Friday, December 4, 2009

Omnibook BIOS Reset

A good friend gave me an old HP Omnibook of his, which was used by a former employee and he hadn't used it in well over a year. It turned out to have a BIOS password, which he didn't know.

I thought I was in for some laptop disassembly to remove the CMOS battery or change a jumper; perhaps even worse, to send it back to a repair depot for reset; but it was amazingly easy. 

All that had to be done was hold down the insert key while the system was booting to reset the BIOS back to default. Okay, I had to do this three times before it worked, but it worked.

Although I was relieved to be done with this in just a minute or two, making it this easy to do a reset completely invalidates the security afforded by having a BIOS password in the first place.

Anyhow, it is now happily running Fedora 11; which BTW required 515 updates for 1.6GB (and people complain about Windows updates).

Sunday, November 29, 2009

Deploying Your Own Root CA via Group Policy

Although it took some searching, this nugget was quite simple.

One of my clients has a Linux Certificate Authority and none of the Windows systems would give an invalid or unknown certificate authority error when visiting a company website that used a cert created by the CA.

Get your root certificate ready, then fire up the Group Policy Management Console (or gpmc.msc). Either create a new group policy or use the Default Domain Policy to deploy it to every system.

Right-click the policy of your chosing and select Edit... go to Computer Configuration > (Policies, if you are using Windows 2008 ) > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities, right-click and choose Import... and using the import wizard browse over to your root certificate and you are done.

Within a few days most computers on the domain should have the certificate, aside from the stragglers who never seem to be on the network.

Monday, November 9, 2009

Exchange 2010 is Now Available

Good thing we had that free eBook to learn Exchange 2010, because the announcement on the official Microsoft Exchange Team Blog says it is out the door and available worldwide.

You can grab the 120 day trial here. And this time there is no 32-bit version, as with the Exchange 2007 trial.

And if you are a TechNet or MSDN subscriber, the full (non-expiring) version is available for download as well.

Friday, October 30, 2009

Free Windows Server 2008 R2 eBook

Well if this isn't the week for free books... Now there is a free eBook download from Microsoft: Introducing Windows Server 2008 R2.

The "Introducing" series of MS Press books are hardly a technical treatise on whatever subject they happen to cover, but in my opinion, free information regarding their latest products is always a good thing.

And thanks again goes to Bink.nu for this post.

Monday, October 26, 2009

Free Exchange 2010 eBook

I nabbed this news item from Bink.nu, a very worthy site for the latest in Microsoft news.

You can head on over to Red Gate Software's site for a free eBook on Exchange 2010. I guess I should start reading, it'll be here sooner than later.

Not sure how long this will last, so get'em while they're hot.

Thursday, October 22, 2009

It's Windows 7! The savior of the computing world!!!

Okay not really, but everyone else is making claims and spreading exaggerated news. Why not a catchy headline for me too?

Windows 7 has been unleashed upon the world today; enjoy!

PS. For those of us who have TechNet or MSDN, we've had the official release version for many weeks. Next time be one of the first with Windows 8 128-bit ;^)

Saturday, October 17, 2009

Service 'MSExchangeTransport' failed

A few months ago I had an Exchange Server 2007 install stop cold, caughing up this error:

Error:
Service 'MSExchangeTransport' failed to reach  status 'Running' on this server.


Apparently if you disable IPv6 on a Windows Server 2008 the error will occur. Not to be picky, but how many networks are actually using IPv6 and why is it installed by default anyway?

So re-enable it, reboot and try the install again.

Monday, October 12, 2009

Command Switches for MSI Packages

Microsoft has been using the Windows Installer Tool for quite some time now to make installing, patching and repairing programs a snap (installers using this will typically have an MSI extension).

One of the many benefits of this tool is the ability to script a program or patch installation using the available command-line switches, e.g.: adobe_reader.msi /qn which will install the application quietly without a UI. This can be key when making a batch file to install numerous applications and patches on a new system.

For the many available switches to use check out the full list from Microsoft.

Sunday, October 11, 2009

Amusing Computer Quotes, Part II

Enjoy...

"The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents."
- Nathaniel Borenstein

"The great thing about a computer notebook is that no matter how much you stuff into it, it doesn't get bigger or heavier."
- Bill Gates

"In all large corporations, there is a pervasive fear that someone, somewhere is having fun with a computer on company time. Networks help alleviate that fear."
- John C. Dvorak

"After growing wildly for years, the field of computing appears to be reaching its infancy."
- John Pierce

"Programmer - an organism that turns coffee into software."
- Unknown

Wednesday, October 7, 2009

What kind of file is that?

