Welcome to 







Welcome to Mickyj.com SBS RSS feed

Follow me through the highs and lows of IT in general

You can also check out my tweets on

If nothing changes on my blog for a while, I might be busy on another project.

Keep an eye on my Twitter, Flickr PhotostreamPhoto Blog or latest Mickyj news.

New additional blog (Added August 2011). Mickyj Mindspill at msmvps.com

Microsoft's ruling
Flash back to Windows XP, EULA's and RDP sessions
Keywords: EULA, OEM, Retail, FPP, RDP, Piracy

A few days ago I vented about people illegally turning Windows XP Professional into a multi-user terminal server. I took a few minutes this morning to call Microsoft. (Australia 13 20 58). I spoke to the licensing specialists. They inform me that any attempt to get around the technical limitations in Windows XP would be against the EULA. They told me that turning an XP machine into a Terminal server amounts to piracy and then proceeded to give me phone numbers and details to report the company selling this solution.

They told me that the latest EULA for OEM and Retail, for Windows XP Professional SP2, clearly states what I have described breaks the licensing agreement.

If you want to read the EULA's for yourself, they can be downloaded in PDF format from their site.

This exercise (Contacting Microsoft) was party for my personal satisfaction and partly for my own education. Now I know the facts and can be confident that this technology is wrong.

Send feedback about this particular blog
Read Feedback from others

Review the Mickyj Hardware blog or the Malware blog.
If you prefer to Twitter, look here

7 July 2009 - Mickyj.com

End blog for: 7 July 2009   Check my tweets on Twitter.

They got me again
Keywords: Policy, run, blocked

I swore that this would never happen again. I policed my clients and cut off vital software. I did the exact same trick I did back in 2001 when Windows 2000 server and AD policies first made an impact on my life.
I guess 8 years is a good track record.

The error appears whether users try to access a local drive (c or a mapped drive)

Access to the resource "mapped drive letter" has been disallowed

The policy I changed was
- User Configuration
- Administrative Templates
- Start Menu and Task Bar
- Remove Run menu from Start Menu

The description provided is:
Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager.
If you enable this setting, the following changes occur:
(1) The Run command is removed from the Start menu.
(2) The New Task (Run) command is removed from Task Manager.
(3) The user will be blocked from entering the following into the Internet Explorer Address Bar:

--- A UNC path: \\server\share
---Accessing local drives: e.g., C:
--- Accessing local folders: e.g., \temp

Also, users with extended keyboards will no longer be able to display the Run dialog box by pressing the Application key (the key with the Windows logo) + R.

If you disable or do not configure this setting, users will be able to access the Run command in the Start menu and in Task Manager and use the Internet Explorer Address Bar.

Note: This setting affects the specified interface only. It does not prevent users from using other methods to run programs.

Note: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.

Send feedback about this particular blog
Read Feedback from others

Review the Mickyj Hardware blog or the Malware blog.
If you prefer to Twitter, look here

6 July 2009 - Mickyj.com

End blog for: 6 July 2009   Check my tweets on Twitter.

Cheap Terminal servers?
Legal ?
Keywords: Legal, RDP, Windows XP Pro

Today, I came up against one of my pet peeves. Something that niggles at me.

People who propose to put in place cheap terminal servers using Windows XP Pro (Can you even buy this anymore? ... maybe as OEM) and third party software. Windows XP has the ability to be remote controlled from a second PC using “Remote Desktop Connection” and can be used from a dial-up connection or in a local Ethernet network. This includes Media Centre Edition. This is different to the Server versions of Windows, as it has a limit. A single PC can be controlled by a single “local” user (the “real” person on place), OR a single “remote” user. If someone logs into the computer from remote, the local user is disconnected.

The process of turning Windows XP into a "Terminal Server" includes using 3rd Party software or some registry hacks and a Beta Dll file from Windows XP SP2 which allows 3 simultaneous users access. (remember that Beta software expires when Gold code is released and it should not be used in product etc).

Lets think about this for a second:
The "hack" solution involves replacing the latest version of Termsrv.dll with an older version that is known to have active exploits. This is a security risk. (And you have to manually bypass SFC to make sure you keep the older Beta Dll).
This does not work if your machine is on a domain. (How useful is this in a business environment ?)
This "hack" would likely be disabled by a Windows Update down the track. (Disabling Windows Update is another security risk)

The third party solutions boast unlocking the Windows XP machine to 10 or more users. The only way they could "hook" in is to exploit the code.
I'm no expert in software law but this sounds like reverse engineering or de-compiling software which is considered to be theft of Intellectual Property.
I'm sure that the EULA is considered a legally binding agreement.

Using Windows in this was is exactly the same a pirating windows because you're not using a legal key per user. With Terminal servers (Server 2008) you need Office 2007 VLK to be able to install Office on the box. Is it the same for an unlocked XP desktop ? Is this just more piracy ? More licences not paid for ? More income not making it to Microsoft and other software vendors again attacking the Research and Development funds pumped into the next versions of various products ?

In all reality you don't have the legal right to alter a commercial product to get features, especially when those features are clearly in more expensive versions.

The TCP/IP stack in Windows XP has a 10 half-open connection limit, and a hard limit of 10 NetBIOS connections. They don't want you using Windows XP as a file server or web server. There are other limits in IIS 5.1 that make it unacceptable as a business-grade web server. They don't want you using Windows XP as a Terminal Services host, so they limit it to one connection.

Windows XP is designed to give desktop performance to the local user. It is not designed for you to enhance background services to make end users experiences better in RDP. It is not designed to have the memory management and performance tuning that would be conducive to a multi user environment.

It's not that difficult people. If you want server functionality, you pay the server price tag. You buy the licences and do it legally.

This can only end in tears.

Send feedback about this particular blog
Read Feedback from others

Review the Mickyj Hardware blog or the Malware blog.
If you prefer to Twitter, look here

5 July 2009 - Mickyj.com

End blog for: 5 July 2009   Check my tweets on Twitter.

The folder iTunes cannot be found or created
Keywords:iTunes, Music

We have a client who has their Vista PC as a member of a domain, with redirected and offline My documents. The client has then gone offline and unfortunately My Documents is pointing to a UNC path they can not get too. Obviously a sync issue. Clicking Documents on the Vista Start bar goes nowhere. Obviously this in turn means "My Pictures", "My Music" and other "My Documents" sub folders are broken.

This now means my clients iTunes, keeps trying to locate My Music, fails, tries to open the ITunes msi installer and tries to repair itself. It can't and it refuses to open up.

Now we faced the problem of getting a error message saying “The folder iTunes cannot be found or created”.

It is not a big problem and you can fix it very easily. You will get it as soon as you start the iTunes. By default the iTunes creates a folder for itself in the my music folder so next time when it wants to access if it could not do so then it simply gives you this message which is an error.

So first you need to cross check the path of that My music directory in the windows registry. You can access the registry of windows from RUN, just type Regedit and press enter. Much easier way is to type my music in the search box and press F3. So now press find next which will generate two results of My music at two locations. You will find no information related to path for the test system. Now change the path to a correct and valid path by a double click on the My music key in the registry.

Mostly, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders or
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

will be the path entries for both locations so see that they point to a valid path to make your iTunes work. Once done with this change the iTunes will now successfully be able to create a folder for itself in the directory and obviously now you will get no such error message like before.

In my case, I had to create a folder on the root of C:\ and point iTunes to it to repair the issue.

Send feedback about this particular blog
Read Feedback from others

Review the Mickyj Hardware blog or the Malware blog.
If you prefer to Twitter, look here

4 July 2009 - Mickyj.com

End blog for: 4 July 2009   Check my tweets on Twitter.

Silly antispam service
I hate Spamcop.
Keywords:Spam, Spamcop,NDR

Yes, they provide a good product but they are faceless. The support is in the forums and I have a very real issue, which I doubt I will get an answer for. I have clients blocked by email recipients whom subscribe to the Spamcop service. Spamcop have blocked them for misdirected bounces. These NDR's are generated by the clients server and sent back to trap email accounts at Spamcop. Why is the server spitting out NDR's to Spamcop ?

Maybe someone is spamming the client ? They are getting blocked for NDR'ing incoming spam ?? How ridiculous. Sure I can turn off NDR's in Exchange 2003, infact there is a KB article
Send feedback about this particular blog
Read Feedback from others

Review the Mickyj Hardware blog or the Malware blog.
If you prefer to Twitter, look here

3 July 2009 - Mickyj.com

End blog for: 3 July 2009   Check my tweets on Twitter.

Sysvol Junctions
A mystery is finally understood.
Keywords: Sysvol, junction

I have a clients server that I inherited, where I found a copy of the Sysvol folder, neatly copied to another drive. It seemed out of place so I confirmed that the real version was still intact under C:\Windows etc. Then I deleted it. Big mistake. The system policies first failed. Then the server went down and the server failed. I recovered the files from the recycle bin and renamed the folder "Do not delete" and the system was back to normal.

Why is this so ? When you copy the Sysvol, which is full of junctions, you have multiple folders linked to real folders and files elsewhere. Anything you do within the junction (not including renaming the container folder) will affect the original file system. For those that Robocopy or copy+paste server backups (Preparing for server upgrades etc), be aware of the implications of copying the C:\Windows folder and folders beneath it.

So what's the Sysvol junctions all about ? Junctions maintain ...

"data consistency by making sure that a single instance of the data set exists. Additionally, this configuration permits more than one access point for the data set. For example, Sysvol\Domain or Sysvol\Sysvol\Windows2000_domain.microsoft.com, as described in the example that appears earlier in this article, allows for redundancy but does not allow for duplicate files.

Junctions graft the namespace (any bounded area in which a specific name can be resolved) of the destination file system location to an NTFS volume. An underlying reparse point permits NTFS to transparently remap an operation to the destination object. As a result, if you modify the data in the Sysvol structure, changes occur directly on these physical files. Additionally, if you perform a cut-and-paste operation or a copy-and-paste operation with these folders in the Sysvol structure that contains junction points, the cut-and-paste operation or the copy-and-paste operation occur in the junction point information.

Microsoft recommends that you avoid performing a cut-and-paste operation or a copy-and-paste operation on the Sysvol structure, especially when you perform the paste operation on the same server. If you perform a cut-and-paste operation or a copy-and-paste operation on the Sysvol structure, a copy of the junction point information is created. This does not result in a copy of the actual data. Instead, a copy of the junction point information only is created. If you modify any of the files that appear in that folder, you modify the source files directly.

Microsoft recommends that you do not modify the Sysvol structure. This recommendation also applies to backup and restore operations of the Sysvol structure. By default, if you back up Sysvol by using NTBackup.exe, the backup file includes a backup of the folder's junction point information. If you restore a Sysvol structure from a backup file to a different location on the same server, do not restore the junction point information. To do so, use the advanced restore options."

Taken from KB 324175

Send feedback about this particular blog
Read Feedback from others

Review the Mickyj Hardware blog or the Malware blog.
If you prefer to Twitter, look here

2 July 2009 - Mickyj.com

End blog for: 2 July 2009   Check my tweets on Twitter.

More tests
But are they fair ?
Keywords: Symantec, Testking

Today I sat numerous Symantec Sales and Technical exams. I am glad to say that I passed them all. I completed exams for Symantec Mail security for Exchange 6 (Not that I use this product), Backup Exec, Backup System recovery, Enterprise Ghost server and many more. They were not easy. I am striving towards my SMB specialisation and wanted to do the exams to see what I needed to know. Lucky me I know the products well enough. I was surprised to see how hard they are and it makes me proud to have passed them. Imagine the shock when I then see TestKing has published the answers out to the internet. This is unfair to those of use who gauge knowledge by other peoples credentials. Shame on those that have submitted the answers to Testking.

Send feedback about this particular blog
Read Feedback from others

Review the Mickyj Hardware blog or the Malware blog.
If you prefer to Twitter, look here

1 July 2009 - Mickyj.com

End blog for: 1 July 2009   Check my tweets on Twitter.

