Windows Server eventlog ID 5152 Filtering Platform Packet Drop

After some online searching around EVENT ID 5152 which had started littering my DC’s eventlogs following some additional audit enabling I discovered how to silence these logs from the SECURITY eventlog, leaving them in place for the FIREWALL log instead:

auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disable
auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:disable

The 5152 event:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: XXXX
Event ID: 5152
Task Category: Filtering Platform Packet Drop
Level: Information
Keywords: Audit Failure
User: N/A
Computer: XXXX
The Windows Filtering Platform has blocked a packet.

Application Information:
Process ID: 0
Application Name: –

Network Information:
Direction: Inbound
Source Address: XXXX
Source Port: 54915
Destination Address: XXXX
Destination Port: 54915
Protocol: 17

Filter Information:
Filter Run-Time ID: 85817
Layer Name: Transport
Layer Run-Time ID: 13
Event Xml:

5152 0 0 12809 0 0x8010000000000000 437620320 Security XXXX
0 – %%14592 XXX 54915 XXXX 54915 17 85817 %%14597 13


Windows Server 2012 .NET

Dism /online /enable-feature /featurename:NetFX3 /featurename:NetFx3ServerFeatures /Source:X:\sources\sxs
Note: X: is the drive letter of DVD drive on the computer, adjust it accordingly.

Microsoft Printing Windows

Windows Printer Communication / Printing Issues

This post is intended to cover a number of printing issues in Windows, I’ll add cases and solutions over time.

Printer was installed and connected via USB but jobs showing in the queue and not printing / cancelling, preventing anything else from printing

  1. Click the [Start Orb]
  2. Type: “services.msc” (without the quotation marks) into the search bar at the bottom of the [Start Menu]
  3. A single result named “services” should appear, [Left Mouse Click] that link to open the Services Admin Console.
  4. Locate the “Print Spooler” service in the list, a healthy print spooler service should look like the image below:
    Inline images 1
  5. If yours is in a “Stopped” state then continue to step 6, otherwise [Right Mouse Click] on the list entry for the service and [Left Mouse Click] “Stop”.
  6. Now open Windows Explorer (My Computer for example), navigate to the following directly and delete all of the files you see in there: C:\Windows\System32\spool\PRINTERS
  7. Back to the “services admin console”,  [Right Mouse Click] on the list entry for the service and [Left Mouse Click] “Start”.
  8. If the service fails to start then note down the error message and let me know.
Microsoft Windows

Windows 10 Deployment – Wim Creation

I was struggling to start with creating an ‘Unattend.xml’ through the Windows System Image Manager.

I downloaded and installed the Windows 10 deployment and Imaging Tools Environment through the Windows Assessment and Deployment Kit (ADK) for Windows 10 available from . However when attempting to load the ‘\sources\install.wim’ file from the Windows 10 Enterprise DVD I received the error:

09:28 : This application requires version 10.0.10240.16384 of the Windows ADK.
Install this version to correct the problem
09:29 :
09:29 : Error opening Windows image at D:\sources\install.wim.

09:29 :
09:29 : System.ComponentModel.Win32Exception (0x80004005): An attempt was made to load a program with an incorrect format
at Microsoft.ComponentStudio.ComponentPlatformInterface.WimFileHandle..ctor(String wimPath)
at Microsoft.ComponentStudio.ComponentPlatformInterface.WimInfo..ctor(String wimPath)
at Microsoft.ComponentStudio.ComponentPlatformInterface.Cpi.OpenWim(String wimPath)
at Microsoft.ComponentStudio.ImagePicker.GetImageInfoFromPath(String path)
at Microsoft.ComponentStudio.ImagePicker.ValidateImageFileOrFolder(String fileOrFolder)

After much googling around I did find a reference to the problem (although sadly I’ve now lost the source!), the issue is the compression level of the .wim on the DVD as (I believe) it was authored through the MediaCreationTool and so has undergone some increased compression.

