On the topic of Chrome profile transfer, this week I did the Fabs transfer for a user and it brought across a dozen of those junk search and toolbar extensions, ended up removing them all afterwards. First time I've really noticed extensions transferred with the profile but I suppose it's always done that?
Fab's AutoBackup 7 Pro - a must have tool for techs
- Thread starter fabs
- Start date
Porthos
Well-Known Member
- Reaction score
- 13,682
- Location
- San Antonio Tx
When possible I clean that crap first before backup.
- Reaction score
- 1,290
- Location
- Charente, France
It works for most things in this case. I've tried with a single domain account (same SID but different path as this AD account has been renamed).
Backup from Windows 32bit windows 7 with last Chrome version installed and restore to 64 bit Windows 10 :
- Theme : OK
- Bookmarks : OK
- Passwords : wiped
- Extensions : the only one I've installed was shown as corrupted after restore: I had to repair uBlock Origin to have it working again.
Edit : I get the same results from a domain profile to another one with different SID, same domain for both.
Conclusion :
- if I'm dealing with a domain user profile as source, I backup the entire Chrome profile.
- if source profile is domain and I'm transferring to a domain user profile, I transfer the entire Chrome profile. If target profile is not a domain profile, I'll only copy bookmarks because Chrome will wipe out everything else upon startup.
- if I've backed up entire Chrome profile and am restoring to a domain user profile, I restore the entire Chrome profile, otherwise, I'll only restore bookmarks.
Gosh! Things are getting trickier or is this just me ? LOL
Sounds pretty fair anyway
Note : I've not tested transfer between 2 different domains. I'll neet time to set up a new test domain for that.
I must agree with the above. We're talking about security stuff, aka highly sensitive data. This should not be portable at all, even if that's handy.
Example : what could happen if someone comes with a thumbdrive, run Fab's against an unattended machine and get browser profiles with passwords inside ? <sarcastic> yeah, I know: if someone leaves sensitive stuff unattended, then he deserves to be hacked lol </sarcastic>
At least, since passwords do not make it with Chrome transfer, that security issue is solved...
Yes, that's a normal behavior: a stated on post 696 of this thread, Fab's "stupidly" gets everything that's in Chrome profile (except most of cached stuff) and that includes extensions which could be crap but could also be legitimate. @Porthos is right: it's to better clean up before backup if that's possible.
Last edited:
fencepost
Well-Known Member
- Reaction score
- 2,314
- Location
- Schaumburg, IL
If you're using the vendor-provided sync in either Firefox or Chrome, you can probably skip the bookmarks as well - normally that does bookmarks, plugins, security.
One thing that would probably be really nice to keep is plugin customizations where feasible. uBlock Origin is a perfect example, since you can customize what's blocked or which sites it runs on (uMatrix is similar but much more likely to have per-site customization data). I don't believe either sync takes that along.
And uBO may be a moot point in Chrome once Manifest v3 gets rolled out sometime next year, though apparently they did increase one of the troublesome limits in it. (https://www.ghacks.net/2019/11/13/google-implements-controversial-manifest-v3-in-chrome-canary-80/)
One thing that would probably be really nice to keep is plugin customizations where feasible. uBlock Origin is a perfect example, since you can customize what's blocked or which sites it runs on (uMatrix is similar but much more likely to have per-site customization data). I don't believe either sync takes that along.
And uBO may be a moot point in Chrome once Manifest v3 gets rolled out sometime next year, though apparently they did increase one of the troublesome limits in it. (https://www.ghacks.net/2019/11/13/google-implements-controversial-manifest-v3-in-chrome-canary-80/)
- Reaction score
- 1,290
- Location
- Charente, France
Sure, built-in sync grabs everything with no hassle. Challenge here is to grab at least bookmarks for people who do not use it or who can't enable it anymore (unbootable drive for example).
This are going well regarding this stuff. It works like I want it to. I use registry to sort between domain and local users. In case of a domain user, there is a "DCName" value in "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History" registry key. If this value exists and is not empty, I can safely consider that user is from a domain. Of course, user's registry can be corrupted, so, in this case, user profile is treated like a non domain user (some kind of fail safe mode).
- Grab full Chrome profile if source user profile is identified as a domain member, just bookmarks if not.
- Transfer full Chrome profile is both source and target user profiles are domain members, just bookmarks if not.
- Restore full Chrome profile if target user profile is identified as a domain member, just bookmarks if not.
I've another couple of things to check but I would say that an update is imminent.
Thanks everyone for your insights!
- Reaction score
- 1,290
- Location
- Charente, France
Hi,
Fab's AutoBackup 7 Home & Office and Fab's AutoBackup 7 Pro V7.1.1.1297 have just been released.
Change log:
Removed:
- Windows Start Screen layout. This item was made for Windows 8 and could throw error messages while restoring/transferring.
Fixed:
- The program did not backup additional files and folders while running in safe mode and using VSS feature. To prevent this problem, VSS feature is now totally disabled in safe mode.
