Download Rufus, straight from the author at, or from

The executable is digitally signed and the signature should state:
“Akeo Consulting” (v1.3.0 or later)
“Pete Batard – Open Source Developer” (v1.2.0 or earlier)

Rufus: Reliable USB Formatting Utility (with Source), read the introductionFAQ, and support forum.

There are many Windows utilities out there that’ll help you create a bootable flash drive from your ISO image, normally used for creating CDs or DVDs.

This article is only focused on quickly and easily making a flash drive boot the ESXi installer, so you can then install ESXi onto this same flash drive. Cool, eh? See also Rufus lets you quickly and easily reformat an ESXi USB flash drive back to full capacity Sep 10 2013, and the very popular article, Use ESXi-Customizer GUI to inject multiple driver VIBs into your ESXi installer ISO Dec 16 2013, works great for ASMedia (SATA), Realtek (NIC), and LSI (RAID).

There are many methods I’ve used to create bootable media for ESXi over the last decade or so. All had some drawbacks, including the need to pay very close attention to command line diskpart commands. I was seeking something quicker and easier, and I’ve settled on Rufus recently, which has the following advantages:

  • free
  • simple GUI
  • can be run from an EXE that doesn’t require any installation
  • doesn’t require careful attention to command line partitioning commands that can be a bit dangerous
  • much faster than other methods, takes under a minute to follow my instructions below
  • seems to work, every time, back on Windows XP, right through Windows 8

For folks used to installing Windows or Linux on hard or solid state drives, it may come as a surprise that there’s little reason to install your hypervisor there. Why? Well, wear isn’t really the issue (explained below). It can be very handy in a lab to be able to shutdown the server, then simply remove and replace the USB flash drive with different USB drive with a different hypervisor. Say, for beta testing. Or testing different VIBs. This swapping allows you to leave all the internal hard drives as-is, datastores for VMs. This is geared toward the home lab enthusiast. In datacenters, the various server vendors often has specific recommendations for certain USB flash devices.

As long as you boot the ESXi installer from your USB flash drive, then choose that same flash drive as the ESXi install target, it’s all pretty darn simple and fast. All the other hard drive data remains untouched. VMware can actually install on any flash drive that’s 1GB or greater in capacity, explained at the here:

1.  What size USB/SD should I use?

The minimum disk size required to install ESXi is 1GB. When booting USB/SD there is little benefit to using a larger device because any space beyond the 1st GB will go unused.  When choosing a USB/SD boot device, it’s not the size of the device that is important but the reliability of the device.  Be sure to use good quality USB/SD devices.

2.  How long will a USB/SD device last?

Unlike a local disk or SAN LUN, USB/SD devices are sensitive to excessive amounts of I/O as they tend to wear over time.  This naturally raises a concern about the life span of the USB/SD device.  When booting from USB/SD keep in mind that once ESXi is loaded, it runs from memory and there is very little ongoing I/O to the boot device. The only reoccurring I/O is when the host configuration is routinely saved to the USB/SD device, which by default is done once every 10 minutes.  Based on how often you reboot  the host and install patches it is expected that a good quality USB should last for several years.

Since the USB drive is mostly just read at boot time, the speed of the hypervisor is not held back at all, once the boot is done. You can even get Microsoft Hyper-V to install on a 8GB USB drive as well, read more at Microsoft TechNet. Probably makes most sense for the GUI-less variant of Hyper-V.

So, why wouldn’t you think of using USB drives for ESXi, especially now that many server motherboards having an on-the-motherboard USB socket these days? Well, one barrier was Windows folks getting scared off by VMware’s Format a USB Flash Drive to Boot the ESXi Installation or Upgrade that required Linux, causing them to simply burn a CD or DVD of the install ISO. Then along came this little gem of a post from Kent Chen, on using Rufus, on July 2013, How To Format A USB Flash Drive to Boot VMware ESXi 5 Installation on Windows, along with video.

There are many methods I’ve used to create bootable media for ESXi, including the methods outlined below that each have some significant drawbacks and dangers.