Windows Foundation server
What is it ?
Keywords: Foundation server

Released April 2009

Microsoft has just announced the release of Windows Server 2008 Foundation (Codenamed Lima). This is a low cost alternative to Windows Small Business Server. Squarely aimed at the OEM set (Dell, Hewlett-Packard, Lenovo), this licensing scheme limits the server to fifteen users (even as a member server on a Windows domain), doesn't include hypervisor, and does away with the need for Client Access Licenses (CALs).

This a limited version of Windows Server 2008 that requires no CALs, and is only available from hardware OEMs.
  • OEM-only distribution (e.g. pre-installed on a server, not in a box)
  • limited to a single, x64 processor (min 1.4 ghz) - 1 CPU socket (but as many cores as that allows.)
  • only supports up to 8gb RAM
  • No support for virtualization (e.g. no Hyper-V role option and WSF cannot be run as a guest OS) or Core installs. Not as Parent, not as Child.
  • Limited to 15 users per server, and these are local accounts (although you can run AD, and even join domains as a member server, but note that if you do that, the 15 user limit applies across all AD scenarios)
  • No user CALs needed (however, if you do certain roles like TS or apps like Exchange, you will need the associated CALs for those, and since there is no server CAL in play, the user does not have rights to access other servers, so this is pretty much limited to a single server small environment, which the home page calls out “ideal first server supporting your single-server network”)
  • Maximum of 30 SMB network connections (file/print/storage), or 50 TS or RRAS/VPN connections, however anonymous internet connections are not limited.**
  • If installed in AD environment, must be at the top level of the tree (Can be a workgroup server, member server, member of a domain or the domain controller but not a lower domain).

    Supported roles: Active Directory Domain Services, Active Directory® Lightweight Directory Services, DHCP Server, DNS Server, File Services, Print Services, Fax Server, and Web Services (IIS).

    However, there can only be 15 individual users connected at one time on SMB/RRAS/VPN.

    It would be perfect as:
  • A Terminal Server for TS RemoteApps
  • A "Branch Office in a Box" server by installing the following roles:
  • - RODC
  • - DHCP
  • - DNS
  • File Server (with Role Services:)
  • - DFS
  • - FSRM
  • - Print Server
  • - NAP with RRAS for VPN back to main office
  • Could, should you choose, be installed as Server Core
  • - Backup Domain Controller

  • Send feedback about this particular blog
    Read Feedback from others(1)

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    30 June 2009 - Mickyj.com

    End blog for: 30 June 2009   Check my tweets on Twitter.

    Photo "Dust Bunnies"
    Cleaning a CCD Sensor
    Keywords: CCD, DSLR, Sensor, cleaning

    Today, whilst out taking photos of scenery of Mt Lofty, in South Australia, I was asked the age old question about cleaning CCD sensors in DSLR cameras. It inspired me to write something up.

    Firstly, the photo:

    And the article can be found here.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    27th June 2009 - Mickyj.com

    End blog for: 27th June 2009   Check my tweets on Twitter.

    RWW logging
    How can you find a list of who logged on when ?
    Keywords:IIS, RWW, Tweb

    You can scan the IIS application pool logs to determine a rough idea of who logged in and when. From a command prompt

    C:\WINDOWS\system32\LogFiles\W3SVC1>find "tsweb" *.* > c:\1.txt

    Now open the C:\1.txt file in notepad.

    Send feedback about this particular blog
    Read Feedback from others(1)

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    26th June 2009 - Mickyj.com

    End blog for: 26th June 2009   Check my tweets on Twitter.

    Can't surf the internet !
    Sonicwall, Trend Micro and ISA ?
    Keywords: Sonicwall, Trend, Worryfree, ISA 2004, http

    Today we installed a Sonicwall NSA 240 and Trend Micro worry free, on top of our ISA 2004 Some https websites and some websites that use dll files like eBay, refuse to work.

    We had some new complicated items on the network (Trend Micro uses URL filtering as well as the new and old firewall).

    I see from searching the internet others have had similar issues. I fixed it with the following

    HKLM\System\CurrentControlSet\Services\TCPIP\Parameters\EnablePMTUDiscovery to 1 and then rebooted.

    (ISA changes the registry entry for EnablePMTUDiscovery to 0 on W2K3, for greater hardening of the TCPIP stack. This sets ISAs MTU 576 instead of negotiating.)

    There also seems to be a bug in the implementation of HTTP1.1. A workaround for this would be turning of HTTP1.1 on the client in Internet Explorer. On the client go to tools-internet options - Advanced, under HTTP 1.1 setting clear one or both options (Use HTTP1.1 and Use HTTP1.1 through proxy server).

    I ended up locating the cause of the problem in the HTTP compression in ISA 2004. Open the ISA management console - click "add ins". Now choose the tab "webfilters". If you disable the "compression filter" and the caching compressed content filter" it also solves the problem.

    I found the fix did not immediately work on the client, I went to one of the machines giving me a problem, deleted the browsing history on the IE (Ver 6 and 7), restarted the browser, and the problem was gone! I just went to IE - Tools - Internet Options - General - Browsing History - Delete - Delete All.

    All back to normal.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    25th June 2009 - Mickyj.com

    End blog for: 25th June 2009   Check my tweets on Twitter.

    Submit suspect viruses
    Send a virus to the experts
    Keywords:Sandbox, test, Malware

    Here is a fantastic place to test out your suspect Malware files. You can submit the file off to these websites and test your suspects (Files that your antivirus does not find but you suspect).

    Cybercrime - Submit a file

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    24th June 2009 - Mickyj.com

    End blog for: 24th June 2009   Check my tweets on Twitter.

    Exchange 2003 SP2
    IIS will not stop, SP2 fails
    Keywords: IISreset, IIS, Exchange, SP2

    Installing Exchange 2003 SP2. It got half way and then stalled, it neither failed nor continued. It got stuck in a loop at the point where it restarted IIS. Some person had marked the IIS services to restart on failure, by using IISreset. There are three settings, allowing three levels of fault diagnostics. All three were set to restart. Putting it simply, the service pack could not stop the SMTP and other IIS services. I had to change this before it would install the service pack. I think I have inherited a buggy server. Why else would IIS be auto restarting ? Now I need to look for any underlying issues.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    23th June 2009 - Mickyj.com

    End blog for: 23th June 2009   Check my tweets on Twitter.

    DFS and FRS
    Can you setup DFS between server 2003 and server 2008 ?
    Keywords: DFS, FRS, Server 2003, Server 2008

    If you have Windows 2008 server and Windows 2003 (non R2) or SBS 2003 R2 you can't use DFS to replicate between the servers. You will need to resort to adding the File Replication Service role service in the File Services role on Server 2008 which should allow DFS replication with Server 2003 (non R2)

    The File Replication Service (FRS) supports synchronizing folders with file servers that use FRS instead of the newer DFS Replication service. To enable a server to synchronize folders with servers that use FRS with the Windows Server 2003 or Windows 2000 implementations of Distributed File System, install File Replication Service.

    When you are up to the point of doing this, make sure the latest updates for DFS are installed on Windows 2008 (there was an update) and that the NTFRS service is running.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    22nd June 2009 - Mickyj.com

    End blog for: 22nd June 2009   Check my tweets on Twitter.

    Read-Only data files
    Keywords: qbw, read-only, quickbooks, exit

    Ever discovered that QuickBooks 07/08/09 sets the Read Only attribute on the data file upon exiting the application?

    We have seen this on a few clients sites and it was a red herring for some of the other issues they had. We figured out that the read only attributes can be ignored. If you too are having issues with Quickbooks and have accidently discovered the read-only attribute - ignore it. It is not your issue.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    15th June 2009 - Mickyj.com

    End blog for: 15th June 2009   Check my tweets on Twitter.

    IE security update
    Busted Companyweb ?
    Keywords: SBS, Companyweb, IE, Security update, KB963027

    IE security update KB963027 can break the Companyweb on SBS.
    The primary symptom is that that you are prompted for credentials (user/password) that will not be accepted under any conditions.

    After removing IE 7 Security update KB963027, the entire server returns to normal and works properly. The server needs a reboot.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    10th June 2009 - Mickyj.com

    End blog for: 10th June 2009   Check my tweets on Twitter.

    Hyper V
    Linux OS under Hyper V
    Keywords:Linux, Server 2008, Hyper V, network

    Just a catch when setting up Linux in a HyperV session on Windows server 2008, make sure you use the legacy network adaptor. It drops the network in speed but it works.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    5 June 2009 - Mickyj.com

    End blog for: 5 June 2009   Check my tweets on Twitter.

    File Exemption for Viruses scanners Exchange 2007
    Ever wanted to know what you should exempt from a virus scan on Exchange 2007 ?
    Keywords: Exchange 2007, Antivirus, Exemption

    Here's a huge exhaustive list. Amongst the more controversial is the temp folder and IIS tree. Yes, not only should you not scan the Exchange folders, but you should look at other places in the file system. Heres the href="http://technet.microsoft.com/en-us/library/bb332342.aspx">Technet list

    It worries me greatly as IIS has been a target of Trojans in the past and the temp folder ? Do I even have to mention how bad excluding this could be ? On another note, the Windows Tmp variable under W2k8 points to the logged on users temp folder, not C:\Windows\Temp. not as I would have expected.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    4 June 2009 - Mickyj.com

    End blog for: 4 June 2009   Check my tweets on Twitter.

    Tips and Tricks
    Where are my eml files and email queues in Exchange 2007?
    Keywords:Exchange 2007, eml

    Exchange Server 2007 transport queues are not the familiar .eml files you see in Exchange Server 2003/2000, which reside in the \mailroot\vsi 1\queue folder (1 is the instance number of the SMTP virtual server) on the file system. Queues have been moved to a JET database.

    You need to manage the queues in the Exchange GUI.

    What are PRF files?, why does my roaming profile take forever and not fully roam ?
    Keywords:Prf, profile

    When a roaming profile gets big, network card gets dodgy, antivirus gets overactive or trusts break with the server, roaming profiles can stop roaming. During the process of roaming, each and every file (including the small URL and shortcut files) are temporarily copied into a temp file. The randomly named file has the PRF extension. As the profile copies up and then back from the server, the files are temporarily copied into the temp files in case something fails, ensuring you do not loose your data. If you find prf files, something is wrong. If a profile is getting to big, and is full of PRF files, put the profile on a diet and delete the PRF files. Read your event log and find out why the profiles are not roaming.

    No folder option in the tools menu ?
    Keywords:Folder option

    If you are not able to see folder option in tools menu (In Windows explorer or my computer), right click on an empty space on the Toolbar. From the dropdown menu, click on Customize. The left panel of the newly opened window shows you what icons you may add to the Toolbar. Locate the icon for Folder Options, click on it, then click the ADD Button. And Close. If this fails, you can access Folder Options through Control Panel. If you're using the categorized Control Panel, it's under Appearance and Themes. If that fails, you need to start up gpedit.msc and locate the disabled windows explorer folder option line.

    Fvt file playback
    Keywords:Fvt, Forus

    I had a client who purchased a spy recording device (Made by Forus), they recorded a number of recordings and these saved into fvt format. They lost the CD driver disk and have no tools for playback.

    The device they purchased was old and no longer listed online as supported. There were no downloads. I found Manager Program Download DVR at http://for-us.koreasme.com/fsbClient/ezboard.jsp?bm_seq=3482

    It was for a different version of the spy device but the software installed allowed the files to be played back.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    17 May 2009 - Mickyj.com

    End blog for: 17 May 2009   Check my tweets on Twitter.

    Mega Post Time
    Encrypted files ?

    I have a client who can not view jpg files. I opened the file associations to find something had hijacked most files and setup encrypted extensions ? Anyone have any idea what has done this ?

