Sys Admin Tales » Windows

Adding Windows XP Media Center to a Domain

Tom Thrush — Tue, 31 Jan 2012 19:53:26 +0000

During another domain migration yesterday, I came across a Windows XP Media Center PC in the workplace. This is certainly common with small companies, especially when they’re bootstrapping. You buy what you can afford and that usually means Home and Media editions of Windows. Those work great for a small network, but of course can’t be added to a domain, at least Home can’t. Luckily Windows XP Media Center can be hacked into joining a domain, because unlike XP Home Edition, it won’t upgrade to XP Professional.

So here’s the hack:

If you haven’t already, install the Windows Recovery Console (you’ll need your Windows XP disk for this)
Boot into the Microsoft Windows Recovery Console when prompted
1. Select the proper OS (usually 1) and enter the Administrator password (if prompted)
Copy the SYSTEM registry hive to C:\ copy c:\windows\system32\config\SYSTEM c:\
Type exit and boot into your Windows XP Media Center system as an administrator
Open Registry Editor (Start > Run… type regedit, click OK
1. Highlight HKEY_LOCAL_MACHINE
2. Click File > Load Hive…
3. Browse and select C:\SYSTEM
4. Enter your PC-name or anything really
5. Drill down to HKEY_LOCAL_MACHINE\PC-name\WPA\MedCtrUpg
6. Change the IsLegacyMCE key in the right pane to the number 1 (default is 0)
7. Highlight the PC-name under HKEY_LOCAL_MACHINE and click File > Unload Hive…, click Yes
Reboot into the Microsoft Windows Recovery Console as in step 2
1. Copy the SYSTEM registry hive back copy c:\SYSTEM c:\winsows\system32\config\system enter Y to overwrite
2. Rename the old SYSTEM hive on C:\ ren c:\SYSTEM SYSTEM_old
3. Type exit and reboot back into your Windows XP Media Center system as an administrator
Now you should be able to add the system to the domain
Optional: delete c:\SYSTEM_old and change the boot selection time from 30 seconds to 2 or 3 (now that the Recovery Console has been added)

Thanks to Aaron Tiensivu, who’s article helped me yesterday. I decided to make an abridged post here since I’m getting annoyed at having to find this hack every time.

Optimize Windows Settings for SSD

Tom Thrush — Sun, 29 Jan 2012 21:03:26 +0000

So you got a shiny new SSD for your Windows system. As you may or may not know, there is only a finite number of writes to each sector before it becomes unusable, eventually causing the disk to be unusable.

So what can you go to make sure it lasts as long as it can? I’ve gathered a few tips from around the web to help.

Go without a pagefile (if you have at least 2GB of RAM)
Disable automatic disk defragmentation (only Vista and Win 7)
Turn off hibernation
Put a halt to prefetching
If this is a system with two drives move the location of your Temp directory path (and move the pagefile rather than disabling it as above).

Versions after Windows XP actually do make some changes to optimize, but it doesn’t hurt to check. And have fun with your new found (or bought) speed!

Activate Windows and Office at the Command Line

Tom Thrush — Sun, 22 Jan 2012 01:31:15 +0000

I was recently looking for a way to activate Windows 7 and Office 2010 at a command prompt; this is what I found…

Since the release of Vista, you can use the command line utility slmgr for Windows activation when using a MAK (or Multiple Activation Key).

Windows Activation

Open a command window (as administrator)
And run…

slmgr -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
slmgr -ato

Office Activation

Open a command window (as administrator)
From C:\Program Files\Microsoft Office\Office14 run…

cscript ospp.vbs /inpkey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
cscript ospp.vbs /act

Who needs all that pointing and clicking anyway?

(Not so) New Folder Locations

Tom Thrush — Wed, 04 Jan 2012 22:01:31 +0000

Since the advent of Windows Vista, the usual folder locations don’t always apply. Take the Quick Launch or All Users Desktop, where did they go?

Here’s a short list of what’s been moved around (and yes, I’m writing this as much for me as anyone else)…

All Users:

All Users Desktop, Favorites, Documents, Downloads, Music, Pictures & Videos – C:\Users\Public
All Users Start Menu – C:\ProgramData\Microsoft\Windows\Start Menu
Documents and Settings (just for completeness sake): C:\Users
Templates – C:\ProgramData\Microsoft\Windows\Templates

User Specific:

Cookies – C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Cookies
Default Outlook OST/PST folder – C:\Users\%username%\AppData\Local\Microsoft\Outlook
Quick Launch – C:\Users\%username%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
Send To – C:\Users\%username%\AppData\Roaming\Microsoft\Windows\SendTo
Start Menu - C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu
Temp – C:\Users\%username%\AppData\Local\Temp
Temporary Internet Files – C:\Users\%username%\AppData\Local\Microsoft\Windows\Temporary Internet Files

Symantec AntiVirus Runtime Error!

Tom Thrush — Wed, 30 Nov 2011 06:34:16 +0000

Earlier this year, a customer kept getting this error when rebooting:

Microsoft Visual C++ Runtime Library Runtime Error!

Program: C\Program Files\Symantec AntiVirus\Rtvscan.exe

This application has requested the Runtime to terminate it in an unusual way.

Please contact the application’s support team for more information.

Luckily the fix isn’t too painful…

Go to a command prompt and run wbemtest
• Click Connect (upper-right)
• Replace root\default (or root\cimv2) with root\securitycenter and click Connect.
• You will be returned to the original screen, now click the Enum Classes… button, leave the Superclass Info box empty and click OK.
• In the Query Results screen, click AntivirusProduct and select Delete.
• Close the Query windows and Exit wbemtest.
• Now either repair or re-install Symantec Antivirus Corporate Edition.