Over the years, having had to deal with this issue in my home lab quite often, and I’m quite glad to share this super fast fix for re-using USB flash drives (thumb drives, USB sticks, etc.), with these advantages:

  • simple GUI
  • can be run from an EXE that doesn’t require any installation
  • doesn’t require careful attention to command line partitioning commands that can be a bit dangerous
  • much faster than other methods
  • seems to work, every time, back on Windows XP, right through Windows 8

Here’s the 4 minute video outlining the actual 2 minute procedure to create the USB flash drive with the ESXi 5.5 installer.

Download Rufus, straight from the author at, or from, then follow the step-by-step instructions below.


double-click to launch the .exe you downloaded

‘User Account Control’ say Yes

Just close the ‘Update policy and settings’ dialogue (a new feature in Windows 8.1)

‘Rufus update policy’ ‘Do you want to allow Rufus to check for application updates’ select No

Rufus set to proper ‘Device’, ‘Partition scheme’ set to MBR, and Quick format on (defaults), now select an ISO

choose your ESXi ISO image file

‘Replace menu.c32’ say Yes


When bottom-left says ‘DONE’ click Close

Remember to safely eject the USB device when you’re done with it

Sometimes it is necessary to kill a running virtual machine process (eg. if there is locked file). You need to know the Leader World ID from the VM that needs to be killed.

First, run esxtop command from the shell:

  1. Press c to switch to the CPU resource utilization screen.
  2. Press Shift+v to limit the view to virtual machines. This may make it easier to find the Leader World ID in step 7.
  3. Press f to display the list of fields.
  4. Press c to add the column for the Leader World ID.
  5. Identify the target virtual machine by its Name and Leader World ID (LWID).
  6. Press k.
  7. At the World to kill prompt, type in the Leader World ID from step 6 and press Enter.
  8. Wait 30 seconds and validate that the process is not longer listed.

10. Query firewall rules: One of the first things you’ll probably need to use netsh for is to discover Windows Firewall’s current configuration properties. You can query Windows Firewall settings using the following netsh command:

netsh advfirewall firewall show rule name=all


9. Enable and disable Windows Firewall: It’s typically a best practice to leave Windows Firewall enabled, but sometimes when you’re performing testing or setting up new applications, you need to turn Windows Firewall off for a period. The following commands illustrate how to turn Windows Firewall off and then back on:

netsh advfirewall set allprofiles state on

netsh advfirewall set allprofiles state off

8. Reset Windows Firewall: If you make a mistake configuring Windows Firewall, you might want to use the following netsh command to reset it back to its default settings:

netsh advfirewall reset

7. Set logging: The default path for the Windows Firewall log files is \Windows\system32\LogFiles\Firewall\pfirewall.log. The netsh command below changes the location of the log file to the C:\temp directory:

netsh advfirewall set currentprofile logging filename “C:\temp\pfirewall.log”


6. Allow and prevent ping: You can use netsh to control how and if a given system responds to ping requests. The following two netsh commands show how you can block and then open Windows Firewall to ping requests:

netsh advfirewall firewall add rule name=”All ICMP V4″ dir=in action=block protocol=icmpv4

netsh advfirewall firewall add rule name=”All ICMP V4″ dir=in action=allow protocol=icmpv4

5. Enable and delete a port: One of the most common things you need to do with Windows Firewall is open ports that are used by different programs. The following examples show how to use netsh to create a rule to open and then close port 1433, which is used by Microsoft SQL Server:


netsh advfirewall firewall add rule name=”Open SQL Server Port 1433″ dir=in action=allow protocol=TCP localport=1433
netsh advfirewall firewall delete rule name=”Open SQL Server Port 1433″ protocol=tcp localport=1433
4. Enable a program: Another common task is opening Windows Firewall for a given program. The following example illustrates how to add a rule that enables Windows Live Messenger to work through Windows Firewall:

netsh advfirewall firewall add rule name=”Allow Messenger” dir=in action=allow program=”C:\programfiles\messenger\msnmsgr.exe”


