Welcome to 







Welcome to Mickyj.com SBS RSS feed

Follow me through the highs and lows of IT in general

New additional blog (Added August 2011). Mickyj Mindspill at msmvps.com

events, Events and more events
Today we went off to the Trend Micro SMB event (Or is that the Worry free event?). Whilst Trend's Website was recently attacked, I still maintain that these products rock and are the best of breed. The new solutions that they are working on are incredible. If we only get a part of their SMB solution into the enterprise space, I will be a happy man. Their new Web reputation services will hopefully see the end of those malicious website attacks of the past (Like the day the Yellow and White pages flash animation hacked everyone). Check out this link for the details to use this in Officescan 8

And ... they even have a solution for protecting the Playstation 3 ??

(Now you have desktops, servers, appliances, PDA's/Smart phones and Playstations ?)

It was great to see so many familiar faces at this event. The interaction of Vendors and resellers was great and I promise to get back to those who asked me questions. I will also blog back here when I know about any Beta program for CSM or SBS suite for SBS 2008 (64 bit). Either that or a Microsoft Forefront solution.

Trend Micro hit by massive Web hack
Security vendor Trend Micro was one of the victims of a widespread Web attack.

Robert McMillan (IDG News Service) 14 March, 2008 00:20:42

"Security vendor Trend Micro has fallen victim to a widespread Web attack that splashed malicious software onto hundreds of legitimate Web sites in recent days.

A Trend Micro spokesman confirmed that the company's site had been hacked Thursday, saying that the attack took place earlier in the week. "A portion of our site -- some pages were attacked," said Mike Sweeny, a Trend Micro spokesman. "We took the pages down overnight Tuesday night -- and took corrective action."

On Thursday security vendor McAfee reported that more than 20,000 Web pages have been affected by the attack. The pages are infected with malicious code that tries to install password-stealing software on the PCs of people who visit the sites.

Researchers are still not sure how the attackers are managing to hack these Web pages, but the pages all seem to use Microsoft's Active Server Page (ASP) technology, which is used by many Web development programs to create dynamic HTML pages. A software bug in any of those programs is all the attackers need to install their malicious code.

The infected Web pages are not obviously malicious, but the attackers have added a small bit of JavaScript code that redirects visitors' browsers to an invisible attack launched from servers based in China. This same technique was used a year ago, when attackers infected the Web sites of the Miami Dolphins and Dolphins Stadium just prior to the 2007 Super Bowl XLI football game.

The JavaScript attack code hosted on these infected Web sites takes advantage of bugs that have already been patched, so users whose software is up-to-date are not at risk. However, McAfee warns that some of the exploits are for obscure programs such as ActiveX controls for online games, which users may not think to patch.

If the code is successful, it then installs a password-stealing program on the victim's computer that looks for passwords for a number of online games, including the "Lord of the Rings Online."

It's embarrassing when security vendors fall victim to the attacks they are supposed to prevent, but Trend Micro is not the only company to have had its Web site hacked in recent months. In January, parts of CA's Web site were infected with a very similar type of attack."

One item to note: Due to the way Trend Designs it webpages, the Malware could not redirect you and hence the Malware was useless on this particular site.

Then we have the latest Microsoft Heroes campaign.
Again, good to see you all there. Whilst the "Ask the experts" partner lounge was just used as a lounge and not for it's intended purpose, it was a great day and we all learnt lots about Windows Server 2008. If people keep coming to these events, Microsoft will keep having them. We had about 400 people in Adelaide and your photos can be seen from the community link on the website www.heroeshappen2008.com.au or cheat and go straight to Flikr

When does reverse DNS lookup become a pain for legit people?
When my local ISP changed my work ADSL and many other clients ADSL from layer 3 to layer3, they deleted our PTR records for reverse lookups. Now anyone I send email to that is using reverse lookup in DNS on their antispam tool or in Exchange, can't get email from me AGGGHHHH. If you log Exchange heavily you can see the "helo" or "ehlo" commands, the rcpt/from commands and Data. You never get an end or quit issued. This is because the remote server just drops the connection. Very hard to fault find (As a Telnet and manually sending the instructions works fine). Something to keep a sharp eye out for :)

Send feedback about this particular blog
Read Feedback from others

18 March 2008 - Mickyj.com

End blog for: 18 March 2008

Quick update
Compatibility Pack for older Office users (Use Office 2007 files)
By installing the Compatibility Pack in addition to Microsoft Office 2000, Office XP, or Office 2003, you will be able to open, edit, and save files using the file formats new to Word, Excel, and PowerPoint 2007. The Compatibility Pack can also be used in conjunction with the Microsoft Office Word Viewer 2003, Excel Viewer 2003, and PowerPoint Viewer 2003 to view files saved in these new formats.

See Knowledge Base article 924074 for more information.

Users of the Microsoft Office XP and 2003 programs Word, Excel, or PowerPoint—please should install all High-Priority updates from Microsoft Update before downloading the Compatibility Pack.

Note: If you use Microsoft Word 2000 or Microsoft Word 2002 to read or write documents containing complex scripts, please see http://support.microsoft.com/kb/925451 for information to enable Word 2007 documents to be displayed correctly in your version of Word.

The administrative template for the Word, Excel, and PowerPoint converters contained within the Compatibility Pack is available for download.

The download for standalone users from the website is 27.5 MB

Windows Home Server Power Pack 1
If you want any information about the power pack, the best place to start is the homeserver blog.

Can not wait for SBS 2008?
Read up on it here.

Windows Small Business Server 2008 will become available in the second half of 2008.

Send feedback about this particular blog
Read Feedback from others

27 February 2008 - Mickyj.com

End blog for: 27 February 2008

Toshiba Announces Discontinuation of HD DVD.
Blue Ray is here to stay
Whilst I have been hearing about the end of HD DVD since the 19th,
  • The Age
  • ABC News

    I descided to wait for an official release.

    Both Sony and Toshiba have now made it official.

    Toshiba Corporation yesterday announced that it has undertaken a thorough review of its overall strategy for HD DVD and has decided it will no longer develop, manufacture and market HD DVD players and recorders.

    This marks an official end to the format war; Toshiba’s announcement makes Blu-ray the clear successor to DVD.

    Time to save up to buy one of those Awesome Toshiba P200 laptop units with a Blue ray drive. The ultimate beast.

    Send feedback about this particular blog
    Read Feedback from others

    21 February 2008 - Mickyj.com

  • End blog for: 21 February 2008

    Mega Post Time for February
    Windows 7 (Currently M1) looking to be here in 2009
    Move over Microsoft Windows Vista. Windows 7 has reached Milestone 1 (M1) and is on track for 2009. As the last 32 bit operating system Microsoft will make, it looks like a last hurrah. Whilst M1 looks like Vista, it is not Vista SP1. It has some cool new MCE features, Gadgets and the Surface technology. It is like the touch feature on the iPhone's, but on steroids. I can hardly wait for M2.

    A car that can swim ?
    Ok, this one belongs on my hardware blog (err maybe ...) but it was just to cool to hide away. I love all things tech and geeky.

    Swiss company, Rinspeed, says it has created the world's first truly submersible car. Concept car developer Rinspeed says it "sQuba'' can fly underwater at a depth of 10 metres. Very cool. I can take my Canon Ixus with waterproof case for a swim at speed. For safety reasons they built the vehicle as an open car so that the occupants can get out quickly in an emergency.

    This techie goodness cost more than 1 million euros ($1.62 million) to make, it is the only sQuba built so far, with engineers having to ensure the car was watertight and pressure-resistant .

    "The real challenge, however, was to create a submersible car that moves like a fish in water."

    I want one !

    Do you subscribe to Trend Micro's "First Line of Defense"?
    Do you want to be safe from Malware and Spam?

    I created my Tools page to combat Malware
    I created my Spam page to teach you about spam
    I link to external sources to help you stay safe (Avoid Internet fraud! - - read through these excellent tips on how to spot fraudulent emails and websites. )
    and I recommend newsletters for you to read and digest.
    "First Line of Defense" Newsletter

    Information from these sources is so valuable I have included a sample article here for you.