Many of us have experienced the annoyance of receiving a file that we don't have the appropriate software to view or in a format we do not know or recognize, e.g., "What is a .xxe file and how do I open it?"

(Disclaimer: Make sure you have up to date virus scan and check with the sender when receiving an unknown file. You have been warned.)

Many sites offer a list of file extensions describing the file type, but the one I like to use is Openwith.org because it also provides a link to the appropriate application for viewing or editing the file.

And in case you are curious, an XXE file is a Compressed ASCII Archive and can be opened with WinRAR.

Sunday, October 4, 2009

Control Panel Applets from Command Line

One of my customers doesn't allow user accounts to be in the local Administrators group,  something I wish more companies would do. In fact over 90% of infections could be stopped by not logging in as an administrator; but I'll save that "soapbox" topic for another post.

Many times I need to change settings or install/remove software on someones PC without logging them out of the system, in which case I will go to %windir%\system32, shift+right-click CMD.exe and choose Run As...

Once I've opened a Command window with an account in the administrators group, I can start the Services MMC (services.msc), Device Manager (devmgmt.msc) or Computer Manager (compmgmt.msc), plus many more useful consoles from the command line. Often times I need to remove software or make a change to network settings which involves Control Panel Applets. These also can be run at the command-line (or Run... prompt if you're already logged in as an administrator), some of my favs are listed below.

Appwiz.cpl - Add/Remove Programs (or Programs and Features in Vista or Windows 7)
Ncpa.cpl - Network Connections (for changing IPs and DNS)
Powercfg.cpl - Power Options (perhaps for turning off Standby or enabling the Performance setting)
Sysdm.cpl - System Properties (lots to find here: Remote Desktop, Pagefile, System Restore settings, etc.)
Wscui.cpl - Security Center (change Automatic Updating, the Firewall and Malware monitoring)

Want more? Check out the Wiki page.

Monday, September 7, 2009

TechNet Subscription

Any Windows IT guy/gal worth their salt should have a TechNet subscription. The download-only version (the one to get) at $349 for the first year and $249 for annual renewal, is an incredible bargain.

As a subscriber you get a huge array of non-expiring Microsoft software covering all their operating systems (including DOS), applications, server software and early access to beta, release candidate and RTM software (I'm actually writing this on the full release version of Windows 7).

In addition there is access to free training, managed newsgroups and two FREE Support Incidents (this is worth the price of the subscription alone at $259 each).

I'm not trying to line the pockets of the Redmond empire, I just believe this is a great value for anyone working with/or training on Microsoft software; the benefits well outweigh the price.

Wednesday, August 26, 2009

Exchange 2007 SP2

Yes! Exchange 2007 SP2 is finally available. I can't wait to install it...a few weeks from now. Although I'm looking forward to some new features (Windows Backup plug-in), I will wait to see if there are any problems with the service pack first.

But for those of you who are adventurous or have test systems to try it on, get it here.

Wednesday, August 19, 2009

Free iPhone Apps (plus one paid)

I did an informal survey of friends and a couple of quick searches to see what free Apps might interest me. I amassed almost four screens worth of Apps; I've listed those that are work related below...

AroundMe - For lunch near a client site
Citibank - Business finance
Coffee Finder - For Starbucks near a client site
Free RSS - To stay on top of my favorite blogs
Free Wi-Fi - Who doesn't need free WiFi?
LinkedIn - To stay connected with business associates
MileBug -  To track my mileage (the only App I've purchased, $1.99)
RDP Lite - Remote Desktop client
Restaurants - Shows calories at chain restaurants (a.k.a. what not to eat)
Skype - Communicating with customers
SubnetIT - Subnet calculator
Units - Conversion of Power, Data Storage, etc., from one metric to another
Urbanspoon - For lunch near a client site
WordPress - Keep an eye on this blog

Friday, August 14, 2009

Right-Click, Registry Access Denied

Yesterday I had an odd issue with a Windows laptop. Every time the user would right-click on a file or folder, an error message would pop-up saying "Registry Access Denied", after acknowledging the message, the context menu would appear and function normally.

I did numerous searches, examined permissions, removed/added the user from groups, nothing worked. Then it hit me, it was the context menu that was having an issue, perhaps I should take a look at all the items that are listed in the registry to see how they matched the right-click menu after it appeared.