    BMPENX Encrypted bmp file
    BMPX Encrypted bmp file
    CSVENX Encrypted csv file
    CSVX Encrypted csv file
    DOCENX Encrypted doc file
    EGISENC Encrypted file
    EGISENX Encrypted file
    ENC Encrypted file
    ENX Encrypted file
    GIFENX Encrypted gif file
    GIFX Encrypted gif file
    HTMENX Encrypted htm file
    HTMLENX Encrypted html file
    HTMLX Encrypted html file
    HTMX Encrypted htm file
    JPEGENX Encrypted jpeg file
    JPEGX Encrypted jpeg file
    JPGENX Encrypted jpg file
    JPGX Encrypted jpg file
    PDFENX Encrypted pdf file
    PDFX Encrypted pdf file
    PPSENX Encrypted pps file
    PPTENX Encrypted ppt file
    RARENX Encrypted rar file
    RARX Encrypted rar file
    RTFENX Encrypted rtf file
    RTFX Encrypted rtf file
    TIFENX Encrypted tif file
    TIFFENX Encrypted tiff file
    TIFFX Encrypted tiff file
    TIFX Encrypted tif file
    TXTENX Encrypted txt file
    TXTX Encrypted txt file
    XLSENX Encrypted xls file
    ZIPENX Encrypted zip file
    ZIPX Encrypted zip file

    Finding space
    Keywords:ISALOG.BIN, V01, Dbaccess.log, mssbsssr.log, hmdebug.log

    I have numerous clients using SBS 2003 where the "OS" partition is filling with rubbish. Here is a few obscure files to delete (And one for Lenovo users)

    SP2 will create a new 400mb file, Windir\Debug\ISALOG.BIN, and a second, new 400mb file, ISALOG.BAK, on the C: drive. This file's purpose is for troubleshooting by MSSupport in the event of problems with ISA 2004.

    You can get rid of this by going to HKLM/Software/Microsoft/ISATracing and setting the BootTracing parameter to 0. Then reboot and delete both ISALOG.BIN and ISALOG.BAK.

    Catalog V01 files
    Windows 2000/2003 Backup keeps a tombstone catalog on the local disk for each backup tape. After you select a backup catalog on the Restore tab, Backup mounts the tape and then reads the on-media catalog(s) to populate the on-disk catalog file before it expands file/folder restore selections.

    This operation takes time and requires operator intervention, especially when multiple backup sets are contained on the media or the backup set spans multiple tapes. When Backup quits, file and folder information is removed and it becomes a tombstone catalog file again. This conserves disk space because the size of on-disk catalogs can become very large.

    The files appear in
    C:\Documents and Settings\Username\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\Catalogs

    They are *.v01 files. If they are old catalogs and for tapes that have since been written over, you can delete these files.

    Dbaccess.log files
    You can delete this file but first, You may want to open your DBAccess.log (and any other big ones) with a text editor that can handle it (not notepad) to see where all the errors are coming from - it shouldn't be big. If it continues to grow quickly even after you delete it then something must be wrong.

    mssbsssr.log files
    C:\Program Files\Microsoft Windows Small Business Server\Support\mssbsssr.log

    It's a log file used for troubleshooting. You can safely delete it without impacting the performance of your server. Be worried that it is big. Time to investigate.

    Debugdiag files
    To remove this file, disable Performance Monitor logging.

    Approximately two minutes after the user dump file capture process is finished, disable Performance Monitor logging. To do this, follow these steps:

    1. Click Start, click Run, type the path of the Debug Diagnostics Tool, and then click OK.

    Note By default, the Debug Diagnostics Tool is located in the following folder: C:\Program Files\IIS Resources\DebugDiag

    2. On the Tools menu, click Options and Settings.

    3. On the Performance Logging tab, click Disable Performance Counter Data Logging.

    Hmdebug.log files
    The only solution to the growing size of hmdebug.log is to stop the WMI service, delete the file, and reboot. You can restart the wmi service remotely (RDP) without any danger but be aware it stops exchange management

    Missing space on Lenovo laptops - RRbackups folder
    Rescue and Recovery - RRbackups is a hidden folder on the hard disk that can take up many Gigabytes.
    If you do not need it, disable it.

    The steps to turn off RnR scheduler will vary some depending on your version.
    If you have RnR 4.1 or newer:
    - go to Advanced RnR settings
    - go to Set Schedule and Preferences
    - uncheck "Schedule your backups"

    To delete current backups:
    - from Menu bar, select "Advanced" --> "Delete Backups"
    - select the backups to delete, then select "Delete"

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    11 May 2009 - Mickyj.com

    End blog for: 11 May 2009   Check my tweets on Twitter.

    Mega Post Time
    Turn off Internet Explorer Enhanced Security Configuration in Windows Server 2008
    Keywords:IE, ESC

    After using Windows 2003 for so long, I was used to going to Add/Remove Programs to turn off IE ESC. It’s different in Windows 2008.

    Select the root of the Service Manager navigation pane, and under the Server Summary click Configure IE ESC, which is part of the Security Information section. A dialog box appears, letting Internet Explorer Enhanced Security Configuration be enabled/disable separately for normal users and administrators.

    Junk mail not working in Outlook 2003
    Keywords:spam, OWA, Outlook

    I had a client who could not filter their junk email. It simply did not happen. They ended up having to log into OWA, turn on the Junk filter and then the desktop Outlook client could filter Junk. No idea why it was turned off.

    Further detail: In Exchange 2003 the Junk Email folder is a key anti-SPAM protection weapon. Acting as the SPAM repository it enables the Inbox to remain clean. Starting from Outlook 2003 you will find the folder ready, waiting to welcome incoming junk. It has its nice little eloquent icon, filling you with confidence that SPAM has its days counted.

    The Junk Email folder must be enabled. This enablement is per mailbox. Thus each recipient can choose to enable/disable it independently. To complicate matters further, there exist two folder enablement mechanisms. You can enable it either through Outlook 2003 or through Outlook Web Access. It is a common perception that OWA is just the web based version of Outlook.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    10 May 2009 - Mickyj.com

    End blog for: 10 May 2009   Check my tweets on Twitter.

    Symantec backup to disks in SBS 2008
    Backup Exec System Recovery
    Keywords:Backup Exec System Recovery, Drive signature

    Now that we have moved from tape to disks and Backup Exec to Backup Exec System Recovery, we are finding issues with rotating USB backup drives.

    "When attempting to change a removable drive (i.e. USB, 1394, etc) use by Backup Exec System Recovery (BESR) as its primary storage location (e.g. central storage repository for BESR client recovery point images) as a part of a drive cycling/swapping disaster recovery policy, scheduled base or incremental recovery point backup jobs fail intermittently to launch or during the backup process.

    Using Windows Disk Management change the drive letter and disk label of the removable drive that will be common for all removable drives in the rotation policy; note this drive letter and label for future use. Find a utility that displays and permit the change of the disk signature of a removable drive. MBRwizard version 2.0b utility from DiskDNA. http://www.mbrwizard.com/download.shtml is used in the example steps listed below."

    Browse to the MBRwizard's install path in Windows Explorer.
    Click Start | Run and type CMD and press OK.
    Drag the MBRWIZ.EXE into the command window.
    Type \LIST (i.e. end results MBRWIZ.EXE \LIST) to shows the list of drives attached to the client system with their drive label.
    Type MBRWIZ \DRIVE=# \SIGNATURE Where # is the removable drive from step d. This returns the disk signature of the removable disk drive.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    9 May 2009 - Mickyj.com

    End blog for: 9 May 2009   Check my tweets on Twitter.

    Creatiq and WSS3
    SharePoint Team Services 3 on SBS 2003
    Keywords:Sharepoint, WSS, SP2, SBS 2003

    I had to install WSS3 on SBS 2003. I downloaded it and starting running it, it said it needed WSS2 SP2 installed. I Googled and Googled. I could not find anything recommending or against installing WSS 2 SP2 on SBS 2003. Companyweb on SBS 2003 is tightly integrated into the system. Hence WSS3 is a side by side install, not an upgrade. I took a punt and installed it. It seems I had little to fear. WSS 2 SP2 works find on SBS 2003 !

    Creatiq gave my Kudos

    Keywords:Creatiq, Cloud, MacWorld

    My article in MacWorld about Creatiq's Cloud based CRM has been well received. Creatiq now reference me on their website.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    8 May 2009 - Mickyj.com

    End blog for: 8 May 2009   Check my tweets on Twitter.

    The day Twitter died
    Twitterific ?
    Keywords:Twitter, suspended, URL, hacked, support

    On the 25th, Twitter choose to suspend my twitter account. Logging on at www.twitter.com, let me log on, but I still could not find any reason for the suspension. I received no email from Twitter and no alerts. It just stopped working. I found a link to a support article that listed various generic reasons for suspension and an email address to email for support.

    As I felt unfairly dealt with, I sent the support email a message with my user account, requesting to know why I was suspended. I got an automated response announcing that twitter can be linked to Facebook with Facebook's applications. I have no idea what relevance that had. I logged back into twitter and fired off another call for help. The help system had my previous post in the list so I forwarded it back into the help system.

    Still no reply. I could not see a way to get my account re activated.On the website, the help system lists one of Twitters good points is a response to help within 24 hours. It was now the 1st May and I had no response.

    On the 4th of May I emailed another Twitter user and he took up my plight.

    Kudos to Dnwallace ! Twitter user of the year !

    Dnwallace contacted Twitter support on 4 May. On the 7th of May, my account was back up and running. Still no email from Twitter and still nothing to tell me what had happened. Dnwallace worked out that my profile listed a link (url) to my website. As the website was hacked, Twitter was protecting it's users and blocking my account. It would have been nice to have been notified. I had fixed the website back on April 26th. Twitter suspended my account for a legitimate reason, which was not actually a deliberate act on my behalf, but it would have been good to know so I could fix the issue !

    Where is Twitters support ? Asleep at the helm ?

    Honestly, Twitter as a service rocks. It is not until you need some support that you really see the worth of a company. I know I can't replace twitter in my life, I need this outlet. It just goes to show, we all bend to the will of the larger organisations. I hope that they repair whatever went wrong with their support system. Maybe I will even get an email from them ... eventually ?

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    7 May 2009 - Mickyj.com

    End blog for: 7 May 2009   Check my tweets on Twitter.

    Bunch 'O' Stuff
    Dell Laptop running Windows XP will not standby
    Keywords:Dell, Laptop, Standby

    The solution was to remove/disable the webcam driver and standby then worked. A rolled back driver or a more recent driver update allowed the Webcam to work and also standby. http://Connect not working
    Keywords:SBS2008, RRAS

    The Small Business Server Networking Wizard was not installed. You may not be a member of the local Administrators security group on this computer or your Local Intranet security settings may be set to High. Click Connect to the network now to try again and click Yes when prompted. If the wizard fails to install, contact the person responsible for your network."

    Event ID: 20106
    Unable to add the interface {GUID} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

    the error in the event viewer was caused because RAS was trying to add the 1394 Net adapter to the router manager, I disabled the 1394 adapter which fixed this error.

    HP DX7400 SFF running XP Professional restarts
    Keywords:HP, Workstation, reboots, updates

    Windows restarts before you can even enter a password, yet it starts OK in safe mode.

    HP state that this is typical of problems that have been occurring over the last 6 weeks especially with the DX7400. They have noted that winlogon.exe and another file (crss.exe) are being corrupted by certain Windows updates if automatic updates is turned on. They recommend that ONLY critical updates be installed.

    MS Word isn’t picking up spelling mistakes.
    Keywords:Word, Spelling

    If you have checked your custom dictionary and the words are not in there, make sure you set the language correctly (Language – English (Australian) for me)
    Check all the Word Proofing options, if there is nothing else obvious, try

    Alt+A to select the entire Word document.
    Click on the Review tab.
    In the Proofing group, click on "Set Language."
    Select "English (Australia)"
    UNCHECK "Do not check spelling or grammar."
    UNCHECK "Detect language automatically.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    1 May 2009 - Mickyj.com

    End blog for: 1 May 2009   Check my tweets on Twitter.

    Offline Vista
    Can't set files for offline use in Vista
    Keywords:Vista, Offline files, SBS 2008

    I have a client using Vista Ultimate on an SBS server. They have enabled "offline files" and mapped a network drive to a folder on another computer. When they right click on the mapped drive, they do not see the option for "always available offline." (The offline files service is started.)

    To enable offline files

    Open Offline Files by clicking the Start button , clicking Control Panel, clicking Network and Internet, and then clicking Offline Files.
    Click the General tab, and then click Enable Offline Files.
    Read more about this here.

    BTW - What are offline files ?
    Enable offline files if you want to work with files that are in a network folder. A copy of the file on your hard drive will be synchronized with the network copy as soon as you are back at work or you regain your network connection.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    30 April 2009 - Mickyj.com

    End blog for: 30 April 2009   Check my tweets on Twitter.