    Extract from - First Line of Defense - ISSUE 45, February 15, 2008

    Yikes! Spam is 90 Percent of All Email

    Spam continued to evolve throughout 2007, resulting in an increase in spam, which now comprises at least 90% of all email. Motivated by financial gain, spammers are willing to invest considerable resources into optimizing spam. This creates an on-going adversarial relationship between the spammer and anti-spam vendor. As spammers create new spam techniques, anti-spam vendors create technologies to block them—both sides creating more sophisticated responses as the process evolves.

    Image Spam and Attachment Spam

    Image spam displays the spam message in an image embedded in the email. This is not a new spam technique. However, in late 2006, spammers began to send more image spam as they realized that this approach complicated spam filtering to identify the spam content. Image spam increased during the first part of 2007, reaching 40% of all spam sent. During this time, spam filters adapted and became more effective at blocking image spam. As a result, by mid-2007 image spam declined. In June 2007, image spam represented less than 6% of spam and dwindled to less than 2% by the end of the year.

    As image spam lost its effectiveness, spammers turned to attachment spam in another attempt to conceal the spam message from filters. In June 2007, experimental German PDF spam appeared and by the end of that month, PDF spam had flooded the Internet. PDF spam peaked in mid-August, comprising 18% of spam. However, it quickly faded as spam filters adapted, virtually disappearing by the end of August. Spammers then cycled through numerous attachment types for the remainder of the year, including FDF, ZIP, XLS, RTF, DOC and even MP3 files that played the spam message in an audio file instead of in text or as an image.

    Embedded Links in Spam

    Spam contains a call to action. Often this is an embedded link that brings the recipient to a Web site. Spam filters can assign a reputation to URLs in links and can use this reputation to identify and block spam messages. Therefore, spammers seek to conceal or bypass the use of URLs. For example, in January 2007, a spam attack used asterisks in the URL to avoid detection.

    Spammers are also placing URLs in very simple text messages. With limited spam content, identifying the email as spam and assigning a reputation to the embedded URL is more difficult. Spammers do not use the text to communicate their message, but hope the recipients will follow the link to a Web site. Often these Web sites download malware.

    In 2007, spammers relied heavily on “pump and dump” spam. These emails do not contain a URL, but instead, promote the purchase of a penny stock. The spammer buys cheap stock and then pitches the stock in spam. Many recipients buy the stock and drive up the value, giving the spammer a profit.

    Spammers are also cycling through domains more quickly, complicating the spam filter process of acquiring and applying timely URL reputations. In 2003-2004, spammers maintained spam Web sites for a few days or a week. Today, spammers host sites for less than a day or as little as a few hours.

    International Spam

    As an international company with a global network of research centers, Trend Micro tracked spam in 38 specific languages throughout 2007. The majority of spam was still in English (an average of 73%), but non-English spam grew and diversified significantly. After English, the top two languages are Japanese and Chinese, both averaging around 10% of spam, with relatively even spam distribution throughout the year and a small decline at the end. Organizations, particularly global companies, must have an anti-spam filter that can block spam in double-byte characters and be able to specifically identify Japanese and Chinese spam.

    Protect Yourself from the Spam Invasion

    Commonsense Practices

    Protecting against the malware or phishing that lurks when clicking on some links in spam involves some commonsense practices. The best advice is to be cautious when reviewing your email if the email is not from a trusted source, and this is particularly true if the email recommends taking some action with urgency. Verify needed actions by picking up the phone and calling the sender. The bottom line is to be cautious about what you read in email, especially email you do not expect to receive or from someone you don't know.

    Few if any financial institutions send any important correspondence by email, unless you specifically request it or set up your account to receive electronic statements. Hence, if you receive any correspondence from a bank, call your bank to respond to the request or verify the information. eBay, Paypal, and other prominent auction and online payment sites typically provide secure internal message centers or transaction histories that allow you to check for any important correspondence and transactions. This allows you to verify email you receive from sources like these, which are often fraudulent.

    One best practice is to avoid clicking on any link that is displayed as a numeric IP number, rather than a domain name, for many such links are hosted by bots with intent to perform malicious actions. Of equal importance, selectively click on attachments to your emails. Deciding whether to open a particular attachment requires judgment, and clearly, you need to click on some attachments that you are not completely sure are legitimate. But a little caution can go a long way towards avoiding malware exposure. If you are unsure of an attachment, a safe practice is to save it to your desktop, update your antivirus software to the latest pattern, run a virus scan on it, and verify that the attachment is benign.

    Business Protection

    However, protection from the adverse impacts of spam extends beyond user commonsense and habits. Small and medium businesses can protect its employees from links in spam by implementing a number of measures, stopping most of the spam from ever reaching the desktop. For example, adopting a total protection suite that includes spam protection (including spam technologies that block emails with dangerous embedded URLs), virus protection, URL filtering, blocking automatic downloading of images in email, email reputation, and other measures represent a base level of protection. Email reputation blocks emails at the connection layer based on the sender, preventing these threats from even entering the network.

    The Next Generation of Protection

    The next generation of spam protection involves hosted security solutions “in the cloud,” which is often called “Software as a Service” (SaaS). Because the rate of change of methods that cyber criminals employ is increasing, keeping up with these is a daunting task for all but security experts. SaaS provides, among other benefits, constantly updated techniques for intercepting spam before it ever enters the business' network. The hosting vendor conducts all updates and tuning, allowing customers to leverage the vendor's security expertise. At most businesses, security is not a goal in itself, but a means to accomplish the company's core competency. For this reason, relying on a trusted third party that continually upgrades its spam protection systems can often prove the best choice.

    Kids these days
    Hey my daughter is 2 and a half years old, she counts forwards to 20 and back form 10 to zero. Are we teaching them to much? Their minds are like sponges but i have to wonder. Will she be a computer genius and leave me in shame or suffer burn out.

    How are we protecting them? Will my daughter get caught up in technology or caught up by technology ?

    ... My thought of the day.

    Did you know?
    Apple recently released a new product called the MacBook Air (Ad's seem to be on every TV channel at the moment), the first commercial laptop available in a pure solid state form.
    What is solid state and why is it important? Solid state means that the MacBook Air has no internal moving parts or mechanics aside from the keys and case hinge. As a result, you could drop it, or juggle it and there'd be no worries about the precious data inside being destroyed. The Air is making waves, however, as it's the slimmest laptop available on the market to date, at less than 2.0 centimetres in height and with a 13.3 inch screen, it can fit inside an A4 envelope. (Hence the TV Ad)
    However, the MacBook Air doesn't come cheap, with a non-solid state version starting at $2,499 and the solid state costing a huge $4,338, it might be out of the average users grasp. The laptop also lacks a CD drive, substantial storage capacity and ethernet port (Air uses wireless networking). Instead requiring external devices such as USB CD/DVD, USB harddrives or other wireless networking solutions to fill the gap. Another short coming is that the sealed case provides no access to the battery pack, meaning that once your battery is charged that's all you get until you find another power point. You can't keep a spare battery.

    Is the MacBook Air ahead of it's time or the perfect portable computing solution? Only time will tell.

    Visit Apples Website for more information.

    Did you know that there is an Australian Broadband Survey?
    Check it out at Australian Broadband Survey http://whirlpool.net.au/survey

    Windows Vista tip
    If you don't want certain programs or applications to run automatically on startup, there's an easy way to disable them.

    Click Start
    Type msconfig in the search box
    Click Continue in the User Account Control to continue
    Click on the Startup Tab
    Uncheck any boxes in the "Startup Items" that you wish to disable or click the Disable All button (not recommended)
    Click OK
    If you need to re-enable any of the programs, go through the same process and check the boxes of programs you wish to run automatically on startup.

    Mac OSX tip
    If you run across a cool website and want to email that site to a friend, probably the fastest way is to press Command-Shift-I. This opens Mail, and inserts the Web URL into the body of your email. Now all you have to do is type the recipient’s name, enter “Check this site out” in the Subject line, and click Send.

    Introducing Ontrack PowerControls 5.0: The Ultimate "Power Tool" for Exchange Administrators
    Power controls has always been one of my favorite tools. I have been able to recover Exchange stores with this that were previously thought trashed.

    Now Version 5.0 of the popular e-mail recovery, search and management software tool - Ontrack PowerControls - is available. This newest version delivers all of the e-mail recovery power and precision of past versions – with a number of potent and very cool new features added.

