Category Archives: Microsoft Windows

Command Prompt

FFmpeg Video Conversion Guide

Leave a comment

This guide shows how to convert any video file to MP4 format using FFmpeg, while keeping the best possible quality and reducing file size. Each command includes a short explanation of what the parameters do.

🎥 FFmpeg — Convert to MP4 using H.264

Explanation: Converts video to MP4 using the H.264 codec with high quality settings.

  • -c:v libx264: Use H.264 video codec
  • -crf 18: Constant Rate Factor (lower = better quality)
  • -preset slow: Slower encoding = better compression
  • -c:a aac: Use AAC audio codec
  • -b:a 192k: Set audio bitrate to 192 kbps
FFmpeg ffmpeg -i input.ext -c:v libx264 -crf 18 -preset slow -c:a aac -b:a 192k output.mp4

🎥 FFmpeg — Convert to MP4 using H.265

Explanation: Converts video to MP4 using the H.265 codec for smaller file size with similar quality.

  • -c:v libx265: Use H.265 video codec
  • -crf 23: Balanced quality and size
  • -preset medium: Medium encoding speed
  • -c:a aac: Use AAC audio codec
  • -b:a 192k: Set audio bitrate to 192 kbps
FFmpeg ffmpeg -i input.ext -c:v libx265 -crf 23 -preset medium -c:a aac -b:a 192k output.mp4

🎥 FFmpeg — Copy Streams Without Re-encoding

Explanation: Copies video and audio streams directly into MP4 without changing codecs.

  • -c copy: Copy both video and audio as-is
FFmpeg ffmpeg -i input.ext -c copy output.mp4

🎥 FFmpeg — Preserve Resolution and Frame Rate

Explanation: Keeps the original video size and frame rate during conversion.

  • -vf "scale=iw:ih": Keep input width and height
  • fps=fps: Keep original frame rate
FFmpeg ffmpeg -i input.ext -c:v libx264 -crf 20 -preset slow -c:a aac -b:a 192k -vf “scale=iw:ih,fps=fps” output.mp4

🎥 FFmpeg — Preserve Metadata

Explanation: Keeps original file metadata like creation date and tags.

  • -map_metadata 0: Copy metadata from input
FFmpeg ffmpeg -i input.ext -map_metadata 0 -c:v libx264 -crf 20 -preset slow -c:a aac -b:a 192k output.mp4
Hyper-v, Microsoft Windows

🌀 Kapothi Guide: Fixing the Blinking “Verifying Configuration” in Hyper-V Replication

Leave a comment

Category: Infrastructure Resilience
Tags: Hyper-V, Replication, Workgroup, Certificate, PowerShell, Troubleshooting
Published by: Kapothi Editorial Archives

🧩 The Symptom

While enabling Hyper-V replication for a virtual machine, the wizard stalled at a mysterious, blinking window:

“Verifying Configuration…”

No error. No crash. Just a flickering dialog that refused to proceed.

🔍 The Hidden Cause

This issue often appears in workgroup environments or hybrid setups where:

  • Certificate-based authentication is used
  • The replica server is reachable, but the wizard cannot validate its configuration
  • The SSL certificate is valid but not automatically selected
  • The UI lacks a field to manually specify the certificate thumbprint

🛠️ The Fix: PowerShell to the Rescue

We bypassed the blinking UI by enabling replication directly via PowerShell:

🧪 PowerShell — Enable VM Replication

PowerShell Enable-VMReplication -VMName “YourVM” -ReplicaServerName “YourReplicaHost” -AuthenticationType Certificate -ReplicaServerPort 443 -CertificateThumbprint “YourThumbprint”

Replace the placeholders with your actual VM name, replica host, and certificate thumbprint. This command initiates replication using the correct certificate.

🔄 Final Step: Resume Initial Replication

After enabling replication, the initial sync must be started manually:

🚀 PowerShell — Start VM Initial Replication

PowerShell Start-VMInitialReplication -VMName “YourVM”

✅ Replication begins immediately — no more blinking, no more guessing.

🧠 Lessons for Sovereign Admins

InsightAction
UI may fail silentlyUse PowerShell for precision
Certificate must match hostnameValidate CN and SAN fields
Thumbprint is mandatoryAlways specify in workgroup setups
Initial replication is manualResume it with Start-VMInitialReplication

📦 Archived as Legacy

This guide now lives in the Kapothi archive — a beacon for those navigating Hyper-V replication in sovereign or hybrid environments. Whether you’re replicating across datacenters or between trusted nodes, remember: when the UI blinks, the shell speaks.

