Better access to special characters with AutoHotkey on Windows

EDIT 2020-06-21: I tweaked the layout a bit, and updated screenshot and scripts.

When you're trying to improve your typing skills, there are quite a few things you can do: learning to touchtype, getting an ergonomic / split keyboard, or moving to a better layout than QWERTY. However, if you're like me (small hands, short pinkie), chances are that none of these will be of much help when you have to type a lot of special characters, for example in programming. That's because special characters are typically hard to reach. Most layouts banish them to the edges of town, leaving them almost entirely to the right pinkie and to shift+<number>, which forces your hands to wander very far from the home-row on which your muscle-memory is based.

I'm currently experimenting with a solution to this state of things. Thanks to a wonderful little program called AutoHotkey, you can tweak your keyboard in great ways; what I decided to do was to leverage the largely-unused (but very easy to reach) CapsLock. I basically turned CapsLock into a new meta key (which is not Ctrl, Alt, AltGr, Win or Cmd), allowing me to get a completely blank layer that is independent of any existing key or shortcut. I then associated the most easily-reachable keys to the most common (and hardest to reach with typical layouts) special characters I need.

The result is that, by pressing capslock+<home-row-key>, I now get special characters with less effort and less wandering.

What you see above is the layout I'm currently using. It's not perfect, but the principles are:

• optimize the position of keys I find least-reachable and most-used on a regular layout
• privilege right-hand keys, which are the most natural companions to a left-hand meta
• privilege opening brackets, as editors typically auto-close them
• try to minimize "wandering" of hands from home-row as much as possible

I've also added a numpad on CapsLock+Shift, which is useful on laptop keyboards. Yes, you often have a hardware NumLock mode, but I never use it because I find it risky (if you mistakenly leave it on and the screen locks, good luck typing your password).

NOTE: the ALT+` combo is a "mac-ism" - it's actually AltGR+` on Windows (or Ctrl+Shift+Alt+`). It's the shortcut to prepend to a vowel to get a grave-accented character. I'm Italian, so I use it to type accents on a US keyboard.

I wish someone would come up with a "standard" meta-layout like this, with some real thought to ergonomics and frequencies; then again, programming languages can vary so much (for example there are lots of $ in Perl, but very few in Python) that I guess it would be difficult to appease everyone.

Here is a AutoHotkey script for QWERTY and AutoHotkey script for COLEMAK (that's actually what I use). If you install AutoHotkey, just save the script as AutoHotkey.ahk in the resulting installation folder and it will be automatically executed when you start the program (it can also be run at startup).

If you are on macOS/OSX, things are a bit more awkward; I might cover that in another post at some point, but my solution there relies on a smart external keyboard. Happy hacking!

Appstores need a Trial Mode

I've been looking for a while for a Windows-native Twitter client that could sync with my other non-Windows devices (aka "supporting TweetMarker"). I've found one that claims to do that, Tweet It!, but there is a problem: it costs £3.5 upfront. That's a relatively high amount of money to throw down a well hoping that my wish will come true. However, because this feature is so rare, if it worked I'd be happy to pay three times as much, no questions asked. I just have no way to find out.

Appstores need a simple Trial Mode. All the current hacks (In-App-Purchases, subscriptions, refunds etc) are just that, clumsy workarounds to this glaring omission, which is why app prices are so squeezed down - to the chagrin of indie developers. Trial Mode would also bring huge collateral benefits like reducing reliance on SaaS services (something that Microsoft in particular should relish) and creating viable alternatives to the free-to-play bubble that has turned online gaming into a socially-accepted form of gambling addiction.

I doubt Apple will ever introduce Trial Mode - they are the dominant player and have little incentive to change the rules; and Android is a far west where the Play Store is almost irrelevant. But Microsoft should experiment with something like this, while the Windows Store is still young and evolving. Both developers and users would love it, they have been asking for something like this for years.

Windows Survival Kit for OSX exiles

After 5 long years, I was gently forced back to Windows for everyday work. The experience has been less terrible than I thought, but was pretty frustrating at the beginning.
To help anyone in the same predicament, I put together a small list of tips to make the move a bit more tolerable.