The solution is to use DISM (provided as part of the ADK kit) to re-compress the ESD-wim file into a format that can be used by the Windows System Image Manager for creating the Unattend.xml answer files. To do this I issued the following command from the “Windows Imaging and Tools Environment” which was running in an Elevated Administrative fashion, where D:\ was my DVD drive assignment:

dism.exe /Export-Image /SourceImageFile:D:\sources\install.wim /SourceIndex:1 /DestinationImageFile:C:\install.wim /Compress:max

I hope this is of help to others!



Hardware Microsoft Windows

Windows 7 SSD Tuning


  1. SATA Controller AHCI Mode
  2. Enable TRIM elevated cmd prompt: “fsutil behavior query DisableDeleteNotify”
  3. Disable System Restore (optional, recommended as it interferes with TRIM)
  4. Disbaled disk drive indexing
  5. Disbale Defrag on disk
  6. Disable Page File (optional, space saving only)
  7. Disable Hibernation (optional, space saving only): elevated cmd prompt: “powercfg -h off”
  8. Disable Prefetch & Superfetch: [HKEY_LOCAL_MACHINECurrentControlSetControlSessionManagerMemory ManagementPrefetchParameters] >> EnablePrefetcher and EnableSuperfetch = 0
  9. Disable Windows Write-Cache Buffer Flusing : Device Manager > Disk Drive > Policies > UNTICK “Enable write caching on the device”
  10. Disable Windows Search and Superfetch : services.msc > Superfetch = Disabled && Windows Search = Disabled
  11. Disable ClearPageFileAtShutdown and LargeSystemCache : [HKEY_LOCAL_MACHINECurrentControlSetControlSessionManagerMemory Management] > ClearPageFileAtShutdown && LargeSystemCache = 0
Uncategorized Windows

Windows: WLAN WPA Deployment

to deploy a wlan profile along with WPA2 key (in plain text so be warned!):

1. Create the profile first and then use:

Netsh Wlan Export Profile Name="<<PROFILE NAME>>" key=clear

this dumps an xml in the current working directort with the password in plain text.


2. You can then run:

netsh wlan add profile filename="<<new xml file name>>" user=all

to reimport it on another machine


Other netsh WLAN commands:


Delete a profile

At the command prompt, type:

netsh wlan delete profile name=”ProfileName”

Show all wireless profiles on the PC

At the command prompt, type:

netsh wlan show profiles

Show a security key

At the command prompt, type:

netsh wlan show profile name=“ProfileName” key=clear

Move a network up in the priority list

Connecting to a new network and choosing Connect automatically will place it at the top of the list.

Stop automatically connecting to a network within range

Tap or click the network in the network list, then clickDisconnect.

Stop automatically connecting to a network that’s out of range

At the command prompt, type:

netsh wlan set profileparameter name=”ProfileName” connectionmode=manual

Microsoft Windows

SSL 3 Vulnerability Poodle : Chrome Fix

Launch Chrome with command line flag:




This can be added to the end of the shortcut “Target” field in Windows

Microsoft Registry Windows

Windows 7 Safe Mode Enable Windows Installer

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkMSIServer or HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMSIServer change “Default” reg_sz value to “@Service”


Windows Safe Mode Install Registry Key

Windows Registry Editor Version 5.00



Microsoft BitLocker TPM Initialization in Domain

First set the OU containers permissions to allow the NTSELF user of systems to write back TPM-ownerinformation, required when first initializing the TPM client:

1. Open Active Directory Users and Computers.

2. Select the OU where you have all computers which will have Bitlocker turned ON.

3. Right Click on the OU and click Delegate Control.

4. Click Next and then click Add.

5. Type SELF as the Object Name.

6. Select create a custom task to delegate.

7. From the object in the folder, select Computer Objects.

8. Under show these permissions, select all 3 checkbox.

9. Scroll down in permissions and select the attribute Write msTPM-OwnerInformation.

10. Click Finish.

11. CUSTOM: Now add the computer to the AD Group named “bitlocker”

12. CUSTOM: Finally power up client, turn on TPM and then initialize TPM in Windows

13. CUSTOM: Enable bitlocker (must be logged in as local/domain admin) and check AD comp object for keys

Next follow the MS article on configuring AD / Bitlocker


To manage the keys you’ll need to register the BitLocker viewer from RSAT as detailed by MS here

Must be run as a domain admin:     regsvr32.exe BdeAducExt.dll