Doing yet another search, Online Tech Tips had info on editing the right-click menu. Following the registry path mentioned: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ I was able to see that there was an entry for a zip program that wasn't appearing on the context menu. After backing up the registry, I removed that entry and viola, no more error. Simpler than I thought...

Friday, August 7, 2009

Windows 7 RTM Released to TechNet and MSDN

I've been watching everyday and was pleasantly surprised to see Windows 7 in all its many versions released to TechNet and MSDN.

Get it while it's hot!

Friday, July 31, 2009

Recovering Deleted Mail in Outlook

Disclaimer: This is only for those using Exchange (and always backup your registry before editing).

So you've hit Shift-Delete on a mail item or perhaps even setup a POP account on a system that totally drains all of your messages from your Inbox. Don't fret, highlight the folder in question, go to Tools > Recover Deleted Items... and bring your messages back from the brink of death.

What's that you say? You don't have Outlook 2007 with item recovery enabled on every folder. Well here's the fix for those with older versions of Outlook:

1. Fire up Regedit (Start > Run... Regedit, OK)
2. Locate and then click the following key in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Options
3. On the Edit menu, click New > DWORD Value, and then add the following registry value:
         Value name: DumpsterAlwaysOn
         Value: 1
4. Close Regedit

You're done. Now you can retrieve items at will.

Thursday, July 30, 2009

Verizon Survey - Not!

Five days after I switched to AT&T, I received an e-mail from Verizon with the request: "Please tell us how we can improve".

I thought I would let them know they might try having a better selection of smart phones (sorry, 19 different flavors of Blackberry only count as one), letting customers know when more suitable plans/pricing is available and how about the ability to use unlocked, non-Verizon approved, phones.

But when I clicked on the survey link in the e-mail I got this:


[caption id="attachment_357" align="alignnone" width="150" caption="No Survey for You!"]No Survey for You![/caption]


I guess they really don't want to know what I think they can do to improve...

Wednesday, July 29, 2009

Out of Band Windows Update

As you may or may not know, Microsoft releases patches every second Tuesday of the month so that businesses can plan on having a regular update schedule.

This week Microsoft released two critical patches one for Internet Explorer and the other to fix code generated by Visual Studio. Since this is outside of their normal release cycle, it's definitely time to patch your PC.

And while you are at it, surf on over to see if you're running the latest Java and Adobe software. As Windows continues to make progress on the security front, hackers have been adapting by using vulnerabilities in Java, Acrobat and Flash; and they also use many others, like QuickTime, so it goes a long way to check that software you use is the latest release.

Tuesday, July 28, 2009

Now I'm part of the iCrowd

I finally caved and bought an iPhone. The tipping point was that my Verizon contract was up and I could save about $25/month by going to AT&T. (A friend of a friend is the store manager.)

It also helped that the iPhone 3Gs came out, offered a mature OS with a landscape keyboard and the big surprise, cut and paste.

I must say I'm rather enjoying the new phone; finding new Apps is rather addictive. The interface is pleasing and mostly intuitive, iPod functions are nicely done and most importantly, ActiveSync with Exchange works quite well.

I was rather dubious of the AT&T network, but so far so good.

More on being in the "iCrowd" later...

Friday, July 10, 2009

Upgrading the Default Email Address Policy

One of the tasks to perform before removing the last Exchange 2003 server in a 2007 migration is upgrading the Default e-mail address Policy.

The method for upgrading the policy is to fire up the Exchange Command Shell and run the following command:
Set-EmailAddressPolicy "Default Policy" -IncludedRecipients AllRecipients

You may recieve the following error: Set-EmailAddressPolicy:The recipient policy "Default Policy" with mailbox manager settings cannot be managed by the current version of Exchange Management Console. Please use a management console with the same version as the object.

This is typically caused by a Mailbox Management Policy being applied to the Default Policy.

To address this: Open Exchange 2003 System Manager, go to Recipients, Recipient Policies and right-click the Default Policy, select Change property pages..., and uncheck Mailbox Manager Settings.

Now run the upgrade script above and get on with removing that last legacy server.

Wednesday, July 8, 2009

Gmail Unleashed

Great googly moogly! After five years Gmail (and Apps) is no longer in beta. And instead of yelling it from the rooftops (since many businesses won't rely on beta products) they are just mumbling it quietly.