    Fixing OWA and then looking at my Internet troubles
    OWA not working - Exchange 2007
    Keywords:OWA, Exchange 2007, SBS 2008, IIS, Hotfix

    I have an SBS 2008 server where trying to access OWA causes thread errors or file not found errors. I have tried https://servername/Owa, https://Internetdomainame/Owa and https://sites/Owa.

    I found numerous references to a possible solution, Install Exchange 2007 SP1, Rollup 7. It did indeed fix it but I learnt a valuable lesson. Don't do it over RWW. It turns off IIS and the connection drops. Now I am jumping in the car to go to the site.

    I should have known better.

    BTW, SBS 2008 includes Exchange 2007 SP1, Server 2008 only works with Exchange SP1.

    Internet Service providers
    Keywords:Dodo, NameZero, Twitter

    Today I have a problem with Internet services. This is unfortunate but I have three problems. One with Twitter, one with NameZero and one with Dodo Internet.

    Lets start with Twitter. They choose to suspend my account 25th April and don't warn me or tell me why. The website has some generic information stating I might be sending out spam, might have an imbalance of followers vs the accounts I follow or maybe I am posting too many URLS ? None of these are the case. I have no idea why I have been suspended. I have lodged a complaint (As per their request). They say on the website, that they will respond in 24 hours. I have sent them 9 messages over 8 days and I have so far not had a single reply and I am still suspended. Wha ??? Are they ignoring me ? I have done nothing wrong (That I am aware of). I want to get back into Twitter but the chances of that are getting slimmer by the day. Pity, it was a great service and I had it hooked into my Live Messenger and Facebook. It was quick and convenient.

    Lets move to NameZero. Originally they supplied a service where you could get a free domain, if you put up with their Ad's. This was years ago, these days I pay for it. Here's the issue, I use a facility they call Masked URL forwarding. This process involved a html file their end, that forwards end users through to my website by using a single, full screen frame. I needed to edit the html file. The support there, said that the html file did not exist. Two weeks later, finally after heaps of emails, I have found someone at that end that admits the html file exists but tells me, it can't be edited. This wrecks my plans. I can't do what I need to do, to verify my website with Google. I can't believe their support team originally told me the file did not exist. They refused to acknowledge it. Finally they did but it was no help.

    Now comes my issue with Dodo Internet in Australia. I went to use the Internet one night and instead got redirected to a details update for Dodo. I could not get to any other website. I had no idea if this was phising. Had my browser been hijacked ?

    Dodo should have sent me an email warning me that this would be happening. I am not sure that this browser hijack was even in my Dodo contract. I had a webapp running that updated every few minutes via the web and it simply stopped as it could not contact a specific URL. This kind of Hijack was just nasty. I hope it was for real as when I updated my details (clicking the proceed button) I got a DotNet error and the database server failed to connect.

    Did my details really update or has someone just stolen my personal details ?

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    28 April 2009 - Mickyj.com

    End blog for: 28 April 2009   Check my tweets on Twitter.

    Another Year ...
    Happy Birthday to me !

    Yes, another year. Today I have a treat for myself. I am putting in an SBS 2008 server, a member server and a bunch of OS 10.5 Mac's. You know that you have a distorted view of life when a server install at an unknown site is considered a treat.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    27 April 2009 - Mickyj.com

    End blog for: 27 April 2009   Check my tweets on Twitter.

    Where have I been for almost 3 weeks ?
    Keywords: PE_VIRUX.E-2, PE_VIRUX.C-2, Win32/Virut, Cryp_Virux, W32.Virut, PE_VIRUX.G-1, PE_VIRUX.F

    ... Offline. I am lucky enough to be one of the two people in Australia/New Zealand to have been infected with a rare strain of the Virux/Virut virus on my home PC. This is according to Trend Micro's Statistics. If you get this virus, be very afraid. It infected every EXE, SCR, DLL, HTM, HTML, ASPX file (And more). It copied itself to every USB device including my Camera flash cards and USB keys. It infected my Outlook email signatures (So I need to contact people I have emailed), Outlook stationary and more. I started seeing a pattern where infected executable files were about 20 kb larger than the originals and my internet would slow down (Due to incoming IRC connections). It was almost impossible to beat.

    If I am like you, I have a whole heap of downloads on my PC that contains all my setup files. That included service packs, video drivers, scanner and printer drivers. All were infected. As I tried to reinstall my hardware I got reinfected. If I plugged in a memory card, I got reinfected. I even found the virus on my media centre and Xbox shared folders. It got everywhere. (Even played with my firmware on my router).

    It all started when I wanted to get more performance out of my video card. I download the latest drivers and included this virus.

    I reinstalled Windows XP Pro and all my additions at least 20 times between 26/3/09 - 16/4/09 before I finally got online again. I know this as I can no longer activate my Microsoft software. I have exceeded the install number allowed for a retail version of the product.

    I got to the point of throwing out USB keys and starting to install everything fresh, from fresh downloads. Finally, I have myself back up and running (Minus all my data). Both AVG and Trend Micro could not protect me from reinfection. The virus is encrypted. It hides in space within exe files and nothing can detect is due to the encryption. Trend Micro etc can only detect it once the "exe" has started modifying other files. It happens so fast and Trend Micro and others can't clean it. I think I had 50 infections per second once the virus broke free. The virus targets all files in C:\Windows and C:\Windows\System32 first so basically, Windows becomes one big virus. It becomes especially hard to handle when AVG and Trend Micro start quarantining the virus, removing essential Windows files out of your system so ... Your system can't reboot. I also had the virus in system restore so the OS was completely tainted.

    I got to the point where as soon as Trend or AVG triggered, I pressed the workstations reset button, shoved in my XP disk and started reformatting. I think my earlier mistake was trying to clean the virus. The more I tried, the more I got infected. I tried the Symantec removal tools and many others. They all did not deal with this particular strain of the virus.

    If you see this virus, run away. Be very, very afraid. Format your PC. Get your files back from backups. Don't trust any files off your old system as the virus is encrypted and could be in any file. Certainly antivirus can detect this virus when it starts running, but by then, it is too late.

    The virus detected was:
  • PE_VIRUX.E-2
  • PE_VIRUX.C-2
  • Win32/Virut
  • Cryp_Virux
  • W32.Virut
  • PE_VIRUX.G-1

    The virus downloaded and installed the following strains:
  • Virus.Virut.r
  • W32.Virut.CF
  • W32/Virut.n

    It also downloaded:

    Google blocked my website
    Keywords: Google, Website, Harm, iFrame

    .. And rightly so. I have been hacked. It has been a shocking month for me thus far. My home PC covered in Viruses for the first half of the month, 1 week to breath and then my website hacked in the second half of the month.

    When you Google mickyj.com you get a result that lists "This site may harm your computer" under my website. When you click the link for my website, you get a google page warning viewers not to go to my website. Obviously I wanted to find out more so I downloaded the code for my website and found 4 iFrame infections had been injected into the code.

    I contacted Google Support through their help system, after fixing my website. It took a little bit to explain to them what I found, how I had cleaned it all and how the infection had likely occurred, then they "verified" and "reviewed" my website and it is up again in all it's glory. Thanks Google Guys. You were awesome. I was unable to request verification of my website through the web interface as my Domain name holder has some restrictions in place that I could not get around. The Google guys understood this and did an awesome job helping me through their help system. I can't stress enough how fantastic these guys were. Especially Johnathon at Google. you guys rock.

    Website up and running, safe again on the 25th April.

    New Wrinkle
    Keywords: Twitter, Suspended

    Twitter have blocked me for suspicious activity. 26th April Twitter suspended my account. What ?? I hope that this is related to the virus I had earlier and can be easily explained and then unblocked. This has not been a good month.

    Maybe things will be better tomorrow as it is my Birthday !

  • Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    26 April 2009 - Mickyj.com

    End blog for: 26 April 2009   Check my tweets on Twitter.

    Small Business Server 2008 Hints and Tricks
    SBS 2008
    Keywords: SBS 2008, backup, NTbackup, Terminal server, IMF, Printers, Policy

    Over the last few weeks, I have been gathering some notes about SBS 2008. I thought it was time to post these.

    Don't bother to map a users home directory in the Active Directory (On the profile tab)
    Map drives by either group policy or logon scripts. Vista does not seem to like nor understand the AD setting for Home folders. It did this in SBS 2003 as well.

    Buggy Policy descriptions close button in popups
    When using the new policy manager in SBS 2008 and clicking a hyperlink for further information, the window that pops up, the close button does not work. Lets hope that this is fixes in SP1.

    Blocking control Panel, blocks printers
    Turning off control panel access for users also removes access to printers.
    I like to policy my clients. I don't want users playing around with system settings. One of the first things I do is disable access to control panel.

    Unfortunately, this includes access to control printers. Printers appears in the Control panel but it is not an addressable applet. You can't use the group policy - Allow access to the following applets and block all but the printer tool. When you block printer access, you also loose access to it from the start menu. Even if you customise it and have the shortcut on there. It simply vanishes and becomes unavailable.

    I did find if you open "Computer", put "printers" in the Address bar and press enter, it takes you to "control panel\printers" and it comes up. If you then right click, drag and drop the icon on the address bar to the desktop and make a shortcut, you suddenly can have control panel blocked but access your printers.

    How can you get icons onto the All Users desktop?
    By using junctions and other methods, c:\users\All users actually links to C:\Programdata and then onto C:\users\public. The All users desktop is C:\Users\Public\Microsoft\Windows\Desktop

    Place your icons in there.

    (You can work out where these junctions go from a CMD prompt and Dir/a)

    Microsoft (Sysinternals) Bginfo comes up with access denied and will not alter the desktop.
    Make a blank BMP file called bginfo.bmp with MsPaint. Make sure the file is fully accessible to Domain users (NTFS Permissions) and place it into C:\Windows. Also, deselect logon and Terminal Server desktop changes in the Bginfo config file. The image should now work and update from a users logon script.

    Where is IMF ?
    You now need to use the PowerShell and Cmdlets. This is now called the content filtering agent (CFA).
    The CFA has three thresholds - equivalent of Gateway thresholds and (gateway) actions in IMF.

    These are SCLDeleteThreshold SCLRejectThreshold and SCLQuarantineThreshold.

    Messages with SCL equal to or higher than the SCLDeleteThreshold are deleted silently. To enable the SCLDeleteThreshold:
    set-ContentFilterConfig -SCLDeleteThreshold 8 -SCLDeleteEnabled:$true

    Messages with SCL equal to or higher than the SCLRejectThreshold are rejected during the SMTP session, after the data is received. In this case, senders get a NDR. To enable the SCLRejectThreshold:
    set-ContentFilterConfig -SCLRejectThreshold 7 -SCLRejectEnabled:$true

    In the above case, Exchange doesn't accept the message. After the data is received, it responds with a 500 5.7.1 error and a rejection response (by default this response is: Message rejected due to content restrictions. This rejection message can be configured using the following command:
    set-ContentFilterConfig -RejectionResponse "E-Mail blocked as it looks like spam".

    The actual NDR is generated and sent to the sender by the sending host. What the sending host will see after the message content is sent
    500 5.7.1 E-Mail blocked as it looks like spam

    Messages with SCL equal to or higher than the SCLQuarantineThreshold are delivered to the quarantine mailbox, provided you have one configured. To enable the SCLQuarantineThreshold and configure a quarantine mailbox:
    set-ContentFilterConfig -SCLQuarantineThreshold 6 -SCLQuarantineEnabled:$true -QuarantineMailbox:MyQuarantineMailbox@mydomain.com

    To get a list of all three SCL values and whether each action is enabled or not, use the following command:
    get-ContentFilterConfig | Select SCL*

    equivalent of IMF's Store threshold (moves messages to users' Junk Mail folders)

    it resides in a different location - in the Organization configuration. It can be set using the
    set-OrganizationConfig command:
    set-OrganizationConfig -SCLJunkThreshold 5

    How do you backup a member server?
    wbadmin replaces NTbackup. This is an imaging tool. You can redirect the backup to a network share. Excellent for member server backups.

    wbadmin start backup -backupTarget:\\servername\sharename -include:c:,e: -quiet –vssfull

    In my experience, using Gbit network cards, the backup from a Terminal server across to a very busy SBS server (It was running a system state backup at the time) was incredibly quick.
    It seemed as though 10 Gb (the backup) transferred in a little under 15 minutes.

