Welcome to 

    mickyj.com

   


















    

   
 

    

    





For those of you who are regular readers, please forgive me my spelling mistakes.

I am great at fixing Servers, terrible at spelling.




Mickyj.com Blog list

On the 6th of August, I mentioned to people that there were going to be hidden messages in my Blogs. Various people have asked me for a clue. If you use your HEAD, this sentence has a clue.

The mickyj.com blog has come of age. It is now being linked in on other websites. Take a look at Partnerpoint


New additional blog (Added August 2011).
Mickyj Mindspill at msmvps.com


Send feedback about this particular blog
Read Feedback from others

4 October 2006

Template madness
Ok, I have lived with it. I know it does not work this way but my one wish is to make a user template in SBS that I can dictate users home drives and Profile folders in. Cut and paste is just not doing it for me. Yes, that is right. You can make your own user template under SBS 2003, use it in all your wizards etc but you still can not set the profile and users home drive. Maybe in the next version ?

Send feedback about this particular blog
Read Feedback from others

3 October 2006

Wake on LAN for RWW
Yes !!! it has been done. Trinity computer just won the German MS Partner Award – Best Small Business Solution 2006 with their "Wake on LAN for Remote-Webworkplace" (WOL4RWW) AddOn to SBS!!!
www.trinitycomputer.de
David from the Adelaide Small Business Server users group had asked me to put this through to Microsoft on MVP wish. Looks like we all now have an answer !

Send feedback about this particular blog
Read Feedback from others

2 October 2006

The book has arrived!!
Tony Campbell's book is in my hands !! It has been a long time in the making. Countless nights editing have been done, and that is just my time. I can not imagine how much Tony has spent on it. Check it out !!! It is being distributed in Australia by Woodslane. It is called "Pro Windows Small Business Server 2003". Enjoy.

Send feedback about this particular blog
Read Feedback from others

1 October 2006

Strange SBS 2003 behavior
We had a strange issue. An SBS 2003 server with two Gb network cards. One (external) comes up as 100 mbit (Expected in our 10/100 switch). The internal comes up as 10 mbit. We thought it might be the drivers or network patch lead but changing both lead to the same issue. We decided to wait for a new switch and then found some other issues. The DHCP service came up as running on 192.168.16.2 with a scope of 10.0.0.x (Our internal range). This was weird. I fixed this by changing the binding order of the network cards in the advanced settings of the network places settings. Then I had an issue with Wins. The service was started but under the WINS manager it said it could not find a WINS server. We then found File and print services was off on the internal card. This fixed that error. Now I had my major error. The machine took 20 minutes to boot and I could not run the CEICW wizard. It told me that there was a DHCP error on the internal card. The one wizard I rely on to fix all network issues had failed me. What do I do ? Rebooting made no difference. The cards, DNS, forwarders and scope were all correct. Believe it or not, it came down to a replacement switch. I did tell you this was a strange error.

Send feedback about this particular blog
Read Feedback from others

29 September 2006

Connectcomputer wizard playing up!
We are migrating network workstations over from a previous domain. We add the server to the Internet explorer Zones, get a DHCP lease and run http://server/connectcomputer. The wizard appears to start and run. We select a workstation from the list, the machine starts to go through its paces. It reboots the PC, logs on as SBS network setup and then stalls with the start menu open. It goes no further. You can leave the machine until the cows come home. It is not doing anything. Adding a further PC to the domain shows the workstation we selected for the other workstation is still free to be used. Checking in the AD shows the workstations old name is joined to the domain. When you try to log the machine onto the domain, it can't find a machine account. All very weird. We thought we might manually join the PC's to the domain. I know roughly what the connect computer wizard does (assigns users, profiles, applications, remote users, Internet explorer zones etc). It is starting to look like allot of work. I suspect the issue is some for or registry modification when the computers were on the old domain.

Remembering Susan Bardleys comments on using the wizards (And she is always right), I thought I would look up what this wizard actually does. Now I am off the belief, the best way to fix this fault is an fdisk and reinstall. The wizards just do to much.

Take a look at : "So exactly "what" does connect computer do anyway? "

Morel of the story ... Use the wizards.

Here is a summary:
1. Checks Client OS and takes appropriate path (ATAP)
2. Causes an activex control to become available.
3. Determines whether the computer is or is not a member of the domain, and is or is not a DC or SBS server, (ATAP)
4. Tests resolution to the SBS server (ATAP)
5. Checks for multiple non VPN network connections (ATAP)
6. Checks account permissions, allowed to join computer to domain?
7. Assigns users, and migrates local profile(s), if they exist, to domain profile (SID mapping)
8. Assigns required local permissions to domain user account.
9. Provides selection of computer name from list, automatically if there is one-to-one mapping of user/computer on the SBS.
10. Joins the domain (creating a temp user account for autologon to ease the process) - including getting the client computer in the correct AD OU so the GP applies correctly.
11. Sets some runonce reg keys to clean up after the above process.
12. After required input is provided, steps through the above process, including automatic restarts as required.
13. Now we are into Application Deployment (Susan shows some on her blog). This is seen on the workstation as the Client Setup Wizard, which is automatic on login after the above 12 main steps are complete.
14. The list of configurations made after Application deployment:
My network places
TAPI information
Connection Manager
Fax Printer
SSL Certificate
ActiveSync (special, just for SBS and mobility devices)
IE
Outlook
Additional global settings:
DNS Timeout Value
Deleted Item Recovery
Remote Desktop permissions
Network Printer(s)
Disable getting started screen (annoying XP thing)
Disable ICS
(used to turn off ICF, but now handled by GP (xp firewall settings))
Disables network bridging


Send feedback about this particular blog
Read Feedback from others

27 September 2006

Unlike ISA 2004 (Where there is an Apply button), When you make changes to Internet Security and Acceleration (ISA) Server 2000, there is a delay before these changes take effect. There are two registry keys that you can modify to control this behavior. When you apply the Deny Anyone or Deny Any Destination rule, this can take about fifteen seconds before it the rule is applied on a stand-alone server; on an array it can take up to one minute. ISA administrative services aggregates changes before it writes them to storage. You can control this behavior through the following two registry values:
NotifyAfterIdlePeriod
NotifyIfNotIdlePeriod
ISA Server notifies its services of changes to objects in storage only after no more changes are being made to the specific object for a length of time that is specified by the NotifyAfterIdlePeriod registry entry. You can configure this entry, which is initially set to five seconds (5000 milliseconds), in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\Notification Parameters

The NotifyIfNotIdlePeriod registry entry determines when ISA Server should notify its services, even if modifications are still being made to the object.
You can configure this entry, which is initially set to 60 seconds (60,000 milliseconds), in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\Notification Parameters



Send feedback about this particular blog
Read Feedback from others

26 September 2006

Error printing a PDF with a Magazine sort and Saddle stick to a photocopier
The error was:

ERROR: undefined
OFFENDING COMMAND: get


OPERAND STACK:
Private
--nostringval--
--nostringval--
--nostringval--


It turns out Adobe 6 did not know where to place the commands to saddle stitch etc. We uninstalled Adobe reader 6, installed Adobe reader 5 and everything now works.

Send feedback about this particular blog
Read Feedback from others

25 September 2006

Play the ISP's at their own game
There is one particular ISP where you wait on hold up to three hours whilst looking for technical support. When you finally get through, they say the fault is your end or you go on hold again. I have had to charge a client for this time previously and it is not a nice experience. Well, I have a way to escalate through the system with this ISP and it seems to work for some others. Unplug your DSL modem. Ask the tech person, can you see my modem. When they say "yes" and "there seems to be nothing wrong" tell them your Modem is unplugged. They will get all embarrassed and escalate your issue.

This particular ISP uses account locking. If your modem becomes disconnected, the session remains open at their end and you can not reconnect. This escalation forces them to reset the account and usually everything is then fine with .... ahem (Telstra Bigpond).

Enjoy !

Send feedback about this particular blog
Read Feedback from others

24 September 2006

ISA 2004 lockdown
ISA 2004 has this new feature whereby it turns off the firewall service if it cannot edit it's MSDE logs. When the firewall service goes off, the server goes into lockdown and the network cards do not function. This is great if the reason you can not log is someone has hacked you and the logs are being tampered with, this is not so great if the server is just working very hard as it is the end of the financial month rollover and MSDE is not able to process what it needs to. I turn on flat file logging (back into the text files ISA 2000 used) and under the alerts, tell the logging alert not to shutdown the firewall service. I have seen this issue to many times to ignore. I have seen missing, corrupt data etc from these unexpected server disconnections.