I guess Google doesn't need the business since they are pretty much just printing money at this point.

Monday, July 6, 2009

Windows 7 Beta to RC Upgrade

Thanks to the MakeTechEasier blog for this tip which saves a full reinstall when upgrading from Windows 7 Beta to the latest RC. This is unsupported by Microsoft, but since it is a release candidate I think you can fudge on the need fom a fresh install. I've already installed quite a bit of software on the beta version and don't intend to relive that experience until Windows 7 is officially released.

In a nutshell the process to follow is to copy the full Windows 7 RC disk to the local system disk, edit the cversion.ini file in the Sources folder: the second line for the minimum client build number needs to be changed to the beta currently installed, in my case it was 7068. Go back to the disk's root directory and launch Setup and follow the usual prompts to upgrade.

Now back to testing and exploring Windows 7; there's a lot of good stuff so far...

Friday, July 3, 2009

Your Own Blog as a Resource

I thought I'd share the irony: for the second time this week I've used my own blog as a resource. Once for Exchange 2007 logging and then today to find the wireless key viewer link.

At least someone finds it useful ;-)

Thursday, July 2, 2009

Xmarks the spot (for bookmarks)

Formerly known as Foxmarks, Xmarks is a great tool that synchronizes your Favorites/Bookmarks (depending on the browser you use).

Just install the small app on each of the computers you wish to keep synchronized and it does the rest. I really wish I would've found this earlier; years of copying and sorting on numerous computers left my bookmarks a mess.

After one long flight to Chicago I cleaned up most of the redundant and disorganised mess. Once I got back online, Xmarks replicated the changes to its online database and updated my two other computers within minutes of bringing them online.

And did I mention it's free for Windows, Mac and Linux?

Sunday, June 21, 2009

ActiveSync, Now Without Attachments

After migrating users from Exchange 2003 onto our 2007 cluster, we found that attachment viewing stopped working in ActiveSync.

The fix is to delete the ActiveSync profile on the phone (and maybe on the server, I did this via Outlook Web Access just to be sure) and then create a new one. There is a security policy on the CAS server end which gets set up when a new device connects, our theory is that if the phone doesn't make a new connection to the Exchange 2007 server, that security policy never gets pushed to the client and the server will refuse to download attachments to the phone.

You also have to allow attachments in the Default ActiveSync Client-access profile on the server (but this is enabled by default).

So, if you have users who say they get errors when downloading attachments to an ActiveSync phone, nuke the profile on the phone and recreate the association, it should then start working once again.

Thursday, June 4, 2009

SaaS and Cloud Computing

I happened upon an interesting article by my favorite tech curmudgeon, John C. Dvorak, in PC Magazine. In the July 2008 issue (yes, I'm still way behind on my magazines), he puts together a list of good reasons why "the future" of computing, namely SaaS and Cloud Computing is just another way to make even more money and can actually be problematic for companies. I've always felt that small companies can benefit greatly from hosted services and cloud applications, but larger companies need to tread lightly when making the ROI comparisons and need to understand the inherent issues having data and servers off-site, managed entirely by a 3rd party. Previously I couldn't fully articulate all of my concerns, but Dvorak does a brilliant job of bringing them to light. Below is his list, from Ode to Shrink Wrap, with some of my own comments.

1. The Network Sucks - Unless bandwidth is good and no one is running BitTorrent or the like problems will ensure. (VoIP anyone?)

2. There's No Protection from Government Spooks - The government can get access to all of your data anytime. Do they even need a search warrant anymore?

3. Industrial Espionage is Easy - Depending on the vendor it may or may not be "easy", but how many public companies and public institutions have been hacked in the last few years?

4. It's Too Expensive - It'll start cheap or free, but goes up from there. Anyone that has witnessed an SAP implementation knows this well.

5. It's Not Mechanisable - People like shrink-wrap, cool graphics and shiny boxes. I suppose the electronics store could have a card to take to the register similar to buying Sudafed.

6. Users Have No Sense of Ownership - People like having things, like books, boxes, disks, etc. It's just not the same printing a receipt from a website.

7. When Online Software Companies Go Under, So Does Your Software - And you are left with a unusable backup of your data; maybe thousands can be spent getting it converted. Where did the data go the XDrive.com was storing. I had data there, albeit just to test the service, and received no notice when they closed down.

8. Users Are Subservient to Terms-of-Service Agreements - Imagine getting shutout because you violated line 2419 of the service agreement, will you still be in business by the time it gets sorted out. What if a new uglier agreement comes along?

