properties.
  3. Go to the Services tab (wait a few seconds for it to load).
  4. Uncheck the box for Hands‑Free Telephony.
  5. Click Apply. Your earbuds may disconnect and reconnect automatically.
Important Note: Disabling this service turns off the earbud’s built-in microphone. You will need to use your laptop’s internal mic for Zoom or Discord calls.

Step 3: Enable Audio Enhancements

Once your earbuds are locked in Stereo mode, you can further improve the depth of the audio.

  1. Return to the Playback tab (from Step 1).
  2. Select your Stereo Headphones → click Properties.
  3. Open the Enhancements tab. (Note: If this tab is missing, your hardware uses a third-party app like Realtek or Dolby for these settings).
  4. Enable the following:
    • Bass Boost: Adds depth and punch to low frequencies.
    • Loudness Equalization: Balances volume for a fuller sound.
  5. Click ApplyOK.

Result

By removing the Hands-Free bottleneck, your Bluetooth earbuds will sound richer, warmer, and closer to phone‑level quality—even on older hardware. You can re-enable the service at any time if you find you specifically need the earbud mic for a call.

Conclusion

Unlocking the Stereo (A2DP) profile is the best way to enjoy music and movies on Windows. While you lose the earbud microphone, the massive jump in audio quality is almost always worth the trade-off.

Windows 11

Fix Smart App Control Blocking Apps in Windows 11

Leave a comment

Fix Smart App Control Blocking Apps in Windows 11

Windows 11 includes Smart App Control, a security feature that blocks apps it doesn’t recognize. This helps protect your PC, but sometimes it blocks safe apps like dongle drivers or setup tools. Here’s how to fix it.

Step 1: Check the Blocked App

If you see a message like “Smart App Control blocked an app that may be unsafe”, note the file name (for example, Setup.exe from a 4G dongle).

Step 2: Disable Smart App Control Temporarily

To install trusted software, you can turn off Smart App Control:

  1. Open Settings.
  2. Go to Privacy & Security → Windows Security → App & Browser Control.
  3. Select Smart App Control settings.
  4. Switch it Off (requires a restart).

Step 3: Install the Software

After restarting, run the installer again. It should now work without being blocked.

Step 4: Re‑Enable Smart App Control

Once the software is installed, go back to the same settings and turn Smart App Control On again to keep your PC protected.

Alternative: Use Official Drivers

For extra safety, download the latest drivers directly from the manufacturer’s website instead of using the bundled installer on the device.

Conclusion

Smart App Control is useful for security, but sometimes it blocks apps you trust. By disabling it temporarily, installing your software, and then turning it back on, you can balance safety with functionality.

Microsoft Windows, Windows 10, Windows 11

Fix Missing or Corrupted Windows Files with DISM and SFC

Leave a comment

Fixing Missing or Corrupted Windows Files with DISM and SFC

When Windows system files go missing or get corrupted, tools may stop working or show errors. Instead of copying files manually, the safest way is to use DISM and SFC. These built‑in commands repair and restore system files automatically.

Step 1: Repair the Windows Image with DISM

# Repair the Windows image
DISM /Online /Cleanup-Image /RestoreHealth

This checks the Windows component store and repairs it. Run this first before using SFC.

Step 2: Scan and Fix System Files with SFC

# Scan and fix system files
sfc /scannow

This scans all protected system files and replaces any that are missing or corrupted. Restart your computer after repairs.

More Useful DISM Options

# Quick check, no changes
DISM /Online /Cleanup-Image /CheckHealth

# Deep scan, no repair yet
DISM /Online /Cleanup-Image /ScanHealth

# Restore health using local source (ISO)
DISM /Online /Cleanup-Image /RestoreHealth /Source:D:\Sources\install.wim /LimitAccess
  • CheckHealth → Quick check, tells you if corruption exists.
  • ScanHealth → Deep scan, confirms the extent of corruption.
  • RestoreHealth → Repairs corruption using Windows Update or a local source.
  • Source option → Useful if Windows Update is disabled; point DISM to a local ISO or installation media.

Step 3: Verify the Repair

If SFC reports “Windows Resource Protection did not find any integrity violations”, your system files are healthy. Tools like Remote Desktop (mstsc.exe) should now open without errors. If problems remain, run Windows Update or consider an in‑place repair install.

Conclusion

Whenever Windows system files go missing or get corrupted, DISM + SFC is the safest and most reliable fix. With DISM’s extra options, you can check, scan, and repair in different ways — making it a powerful tool for any Windows troubleshooter.