    - Set your live Exchange Server as a "target" for searching, moving, copying, exporting or deleting live mailbox items
    - Control and track user access and activity via new Administrative Services to mirror your organization’s internal I.T. security policies
    - Create new mailboxes on a target Exchange server manually or as part of copy-out process
    - Generate reports showing results from each search you perform
    - Export single mailboxes or entire EDB store to PST files

    Ontrack PowerControls on the web:

    SMB Nation Webinar
    FirstCall with Tcat: Success Teams
    I hope you will join SMBNation on their FirstCall Webinar featuring Tcat! It occurs during Harry's evening on February 28th to accomodate APAC customers (Australia, Asia, NZ) along with North America. (Most of my readers !)

    Go to the website to register http://www.smbnation.com/

    Learn how Tcat overcame personal learning challenges to help launch the SBS product in 1997, write 36+ books and ascend to acclaimed international IT and certification speaker.

    Default Website - "cannot display web page"
    OWA, RWW and practically everything on the “Default Web Site” in IIS are displaying the error “cannot display web page”
    In the event log there is the error

    Event 2268 for W3SVC-WP
    Could not load All ISAPI filters for site/service. therefore startup aborted

    If you go into the default website and disable the Trend Micro (Or other filters) filters from the ISAPI tab it will likely work agian.

    I have a virus and I can't update my antivirus
    It is likely the Virus has rendered your software useless by modifying your hosts file found in C:\Windows\System32\Drivers\Etc (Default location).

    By editing this file, you can point web domains back to your host PC and this makes updating your antivirus rather problematic.

    Normal Hosts files have " localhost" at the top and then maybe some real entries. A hacked Hosts file might conatin some, all or more than the following

    (o changed to 0 to stop this page being detected as having a virus) www.symantec.c0m securityresp0nse.symantec.c0m d0wnl0ads1.kaspersky-labs.c0m d0wnl0ads2.kaspersky-labs.c0m d0wnl0ads3.kaspersky-labs.c0m d0wnl0ads4.kaspersky-labs.c0m d0wnl0ads5.kaspersky-labs.c0m www.kaspersky-labs.c0m symantec.c0m www.s0ph0s.c0m s0ph0s.c0m www.mcafee.c0m mcafee.c0m liveupdate.symantecliveupdate.c0m www.viruslist.c0m viruslist.c0m viruslist.c0m f-secure.c0m www.f-secure.c0m kaspersky.c0m www.avp.c0m www.kaspersky-labs.c0m avp.c0m www.netw0rkass0ciates.c0m netw0rkass0ciates.c0m www.ca.c0m ca.c0m mast.mcafee.c0m my-etrust.c0m www.my-etrust.c0m d0wnl0ad.mcafee.c0m dispatch.mcafee.c0m secure.nai.c0m nai.c0m www.nai.c0m update.symantec.c0m updates.symantec.c0m us.mcafee.c0m liveupdate.symantec.c0m cust0mer.symantec.c0m rads.mcafee.c0m trendmicr0.c0m www.trendmicr0.c0m vncsvr.c0m secdreg.0rg
    etc etc

    As the antivirus goes to to it's updates and cannot connect to the domain it needs, it does not update or it updates from the localhost where the virus injects something nasty. Keep a look out for this one.

    Send feedback about this particular blog
    Read Feedback from others

    17 February 2008 - Mickyj.com

    End blog for: 17 February 2008

    Vista SP1 and SD cards !
    Panasonic releases world's first 32GB SD Card
    Man this is big. It might almost satisfy my photo habit. Apparently you can transfer data at speeds of 20MB per second for about US$700. Check it out here

    The card is also equipped with a new user-friendly labeling feature, which allows users to write titles or comments directly onto labels on the front and back of the card. Panasonic is planning to introduce the new labeling feature in its other SD Memory Card models.

    The arrival of Panasonic’s 32GB model further adds to its Pro High Speed line-up which currently has five models available: 1GB, 2GB, 4GB, 8GB and 16GB card sizes with the Class 6 speed specification.

    Windows Vista SP1 is available for Download for TechNet Plus users
    Check it out here

    Send feedback about this particular blog
    Read Feedback from others

    16 February 2008 - Mickyj.com

    End blog for: 16 February 2008

    Happy Valentines day!
    I had a client with a very highly spec'd Toshiba P100 laptop. Very nice. Running like Celeron 366 with Xp Pro. Not so nice. After running various tools I came to the conclusion their fantastic HP LaserJet 3390 had some scan to the desktop software which was dragging their system down. It was grabbing resources, cpu cycles and forcing the laptop to constantly page. Terminating the file HPTLBXFX.exe with task manager fixed the issue almost immediately. I have had a look at the HP website regarding new drivers and all I find is other people with the same issue. The HPToolBoxFX stealing system resources is a know problem.

    Have a look in the HP forums

    Alot of people agree that when the HPToolboxFX is automatically run at system start-up it greatly decreases system performance.

    There is not currently an official fix for this know problem, only walk arounds are suggested.

    if you have a HP MFP LaserJet and your system runs slow, start with this issue and work your way to a solution.

    Suppress false USB over-current balloon warnings in Windows XP SP2 Home and Professional.
    When I logged into a clients Windows XP system, I got the error message balloon: Power surge on hub port error. After clicking the balloon I got a box that said I should reset the port. I tried this several times and it didn't work. None of the USB ports work. the pop-up from the system tray says "Power Surge On Hub Port. One of the USB device has exceeded the power limits....".

    Hmm very worrying.

    When you have an electrical surge on a hub port, either a device attached to the port, or the port itself, has drawn more current than allowed. The hub has turned off the port. The port will not function correctly until you reset it (reboot). If the device is the cause, it must be detached before resetting the port. To reset the port, disconnect the device, and then click Reset in the dialog box (or reboot). If the port is the cause, close the dialog box, and do the following to re-enable the port:
    Disconnect the hub.
    Re-attach the hub.

    If it is the root hub, unplug all attached USB devices from the computer, and (if they have power supplies) unplug them from the electric supply. After a few moments, reconnect the devices. The computer can be restarted at any time.

    If the system is a Dell (In this case a Dimension 2400) you need to download R89758.EXE

    (It covers Dimension - 2200, 2300, 2300C, 2350, 2400, 2400C, 3000, 4300S, 4500, 4500C, 4500S, 4550, 4590T, 4600, 4600C, 4700, 4700C, 5000, 5100, 5100C, 8250, 8300 / 8300N, 8400, 9100, XPS, XPS (Gen 5), XPS Gen 2, XPS Gen 3, XPS Gen 4; Inspiron - 1100, 1150, 1200, 2200, 300m, 500m, 5100, 510m, 5150, 5160, 6000, 600m, 700m, 8500, 8600, 9100, 9200, 9300, Inspiron XPS Gen 2, XPS; Latitude - 100L, 110L, C400, C510 / C610, C540 / C640, C840, D400, D410, D500, D505, D510, D600, D610, D800, D810, V740, X1, X200, X300; OptiPlex - 160L, 170L, GX260, GX270 / GX270N, GX280, GX60, SX260, SX270 / SX270N, SX280; Precision - 340, 350, 360 / 360N, 370, 450, 470, 650, 670, M20, M40, M50, M60, M70, PWS 380; SmartPC - 350D / 450D)

    If you are not using a Dell or you really have a power surge, if you're using some fancy USB device like wireless or lighted one, expect more power to be required. You can use a "powered hub" then add the devices to to move away from system supplied hub power needing only USB signal strength.

    Also, look into a better power supply. Anything rated 300W is likely to suffer and 350W or better is desirable.

    I need to use RWW or RDP into a clients machine but remote desktop is not enabled on that PC!
    If you have access to another workstation and can log on as the domain administrator, you can do this without ever leaving your computer.

    This happens all the time. You need to access a system on your network but remote desktop (RDP) in not enabled on that system. If you can access that machine's registry, you can enable it remotely.