Take a look at Disabling Firewall Service Lockdown due to Logging Failures


Send feedback about this particular blog
Read Feedback from others

23 September 2006

Uninstall Officescan without knowing the password
I recently had to upgrade an installation of Officescan. The client was new to us and we did not know their passwords for the Trend suite. I have had this previously and had to manually remove clients from workstations. I have started seeing it more and more so I thought I should mention it here. Take a look at the Solution Details 16840.
Manually uninstalling the OfficeScan Corporate Edition (OSCE) 5.5 server and client.
Solution: Perform the following manual OSCE uninstallation process in the following:
I. OSCE SERVER
1. Stop the OfficeScan Master Service. If this is not possible, use Task Manager or Sysinternal’s Process Explorer tool to remove the ofcservice.exe file from the system memory.

NEW! Microsoft has moved Sysinternals to Here

2. Delete the ..\OfficeScan program directory.
3. Disable the sharing of the ..\PCCSRV folder (ofcscan share).
4. Delete the OfficeScan program group from the Start menu.
5. Delete the HKLM/software/trendmicro/officescan registry key.
6. Proceed to the Device Manager and enable the View Hidden Devices option.
7. Remove any hidden devices pertaining to the OfficeScan Master Service (right-click and select Uninstall).
8. On the Internet Services Manager, remove the ../officescan virtual directory on the default Web site.
9. Reboot the server

II. OSCE CLIENT
1. Stop the OfficeScanNT Listener and the OfficeScanNT Real-time Scan services. If this is not possible, use Task Manager or Sysinternal’s Process Explorer tool to remove the ntrtscan.exe and tmlisten.exe files from the system memory.

NEW! Microsoft has moved Sysinternals to Here

2. Remove the pccntmon.exe file from memory by using Task Manager or Sysinternal’s Process Explorer tool.
3. Delete the ..\OfficeScan program directory.
4. Delete the OfficeScan program groups from the Start menu.
5. Delete the following OfficeSscan registry key entries:
  • Delete the HKLM/software/trendmicro hive.
  • Delete the OfficescanNT Monitor key at the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run hive.
    6. Proceed to the Device Manager and enable the View Hidden Devices option.
    7. Remove the following hidden devices pertaining to OfficeScan (right-click and select Uninstall):
  • Trend Micro VSAPI NT
  • Trend Micro FILTER
  • NTRTSCAN (if available)
  • TMLISTEN (if available)
    8. Reboot the OSCE client machine.


  • Send feedback about this particular blog
    Read Feedback from others

    20 September 2006

    Show all devices
    This is neat. Instead of manually editing the registry to enable you to view all devices (including unplugged ones) here is a script. In fact, the following page has numerous really helpful scripts. kellys-korner-xp.com     Click here for the VBS file mentioned
    This enables you to view all devices under Windows XP especially those nasty "ghosted" network cards holding old IP addresses. You can get to them in device manager and remove.


    Send feedback about this particular blog
    Read Feedback from others

    19 September 2006

    Are you me or am I you ?
    I have a PC, on a domain, that can not connect to a specific secondary machine on the domain to share it's printer. No matter what I try, by IP or UNC path, I get weird Active Directory errors and strange questions popping up. Both machines reboot fine. The roaming profile roams on both and I can surf etc. These two PC's just can not talk (Both are listed in the Active directory). I tried pinging the offending PC, 10.0.0.15. It timed out. Every other machine can ping this machine. The netmask is fine. Just what is the problem ?

    Then I notice, both PC's are assigned IP addresses by DHCP and both are 10.0.0.15. How is this possible ? I have two machines, on the same network, they have the same Ip address and there are no conflict warnings (This is Windows XP). DHCP lists them both with their unique names and Wins lists them both. Whoa. This is freaky. No wonder they work fine unless they try and talk together. Then they have no idea who the responding person is and packets go to one machine, not the other. How is this possible ?

    I found two faults. Firstly, both the machines are a copy of the same hard drive. It was Ghosted whilst a member of the domain. Both have the same SID. I used the following tool (After putting one PC back into a workgroup). New Sid from Sysinternals. Finally a tool that is free (unlike Symantec Ghost Sid walker). This still did not work fully. The files and local machine SID had changed but now I discover the Mac address is the same on both machines courtesy of a Registry Hack. Take a look here. No wonder I had so many issues. Anyway, all fixed and back on the domain.
    NEW! Microsoft has moved Sysinternals to Here


    Send feedback about this particular blog
    Read Feedback from others

    18 September 2006

    Hot computer case ?

    Have you noticed more and more PC's are trying to go silent ? (Defined as a dull roar less than 30db). Most of the noise in computers are their fans. The larger the radius of a fan, the slower it can run yet move the same amount of air as one of those small fans that makes a air whooshing noise.

    Here are some facts for you. A case of dimensions 20x30x20 cm has 12 (cubic meters) litres of air, it needs to move 10x that per minute. It needs to shift 120 litres of Air per minute.

    Next time you are after a quiet computer, remember the awesome job the fans are doing. Provide adequate airflow around the PC and maybe even the room. If you do not, you will kill your PC and raise the heat in the room.

    Send feedback about this particular blog
    Read Feedback from others

    17 September 2006

    RIP E3

    The gaming community morns the loss of the worlds largest gaming and technology event. No more freebies. We have seen great hardware, concepts and games come from the Demo's at these events. (I am not so interested in the games but it seems the best developers come from these arenas). I guess this leaves us with Vendor or industry specific trade shows. Heaven help the person who takes that last bit of techie goodness away from me !

    Send feedback about this particular blog
    Read Feedback from others

    16 September 2006

    Asus and Gigabyte ? Amd and ATI ?

    Traditional manufacturers of competing or wildly different products come together ? I wonder what the melting port will produce. AMD and ATI are in Acquisitions and Gigabyte and ASUS are partnering. Lets hope the technology in GPU's (Which allow many teraflops in calculations) moves across into FPU's and in a year from now, we are running PC's previously only seen to Nasa.

    Send feedback about this particular blog
    Read Feedback from others

    15 September 2006

    Lets revisit the humble UPS and calculations

    Strictly, Watts = V*A*Power factor correction. The trouble being that (especially) with consumer equipment, you don't know what the power factor (Pf) is. You are then faced with the prospect of trying to find it out (from the manufacturer or by measurement) or making an assumption. The assumption you make depends on what sort of equipment it is (inductive loads are bad for Pf) and if it has any kind of PFC (power factor correction) circuitry. Ideally, Pf = 1 (Watts = V*A*1) but it can vary widely.

    With most computer equipment, use a PF of .8 as a rough guide. Remember, a 500 Watt power supply will not necessarily deliver or use 500w. It depends on what is attached to the computer and how much each of these items draw. 500 Watts is the top end for a 500 W power supply.

    Some UPS companies suggest you take your value in wattage and multiply that value by 1.4. This assumes that your AC/DC conversion power supply is about 60% efficient (i.e. it 'wastes' 40% of the power it consumes as heat etc.).

    A 350 watt power supply with a computer motherboard (40), stick or ram(20), basic video card (30), network card (10), CPU (80) and hard drive (40) could be using 220 Watts when flat out.

    This is 220 x 1.4 = 308 watts after inefficiencies are taken into account. You could also say, 2 Amp power unit with 240 volts x .8 = 384 VA.

    Remember, try not to load your UPS over 60 % utilization. This gives you some run time. A 720 VA ups is 60% loaded at 432 VA, a 1200 is 60% at 720 VA. Then there is sorts of run time batteries supplied, quality etc and how much work is actually happening draining the batteries and supplying the load.

    Send feedback about this particular blog
    Read Feedback from others

    14 September 2006

    Tarpitting and SCL levels
    Today I performed a very normal task. I added a second internet email domain to an SBS 2003 server. I created a new Recipient Policy in the Exchange System Manager as I normally would. I navigated to the Recipients folder, expanded it and went to Recipient Policies. Right-clicked the Default Recipient Policy under properties went to the E-Mail Address Policy tab.