DOS, Microsoft, Microsoft Windows, PowerShell

📀 ROBOCOPY Commands — Copying Legacy CDs

Leave a comment

Each ROBOCOPY command below represents a different method for copying files from a legacy CD into your archive folder. These examples prioritize speed, reliability, and logging — helping you preserve your data with clarity and control.

🧭 Method 1 — Fast Copy Without Verification

This command copies all files and folders from the CD to your archive folder. It skips retries and verification to maximize speed, and saves a log of the copy process.

Command robocopy D:\ “C:\Kapothi\CD_Ingest” /e /r:0 /w:0 /log:”C:\Kapothi\CD_Ingest\copylog.txt”
  • /e → Copy all subdirectories, including empty ones
  • /r:0 → No retries on failed copies
  • /w:0 → No wait time between retries
  • /log → Save output to a log file for review

🧪 Method 2 — Copy with File Verification

This command adds file-level verification using the /v flag. Each copied file is logged with extra detail, making it ideal for critical or sensitive data.

Command robocopy D:\ “C:\Kapothi\CD_Ingest” /e /v /r:0 /w:0 /log:”C:\Kapothi\CD_Ingest\verified_log.txt”
  • /v → Verbose output with file verification
  • All other flags same as Method 1

⚡ Method 3 — Multi-threaded Copy for Speed

This command enables multi-threading for faster copying, using up to 8 threads. It’s ideal for large CD sets or high-speed archival workflows.

Command robocopy D:\ “C:\Kapothi\CD_Ingest” /e /mt:8 /r:0 /w:0 /log:”C:\Kapothi\CD_Ingest\multithread_log.txt”
  • /mt:8 → Enables multi-threading with 8 threads
  • All other flags same as Method 1

🧠 Summary Tip

Purpose: Copy legacy CD content into archive folder
Tools: ROBOCOPY, Logging, Multi-threading, Verification
Use Case: Choose based on speed, accuracy, or performance
Note: Each log file becomes part of your archival documentation

🔄 Alternatively: Use Unstoppable Copier for Damaged Discs

For discs with heavy scratches, CRC errors, or unreadable sectors, Unstoppable Copier by Roadkil offers a graceful fallback. Unlike ROBOCOPY, which halts on read errors, this tool performs sector-level recovery, gently extracting what it can — even from failing media.

  • Silent Operation: Reads so smoothly, your CD-ROM barely makes a sound — a whispering ritual of recovery.
  • Partial File Handling: Recovers what’s readable, logs what’s lost.
  • Ideal For: Legacy audio CDs, mixed-mode discs, or any media where ROBOCOPY fails mid-ingestion.

🧠 Kapothi Tip: Use ROBOCOPY first for speed and structure. If it fails, switch to Unstoppable Copier and document the recovery as a “Silent Ingestion Event.”

Microsoft, Microsoft Windows, PowerShell

The Mystery of Random Restarts: Tracing Why Your Windows PC Rebooted

Leave a comment

Not every reboot is a user’s decision. Sometimes, the system whispers its own intentions — through updates, crashes, or power flickers. If your PC restarted without your command, here’s how to uncover the ritual traces left behind.

🧭 Step 1: Use Event Viewer to Decode the Reboot


  • Press Win + R → type eventvwr.msc → Enter
  • Navigate to: Windows Logs → System
  • Look for these Event IDs:
    • 41Kernel-Power (unexpected shutdown or power loss)
    • 1074 → shutdown initiated by a process (e.g., Windows Update)
    • 6008 → previous shutdown was unexpected
    • 1001 → bug check (BSOD)
    • 12, 13, 6005, 6006 → startup/shutdown markers

🧪 PowerShell — Reboot Trace Ritual

PowerShell Get-EventLog -LogName System -Newest 100 | Where-Object {$_.EventID -eq 41 -or $_.EventID -eq 1074 -or $_.EventID -eq 6008}

🧰 Step 3: Reliability Monitor — The Visual Scroll

  • Press Win + R → type perfmon /rel → Enter
  • Look for red Xs or warnings around the reboot time
  • Click entries to see if it was a crash, update, or hardware issue

🔄 Windows Update Rebooted My PC?