    Firstly, at the machine you are on, right click My Computer, select Manage from the menu. Once this is open, right click computer management, connect to another computer. Select the PC you need. Go into that PC's services and make sure the Firewall and ICS is turned off. (Unless you are using ICS on that PC or there is no other hardware firewall between it and the outside world).

    now, start - Run - type in Regedit In the File menu click Connect Network Registry. The select computer search box will open. Browse to or type in the server location. Click OK
    Browse to this key:
    HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

    Double click on fDenyTSConnection
    Change value to 0 and click OK
    Close regedit

    Reboot the remote system (Not essential for all PC's)
    (Run this from the run box: shutdown -m \\remoteserver -r)
    (remoteserver is the name of the server to be rebooted)

    Connect using remote desktop connection
    - Run this from the run box: mstsc.exe (or start button - programs - communications - remote desktop connection).
    - When it opens, enter the name of the server and the admin password

    Send feedback about this particular blog
    Read Feedback from others

    14 February 2008 - Mickyj.com

    End blog for: 14 February 2008

    Australian MCE EPG Oztivo (and others) Alert
    The Guide data format is changing
    For more information check out the news section at the bottom of my MCE page

    "The xmlguide.pl service will be discontinued on March 31, 2008. Please ask the author of your XML data grabber to update it to use the new API. Details can be found at http://minnie.tuhs.org/xmltv/api.html"

    Send feedback about this particular blog
    Read Feedback from others

    9 Feburary 2008 - Mickyj.com

    End blog for: 9 Feburary 2008

    IIS and websites
    Please restore my faith in humanity!
    An IT company in my area asked me for some help with a new client of theirs. The client is a "Not for profit" and just had a nasty experience. Their previous IT person left them and handicapped their server before leaving. (Not for profits already struggle and do not need this headache).

    Their issue as they saw it, their two websites were down. A quick Nslookup and "whois" confirmed that one existed in DNS, one did not. One was registered to them, one was not.
    Then I found out they were running the two websites from their SBS premium box. Something I do not recommend. (Always use a hosting service). They could get to one of the sites internally but one was dead and both did not work on the internet. This as they saw, was their only problem.

    To me, a seasoned installer and maintainer of SBS boxes, it was a mess. I saw the rest of the disaster unfold before me. It is almost like the IT person went into Add/Remove in control panel, selected SBS 2003, followed the wizard, selected to uninstall the Server components and then whilst it was ripping the heart out of the server, pushed the reset button on the server. It was a mess and I was surprised it booted with no errors in the event log.

    Various staff members had been elevated to the domain administrators group, the WINS settings were set to a non existent server, the DNS settings in the servers two network cards pointed to incorrect DNS servers (not itself), DNS did not have reverse lookup zones, the default.htm in c:\inetpub\wwwroot had been renamed. The CEICW had been run, with the wrong name for the SelfSSL certificate, the CEICW did not successfully change the packet filters etc in ISA when I ran it (It would not set ISA back to default for a starting baseline). There were really weird filters in ISA. The box was running VNC, Telnet and FTP unnecessarily.

    The websites in IIS were not answering on the correct interfaces, companyweb was not answering on port 444, The default website was missing the default ISAPI Filters

  • sbsflt.dll - c:\inetpub\sbsflt\sbsflt.dll
  • fpexedll.dll - C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin\fpexedll.dll
  • Owa - C:\Program Files\Exchsrvr\ExchWeb\bin\auth\OwaAuth.dll

    The server RDP was configured to answer on the internal interface only, the registry was altered so the server did not answer on 3389, it was on 3388 (Microsoft kb306759)

    The Host headers in IIS were setup wrong.

    You can not RWW, VPN, RDP or https into this server. Only port 25 flows.

    SharePoint was also dead.

    All the following links failed:

  • (root default.htm in wwwroot is meant to come up here)
  • http://localhost/exchange
  • http://localhost/oma
  • http://localhost/remote
  • http://internetdomain:444
  • http://internetdomain/exchange
  • http://internetdomain/oma
  • http://internetdomain/remote

    All of them produced "Access denied to ‘c:\inetpub\wwwroot\web.config’. Failed to start monitoring file changes."

    .... and in the to-do list, monitoring, backup and other html based items also caused ‘c:\inetpub\wwwroot\web.config’ errors.

    Whaaa? I carefully re-read the message when it hit me: “I have no web.config in the wwwroot directory!” Something very strange was going on. By verifying/adding/changing the following permissions everything in inetpub worked as expected:

    Everyone: Read and Execute, List Folder Contents, and Read.
    SYSTEM: Full Control
    Network Service: Read and Execute, List Folder Contents, and Read.

    I used Add/Remove to uninstall and reinstall SharePoint. It gave me an error about an installation of older files over newer file so I installed WSS 2.0 from the Windows SBS server 2003 SP1.
    I added new zones in the name of the internet domain with www address and an A record the same as the domain name. (So internally they could get to their websites)

    I removed the weird ISA rules and re-ran the CEICW with the correct certificates. I changed the permissions on inetpub.

    I added the public internet names for the clients websites into the SBS Web Publishing Rule - Public name section in ISA.

    I re-setup host headers in IIS.

    Almost everything now works. 4125 in RWW does not work into workstations as I bet the clown IT people also edited the local workstations port address for RDP.

    Why make someone's life to hard? Why take it out on people? Why risk your career !

    IIS and host headers
    Do you have a web server, running IIS, with multiple sites all listening on port 80, and each of those sites need SSL certificates? (As per my above case)

    If you have SBS 2003, you have the CEICW which uses Self SSL to create certificates. If this is not SBS, get the IIS Resource Kit.

    Open up your handy IIS admin tool and look at your list of websites in list view. You’ll see each name along with an associated "identifier", their host header name, port, and SSL port. Remember your basic TCP/IP networking, you send your packets on a port because something is listening on a port. And, you can’t have two services listening on the same port and IP address on the same machine. With IIS you can sort of "fudge it".

    On Windows Server 2003, you can have multiple websites. Each of these sites must be delineated by either a host header value or an IP address; all of them can not listen on port 80. Another item to note is the HTTPS protocol does all of its work on port 443 and only port 443 (without browser modifications and changes to ISA if you use it).

    Ensure each sites has either a unique IP address or a host header.
    Create and install a wildcard SSL certificate using the CEICW or you can use the selfssl tool from the IIS Resource Kit to create a self
    signed certificate.selfssl.exe /n:cn=* /k:1024 /v:1480 /p:443 /s:1This will create a 1024 bit certificate for site identifier 1 on port 443 which lasts 4 years.

    Now for each site do the following

    ** Note, this next step will stop your site **Copy the certificate from site identifier 1. Easiest way to do so if through IIS Admin | Directory Security | Server Certificate, then use the wizard to Assign a certificate already installed on your machine. Ensure you select the WILDCARD certificate. After clicking Apply or Ok your website will be stopped.

    Alter the IIS metabase to allow the sharing of the certificate.cscript.exe C:\Inetpub\AdminScripts\adsutil.vbs set /w3svc/[identifier]/SecureBindings ":443:[host header name]"Where [identifier] is the unique website identifier IIS assigns all websites, and [host header name] is the host header name for the site previously configured. For example":cscript.exe C:\Inetpub\AdminScripts\adsutil.vbs set /w3svc/123456789/SecureBindings ":443:my-host-header-name"

    Start your website in the IIS Admin tool.

    I was having trouble getting RDC/RDP to work correctly to a clients laptop. I was getting an error about MrvGINA.dll being incompatible.

    Warning: Incorrect use of the Windows Registry Editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes. In cases where you're supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.

    In the registry browse to HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/Current Version/WINLOGON

    Delete the key named GINAdll

    All fixed.
    Hard disk recovery in a freezer
    Wha ??? Yes, this is a valid way to recover data temporarily from a failed disk. Read more ...

    Send feedback about this particular blog
    Read Feedback from others

    5 February 2008 - Mickyj.com

  • End blog for: 5 February 2008

    MS Yahoo Ver 1 ?
    Microsoft to fight Google Head to Head ?
    Microsoft has made an official proposal to acquire Yahoo in a deal worth $44.6 billion in cash and stock, at a price of $31 per share, which represents a 62 percent premium for shareholders.