- Command line mode was broken when "/SILENT" switch was used.
- Google Chrome profile is now handled differently as Chrome now encrypts them for security reasons. When a Chrome profile is restored/transferred, if encryption key (linked to machine and user) is different from the current one (that's the case if Operating system has been reinstalled, computer changed or if user profile is new), Chrome deletes all settings upon startup thinking that malware has corrupted it. This happens when dealing with usual user profiles, Active Directory domain users are not affected. Now, when source user is part of a domain, the entire Chrome profile is backed up, if not, only bookmarks are saved. In case of a transfer, both source and target user accounts must be part of a domain or only bookmarks are transferred. For restore, to restore a full Chrome profile, target user account must be part of a domain otherwise, only bookmarks will be processed.
- Improved Malwarebytes Anti-malware license key grabbing feature's behavior: it now shows a reminder about limited activation licenses.
- The installed software feature listing did not grab per user installed software. Some pieces of software do not need admin permissions to be installed and sit in user's profile. If such a program is detected, there will be something like "- ##### UserName ##### at the end of the line in the list.
- Program now shows in the log if it has failed to set dates on target folder instead of putting this information in an error report. Most of the time, this is linked to a disconnected source media (under powered USB drive for example).
Grab it from your orders history's details on the shop's website at https://store.fpnet.fr/account.php?language=en or using the bundled updater tool (click the "Download Fab's AutoBackup 7.X" link within the program and get the updated files).
Fab's AutoBackup 7 Home & Office and Fab's AutoBackup 7 Pro V7.1.1.1297 have just been released.
Change log:
Removed:
- Windows Start Screen layout. This item was made for Windows 8 and could throw error messages while restoring/transferring.
Fixed:
- The program did not backup additional files and folders while running in safe mode and using VSS feature. To prevent this problem, VSS feature is now totally disabled in safe mode.
- Command line mode was broken when "/SILENT" switch was used.
- Google Chrome profile is now handled differently as Chrome now encrypts them for security reasons. When a Chrome profile is restored/transferred, if encryption key (linked to machine and user) is different from the current one (that's the case if Operating system has been reinstalled, computer changed or if user profile is new), Chrome deletes all settings upon startup thinking that malware has corrupted it. This happens when dealing with usual user profiles, Active Directory domain users are not affected. Now, when source user is part of a domain, the entire Chrome profile is backed up, if not, only bookmarks are saved. In case of a transfer, both source and target user accounts must be part of a domain or only bookmarks are transferred. For restore, to restore a full Chrome profile, target user account must be part of a domain otherwise, only bookmarks will be processed.
- Improved Malwarebytes Anti-malware license key grabbing feature's behavior: it now shows a reminder about limited activation licenses.
- The installed software feature listing did not grab per user installed software. Some pieces of software do not need admin permissions to be installed and sit in user's profile. If such a program is detected, there will be something like "- ##### UserName ##### at the end of the line in the list.
- Program now shows in the log if it has failed to set dates on target folder instead of putting this information in an error report. Most of the time, this is linked to a disconnected source media (under powered USB drive for example).
Grab it from your orders history's details on the shop's website at https://store.fpnet.fr/account.php?language=en or using the bundled updater tool (click the "Download Fab's AutoBackup 7.X" link within the program and get the updated files).
fencepost
Well-Known Member
- Reaction score
- 2,314
- Location
- Schaumburg, IL
The old standby of the Nirsoft Web Browser Password View is probably still an option for non-domain - it's not seamless, but at least the passwords are there.
- Reaction score
- 1,290
- Location
- Charente, France
Sure, but only for current user
Larry Sabo
Well-Known Member
- Reaction score
- 3,364
- Location
- Ottawa, Canada
Which would be good enough for 99% of my end users, almost all residential and who have "never had a password."
- Reaction score
- 1,290
- Location
- Charente, France
Indeed lol
glennd
Well-Known Member
- Reaction score
- 2,526
- Location
- South West Victoria Australia
Good point. If you can still create that text file then that's probably ok. If I can say to a customer that Google have changed the rules but here's the text file with the passwords they would be ok with that.
If it's only for the current user does that mean I would have to log in to each account to do a backup of Chrome? I wonder if this could be achieved from within Fabs (ie prompt for each user login credentials then log in via LogonUserEx, and do a Chrome/Firefox password backup).
btw any chance of scaling down the font size in the log display during backup and restore?
If it's only for the current user does that mean I would have to log in to each account to do a backup of Chrome? I wonder if this could be achieved from within Fabs (ie prompt for each user login credentials then log in via LogonUserEx, and do a Chrome/Firefox password backup).
btw any chance of scaling down the font size in the log display during backup and restore?
- Reaction score
- 1,290
- Location
- Charente, France
That tool to log as user can be tricky to handle, like with backups to a network path and user with not enough permissions... Also, how does this thing work if windows user hasn't password? I'm thinking about runas command that does not support blank passwords for example. If that tool works there same way, then we're gonna have a problem here...