• Windows does not have hot corners. Hello, 1995! Anyway, the solution here is using a small app called, unsurprisingly, HotCornersApp. It works well enough, and it's fine with multiple screens too. Despite the basic website, it's legit and even opensource, you can compile it yourself (although beware - apparently the very latest updates may not build properly).
• Windows does not do text substitution, which is one of those things that you don't know how much you love it until they take it away from you. As far as I can see, there is no free utility on Windows to do this, or nothing that actually works well enough. So, I paid for Breevy. It feels a bit retro (it looks blurry on high-def screens...), but it works very well and has all sorts of options and special features.
• Windows doesn't really deal well with multi-language support, aka typing accents from a US keyboard. Sure, you can use US-International, and deal with ' and " becoming meta-keys, but for a techie/programmer typing those characters on their own more often than accents, it's extremely annoying. The solution was again Breevy: you can define a combo that will not be triggered unless you type a special character afterwards. For example, I defined `e to become è after I press Ctrl. It works absolutely everywhere, although it's nowhere as elegant as the OSX popup. Same story for special characters like £ , € etc.
• For best results, check if your keyboard supports custom macro. Mine does, so I mapped the blank side-keys to accents and so on. After muscle-memory starts kicking in, this solution is actually superior to stock OSX.
• I was not going to reformat my external hard drives to NTFS, which is a pain to use back on OSX; so again I had to pay for Paragon HFS+ for Windows. The UI is garbage (and does not work properly with multi-monitor setups), but the actual driver seems to work perfectly.
• Microsoft has basic print-to-PDF support. If you need to concatenate documents, PrimoPDF does it, and it's free (do not download the Nitro version). The interface is not great though.
• For the developer types out there who rely on Dash, a good equivalent on Windows is Zeal. It supports the same format, even fetching docsets directly from Dash repositories.
• Also for developer/sysadmin types, the Windows equivalent of homebrew is now Chocolatey. Whoever came up with that word should give up trying to name things, but the software does work. You can use it to install 7zip (to get the latest beta with proper security patches, choco install 7zip.install --pre -y) windirstat and so on, it will make it easy to upgrade them when necessary (rather than having through the usual website-download-install dance, just choco upgrade them all).
• There are quite a few apps that do what Fluid does, i.e. making websites into "native" apps. I know, I know, they are aberrations; but I got used to having a few sites (Gmail, Trello, Hangouts...) accessible this way. After a bad experience with WebCatalog (it was working ok, but then it got stuck trying to upgrade itself), I installed nativefier. This is again more for the geek types; it requires npm and it's a command-line app with a few quirks.
• UPDATE 1: to get back the "preview on pressing Space" experience, there is a free app called Seer. You can also pay for a license, but it's not clear what the difference might be, the free app is more than enough for my needs. I had to remove the Ctrl-Alt-S shortcut in Settings in order to make it work properly.

Did I miss anything? Feel free to suggest other useful tidbits in comments.

Windows "vintage" default desktop colours

Note to self: these are the default desktop background colours for old Windows versions.

•    008080 (RGB 000-128-128) - Windows 95/98
•    3A6EA5 (RGB 058-110-165) - Windows 2000

(I know you love them, even if setting a wallpaper was the first thing you did after logging on a new PC. It's called nostalgia.)

Python and cmd.exe on Windows - a world of pain.

As I mentioned a few days ago on Hacker News in a Ruby thread, CPython support for Windows is, overall, extraordinarily good for a runtime with clear Unix roots. This said, occasionally you'll eventually hit a wall and find yourself cursing Guido & Bill under your breath. Yesterday was one of those times for me.

I'm currently working on a project using Python 3.3.5 on Windows 2008 r2, building a program that will talk to Weblogic 10.3 via the Jython-powered WLST interface (it actually does more than that: it leverages Jython to also instantiate several complex Java classes, launch VBS scripts and so on and so forth). In order to correctly set up WLST/Jython, I have to launch a batch file which in turns calls several other batch files in order to set up all sorts of environment variables. These are all pure-DOS batch files doing very little except creating or reading environment variables, but they're nested two or three levels deep from the entry-point batch.

