Windows 10 Automatic Login at Boot or Switch of User

There may come a time in your nerdy life where you want your computer to automatically log in at boot or whenever anybody signs out, this can be especially useful if you are running software that needs a user to be constantly logged in.

For example, I run CCTV software on my computer via a user called Console, the software displays live camera feeds on a second screen at my desk, the same signal is fed via a splitter through network cables eventually reaching various screens dotted around my house.

The setup requires my Console user to be constantly logged in, be it when the system boots or after I have finished checking my emails or being nerdy.

It is fairly straight forward to get going, in my case on Windows 10 Pro I ran the built-in netplwiz(.exe) utility and added one string value to the registry.

Part 1: Configuring automatic login at boot

  1. Run netplwiz(.exe) and uncheck the box saying Users must enter a username and password to use this computer.
  2. Press OK then enter the username and password you want the computer to automatically login as and press OK again

That’s the first part completed, so now whenever you boot your computer it will automatically sign in as the user account you have set.

Part 2: Configure automatic login when signing out/switching user

The next part involves adding a regsitry key with a string value, once this was done I found it worked straight away without having to reboot my machine.

  1. Open regedit(.exe) and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

    Right click on Winlogon and select New > String Value

  2. For the value name enter ForceAutoLogon, double click the line you just added and enter the  value date to 1

That’s it! Now when you sign out it will automatically sign back in to the user account set in first step.


  • If you want to log in as a different user, hold the shift key whilst locking your account, you’ll then see the normal Windows login screen
  • You can do step 1 via the registry if you want, but why over complicate things!

Webmin 1.610 on CentOS 5.8 (x86)

The following commands can be used to install Webmin 1.610 on CentOS 5.8. Make sure you’re logged in as root and then follow the steps below.

Select a temporary directory to save the download to. We will only use the downloaded file once so it’s pointless keeping it.. free up space and put it in /tmp!

cd /tmp

Begin the download of Webmin using wget:


Install Webmin by unpacking the archive:

rpm -Uvh webmin-1.610-1.noarch.rpm

Done! You can now login to your fresh installation of Webmin by heading to http://hostname-or-ipaddress:10000 using the root username and password.


  • If you don’t have a server to try this on I’d recommend DigitalOcean hands down – virtual servers start from $5 a month

WordPress & Spam: Key’s Solution

Recently I began to see an increase in malicious login attempts to my servers from bots (ie. automated attempts to login via FTP, POP/IMAP, SSH and so on) which gave me an idea for a new side-project on NerdTools known as the Bad Bots Intrusion & Spam Detection database.

After a few hours of developing a database was generating before my eyes of all the bad bots and their failed attempts, which then got me thinking, aside from using the database with a firewall can this be intergrated with WordPress to stop spam before its even posted?

A few more hours developing and I have now created two plugins which are listed in the WordPress extension directory. One is called NerdTools Bad Bots Spam Reporter which cleverly and annonymously reports the IP address of an author whenever a comment is classed as spam, and the other is called NerdTools Bad Bots Spam Defender which again annonymously screens every authors IP address against the database and if a match is found it won’t allow the comment to be saved.

Going a little deeper into the reporting plugin; when a comment is classed as spam the authors IP address is reported to the database but it won’t be entered straight away, our system will wait and see if any patterns form, if so it will then be entered and further comments will not be allowed.

It may seem madness having two seperate plugins to work as one but I didn’t want to force people into reporting comments if they don’t want to and vice versa with the defending plugin.

In terms of infrastructure the database is hosted on a high performance SSD server which has memcache enabled. Future plans include clustered servers for even greater performance.

Not bad for a few hours work!





Server Security Tips

Whenever I deploy a new server I always ensure that any flaws which I’ve picked up from my few years of server experience are fixed, leaving the new server as secure as can be and ready for use.

Below are a few tips for keeping your server as secure as can be:

  • Have a secure root password – Use something random and at least 8 characters long
  • Use non-default ports – Change the default port for services commonly targeted by bots or attackers such as SSH
  • Check your logs – Look for authentication failures and put the related IPs in a block or reject rule using iptables
  • Process users – Make sure processes have their own users and aren’t ran as root

More tips will be added once I remember them!