That log font stuff should not be a problem
Last edited:
HCHTech
Well-Known Member
- Reaction score
- 4,140
- Location
- Pittsburgh, PA - USA
Which they would probably leave on their desktop obfuscatorily titled "Passwords.txt."
timeshifter
Well-Known Member
- Reaction score
- 2,335
- Location
- USA
I like to save the logs on my customer's machines. Been running into problems for OneDrive users. OneDrive won't upload some of the files generated by Fab's due to some permissions issues.
Looks like the files that cause the problem are members for groups that normal files don't (SYSTEM, S-1-5-21...., INTERACTIVE). I tried changing those from the parent folder.
Folder, Properties, Security, Advanced, "Replace all child object permission entries with inheritable permission entries from this object"
Failed to enumerate objects in the container. Access is denied.
Finally, gave up and put all files in a ZIP and deleted the originals. Would like a better, quick fix as this has come up before and will continue.
Looks like the files that cause the problem are members for groups that normal files don't (SYSTEM, S-1-5-21...., INTERACTIVE). I tried changing those from the parent folder.
Folder, Properties, Security, Advanced, "Replace all child object permission entries with inheritable permission entries from this object"
Failed to enumerate objects in the container. Access is denied.
Finally, gave up and put all files in a ZIP and deleted the originals. Would like a better, quick fix as this has come up before and will continue.
- Reaction score
- 1,290
- Location
- Charente, France
That's not really coming from permissions. You need to change ownership for that. By default, those files belong to "administrators". If you change owner with one drive user, they will upload.
Larry Sabo
Well-Known Member
- Reaction score
- 3,364
- Location
- Ottawa, Canada
I just finished restoring an IMAP account from backup to a customer's new laptop and got a warning that I need to "Set IMAP passwords from Control Panel before starting MS Outlook. See users guide p. 46." I have no idea which users guide that's referring to but in Settings, Email & Accounts it shows her MS account and Manage. I used that to install MS Office H&B 2016 but don't see where I can set her IMAP password for the new install. I don't want to change her MS account password, which is the only obvious password change option.
If I try to open Outlook, I get "Cannot start Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The file C:\Users\<user profile name>\AppData\Local\Microsoft\Outlook\<user's e-mail address>.ost cannot be accessed. You must connect to MS Exchange at least once before you can use your Outlook data file (.ost)."
How exactly do I do that? The customer is using just a gmail address in Outlook for mail.
Edit: Opened Control Panel, then Mail (Microsoft Outlook 2016) and Email accounts. Went into her gmail account settings and entered her gmail password but it's apparently wrong. Perhaps she has an App Password but I doubt it. It's the same password used to access her MS account, which also uses her gmail address.
If I try to open Outlook, I get "Cannot start Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The file C:\Users\<user profile name>\AppData\Local\Microsoft\Outlook\<user's e-mail address>.ost cannot be accessed. You must connect to MS Exchange at least once before you can use your Outlook data file (.ost)."
How exactly do I do that? The customer is using just a gmail address in Outlook for mail.
Edit: Opened Control Panel, then Mail (Microsoft Outlook 2016) and Email accounts. Went into her gmail account settings and entered her gmail password but it's apparently wrong. Perhaps she has an App Password but I doubt it. It's the same password used to access her MS account, which also uses her gmail address.
Last edited:
- Reaction score
- 1,290
- Location
- Charente, France
That's exactly why it tells to set passwords in control panel because Outlook does not work like it should if IMAP passwords are not set. You do not have to change any Microsoft account password. Follow Fab's AutoBackup users's manual for that.
Larry Sabo
Well-Known Member
- Reaction score
- 3,364
- Location
- Ottawa, Canada
I knew I didn't have to change the MS account password; I was just saying that I couldn't find where to edit the mail password, which was because I was in Settings\Mail and accounts, not Control Panel\Mail. I looked for but couldn't find the Autobackup user guide. I've found it at last and it's perfectly clear -- thanks!
However, the customer's mail password appears to be incorrect as it continues to prompt for the correct password. The customer's husband did say that he recently changed some mail passwords so he is going to complete setting up Outlook passwords once he has access to his passwords book. I hope trying to open Outlook without first having edited the passwords didn't screw things up!
I still wrestle with the MS account password not being the mail password, even though the account uses the e-mail address as the user ID. They usually start out the same but changing the mail password doesn't change the MS account password. (I'm getting too old for this!)
- Reaction score
- 1,290
- Location
- Charente, France
This sounds like a GMail app password. That would explain why usual GMail account's password does not work. Can you still run MailPassView against the original Outlook install?
Markverhyden
Well-Known Member
- Reaction score
- 10,954
- Location
- Raleigh, NC
From what I've seen loading an OST always requires a connection to the email server. Even then it always seems to load a new account. GMail has changed things. I do know that if you have a GMail business you need to get an app password which is separate from the email account password. @Larry Sabo did you try logging into the GMail web interface and request an app password? Don't know if they added that to the free email but maybe they did.