For some reason, when I launched this batch with Popen(), variables were not set correctly. In fact, it looked like "call" statements in the batch were just silently ignored. I tried using shell=True, and it made no difference whatsoever. I put it down to some weird cmd.exe behaviour; tried to switch extension from .bat to .cmd and things started to move a bit more (so much for all those posts saying there is no difference between the two) but still some stuff wouldn't work, so I eventually settled for reimplementing the whole batch chain in Python (which is terrible and will likely bite me a year down the line as the version of Weblogic changes, but beggars can't be choosers).

The most frustrating thing, however, was that opening an interactive pipe to test and do exploratory programming was just too difficult. There are a lot of examples out there talking about .send(), .communicate() and stdin=subprocess.PIPE, but nobody seems to mention what I experienced: as soon as you call communicate() on a cmd.exe launched with Popen(), all pipes are closed and there is no obvious way to reopen them. I don't think this is due to cmd.exe, because the last output I got was always ">More ?"; I think this is just CPython being too eager to clean up.

Luckily, I found a solution in WinPexpect, a fork of Pexpect that actually deals with Windows weirdness. Processes launched with winpexpect.winspawn() actually keep their stdin pipes up long enough for me to figure out enough stuff to fully re-implement the batch chain.

The result is a Python script three times as long as the original batch and likely to break the first time Oracle changes a line here or there. It will do for now, but the experience left a sour taste in my mouth, so to speak; cmd.exe is a crappy shell, but it shouldn't be that hard to open a long-running prompt-like process piping stuff to it. If I'm missing an obviously-better solution, please let me know and I'll happily blog about it, because clearly Google and DuckDuckGo need to know about it.

Character shifting "encryption" in Windows program -- any idea...?

I could do with some help on this StackOverflow question I just posted. It's one for Windows programmers and/or amateur codebreakers.

Fully disable User Access Control (UAC) via Group Policy (GPO)

I'm sure Windows' User Access Control is a wonderful idea and dramatically improved security levels of this once-beleaugured operating system. Unfortunately, most COM/DCOM-based software was written before 2007 and simply doesn't like it (cough*Oracle EPM Financial Management*cough); 6 years later, we're still forced to disable it in many cases.

This is usually achieved through Active Directory policies. Most documents and guides will tell you that you just need to turn off three policies in Windows 2008, under Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options:

• User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode (set to Elevate without prompting)
• User Account Control: Detect application installations and prompt for elevation (set to Disabled)
• User Account Control: Run all administrators in Admin Approval Mode (set to Disabled)

Unfortunately, this will bring that lovely UAC slider all the way down, but will still results in a weird behaviour where local administrators have most rights but not all of them. The typical test I perform is to open a regular Command Prompt and try to navigate to C:\Windows\SysWOW64\Config - if I get an Access Denied message, then UAC is still lurking in the shadows.

The extra kick we need is, from my tests, this:

• User Account Control: Only elevate UIAccess applications that are installed in secure locations (set to Disabled)

As explained on the technet site, this policy refuses to elevate applications that don't live in "secure locations" (i.e. %windir% or Program Files). It makes sense that such a policy would affect third-party software dropping executables in their own home folders (cough*lots of Java stuff*cough), but why cmd.exe? No idea, but there you are. For all intents and purposes, UAC is completely turned off only when all these four policies are disabled; miss one of them, and things will get weird. 

I wish Microsoft had just given us a big button that said Behave like Windows 2003, but I guess it wouldn't have sold new manuals and certification lessons.

RDP Quick Screenshots, Or: How I've Learnt To Stop Worrying And Reverse The Problem

My work involves installing stuff on customers' servers, mostly running Windows. I usually have very limited access to them, often having to go through the customers' own computers, and what I can or cannot install is regulated by strict policies (which is good practice). And of course, one wants to minimize potential problems and maximize performance, so only the minimum amount of necessary applications and tools are installed. This would all be fine, if I didn't have to take lots and lots of screenshots in order to document (and prove) what I'm doing and how I'm doing it.