Review of Oak Tree Dental Practice in Stourbridge

I became a patient at Oak Tree Dental Practice after my current dental practice at the time was going through some major changes and didn’t seem to be offering a good enough service. As part of a management change I was given a checkup and told I would need 6 fillings (3 existing and 3 new that needed redoing) but I couldn’t get an appointment for months, meanwhile I was still paying a monthly Denplan fee and worrying that I would eventually have no teeth and no one seemed to be taking it seriously.

I took the plunge and went to see Mr Jonathan Edward Swinscoe for a “free” checkup. I ended up paying £35 for the apparently free checkup, but he comforted me and said he could get all the fillings done in one go. I transferred my Denplan contract to him which cost £15 and the plan was to wait until the next month when the transfer was complete so the work would be done at no extra cost.

The time came for my appointment and I have to be honest I was dreading it. I had a while to think back about what Jonathan said and it just felt too good to be true, but it was too late to back out now. It didn’t help that the receptionists were too busy gosipping and dancing away to the radio, they seemed frustrated that the whole waiting room wasn’t joining in with them.

The time came where Jonathan called me in, he sat me down on a damp dentist chair that had just been cleaned and then injected, no questions about what medication I was on, no explanation of what is going to happen or anything like that, literally pain killer was injected and I was sent back out to the waiting room. He didn’t seem in a talkative mood thinking back now.

After he saw another client I was taken back into the room to the yet again damp dentist chair. The nurse was out of the room but Jonathan started drilling out my teeth by himself. He had the drill in one hand and suction tube in the other and choked me several times as he wasn’t removing the water quick enough but luckily the nurse came back and took over.

It is worth mentioning at this point that he didn’t have any gloves on and he didn’t give me any protective eyeware meaning my £200 glasses were almost destroyed.

I thought things couldn’t get any worse but at this point but then he started being incredably rough, to the point where I had to keep stopping him because of the pain and was physically shaking. Each time he stopped he would start again straight away and it soon became obvious that he was rushing drilling out the teeth out to get them all done in time, I was really worried that he would drill to far and hit a nerve but luckily that didn’t happen!

After the drilling had finished he stopped and made a sexist comment infront of his female nurse and myself, he said “Not only women have bad days you know!” so now it felt like he was having a bad day and taking it out on me? Great!

He then started putting the fillings in place, again he was rough, applying a fair amount of pressure jolting my neck around for each filling. He put his palm flat on my head which wasn’t very comfortable but at this point I just wanted to get out of there. He just didn’t seem to care, but then again he was having a bad day, so that’s okay then?

After all the fillings were done he literally scooted off to his computer and ignored me, he didn’t explain any care instructions, what had been done or anything, I literally got blanked which was rude. The nurse then asked me to move off the chair so she could wipe it down and then whisked me (still shaking) to a small table in the corridor and offered to sign me up for Denplan. I explained with a numb mouth that I had already transferred to him and then went out the reception where I was told I would need to pay and again had to explain.

I finally got to the safety of my car still shaking and it is safe to say I will never ever be setting foot back in that practice ever again and I will never ever recommend it to anyone.

To add insult to injury I have been left with really sensitive teeth and can no longer drink really hot or really cold drinks. I have also had to have the fillings adjusted by another dentist as they were poorly fitted causing “the battery effect”.

To be clear, this review is about Review of Oak Tree Dental Practice 78 Bridgnorth Road, Wollaston , Stourbridge, DY8 3PA and is not to be confused with practices of a similar name.

Unstick a LinkStation Disk Backup

Imagine this… you have two decent network attach storage boxes which regularly backup one to the other using a built in Disk Backup tool –  Brilliant huh, sounds almost like a nerdy dream! Now imagine part way through a backup you get a power cut or you just trip over the power cable ripping the plug out the wall… not to worry, things will pick up where they left off… unless those decent boxes are Buffalo LinkStations!