    System state backups
    The normal backup that SBS 2008 creates contains all the necessary information to restore the entire server. The normal SBS backup includes the system state data. If you are like me, you may wish to create a system state backup of the machine before you make critical changes to the machine or active directory. The ability to take just a system state backup is not exposed in the GUI interface of backup. If you wish to take just a system state backup you must use the wbadmin.exe utility. You must first open a command prompt as administrator.

    If you want to script this, you will need UAC turned off. This might not be a good thing and seriously, should you be doing a scheduled system state backup all the time.

    The command to start a system state backup is:
    Wbadmin start systemstatebackup –backuptarget:F: (Where F: is the drive where you wish to store the system state backup).

    The target volume for a system state backup cannot be a source volume by default. A source volume is any volume that has a file that is included in the backup. To change that behaviour, you can add the AllowSSBToAnyVolume registry entry to the registry on the server. However, there are known issues with storing a system state backup on a source volume:
    Backups can fail. The backup can be modified during the backup process, which might cause the backup to fail.
    It causes an inefficient use of target space. Twice the amount of space is necessary for a backup than for the original data. The volume must allocate twice the amount of space for the shadow copy process.

    The path for adding the new registry entry is as follows:
    Type: DWORD
    Value: 1

    A value of 0 prevents the storing of system state backup on a source volume. A value of 1 allows the storing of system state backup on a source volume.

    The backup process will create a directory on the target drive named WindowsImageBackup. This directory will contain the system state backup of the server. The system state backup of an SBS 2008 server is considerably larger than the same backup on an SBS 2003 server. My system state backup after configuration, adding users and Trend Micro is around 12GB. Note that a system state backup takes much longer than a member server backup across the network.

    If you wish to restore a system state backup, you must first reboot the server into Directory Services Restore Mode (DSRM). Once in DSRM, you would open a command prompt with administrator rights and use the following commands to start the restore.

    We must first determine the version of the backup that you wish to restore.

    The command WBADMIN GET VERSIONS will display all the backups on the machine and the version identifier.

    The output will look similar to this:
    Backup time: 10/3/2009 4:00 PM
    Backup target: Fixed Disk labeled E:
    Version identifier: 10/03/2009-10:33
    Can Recover: Application(s), System State

    This backup job was completed on 10/3/2009 at 4:00pm and was saved to drive E:. The backup job has the ability to restore the system state and is version identifier 10/3/2009-10:33

    Once you have located the version identifier, you can initiate the restore by using the following command:

    Where version id is the version identifier you obtained with the Get Versions command.

    For our example the command would be:
    WBADMIN START SYSTEMSTATERECOVERY -version: 10/03/2009-10:33
    WBADMIN will restore the system state information back to the data from the backup. Once the restore process is complete, you will have to reboot the machine into normal mode to complete the restore.

    My old scripts will not run on SBS 2008
    If you are like me, you have a whole heap of scripts you run. These are either batch files or VBS files. Nothing as advanced as PowerShell (Yet).

    I have scripts to make a file backup of Companyweb and many other tools. None of them run. Why ? UAC. You need the script to run as an elevated Administrator. Turning UAC off allows the scripts to run but be careful, you are removing a layer of security. Maybe now that you know UAC affects scripts, it is time to look at alternative ways of running these things so that UAC can remain on ?

    HP UPS software will not run
    This UPS software detects the UPS but the web interface will not come up. Is this an IIS7 incompatibility?
    Nope. Just UAC again.
    Fortunately the latest UPS's from HP look like Powerware units and support Server 2008 properly. It is just the current batch of UPS's that are an issue.

    System Centre off ?
    There is a group policy setting that will turn system centre off. This will stop the nags for the end user if UAC is off. Use this sparingly and only if you have to.

    What is the difference in the Standard and Advanced SBS server management console ?
    Users and Computers Tab
    Users Sub-tab: Link to open Active Directory Users and Computers snap-in.

    Network Tab
    Devices Sub-tab: Re-install the Fax service
    Connectivity Sub-tab: Start/Stop DHCP services (use this if you absolutely must use DHCP on the router)
    Connectivity Sub-tab: Manage DNS Snap-in
    Connectivity Sub-tab: Manage DHCP Snap-in
    Connectivity Sub-tab: Manage Certificates Snap-in

    There is also a “Native Tools Management”, which includes many of the native tools you might need to troubleshoot, or make any custom settings.

    Terminal server with 0x8004005. Error HRESULT E_FAIL
    An issue was discovered when installing the Terminal Services role on a 2008 member server in an SBS 2008 domain. After the initial installation completes and you reboot to complete the installation you are presented with the following error.
    Attempt to configure Terminal Server failed with the error code 0x8004005. Error HRESULT E_FAIL has been returned from a call to a COM component.

    This occurs when the 2008 member server is misplaced into the SBSComputers organizational unit instead of in the proper SBSServers OU. This is due to a client policy linked to the SBSComputers OU which configures remote assistance and terminal server settings causing a conflict with the installation. To resolve this problem:
    move your member server to the correct OU (SBSServers).
    Uninstall the Terminal Services role.
    Install the Terminal Services role.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    22 March 2009 - Mickyj.com

    End blog for: 22 March 2009   Check my tweets on Twitter.

    Sad News
    Farewell Frank
    Keywords:Frank McAllister RIP

    Self professed "World's oldest SBSC", MVP Frank McAllister passed away 27/2/09 1:30 am. Frank always had time for anyone. He was an awesome friend and will be very much missed. Frank was a community minded person who defined the terms MVP and community. He was a SBS MVP for many years and my best memories are with him in Seattle and Redmond. Frank is a sad loss to the community, the world and Microsoft.

    RIP Frank. May you find tech support in heaven easier.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    28 February 2009 - Mickyj.com

    End blog for: 28 February 2009   Check my tweets on Twitter.

    Mega Post for Feb 09
    Don't encourage me
    Keywords:Camera Photo HDR Focus stereogram Flickr AEB

    It would seem I have become addicted. I have just been invited to join the Adelaide photographic group and also to an outing hosted by the Para photographic group in Adelaide. I am in the list of finalists to have a photo used by a mapping company for a map of San Francisco and every time I go somewhere I take two bags of photography equipment, a tripod and a list of photos I want to take. I almost had a funeral when my 90 - 300 mm canon lens failed (now in parts) and my tripod camera mount broke. I would seem I am now a photo junkie. I read photo magazines and hang on every word. I am even learning advanced layer editing with Photoshop.

    It is no surprise then that I have dived head long into taking HDR photos using my Canon 30d exposure bracketing (AEB), 3d photos (stereograms) and focus experiments (Deep Focus). Now that I am taking photos in RAW mode and using AEB, one photo takes up 33.6 MB. So I am now looking at SanDisk Ultra III 8 Gb Compact flash cards as a minimum. I then need hours to dump the photos and edit them on my PC. It is good to have a hobby, ... but this is going to far.

    If anyone wants to take a peek of the results check out Flickr and if anyone wants to know how I did anything, email me. I am in a sharing mood.

    Seeing my insanity, I have realised I have neglected the other parts of my life. Hence my next blog subject.

    Why no blogging ?
    Keywords:preoccupied hobbies

    First there were the huge heat waves and then the fires in Victoria. Honestly, who in the South end of Australia felt like blogging ? Now in addition it is my addiction to photos. Mixed in, is my love for the Electric Guitar (Must replace my strings soon) and writing articles for various Magazines. I drifted away from blogging and got into Tweeting with Twitter. It was easier, faster and in my face. Very easy to let people know what I am up to. Now, an email from Francesco in Italy reminds me why I blog. A way to create a repository of items I have experience in my day to day job, with possible solutions for others in the same situation. So ... time to start blogging again.

    No English ?
    Keywords:feedback non English speaking

    Speaking of feedback from my website, many people respond to something I have written and start with the sentence "Forgive me my English is not good". You are forgiven. I love to hear from you. I can only speak English and my spelling and grammar is terrible. I don't care if you only know a handful of words. Feel free to contact me. My website is a community project and as such I welcome everyone.

    Replies to emails
    Keywords:email reply address

    Now onto replies to website emails. Mickyj.com is my website however, I will likely respond with my "@usa.net" email account. Expect replies as such and check your email junk filters ! I reply to most people and usually within the day. (Except in extreme weather :)

    IMSS lost email
    Keywords:IMSS Zip compress

    Back to Francesco from Italy

    He had a strange problem with IMSS (Trend micro) and he was searching for a solution using google when he found my website. One of his customers is sending a zip file that appears to be deleted by their mail relay with this error:

    "decompressed count exceeds limitation, Scan Engine skipped scanning"

    He wants to know how and where to find the file/email and setting.

    Depending on the version of IMSS, there should be a compressed file setting in the web console or in a policy.
    IMSS does not usually delete zip files when it fails the policy. It passes it, but does not scan it. The warning is to tell you to be careful.

    I wonder if the file/email is sitting in the quarantine.

    Zip usually has three settings. Maximum times a file can be zipped (A Zip file within a Zip file, within a Zip file), size of the unzipped content and how many files are within a Zip file. In this case, the Zip file has too many files within it and it aborted the scan.

    This would not delete the file. (Unless a second custom policy existed to do so).

    Outsmarted by a babe (3 year old)
    Keywords:CTSS radio technology

    As many people know, I am a licensed amateur radio operator. (Amongst one of my many hobbies). I have a simple 40 Ch unit which operates in the CB channel range in Australia. I gave the unit to my daughter (A cheap no frills unit) whilst I have a more expensive handheld professional unit to talk to her. I checked the channel frequency was clear and was not a repeater channel. I thought I would have some fun with my three year old. Even though they were both on the same channel, we could not talk. My daughters radio was one of these cheap Chinese models with multiple buttons and one button does multiple tasks. It also has no manual. After 1 hour of trying various things, and almost giving up, I discovered my daughter had turned on CTCSS. I can't work out how to turn it on or off, yet 3 seconds in the hands of my daughter and she had selected a tone and setup CTCSS. Go figure !

    (Continuous Tone-Coded Squelch System or CTCSS is a circuit that is used to reduce the annoyance of listening to other users on a shared two-way radio communications channel. Where more than one user group is on the same channel, (called co-channel users,) CTCSS filters out other users if they are using a different CTCSS tone or no CTCSS)

    A day of being outsmarted.
    Keywords:Technology challenged

    I have an old 802.11 b Access Point. My father has a laptop and he needs wireless access to it, from the next room. Not a big ask for this access point. I thought I would gift it to him and set it up. Big mistake.

    He has a Lenovo 3000 series with Vista. Firstly, the non signed version of the driver used to program this access point, caused his laptop to blue screen and reboot. Then, no matter what I tried (Including new drivers) the wireless card in the laptop remained disabled. I would enable it, it said enabled then flicked back to disabled. The areal was on (Switch on the front of the laptop). Then I found in the forums that the 3000 series needs fn + f5 to be pressed for the wireless to actually work. I pressed this and nothing happened. Then I learnt that there was a special windows service that needed to be running, just for Fn+f5. The service was called fnplusf5.exe. I ran this but still no joy. Then I found that the "Wireless Zero Configuration" service was disabled. Finally I got that to work and then finally I needed to install and configure SNMP to talk to the Access Point and modify the Mac Address filter table to allow the laptop to communicate. I got there but boy I hate Lenovo 3000 series laptops :(

    It does not matter how skilled you are
    Keywords:Technology challenged

    Ok, I am having a dumb week. I am highly respected for my IT skill but this week, I am feeling green to the industry. I have a client who sourced a new laptop and I was providing an ADSL wireless router and Office 2007 Basic.

    When I visited the site I found I was also setting up a Canon IXUS camera, Nokia N95 phone and Canon Pixma, head of the pile printer with CD/DVD printing and wireless networking. Ok, it was more than I expected and will take more than the 2 hours I allocated.