9. Users Have No Control Over Versioning - You get upgrades whether you like them or not. If they break your application or the way you use it, where are you in the support queue? I'm sure they'll treat a small company the same as a multi-million dollar customer...

10. Potential for Gouging - Sort along the lines of number 4, but if they have you over a barrel and you don't have the resources to switch to a new provider (or worse they are the only one who offers the service) then start coughing up more money.

Again, I don't think SaaS and Cloud Computing is inherently bad, but it is something that needs strong consideration before putting all the company eggs in someone elses basket.

Friday, May 29, 2009

Mobile Tweeting with Pocketwit

Many months ago I joined the Twitter nation (tthrush, but don't expect much, I mostly lurk) and eventually added a Twitter app to my cell.

At first I tried Twobile, but the interface was a bit lacking and the it could've been little quicker.

I've since settled on Pocketwit, another free client, this time from Google. The interface is elegant and the usability is top notch. If you're using a Windows Mobile phone, I highly recommend trying this out.

Tuesday, May 26, 2009

Vista and Windows 2008 SP2 Now Available!

The latest service pack for the unified kernel was released yesterday. For the early adopters, get it here!

I'm installing it on my test system, but will be waiting a few weeks to deploy this on my work and home systems. I'd prefer to see what the tech sites and blogosphere have to say about possible issues before subjecting myself to any possible pain.

Assigning Certificates in Exchange 2007

I've wasted too much time in the past looking this information up and still have to dig around for the right command. I don't imagine I'm the only one, so here's what I've gathered together...

When manipulating the certificates at the command line (this article assumes you're running all your commands within an Exchange Management Shell), it's helpful to look up the Thumbprints for the available certificates.

Get-ExchangeCertificate will display those certificates available for use in the local certificate store and to what services they are currently assigned.

Copy the thumbprint string of the certificate you wish to use and paste it into the following command...

Enable-ExchangeCertificate -Thumbprint 9E101F27C9B07BEE021ECB88ED6B78DD17F6E702-Services IIS, Pop, Imap, Smtp assigns the certificate to all the available services. Mix and match as you need.

Tuesday, May 19, 2009

Three Free Utilities

Everyone carries around a USB drive these days with a variety of utilities, these three have been very useful in the recent past.

CPU-Z - A great utility to find out what kind of memory is installed in a system. This is especially useful when a system is a plain box with out a service tag or serial number.  And it's really annoying to open a box only to find the memory is without a label.

Magic Jelly Bean - This little gem has been in my toolbox for a long time. It grabs the key codes for popular software installed on a system (Adobe, VMWare, Office) including the OS. This is very useful if you have a disk, but lost your installation key or have lots of keys and don't know which ones were used on a particular system.

Wireless Key View - And finally, this tool grabs the WPA/WEP wireless key(s) from a Windows system (must be using the built-in Windows wireless utility) when you can't see the actual text or log into your wireless router.

And while you're visiting these sites, check out the other free software they have. You'll have your 32GB thumb drive filled up in no time ;)

Tuesday, May 12, 2009

It's Linux too

Just back from a long a trip to Panama which was eventful yet fun.

On the first airplane leaving SFO I was watching the spinning hourglass on the entertainment screen in the seat in front of me. The captain then told us the system was experiencing some issues and they would be rebooting it.

So they did, three times. I snapped a pic on the second reboot. It finally started working, but a number of the games were broken and unplayable, plus the media (read mp3 player) was all but useless, since I had to manually advance the playlist after each song finished. By the end of the flight, the music stopped playing altogether.

I only bring this up because everyone seems to gloat and post pictures when a Windows system has to reboot in public. My point being, there isn't a perfect OS and there never will be as long as we humans do the programming. As soon as Skynet is active and creating the programs, it'll be better for all of us ;-)

Wednesday, April 22, 2009

Samsung Locked!

I haven't seen this before, but it was an easy fix.

My customer's Samsung LCD monitor was off center, but when he tried to use the Auto adjust feature or manually change the screen position, the menu always showed "Locked!"

A quick search showed that all that needed to be done was to hold the Menu button down for five seconds to unlock it. Adjustments were then made and all was right again in the world (at least in a world that only contains one Samsung LCD monitor and nothing else).

Wednesday, April 15, 2009

Two More Free MS Press eBooks

MS Press is celebrating it's 25th anniversary by giving away free stuff.

