Tuesday, January 31, 2012

Adding Windows XP Media Center to a Domain

During another domain migration yesterday, I came across a Windows XP Media Center PC in the workplace. This is certainly common with small companies, especially when they're bootstrapping. You buy what you can afford and that usually means Home and Media editions of Windows. Those work great for a small network, but of course can't be added to a domain, at least Home can't. Luckily Windows XP Media Center can be hacked into joining a domain, because unlike XP Home Edition, it won't upgrade to XP Professional.

So here's the hack:

  1. If you haven't already, install the Windows Recovery Console (you'll need your Windows XP disk for this)

  2. Boot into the Microsoft Windows Recovery Console when prompted

    1. Select the proper OS (usually 1) and enter the Administrator password (if prompted)

  3. Copy the SYSTEM registry hive to C:\ copy c:\windows\system32\config\SYSTEM c:\

  4. Type exit and boot into your Windows XP Media Center system as an administrator

  5. Open Registry Editor (Start > Run... type regedit, click OK

    1. Highlight HKEY_LOCAL_MACHINE

    2. Click File > Load Hive...

    3. Browse and select C:\SYSTEM

    4. Enter your PC-name or anything really

    5. Drill down to HKEY_LOCAL_MACHINE\PC-name\WPA\MedCtrUpg

    6. Change the IsLegacyMCE key in the right pane to the number 1 (default is 0)

    7. Highlight the PC-name under HKEY_LOCAL_MACHINE and click File > Unload Hive..., click Yes

  6. Reboot into the Microsoft Windows Recovery Console as in step 2

    1. Copy the SYSTEM registry hive back copy c:\SYSTEM c:\winsows\system32\config\system enter Y to overwrite

    2. Rename the old SYSTEM hive on C:\ ren c:\SYSTEM SYSTEM_old

    3. Type exit and reboot back into your Windows XP Media Center system as an administrator

  7. Now you should be able to add the system to the domain

  8. Optional: delete c:\SYSTEM_old and change the boot selection time from 30 seconds to 2 or 3 (now that the Recovery Console has been added)

Thanks to Aaron Tiensivu, who's article helped me yesterday. I decided to make an abridged post here since I'm getting annoyed at having to find this hack every time.

Sunday, January 29, 2012

Optimize Windows Settings for SSD

So you got a shiny new SSD for your Windows system. As you may or may not know, there is only a finite number of writes to each sector before it becomes unusable, eventually causing the disk to be unusable.

So what can you go to make sure it lasts as long as it can? I've gathered a few tips from around the web to help.

Versions after Windows XP actually do make some changes to optimize, but it doesn't hurt to check. And have fun with your new found (or bought) speed!

Wednesday, January 25, 2012

Firing a SysAdmin

Recently I had to replace an IT guy who'd gone off the rails. Something odd about this profession seems to cause an unusually high number of them (say, compared to other engineers) to drop off the radar and partially or completely disappear. It usually happens in one of two ways, they start with sporadic attendance, rarely answering phone calls and e-mail, then completely disappearing, or just the latter and they entirely stop all communications, possibly even leaving the area. Hard to say if it's something psychologically different with SysAdmins (we can be quite an odd bunch) or if it's the pressure and culture that spawns the flight response...

I've tried endless searches on "firing a sysadmin", "locking out an IT guy", etc., but nothing useful. So, I've compiled a list of things to examine when an IT guy goes AWOL and you need to lock them out, reclaim logins and check for holes.

  • Firewall passwords & rules

  • Router logins

  • Switch logins

  • VPN server login & configuration

  • Domain Admin/root password

  • Group Membership (Domain Admins, Schema Admins, Enterprise Admins, Built-in administrators, Exchange admins, root, wheel, etc.)

  • Other domain admin accounts

  • Service accounts (check Services logon list)

  • User accounts (every employee should change password)

  • Local admin accounts on client systems

  • Hosting/DNS/Domain Name Services passwords

    • Web hosting logins

    • Registrar logins and contacts

    • Managed DNS

  • Exchange/mail servers

    • Mailbox forwarding

    • Routing groups

    • Hosted spam filtering

  • MS SQL/database accounts

  • Auto-logins, i.e. kiosk systems

  • Examine startup scripts and group policy

  • Examine scheduled tasks, at or cron jobs

  • Change wireless security key

  • Change remote access accounts, i.e. GoToMeeting, TeamViewer, etc.

  • Update 3rd party software passwords, i.e. anti-virus, backup, etc.

  • Update 3rd party hosted software, i.e. Amazon S3, Salesforce, etc.

  • Change vendor logins, i.e. CDW, Dell, Microsoft, Tigerdirect, etc.

  • Remote system logins/wireless

  • Check systems in the field for items above

  • Check for keyloggers on all systems

  • Phone system accounts and logins

    • Change all voice mail pins

  • Update building alarm security codes

    • Contact for alarm company if the person is on the access list

  • Update access information/logins at colocation facilities

That's what I came up with so far for a Windows-centric network. Anything you can add?