    On the E-Mail Address Policy tab I added "@new domain name", I left it unselected as primary, updated the recipient policies, forced the updates and went in the AD. I manually set those who would use the new domain and then set about testing it. (In order to make things happen faster, I re-run the Recipient Update Service (RUS)).

    Then came my fun. As per my normal routine, I RDP or gained access to a remote server. I then used this to Telnet back and test the email connector. As the MX is still replicating out there somewhere on the ether, this is the only way to see that the server will receive email correctly.

    I telneted into port 25 and all looked normal. I typed in the normal commands "helo", "mail from:", "RDCP to:" etc and made a few spelling mistakes. As most people will know, typing into a port directly means you can not delete mistakes so the whole task started to drag on a little. Then it got really slow. I was being tar pitted by a Windows 2003 SBS with Exchange SP2. The more I typed, the slower it got. It took forever to get to the "Data" command to actually send an email test. This is great against spammers, it is not nice for us honest people testing. I can live with this. Just open a new command window and telnet whilst typing faster and less spelling mistakes. So I got around this. Now comes the real problem. No matter what domain I picked to send to, I got error 550 access denied. I checked, there were no mail filtering products installed. I was dealing only with Exchange. Then it dawned on me. My SCL rating in exchange was set to deny access at a rating of 7 or above. My test sending email address had failed the SCL test and was blocked.

    This was a great way to test out the new technology. Not a good experience for testing the mail connector. Changing the SCL temporarily let my tests through so all is good. It pays to think out side if the square when working through IT issues !

    You can find more info on adding additional email domains here

    Send feedback about this particular blog
    Read Feedback from others

    13 September 2006

    Permanent Recovery Console

    Ever had a server that was a little unreliable ? If you have to keep it, at least install the recovery console tools.
    Install the Windows Recovery Console After Windows is Already Installed on the Computer
  • Click Start, click Run, and then type
    CD-ROM drive letter:\i386\winnt32.exe /cmdcons in the Open box, where CD-ROM drive letter is the drive letter assigned to your CD-ROM drive.
  • Click OK, follow the instructions on the screen to finish Setup, and then restart your computer.

  • Send feedback about this particular blog
    Read Feedback from others

    12 September 2006

    Before I even start today, Check these two links then come back to this page:

  • Link 1
  • Link 2


    Don't cheat, go on, take a look first.



    Ok, I trust you. What did you think ? Are these amazing ? I thought so. Now we can all make fantastic photos by taking three photos at different exposures and overlaying. The results speak for themselves.

    Check out HDR technology at www.hdrsoft.com
    If you have ever photographed a high contrast scene, you know that selecting the correct exposure will not avoid blown out highlights and flat shadows. Photomatix Pro offers two ways to solve this problem:

  • Exposure Blending: Merge differently exposed photographs into one image with increased dynamic range.

  • Tone Mapping: Reveal highlights and shadows details in an HDR image created from multiple exposures. The tone mapped image is ready for printing while showing the whole dynamic range captured.

    The results speak for themselves.

  • Send feedback about this particular blog
    Read Feedback from others

    11 September 2006

    No, I am not going to comment on the Horrible anniversary of the twin towers. I will leave that to the media. For something more techie:

    Have you ever wanted to list the complete ownership structure of the folders on your server ? Maybe you will need to reference this back if you accidentally take ownership of the entire drive ? Just drop to a command prompt and run :
    "Dir *. /q /s > c:\owners.txt" then open owners.txt with notepad to read.

    Maybe you also want to know he folder permissions ?
    You can use the resource kit "Cacls.exe" tool to get this.
    Unfortunately you can not recurse through subdirectories so a good VBS script that does this for you would help (I have one called listacl.vbs I will put on my scripts page at a later date).

    Now, to make sense of your results :
    The following table lists valid values for permission.

    ValueDescription
    n None
    r Read
    w Write
    c Change (Write)
    f Full Control


    Output ACE applies to
    OI This folder and files
    CI This folder and subfolders
    IO The ACE does not apply to the current file/directory.
    No output message This folder only
    (IO)(CI) This folder, subfolders and files
    (OI)(CI)(IO) Subfolders and files only
    (CI)(IO) Subfolders only
    (OI)(IO) Files only


    Send feedback about this particular blog
    Read Feedback from others

    10 September 2006

    Recently I have been archiving all my home computer data. With a 10 MP Digital camera, it is surprising how much data you swallow. I have written a VBS file to create text indexes of disks that I can later search for items. The problem is, Each of the 100 or so disks I insert into the DVD rom drive, autorun. This means, I cancel the Autorun popup, then run my VBS tool.

    If you're in the habit of exchanging CDs frequently, you may be frustrated by this CD drive's Auto Insert Notification feature. You can easily disable the drive's Auto Insert Notification feature so that discs will no longer launch.

    This is different for different operating systems. As an example, you can click Start, Settings, and Control Panel. Double-click the System icon and select the Device Manager tab. Select your CD-ROM drive, click the Properties button, and then select the Settings tab. Clear the Auto Insert Notification check box, save your changes, and then reboot the PC if necessary. You can always re-enable Auto Insert Notification later if you wish.

    If you can not do it this way, here is a website that lists a whole heap of other methods for various operating systems.

    Send feedback about this particular blog
    Read Feedback from others

    9 September 2006

    Are Registry Keys Case sensitive ?
    As I understand it, some yes, some no. Keys and Value Names are not ever, AFAIK, however the actual values, what's called Data in REGEDIT, often *are* case-sensitive (not to mention other format sensitivities.) Depends on the value.

    The Registry is a database. A Lookup Reference. When a program needs a value for some operation, it looks it up in the Registry (and often gets shunted to several places within the Registry before finally getting a return). What format the Value needs to be in depends on the final destination, the app that's going to use it.

    Basically, the data will be read back as it was written.

    Send feedback about this particular blog
    Read Feedback from others

    8 September 2006

    Another favorite son, a legend, passed away. Long live Brocky.
    He was the King of the mountain. What can I say. Holden drivers loved him, Ford drivers loved him. Brocky's enemies loved him. Another one to be sorely missed doing something he loved. Peter Brock was killed in an accident while taking part in the Targa West rally in Western Australia.

    RIP Peter Geoffrey Brock, February 26, 1945 - September 8, 2006.

    You will be never forgotten.



    Send feedback about this particular blog
    Read Feedback from others

    7 September 2006

    Can you edit the registry external to windows ?
    Yes, use a Nordahl disk utility.

  • Boot from a Nordahl disk
  • Accept the suggested NT partition.
  • Accept the full path to the registry directory.
  • Type system
  • Type 9 (for Registry Editor)
  • Type ? (to see the available commands)
  • Type ls (to see the current keys)

    Lets say you need to edit "ControlSet003\Control\Session Manager\BootExecute" and make a change ?

  • Type cd ControlSet003 (it's case-sensitive!)
  • Type cd Control
  • Type cd Session Manager
  • Type ed BootExecute
  • Type autocheck autochk *
  • Type --n
  • Type q

    You will be prompted to save or discard your changes.


  • Send feedback about this particular blog
    Read Feedback from others

    6 September 2006

    Have you ever needed to reinstall a driver (due to an error), you can't find he disk but know you previously had it on the machine ? Look for the inf file in C:\windows\inf or C:\windows\inf\other (On some machines these are C:\winnt\inf). When it starts looking for files, it will ask for your CD or floppy driver disks. You don't have these handy but you might be able to trick the system into using the existing files by pointing the browse path to C:\windows\system or C:\windows\system32 Or C:\windows\system32\drivers

    Send feedback about this particular blog
    Read Feedback from others

    5 September 2006

    Simple notepad trick (Well known)


    Step 1: Open Notepad
    Step 2: Write following line in the notepad.

    "this app can break"
    Step 3: Save this file as notepadtest.txt
    Step 4: Close the notepad.
    Step 5: Open the file again.
    What did you see..??

    Notepad displays seemingly-random Chinese characters, or boxes if your default Notepad font doesn't support those characters.

    It's not an Easter egg (even though it seems like a funny one), and as it turns out, Notepad writes the file correctly. It's only when Notepad reads the file back in that it seems to have an issue.

    We can't blame Notepad: it's a limitation of Windows itself, specifically the Windows function that Notepad uses to figure out if a text file is Unicode or not.