    My first issue was the new Toshiba laptop. It booted up, asked me if I wanted to prepare Vista 32 bit or 64 bit. I clicked 32 bit and then it proceeded to install Toshiba utilities etc for the next 1 hour. Hmmm, great use of my time. I could not configure the router as the laptop was constantly installing and rebooting. I tried to setup the printer. The manual says "don't use wireless or Ethernet if the USB is plugged in". So I unplugged the USB and used the Config panel to work out how to program in the SSID and WPA keys etc (And IP addresses) for wireless access. The manual did not tell me how to do it and manually traversing the menu showed me that there was no way to program it. Finally the Vista laptop came up. After a further 30 minutes of trying to figure out the printer, I decided to go back to USB connection. Suddenly the wireless Config was available in the software on the PC. Stupid manual. I was totally lost. You do need USB to setup WiFi.

    Then there were the instructions on how to use the CD / DVD removable tray and instructions on how to lift the Scanner ADF to fit the print head assembly. Rather the lack of instructions. There were none and we had to figure it all out ourselves. I was very frustrated by now. We got the IXUS installed. Easy. Then we tried the Nokia N95. The software was not Vista compatible. No problem, lets get the internet happening, download the latest software.

    Whoops, the ISP had not received the sign up forms. No internet, not today anyway. I tried to pair my mobile next G mobile phone with the laptop. The Bluetooth module was not fitted (optional). I finally shared the phone internet via USB at 7.2 mbits. We downloaded the N95 software and installed it. It proceeded to tell us that if we used it, it would wipe the phone and the Micro SD card. Why me. Why does this simple install have to be so hard. We pulled out the SD card and tried again (Precautionary) but it was too late. The Nokia desktop image vanished and the SMS messages disappeared.

    We did finally recover every thing but this shows, no matter your skills, you can never be complacent. I am a veteran of 20 years but today, I went back to school.

    Network server designs
    Keywords:Mirror RAID Sata IDE SQL Spindle Exchange

    This week finishes a week of IT system audits. I have seen some competitors servers for the first time. Clients are complaining of speed issues accessing their SBS servers. I am sorry but I have to say something to my competitors, in my market space, please .... Stop with the servers based on IDE/Sata, software/hardware mirrors using desktop class hard disks. To stop the speed issues, these clients need their SQL and Exchange databases on different hard disk spindles and would greatly benefit from RAID 5 (Hardware). Some of them had unmonitored failed software mirrors and IDE/Sata just does not cut it, especially with slow and low MTBF (Mean time before failure) desktop units. I am tired of trying to figure out how to give clients real hardware with existing flawed designs as the base.

    Tale of two worlds
    Keywords:Apple Macintosh Contributor

    Yes, I am now a regular contributor to MacWorld Australia. I am not moving into the Mac World. Many of my SBS clients use Mac's, I setup iPhones, we have an IPod at home and an old Mac. On top of this I am a Mac reseller but I am firmly entrenched in the IBM compatible world. These articles are hardware and software agnostic. I will be looking at best practices, cloud applications and other elements we share with the Mac World. Don't worry, I am not going to the dark side (Not convinced yet that there is a dark side).

    Australian government IT stimulus package
    Keywords:Australia Stimulus

    I was recently quoted in the ARN (Australian reseller news) magazine as being cautions about the IT section of the economy stimulus package. I think the government handing out money to small business to help pay for new equipment is fantastic. It is only the start. More will be needed. On top of this I fear the money will be spent with the larger resellers and the struggling SMB IT industry members will not benefit. It remains to be seen, however lets check back in 12 months and see how different the reseller face of Australia changes.

    Need to restart Exchange 2007 in one simple move ?
    Keywords:Exchange 2007 Restart

    Restart the "Exchange topology service" and you will kick everything required.

    SBS 2008 system state backup
    Keywords: SBS 2008 System State Backup

    If you are using the built in backup in SBS 2008, be aware, to make a separate system state backup or to expose it in the selection list there are some things you need to do. The GUI does not expose it natively. Refer this link.

    Excel ASDFASDG~.tmp files
    Keywords:Excel Tmp files

    When you work with an Excel file and save, it saves the file first to a Tmp file and then when it is successful, it deletes the original and renames the Tmp file. If you notice Excel 2007 leaving Tmp files behind, check out your Antivirus. AVG and others are known to interfere with the cleanup process. The file saves fine but the Tmp files are left behind. Most recently I have seen it with Trend Micro Internet Security. (TMIS 07 and 08)

    Keywords: Blackberry EBS SBS

    You will hear it time and time again. Don't install Blackberry Enterprise Services (BES) or personal, on your SBS box or member workstation of the domain. BES seems to interfere with OWA, OMA, IIS and Certificates (Especially Self SSL). I have numerous clients who have installed it to SBS 2003 and their event logs are a sea of red. It breaks numerous items and strangely, it is never the same things that break for each client. It would seem uninstalling BES does not fix the issues. The personal workstation software can't roam if you use roaming profiles, meaning you corrupt users roaming profiles, cause popup errors and the clients can loose files. The way around this is to bypass the Blackberry folders in the local profile using group policy. Everything else roams except these folders. Blackberry have special permissions and monitoring on these folders.

    User settings Configuration/Administrative/system User profile/Policy
    Exclude directories in Roaming profile
    Application Data/Blackberry Desktop

    Now there is a new beast on the block. Blackberry professional. I have no personal experience with it however a quick look into the Microsoft newsgroups shows users are having issues and recommending against using it. The Blackberry site tells us it is designed to work with SBS. Looks like email forwarding, cloud Blackberry services and POP3 are still the best solutions. (Or get Windows Mobile or an iPhone)

    CEICW killed SecureNat
    Keywords: SBS CEICW ISA SecureNat

    I have two clients that use SecureNAT. One is using Apple Macs and the other uses access to an Industry specific application. Both clients are using ISA 2000 and both had recent changes needing the CEICW to be run. Afterwards, neither clients ran smoothly. Remember, CEICW integrates with ISA however, it resets any rules you have changed if you continue with the firewall setup. Setting up secureNat at the clients is easy. As long as they have a gateway TCP/IP setting and the browser proxy setting is not hardwired, they will try and use SecureNat. More importantly, if you use ISA, check the access rules are based on an IP range (client sets), not authenticated users. Also make sure the type of TCP applications they are using are defined protocols in ISA.

    Using SBS 2008 in HyperV.
    Keywords: USB Serial SBS 2008 HyperV FabulaTech Eltima

    SBS in HyperV has it's own set of challenges. How do you address the USB attached hard disks for backups and what about desktop faxing ? Look at FabulaTech or Eltima - both have serial over Ethernet. Eltima even has a virtual modem over Ethernet that runs in 64bit. FabulaTech also allow USB drives to be mounted via network.


    80040300 in icwlog
    Keywords: Certificates SBS 2003 CIECW 80040300

    I tried to run the CIECW on a server and it failed. I tried to run the RRAS setup wizard and it failed. I tried to run just parts of the CEICW and it fails. All I want to do it change the certificate name for RRAS and SSL. Looking through the icwlog I see the error 80040300.

    Reading the computer name returned OK
    Reading the fully qualified server name returned OK
    Get Publishing server name returned OK
    Creating the self signed cert returned OK
    Creating the self signed external cert for ISA returned OK
    Adding the ISA certificate into the store returned OK
    Adding the certificate into the store returned OK
    *** Removing the old certs returned ERROR 80040300
    *** CCertCommit::EnableSSL returned ERROR 80040300
    *** CCertCommit::CommitEx returned ERROR 80040300

    The RRAS is unable to determine the internal Nic GUID and the SSL certificate is not applying.

    In this case, this problem was caused by a corrupt SBS component. This issue was caused by the secatts.dll file (corruption or lost).

    1. Restore the secatts.dll file from the SBS2003 CD's to the following path:
    C:\program files\Microsoft Windows Small Business Server\Networking
    You could find this file at CD#3:\SBS\Connect

    2. Open a command prompt: start-->run--->cmd hit ok. Navigate to the following path: c:\program files\Microsoft Windows Small Business Server\Networking. And then, type the following command:

    regsvr32 secatts.dll

    Run through the CEICW again without router and check if it is fixed. (Remember .... Without the router)

    SBS transition pack
    Keywords: SBS Transition Discontinued

    The transition packs and upgrade paths have been discontinued effective December 2008. Microsoft Clients can purchase the full blown windows server 2008 and downgrade the license to windows 2003 server. With the Exchange Server 2007, the client can purchase the licenses and can have the licensed Exchange Server 2007 license downgraded to Exchange 2003. You would need the Exchange and Server 2003 media kits downloaded for 2003 from the Microsoft Licensing site with the clients login after licenses are registered.

    Client can use this site as path plan for upgrade:

    basic support for SBS 2003 R2 ends 2010, but the Extended Support continues until 2015.

    An explanation of the Mainstream Support phase


    An explanation of the Extended Support phase


    Keywords: Spammer bot Malware

    Do you have a spamming bot on your server or workstation ? Here is a great quick way to do a cursory check. http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted

    Changing Exchange servers in Windows Mobile 6.X
    Keywords: Windows Mobile ActiveSync Profile

    Have you ever tried to delete the Outlook profile in the mail system of a WM6 device and found you can't, it is greyed out ? The clue here is to remove the account through the Activesync tool

    Tilting Excel
    Keywords: Excel Transpose

    Is there any easy way to "flip" or "tilt" a table so that the row values become columns and the columns rows?

    Yes, select table
    Choose "Edit, Copy"
    Select cell to serve as upper left corner of revised table.
    Choose "Edit, Paste Special, All and Transpose"

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    22 February 2009 - Mickyj.com

    End blog for: 22 February 2009   Check my tweets on Twitter.

    Life can be unexpected
    Keywords: Fires, Victoria, Disaster

    It is so easy to complain. The UK has has it's worst snow storms (ever), Queensland Australia has thousands of square kilometres under water and we have been sweltering in Adelaide. South Australian power companies rationed power, turning off random locations throughout the day. We are already in a drought with barely enough water for our normal use. We have had a horrendous run of days over 40 Degrees (It got to 45.6 in my area, and 47.6 (117.68 Fahrenheit) - 60 kilometres away. We have a high fire risk across the entire state and last week whilst we had no fires, 39 people died from the heat and a temporary morgue was built. The commercial radios stations turned into severe weather forecasters every 5 minutes.

    Now we see the disaster unfold in Victoria, Australia (600 kms from me).

    Complete towns in Victoria are gone. Over 170 people are dead. People died in their homes and cars. Victoria suffered many fires that moved so fast no one saw them coming. Now they also have temporary morgues. Hundred year old homes are gone. Schools, Churches, shopping centres and homes are all gone. The smoke was so thick, people ran their cars head on into other cars. People were so panicked, they drove their cars off into dams. No matter how bad the drought, water was needed to put the fires out. Going from bad to worse.

    No matter how bad your lot in life is, other people are likely to be suffering more. I have not blogged in about 2 weeks simply because my computers have been off, too hot to use them. Power too unreliable. I thought I was falling apart. Now there are people in Victoria who will never write a blog again. Never read a blog. Never ponder a blog. Never see their families or friends again. Those that survived, have lost everything. Not only did they loose power like me, they lost their houses, computers, cars and memorabilia.

    Makes you think about life.

    If you can, please give to the appeals.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    10 February 2009 - Mickyj.com

    End blog for: 10 February 2009   Check my tweets on Twitter.

    Australia Day!

    New day, new responsibilities
    Keywords:Culminis, MacWorld

    What better day to announce some changes in my life. Today was the anniversary of the day that the first ships from England landed in Sydney town, Australia. Today many new people were added as Australian Citizens and many others received awards and accommodations.

    Whilst I have been aware of my new appointments for some time, I can finally let you, my readers, know.

    I continue to work in my own company in Adelaide and will do so, however I now add a few new credentials. I have been voted as the Vice Chairman of the Culminis regional board in Asia Pacific (APAC). I have accepted the role and now represent a fair percentage of 1100 world wide IT professional user groups and that is almost 3 Million members.

    Culminis is now in it's second phase. You might say Culminis version 2. Working with Microsoft UGSS we aim to help user groups that are IT pro get the resources they need. If you run an IT pro user group (Not just Microsoft centric, any IT Pro group) and want to know more, take a look at this page.