The books are Windows SBS 2008 Admin's Companion and Visual Basic 2008 Express.

Follow the links at the MS Press blog site. (You have until April 22nd.)

As noted on the blog... the first MS Press book was in 1984, for Mac :)

Tuesday, April 14, 2009

Availability Error

This error kept creeping up on our front-end Exchange 2007 server:
Event ID: 4011
Process 6168[w3wp.exe:/LM/W3SVC/1/ROOT/EWS-1-128806932311406509]: Configuration for forest corp1.contoso.com was not found in Active Directory. Run the Add-AvailabilityAddressSpace command in the Exchange Management Shell for an Exchange Server 2003 Active Directory forest.
Luckily the answer was on theTechNet site, I just ran this using the EMS...

Add-AvailabilityAddressSpace -ForestName Contoso.com -AccessMethod PublicFolder

Soon we'll be without a mixed 2003/2007 environment, I look forward to that day.

Monday, April 6, 2009

Laptop Power

This is an interesting breakdown on laptop power consumption from the Windows Tips and Tricks UPDATE newsletter:

Q. What uses the most battery power on my laptop?
John Savill

A. The LCD display. In fact, almost half the power in most laptops is used by the screen, which is why dimming your screen can save you a lot of battery life. Below is a list of the major power consumers on your laptop. This list also applies to desktop computers, other than the screen figure.

LCD: 43%
Chipset: 21%
Processor: 9%
Graphics: 8%
Hard Drive: 5%
Network: 4%
Other bits: 10%

Obviously different systems will vary based on their components, but this gives a rough idea of where that battery power goes.

Monday, March 30, 2009

Amusing Computer Quotes

Enjoy...

"Those parts of the system that you can hit with a hammer are called hardware; those program instructions that you can only curse at are called software."
-- Anonymous

Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.
-- Isaac Asimov

 "Science is supposedly the method by which we stand on the shoulders of those who came before us. In computer science, we all are standing on each others' feet."
-- G. Popek

"I sit looking at this damn computer screen all day long, day in and day out, week after week, and think: Man, if I could just find the 'on' switch..."  
-- Zachary Good

Thanks to Guillaume for some of them.

Monday, March 23, 2009

Free PowerShell eBook

Thanks to the Canadian IT Pro blog for this one.

Keith Hill is giving away a free eBook for PowerShell in PDF format. I've only begun to read it and I like what I see. Get it now at the best price around.

As an added bonus, check out Keith's Blog, it has a lot of scripting tidbits as well.

Thursday, March 19, 2009

Internet Explorer 8 Released

Internet Explorer 8 was released today. I'm sure it's already been downloaded a billion times already, but you can get it here.

My first impressions have been favorable. I've been using Slim Browser for quite some time, but it still uses the IE7 engine and the performance has been lackluster as of late. I've stuck with Slim Browser over the last couple of years due to features like double-clicking tabs to close sites and not having multiple browser windows open when going from an internal to external site. These items seem to have been addressed in IE8 and so far I'm impressed with speed and functionality. Try it out (Windows users) it's free.

Tuesday, March 17, 2009

Only one DC?

Okay, maybe this is a soapbox item, but I've been to too many companies with only one domain controller.

Most of these companies have a full system backup running, but upon complete failure a restore will take a few hours minimum. One such outage and the cost of labor to pay an IT professional to restore a domain controller is about break-even, with an example price of $700+  for a Windows Server license and the cost of a cheap server or desktop. That of course doesn't really cover the true cost; if you have a company of twenty-five employees sitting around waiting for the server to come back online, now you're really talking money. With another domain controller present (with sufficient resources), the clients may never even notice the difference should a primary system fail.

Unfortunately, many small companies look at the short term cost of items rather than focusing on the immense cost of a prolonged outage or lost productivity with subpar equipment or dated technology. But in tough economic times many of these choices are made for them.

Tuesday, February 24, 2009

Password Expiration Notifier

This is some really cool freeware (well, cool if you're some kind of IT geek). Anyway, Redmond Magazine recently had a review of NetWrix Password Expiration Notifier. In a nutshell, it e-mails users when their Active Directory password is about to expire. This is huge for companies with remote users who only use webmail, local users that don't logout for weeks at a time or Mac and Linux users that need Windows resources. The price is perfect for the base model and for more bells and whistles, prices start at $350 and climb upwards with the number of users.