Yes — and it leaves behind clear evidence. In Event Viewer, look for:

  • Event ID: 1074
  • Source: USER32

🧪 PowerShell — Windows Update Reboot Check

PowerShell Get-EventLog -LogName System -Newest 1000 | Where-Object {$_.EventID -eq 1074} | Format-Table TimeGenerated, Message -AutoSize

Look for messages like:

The process C:\Windows\servicing\TrustedInstaller.exe has initiated the restart…
The process C:\Windows\uus\packages\preview\AMD64\MoUsoCoreWorker.exe has initiated the restart…

These are system-initiated reboots, not user-triggered. They often occur after cumulative updates or servicing stack operations.

🧠 Reboot Scroll Example

🕰️ Timestamp 🔧 Process Initiated Reboot 🧠 Reason
10/11/2025 5:14:41 AM TrustedInstaller.exe Post-update servicing
10/11/2025 5:07:23 AM MoUsoCoreWorker.exe Update orchestration
10/10/2025 10:57:02 PM TrustedInstaller.exe Cumulative update phase

🧠 Kapothi Scroll Tip

Artifact: Unexpected Reboot
Cause: Windows Update (TrustedInstaller, MoUsoCoreWorker)
Tools: Event Viewer, PowerShell, Reliability Monitor
Tags: Phantom Reboot, Update Ritual, Sonic Scroll Forensics
Notes: Stylize each timestamp as a heartbeat of the system — not user-triggered, but orchestrated by the OS
Microsoft, Microsoft Windows

🏭 What Is Windows 11 IoT Enterprise — And When Do You Need It?

Leave a comment

As Microsoft continues to evolve Windows 11, one edition remains quietly powerful: Windows 11 IoT Enterprise. Unlike the consumer or business editions, this version is designed for fixed-purpose, mission-critical devices — the kind that run one job, reliably, for years.

🧠 What Is Windows 11 IoT Enterprise?

Windows 11 IoT Enterprise is a specialized operating system built for embedded systems. It offers the full power of Windows 11, but with tools to lock down, stabilize, and extend the life of devices that need to stay consistent and secure.

🛠️ When Should You Use It?

If you’re deploying devices that must perform a single, focused task — and do it without interruption — IoT Enterprise is the scroll you need.

Use CaseWhy IoT Enterprise Fits
🏧 ATMs & Banking TerminalsRequires 10-year support, no UI changes
🏥 Medical DevicesRegulatory compliance, predictable OS behavior
🏨 Hotel Kiosks & POS SystemsSingle-app mode, USB lockdown, no feature updates
🏭 Factory Automation PCsStability over time, no forced reboots
🖥️ Digital SignageAssigned Access, Unified Write Filter (UWF)
🚛 Fleet Management ConsolesRemote control, Azure IoT integration

🔐 Key Features

  • LTSC (Long-Term Servicing Channel) — 10 years of support, no feature updates
  • No Microsoft Store, Cortana, or consumer bloatware
  • Enhanced lockdown tools — USB restrictions, kiosk mode, write filters
  • Security-first — TPM 2.0, Secure Boot, BitLocker, Defender Application Control
  • Azure IoT integration — for cloud-connected telemetry or remote management

🌀 Editorial Insight

Windows 11 IoT Enterprise isn’t for browsing or multitasking — it’s for sovereign devices that must run silently, securely, and predictably. Whether you’re building kiosks, signage, or industrial control systems, this edition offers the ritual stability your infrastructure deserves.

“When uptime is sacred, IoT Enterprise stands guard.”

Microsoft Windows, Windows 11

With Windows 11 version 25H2, Microsoft has officially ended support for 32-bit (x86) processors

Leave a comment

🛑 Farewell to x86: Windows 11 25H2 Marks the End of 32-Bit Support

With the release of Windows 11 version 25H2, Microsoft has officially retired support for 32-bit (x86) processors, closing a chapter that began nearly four decades ago.

This architectural shift means that new installations of Windows 11 will require 64-bit (x64 or ARM64) processors. Devices running legacy x86 hardware will no longer be eligible for upgrades, signaling a clear move toward modern, secure, and performance-optimized computing.

🧠 Why This Matters

  • x86 architecture, once the backbone of personal computing, is limited to ~4 GB of RAM and narrower CPU registers.
  • x64 systems, by contrast, can theoretically address up to 18.4 million TB of memory, enabling richer multitasking, virtualization, and security features.
  • Microsoft’s decision aligns with industry trends — most operating systems, apps, and hardware vendors have already phased out 32-bit support.