3. Enable remote management: Another common requirement, especially when you’re setting up new systems, is to enable remote management so that tools such as the Microsoft Management Console can connect to remote systems. To open Windows Firewall for remote management, you can use the following command:

netsh advfirewall firewall set rule group=”remote administration” new enable=yes

2. Enable Remote Desktop Connection: One of the first things I do with most of the server systems I set up is enable Remote Desktop Connection for easy remote systems management. The following command shows how to use netsh to open Windows Firewall for Remote Desktop Connections:

netsh advfirewall firewall set rule group=”remote desktop” new enable=Yes


1. Export and import firewall settings: After you get Windows Firewall configured, it’s a good idea to export your settings so that you can easily reapply them later or import them into another system. In the following netsh commands, you can see how to export and then import your Windows Firewall configuration:

netsh advfirewall export “C:\temp\WFconfiguration.wfw”
netsh advfirewall import “C:\temp\WFconfiguration.wfw”

A Common request from users is to grant others access to their calendars. You can either talk the user through this, or setup a new outlook profile to open their mailbox and set it yourself using the GUI – both are time consuming. This simple powershell command allows you to set permissions with ease:

add-mailboxfolderpermission -identity USERNAME:\calendar -user “Username of person who needs access” -accessrights reviewer
or users with a Dutch language mailbox:
add-mailboxfolderpermission -identity USERNAME:\agenda -user “Username of person who needs access” -accessrights reviewer

When installing a McAfee agent on clients or servers when using McAfee EpO server, sometimes the McAfee agent icon dissapear. Mostly this simple execution will work to show the icon again:

c:\program files (x86)\mcafee\common framework\cmdagent

For Mcafee Agent version 5.x do this:

  1. Go to C:\program files (x86)\McAfee\Agent
  2. Run UpdaterUI.exe

I had the problem that Sharepoint_Config-ID-.log.ldf grow realy BIG (14GB) on a content database of 1 GB!

You can solve this problem by using “Shrink” command in the MS SQL Server Management Studio Express

  1. First you need to connect to your Sharepoint 3.0 database called: \\.\pipe\mssql$microsoft##ssee\sql\query – just put this string in your “Server name” field:  \\.\pipe\mssql$microsoft##ssee\sql\query
    Create full backup of all databases before continuing!
  2. After that we should change restore mode from “Full” (this the parameter that allows .log.ldf to grow that large as transaction logs are not purged) to “Simple”:
  3. Expand Databases, right mouse click on Sharepoint_Config… Properties, Options, Recovery model: Simple and click OK
  4. Shrink the database procedure:

Expand Databases
Right mouse click on Sharepoint_Config… Tasks, Shrink, Files in File type select Log and click OK

Your log file will become radicaly smaller.

WSUS is both a very useful beast and a wild one: It allows you to manage a huge number of Windows workstations to keep your PCs updated and your network secure, yet it itself can be quite hard to manage.

It has built in clean-up tools for removing old, obsolete or superseded patches, but nothing to help you manage the database itself, which can grow to quite an alarming size.

This is how to properly clean up a WSUS server that is critically out of space, and reduce its database size by almost 90%.

1. See if you can reclaim some space using conventional means

The first you may know that your server is in trouble is that it only has a few meg free and some services are failing.  WSUS, by default, places its database and downloaded files on your system drive, which can leave your server in a critical state.

You can use a tool like CCleaner to remove temporary files and old server system updates to give yourself some breathing space.

2. Use the WSUS Cleanup Tool to remove updates that are no longer needed

Under “Options” in the WSUS admin tool, you can find the cleanup wizard. This does not necessarily remove disk files you would expect and can need some encouragement by manually “unapproving” updates under “All Updates”. Follow the steps here to deselect updates you don’t ever want and remove all updates from disk.  By removing all updates from disk and running a reset, it will start downloading those updates again; this delete is nothing to worry about.

