Migrating %ProgramFiles% off of %SystemDrive%

Do not do this! I just had to do a fresh install of Windows 10 to finally get everything working again. Full disk format and install.

Yesterday I noticed a concerning state on my computer:

For a moment I wondered how I could have possibly filled that drive all the way up this fast. I just received this system in mid-October!

Oh yeah. I have games on here. Very, very large games. But I have that huge D. That should be able to relieve the pressure. So I set about copying both of my Program Files directories over.

 This took a while, as those two directories weigh in at 116 GB on disk for me right now. Once they were all copied I was left with another large problem: Windows uses stuff out of Program Files! There are open handles all over and so you cannot just move the directories. I needed to have access to my hard drives without Windows running. In the past (Windows XP days) this would have meant booting from an install media or booting up a Linux distro.

Thankfully, this is 2017 and I'm running Windows 10. There is now native support for rebooting into a diagnostic state that is not using your normal partitions. I followed the instructions documented by DigitalCitizen. Just pop open the Start menu and type Settings.

Click thru Update & Security and select Recovery.

 Once I was in the Advanced Startup screen I booted into Command Prompt.

For some reason my D: was mapped to C: and my normal C: was mapped to D:. It was a little weird. What I wanted to set up was NTFS junction points (symbolic links) at what my normal operating system thought was C:\Program Files and C:\Program Files (x86).

First, I made backup copies.
cd /d D:

move "\Program Files" "\_Program Files"
move "\Program Files (x86)" "\_Program Files (x86)"

And then I made the symbolic links... including with a bug!

mklink /D "\Program Files" "D:\InstalledSoftware\Program Files"
mklink /D "\Program Files (x86)" "D:\InstalledSoftware\Program Files"

Since the destination path is stored in the NTFS partition, I could point it at a location that didn't make any sense in the state I was at right there. Once I rebooted everything should work out fine.

I exited out to the Advanced Startup and allowed the system to continue into Windows 10. The first thing I noticed was that the system successfully booted. Once I logged in though I saw a bunch of my icons were broken. Just the shortcuts to 32 bit programs though. I compared the contents of D:\InstalledSoftware\Program Files (x86)\ and C:\Program Files (x86)\ and found that they didn't match. Strange. It looked more like C:\Program Files (x86)\ contained my 64 bit applications. Which it did.

A quick jaunt back to the Boot to Command Prompt let me fix it:
cd /d D:
rmdir "\Program Files (x86)"
mklink /D "\Program Files (x86)" "D:\InstalledSoftware\Program Files (x86)"

Excellent. On reboot all my icons looked find. Time to do a quick spot check of the file system before I delete the backups on C:

The file view in the C drive backup

The file view in C:\Program Files

Oh no! I broke all of the file system security settings by setting everything to be owned by Administrators. Is it even possible to restore a file to TrustedInstaller?! Turns out it is and it has been blogged about. And so I set about fixing a few directories.

Security Tab of File Properties on my directory

You cannot search for the TrustedInstaller account, but it is there.

Apply the changes down the whole tree.

Finally I had a directory restored! Yay! Now on to the next... 116 GB worth?! No. There had to be a way to script this. And so Powershell to the rescue.

Function Copy-ACL {
    Param (
        [string]$SrcPath,
        [string]$DestPath
    )
 
    $BaseACL = Get-ACL -LiteralPath $SrcPath
    Set-ACL -LiteralPath $DestPath -AclObject $BaseACL
 
    ForEach ($ChildItem in Get-ChildItem -LiteralPath $SrcPath -Recurse)
    {
        $DestItem = $ChildItem.FullName.replace($SrcPath, $DestPath)
        $SrcACL = Get-ACL -LiteralPath $ChildItem.FullName       

        if (Test-Path $DestItem)
        {
            Set-ACL -LiteralPath $DestItem -AclObject $SrcACL
        }     
    }
}

Now I could fix both trees.
Copy-ACL 'C:\_Program Files\' 'D:\InstalledSoftware\Program Files\'
Copy-ACL 'C:\_Program Files (x86)\' 'D:\InstalledSoftware\Program Files (x86)\'

Now... off to the races!

What is this? Oh, just rmdir /s /q %programfiles% ¯\_(ツ)_/¯

Thank you for coming on this journey with me. Next week I will blog about the total destruction I just made by massively modifying my workstation from 1am to 6am. I hope you enjoyed reading about it.

Free ALL the space!

Research material: Biographical Directory of the United States Congress

I have begun a project to map the impact of American revolutionaries to the various Congresses based on a metric inspired by Erdös Number, or Bacon Number to the more pop-culture inclined. My hypothesis is that there could be value in visualizing how far any given Congress is from the folks that actually founded the country.

This project began as a late night tweet on July the 4th, 2017. I was thinking out the differences in revolution, founding, and actual governing.

I wonder what year Congress dropped to Founding Member number 1? Dropped to 2?#sixDegreesOfRevolutionaries #baconnumber #erdosnumber

— M Molyett &YA1 (@SecsAndCyber) 8:29 PM - 4 Jul 2017

Wanting to find some existing research and maybe leads, I reached out to Twitter and was given some good hints into starting points for mapping connections: Eigenvector centrality. Turns out `* Number` mapping of a population is a form of Centrality analysis. Since my recent academic background is Cybersecurity and my undergrad was a decade ago, it was very helpful to get nudged into the proper academic terminology.

Anyone familiar with US history? Thinking about trying to quantify the impact of revolutionaries in US governance via Bacon number distance

— M Molyett &YA1 (@SecsAndCyber) 7:34 PM - 5 Jul 2017

I am currently in the data gathering stage. I need to compile, locally and in a useful format, all of the people to consider, with a focus on determining who all will be considered Founder Number 0. This has so far meant collecting the names on the signers of the Declaration of Independence and today I was starting on enumerating the delegates to the Continental Congress. Turns out the US Government has already collected that data into a book:

BIOGRAPHICAL DIRECTORY

OF THE

UNITED STATES CONGRESS

1774-2005

THE CONTINENTAL CONGRESS

SEPTEMBER 5,1774, TO OCTOBER 21,1788

and

THE CONGRESS OF THE UNITED STATES

FROM THE FIRST THROUGH THE ONE HUNDRED EIGHTH CONGRESSES

MARCH 4,1789, TO JANUARY 3,2005, INCLUSIVE

Now, with that 2000+ page pdf in hand, I have the task of ingesting all that poorly formatted data.

Exploring students and cybercrime

I'm working on a paper about a general target of cybercrime and delving into who the actors may be and what their intentions are.

The assignment gives some interesting targets and attacker goals; for instance maybe attacking a defense organization for launch codes or attacking a hospital for medical records. Am I writing about one of these? Nope, I'm going with attacking a school to get access to the grading system.

With that in mind, here is a video of what happens to students getting caught having done just that...

Credit: Nick videos