I first discovered this flaw a few weeks back when one of my nightly backups seemed to be taking longer than usual. I gave the box about a day or so to try and fix itself but it still kept saying that the disk backup was in progress and in the admin interface and I was unable to cancel or remove the backup, so it was pretty much stuck as you can see below:


I headed to the official Buffalo support website which seemed to have a fix for this common problem – See for yourself below:

Okay so you have to restore the box to factory defaults… no thanks! I can only assume that because the HS-DHGL is one of their older discontinued products they just can’t be bothered to make a firmware update as it’s not worth their time or effort, but the other option is to use SSH to edit a file which will force the backup to complete.

Getting Unstuck

The following guide will assume you have already enabled SSH and are logged in ready to go, if you haven’t yet enabled SSH see this post here.

  • First of all we need to locate the backup configuration file and this depends on the job number specified on the admin interface, in my case it was number 1 so we need to type in the following command to open the file in a text editor:
    • "vi /etc/melco/backup1"
  • You will now see the configuration file open, hit I (for indigo) on your keyboard to allow inserting of new text and change the line status=running to status=done
  • Hit the Escape key and then type :wq to save your changes and quit
  • Head back to the admin interface to the Disk Backup section and you’ll now see the backup showing as complete as seen below:
  • That’s it – The backup is unstuck, and we haven’t had to restore anything to factory defaults!


  • This has been tried and tested on the following models/firmware: HS-DHGL/v2.1
  • Finally, if you could let me know if you encounter any problems or can confirm if this works for other models I’d be grateful

Encrypted AES VPN tunnel between pfSense 2.3 and Ubiquiti EdgeRouter Lite

I recently retired my Draytek 2830 following a serious security flaw I discovered (that’s another post, stay tuned!) and took the plunge with a rather impressive looking Ubiquiti EdgeRouter Lite.

The other option was a rack mountable TP-Link TL-ER6020 although the maximum NAT throughput was only 180Mbps and it only had 128MB  DDR2 memory and no clear CPU specs, also the web interface looked tired and very restricted. Pound for pound the EdgeRouter was cheaper and has a better spec of anywhere up to and over 600Mbps, 512MB DDR2 memory and Dual‑Core 500 MHz, although it wasn’t rack mountable it was a no brainer with its modern web interface, also did I mention it can process 1 million packets per second?

The EdgeRouter also appeals to my inner nerd  (you can no doubt tell) as you can program it via web interface, command line or console connection and you can remove features you don’t need to boost performance. For example, it may only have 3 gigabit ports, but you can do whatever you like with them! In my case I have it configured as 1 WAN port and the other 2 ports are linked to two seperate LAN’s. I will write a full review when I get chance, but for now just take my word that it is the best router I have ever owned.

Anyway, to business!

Home Network

As before with the Draytek guide my home network is still double NAT’d but there isn’t a speed issue anymore. I do plan to eventually run everything via the EdgeRouter but first I need to install a few additional access points (I’m thinking a couple of airGateway-LR’s hidden in roof spaces will do, powered by PoE obviously!).

In the example below the home network subnet will be 192.168.100.x
and WAN address will be

Remote Network

The remote network is the same as before too – a pfSense machine sits at x.1 and deals with traffic to the local network.

In the example below the remote subnet will be 192.168.150.x and WAN address will be


  • Each local area network must be on a seperate subnet, otherwise things can quickly get messy and conflict!
  • Make sure you use a secure pre-shared key, anything above 32 characters will do nicely and under no circumstances use the example key!
  • The example details below are fake, replace them with your own details if you want this to work

Configuring pfSense

The guide below lists only the parts you need to change, if the option isn’t listed then leave it as is. Anything to do with double NATing is in red, ignore this if your router is WAN facing.

