From the Tree Computer Detective Files Dept.

#microsoft #windows #explorer #tortoisesvn #tortoisegit #git #subversion #svn #icons #overlay

My boss came to me one day with a weird problem – he had just upgraded his (Windows) computer, and installed svn and TortoiseSVN and had checked out our Subversion[1] repository to his Documents folder.

Following my excellent “how to set up your subversion repo .. again” instructions [2] I had written down in our wiki[3] everything had worked fine. He could see the file contents from the subversion repo just fine, but for some reason he could not get the shell icons to show correctly in Windows (file) Explorer.

See, when you have something like a cloud file sync program (Dropbox, OneDrive, Google Drive) or a revision control (git, subversion) Explorer plug-in like TortoiseSVN/Git, when Windows Explorer shows files and their icons, those tie-in programs get the chance to show some additional status over top of the regular file icon. Like whether the file has been changed or modified. In the case of a file sync program it's usually either a green “sync'd ok” icon like this: or something like a blue “still synchronizing” or red “error” indicator. Some Windows explorer views show “Status”, and this icon overlay, separately:

I know that TortoiseSVN's background “file status updater” service – the thing that actually scans, indexes and updates the behind-the-scene status of all the files in a sandbox folder – can sometimes take a few minutes to update. And I've seen the odd occasion where it just gets stuck. So I restarted the TortoiseSVN service; for good measure there's a facility in the settings where you can reset the overlay icon status and have TSVN rebuild it. Nope, that didn't help either.

Next step was to figure out why it worked on the old computer and not the new one. The first thing I checked was where the subversion sandbox was located; but in both cases, boss had checked out his subversion sandbox in his Documents folder. e.g. C:\users\boss\Documents\svn.repo\, so that's not the iss-

Until I remembered WHY boss got a new computer.

Typical, Microsoft, thanks: OneDrive, whether you like it or not

The reason why we were all getting new computers rolled out is we had been bought by Large American Conglomerate (LAG) and the LAG IT gestapo [4] had mandated Windows 11 across the board. Now, whether boss's old laptop didn't support Windows 11 or its TPM, or he was simply due for an upgrade, it didn't matter – even those of us with relatively recent Windows 11 capable PCs had seen our computers wiped, too:

• ensure the same, consistent (, draconian) corporate domain, group/role policies etc.
• only authorized applications are used.

One of the key policy changes moving from our old Small Co domain to the new LAG domain was “Everything Now Gets Kept in OneDrive”.

When you install OneDrive it “maps over” the usual Windows user-space folders like (My) Documents and Desktop to ones in your OneDrive account. For example, C:\users\you\Desktop now becomes C:\users\you\OneDrive\Desktop and it is that latter that is now continuously sync'd with your cloud OneDrive account. Anything that is already IN Desktop gets copied (not moved) to the new location.

Because of the tight integration between OneDrive and Windows Explorer (and the underlying Shell32.dll), any time you click on Desktop you're really going to OneDrive\Desktop.. It just “hides” that from you.

Sure enough, our new LAG domain user folders were now all mapped to OneDrive.

Alright, surely more than one thing can add an overlay to a file icon?

Like, why can't I put a subversion sandbox or a git repo in my OneDrive\Documents folder? All OneDrive does is show if the file is sync'd to the cloud, all git/svn does is show if its “changed” or not.

Sure, you'd think they could. And they do... to a point.

But only up to 15 13 of them at most. And it's whichever goes first.

When Windows wants to display a file in Windows Explorer or any file dialogue, it checks the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers to see which interested parties might want to jump in on how that file's icon is displayed.

Here's how this registry key looks on my computer that has – among other things – OneDrive, Dropbox and TortoiseSVN installed:

It turns out that the Shell32.dll subsystem only respects the first 15 of these defined. AND it does so in order of appearance in this registry key. And it does this in order of definition – once it finds a shell icon handler that wants to modify the shell's default icon, it stops (for that file.) – otherwise you'd potentially get a green Dropbox symbol fighting with a red git “modified” symbol (if you were silly enough to put a git repo inside a Dropbox folder) [5]

Not only that, two of them are hardcoded anyway, so really you can register thirteen of them here.

Wait a minute, you say, what little I know of the Windows registry says that sub-keys are processed (and displayed) in alphabetical order _, how did OneDrive get to the top?

It's difficult to see, but look closely – the OneDrive entries at the top have leading spaces (which when sorted alphanumerically, put them at the top).

So.. the fix is not what I think it is.. is it?

Yep, use registry editor to monkey with the names of the subkeys and put the Shell Icon Overlay handlers you want first:

In fact, there are utilities that will do this for you (such as OverlayIconsEditor , but I haven't used any of them, so you're on your own.