    Text files containing Unicode (more correctly, UTF-16-encoded Unicode) are supposed to start with a "Byte-Order Mark" (BOM), which is a two-byte flag that tells a reader how the following UTF-16 data is encoded. Given that these two bytes are exceedingly unlikely to occur at the beginning of an ASCII text file, it's commonly used to tell whether a text file is encoded in UTF-16

    The text you saved is one of the few that causes the IsTextUnicode to return true.. the characters 'th','is',' a','pp' .. form unicode characters. If you live in china.. you probably would see some valid characters instead of squares.

    Send feedback about this particular blog
    Read Feedback from others

    4 September 2006

    The passing of the Croc hunter Steve Irwin, Author Colin Thiele dies and a police chase.

    Yes, today has seen everything. My mother was taught by Colin and he wrote some fantastic books, later turned into films. Steve Irwin was also truly Australian.


    RIP Colin Thiele 1920 - 2006


    RIP Steve Irwin February 22 1962 - September 4 2006


    To top this day off, I was an unwilling witness to a police chase at about 3:30 am on the following morning after returning from a server I had just rebuilt after CA's little trick of killing Lsass. The cars were approaching speeds of 130 kms or more. I was almost involved in a head on.

    Back to Lsass, yes, we have a client with CA and yes, Lsass was quarantined by the latest CA/Etrust Antivirus pattern.

    Unfortunately we did not know this. As we were one of the first, we resorted to using the recovery console, backup tapes and a file system recovery using the SBS 2003 CD disk. We are actually back up and running. I just wish we had the information about CA before we discovered it for ourselves.

    More is available on this on Susan's blog. (I wish we had access to this before it struck).

    The main issue is If you restart Windows Small Business Server 2003 the server may boot to a gray screen and appear to be hung. The server may respond to a ping but you cannot access it any other way. (Or Lsass might actually force the machine to reboot)

    There is also a secondary issue that will affect your server even after you are able to boot up into normal mode again, this has to do with SSL sites not working.

    More information is now available on the Microsoft support pages.

    Send feedback about this particular blog
    Read Feedback from others

    3 September 2006

    Microsoft Windows XP Fundamentals for Legacy PC's
    Wha ??? This allows you to use old PC's all over again. Talk about a rebirth. check out this article.



    Microsoft Windows Fundamentals for Legacy PCs (WinFLP) is a Windows-based operating system designed for enterprise customers with legacy PCs who are not in a position to purchase new hardware. WinFLP provides the same security and manageability as Microsoft Windows XP SP2 while providing a smooth migration path to the latest hardware and operating system.

    Windows Fundamentals for Legacy PCs (WinFLP) requires:

  • A minimum of 611 MB of free hard drive space. Actual requirements will vary based on your system configuration and the applications and features you choose to install. Installing all optional components requires 1151 MB of disk space. These requirements are reported on the screen as you select options in the Setup wizard. Additional hard disk space may be required if you are installing over a network. Also, you should reserve additional space for future updates and service packs.


  • A computer with 233 megahertz or higher processor clock speed (300 MHz is recommended); Intel Pentium/Celeron family, or AMD K6/Athlon/Duron family, or compatible processor is recommended.


  • 64 MB of RAM. 256 MB of RAM is recommended.




  • Send feedback about this particular blog
    Read Feedback from others

    2 September 2006

    www.firewallleaktester.com
    This website, on one hand, enables you to test your software personal firewall thanks to different test programs ('leaktests'), and on the other hand, shows a global vulnerabilities view of the most common personal firewalls in a summary page.

    Firewall Leak Tester provides also documentation and advices to improve your security dramatically.

    Check it out !

    Send feedback about this particular blog
    Read Feedback from others

    1 September 2006

    Again with the Exchange 2003 SP2 questions!
    Yes, people still are asking about making their stores larger.
  • Click Start, click Run, type regedit in the Open box, and then click OK.
  • Locate and then click the following key in the registry:   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\
      \Private-GUID
  • On the Edit menu, point to New, and then click DWORD Value.
  • Type Database Size Limit in GB, and then press ENTER. (this is case sensitive)
  • Double-click Database Size Limit in GB.
  • In the Value data box, type the new limit you want your database to have.
        (It can be between 18 and 75)
  • Click Decimal in the Base box, and then click OK.
  • Quit Registry Editor.
  • now restart the stores

    For an in-depth look go to petri.co.il or vladville.com

  • Send feedback about this particular blog
    Read Feedback from others

    26 August 2006

    Worlds Worst network ?

    Ok, I have found a contender. I should have become vary when I saw the router had the default user name and password combination of Admin and password. I should have gotten worried when I saw unshielded ribbon cables being used in the place of cat5 (And this was for people using Cad programs - Doh).

    I should have run away when I saw the server had two network cards both on the same range. (192.168.0.2 and 192.168.0.254, with the same netmask ... How does this route ? .... Badly/not at all). Then there were the workstations getting the gateway, DHCP and DNS from the router and the server is SBS2000 (This should be the base of the network not the router).

    I like a challenge so I jumped in. (Or I love pain, whichever you believe)

    Ok, there is this backup.vbs file that starts up Ntbackup and manipulates RSM. It does not backup the Exchange information store so there are log files dating back 3 years (Gigabytes worth).

    Then there is a single partition. Everything is on C: drive and the standard folders/shares are gone. There is no Clientapps, Users or Company drives. Exchange logs, databases, ISA URLcache and more ... All on C:. Where is the RAID5 when you need it ? Where are the multiple partitions separating the OS from Applications and data?

    In ISA, the outgoing and incoming listeners are not configured (Obviously people were surfing somehow, but not here in ISA). In Exchange, the local domain structure is not in the default email policy. Someone has made the machine a Certificate Authority with an Expired Certificate so Outlook Web Access and in fact any local website does not work. Opening the system administration tool for Exchange and opening the Connectors shows that there is no outgoing or incoming SMTP connector. Using this tool there is also no access to the Public folders properties as a certificate error comes up when you try. How is their Exchange email working ?

    My first step was to change one of the servers IP address and then, lo and behold everything failed (Yes it got worse). I found the fault in RRAS where the internal NIC was firewalled against all the users (Under the General; IP routing section). Both TCP and UDP was blocked with filters. Then I found in ISA that there was no local domain table. What ? How does any of this actually work ? Maybe it just does not.

    If it was not for the pain I felt looking at this mess (And obligation to the world of SBS), I would have given up. I can not leave a server like this.

    I decided it was time to play with the ISA packet filters. I wanted to speed things up a little so I restarted the Microsoft ISA control. (This is ISA 2000 running on a Windows 2000 SBS )

    Please note: The server boots okay and all the services are working perfectly, however when I make a change that requires to re-start it won't.

    All ISA associated services start apart from the Web Proxy, Cache downloader and Firewall. I do not get Internet access and the external network card looses it's gateway. (I discovered later by disabling and re enabling the NIC this came back. Sometimes the card even took an IP of 0.0.0.0 even though I have statically assigned the card an address).

    When I try to restart the services, I get an error saying RPC is unavailable for the Cache Control and the Web Proxy server returns with an error code of 2147944122 . I found a work around by again restarting the ISA management service and then manually kicking off the failed services and all then runs fine. I finally found a fix (a tool called rras_fix.vbs) and the cause.

    Some dope has installed ISA and then proceed to manually configure RRAS and ISA. RRAS needs to be configured through ISA in SBS 2000. So I went looking for the Small Business Server Internet Connection Wizard (ICW). Ok, it was not there. There are no admin tools. They were never installed. Suddenly it dawns on me. This server has been all manually put together from the start to finish. No wonder there are so many holes. The ISA LAT contains every IP imaginable, Outlook and Exchange are both installed on the server (doh), The active directory is a mess, and there are Windows 95 and Windows 98 machines on the network that keep falling off. No wonder, ... WINS was not installed. There were no roaming profiles, home directories or logon script. In fact, the SBS logon script was never run for any profile. Desktop faxing was configured but the server has one serial port (for the UPS). The external serial fax modem is just hanging around for good looks.

    The workstations event logs show policy errors, profile errors, Kerberos errors, DNS and domain faults. Their MYOB was told to use Netbeui (Which is not even installed). The browser was showing no computers in the network places, and then I found machines sold with XP Home installed onto this network. Someone had been hacking registries. I could not find the SBS 2000 Cal disks or any licenses.

    After finally sorting all this out (Still with only one C: partition) I realized the backups had not run in weeks. Then I found every PC had all the same contents of server drives mapped to their workstations, but under different drive letters.