    Quote from the official press release:

    “Microsoft Corp. (NASDAQ:MSFT) today announced that it has made a proposal to the Yahoo! Inc. (NASDAQ:YHOO) Board of Directors to acquire all the outstanding shares of Yahoo! common stock for per share consideration of $31 representing a total equity value of approximately $44.6 billion. Microsoft’s proposal would allow the Yahoo! shareholders to elect to receive cash or a fixed number of shares of Microsoft common stock, with the total consideration payable to Yahoo! shareholders consisting of one-half cash and one-half Microsoft common stock. The offer represents a 62 percent premium above the closing price of Yahoo! common stock on Jan. 31, 2008.“

    Microsoft’s CEO, Steve Ballmer says:

    “We have great respect for Yahoo!, and together we can offer an increasingly exciting set of solutions for consumers, publishers and advertisers while becoming better positioned to compete in the online services market. We believe our combination will deliver superior value to our respective shareholders and better choice and innovation to our customers and industry partners.”

    Older Accounting packages and Oplocks
    Do you remember the old days of 16 Bit based database applications on windows 2000, XP and now Vista? Things like Attache, Arrow accounting and the like?

    You had to edit the registry and play with the Oplocks settings.
    If you have oplocks disabled, Vista has problems with folder re-direction.
    It will also prevent Vista from syncing offline files.

    Sometime for the new enlightened Vista guru's to note.
    Microsoft article link

    Send feedback about this particular blog
    Read Feedback from others

    3 February 2008 - Mickyj.com

    End blog for: 3 February 2008

    Sometimes thankful
    Kill the little Gremlin
    Sometimes I am thankful that some Malware writers do such a bad job. You know the ones. The Spyware that slows down your pc, so you know something is wrong. The lazy key loggers that leave their raw text files on the desktops, the Adware that prevents IE from opening so you know something is broken or the Rootkit that stealthily gains access to your PC, hides itself but makes your system so sick it blue screens and in doing so helps you diagnose and solve the issue as you eradicate the nasty knowing it's secret.

    Recently I had this last one. A system that would randomly reboot. In the event log it made reference to the file burito540-3b2f.sys and burito6f44-3eaf.sys services being unable to start.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    User: N/A
    Computer: WORKSTATION31
    The burito6f44-3eaf service failed to start due to the following error:
    Cannot create a file when that file already exists.

    Then there are the dump files which after debugging, show the fault to be burito540-3b2f.sys.

    Sounds simple, find the service, stop it, uninstall the application. There was no service linked to this file in Services. There was no new program under Add/Remove. There were no new files under Program files or in the Windows and System32 folders. There was no mention of the file in the Registry or in a file search (With advanced - search all hidden files turned on). The file did not sit in the System restore or on any mapped network drive.

    This is the first clue that I have a Rootkit. It is there but it is not there. Thankyou for the Blue screen burito540-3b2f.sys because I now know I have an issue and that Trend Micro is not seeing it.
    (Another clue that this is a rootkit)

    I Googled it. Zip, nothing. I looked through Eventid.net , Zilch.

    I ran Rootkit revealer, .... bang there are the files causing the issues in C:\Windows\System32. There are the entries in the Registry in front of me.

    HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_BURITO540-3B2F 17/01/2008 8:42 AM 0 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_BURITO540-3B2F\0000\Service 24/01/2008 3:49 PM 30 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_BURITO540-3B2F\0000\DeviceDesc 24/01/2008 3:49 PM 30 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_BURITO6F44-3EAF 16/01/2008 4:43 PM 0 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_BURITO6F44-3EAF\0000\Service 24/01/2008 3:49 PM 32 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_BURITO6F44-3EAF\0000\DeviceDesc 24/01/2008 3:49 PM 32 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\burito540-3b2f 24/01/2008 3:49 PM 0 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\burito540-3b2f\ImagePath 24/01/2008 3:49 PM 86 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\burito540-3b2f\DisplayName 24/01/2008 3:49 PM 30 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\burito6f44-3eaf 24/01/2008 3:49 PM 0 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\burito6f44-3eaf\ImagePath 24/01/2008 3:49 PM 88 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\burito6f44-3eaf\DisplayName 24/01/2008 3:49 PM 32 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_BURITO540-3B2F 17/01/2008 8:42 AM 0 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_BURITO540-3B2F\0000\Service 24/01/2008 3:49 PM 30 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_BURITO540-3B2F\0000\DeviceDesc 24/01/2008 3:49 PM 30 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_BURITO6F44-3EAF 16/01/2008 4:43 PM 0 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_BURITO6F44-3EAF\0000\Service 24/01/2008 3:49 PM 32 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_BURITO6F44-3EAF\0000\DeviceDesc 24/01/2008 3:49 PM 32 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet003\Services\burito540-3b2f 24/01/2008 3:49 PM 0 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet003\Services\burito540-3b2f\ImagePath 24/01/2008 3:49 PM 86 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet003\Services\burito540-3b2f\DisplayName 24/01/2008 3:49 PM 30 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet003\Services\burito6f44-3eaf 24/01/2008 3:49 PM 0 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet003\Services\burito6f44-3eaf\ImagePath 24/01/2008 3:49 PM 88 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet003\Services\burito6f44-3eaf\DisplayName 24/01/2008 3:49 PM 32 bytes Hidden from Windows API.
    C:\WINDOWS\system32\burito.ini 16/01/2008 4:44 PM 39.47 KB Hidden from Windows API.
    C:\WINDOWS\system32\burito540-3b2f.sys 16/01/2008 4:44 PM 126.75 KB Hidden from Windows API.
    C:\WINDOWS\system32\burito6f44-3eaf.sys 16/01/2008 4:43 PM 126.75 KB Hidden from Windows API.

    I booted the PC up with Bartpe, renamed the rootkit stealthed files to something that would not run and moved them out of the file system. Created folders of the same names in the same area so that the files could not come back and then rebooted. After the reboot, suddenly Trend detected the viruses. Goodbye rootkit, hello uncloaked viruses.

    Now I know that the "burito" is a signature of a known new virus. Now that Trend works, I can work out what it is. Time to kill the system restore points and clean the mess up. Just think, if the Malware writer had gone to a good programming school, the Malware might not have blue screened and we would not have know that it was on the system.

    This virus is now in Trend's Encyclopaedia as TROJ_PEACOMM.BM and WORM_NUWAR.BK.

    It arrives as a .SYS file and is saved in the Windows system folder. It is then registered as a service. It has rootkit capabilities that enable it to hide files and registry keys/entries. It does this by hooking certain application programming interface (APIs).

    I hope you never have the pleasure .....

    Michael Apthorpe leaves the technical helm of AMD Australia
    Yes, Michael the Technical Manager of AMD Australia has moved on to bigger and better things. We all wish you well Michael (In all you do !). You were great and I knoww you will move onto great things. 8 years at AMD was a good solid effort and all us techies at heart thank you for it.

    Send feedback about this particular blog
    Read Feedback from others

    24 January 2008 - Mickyj.com

    End blog for: 24 January 2008

    Mega Post Time (Again)
    There was considerable support at the ADNUG (Adelaide Dot Net Users Group) recent meeting to form ASPUG (Adelaide SharePoint Users Group). It looks like this group may form in Adelaide. If you are interested, drop me a line and I will pass along contact details.

    “Small Business” as the title in RWW when you connect
    This is default if you have a blank registered organisation name at the time of registration of your SBS server. You can change this afterwards by editing the following:

    Warning: Incorrect use of the Windows Registry Editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes. In cases where you're supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\RegisteredOrganization

    Change login screen in Vista
    If you are a home user of Windows Vista you are most likely greeted by a welcome screen with available logins. This is not always what you would like and the network based CTRL-ALT-DELETE approach with a window for user name and password is sometimes preferred.

    To achieve something closer to that you can try this, start gpedit.msc (as administrator)

    Browse into
    Local Computer Policy
    Computer Configuration
    Windows Settings
    Security Settings
    Local Policies
    Security Options

    There you will find several policies for Interactive Login. Double click "Interactive logon: Do not require CTRL-ALT-DEL"" and set it to disabled.

    End of the OneCare V2.0 Public Beta - Final Notice
    The Windows Live OneCare Public Beta has ended on Monday, January 14, 2008. At that time, if you have the software, your software will change to an expired status (the firewall and anti-virus portion will continue to work, however no new AV updates will be downloaded/installed). As well, all other functions (Tune Up, Back Up, etc.) will no longer function.You must uninstall the OneCare V2.0 Beta by going into your Control Panel and selecting Add or Remove Programs (in Windows XP) or Programs and Features (Windows Vista). You will find the software listed as Windows Live OneCare.After removing the software, you will be required to reboot your computer.