    My second piece of news is about a contributor position at the Australian Macworld magazine. It is certainly an interesting and strange mix. I am a Microsoft Windows person yet I will be writing articles for MacWorld. I promise you, it fits. Technology makes strange bed fellows.

    I also hope to return to the Adelaide Radio on ABC 891 (Occasionally) and start writing articles for the Australian Computer Reseller Magazine, CRN.

    Microsoft lays off staff.
    Keywords:Microsoft, Staff

    Microsoft have also felt the crunch. They have let staff go and are restructuring product groups and leads. If you want to read Steve Ballmer's letter, check it out here.

    Keywords:Photo, Studio

    I thought I would do something different for Australia day. In China it is the same day that Chinese new year begins and fireworks are aplenty so why follow the main theme, eat lamb, drink beer, visit the beach and have a BBQ? Because it is relaxing, that's why.

    I decided to turn my lounge room into a photo studio. I setup some 250 w studio modelling flash strobes, black backdrop, reflective umbrellas and soft boxes. A great start. I stepped on the black velvet background, leaving foot prints, 1 x modelling globe broke, a 12 v battery in the radio trigger was flat and my daughter would not sit still. I tried my best but it was a 35 degree Celsius day, I was sweating, the photos did not come out the way I wanted and it was 3 hours of pain and disappointment. Once it was over, I actually got off some good family shots. It was just lots of work.

    Next year ... The beach is calling.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    26 January 2009 - Mickyj.com

    End blog for: 26 January 2009   Check my tweets on Twitter.

    Surge Arresters on UPS's
    Can you double up Surge arresters or UPS's ?
    Keywords: Surge, UPS

    From reading various UPS manufacturer sites and random posts around the internet, it is clear what you shouldn't do is plug a surge protector into an UPS. The dirty output of the UPS operating on battery will look like many small surges to the surge protector. This in turn will cause the surge protector to shunt power to the ground wire, quickly draining the UPS's battery and destroying the surge protector (most surge protectors are the MOV type, which are degraded every time they activate).

    Taken from "http://oclug.on.ca/archives/oclug/2002-July/022082.html"

    “1. Connecting 2 surge suppressors together is NOT a good idea - they way they work, they'll setup a loop and can actually get each other to explode or burn out. Surge protectors work by shorting out the power when there is a large enough surge / spike. The first surge protector cutting in will set up harmonics which will cause the second one to cut in too - but a few ms later. By which time the first one has opened up again. However, the harmonics from the second one will cause the first one to cut in again. The cycle will only stop when one of the protectors blows out. Surge protectors are only designed as 'intermittent' devices, so its pretty easy to blow them out in such a scenario. Usually with spectacular results (usually an explosion or a fire!) So there should be only 1 surge protector on any circuit. 2 is not a 'better' option, but just asking for trouble. Now, if the UPS has a surge protector built in, putting a surge protector before it is just asking for trouble.

    2. The output from most UPS's is NOT a sine wave. Any other kind of waveform (square / stepped sine wave) has enough harmonics to burn out surge protectors. Further, the surge protectors themselves will load the UPS output (since they will respond to the harmonics and short them out) and could possibly damage the UPS. The equipment itself, however can handle the square wave / stepped sine wave quite well. So it doesn't make sense to put a surge protector on the output of the UPS either.

    The only time you could put a surge protector on the output of a UPS would be when its producing a pure-sine wave output. But if it is, its a high-end expensive model that probably has much better power conditioning and surge protection built in into it than any simple surge protector could provide. In which case, you're just wasting a surge protector.”

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    17 January 2009 - Mickyj.com

    End blog for: 17 January 2009   Check my tweets on Twitter.

    Why are we still hooked on Facebook ?
    Reasons to be scared about Facebook.
    Keywords: Facebook, hack, virus, Koobface, worm

    Firstly, very widely publicized that Executives from both Nova 919 and Channel 9 News team (South Australia) have recently been hacked. Someone took over their Facebook accounts and then wrote messages to the persons contacts. They used the chat feature to try and convince the friends that the person was overseas on a trip and had lost their passport and Visa cards.

    They were asking their friends to send money to a UK bank to try and see them through the issue. It was only because the chat discussion did not sound like the personality of the person concerned, that some of the friends did not send money. Other than that, it was quite common for this person to be overseas and a quite believable situation.

    These two hacks were aired on Nine news, A Current Affair and during the Nova’s normal radio broadcasts. They got lots of media attention.

    Now, once you log onto Facebook and click into the help system, the first thing that greets you is a warning about a virus targeting Facebook. http://www.facebook.com/help.php?ref=pf

    Protecting Your Account and the "Koobface" Worm
    We are currently helping our users with the recently discovered "koobface" worm and phishing sites. If your account has recently sent spam (e.g., "check this out!" messages you don't remember sending), please visit the Facebook Security Page, for information about resetting your password, downloading free antivirus scanners, and other helpful tips.

    From here, you can learn how to hack into other users accounts, grab passwords and infect users with viruses, by watching online videos. Here is one as an example. No, I am not going to provide the links here, suffice to say you can hack someone in 11 basic steps using just Internet explorer, a Facebook account and a common application.

    Then if you really want to be scared, take a look at google, look for "Facebook" and "virus", then try "Facebook" and "hacks".

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    14 January 2009 - Mickyj.com

    End blog for: 14 January 2009   Check my tweets on Twitter.

    2 ways to reset Windows 98 Registries (Depending on version)
    Reset Windows 98 Registries
    Keywords:Registry, Restpre, Windows 98, scanreg

    The complete Registry contains 2 main files and 3 backup files.

    The main files are: SYSTEM.DAT (the Registry system file) and USER.DAT (the Registry user file). The backups are SYSTEM.DA0 (as in zero), SYSTEM.1ST and USER.DA0 (as in zero). SYSTEM.DAT, SYSTEM.DA0, USER.DAT and USER.DA0 are all kept in the Windows directory, while SYSTEM.1ST is located in the root directory.

    Under normal circumstances, Windows is capable of detecting and recovering from registry errors automatically. If Windows is incapable of this, a previous copy of the registry can be restored manually. Windows makes and stores a backup of the registry when you start your computer successfully each day. By default, five previous copies or the registry are stored. To restore one of these previous copies:

    Start your computer, press and hold CTRL, and then choose Safe Mode Command Prompt Only from the Windows 98 Startup menu. If you are running Windows Me, start your computer with the start-up disk.
    At the MS-DOS prompt, type cd\windows\command, and then press ENTER. Where windows is the name of the folder in which Windows is installed.
    At the C: prompt, type scanreg /restore, and then press ENTER.
    Select the previous registry you want to restore, and then press ENTER.NOTE: A properly working registry has the word "Started" next to the date.
    When you receive notification that you restored a properly working registry, press ENTER to restart your computer.

    Second Method

    WARNING: Resetting the Registry will force you to reinstall some or most of your software before you can use it again. This removes the references of your software from the Registry, but does not remove the shortcuts on your desktop. Even though it looks like the software is still on your computer, you may need to reinstall before using it. Please make backups of your computer before trying this.

    Rename the main Registry system files and copy the backup registry file. There are two main Registry system files: System.dat and system.da0. These two files reside in the {Windows} directory and are hidden, system files. To get to these files, you need to start the computer and go to a DOS prompt. From there, change to the {Windows} directory. The files will not be seen, because they are hidden. These files need to have their attributes changed.

    To do this, type attrib –r –h –s –a system.*. This will reset all attributes to all files called system in the {Windows} directory. Once these file attributes are changed, they can be renamed. To rename the proper files, type ren system.dat system.xxx. This will rename the main Registry file (system.dat) to a backup name. Next, rename the backup system file by typing ren system.da0 system.xx0. System.da0 is the backup file for system.dat. If you have a registry problem, and you catch it before you reboot your system, you can replace system.dat with system.da0 and that should fix the problem. However, if you reboot your computer, system.da0 will get updated and, therefore, become corrupt as well.

    There is a third Registry file that is created when Windows is first installed on the computer. If Windows came pre-installed on your system, you will still have this file. This file is in the root directory, so you need to get to that by typing cd\. This will put you right to the root directory. From there, you need to reset the attributes to the third Registry file by typing attrib –r –h –s –a system.1st. Yes, that is the number 1. This file is created when Windows first installs. To use it, type copy system.1st c:\{windows}\system.dat. By doing this, we copy the contents of system.1st into a newly created system.dat file. This new system.dat file effectively resets the main portion of the Registry for you.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    13 January 2009 - Mickyj.com

    End blog for: 13 January 2009   Check my tweets on Twitter.

    Pt Parham flickr group
    Pt Parham
    Keywords:Flickr, group, Pt Parham

    If you are interested in photos from Pt Parham, South Australia, Check it out here

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    12 January 2009 - Mickyj.com

    End blog for: 12 January 2009   Check my tweets on Twitter.

    ISA and Anonymous access programs
    Problems interfacing Twessenger and Fibby with WLM, Facebook and Twitter on a network
    Keywords:Twessenger, ISA, Firewall, Fibby, Facebook, Twitter, Anonymous access

    I previously reported I could not get Fibby to work or Twessenger to update WLM (Windows Live Messenger) from Tweets. Well, the logs show me it is due to anonymous requests through ISA.

    Workaround 1: Create an anonymous rule and ensure the anonymous rule has higher priority than the SBS Internet Access Rule so that authentication will not be enforced.

    Please open the ISA management console, navigate to Firewall Policy, right click "Firewall Policy" and click New->Access Rule, then create a new access rule as following:

    Rule name: Allow anonymous Internet access
    Rule Action: Allow
    Protocols: All Outbound Traffic
    Sources: All Protected Networks
    Destination: External
    User Sets: All Users
    Then move this rule to the top and click Apply to save all the settings.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    11 January 2009 - Mickyj.com

    End blog for: 11 January 2009   Check my tweets on Twitter.

    Windows 7
    Windows 7 Beta
    Keywords:Windows 7, Microsoft, Beta

    I am lucky enough to be one of the 1000 people selected for the worldwide in-depth Windows 7 Beta. Whilst I can't really go into features and start dispelling myths, I can say I am impressed. I need to watch what I say as this is a beta and the feature set is not yet finalised. We all learnt from Vista and the "new" file system. We all heard about it but did we see it?

    Windows 7 will rock our worlds, giving us access to computers in a way we never had available to us before. Many people have discussed touch technology and that includes multi-touch (This started with Tablet PC's). We all know that feature is coming. Well I must say, the interface and desktop have had major upgrades with regards to making touch easy.

    Windows 7 is comparably faster to boot and achieve tasks. I suspect there is much that has changed under the hood. It is obvious that things are working far differently in comparison with Vista.

    To the Vista haters .. Live with it. Windows 7 is coming and it really feels like Vista with new features (And faster). Microsoft's vision is here to stay. Whilst the doomsayers are predicting the fall of Apple, as Steve Jobs is sick, I really hope it stays in place to help Microsoft make better products and competition level the playing field. Either way, Vista "like" products are staying for the moment. Jim Allchin's view of the world (Vista) was futuristic but now that we are using it, it feels old.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    10 January 2009 - Mickyj.com

    End blog for: 10 January 2009   Check my tweets on Twitter.

    The days thoughts
    ABC 891 Radio Talkback (South Australia)
    Keywords: ABC, Radio, Talkback, IT

    Thanks to everyone who called and emailed me about today's Radio session. Especially the kind comments and people telling me I sounded very confident. (Far from the truth)

    Yes, today is the start of an interesting trial. I was on ABC 891 talkback this morning and we were inundated with calls and SMS's about IT. It is hard doing this kind of thing on the ABC as you are not allowed to advertise or recommend a product or brand. That is why I told a caller to use a search engine (not mentioning google, my favourite).

    This experiment is likely to continue. Many listeners emailed me and commented that this is a credit to my new business however, this is a community thing. I am not in it for my Business. To a few on air callers I referred them on, to seek professional technical advice and IT specialists. I can not recommend anyone, let alone myself. It is the industry I wish to promote.

    Whilst I doubt I will get too many calls specifically about Small Business Server, small businesses with their general IT problems will likely be the main topic.

    To all those who heard the session, I hope you enjoyed it.