    Someone had renamed the administrator account (I could not rename it back as the AD reported the account was in an unusual state). We then looked at resetting the IP addresses on the photocopiers and found that they were acting as parallel printers with Netgear print servers attached. These did not want to play ball the first or second time.

    All of this so far has been a disaster. Then I looked at their antivirus. It was Symantec which, speaks for itself. As the site had no documentation, I was roving blind and not liking what I found. Finally I got to the UPS which was told to shutdown in 20 minutes, but had 10 minutes of runtime. Then the time services was out of sync and NTP was complaining.

    All this, and on a first visit to the server. It was like the first date from Hell.

    I am happy to say the server is now much happier. The network is at least 500% faster and everything seems to work. I still have some little glitches but I have to wonder, should I have just reformatted the server and started again ? Maybe I should listen to the voice in my head.

    Send feedback about this particular blog
    Read Feedback from others

    20 August 2006

    Can't Log On to Windows XP?

    If that’s your only problem, then you probably have nothing to worry about. As long as you have your Windows XP CD, you can get back into your system using a simple but effective method made possible by a little known access hole in Windows XP.

    This method is easy enough for anyone to follow – it doesn’t require using the Recovery Console or any complicated commands.

    If you have a healthy system and your sole problem is the inability to logon to Windows due to a forgotten password you can easily change or wipe out your Administrator password during a Windows XP Repair.

    Here’s how with a step-by-step description of the initial Repair process included.

    1. Place your Windows XP CD in your cd-rom and start your computer (Your XP CD is bootable – and you will need to have your bios set to boot from CD)

    2. Keep your eye on the screen messages for booting to your cd Typically, it will be “Press any key to boot from cd”

    3. Once you get in, the first screen will indicate that Setup is inspecting your system and loading files.

    4. When you get to the Welcome to Setup screen, press ENTER to Setup Windows now

    5. The Licensing Agreement comes next - Press F8 to accept it.

    6. The next screen is the Setup screen which gives you the option to do a Repair.

    It should read something like “If one of the following Windows XP installations is damaged, Setup can try to repair it”

    Use the up and down arrow keys to select your XP installation (if you only have one, it should already be selected) and press R to begin the Repair process.

    7. Let the Repair run. Setup will now check your disks and then start copying files which can take several minutes.

    8. Shortly after the Copying Files stage, you will be required to reboot. (this will happen automatically – you will see a progress bar stating “Your computer will reboot in 15 seconds”

    9. During the reboot, do not make the mistake of “pressing any key” to boot from the CD again! Setup will resume automatically with the standard billboard screens and you will notice Installing Windows is highlighted.

    10. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar, press SHIFT + F10. This is the security hole! A command console will now open up giving you the potential for wide access to your system.

    11. At the prompt, type NUSRMGR.CPL and press Enter. Voila! You have just gained graphical access to your User Accounts in the Control Panel.

    12. Now simply pick the account you need to change and remove or change your password as you prefer. If you want to log on without having to enter your new password, you can type control userpasswords2 at the prompt and choose to log on without being asked for password. After you’ve made your changes close the windows, exit the command box and continue on with the Repair (have your Product key handy).

    13. Once the Repair is done, you will be able to log on with your new password (or without a password if you chose not to use one or if you chose not to be asked for a password). Your programs and personalized settings should remain intact.

    This has been tested on Windows XP Pro with and without SP1 and people have also used this method in real situations. This security hole allows access to more than just user accounts. You can also access the Registry and Policy Editor, for example. And its access with mouse control. Of course, a Product Key will be needed to continue with the Repair after making the changes

    NOTE: you cannot cancel install after making the changes and expect to logon with your new password.

    Canceling will just result in Setup resuming at boot up and your changes will be lost.

    Ok, now that your logon problem is fixed, you should make a point to prevent it from ever happening again by creating a Password Reset Disk. This is a floppy disk you can use in the event you ever forget your log on password. It allows you to set a new password.

    Here's how to create one if your computer is NOT on a domain:

  • Go to the Control Panel and open up User Accounts.
  • Choose your account (under Pick An Account to Change) and under Related Tasks, click "Prevent a forgotten password".
  • This will initiate a wizard.
  • Click Next and then insert a blank formatted floppy disk into your A: drive.
  • Click Next and enter your logon password in the password box.
  • Click Next to begin the creation of your Password disk.
  • Once completed, label and save the disk to a safe place
  • How to Log on to your PC Using Your Password Reset Disk

    Start your computer and at the logon screen, click your user name and leave the password box blank or just type in anything. This will bring up a Logon Failure box and you will then see the option to use your Password Reset disk to create a new password. Click it which will initiate the Password Reset wizard. Insert your password reset disk into your floppy drive and follow the wizard which will let you choose a new password to use for your account.

    Note: If your computer is part of a domain, the procedure for creating a password disk is different.

    See here for step by step instructions: http://support.microsoft.com/default.aspx?scid=KB;en-us;306214&



    Send feedback about this particular blog
    Read Feedback from others

    19 August 2006

    Microsoft Nabs Anti-Virus Ace from Symantec
    Veteran virus-hunter Vincent 'Vinny' Gullotto has joined Microsoft to head its Security Research and Response team, a move that adds instant credibility to the software maker's push into the Internet security market. (Well, for those of you who actually like the Symantec Antivirus flavor anyway).
    Read more here

    Send feedback about this particular blog
    Read Feedback from others

    18 August 2006

    Playing with HDTV
    Yes, I took the plunge. I have a HDTV USB2 tuner for my PC. I have it running off a little pair of rabbit ears and I am impressed. I have been playing with HD video and realized, it is incredibly rich in colour and cool. It is also huge. 4 minutes of HD recording took 500 MB of drive space. I admit, this is with 5.1 sound etc. This is huge but nothing can match the picture for clarity. I have learnt that the TP streams (TP files are HDTV saved files or Transport streams) can be cropped and then concatenated with a Dos copy. I tested it with a 30 minute flick (ok, it was the Simpson's). I removed the Ads, very painless. I ended up with 5 tp files. I simply ran a Dos copy, "Copy Simpsons1.tp+Simpsons2.tp+Simpsons3.tp+Simpsons4.tp+Simpsons5.tp finalsimpsons.tp" and everything joined and played as expected. This is much faster than the old software I was used to using to join mpg files.

    The verdict is a thumbs up. The final result looks astonishing. HDTV is worth it ! (And now I can watch what I want, when I want !)

    Send feedback about this particular blog
    Read Feedback from others

    17 August 2006

    how to save, backup and restore POP Settings in SBS !
    If you are doing a swing/fresh install from SBS 2003 to SBS 2003, you can copy the POP3 Connector .dat and the .bak files (IMBData.dat and IMBData.bak) from the old server to the new and the accounts will then appear in the POP3 Connector on the new server

    These files are found:
  • C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\IMBData.dat
  • C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\IMBData.bak


  • Isn't that just cool and easy !

    Send feedback about this particular blog
    Read Feedback from others

    16 August 2006

    Forgotten BIOS password!
    There are some cool DOS based tools I used to use for AMI and other BIOS's. Here we are now, laptops without floppy drives and more advanced BIOS's. How do we crack these ?
    There are some back door passwords e.g. the Phoenix back door passwords include BIOS, CMOS, phoenix, and PHOENIX.
    A partial list is available from tech-faq

    There are also brand passwords like Toshiba's, There is a toshiba back door "Toshiba".
    To reset the password of a Toshiba laptop, you can use KeyDisk.
    There are also tricks like, Some Toshiba's can be convinced to bypass the startup BIOS password if you hold down the key while booting the system.
    You can also make dongles to bypass passwords, there are instructions on tech-faq
    Or you can just reset or crack the passwords.
    You can get the tool CmosPwd and find backdoors at Freelabs


    Send feedback about this particular blog
    Read Feedback from others

    15 August 2006

    HP Workstation Stop error - Parity error
    On some HP business workstations this is a known fault. Go into the BIOS (F10) and find Advanced Options > BUS Options > PCI Serial BUS and set to disabled, save and exit the BIOS and restart.