Ps. Check out NetWrix's array of Freeware.

Sunday, February 22, 2009

Tuesday, February 17, 2009

Lose the Shutdown Event Tracker

This tip has been around for a while, but I think it's still worth sharing due to its possibly high annoyance factor.

On a production machine, I consider the Shutdown Event Tracker worthwhile, especially in environments with multiple administrators. When in a lab situation or testing environment, this prompt before shutdown gets old quickly. 

To change the setting go to Start > Run…, type gpedit.msc and press OK.

Drill down: Computer Configuration > Administrative Templates and highlight System. In the right pane, double-click the “Display Shutdown Event Tracker” and choose Disabled.

You're done, no more need for a reason to shutdown the system. (BTW, this tip works with Windows Server 2003 and you can even enable the Shutdown Event Tracker for Windows 7, Vista and XP.)

Hub Transport Warning during Exchange 2007 Install

This is sort of a bogus warning, but it comes up when installing Exchange 2007 integrated with Service Pack 1.

"Setup cannot detect an SMTP or Send connector with an address space of '*'."

A quick search came up with a Microsoft KB article stating you need to add an SMTP Send Connector after setup. This task always needs to be done if you won't be using an Edge Transport role. I imagine when the Exchange installer comes integrated with Service Pack 2 this message will either be gone or at least more explanatory.

Thursday, February 5, 2009

Enabling the Administrator account in Vista Home

I just received a batch of five Dell laptops with Vista Home for a lab. One of the requirements was to have low privilege "Student" logins and the usual Administrator account for the instructors.

If you've dug around in Vista for any amount of time, you probably know by now the Administrator account is disabled by default to aid with keeping the system secure. Far too many Windows 2000/XP systems were left with blank administrator passwords and this is Microsoft's answer to that typical security hole.

Enabling the account readily accomplished in Vista Business, Enterprise or Ultimate. Go to Run... type lusrmgr.msc, click OK, highlight the Users folder, right-click Administrator in the right-hand pane, choose Propertiesand uncheck Account is disabled.

For the Vista Home Editions you have to do this via the command line (there is no Users Manager). Go to Start > Accessories and right-click Command Prompt and choose Run as administrator (this will prompt a UAC box, click Continue).
At the command prompt type: net user administrator /active:yes then hit enter.

Now the Administrator account will be available in the Control Panel > User Accounts applet. Lastly, but far from least: give this account a good password!

Tuesday, February 3, 2009

Exchange 2007 PurportedSearch Error

This "PurportedSearch" error was a hard one to track down. I was installing the Mailbox role, for the Exchange 2003 to Exchange 2007 migration, and during the perquisites stage it would error out because there was an invalid character present in a custom Recipient Policy, as listed below:

Mailbox Role Prerequisites
Failed


Error:
An unexpected '(' character is found in the 'purportedSearch' attribute of the Recipient Policy 'firstdotlast', it will cause setup to fail. Please remove it and rerun setup. Current value: (&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList) )))).


I did numerous searches on the web and I found nothing conclusive; that's when I decided to burn one of the two Support Incidents I get with my TechNet subscription. The Microsoft tech knew right away what the issue was and how to get around it. It seems the old recipient policy in LDAP form needs to be converted to OPATH during an Exchange 2003 to 2007 migration and I hadn't done that...really, who knew? I hadn't read this in any of my numerous Exchange 2007 books or saw it on any website, but maybe I missed it.

The workaround was to open the ADSI editor(adsiedit.msc) and browse over to the recipient policy in question, copy and save the contents to a text file, then clear the value.
Here's the path for the ADSI editor: Configuration -> CN=Configuration,DC=company,DC=com -> CN=Services -> CN=Microsoft Exchange -> CN=Company -> CN=Recipient Policies -> CN=custom policy

Once that was done, I re-ran the Exchange 2007 Mailbox role installation and it went perfectly. Next was to reopen the ADSI editor and take the data from the text file and repopulate the purportedSearch value.

The Microsoft tech was very helpful and pointed me to a TechNet article regarding the conversion from LDAP to OPATH Recipient Policies. Now why wasn't this addressed in the Exchange 2007 installer? It would have been a simple script to do this in the background, or at the very least how about a real clue from the installer stating the actual problem. In any case, it is all working now.

Dell now posting Outlet deals on Twitter

Thanks to G4TV for this nugget:

Dell is now offering Outlet deals via Twitter. You can follow here: http://twitter.com/DellOutlet

Update: Check out who the Dell Outlet is following, there are more deals to be tweeted.