    User can not authenticate with SBS 2003 server
    Keywords: SBS, password, authenticate, Brownie, Brother

    I have a client who can logon to their PC with domain credentials, but does not actually logon to the server. Their profile does not roam, the logon script does not run. They can't access network resources and can't authenticate.

    I tried clearing their cached password in Internet Explorer (Tools - Internet options - General Tab - Delete - Clear passwords). I tried changing the password at the server Active Directory console and I tried finding the fault in the event log. All errors indicated the wrong set of credentials had been used. I tried logging on as Administrator for the domain .. it all worked fine. I tried logging the user on as username, domainname\username, username@domain and even in desperation servername\username. Nothing worked.

    Then I noticed the Brother printer Brownie software was miss behaving. The Brownie software (Brownie is an acronym for Brother OWN Instant Explorer) is a Brother utility which can be used for a variety of different tasks. In most instances, it is used to monitor the status of Brother printers. Disabling this suddenly fixed all the issues. It will take me months to figure out why. Very weird.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    8 January 2009 - Mickyj.com

    End blog for: 8 January 2009   Check my tweets on Twitter.

    Facebook, WLM, Twitter
    Should we block Facebook ?
    Keywords:facebook, blocklists, routers, policy, self regulation

    This is an interesting question, asked of me today and often, in my IT life.

    Business owners do not want their networks used for time wasting and non productive pursuits.

    I am going to suggest no.

    Don't bother to block it at your server, internet filter or router. If you block Facebook, people will move onto My space. If you block that, they move to IM, Twitter, Live Messenger, Yahoo Messenger, ICQ, AIM, Woophy, Flickr, linkedin, Friends reunited and many more of the social tools out there. As soon as one tool gets a bad name, another takes it's place. Administering this list of "blocked sites" is pointless.

    I am asked to cite situations and websites that prove Facebook, Myspace, Twitter and the others are malicious. Staff and children (Those affected) want reasons why they should not be used. They want proof.

    Actually, these tools are not malicious.

    They are a framework of open API's and that makes them dangerous. In themselves, these programs are great. It is a fantastic way to stay in touch with people and they are harmless tools. It is the users of these systems, the app developers, Add-in creators and unknown contacts that send you unrequested files that make them dangerous. The developed tools that bolt into these tools can harvest your email address, your personal details, passwords and even insert viruses and Trojans onto your PC's. Used as originally provided, these are great tools. I myself am a member of many of these social networks.

    From a business perspective, I agree, they should not be used. Yes, they are anti productive but you could limit staff to using them out of hours? Maybe a compromise?
    Actually, I still say they should not be used and to cloud the situation, I still recommend you don't block them.

    You need self regulation. You need people to understand why they can't use these tools. You need them to understand your business reasons.

    As a business owner or person in charge of a business, you are responsible for the policies and procedures and ultimately, anything that is designed to protect your clients privacy and data. These days, Networks and servers contain excessive personal and private information. We all abide by the privacy act and we all know the legal trouble we can be in if confidential data is leaked.

    As the person whom the buck stops with, you need to stop any malicious activity. You need to implement internet firewalls, usage logging, antivirus, backups and accountability for where data is and how it is handled.

    Now think about the secret data your staff handle. Could any of it, if found escaping from your network, bring your company down to it's knees? Is there any possibility of data leaks? Yes.

    You have staff using unknown social network applications, Internet explorer toolbars and widgets. It is likely they have Malware and the antivirus is ignoring it all. Your firewall is letting data go out to the external world as it has the user computers permission. Now we/you have a problem.

    Staff need to be responsible for the safety and security of your clients private information. They need to be aware of this. You can Google security threats with Facebook, Myspace and other tools. You can present the cases to the staff and they will still think it could not happen to them. They beleive that they are safe. Noone they know has ever been hacked. It is not until they realise what could potentially happen that they will be on your side and restrict their activities.

    The simplest management of this issue is staff awareness and company policies.

    How to access Facebook from school
    Keywords:facebook, blocklists, routers, proxy, bypass

    So I have just told you Facebook is ok in it's raw form. It is the applications and add-ons that are the problem. Schools and other organisations are not taking any chances and have actively blocked www.facebook.com and other links in their broadband devices. Now comes a new rise to the Facebook group called "How to access Facebook from school". There are also newsgroups and many web pages dedicated to the subject. They tell students and other people how to get around blocks, use anonymous proxies and other extreme methods to get their social networking fix. It looks like knowledge is going to be more powerful than brute force. Remember, with all the censorship in China of the internet, many people still get around it (and end up being arrested). Blocking is not the solution.

    Twessenger and ISA server
    Keywords:WLM, Twessenger, Fibby

    Yesterday I had the perfect plan. Update all my social pages from Twitter. Well ... it does work from home. I have found it does not work so well behind a Microsoft ISA server. I tried Twessenger to update my Windows Live Messenger (WLM) Personal Message/ Personal Status message (PM or PSM). Nothing happened. No errors were apparent. I downloaded and tried Fibby (updates the PSM from the Facebook status) and I could not set it up. It fails when it tries to open up an IE window to log into Facebook.

    When I install Fibby I get "Fibby will now launch a browser window where you can log into Facebook. After you have logged in, come back to Messenger to proceed". click ok.
    Then I get "The add-in Facebook.StatusUpdater.dll could not be turned on. 80131509".

    ...Still looking for an answer if anyone has one. I am using WLM 8.5 on Vista SP1. I have checked IE7 is not in protected mode and I do not have popup blockers on. I can't think what is causing this and I can't find a log anywhere.

    Windows Live Messenger 9 Beta
    Keywords:WLM, Beta

    Today I tried the Windows Live Messenger 9 Beta. I could not get it to logon, it said the Windows live service was not available. The error pops up immediately and I does not even try to look for windows live servers. I tried to uninstall it and guess what... there is no uninstaller for the Beta.

    Lucky this website has the answer. I ran
    start->run and type msiexec /x {B1403D7D-C725-4858-AACC-7E5FA2D72859}.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    7 January 2009 - Mickyj.com

    End blog for: 7 January 2009   Check my tweets on Twitter.

    Tweet time
    Sorting out my information overload
    Keywords: Live messenger, Twitter, Tweets, Twobile, Flickr, Facebook, Blog, RSS, Twessenfer, My Flickr, Feedreader, SharePoint

    I am a fan of Twitter Tweets for quick status updates. I like MSN / Live Messenger for contact with a few key people but I wish my Twitter Tweets were the same as the "Personal message" in Live Messenger. I like Facebook for family and friends but wish my Facebook status update was my Twitter Tweet. Do you see a pattern? I like to chat in Live messenger and use Facebook but really, my status, I want that from Twitter. On top of all this, I have my Blog and RSS feed. This does not even include my Flickr and other accounts. How will I manage all of this, simply. How can I pull it all together ?

    I now use Twitter to update my Live Messenger status and Status in Facebook. I use Flickr to update my photos in Facebook and on my Windows Live space. I use my blogs and RSS the same as I have always but Facebook and Live places takes a feed. Finally, I am using the products the way I want to and guess what, none of the information is old. It is all current and easy to manage.

    I can use Twitter from a Web café, my mobile phone, any web browser and any other connected device. I truly am connected. (Anyone want to stalk me ?).

    Firstly, to Tweet. I use Twobile on my Windows Smart Phone. I use MadTwitter on my PC's. Very simple to setup, put in your Twitter user name and password and connect to the Internet/3G. That gets my Live messenger(Most be logged on with an Add-in installed) and Facebook up to date from anywhere in the world.

    Secondly, in Facebook. I used the built in search feature in the top right hand corner and searched for "Twitter", "Flickr" and "RSS". I added the found applications for Twitter (with my username/password), My Flickr account (Using my username, password and authorisation from Flickr) and RSS lOOkout (and put in my RSS feed). I also opted to put in Live Blog but, that means another place to blog from. I am already blogging elsewhere. I followed each of the instructions to add the applications and allow them to run and in the case of My Flickr, allowed it to access external photos. Facebook is now all hooked up and ready to use.

    Finally, Windows Live messenger and Live spaces. Starting with Windows Live messenger, I downloaded and installed Twessenger.

  • Run the Twessenger.msi file to install Twessenger.
  • Open the Windows Live Messenger contact list window, click on your display name at the top of the window, and select "Options" from the drop-down menu.
  • Select "Add-ins" from the items in the left pane of the options window.
  • Click the "Add to Messenger" button and browse to the directory where Twessenger was installed. The default location is C:\Program Files\Twessenger. Select the "Twessenger.Twessenger.dll" file.
  • Now, click the "Settings" button, enter your Twitter username, and click OK.
  • If you would like Twessenger to be automatically enabled when your status changes to Busy/Away, check the "Automatically turn on this add-in..." box. Click OK to return to your contact list.
  • All of the above steps need to be performed only once during initial setup.
  • Click on your display name at the top of the Messenger contact list window. Click the "Turn on Twessenger" item in the drop-down menu. Your personal message should change to your latest Twitter tweet immediately.

    Twessenger will now automatically poll your Twitter account for updates and change your personal message at regular intervals. To disable this temporarily at any time, just click the "Turn on Twessenger" menu item again to turn it off.

    Finally to update my live space, go to web activities and add items Flickr, Custom Blog and Twitter.
    So, here are the specifics on how to add Twitter to Windows Live:
  • Go to your profile on Windows Live: http://profile.live.com/ (sign in if necessary)
  • Look for the “Web activities” module on the lower left and click “Add”
  • Under Twitter, click “Add”
  • Enter your Twitter username and click [Save]

    I am now connected more than ever and yet, there is not as much work to administer it.

    To take this one step further, I am using Feedreader by Smiling goat to read my RSS XML Blog feed for use on a Sharepoint website. Again, little upkeep on my behalf.

    Now for some bad twitter news
    Keywords: Twitter, Tweets, Phising

    Twitter is still safe but be wary of forged emails tricking users to devulge their details.

    Original Informationweek story

    By Thomas Claburn
    January 5, 2009

    Twitter's security melted down on Monday in the face of a phishing campaign directed at Twitter users and the hacking of Twitter's support software.

    The security failure has resulted in the temporary takeover of Twitter accounts associated with Facebook, Fox News, The Huffington Post, Barack Obama, Britney Spears, and CNN's Rick Sanchez.

    The phishing campaign was first reported on Saturday. Tech blogger Chris Pirillo warned that he had received a direct message from one of his Twitter followers advising him to visit sites designed to look like Twitter's logon page that smelled "phishy."

    "The message bears a link to a Web site that only appears to come from Twitter but is of course a scam Web site where your account information will be stolen,"Symantec (NSDQ: SYMC) researcher Marian Merritt explained in a blog post.

    On Monday, Twitter acknowledged that it was having other security problems. "A number of high-profile Twitter accounts were compromised this morning, and fake/spam updates were sent on their behalf," Twitter said in a blog post. "We have identified the cause and blocked it. We are working to restore compromised accounts."

  • Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    6 January 2009 - Mickyj.com

    End blog for: 6 January 2009   Check my tweets on Twitter.

    PC Law
    Support for PC Law
    Keywords: pclaw, word, legal practitioner

    PLMSWord. PL Word Error = -2147024770

    I note that this error is a problem in a lot of forums and newsgroups. Many don't actually know what PLMSword is. In the world of Legal practitioners there is a Document management system out of Canada, called PC Law. Part of the integration is through Microsoft Word templates and others through Macro's embedded in the Normal.Dot fie. The error referenced here can be caused by an old version of the plmsword.dll file or even the wrong or old printer driver.
    PLMSword.Dll is called by the macro's within the normal.dot.

    I am sorry I can't solve the problem for you (If you have this) but at least I can tell you what the file is and what it does.

    Send feedback about this particular blog
    Read Feedback from others

    Review the Mickyj Hardware blog or the Malware blog.
    If you prefer to Twitter, look here

    4 January 2009 - Mickyj.com

    End blog for: 4 January 2009   Check my tweets on Twitter.


     New additional blog (Added August 2011). Mickyj Mindspill at msmvps.com




         ( )

    View Previous posts before 4th April 2009





                                                                 This page was written and designed by Michael Jenkin 2011 © (Best viewed at 1024 x 768)