Presentation of Malekal Live CD (Win10PESE v1709) features

1.1.7. Network

In the "Réseau" section, you will find:

• Mozilla Firefox: a web browser known for accessing websites.
• PENetwork: for network access, shared folder management, ...
• TeamViewer: to access a remote PC via TeamViewer.
• UltraVNC Viewer: same, but via the VNC protocol.
• Remote Desktop Connection: same, but via the Windows native RDP protocol.

Currently, Mozilla Firefox allows you to access most websites, including HTTPS.

On the other hand, web servers using a certificate signed by a free Let's Encrypt certification authority may cause problems.
In this case, the warning "Your connection is not secure" will appear.

If you click on the "Advanced" button, you will see this.
Which means that the certificate of the issuer (in other words: the certification authority) that issued the SSL certificate used by this web server has expired.

Plain Text

[nom de domaine du site] uses an invalid security certificate.
The certificate is not trusted because the issuer certificate has expired.
Error code: SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE.

Click on: Add Exception.

To quickly dismiss the issue, click: Confirm Security Exception.
But, you will need to do this for each site affected by Let's Encrypt's expired (and obsolete) certificate authority.

Otherwise, click "Get Certificate", then click: View.

As you can see, the root CA certificate "DST Root CA X3" has expired in September 2021.
However, it is currently 2023 when I am writing this tutorial.

On the other hand, the certificate of the secondary authority "ISRG Root X1" is still valid until September 2024.
But since its certificate is signed by the root certification authority "DST Root CA X3" displayed just above, the certificate for "mozilla.org" is considered invalid, because the chain of trust is broken.

To quickly fix the problem on this live CD (as long as you don't reboot your computer), go to the page "https://letsencrypt.org/certificates" and click on: Advanced -> Add Exception.

Note: the problem is obviously the same for the site of this certification authority (CA).

Click on "Confirm Security Exception" to be able to access the site.

As you can see, the certificate of the "ISRG Root X1" CA can be signed by the "DST Root CA X3" CA (whose certificate expired in 2021), or signed by itself.
This makes "ISRG Root X1" can be used as a root CA (which has the keyword "Root" in its name) instead of being a subordinate CA.

Below this diagram you will find a "Root Certificates" section where you can download the new certificate of the "ISRG Root X1" CA in ".der" format (Windows format certificate).
Click on this "der" link.

A "Downloading Certificate" window will appear and ask you for which uses you want to trust the certificate of the "ISRG Root X1" certification authority.

Check at least the "Trust this CA to identify websites" box and click OK.

Now, all secure sites (HTTPS) using a certificate from a Let's Encrypt Certificate Authority will work without any issues.

Indeed, Mozilla Firefox will verify certificates using the valid certificate from the root CA "ISRG Root X1" instead of the expired one from "DST Root CA X3".
Here is what it looks like for the certificate used on the Let's Encrypt website.

With the "PE Network Manager" tool, you can manage access to the network and the Internet by choosing to use an IP address obtained dynamically from the DHCP server on your network (in your Box or router) or if you want to define a static one.
You can also manage shared folders under Windows PE, as well as the network drives to use.

Note: since this program is already running in the background, you will have to double-click on the network icon in the taskbar (bottom right) if you want to display it.

With Ultr@VNC Viewer you will be able to remotely access a computer where an UltraVNC server is installed.

For remote desktop, all you need is remote access enabled in Windows settings.
Please note that RDP is not available on the Home edition of Windows.

To learn more about remote access to a computer via Windows RDP, refer to our tutorial: Control a computer remotely.

1.1.8. Security

In the "Sécurité" section, you will find programs for:

• NTPWEdit: allows you to unlock or remove the password of your Windows account.
• Password Renew Sala: allows you to change the password of an account or to recreate an Administrator account (in case the current one is inaccessible).
• ProduKey: allows you to easily find the serial number of known software installed on your computer.
• ShowKeyPlus: allows you to find the Windows serial number.

With the "NTPWEdit" program, you can unlock, change or remove the password of a Windows account (for which you have the authorization to do so) by first selecting the SAM file of your local Windows installation.
To learn more about using this program, refer to our tutorial: Hiren Boot CD PE - Remove the password of a Windows session.

With the "Password Renew for NT" program created by sala, you can change the password of a Windows account (with the permission of its owner) or recreate an Administrator account.
Which can be useful if the only Administrator account on your computer has become unusable due to mishandling or a crash.

With the "ProduKey" program, you can easily find your serial numbers.
However, you will need to specify your Windows installation beforehand for this to work.

To do this, go to the menu: File -> Select Source.

In the "Select Source" window that appears, select the option "Load the product keys from external Windows directory" and click on: Browse.
Once the folder of your local Windows installation is selected, in our case "C:\Windows", click on OK.

As expected, the list of serial numbers of your programs, including the Windows one, appears.

For the "ShowKeyPlus" program, it will simply show you the Windows serial number.