This is not a problem if I can work from my laptop, where I can run a powerful app like SnagIt or Camtasia, but it's a real pain if I have to use other hardware. If it's a simple environment with a handful of machines, I can make do with the default Remote Desktop client (mstsc.exe); if I'm lucky, it'll be a modern version that supports the CTRL-ALT-+ shortcut, which takes a screenshot of the active window inside the RDP session. That's not ideal: the resulting images are large BMP files, and you have to manually paste each one into a document right after taking the screenshot; it breaks your flow and there's a good chance you'll forget to paste it right away and lose the image after some careless CTRL-C... but I guess I could live with it.

Unfortunately, I mostly have to work on environments including dozens of machines, so the only practical approach is to use a RDP manager; since I cannot install any fancy app, it usually means I have to make do with the Remote Desktop Console (tsmmc.msc) or its modern equivalent Remote Desktop Manager. That means saying bye-bye to CTRL-ALT-+ and hello PrintScreen and mspaint.exe/Edit/Crop. Argh.

Today I thought I'd solve this problem once and for all. As Bruno Oliveira eloquently illustrated in his chart, automation is The Way of The Geek, and I am a goddamn geek. Embracing my Google-fu, I set off to find The One True Tool for this task.

My first stop was QuickScreenShots. It's a simple screenshotting app that doesn't require installation; just unzip it on the server and off you go. It features shortcuts to take screenshots of an active window, arbitrary region or full desktop; images can be automatically saved to a specific folder; best of all, it's written in (ta-daaa!) Python! w00t!

Unfortunately, it doesn't feature anything similar to CTRL-ALT-+. Not a problem, I thought: where there's Python, there's a way. Except that it didn't turn out to be the case here. RDP deals in graphic screens, not desktop widgets, and it has no concept of something like "the active window"; this is what Raymond Chen himself told me, and Raymond knows a thing or two about Windows (euphemism of the month). Mstsc.exe probably uses an undocumented extension (I guess through the Virtual Channel interfaces for RDP "plugins") to get the active window, and as far as I can see, it doesn't expose the feature through automation objects (although I haven't looked very hard, to be honest; at the end of the day, I figured it would probably be inaccessible when run through tsmmc.msc anyway). At one point I've even tried to hack it by using WshShell.SendKeys to fake a CTRL-ALT-+, but somehow it didn't work (I find SendKeys quite "temperamental" and very dependent on the Windows version; on one XP image, for example, the documented {PRTSC} keycode simply wouldn't work for me).

Sad and lonely, I was almost resigned to long, intimate sessions with mspaint, when I had the most classic epiphany. I realized my problem could be easily solved by reversing the approach: instead of trying to pull screenshots through the RDP client, I could run QuickScreenShots on all machines (after all, it's portable!), inside the RDP server sessions. I just need to point the "autosave folder" to a network share and lo, all my screenshots of the active window should end up there, nicely saved as PNG. It's so easy it almost hurts, considering I've wasted a couple of hours going through MSDN, but I'm happy I've found a decent solution anyway.

Some Useful Windows 7 Utilities

I just finished one of my periodic rounds of "Windows 7 improvements", and I thought I'd share my findings.

First, Text Editor Anywhere.
If you are familiar with the classic Firefox extension "It's All Text", then you know what this is about: TEA will launch an external editor where you can edit the contents of any text area. No more losing long posts because of some random refresh! And the joy of using all the shortcuts you love in your preferred text editor. The beauty of TAE is that it works in *any* text area, regardless of it being in a browser or a program, and you can even invoke different editors.

Another incredibly useful little app is WinLaunch.
It provides a full-screen iOS-style launcher in Windows 7, which you invoke with a custom shortcut (Shift-Tab by default). It's a fantastic way to rid your desktop of all those application icons, so that your Rainmeter skin can look fabulous without sacrificing ease of access. Now, if only I could have some sort of drawer where to drop all the files I casually drop on the desktop...