    You can install the 90-day trial version of Windows Live OneCare from http://onecare.live.com or the anti-virus software of your choice. Until you install a replacement product, you will continue to receive a system prompt (red shield) to remind you that your system does not have anti-virus protection.

    What is Microsoft Silverlight?
    Microsoft Silverlight is a cross-browser, cross-platform plug-in for delivering the next generation of Microsoft .NET–based media experiences and rich interactive applications for the Web. (Think of Adobe Flash on Steriods)

    I have recently tried to install Silver light on my Windows XP pro machine and it told me I was not logged in as an administrator so I could not install it. As I am the administrator, ... I am yet to install this but it looks promising.

    Read more here

    Compatible Operating Systems and Browsers
    Operating System Windows Internet Explorer 7 Internet Explorer 6 Firefox 1.5 Firefox 2 Safari
    Windows Vista Yes - Yes Yes -
    Windows XP SP2 Yes Yes Yes Yes -
    Windows 2000 - Soon** Soon** Soon** -
    Windows Server 2003 (excluding IA-64) Yes Yes Yes Yes -
    Mac OS 10.4.8+ (PowerPC) - - Yes* Yes* Yes*
    Mac OS 10.4.8+ (Intel-based) - - Yes Yes Yes
    * Silverlight 1.0 Only ; ** Silverlight 1.1 Only
    Minimal Requirements
    Components Requirement
    Personal Computer running Windows X86 or x64 500-megahertz (MHz) or higher processor with 128-megabytes (MB) of RAM
    Mac OS 10.4.8+ (PowerPC) PowerPC G4 800-MHz or higher processor with 128-MB of RAM
    Mac OS 10.4.8+ (Intel-based) Intel Core Duo 1.83-gigahertz (GHz) or higher processor with 128-MB of RAM

    If you want to make the most out of Vista, here are 12 tricks hidden in plain site.
    Check it out here

    “Exchange IMF Custom weighting feature Autoupdater”
    Wow, now we can tweak IMF. Check it out. (The site is not in English but you will get the idea) Check it out here

    Don't run the CEICW on Feb 29th
    Due to the certificate date creation algorithm, it will fail. It will work again March the first :) More information here here

    My SBS to-do list is empty
    I had a client with an empty to do list. The MMC opened but all the links to the wizards were gone in the to-do section and I was greeted with a blank page. I discovered if you right click the to-do list link in the server manager and told it to open in a new Window, .. All the wizards are there and everything works. Phew, back into a comfort zone (of sorts).

    RRAS wizard in the to-do list fails to complete.
    I had a client where the RRAS wizard would not complete. I took a look in the rraslog.txt and found the following text towards the end of the wizards procedures

    Setting the default authentication methods returned OK
    Disabling NETBIOS for RAS returned OK
    Changing RRAS startup type to automatic returned OK
    Configuring Remote Access Policy returned OK
    *** Stopping RRAS again returned ERROR 80070426
    *** Starting RRAS service returned ERROR 80070002
    Specifying error location returned OK
    *** CRRASCommit::CommitRRAS returned ERROR 80070002
    *** Committing RRAS returned ERROR 80070002
    *** CRRASCommit::CommitEx returned ERROR 80070002

    Changing RRAS startup type to automatic returned OK
    *** Configuring Remote Access Policy returned ERROR 80030002
    Specifying error location returned OK
    *** CRRASCommit::CommitRRAS returned ERROR 80030002
    *** Committing RRAS returned ERROR 80030002
    *** CRRASCommit::CommitEx returned ERROR 80030002

    I found a "Repair Remote Access" utility from a Microsoft Tech ( rarepair.exe). I believe the tool uninstalled and reinstalled the RRAS components. Upon running it, it just executed instantly in a command prompt Window and then required a server reboot. After the reboot it automatically ran again and quickly required another reboot. After this restart, I logged back in and immediately ran the RRAS wizard and got a different error.

    I looked in the event log and found the following

    Event Type: Error
    Event Source: RemoteAccess
    Event Category: None
    Event ID: 20152
    Date: 11/01/2008
    Time: 2:10:48 PM
    User: N/A
    Computer: FS1
    The currently configured authentication provider failed to load and initialize successfully. The system cannot find the file specified.

    Now this was something I could work with as there is a knowledge base article on this fault. You cannot start the Routing and Remote Access service on a Windows 2000 Server-based computer or on a Windows Server 2003-based computer KB 840686

    The basics are to extract/expand some files off the SBS diskset.
    Ad he prompt

    "CD Drive letter:"
    cd i386
    ren %windir%\system32\ias\ias.mdb %windir%\system32\ias\iasOLD.mdb
    ren %windir%\system32\ias\dnary.mdb %windir%\system32\ias\dnaryOLD.mdb
    expand ias.md_ %windir%\system32\ias\ias.mdb
    expand dnary.md_ %windir%\system32\ias\dnary.mdb

    Then it should be all good.

    Backup that refuses to see media
    I came across a server that kept insisting there was no drive C: and no media to back it up. the errors in the log mentioned the following

    Backup Runner started.
    OpenNtmsSession failed. (0x80080005)
    GetTapeMediaPoolName failed. (0x80080005)
    GetBackupDestination failed. (0x80080005)
    LaunchNTBackup failed. (0x80080005)
    NTBackup finished the backup with errors.

    By my research, I discovered the problem occurs when Removable Storage is not started or RSM database is corrupted.
    I checked if the Removable Storage service was started. (It was). I then rebuilt the RSM databases

    1. Run services.msc
    2. Disabled the Removable Storage Service.
    3. Navigate to c:\windows\system32\NTMSdata
    4. Rename the file NTMSDATA to NTMSDATA.OLD
    5. Enable the Removable Storage Service.
    6. Launch ntbackup to see if that's successful.

    If you have this problem, always check it's in the HCL list.

    Send feedback about this particular blog
    Read Feedback from others

    21 January 2008 - Mickyj.com

    End blog for: 21 January 2008

    Mega Post Time
    My Mega post
    With all my email subscriptions, newsgroup subscriptions, personal interests and work challenges, I get thousands of items I could post. Because I get so many pieces of info, I stash them into a folder in Outlook and every now and then flick through them. Occasionally I will think, "gee I put that there months ago, I should have posted it. It is old news now". Hence my Mega posts. A bad attempt to catch up.

    From time to time, I like to revisit Sysinternals. Not only because the popular site showcases an awesome collection of system utilities, but also because it is updated so often with great new utilities. For instance, if you haven't checked back since late last year, there is the new Handle v3.30 utility that displays information about open handles for any process in the system. Recent new additions/updates also include BgInfo v4.11 (This works with Vista), which automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, and service pack version; and Process Monitor v1.25, an advanced monitoring tool for Windows that shows real-time file system, registry, and process/thread activity. To find all the utilities and resources check out the Windows Sysinternals home page. These tools travel with me everywhere I go. Process explorer is one of my favourite tools. Check them out.

    The Adelaide SBS user group Rocks
    I had a very unusual issue. I have a very expensive 486 PC that performs all sorts of video miracles. It has a very special case with built in Amp and speakers. The motherboard (15 years old) had failed.

    Due to the design of the case, I needed a motherboard with 3 x Vesa Local bus slots (They had to be on the outer edge of the motherboard due to the case design), I needed 3 normal ISA and an 8 bit slot (or 4 ISA slots). I also need 12 mb ram maximum due to the video memory hole at 16 mb (The Bios needs to exclude the hole or Genlocking fails).

    There is a VLB Video overlay and genlock board connected to a 2 mb VLB trident board (Via internal feature cable), then a RAID controller Junior (VLB) linking across to a professional ISA sound card, ISA mpeg and CDI card, a network card and then finally FM audio input card, then all linked into the case. The case is then linked into a Shuttle jog VCR.

    All slots are full to bursting.

    ... A very hard job to replace all this and a very costly exercise. (Imagine configuring all the IRQ and DMA's not to clash!) On top of this is the SyQuest internal cartridge hard drive and speaker AMP. I looked on Ebay for something similar. Nothing. I found a shop in America with the same board I had, who did not reply to emails. I threw caution to the wind and emailed into our SBS users group yahoo group.