Monday, January 23, 2012

Cisco ASA 5505 Software Upgrade

So you're looking to upgrade your Cisco ASA 5505 to the latest and greatest firmware? Well take it from me, don't update the ASA software first. If the ASDM software is not compatible with the updated ASA version, you will get locked out and have to get out your console cable.

Not so bad, but if your server room is actually a storage closet with the rack eight feet in the air so you have to stand crooked on a ladder, it's a pain in the back (and a lower, rear facing location as well).

The upgrade process is in fact, quite painless.

  1. Just fire up your ASDM

  2. Go to Tools > Upload Software from Local Computer...

  3. Choose your Image to Upload: (ADSM first, then ASA later)

  4. Browse Local Files... to add the image (.bin file)

  5. Click Upload Image and follow the prompts to finish (they vary depending on image uploaded)

Following the process above for our brand new firewall, the ASDM image reloaded properly to the latest version while the device was running, the ASA software however, did not. Rebooting the ASA loaded everything properly and I was on my way. (Or was I? That's blog entry to come...)

Saturday, January 21, 2012

Activate Windows and Office at the Command Line

I was recently looking for a way to activate Windows 7 and Office 2010 at a command prompt; this is what I found...

Since the release of Vista, you can use the command line utility slmgr for Windows activation when using a MAK (or Multiple Activation Key).

Windows Activation

  1. Open a command window (as administrator)

  2. And run...

slmgr -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
slmgr -ato

Office Activation

  1. Open a command window (as administrator)

  2. From C:\Program Files\Microsoft Office\Office14 run...

cscript ospp.vbs /inpkey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
cscript ospp.vbs /act

Who needs all that pointing and clicking anyway?

Monday, January 16, 2012

Exchange Maintenance Tasks

There isn't really a lot to be done with Exchange these days. Since the advent of E12, the code name for Exchange 2007, the maintenance task list has shrunk quite a bit.

The items that do need watching are just a subset of the "old days."

  • Maintain your daily backups - probably the most important thing you can do for Exchange

  • Examine your message queues for log jams or stuck messages

  • Check available disk space (but you've already automated this, right?)

  • Examine the event logs for errors and warnings

  • Make sure your anti-malware software is functioning properly, i.e. turned on and getting updates (some people host this service, so that would only leave four items :)

Thanks to Jim McBee for providing guidance in his many excellent books.

Wednesday, January 11, 2012

"Delivery has failed" error When Scheduling a Resource

There are plenty of answers to the error message:

"Delivery has failed to these recipients or distribution lists:
Jane Doe
Your message wasn't delivered because of security policies..."

In our case, Jane Doe was no longer an employee and her account was disabled. The sender of the message was requesting a meeting with someone who had Jane as his admin, so he had her as a Delegate for his Calendar. Once we removed her from his Outlook's Delegate list, there were no more errors.

Pretty simple, but they've moved Delegate Access in Outlook 2010, now you go to File > Account Settings > Delegate Access

For Outlook 2007 and earlier, go to Tools > Options > Delegates tab.

Friday, January 6, 2012

Auto-complete Not Working After Outlook 2010 Upgrade

You know you love it, being able to just start typing the first few characters of an address and Outlook "guesses" the rest for you. At least I think you love it, because every time someone's Outlook is upgraded or they are moved to a new system, everyone notices it's missing right off the bat.

Prior to Outlook 2010 all this information was kept in a NK2 file, typically called Outlook.NK2. Previously you could just copy this file to the corresponding folder on a new machine and it worked almost like magic. With the new upgrade, not so much. It's not a hard process to import the auto-complete data, but there are some additional steps.

  1. Copy your old *.NK2 file to C:\Users\%username%\AppData\Roaming\Microsoft\Outlook

  2. Ensure the name matches your current profile name, default is Outlook. (Look in Control Panel > Mail > Show Profiles... to be sure.)

  3. Now from the Run... prompt enter: outlook.exe /importnk2 and click OK.

  4. Once imported the NK2 file will have a .old extension, remove that if you wish to run the import again.

All auto-complete data is now kept within an Outlook 2010 mailbox, so no external files will be needed in the future.

Wednesday, January 4, 2012

(Not so) New Folder Locations

Since the advent of Windows Vista, the usual folder locations don't always apply. Take the Quick Launch or All Users Desktop, where did they go?

Here's a short list of what's been moved around (and yes, I'm writing this as much for me as anyone else)...

All Users:

  • All Users Desktop, Favorites, Documents, Downloads, Music, Pictures & Videos - C:\Users\Public

  • All Users Start Menu - C:\ProgramData\Microsoft\Windows\Start Menu

  • Documents and Settings (just for completeness sake): C:\Users

  • Templates - C:\ProgramData\Microsoft\Windows\Templates

User Specific:

  • Cookies - C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Cookies

  • Default Outlook OST/PST folder - C:\Users\%username%\AppData\Local\Microsoft\Outlook

  • Quick Launch - C:\Users\%username%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

  • Send To - C:\Users\%username%\AppData\Roaming\Microsoft\Windows\SendTo

  • Start Menu - C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu

  • Temp - C:\Users\%username%\AppData\Local\Temp

  • Temporary Internet Files - C:\Users\%username%\AppData\Local\Microsoft\Windows\Temporary Internet Files