It would be best to stop the WSUS service after this step.

3. Stop the WSUS service

The service is stopped via the IIS Manager, as it runs as a web site.

4. Taming the database – installing the right tools

By this point, you will hopefully have recovered a few gig of disk space. In my case, I still had the problem of the WSUS Database itself being 30Gb.  This was after a couple of years of use with maybe 50 PCs – so a fairly small site.

The database in WSUS is an embedded SQL Server database (SQL Server Express). It can be managed via SQL Server Management Studio.  You can download this for free from here.

Note: There are many versions of Management Studio. After many problems downloading versions that couldn’t be installed on this particular server due to its particular configuration, version, patch level etc, I found Management Studio 2005 worked a treat.  Your mileage may vary and it is worth persevering until you find an appropriate working version.

5. Taming the database – connecting to the .mdb file

You can now connect to the WSUS .mdb file by opening SQL Server Management Studio and entering in to the “Server” box:


Use “Windows Authentication”.

If this goes well, you should be looking at a standard database view, with a list of tables on the left and an info window on the right.

You are unlikely to be able to simply shrink the database and recover any space this way. First we need to free up some space by deleting redundant data.

6. Deleting redundant data

WSUS logs everything it does.  Over time, this can eat a lot of space in the database with surprisingly few workstations.

The logs live in the table “tbEventInstance”.

Delete all of these like this:

  1. Click on the database name ‘SUSDB’
  2. Click ‘New Query’
  3. Type ‘truncate table tbEventInstance’ in to the Query Editor
  4. Click the ‘Execute’ button – or press F5.

This removed 90% of the data in the database (several million rows) for me and did not affect WSUS operation or administration, apart from to speed up certain administration views which used old event data.

If you are concerned, and have the means, it would be prudent to back this file up first. 3aIT can accept no liability for loss or damage to your systems resulting from not taking the appropriate precautions. To put that another way: This worked for me, your mileage may vary.

The file itself defaults to living here:


If you’re less cavalier than me, and care about reporting on recent activity, you can substitute a “delete from … where” for the “truncate” above, and delete only messages older than a week or two.

7. Shrink the DB file

This is a slow step which you may want to run overnight. Where data has been deleted from the database, this will not be reflected in the file size until the file is shrunk. It is now effectively full of holes and needs defragging.

Do this:

  1. Right click on the database name (“SUSDB”) on the left
  2. From ‘Tasks’, select ‘Shrink’=>’Files’
  3. In the wizard, change the “Shrink Action” from “Release Unused Space” to “Reorganise pages before releasing unused space.  This takes the holes out of the file.
  4. Change the number in the “Shrink File To” box to match the number it tells you the minimum can be.  In my case, it told me it could shrink it to 2Gb (from just over 30Gb)
  5. Click “OK” and wait for a very long time

8. Restart WSUS and check all is well

The next day, you should find you have a file on disk that is approximately the same size you told Management Studio to shrink it to.

Restart WSUS via the IIS Manager. Check you can connect to it from the WSUS admin tool. Run any updates and do any approvals, then run the “reset” command again from here to persuade it to re-download any updates it needs.

If you think the database is going to grow out of hand again quite quickly, consider moving it to somewhere better than your system drive. Here are some reasonable instructions on how to do this using the sqlcmd.exe commandline tool to detach and reattach a database. If you don’t have this installed, you can run the SQL commands through Management Studio, or use “Detach” / “Reattach” from the “Tasks” context menu.

  • In Registry Editor, navigate to the location:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

  • When you find the correct ProfileName for your network name, double click/tap on the Category DWORD value in the same right pane to modify it.


  • Type in a new Data value number for the network location you want, and click/tap on OK.










  • You can choose these type of locations in the category-field
Network Location
Data Value
Public 0
Private 1
Domain 2


If above not works on Windows 2008/2012 server, do the following:

Add your domain name to the dns suffix option under your tcpip advanced adapter settings/properties.