    I had 9 direct offers of boards, 2 brought them to the new SBS users group meeting and a further 4 leads.

    This has to be the most charitable group I have ever belonged to. The support was absolutely fantastic and the 486 was running again soon, with all video features.

    Interesting Windows 2000 server glitch
    I have a server at home that does nothing more than store digital camera photos. It is totally headless and is a glorified NAS. I have terminal services installed on it so that I can log in and shut it down gracefully. One day I decided to use the shutdown.exe tool included with Windows XP (On my desktop).

    The next reboot I get:
    Windows 2000 server could not start because the following file is missing or corrupt: \WINNT\SYSTEM\CONFIG\SYSTEM

    The system registry hive was corrupted. I repaired this and booted up. Then I tried the shutdown tool again. Then the software hive was corrupted. I tried several times and every time, one of the hives needed a restore. I have since gone back to shutting down using terminal services.

    If you have this issue, you can boot into the recovery console and attempt to rename 'system.alt' to "system". You could copy the file from %windir%\repair\regback if you had made a backup. You can also copy the original copy from %windir%\repair\ (But some settings will be lost as this is the original version of the file when the system was installed). If %windir%\repair\regback doesn't exist then this just means you have never backed up the registry.

    'system.alt' and 'system.sav' are transaction log components of the registry. The system hive contains hardware, driver and service related entries and configurations.

    Can you configure exchange to listen on additional SMTP ports?
    Yes, you can configure the SMTP server to listen on an additional port. In the Exchange System Manager, Server, SBS, Protocols, SMTP, properties of the default SMTP server, General, Advanced, Add, etc. On an SBS box you would also need to run the CEICW and make a custom port entry to allow traffic to come into this port.

    Setting mailbox limits over 2GB in Exchange 2003
    When trying to configure mailbox limits higher than 2097151 KB the Exchange System Manager or Active Directory Users and Computers snap-ins will not allow you to enter these higher limits.

    Take a look at Petri for a solution

    What is WinSxS (Windows Side-by-Side)
    I have a client with a virus. It is detected in the folder C:\Windows\system32\W?nSxS. Looking in the file system and substituting an "i" for "?" I get C:\Windows\system32\WinSxS.

    As it turns out, the client has a folder called C:\Windows\WinSxS which is the real folder, C:\Windows\system32\WinSxS was a fake for this virus. What is this ?

    Taken from another online source (I forgot to record the link details)

    "Content is added to this directory in response to installing applications, enabling packages in the add-remove-programs UI, and installing Windows Out-of-Band releases. Content is removed from this directory as a result of uninstall + scavenging - a topic for another time. One important note - uninstalling your application or Windows app will not necessarily remove the physical bits from the system. The servicing stack marks the bits as unusable and prevents their use through "normal" means. Files and directories will be removed over time as the servicing system cleans up after itself. Administrators should not, for any reason, take it upon themselves to clean out the directory - doing so may prevent Windows Update and MSI from functioning properly afterwards. Preventing accidental deletion from the directory is accomplished by putting a strong security descriptor on the directory that inherits to its children."

    "In Windows Vista, the directory %windir%\WinSxS has much stronger protection on it than it did in Windows XP and Server 2003. The owner/group is now a SID named "Trusted Installer", a service SID used to start the TrustedInstaller service. Users other than the trusted installer are granted only generic-read/generic-execute by default. This increased protection ensures that only the trusted installer service is allowed to modify the servicing-related metadata and files. If a limited user could modify a file in the directory, for example, they could convince the servicing stack to overwrite one binary with another when the next administrator comes along to enable the Games for Windows package."

    This directory has a potential to grow pretty much unchecked over time. It is a huge hard drive space hog on any default Vista install.

    Enable Userenv log
    Most versions of Windows let you modify the registry to turn on debug logging of the user profile and the Windows system policy processes.

    Warning: Incorrect use of the Windows Registry Editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes. In cases where you're supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.

    Take a look at KB221833

    Enable Userenv log:

    Use Registry Editor to add the following registry value (or modify it, if the value already exists):
    Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Value: UserEnvDebugLevel
    Value Type: REG_DWORD
    Value Data: 10002 (Hex)

    UserEnvDebugLevel can have the following values:
    NONE 0x00000000
    NORMAL 0x00000001
    VERBOSE 0x00000002
    LOGFILE 0x00010000
    DEBUGGER 0x00020000

    The default value is NORMAL|LOGFILE (0x00010001).

    Note To disable logging, select NONE (where the value is 0X00000000).
    You can also combine the values. For example, you can combine
    VERBOSE 0x00000002 and LOGFILE 0x00010000 to get 0x00010002. So if
    UserEnvDebugLevel is set with a value of 0x00010002, this turns on both LOGFILE
    and VERBOSE. Combining these values is the same as using an OR statement:
    0x00010000 OR 0x00000002 = 0x00010002
    The log file is written to the %SystemRoot%\Debug\UserMode\Userenv.log file.

    Interesting update to USB U3 flash devices in Vista
    Windows versions prior to Windows Vista will, by default, automatically run programs designated in the autorun.inf file on CDs, but not on USB drives. By lying about itself, a U3-enabled USB flash drive fools the system into autorunning something called the "U3 launcher". The U3 launcher can then start programs, give you a menu, or do pretty much anything that you could do with the computer yourself. Being an owner of a U3 device and a person who hates the U3 popup and disconnection tools, this is finally a way to silence the annoying habit it has.

    I have a client running SBS 2003 R2 Premium suffering from the recent NDR attack
    The first symptom was the apparent lack of email flow. Email could not go out or in. This was because their email queues were so large and full of emails from postmaster@domain.com, being their domain sending the emails out.

    If you get similar issues, refer to
  • KB886208
  • Charlies blog

    You can stop sending NDRs out to people who have sent you misspelt messages by the Global Settings > Internet Message Formats object in Exchange System Manager. Every little bit helps.

    SBS 2003 SP1 ISA 2004 upgrade deadline silently passed
    You had until December 2007 to order the SP1 media that included ISA 2004 for Premium users. It was the last and final offer from Microsoft as they already cancelled this once, and MVP's battled to get it back.
    If you need SP1 with ISA 2004, sadly, you can get it no more.

    XP sp3 release candidate now out
    Standalone Update Package for Windows XP Service Pack 3 Release Candidate
    Download details: Standalone Update Package for Windows XP Service Pack 3:
    Download here

    SQL 2000 dropping from support
    SQL 2000 falls out of mainstream support in April of 2008. We should now all look at our SQL 2000 applications and consider what our support and lifecycle plans are. Future plans for upgrades? Supportability? link here

    Office 2003 SP3 blocks old file formats
    My father purchased a cheap IBM laptop with Vista Home Premium and I gave him a retail Office 2003 Professional. He uses PowerPoint in his local church and to his horror, he can not open his older power point presentations. He gets the error

    You are attempting to open a file type that is blocked by your registry policy setting.

    After trawling the internet I found some registry tweaks to get him past this. KB922847 offered some help

    Then I find that Microsoft have blocked a number of files. Among the blocked files are older Microsoft Word, Excel and PowerPoint formats, as well as older formats used by Lotus 1-2-3 and Corel Corp.'s Quattro Pro and Corel Draw. Word 2003 with SP3, blocks a staggering 24 former formats, according to Microsoft, including the default word processing file format for Office 2004 for Mac, the currently available edition of Microsoft's application suite for Mac OS X.

    IT administrators can download a group policies template from the Microsoft site to return formats from the dead, but individual users must instead edit the Windows registry.

    Vista on SBS 2003 revisited
    Install the Vista and Outlook 2007 compatibility update on the SBS server
    This update adds support for the Windows SBS Client Deployment tools along with other compatibility issues for Windows Vista and Office 2007 in a Windows SBS network. For the full list of updates necessary for Windows Vista and Outlook 2007 compatibility see the Instructions section.
    Further details

    Be sure to read the bottom part of this page for additional requirements.

    Review the following: It has a couple of links to follow:
    KB555912 and KB926505 as listed on my Vista page

    For Vista Clients to work properly with SBS 2003:To join the domain, Vista must be Business, Enterprise or Ultimate.And should/must be joined to the SBS network using the connectcomputer wizard.