Thursday, January 29, 2009

OWA 2007 E-mail Display Issue when a Plus Sign is in the Subject

This was a particularly odd issue, e-mails wouldn't display in the web browser when a plus sign was present in the subject line. This manifested on a Windows Server 2008 system with Exchange 2007.

The answer was actually on a TechNet blog dedicated to Entourage, thanks to Amir for the answer. It makes sense that it would affect Entourage and most likely Evolution as well, because both use OWA to manage data, rather than RPC.

Here's the fix...

1. Open Notepad

2. Go to File > Open, then type (or copy and paste) %windir%\System32\inetsrv\config\applicationHost.config in the File name: field and click Open

3. Locate the section titled (use Ctrl-F): <location path="Default Web Site/Exchange">

4. Under that section locate the </authentication> tag

5. Create a new line, indented the same, and add: <requestFiltering allowDoubleEscaping="true" />

6. Save and Exit Notepad

You don't have to restart the server or any services, it'll just work.

Saturday, January 24, 2009

Lockdown in Sector 4

One of my customers yesterday contacted me because they were getting an error when connecting to GMail using Outlook. It was the dreaded 'Lockdown in Sector 4" notice, which apparently happens when the Google bots come to the conclusion that there is some kind of unusual account activity.

Mail account access through IMAP or POP is locked for a period of up to 24 hours and then you're free to use it until the bots decide you're abusing it. Actually, it's something that more e-mail providers should be doing to reduce spam and account security.

Thursday, January 15, 2009

Exchange 2007 Logging, Part Deux

I covered setting the logging level for IMAP with the Exchange Management Shell a few weeks ago, but I keep coming up with more items to track. The expected syntax is below.

Set-EventLogLevel “MSExchange ActiveSync\Requests” -Level High

To find the available processes for logging (you put them between the quotes if spaces are present) enter Get-EventLogLevel in the Exchange Shell and you will be presented with an impressive list.

And again, the available levels are Lowest, Low, Medium, High and Expert.

Monday, January 12, 2009

Windows Server 2008 and UAC

I know a lot of people are really annoyed by UAC or User Access Control in Windows Vista. You know, it's the the flash of the screen and a prompt for you to say it's okay to install a program or modify your system.

I actually don't mind it on my Vista system, since I only get prompted once in a while now that my system is fully configured. (I installed about twenty five programs and changed numerous settings on my last system build.) And anyone whose used MacOS or various flavors of Linux are familiar with using "elevated priviledges" to install software or make a system altering change. This usually takes place by using sudo or giving the root password. It helps protect the system from unwanted changes or inadvertent malware installs.

What I do mind is having UAC enabled on a Windows Server. It is rare indeed that I actually log onto a server unless I'm actually going to be installing software or making a configuration change that doesn't evoke the UAC. I read log files, add users and dns entries, plus much more, remotely from my client. Having to acknowledge an endless stream of prompts is ineffiecent to say the least. I know I could log onto the server as Administrator, but that's hardly best practice.

To disable UAC on Windows Server 2008 (and Vista as well), go to the Control Panel > User Accounts and click the link for Turn User Account Control on or off (and yes, if you're not logged in as Administrator a UAC prompt will appear). Uncheck the box and choose OK. A reboot is required for it to take affect.

Friday, January 9, 2009

Exchange Remote Connectivity Analyzer

This has been covered a number of places before, but this is really cool and bares repeating. This free testing site, with it's amble result data, can be invaluable when rolling out Exchange services. Whether it's ActiveSync, Inbound SMTP, RPC/HTTPS, plus more, this Microsoft troubleshooting website is great. (And the SMTP test works with more than just Microsoft mail servers.)

Try it out here: Exchange Remote Connectivity Analyzer

Thursday, January 1, 2009

SQL Server 2008 Express Prerequisites

Last week I installed SQL Server 2008 Express on Windows Server 2008 and there's a short list of prerequisites I had to download over a slooooow link.

Hopefully this list will save someone the same pain I endured.

Microsoft .NET Framework 3.5

Windows PowerShell 1.0

Windows Installer 4.5

It was smooth sailing after the prereqs were installed. I have to say Microsoft has done a great job as of late with their installers, they're informative and usually include links for missing components or wizards to install features or roles. What took them so long to reach this point? It's not like this is rocket science...or is it?