    This should fix the problem

    Send feedback about this particular blog
    Read Feedback from others

    17 August 2006

    Ntbackup in SBS 2003 ignores me
    I had a fellow SBS'er present me with a SBS 2003 server where the backup fails.
    The task scheduler exists with error 0x1 after 1 second of trying to run Ntbackup. Manually running Ntbackup and manually loading the bks file selections shows that there is nothing wrong with Ntbackup. The fault lies with the bkrunner tool. This enables the backup account and allows the backup to continue.

    Playing with the backup users rights in the domain security policy (Allowing it rights to log on as a batch job and Service) produced the following error

    Backup Runner started.
    LogonUser failed. (0x80070569)
    NTBackup finished the backup with errors.


    For more information about failed backups, see the article on troubleshooting your backup at the following Web page: http://go.microsoft.com/fwlink/?LinkId=18414

    My research has found that the generally the user SYSTEM has to have "Log on as a service" and "Log on as a batch job" rights in Default Domain Controllers Security Settings | Local Policies | User Rights Assignments. There should be NO accounts listed in either the "deny logon as a batch job" or "deny logon as a service".

    On the SBS boxes I found that SYSTEM is NOT listed in these policies as having this right. SBS is not the same as Windows 2003 server so I assume this is the role of bkrunner.

    Then I found that the user that runs the backup cannot be a member of the Mobile users or Remote Security Operators groups, since these groups deny log in as a service. As mentioned previously, the NT Backup runs without difficulty.

    Generally, we wouldn't have to modify any permissions for this to work, so somewhere along the line someone has modified permissions. The backup task is run by the SYSTEM account which uses the "Backup User" account as well.

    I made sure all users are in the default OU of MyBusiness\Users\SBSUsers. This includes the account for "Backup User" which should be "disabled". (the SYSTEM account/bkrunner will enable it as needed). The Backup User account should be a member of the following groups:

    Backup Operators
    Domain Admins
    Domain Users


    None of these groups should be a member of either the Remote Operators or Power Users groups.

    After making the Backup user look correctly, I rerun the backup wizard to not use sbs Backup. When that completes we ran it again to reconfigure the backup once more.

    And now, the backup works.

    Send feedback about this particular blog
    Read Feedback from others

    16 August 2006

    XP Home access to NTFS security
    I was asked today how to turn off Simple file sharing etc on XP home.
    Well, natively, you can't.

    XP Home does not support turning off Simple File Sharing. By default, the only way to see the Security tab is to boot into Safe Mode. However, there is a workaround.

    XP Home: By default, you can only make files and folders under My Documents "private". This is done by right clicking a folder or file and selecting Properties, Sharing. To change the permissions on other folders, you need to boot the computer to Safe Mode and log in on the built in Administrator account. In this mode, you'll see the Security tab in Properties, and you can assign permissions based on user name or group membership.

    Now how do you get the XP Logon (Welcome) Screen to allow you to logon as Administrator? In safe mode, this is easy. It works. In normal operation you double press ctrl+alt+del at the logon screen, you will get the classic logon. If you want to show the administrator account permanently, here is a link telling you how to do it: www.winguides.com/registry/display.php/1165/

    Now that we can log on as Administrator locally or in Safe mode, head off into safe mode. Here are the relevant articles for you.

    How Do I Get the Security Tab in Properties - XP Home (makes the Security tab appear outside of Safe Mode)

    HOW TO: Set, View, Change, or Remove File and Folder Permissions in Windows XP

    HOW TO: Set, View, Change, or Remove Special Permissions for Files and Folders

    HOW TO: Disable Simplified Sharing and Password-Protect a Shared Folder in Windows XP

    Send feedback about this particular blog
    Read Feedback from others

    13 August 2006

    TechEd change of plan. Jesper not coming to Australia and NZ
    Dagnabbit. This guy rocks. Teched was his last Australian hurrah before joining Amazon and leaving Microsoft. Oh well, we will hope the countless Parties and blurry eyed sessions will make up for the loss.

    In other news, I have just heard some guys off to the SMBnation summit might have a boring trip. They will have to meet new airline restrictions and can not carry cameras, PDA's or even laptops onto the planes. This means long waits in Airport lounges, doing nothing. Long flights, doing nothing. It also means these precious items are subject to being bounced around and vibration in the planes storage areas.
    It looks like these restrictions are not wide spread and not happening to all carriers. I guess we are all going to have to start reading again ?

    how are people going with my hidden messages ? Are people looking though my recent blogs to find them ? There are some funny gems hidden on these pages!
    Hidden Message: This is cool http://www.youtube.com/watch?v=pv5zWaTEVkI

    Send feedback about this particular blog
    Read Feedback from others

    10 August 2006

    The day of the rootkit
    I decided to put this particular day into my RSS feed. It is something everyone should know about (Via my blog and RSS). For those who do not have RSS access, click here for a web version. If you want to use RSS, I have resources here

    Ok, so I have given in and reproduced the page here to. Don't be lazy, look into RSS, it is the best !

    How do I remove this Rootkit? Today I saw the damage of Rootkits. Today I wrangled with them and won. Here is my log. Firstly, the result.

    I scanned for Spyware and Viruses. I found plenty, I removed plenty. I kept removing them until there were no more. The machine ran much better but, it was still showing evidence that things were not normal. Microsoft recommends the solution for a Rootkit is a system reformat. After today, I am inclined to agree.

    I suspected, found and removed a rootkit. After this, I found a further 200+ cloaked viruses. This is the cloaking capacity and danger of a rootkit exposed. Before the rootkit was removed, none of these viruses were visible or detectable.

    Lets start with the basics. I checked the client had a working firewall and current antivirus. I checked task manager for unknown processes and finally scanned for viruses. I found none, nil and nothing. The symptoms were obvious. Internet explorer was slow, unstable and there were ads popping up. Something must be on this machine.

    I downloaded Spybot (and updated it) and checked for Spyware (And inoculated the internet zones). I found three. I installed CWShredder and removed one further Malware. I ran Hijackthis and removed three HBO's and some other items.

    I checked the local machine and current user controlset registry keys for run and runonce, I removed three suspicious programs. I removed all C:\temp, C:\Windows\Temp and user temporary files. I cleared the internet cache (Through Internet Explorer and manually at the command prompt) and reset Internet explorer settings. Things were still not normal. I downloaded Sysinternals process explorer and looked further.
    NEW! Microsoft has moved Sysinternals to Here


    Just in case the local antivirus was compromised, I ran Trend Micro Housecall located at Housecall.I then deleted some rogue Active X items in "C:\Windows\Downloaded Programs".

    For future reference, Spyware wants you to install it. Once you have one piece of Spyware, they can download more and more. You only need 1 bad Spyware to start an avalanche of Spyware that will kill your system and reduce you to a blubbering mess.

    When something (A popup) tells you that your machine is running slow, you have a registry error or you have Spyware installed, be dubious. They are using normal social responses to "bank" on your reaction to want to download and install their software.

    When popup boxes appear and ask you to install or give you "ok" or "cancel" options, please remember, the person who wrote the popup also tells the software what ok and cancel means. Sometimes ok means install, sometimes "cancel" or "no" means install. They will do whatever they can to take over your PC. It is in their interest to trick you into installing their software. Also, Spyware manufacturers use things like the name "Microsoft" to look authentic. This makes you want to install (and you then get infected under the good name of Microsoft).

    When closing these suspicious popups, always try and click the top right hand cross in the corner. This means "go away", close down, I don't want to run this.

    They make money from using your PC or collecting data about you. It is in their interest to trick you into installing their software onto your PC and any others that connect to it.

    Back to the story, Trend Micro Housecall found nothing.

    The next step was to download Lavasoft's Ad-Aware SE and the VX2 Cleaner Plug-in I ran the Install for Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well. I ran Ad-Aware, updated to the latest definitions then clicked on "Add-ons" in the left hand column. I selected "VX2 Cleaner V2.0" and clicked "Run Tool". I cleaned the system. I then ran the VX2 Cleaner a second time. I rebooted the PC and ran Ad-Aware again. This time, I clicked on the Start button in Ad-Aware, selected "Perform smart system scan" Once the scan finished, I cleaned a few infections, rebooted and re ran adaware yet again. Now I download SmitfraudFix and ran smitfraudfix.cmd. I found and deleted a few more items.