🌀 What It Means for You

  • If your device runs on x64 hardware, the transition is seamless — 25H2 arrives as a lightweight enablement package.
  • If you still rely on x86 systems, it’s time to plan your upgrade path. While older versions of Windows may continue to function, they’ll no longer receive the latest features or security updates.

📜 Editorial Note

At KAPOTHI, we see this not as an end, but as a ritualized evolution — a farewell to legacy constraints and a step toward sovereign computing. Whether you’re an archivist of old machines or a builder of future infrastructure, this moment deserves to be remembered.

“Legacy dissolves. Architecture evolves. 25H2 marks the silent farewell.”

Microsoft Windows, PowerShell

Guide: Find the Real Windows Process Behind a PID

Here’s a precise worthy guide to help you identify which Windows process is truly using a specific PID (Process ID)

🔍 1. Use Task Manager (Quick View)

  • Press Ctrl + Shift + Esc to open Task Manager.
  • Go to Details tab.
  • Locate the PID column (enable it via right-click on column headers if hidden).
  • Match your target PID to its Image Name (e.g., svchost.exe, chrome.exe).

⚠️ This shows the process name, but not the full command line or parent-child relationships.

🧰 2. Use Command Line (Precise & Scriptable)

A. Find Process by PID

tasklist /FI "PID eq 1234"

Replace 1234 with your actual PID.

B. Get Full Command Line

wmic process where processid=1234 get Caption,Commandline

C. Get Parent Process

wmic process where processid=1234 get ParentProcessId

Then:

tasklist /FI "PID eq <ParentPID>"

🧪 3. Use PowerShell (Editorial Precision)

A. Get Process Info

Get-Process -Id 1234 | Select-Object Name,Id,Path

B. Full Command Line

Get-CimInstance Win32_Process -Filter "ProcessId = 1234" | Select-Object CommandLine

C. Parent Process

(Get-CimInstance Win32_Process -Filter "ProcessId = 1234").ParentProcessId

🧠 4. Use Process Explorer (GUI + Deep Insight)

  • Download from Microsoft Sysinternals.
  • Launch as Administrator.
  • Press Ctrl + F and enter the PID.
  • View full tree, command line, DLLs, handles, and parent-child lineage.

Windows 11

Windows 11 25H2: The Vanishing Local Account and the Rise of Cloud-Only Identity

Leave a comment

and yes, Windows 11 version 25H2 does make it harder to create local accounts, especially during setup. But here’s the twist: it’s still possible, just not obvious.

What Microsoft Changed

  • In 25H2, Microsoft enforces Microsoft account sign-in during installation for most editions (Home, Pro)
  • The usual tricks like entering a fake email or skipping Wi-Fi no longer work reliably
  • This is part of their push toward cloud-connected experiences, syncing, and telemetry

🛠️ How You Can Still Create a Local Account in Windows 11 25H2

Microsoft enforces Microsoft account sign-in during setup, but there are still hidden ways to create a local account. These are unofficial workarounds and may change in future builds.

🔹 Command Prompt Trick

Use this hidden command during setup:

Command Prompt # On the setup screen, press Shift + F10
start ms-cxh:localonly

This launches a hidden flow that lets you create a local account without needing a Microsoft login.

🔹 Registry Hack (if needed)

If the above fails, you can add a registry key to bypass the requirement:

Command Prompt reg add “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE” /v BypassNRO /t REG_DWORD /d 1 /f

Restart setup after adding this key, and you’ll be able to create a local account.

🌐 Cloud vs Local Identity in Windows 11

Microsoft is moving toward cloud-only identity, but local accounts still matter for sovereignty and control. Here’s a clear comparison:

☁️ Cloud Identity (Microsoft Account / Entra ID)

Pros • Easy password recovery
• Syncs settings, files, and apps across devices
• Integrated with OneDrive, Outlook, Microsoft Store
• Required for some features (Copilot, Widgets, Teams)
Cons • Requires internet during setup
• More telemetry and data sharing
• Less control for offline or sovereign setups
• Dependency on Microsoft ecosystem

🖥️ Local Identity (Traditional Local Account)

Pros • Works fully offline
• Greater privacy and sovereignty
• No dependency on Microsoft services
• Ideal for test labs, archival machines, or secure setups
Cons • Harder to set up in 25H2
• No automatic sync or recovery
• Some features disabled or hidden
• Requires manual backups and updates

⚖️ Bottom line: Cloud identity offers convenience and integration, while local identity preserves sovereignty and offline control. Choose based on your needs.