Users of the Microsoft Touch Mouse will appreciate Touch Mouse Mate.
It currently adds three features to the mouse: middle-click (tapping with three fingers), tap-to-click (IMHO the mouse is a bit too sensitive for that, but at least you have the option), and a left-handed mode. The project is open source and very active, so I expect further improvements will soon follow. Personally, I'd love to be able to define custom gestures, which is the real killer feature this mouse is missing.

And that's it! Any other utility out there that I should know about? :)

Python WMI, services and UAC

In this day and age, security-conscious Windows users "enjoy" the protection of User Access Control (UAC), a feature introduced with Vista and now a stalwart of the Microsoft world in Windows Server 2008 and Windows 7. This is why you get prompted to "allow this program to make changes to your computer" every time you install a program, or if you run a lot of "legacy" Win32 applications.

Under UAC, even when you are a local administrator, the programs you launch will not, by default, enjoy all system privileges you would expect. Until you get prompted by UAC to allow for system access, processes will run under a basic user profile.

This is a problem when you try to interoperate with Windows from Python. As soon as you try to manipulate system objects, for example to start/stop services, you'll get a lot of "Access Denied" return codes.

One solution, obviously, is to use the "Run as Administrator" option to launch python.exe, so that you get prompted by UAC and the resulting process will effectively run under elevated privileges. Note that it's not enough to launch Command Prompt (cmd.exe) with "run as an administrator" and to then call python.exe from there. You must explicitly hunt down python.exe in explorer and right-click on it, nothing less will do.

This is fine and dandy for the basic REPL interpreter, but what if you need to do it from a script? How do you elevate the process from inside a running python.exe?

The answer is to use ShellExecute with the "runas" verb, like this:

import win32api
win32api.ShellExecute( 0, # parent window
    "runas", # need this to force UAC to act
    "C:\\python27\\python.exe", 
    "c:\\path\\to\\script.py", 
    "C:\\python27", # base dir
    1 ) # window visibility - 1: visible, 0: background

UAC will then prompt the user and elevate the process. For an example script that you can only run under elevated privileges, check this:

import wmi
c = wmi.WMI()
serviceToStart = 'aspnet_state' # example
for service in c.Win32_Service(Name=serviceToStart): 
    service.StartService()

Note: I haven't tested this with py2exe yet, but at worst you should be able to right-click on the py2exe-generated binary and select to Run as Administrator anyway.

Remote shutdown on Windows

This might sound useless or obvious to many, but i didn't know it and it made my life easier today...

If you ever need to shutdown a remote Windows machine, and you can't access it with Remote Desktop or similar tools, you can use Shutdown.exe from another Windows machine, like this: shutdown /m \\my-remote-host

Additional parameters can be seen with /? but the most useful ones are:

/r

reboot after shutdown

/f

force shutdown -- useful when the machine looks stuck, which is what happened to me today...

/d xx:yy

give a reason for reboot. See /? for the available codes.

I hope this means I can say goodbye to dangerous hard-reboots...

First impressions of OpenSolaris 2009.06, Windows Server 2008, and other various OSes

Having recently installed VMWare Server, I went on a "installfest of one": Windows Server 2008, Kubuntu 9.04, OpenBSD 4.5 and OpenSolaris 2009.06 are now happily chugging along on my server (which is apparently handling the situation without breaking a sweat -- impressive), with Arch Linux next on the list.

I have to say that I've been surprisingly impressed by the two "most commercial" offerings.

Windows 2008 feels really fast and lean. I don't like the new filemanager, but it looks like some of the infamous Windows bloat has been removed here and there. Getting asked for the Administrator password every 5 seconds is irritating, but at least the "Run as Administrator" menu item is more accessible than it used to be, so you can (mostly) preempt it. Also, it seems to work better with Samba, but this might be because Samba itself improved a lot (probably thanks to certain EU antitrust actions, but I digress).