But.. Why – 15 err 13? It seems arbitrary.

You'd have to talk to a long-time Windows Shell team member who was around when this decision was made (probably in the Windows 95 or NT days).

But think about what this subsystem has to do – reading the list of files from the file system is pretty fast. Visualizing more than a few dozen files will start to get slow. Now enumerate over each file and ask 15 different other processes “Hey, do you have something special you wanna show for THIS file?” – that can add a lot of delay. Now imagine if you had a folder with a few thousand files.. Which is not uncommon. Showing the icons could get real slow. So its not an unreasonable design choice to limit performance issues.

Breaking news We CAN ask Raymond Chen, Microsoft, who WAS around then: Why is there a limit of 15 shell icon overlays?

A1: its a lot of work and we're lazy – lol.

A2: icon overlays are a terrible way to convey information and you shouldn't really be using them (did.. they tell the OneDrive team this?)

thanks to Cody Gray's excellent StackOverflow answer here, though I did have to dig up Raymond Chen's blog, it had moved – we can't have nice things.

Footnotes

1 – Subversion? ugh, y not git? Well, we did move our source code to several git repos, but since they're hosted on Bitbucket, we're $capped$ on repo size; our old subversion repo has a lot of large non-code files. Also Subversion tends to do better with large binary files still, a bit like what GitLFS was intended to solve. We just don't see the urgency to migrate from svn for these files.

2 – you DO have instructions on how to bootstrap your code/file repos written down don't you?

3 – you DO have a knowledgebase/wiki .. right? RIGHT?

4 – no, they really are. All of our apps now get installed through their curated “App Portal”. Noone's user account is allowed Local Admin privileges – you have to use a special user account that gets audited. “Tree, why do you use your admin account so often” To install new sw? “You should get us to add the new software to the portal that way we can vet it!” Part of my job is to determine what new software we need?

5 – actually this is fine. Usually.. until its not. I keep several subversion sandboxes in my Dropbox folder because those are low traffic and keeping them sync'd via Dropbox means I don't have to remember to Update that sandbox when I switch computers. But my high traffic git repos, I don't keep in Dropbox because I already have various build and test triggers running, on top of the git triggers, having file sync hooks also getting involved would be murder for my storage devices and a potential vector for mangling.

References

1. Cody Gray's StackOverflow answer: https://stackoverflow.com/questions/4411336/shelliconoverlayidentifiers-why-so-few
2. Direct from Raymond Chen (Microsoft): https://devblogs.microsoft.com/oldnewthing/20190313-00/?p=101094 21 Raymond Chen's excellent blog, Old New Thing: https://devblogs.microsoft.com/oldnewthing/author/oldnewthing

Changelog

2026-03-14 – initial (happy Pi Day!)

follow –> AT tezoatlipoca AT mas.to, or AT tezoatlipoca AT awadwatt.com to follow this blorg directly on the Fediverse.

From the This Is Why We Can't Have Nice Things department.

When you are registering or logging into an online or app service and they provide a button or link to “Log In Using #Google/#Microsoft/#Facebook”, the service is using what they call an OAuth provider. Technically only #OAuth2 is used these days, but its all the same thing – see [https://en.wikipedia.org/wiki/OAuth]

How OAuth or Open Authentication works is:

• Service needs/wants you to register or login
• If Service – or you – don't want yet another account to maintain, then you can choose to Log In Using Google/Microsoft/Meta/LinkedIn/any OAuth provider that Service cares to support
• Service redirects your registration/login to Google/Microsoft etc. (lets call them OAuth Provider)
• Service asks OAuth Provider to vouch you as a person and gives a list of info that Service needs
• OAuth Provider handles all the hard stuff like 2Factor, password resets, and asks your permission for all the info that Service wants to see (or change)
• If you satisfy OAuth Provider and give the right permission, OAuth Provider redirects you back to Service
• OAuth Provider ALSO gives Service a token, which allows Service to access (or modify) your info at Provider that it had asked for.

As much as one might complain about consolidation (or ransacking) of your data by Big Corpo, there are compelling arguments for OAuth services. As a user its nice to reuse a common account (i.e. your Gmail or Hotmail address) across multiple services, instead of what would technically be a seperate account (but using the same email address) for each. For example, if you change your Gmail password, your password for all the services that use your Gmail account via OAuth are automatically updated.

As a Service developer OAuth is handy because a) its a convenience to your users and b) it means you don't have to implement annoying account/profile management features like facilities to reset your password, or change your email... or more likely the case these days, two factor authentication (what a pain!) – the OAuth provider handles all of this. All you have to do is integrate support for the OAuth provider.