⚠️ Important Note

These methods are unofficial and may stop working in future updates. They are best used for testing, offline machines, or sovereign setups where cloud identity is not desired.

Microsoft Windows

Global Outage Alert: Windows BSOD Crisis Following CrowdStrike Update – Recovery Steps

Leave a comment

Table of Contents

Official CrowdStrike post | https://www.crowdstrike.com/blog/technical-details-on-todays-outage/
Source | https://blog.qualys.com/

  • Steps For Regaining Access to Windows PCs, AWS & Azure
  • Qualys Assurance No Impact on Our Services

On Friday, July 19, 2024, morning, reports surfaced globally of Microsoft Windows operating system users encountering the infamous Blue Screen of Death (BSOD) following the latest update from CrowdStrike. This widespread issue has severely impacted critical services, including telecommunications, banking, airline and railway operations, supermarkets, hospitals, and major news networks.

Steps For Regaining Access to Windows PCs, AWS & Azure 

CrowdStrike has outlined a four-step process for regaining access to Windows PCs affected by the update:

  1. Boot Windows into Safe Mode or the Windows Recovery Environment.
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
  3. Locate and delete the file matching “C-00000291*.sys”.
  4. Boot the host normally.

For cloud environments, customers can revert to a snapshot taken before 4:09 am UTC.

For AWS (Amazon Web Services), follow these steps:

  1. Detach the EBS volume from the impacted EC2 instance.
  2. Attach the EBS volume to a new EC2 instance.
  3. Fix the CrowdStrike driver folder.
  4. Detach the EBS volume from the new EC2 instance.
  5. Attach the EBS volume back to the impacted EC2 instance.

For Azure, follow these steps:

  1. Log in to the Azure console. 
  2. Go to Virtual Machines and select the affected VM. 
  3. In the upper left of the console, click “Connect”. 
  4. Click “More ways to Connect” and then select “Serial Console”. 
  5. Once SAC has loaded, type in ‘cmd’ and press Enter. 
  6. Type ‘ch -si 1’ and press the space bar. 
  7. Enter Administrator credentials. 
  8. Type the following commands:
    • ‘bcdedit /set {current} safeboot minimal’ 
    • ‘bcdedit /set {current} safeboot network’ 
  9. Restart the VM. 
  10. To confirm the boot state, run the command: ‘wmic COMPUTERSYSTEM GET BootupState’. 

The manual nature of this fix poses a significant challenge for companies, especially those without backups for all VDIs, potentially slowing down the recovery process. Customers will also need a recovery key to access Safe Mode if Bitlocker is enabled on the system disk. 

CrowdStrike Engineering has reversed the changes causing this issue, with the error code displayed on affected systems: “Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19.

Source | https://blog.qualys.com/vulnerabilities-threat-research/2024/07/19/global-outage-alert-windows-bsod-crisis-following-crowdstrike-update-recovery-steps-qualys-assurance

Windows Server 2022

KB5034439: Windows Recovery Environment update for Windows Server 2022: January 9, 2024 | Error message:  0x80070643

Leave a comment

Source | Microsoft https://support.microsoft.com/en-us/topic/kb5034439-windows-recovery-environment-update-for-windows-server-2022-january-9-2024-6f9d26e6-784c-4503-a3c6-0beedda443ca

Recommended methods available at

To avoid this error or recover from this failure, please follow the Instructions to manually resize your partition to install the WinRE update and then try installing this update.

Or, to use a sample script to increase the size of the WinRE recovery partition, see Extend the Windows RE Partition.

Windows Server 2022

Summary

This update automatically applies Safe OS Dynamic Update (KB5034235) to the Windows Recovery Environment (WinRE) on a running PC to address a security vulnerability that could allow attackers to bypass BitLocker encryption by using WinRE. For more information, see CVE-2024-20666.

NOTE If your running PC does not have a WinRE recovery partition, you do not need this update. To verify if you have WinRE enabled, you can run the following command in an elevated command prompt: reagentc /info

If WinRE is enabled you will see Windows RE status in the output with a value of Enabled.

IMPORTANT This update requires 250 MB of free space in the recovery partition to install successfully. If the recovery partition does not have sufficient free space, this update will fail. In this case, you will receive the following error message:  0x80070643 – ERROR_INSTALL_FAILURE  To avoid this error or recover from this failure, please follow the Instructions to manually resize your partition to install the WinRE update and then try installing this update. Or, to use a sample script to increase the size of the WinRE recovery partition, see Extend the Windows RE Partition.