I was even more impressed by OpenSolaris. Booting in a LiveCD before installation is always nice. The customized Gnome 2.24 (aka "Java Desktop System") is the most polished Gnome I've ever seen. The package manager makes it easy to get additional software (and to get rid of unwanted megabytes of localization files for all sorts of languages). It was a breeze to install NetBeans and its plugins (Python support!), I'll have to give it a spin. It's also curious to see in action Sun's typical "network philosophy": for example, /home folders are NFS mountpoints, which makes a lot of sense if you think about it. The drawbacks are that some things don't make sense: e.g. the Gnome utility to track free disk space goes bonkers (34 free gb when the disk is only 10...?). But these are details. I'd really like to spend some time learning permissions, ZFS, zones and all that; I hope I'll get some time at work.

In retrospect, configuring my first DNS server on OpenBSD 4.5 was almost uneventful. I'm not sure I even understand what I did, but it works :) I plan to expose this box to the Big Bad Internet at some point in the future, does anyone need a bit of space?

I guess the moral of the story is: VmWare server is very nice, when you have the right iron to run it on ;)

On The Burden Of Legacy

I recently thought it would be good to write a few utilities for one of the products I support. This product was built on DCOM (don't ask me why). Obviously, being a pythonaro, I just had to use Python. And so my tribulations began.

Python supports COM objects thanks to the lovely Win32 package by Mark Hammond. When you have a DLL that you want to use in python, run "makepy.py yourlib.dll" (or just makepy.py, and browse through the registered libraries to choose one) and lo, it's available as a first-class python module. So I do that, and start poking around with various stuff, and eventually I call a method that returns an object whose definition is in another DLL, so it only comes up as a PyIUnknown object. Ah well. I run makepy.py on the second DLL, to no avail.

After a bit of googling and fiddling, I finally stumbled on the right incantation.

myobj = win32com.client.Dispatch(myobj.QueryInterface(pythoncom.IID_IDispatch))
myobj = win32com.client.CastTo(myobj,'MyIClassName')

Basically, I have to find the right interface ID for the object, dispatch it, and then recast the object with a different type which is specified by a string. Man, isn't that ugly. Not because of having to recast (which I can understand) but because the recasting needs the class name as a string, you can't somehow derive it from the object. If you don't know the "secret" class name, you can't use its methods even if you know it's of the right type. From a modern OOP point of view, this is quite absurd... but there is an explanation.

COM was built when reflection was not yet mainstream, and types were static and immutable. Programmers were used to declare types for each variable, and if the type wasn't right, the compiler would cry. Polimorphism, reflection and dynamic interpreters were slowly reaching mainstream acceptance, but Microsoft had to retrofit them on top of existing frameworks, one feature at a time. The result was the incomplete hybrid I now have to deal with.

Well, I thought, this open-source CPython stuff in Redmond is considered akin to communism, no wonder it doesn't play well with old MS frameworks. Let's try to move further down "the Microsoft Way" and see if things improve: I shall use IronPython. After all, it's just a thin layer on top of the .Net CLR, right? Certainly it will be able to guess types a bit better...

So, a few installs later (you need at minimum the "Windows SDK 6.0" for good interop tools for .Net 2.0, plus the IronPython installer), there I was, trying to do the same thing.
The .Net version of makepy.py is called "tlbimp.exe", and it will basically build a new DLL to wrap the old one. You then import the new DLL in IronPython and lo, you can use the objects. But what happens when a function returns a reference to an object not defined in the DLL? Well, more or less the same thing as for win32com -- you get an unknown interface. So again,you have to wrap all the other DLLs, and explicitly instance these objects with the right type. Slightly better but not really that much different (so I'll stick to CPython, thank you).

As I said, this sort of explicit casting was perfectly acceptable 15 or even 10 years ago. But honestly, don't we live so much better without ? Why win32com and (more damning) IronPython cannot yet look up this sort of thing automatically? I understand that I'm working with legacy interop, but still... this sort of "programmer usability improvement" would help a lot in real-world situation where The Big Rewrite is simply not an option.