    We then found a virus in system restore so we turned this off (To be turned on at the end of this process).
    I then rebooted into Safe Mode
    I reran a virus scan and Spybot/Adaware. I removed any identified Malware under "Add/Remove Programs" in control panel.
    I then reran Hijackthis and found more Malware had installed itself

    At this point, Trend Micro, Spybot, Hijackthis, CWShredder, Adaware, SmitfraudFix and all the rest find no further virus or Malware but the system is still unstable. I could find nothing, even after a reboot. I installed Ewido and removed 1 more Malware infection.

    It was time to bring in the rootkit detectors. I downloaded Rootkit revealer from Sysinternals. I ran this and found some very weird registry entries and dll files with random names in C:\Windows.
    NEW! Microsoft has moved Sysinternals to Here

    At a command prompt, explorer or in Safe mode, the files were invisible and also were not in memory. These are the sure signs of a rootkit.
    I discovered the hard drive was in Fat32 format. I put in a Win98se boot disk, booted up in DOS mode, changed into the Windows folder, deleted the DLL files and rebooted,

    Now when I run Ewido, it finds over 200 Malware. We now find viruses and much more. We clean up the system and it all runs as it should.

    It makes you wonder, if a rootkit can hide all of this, could there be another root kit on this same system ? Maybe my system at home ? It makes you think :( Hidden Message: http://www.istartedsomething.com/20060809/see-the-world-from-another-perspective/ Hidden Message: This is cool http://www.youtube.com/watch?v=9qtF2DCGgIE

    Send feedback about this particular blog
    Read Feedback from others

    8 August 2006

    Vista Demo
    The Windows Vista Business operating system is designed to help your small business customers run their computers smoothly and more securely, with less reliance on dedicated IT support. Powerful new technology and tools help your customers protect their company's data; better organize, find, and share information; and stay connected, whether they're in the office, at home, or on the road. Windows Vista Business fuels business growth for partners by enabling them to deliver new, compelling value on a market-ready platform to meet the most significant wants and needs of small businesses.

    Windows Vista Demo for Small Business Partners

    Also... Ever wanted all your Microsoft tools and downloads (All the good ones) listed in one place ? Take a look at this really cool list.

    Finally ... Check out the Stardust at home initiative
    Hidden Message: After a laugh? check out angry kid at http://www.atomfilms.com/af/spotlight/series/angrykid/


    Send feedback about this particular blog
    Read Feedback from others

    7 August 2006

    Google knows you have Spyware !
    Yes, another tool up our sleeve. If your client can not surf over to www.google.com, maybe they have Spyware ? I have come across one such client.



    On another note, Bot networks, image based spam and ransom ware are on the increase. The Bot networks are generating large sums of money for the people who direct them. They are spewing out tons of spam and are now aided with the use of Rootkits. The Sony Rootkit was nice compared to these new flavors of Malware. Rootkits hide from the operating system and do not appear in the systems memory as a process or a file on the hard drive of the infected computer. Cruise on over to www.sysinternals.com to download rootkit revealer to see if your system is free from the known versions of various rootkits.

    Even more of a worry is the rare, but occurring, incidence of Ransom ware. These nasties either delete all your My Documents items or zips them up in a password protected file. You are then prompted with a popup message asking you to pay for a password to unlock everything again. If this happens to you, call the police and hit the off button on your pc. Luckily the recent infections all included the password in clear text somewhere in the virus code. Read up on this latest threat at various Google sites.
    NEW! Microsoft has moved Sysinternals to Here


    Send feedback about this particular blog
    Read Feedback from others

    6 August 2006

    Molds or Folds?
    There is a service is provided by Telstra this is known as FOLDS test. Send a fax to 1300 368 999 and you will shortly receive a return fax detailing the test results. This is the best way to check faxing issues and line clarity.

    If you are having a modem problem, try a MOLDS test.
    The cable between your modem and the telephone exchange can be many kilometers long - often with numerous "joins" along the way. Contact your telephone company and ask them to perform a "MOLDS" test. It should not cost anything. The MOLDS test will help identify any problems with your line. Line problems need to be fixed by the telephone company.

    Contact Telstra ph. 132200) and ask for a MOLDS test. Tell them your modem is dropping out.
    Hidden Message:You can Die, but tell AOL first : http://www.stltoday.com/stltoday/business/columnists.nsf/techtalk/
    story/A0F7FD49EFA6565A862571BF006C005A?OpenDocument


    Send feedback about this particular blog
    Read Feedback from others

    6 August 2006

    windows 2003 SP2 Beta
    Yes, The beta is upon us. I just hope this will not kill Windows SBS 2003 server ! For more information, look at the mickyj beta page.

    Today I thought I would start hiding messages in my blogs. Lets see who finds the messages. Hidden Message: If you are into SBS, take a look at "http://xpstream.winisp.net/lisota" for a laugh. If you enjoyed this, email me at secrets@mickyj.com
    Also
    windows XP registration fails
    Check that you do not have port 10041 firewalled !


    And Finally
    To integrate an OWA account with your BlackBerry account
    (Assuming you are not trying to use the blackberry via Pop3)

  • Connect to the BlackBerry Internet Service web site and log in to your BlackBerry account.
  • On the navigation bar, click Profile.
  • Under Email Accounts, click the hyperlink other email accounts.
  • Click Add Account.
  • Type the email address, user name, and password in the appropriate fields, then click Submit.
  • Under Microsoft Outlook/Exchange, select the option for I can access my mailbox using a Web browser (Outlook Web Access).
  • Click Submit.
  • In the Outlook Web Access URL field, type the OWA account URL.
  • In the Mailbox Name field, type the Mailbox name for your OWA account.
  • Verify that your email address, user name, and password are correct.
  • Select the Leave messages on mail server check box.
  • Click Submit.



  • If you see the message "Your email account has been successfully set up" the integration is complete. The integrated account is listed with a green check mark in the Status column (on the far right). New email messages will begin appearing on the handheld from your integrated OWA account.
    If you see the message "We were unable to configure this mailbox," the integration failed for one of the following reasons:
  • You entered the wrong account information. Repeat the process.
  • There is a temporary connection problem between the BlackBerry Internet Service web site and your Exchange server. Try integrating your account later.



  • Note: Messages are retrieved from your Exchange Server account and forwarded to your BlackBerry Wireless Handheld every 15 minutes.


    Send feedback about this particular blog
    Read Feedback from others

    5 August 2006

    CBSA 2006
    Well, I tried to be there. The SA government threw a bash at the Allan Scott Park Morphettville and as an MVP, I was trying to attend to talk to people about community involvement.
    It was not meant to be.

    I was surprised by comments from my Microsoft lead, that people told here that they did not know we had MVP's in SA. Looks like we need to make a bigger impact :)
    Community Benefit SA Conference
    10 Years of Community Achievement. Doing a Lot with Little, 4 August 2006

    For those of you who I know were going to this, see you next time and don't wait forever to tell me your thoughts on this years event.

    Send feedback about this particular blog
    Read Feedback from others

    4 August 2006

    Testing A New Definition Update Publishing Process for Windows Defender
    The Microsoft antimalware team wants to give us a heads-up that they will be testing a new definition update process in the next two weeks. Definition updates for Windows Defender (Windows Vista and current platforms) will be publishing daily (Monday-Friday) starting from August 1st and will continue for 2 weeks until August 15th, 2006. They are testing a new end-to-end definition update release pipeline that will allow them to publish definition updates at a higher frequency and they would like to get a better understanding of issues that may arise due to this higher frequency update process. At the end of this period, Windows Defender updates will return to the normal twice weekly schedule.
    Read more on the Defender blog link from my Security section.

    Send feedback about this particular blog
    Read Feedback from others

    3 August 2006

    AOFO
    If you are using Symantec 10 backupexec with the Open File agent, be sure to deselect the cache files on each volume from the backup. Including this in your backup would lead to a loop situation. A very common practice is to move the file to a drive which is not included in the backup job


    Send feedback about this particular blog
    Read Feedback from others

    2 August 2006

    Can not surf to https websites

    Every time this client went to a https site, IE crashed and wanted to send an error to Microsoft. After re registering all the DLL files (From my 31 March 2006 blog), I still could not surf to https. In the event log I found

    Event Type: Warning
    Event Source: Tcpip
    Event Category: None
    Event ID: 4226
    Date: 1/08/2006
    Time: 7:03:32 PM
    User: N/A
    Computer: LOCAL
    Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Data:
    0000: 00 00 00 00 01 00 54 00 ......T.
    0008: 00 00 00 00 82 10 00 80 ....?..?
    0010: 01 00 00 00 00 00 00 00 ........
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........