Fairly straight forward, go to VPN > IPSec > Click Add P1

  • Enter the Remote Gateway as the WAN IP address of the EdgeRouter (or the Superhub in my case)
  • Enter a brieft description in the Description box – VPN to pfSense LAN
  • Select Peer identifer as KeyID tag then enter the WAN address of EdgeRouter ( else leave as Peer IP address
  • Enter your pre-shared key in the Pre-Shared Key box – testing123
  • Set the DH Group to 14
  • Press Save

That’s your Phase 1 entry configured, now for Phase 2:

Go to VPN > IPSec > Click on Show Phase 2 Entries for Home

  • Enter Remote Network as the home network subnet –
  • Put a brief description in the Description box – Home
  • Set PSF Key Group to 14
  • Press Save and then hit Apply Changes

Finally, we need to create a firewall rule to allow traffic to pass over the VPN:

  • Go to Firewall > Rules > IPSec and click Add
  • Change Protocol to any
  • Enter a brief description in the Description box – Allow VPN Traffic
  • Press Save any hit Apply Changes

Configuring the EdgeRouter

First of all make sure you are running the latest firmware otherwise options may be missing and this may not go smoothly! Currently (March 2017) I’m running EdgeRouter Lite v1.9.1.

Configuring the EdgeRouter is pretty straight forward, you don’t need to do anything via command line or console (unless you really want to, knock yourself out!) – Go to VPN > IPSec Site-to-Site

  • First tick the box Show advanced options to show the encryption options
  • Under Global Options leave Automatically open firewall and exclude from NAT unless you want greater control over who can connect in
  • Under Site-to-site peers enter the Peer as the home WAN address –
  • Put a brief description in the Description box – Remote
  • In local IP enter any
  • For Encryption set AES-256
  • In Pre-shared secret enter the key set previously – testing123
  • Enter the Local subnet as
  • Enter the Remote subnet as

All being well you should end up with something like below:

Once everything is saved, head over to the pfSense IPSec Status page and hit connect if it hasn’t already established and  there you have it!

At this point you may be asking why did you uncheck the option to Automatically open firewall…, this is because I like to have greater control over what IP addresses are allowed access to my network.

To substitute this option I created a rule in the NAT section translating UDP port 4500 to the routers local IP address ( In turn I set the Src Address Group of this rule to a list of predefined IP addresses, thus only allowing access to my networks and blocking the rest of the world.




My experience with KGUARD and the Mars Home NVR Combo Kit

I’ve had a KGUARD Mars Home NVR Kit installed at my house for just over a year now, I bought it from eBuyer and paid a little more than I should have thinking it was a great investment and should last a good few year… it has been okay but unfortunatley the NVR side of it recently gave up the ghost.

The NVR initially started complaining about hard disk errors, randomly rebooted and is now just stuck on the boot up screen. Being familiar with embedded devices it ended up looking pretty bricked but unfortunatley there’s no obvious way to reflash the firmware. After a long email conversation with Danny Wu at KGUARD support, he wished me good luck at trying to reflash the firmware and has ignored me ever since, it would be okay but never actually told me how to get the box into recovery mode despite asking a fair few times… I’ll try fix the NVR at some point and if I have any joy I’ll write another post.

It’s not so bad right, you can still use the cameras?

In the meantime I installed iSpy connect – recommended by my friend Chris at work – on my home computer and thought that if I nipped out to Maplins and bought a slightly over priced TP Link PoE switch I could simply swap cables over and have some sort of CCTV system working in no time… was I wrong! Turns out the cameras aren’t 802.3af compliant so it won’t work without a little adjustment.

I didn’t want to go buy more kit without knowing the cameras would actually work, so I got an extension lead and a 12v 2A adapter trailing out the window at 2am, after a bit of tinkering I managed to get a stream from one of the cameras – annoyingly the cameras have their own static IP addresses which are own a different subnet to my home network and on reboot the settings revert back to default… adding a second IP to my network card sorted that.

The next day I nipped back to Maplins and got some PoE splitters, I popped into B&Q as well and got some IP rated junction boxes to cram everything into. After a bit of creativity the end result is that I can now use the KGUARD cameras but I have to have a slightly ugly looking box alongside them to shelter the PoE splitter, its not too bad but I’ve taken the opportunity to upgrade to some Trendnet TV-IP310PI’s and you can really tell the difference.

PoE bodge

At least you won’t need to run new network cables?

Pah – Initially I wasn’t going to run new network cables as I thought the existing KGUARD ones would be good enough, unfortuantley not. When I went to put the new cameras waterproof connector in place I discovered that the existing KGUARD network cables only had 6 cores and just felt incredibly cheap, not wanting to take risks and to make things future proof I ended up spending the best part of a day feeding new cables through roof and under floors.