Adventures in Windows - Subinacl, Cscript and how I wasted an evening

My wife's desktop machine died a couple of days ago, and now Windows won't boot for some reason. After a few unsuccessful attempts at reviving it, I decided that it would be better to simply move her stuff to a spare machine we had laying around (which actually has better specs, but I digress).

So I duly connected the old disk to the new machine, and tried to copy across a few files. Windows said "Access is denied". Apparently, the account names between old and new machine where different, so Windows would show her files as belonging to an unknown account, and refusing access even to an Administrator.
I could have worked around this by booting a Knoppix livecd and taking over, but that would have been slow; I thought that surely there was a pure-Windows solution, some "admin command-line magic", that would fix things. And so the googling started...

There are basically two main elements in Windows file security: the Owner account, and the Access Control Lists (ACL) applied to the object (or inherited). So the first step was taking ownership of all the objects; I accomplished this with a simple script using WMI:

Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colFolders = objWMIService.ExecQuery("Select * From Win32_Directory Where Name LIKE 'F:%'")
For Each objFolder in colFolders
    ' Add the input parameters.
    Set objInParam = objFolder.Methods_("TakeOwnerShipEx")._
        inParameters.SpawnInstance_()
    objInParam.Properties_.Item("Recursive") =  true
    objFolder.TakeOwnershipEx
    wscript.echo objFolder.Name
Next

The script uses a WQL query to retrieve all the directory objects, then takes ownership of them, using the Recursive option in order to take over all files included in the directory as well. I ran this from the command line with "cscript myfile.vbs" and it worked. (I have to say that for some reason this script failed on a few directories under "Program Files", but I simply ignored them.)

Now I could open any directory and set permissions on any object, but I still could not copy several files; this was because the ACL on these objects were set to refuse access to everyone but the old user. Unfortunately, I didn't know how to do that with WQL (I honestly don't know whether it's even possible); so I used SubInACL instead. This is a little tool you can download from Microsoft; it "enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain." Exactly what I needed!

subinacl.exe /subdirectories "F:\*" /grant=Administrators=F

This one-liner simply grants Full (F) rights to any object under the F drive. A few minutes later, and I was finally able to copy the files.

And they say Unix is complicated? If this was an ext2 drive, I could simply have mounted the drive as root to do whatever I wanted. Windows administration is really a bitch.

svn+ssh from Windows

Another one for Google, since currently the first hit is from a muppet advising to use a commercial product... If you want to connect to a Subversion repository using the standard SSH tunneling (svn+ssh), but you have a Windows workstation, you can use the Putty utilities. Here's what you need to do:

1. Go to the Putty download page and download putty.exe, plink.exe, puttygen.exe and pageant.exe (since you are there, you might as well get the full installer, since stuff like pscp is also very useful). Put them in your Windows PATH (e.g. C:\Windows) -- you don't need this if you ran the installer).
2. Start puttygen.exe and click Generate to generate a key. Enter the comment (usually your email) and a password. Then save the private key somewhere safe.
3. Start Putty.exe and connect to your machine, with the user/pass you use when working in Subversion.
4. go back to the puttygen window, and copy the generated key text
5. in the open ssh session, type
   

   echo '

   
   then right-click and Paste then
   

   ' >> ~/.ssh/authorized_keys

   
   then Enter
6. close Puttygen ad exit the ssh session, start Pageant. A small icon will appear in your taskbar.
7. Right-click on the icon, "Add key". Select your private key and OK, enter the password.
8. open a new command window, and try this:
   

   plink your-username@your.host.com

   
   You shouldn't be asked for a password, and be straight in. Perfect! One last thing...
9. go to your %APPDATA% directory (C:\Documents & Settings\your-name\Application Data), and enter the Subversion folder. Open the "config" file, locate the [tunnel] section and add this line before saving & closing:
   

   ssh = plink

10. Now you should be set! Try doing
    

    svn co svn+ssh://your-username@your.host.com/your/prj

I don't know if using TortoiseSVN or other UI this process can be easier or more complicated. This works, and it will give you the standard basic svn+ssh features.

Technorati Tags: Subversion, Putty, SSH, Windows