Time Skew and Exchange Services

Tom Thrush — Sun, 20 Nov 2011 22:51:04 +0000

On a recent Sunday night, I was home watching The Walking Dead, a colleague called to say that our core switch was down in our colo. As he was on vacation, I raced over there, preformed some troubleshooting, finally rebooting our huge Cisco 4510 to bring everything back online, that is except Exchange.

The Exchange cluster was using iSCSI, thus was offline during the outage and now would not mount the databases; both the System Attendant and Information Store services would not start. After trying a reboot and examining the Failover Clustering, these error messages were found in the Event Log:

System attendant – EventID: 1005 Unexpected error The clocks on the client and server machines are skewed. ID no: 80090324 Microsoft Exchange System Attendant occurred.

MSExchangeIS – EventID: 5003 Unable to initialize the Microsoft Exchange Information Store service because the clocks on the client and on the server machine are skewed. This may be caused by a time change either in the client or the server machine, and may require a reboot of that machine. Other than that, verify that your domain is properly configured and is currently online.

I didn’t even consider the fact that the Exchange server’s system time didn’t match the domain controllers’. Both nodes were a full six minutes behind! Once the clocks were synced with the DCs, both services started, databases mounted and we were back in business.

Due to the fact we’re running a hybrid UNIX/Windows DNS network, oddities like this seem to creep up. Once I have this sorted, there will likely be a blog post about that as well.

Windows 3-Tier Certificate Authority

Tom Thrush — Wed, 16 Nov 2011 22:35:59 +0000

Many months ago I was tasked with implementing a 3-tier Certificate Authority for a large Windows domain environment. Unfortunately there is surprisingly little information for the nitty-gritty questions one may have. The Microsoft Press book Windows Server® 2008 PKI and Certificate Security (this book seems to have been discontinued, thus outrageous pricing) proved quite useful, but at times lacking. The Corelan Team site added more insight and was quite useful as well.

Here is the document I created detailing our setup and configuration process (using generic server names and Contoso as the company). Please review the entire document first, should use it for reference. Please note: this document is unsupported and is meant only as a guide.

Should you post questions here, I will do my best to answer them or help point you in the correct direction. This project took place almost a year ago and I’m no longer on site to examine the configuration, so please understand if I may not be able to shed light into the darkest corners of CA voodoo.

Ps. Thanks to SL @ TM for his time and trust with this project.

PowerShell: Execution of scripts is disabled

Tom Thrush — Sat, 12 Nov 2011 22:53:20 +0000

This information is available on many sites, but I’m tired of searching for it every few months when I switch laptops/tablets.

Whenever you try to run an unsigned PowerShell script, you get the following message: “File C:\Custom\Test.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see “get-help about_signing” for more details.”

I certainly believe Microsoft is doing the right thing with keeping PowerShell script execution secure with the proliferation of malware and 99%+ of Windows users don’t even know about PowerShell.

Changing the PowerShell security setting is a simple affair. Open PowerShell as an Administrator and run the following: Set-ExecutionPolicy

Your choices are:
Restricted (default) – Which stops all unsigned scripts from running.
AllSigned – This allows only signed scripts to run.
RemoteSigned (my recommendation) – Allows local scripts to run, but all downloaded or remotely executed must be signed.
Unrestricted (not recommended) – This allows all scripts to execute, whether from an e-mail, website or instant message.

Syntax: Set-ExecutionPolicy RemoteSigned

AD Recycle Bin Tool

Tom Thrush — Sun, 30 Oct 2011 22:53:20 +0000

Last year Windows IT Pro magazine highlighted ADRecycleBin from Overall Solutions. It’s an excellent free utility to bring back deleted items (or reanimate for earlier Active Directory installations than 2008 R2).

It’s a very nice alternative to the built-in feature in Windows Server 2008 R2 and is a drastic improvement over item recovery in earlier versions of Active Directory with a great GUI interface.

They have a couple of other interesting products in Maven, ResetPass and Action Engine, not everything is free, but it’s close.

Sysinternals

Tom Thrush — Thu, 27 Oct 2011 23:24:42 +0000

If you’re in IT working with Windows and haven’t heard of Sysinternals, you may want to check to see if you’ve been living under a rock.

Sysinternals started as the community or free arm of Winternals, the money making portion of the company. Microsoft purchased Winternals back in 2006 for its IP and brain-trust. Mark Russinovich has been the most active of the original staff, appearing at numerous conferences, blogging and evangelising the Microsoft operating systems.

The Sysinternals site has numerous, extremely useful troubleshooting and informational utilities; so much so I could devote this blog to their tools for the next year or three. Since access to the site is free, as are the downloads, help files and instructions, I’ll just highlight a few things here…

Utilities:
Autoruns – Displays list of applications, drivers loaded and much more, that start at boot time. Includes locations of registry and file locations. Great for hunting malware.
Process Explorer – Displays all running processes and subprocesses, plus open handles, threads, paths, a veritable cornucopia of information. Task manager wishes it was this great.
Process Monitor – Allows you to monitor file system, registry, process, thread and DLL activity in real-time.
TCPView – Get detailed listings of all TCP and UDP endpoints on your system, including source and destination.

The Learning Resources are also impressive, with great videos and articles .

And as I mentioned, this is all free.