    From everything I read, this is a tolerance introduced by XP SP2 and mainly affects P2P programs (refer blog 27 June 2006).
    If you have this error, check for something nasty. I ran Trend Housecall and found nothing. I ran spybot And came up empty handed.

    I then ran Process Explorer and saw an instance of MSN messenger running that was not in the task manager list.
    I also noted it was not in the task tray and not in the registry to start when windows starts. It was also holding onto svchost. I terminated msmsgs.exe and the problem went away.

    I am still scanning with Antivirus and find nothing. Windows update said Windows and IE are up to date. I simply had to rename msmsgs.exe to msmsgs.old and not run it anymore. I will wait for a few pattern updates to the antivirus and maybe a new version of messenger !


    Send feedback about this particular blog
    Read Feedback from others

    1 August 2006

    "The system an not log you on due to the following error: The network request is not supported. Please try again or consult your system administrator."

    This has been coming up time and time again. Check your system for the Win32/Rbot Family of viruses. Download a different antivirus to what you are using, update it our run a Trend housecall. You might think that there is no way that you have a virus, you are protected however, you only need the slightest lapse in time to pass when this vulnerability can be exploited and then you can not logon or can only log on once, then need to reboot your server.

    Send feedback about this particular blog
    Read Feedback from others

    31 July 2006

    What the ???
    Jesper Johansson is headed to Amazon. Yes, that Microsoft ISA guru and all r0ound great guy (Whom I have had lots of chats with in person) is moving on. "The sands of time seem finally to have run their course. On September 1 I will not only celebrate the 5-year anniversary of my time here at Microsoft but also my departure from the company. On September 5 I start a new job as Principal Security Program Manager at Amazon.com."
    Check it out on his blog at http://blogs.technet.com/jesper_johansson/

    Send feedback about this particular blog
    Read Feedback from others

    30 July 2006

    If you are a Microsoft based business and a partner, why not look at Partnerpoint ?
    If you belong to a technology company, I’d like to invite you to join the PartnerPoint community. PartnerPoint is an online community of over 3,600 Microsoft Partners from around the world, and membership is free. The services are intended to help you find other partners to team with as well as promote your firm to other partners. They also provide tools and services geared towards aiding the navigation of Microsoft Partner services for those of you who are Microsoft Partners

    visit the community directly at http://www.partnerpoint.com

    Send feedback about this particular blog
    Read Feedback from others

    29 July 2006

    If you have SBS R2 media, do not install yet!! (29 July 2006)
    Microsoft Small Business Server R 2 bits are being recalled from partners who've received them because the latest build inadvertently included some old code, Microsoft said Friday.

    "We discovered an issue in the manufacturing process and are recalling the outstanding editions and reissuing them,"
    said Steven van Roekel, director of Windows Server Solutions.
    "In that build process, someone mistakenly grabbed some of the older core components which were included."




    Send feedback about this particular blog
    Read Feedback from others

    22 July 2006

    My rotten, stupid, stinking password ......
    "My logon has been telling me it is time to change my Domain password. I have been ignoring it as I hate thinking of new password and when I do, chaos follows. I can no longer surf the internet or collect my Exchange emails correctly. I keep getting asked for my new password and the software does not seem to want to accept anything I try !"

    Does this happen to you ?

    The next time this happens, close Outlook and anything else you have open. Open Internet Explorer, go to the tools menu item, select internet options, Click the Content tab, the autocomplete button and finally click the "clear passwords" button. Now log off your workstation. Log on again, open internet explorer, let it prompt for your username/password. Type in your new password, click the check box to remember your password and everything should now be ok again, until the next time you change your password.

    This is usually caused by a stale cached password somewhere.

    When you change the domain password, there is something somewhere trying to establish a connection with cached old credentials.

    After a few connection attempts, the domain account is locked out.

    Here's a non-exhaustive list of possible places this is coming from:

  • Is the user logged on to another machine somewhere, with the old credentials? Perhaps a laptop in another room that's been left logged on? It will continually try to re-connect mapped drives etc using the old password.
  • Does the user have any mapped drives on his PC which he has supplied and saved Alternate Credentials for? If so, then un-map and re-map these, supplying the new password. Otherwise, the remote server will attempt to authenticate the user with stale credentials.

    You can see what stored credentials are present by following the procedure here:

    HOW TO: Manage Stored User Names and Passwords on a Computer in a Domain in Windows XP

  • Send feedback about this particular blog
    Read Feedback from others

    21 July 2006

    A big hello to Kalgoorlie
    I work with a number of Mining Industry sites. One in particular, I could not get out to so I contracted a local to assist. After a few days of discussions I ended up sending a link to my tools web page to them (To remove some Internet nasties). It turns out this person has already seen my posts and my site. What a small world ! Hello Kalgoorlie.

    Send feedback about this particular blog
    Read Feedback from others

    20 July 2006

    Russinovich now belongs to Microsoft
    Winternals and Sysinternals, and their well-known technical leader, Mark Russinovich, are now part of Microsoft. I hope that this does not mean sysinternals freeware will vanish. These tools are the best. Wininternals has already been rebranded and allot of he tools are now unavailable. Russinovich was an MVP so it was only a matter of time !
    NEW! Microsoft has moved Sysinternals to Here


    Send feedback about this particular blog
    Read Feedback from others

    19 July 2006

    Sharing Outlook personal mailboxes (Depending on the privacy act in your location)
    To allow access to a shared folder that isn't one of the folders listed on the File | Open | Other User's Folder dialog, the mailbox owner needs to grant Reviewer permission to the root of the mailbox, as well as appropriate permission on the folder. The user who needs access then goes into Tools | Services (or Tools | E-mail Accounts in Outlook 2002) , brings up the properties for the Exchange Server service, and on the Advanced tab, adds the mailbox. After that, the user will see in the folder list all those folders in the secondary mailbox to which he/she has access and can add any of those folders to the Outlook Bar. To share a folder in your mailbox, right click and share the folder :)

    Send feedback about this particular blog
    Read Feedback from others

    18 July 2006

    mickyj.com in the spotlight
    mickyj.com is starting to appear linked in many other peoples websites. I am glad I am providing a service people value. You can link to me using the information found at http://www.mickyj.com/linktomickyj.htm.

    The site now appears linked on the "The SBS Community Lead Blog" out of Redmond, WA, USA.

    Send feedback about this particular blog
    Read Feedback from others

    17 July 2006

    Meet two new friends of mine
  • a free security scan for common vulnerabilities that affect systems on the Internet
  • Archives of old internet pages (Better than googles cache)

    Say no more !

  • Send feedback about this particular blog
    Read Feedback from others

    16 July 2006

    Die Browser, Die
    Ever had one of those days when a rogue machine is spitting out Browser elections and causing trouble ?
    take a look at
  • Troubleshooting the Microsoft Computer Browser Service
  • Understanding Browsing
  • Control Network Browser Elections

  • Send feedback about this particular blog
    Read Feedback from others

    15 July 2006

    Small Business Server from the Land of the long white cloud
    I am so excited, one of my SBS friends from across the ocean are coming to little old Adelaide. As I stated at the ACS presentation, Networking is what it is all about. I have friends all across the world and it makes me a better person and Engineer !

    Send feedback about this particular blog
    Read Feedback from others

    14 July 2006

    ACS young IT event
    Thank you to the Australian computer Society for asking me to present for the Young I.T. night at the UNISA West Campus. I thoroughly enjoyed the evening and made some great new friends. As I told the people gathered, Network. Go and meet people. Link with others and your new network of friends will take you places.

    A shout out to Damu (You know who you are). You are on the right path and will succeed.

    Whilst I am SMB minded, the items I spoke about applied to everyone present and not just the SMB sector. Use the information wisely.

    Send feedback about this particular blog
    Read Feedback from others

    12 July 2006

    Strange how your focus changes
    My 11 month old Daughter Sarah is now sanding unaided and trying to walk. It is strange how my huge I.T. influence and all my skills seems trivial compared to this.

    For those of you who have been following my Daughters progress, take a look at these photos and an older one here.




    New additional blog (Added August 2011). Mickyj Mindspill at msmvps.com


     

         ( )

    View Previous posts before 12 July 2006

     

     

     

     

                                                                                  This page was written and designed by Michael Jenkin 2011 ©