And of course the #OAuth provider loves it (and $implements all of the account/profile management junk and 2FA) because they get to know even more about you; for example, you're now visiting Service – and how often – and they get to watch as Service accesses or changes your data. MMmmm. Yummy user profiling data lake synergies.

A problem arises however, when a user no longer wants to associate their account on Service with their OAuth provider. I have yet to see any Service that provides an Unlink my Google/Microsoft/OAuth account from THIS account feature.

Zoomed when I shoulda Zagged

My company (SmolCo) was recently aquired by a big conglomerate parent (Innitech). We had company #Zoom accounts. My Zoom account was tree@smolco.com and could log in with a password that I had direct control over. Our corporate email accounts were hosted Gmail accounts, so tree@smolco.com was also a Google account, but I had only used it as an email address for my Zoom account.

At some point however, I must have clicked – in accident, or I was in a hurry – on that Log In With Google button and logged in – inexorably linking my tree@smolco.com Google account via OAuth with that Zoom account.

So flash forward to our aquisition. My tree@smolco.com address has now changed to tree@innitech.com – this change happened automatically by our IT department, but it wasn't a migration within Google, we swapped hosting from Google to Microsoft – that innitech.com email is now an Office365 account (joy).

So log into Zoom now. IT switched our email accounts and IT controls our Zoom accounts, so surely the zoom account would also – no. Ok, log in using the old Google account. That works. Ok – the problem is the email address which we must change. Zoom –> Profile –> Change email address. Changed email address to tree@innitech.com.

Can't log in. It turns out that because the Zoom account is now linked to an OAuth account that has now been deactivated there's no way to log in – the OAuth redirect goes to a stale Google account and you can't log into the Zoom account to do anything about it – there isn't any thing there TO do anything about it.

So now my IT guy has to delete my Zoom account entirely and recreate it. Which, good thing I didn't have any meeting recordings or anything I wanted to save... :(

Well that was fast

Oh and another thing – Dear Software Service companies that have ticketed customer support: Stop grading your support techs on how fucking fast they close the tickets

On Thursday, I submitted this ticket:

2025-02-12 07:20:48 PST - Tree

hi - My company has been aquired and our hosted google accounts, while still available, are discontinued from use. Would like to unlink my google account tree@smolco.com from my zoom account and use only tree@innitech.com email for account login.

Clear, no?

2025-02-13 09:27:49 PST  - <Zoom Tech> comments
Hello,

Thank you for contacting Zoom Billing! We’d be more than happy to help you change the email associated with your account.

Please click the link below for instructions on how to changing the email on your account:

https://support.zoom.us/hc/en-us/articles/201362563-Changing-the-email-associated-with-your-account

While most mail servers receive Zoom’s email within a few minutes, some may take longer. If you didn’t receive a verification email, confirm that no-reply@zoom.us is allowed in your inbox and check your spam folder if you still can’t find the email.

Please let me know if you have any other questions. 

Thank you,

<Tech>

2025-02-12 16:53:25 PST - <Tech> comments
Case Closed. Transferred to: <case ID>s

Ok, so never mind the fact that it was closed Thursday afternoon before actually being “resolved” Friday morning, the article that Tech sent, wasn't very helpful, because under the section titled

How to change the sign-in email if you don't have access to the original email

it says:

If you no longer have access to your original email address to verify the change, learn what options are available to you based on your account type.

If you're on a Basic (free) account, you will need to create a new Zoom account.

If you're on a paid account, complete the following steps:

1. Access the support request form.
2. Next to Unable to access your account?, click Troubleshoot login issues. The chatbot will open and provide you with a list of options to assist you with changing your login email if you don't have access to the original email address.

Now, how tf does one think I wound up at the place where I submitted the request above?

Hi, I'm Zoe 🤖 Zoom's Virtual Agent. 

Zoom may retain your chat transcript to use for quality, training, and analysis purposes.

How can I help you today?

-----------

You  12:05 PM 
Change Login Email 

-----------

ZVA BOT 12:05 PM
Let’s change the email associated with your account.

Note: To change your email, you need a unique email address that is not associated with another Zoom user or account.

Do you still have access to your original email? 

-----------

You 12:06 PM
No

-----------
ZVA BOT 12:06 PM
If you can no longer access your original email address to verify the change, you can sign up for a new account or chat with a Billing agent.

.. and then gives you the option to chat with Billing Agent. So I just emailed support later.

Changelog

2025-07-28 – initial

follow –> AT tezoatlipoca AT mas.to, or AT tezoatlipoca AT awadwatt.com to follow this blorg directly on the Fediverse.