Category Archives: Uncategorized

Restarting Explorer shell from Windows 8.1 custom shell

The other day I wanted to make Mediaportal boot directly on my HTPC, but still use some desktop functionality on occasions.

The easiest way to do this is to change the Windows shell from explorer.exe to the executable of your choice. This can be done for all users by changing this registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Shell

In Windows 8.1 (and probably earlier versions) you can’t simply use Ctrl+Alt+Delete > Task Manager > File > Run New Task > explorer.exe – as explorer is no longer set as the shell so it will simply open an explorer file window rather than restore the desktop environment.

You will need to set the registry key back to explorer.exe and run userinit.exe to get the desktop back.

I will write a longer post about the whole experience at some point, but in the meantime here’s a batch file I wrote to achieve what I needed for MediaPortal saved as C:\Utils\startmp.bat:

C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon"
  /v Shell /t REG_SZ /d explorer.exe /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon"
  /v Shell /t REG_SZ /d C:\Utils\startmp.bat /f

Basically starts the program we want, when that program is quit, it sets the Windows shell as explorer, runs userinit and then resets the Windows shell to the batch file ready for next reboot.

Cisco SG500 Small Business Switches and Smart Ports

Wow, I’ve been using Cisco switches for over a decade and I’ve never come across something quite so ugly as Smart Ports.

Cisco now have a set of Small Business switches which are designed for a smaller budget – the first of the managed switches is the SG300 and they are cheap for Cisco, about a fifth of the price of a 2650X, and a stackable series called the SG500 which are at least half the price of a 2650X.

They run a cut down version of IOS that is mostly familiar, but has a few interesting quirks. The most infuriating of which are Smart Ports.

Smart Ports are basically a set of macros that get triggered based on the characteristics of a device you connect to a switch port. The idea is, if you plug a Cisco phone in, the port gets configured for the phone. If you daisy chain a PC to the phone, it gets configured appropriately for that. If you plug another Cisco switch in, it gets configured as a trunk between switches etc..

It’s a nice theory and to be honest nothing new, as cisco have had macros for a long time – just look at the way auto qos worked on their catalyst switches.

The bit that is particularly crap about these macros is that despite the intelligence to work out what has been connected, the implementation of the macro is plain dumb. For starters, the default macros make the assumption that your data VLAN is VLAN 1. I didn’t realise this at first, I had my desktops on VLAN 50 daisy chained through phones, as the voice vlan command is not supported on these switches I merrily configured a trunk with a native VLAN of 50 for my data, and a tagged VLAN of 215 for my voice

switchport mode trunk
switchport trunk native vlan 50
switchport trunk allowed vlan add 215

Only to discover that when I plugged in a phone, it reconfigured the native vlan to be VLAN 1 and broke the PC. Brilliant.

I also had a bunch of ports configured as a simple access port on VLAN 50.

switchport mode access
switchport access vlan 50

The web GUI showed these ports as being in an unknown state as far as Smart Ports was concerned, and when I tried to reset them and push a Smart Port macro to them, they fell over part way through and left them in a semi configured state (of course the web GUI didn’t report any problems, had to look at the switch console and logs to see the Macro was falling over at line 13). The only way to fix this was to manually remove the broken config the Macro had applied using the CLI, and then get it to apply again.

Also these switches only support a single voice vlan. As a result, you configure this voice vlan globally and it is then updated in all the macros.

Another issue is with the firmware updates. The switch has the concept of a boot firmware and a switch firmware – these are issued as two separate files. The switch firmware can be uploaded via the web gui and seems fairly straight forward. For reasons only known to Cisco the boot firmware can’t be uploaded in the same way and must be sent via SCP or TFTP. Also I found that I couldn’t upgrade from an old firmware directly to the latest (I would just get errors after the upload process). In the end I found stepping through each version in turn and rebooting after each worked. Nice.

Once you get over these foibles, the switch is alright. Its pretty comprehensive for a small business switch, however its poorly implemented. Cisco have pushed you towards the GUI to manage the switch rather than the slightly odd CLI – but have only done this half-heartedly. For example they’ve provided a reasonably simple web interface, but have clung on to some old concepts of copying running-config to start-up config. For Cisco engineers this is bread and butter, but then for Cisco engineers the CLI would be preferable rather than the GUI. For non Cisco engineers, a GUI is a welcome addition – but why have the complexity of copying running-config to startup-config just to save a change you made in a GUI screen – why can’t you just click “Save” !?

Basically, if you have to deal with one of these switches – my recommendation would be restore it to factory settings, manage it purely through the GUI and update the default smart port macros to suit your environment. If you want to use the CLI, make sure you disable smart ports through the GUI first, or this thing will drive you mad!

Django behind an F5 LTM with SSL Offload

This is a short post that describes the changes necessary to make Django work behind an F5 LTM device that has been configured with SSL offload (or SSL client profiles as F5 call them).

I’ll cover a bit of F5 specific configuration, but the principles can be used for most SSL offload devices. This example is using an F5 LTM running 11.3.0, and Django 1.4.5.

First this assumes that you have your django site working, you have added it as a node to an F5 LTM, created a pool and a virtual server using port 80 and you can access the site through the load balancer.

Next you need to enable SSL on your virtual server, and tell Django that it is behind an SSL offload device. You do this by inserting a header into the connection, and telling Django to look for this header. The name of the header is not important, so long as its configured the same on the load balancer as it is within Django. To do this you need to create an F5 HTTP Profile.


On the F5, go to Local Traffic > Profiles > Create… and set the parent profile to “http”.

Tick the box next to “Request Header Insert” and set the following:



Save the profile, and apply it to your virtual server. Make sure you have an SSL Client profile configured and assigned to your virtual server, and that your virtual server is listening on port 443.

Now you need to add the following line to your Django application’s file.


To find out a bit more about this setting see:

Restart your apache or django runserver and point a browser at your site using HTTPs.