KGUARD network cable
KGUARD network cable

Where’s the happy ending?

It does come eventually, along the way I’ve ate a “cheddar and ham toasty”, got Chris up a ladder, learnt how to run and terminate my own network cables and recycled the KGUARD cameras to cover blind spots that weren’t covered before – those two both with the help of Chris one Saturday – and learnt that ultimatley you are always better building your own system as once you are past the year warranty neither the retailer nor manufacturer could care less!

I was torn between iSpy or BlueIris for software – I ended up going with iSpy which is opensource but should really be classed as freemium. If you want to do anything useful (playback footage, watch remotely or recieve email alerts) you have to upgrade to a premium version which is a monthly cost – not to worry though, I’m currently working on a VB program which will allow both live and pre-recoded playback of files possible and Chris is working on an alternative mobile ap.

I can’t thank KGUARD enough for this valuable learning experience and I would strongly recommend that if you are thinking about getting a KGUARD system then look elsewhere! If I hadn’t have had such good knowledge of network and computing then I’d have ended up with one very expensive set of paper weights.

Fix TRENDnet TV-IP310pi Corroded PoE Connector

Following Storm Doris back in February 2017, one of my cameras at the back of my house stopped working. Part of the roof had been blown off (only a plastic cover, thankfully nothing more serious) which exposed the cable and allowed things to get a little damp.

On closer inspection the 3 far pins in the connector had corroded as seen below, click any picture below to see a bigger version:

I’m presuming the corrosion had been going on some time and the storm was the icing on the cake. I tried a mixture of WD40 contact cleaner followed by a strong acid based electrical cleaner and the pins had cleaned up nicely but it still wasn’t working.

I was really trying to avoid was chopping the connector off completely as after all it is over £100 worth of camera, but that happened…

As you can see from above I opted for jelly crimps (scotch locks) as these are waterproof, the alternative was either a  surface mounted punch-down box or RJ45 coupler both which would have corroded over time and eventually left me with a broken camera again.

After making sure everything was working I wrapped the jellys in a fair amount of electric tape followed by a healthy dose of vaseline.

I would have exposed more of the camera cable which would have made things look neater and given me more room to position each jelly connector but ultimately I wanted to cut as little as possible, and the fact it was now working again was a good enough excuse to leave it alone!

Colour Combinations

It came as no suprise that the camera didn’t use standard 568B colours but here is the combination I used:

Key: 568B Standard Cable / TRENDnet Cable

  • Orange WhiteOrange
  • OrangeYellow
  • Green WhiteGreen
  • BlueGrey
  • Blue WhitePurple
  • GreenBlue
  • Brown WhiteBrown
  • BrownWhite

I found the colours by refering to this guide here. I did manage to get the green and green white cables mixed up, however this hasn’t affected the camera in any way that I can tell. If it does ever cause a problem I will swap the cables around at the patch panel to avoid having to tamper any further.

A word of warning about Kimsufi and ESXi

Kimsufi are well known for offering cheap dedicated servers and over the years I’ve had no problems until recently.

I purchased a KS-5 for running VMware ESXi on, it was a fairly good spec Xeon with 16GB of ram and 2TB disk space for about £30 a month plus a one time setup fee. It was quickly provisioned which was great, but after logging into my account I found a problem – There was no obvious place to order additional IPv4 addresses which rendered the server completely useless to me. I was prompted to select an operating system, so I did thinking this would make ordering IP addresses possible, but still nothing.

I contacted support immediately and asked if ordering additional IP addresses was possible, and if not to cancel and refund my account. They responded in a nut shell saying its not possible, and that because I’d installed the VMware template that they provided they wouldn’t refund me which was annoying, they also implied that because the service was so cheap I should be grateful and suggested using their sister brand SoYouStart, amusing.

Luckily I paid with PayPal so I opened a dispute and got my money back. It’s not about the money though, its about Kimsufi not making the facts clear and then fobbing you off. I’d usually recommend them, but not anymore.

I’ve since found a better provider, offering similar spec servers capable of running ESXi with, wait for it, the option to order additional IP addresses! Amazing.