Disable and re-enable your LAN adapter

Begin november wordt de KPN SMTP Server (SMTP Relay Server) uitgezet. Deze server was oorspronkelijk bedoeld voor consumenten, omdat poort 25 geblokkeerd werd. Op de server zijn echter in de afgelopen jaren ten onrechte ook enkele tienduizenden zakelijke klanten terecht gekomen, terwijl de dienst formeel nooit in de propositie heeft gezeten. Behalve dat de SMTP relay technisch niet meer nodig is in verband met het openzetten van poort 25, zorgt deze ook regelmatig voor problemen. De relay wordt met enige regelmaat geblokkeerd door grote mailpartijen zoals Gmail en Hotmail, wanneer klanten via de relayserver al dan niet bewust spam versturen. Alle klanten die KPN heeft kunnen identificeren hebben hierover onlangs een e-mail ontvangen. Toch lijkt het me handig om hier nog wat extra aandacht aan te besteden, omdat de verwachting is dat veel klanten niet weten of ze wel of geen gebruik maken van de servers. Voor uw gemak hebben we een lijst samengesteld van alle relay servers van KPN die vanaf 9 november 2015 niet meer werken. Het gaat om:


Wat u moet doen als u nog gebruik maakt van de KPN relay servers hangt af van de wijze waarop u de SMTP servers gebruikt. Zakelijke gebruikers hebben veelal hun eigen mailserver. Hieronder een instructie wat te doen.


U gebruikt een eigen mailserver

  • Neem contact op met uw serverbeheerder. Vraag hem de mailserver zo in te stellen dat de e-mail direct over poort 25 verzonden wordt. Houdt u er rekening mee dat wij als IP Visie geen wijzigingen kunnen en mogen doorvoeren op uw mailserver. Raadpleeg eventueel onderstaande PDF voor het instellen van Microsoft Exchange 2007 en Microsoft Exchange 2010.Uitschakelen SMTP relaydienst Microsoft Exchange 2007_2010
  • Laat uw PTR record door KPN (reverse DNS) aanpassen. Vaak controleren ontvangers of er een domeinnaam gekoppeld is aan het publieke ip adres waar de email vandaan komt.
    Om uw PTR record aan te laten passen door KPN kunt u een mail sturen naar zakelijkinternet@kpn.comVermeld in uw e-mail duidelijk onderstaande gegevens:

    • Aanvrager
    • Telefoonnummer
    • E-mailadres
    • Bedrijfsnaam
    • Publiek IP-adres mailserver
    • Hostname
    • Record type: PTR

Het maakt hierbij niet uit of u gebruik maakt van Glasvezel, ADSL of VDSL van KPN

The best way to work with the Hosts file is using the Terminal application found in your Mac’s Utilities folder. You’ll need to know the IP address of the device you’d like to send your Mac to, or the domain names you’re trying to keep your Mac away from.

  1. Double-click Terminal.
  2. type sudo nano /etc/hosts then hit return.
  3. You’ll be asked for your password. Enter your admin password.

Terminal app

Terminal command line

You’re now in the Nano text editor. You should see something that looks like this:

Hosts file in the Nano text editor

If you want to add a new device or domain, move the cursor using the cursor keys and position it after the text you see, then begin typing. If you’re mapping a particular IP address on your local network to a domain, you can type the IP address, hit tab, then type the domain name.

Conversely, if you’d like to make sure a web URL doesn’t go to its intended site — if you’re trying to keep your Mac away from certain sites, use “” That’ll map it back to your Mac. Even if your Mac is assigned a different IP address by its router, defaults to the local machine thanks to the default settings in that hose file.

Once you’re done, hold down the control and O keys to save the file, then control and X to exit.

Back at the command line, type sudo killall -HUP mDNSResponder then type return. That will flush your Mac’s DNS cache, so it doesn’t get confused by any changes you’ve made to the Hosts file.

Don’t forget you’ve modified the Hosts file, because at some point you may need to undo the changes you’ve made in order to keep your Mac working right.