    Clean install of Windows Vista with an upgrade-only edition
    Love it, hate it or denounce it. The information is out there. I personally would not support this nor recommend people do it however, those hoping to do a clean install of Windows Vista with an upgrade-only edition of the OS may not be entirely out of luck.
    This priocess is not supported by Microsoft.
    You can get around that requirement to have Windows XP or Windows 2000 already installed on your PC by instead using the upgrade DVD to first install a 30-day trial version of Vista (done simply by not entering the product key when prompted to do so during the installation).

    Once you've got the trial version of Vista up and running, you simply start the installation process all over again from within Vista, this time entering the product key when prompted. After that's done, you should have a cleanly-installed, fully-functioning version of Vista.

    Send feedback about this particular blog
    Read Feedback from others

    6 January 2008 - Mickyj.com

  • End blog for: 6 January 2008

    Internet Explorer 8
    Not long after IE7, IE8 is being put together
    Whilst world wide, MVP's were placed in a press Embargo, it looks like people are finally talking about the up and coming IE8.

    IE8 has successfully rendered Acid 2. This is an important landmark for IE8 as it highlights the interoperability, standards compliance, and backwards compatibility that Microsoft want to get right in this release. Acid2 is one test of modern browsers to determine how well they work with several different web standards.

    The official name of Microsoft’s next version of the browser is Windows Internet Explorer 8. Beta 1 will be released in the first half of 2008.

    to read more take a look at:

  • MSDN Blogs
  • Internetexplorer8.net

    What is "IE8 standards mode"?
    From Microsoft:

    "Modern browsers typically have two modes to render web pages, "quirks" and "standards." Our experience with releasing IE7 taught us that many web sites today expect us to have IE6-compatible behavior. With IE8 we believe we have a deep obligation to interoperability and compatibility with existing web sites, and this has led us to add an additional mode to enable supporting industry standards even better. Developers can now write sites based on standards, insert a flag that tells IE to render in IE8 standards mode, and IE will then switch its rendering engine to use this new mode. This allows pre-existing sites to continue to work, and developers can opt-in to the new rendering engine on their own schedule.

    For compatibility purposes IE8's rendering engine defaults to "quirks" or "standards" mode. Site developers will need to insert a new opt-in flag to request the page to render using “IE8 standards mode."

    Send feedback about this particular blog
    Read Feedback from others

    5 January 2008 - Mickyj.com

  • End blog for: 5 January 2008

    Microsoft have bestowed their MVP award on me for the fifth year!
    Microsoft have yet again awarded me an MVP in Small Business Server. I feel not worthy but gladly and humbly accept it. I sometimes get so wrapped up in my own life at home and work I forget about the community and just get on with things. Then I remember the people I have had lengthy email chains with. I remember the long hours thrashing out issues, logging in remote and working over time zone boundaries. Yes, reader, if you have emailed me, I remember you.

    I sent out Christmas messages and well wishes to all those that asked for my help in 2007. I also remember my beginnings in 2004 and in New Zealand in 2005 (Hi guys!). If you have ever emailed me personally and I have had a hand in helping you, I have kept our communications to look through. It brings back memories of our conquests and I like to check up on you. I am glad most of you replied and are doing well.

    2008 will be a big year. Let me wish you well for 2008 (a Belated "Happy New Year" as it were) and tell you that there are exciting things about to descend on us from Redmond. I am hopeful to be there in April and participate in the hot labs and discussions with project teams. As you might appreciate, this is a long trip from Australia and yet, it is so well worth it. Microsoft support MVP's so we can support you.

    I wish you well and again offer to be your conduit if you need help. Feel free to email me, look at my blog, read my ramblings and sift my web pages. This is what I do.

    Thankyou one and all.

    But what is an MVP ?
    Officially taken from Microsoft's website:

    The Microsoft Most Valuable Professional (MVP) Award is an annual award that is given to outstanding members of Microsoft's technical communities, and that is based on contributions made during the previous year to offline and online technical communities.

    Over 100 million people participate in technical communities but there are only about 3,500 MVPs worldwide. Outstanding technical community members are nominated by their peers, Microsoft employees, and MVPs. Each year a panel of Microsoft employees reviews the contributions of each nominee for quality, quantity, and level of impact on the technical community. Today's MVPs reflect Microsoft's global customer base and the breadth of its technologies.

    As an MVP, I also hold an MCP in various Microsoft products and am a Small Business Specialist. Most MVP's have multiple credentials however it is not essential. To me, the MVP is the best I can be and I am thankful for Microsoft's Support

    Send feedback about this particular blog
    Read Feedback from others

    2 January 2008 - Mickyj.com

    End blog for: 2 January 2008

    Symantec Backup Exec and Word document recovery
    Why is Symantec Backup Exec 11.d using a remote agent?
    I don't backup any remote workstations or servers. I only backup the main server, information store and system state.
    Why do I get remote agent errors in my job log when I don't use the remote agent?

    This software uses the remote agent to communicate with the information store and system state. If you look through the log you will see it uses the loop back address to get the data it needs for the backup.

    - snip from log -
    Network control connection is established between --
    Network data connection is established between --
    - snip from log -

    Symantec Backup Exec installation failure - Failed to install SQL Express error 28111

    I am doing a bare metal Small Business Server recovery and after the initial installation and recovery, I need to reinstall Backup Exec again. It will not install and on both the Symantec and Veritas site there seems to be no solution. I found a reference elsewhere that installing MSDE, WMSE or SQL and an error 28111 means that there are unexpected data files already in existence in the default install path. I told Backup Exec to install to an alternative location and now everything works fine. I would use the original location but there are already other SQL services there and I did not want to delete the wrong ones.

    How do I recover a Microsoft Word document?

    I had a client with a large document they were working on. They saved it to the network. The next time they opened it, Microsoft Word said it could not understand the document and offered to install the text reader to recover the file. Unfortunately it did not try an auto recovery and they have no backup. I opened the file in Notepad and noticed there was no Microsoft word header. No wonder Word was rejecting the file. I tried opening and converting with Excel and numerous word repair tools from the internet.

    None of them could recognise the file and all recoveries ended up with an unintelligible mess.

    I was running out of ideas then I thought, why not try good old fashioned Windows Write. I renamed the doc extension to wri, it opened in Word pad .... Perfectly. Images, margins, tables, colours and fonts were all there. I saved it out as an RTF file (This took it from 2 mb to 40 mb) and then opened in word. It was fine. I then saved back as a word file and it was back down to 2 mb.

    The next time you find yourself in this situation, give it a try.

    I can't service pack Exchange 2003 after a Bare metal restore

    I have done a restore without the Exchange files. I have installed Exchange using the disasterrecovery switch but I keep getting Mapi32.dll errors. The system tells me I have the wrong version. This is likely as the original installation was Exchange 2003 SP2 and I have just installed Exchange 2003 no service pack. The MAPI32.dll file would have been recovered from backup as it is not in the Exchsvr folder and would have restored with Windows. My solution is to install SP2 for Exchange. I attempt to run the SP2 but it tells me an earlier version of IMF is installed and needs to be removed. This is a fairly new server. It is R2. It would have never had IMF v 1. It was Exchange, upgraded to SP2 with the R2 technologies disk. IMF v 1 has been removed from Microsofts website and I can not remove it from the server from Add/remove (It was never installed anyway). I found an old copy of IMF1, I installed it, uninstalled it and then SP2 ran as normal. Thank goodness I found a copy of IMF1.

    Send feedback about this particular blog
    Read Feedback from others

    19 December 2007 - Mickyj.com

    End blog for: 19 December 2007

    Outlook 2003 woes
    Outlook 2003 on Windows Server 2003 R2 SP2
    Here I am building up a terminal server. I have a MOLP licence for Office XP and Outlook 2003 available with the SBS 2003 Cals. I have installed Office XP professional without Outlook and then installed Outlook 2003.

    I log my first user on and open Outlook. nothing special, all looks fine. I close it. Later I reopen it and to my horror, it will not open.

    I get

    "Cannot start Microsoft outlook. Unable to open the Outlook window. The set of folders could not be opened. The connection to the Microsoft Exchange server is unavailable.".

    Wow. I tried numerous solutions from the web (including the /cleanprofile switch and deleting the local profile from mail in control panel). I also uninstalled and reinstalled Outlook and Office. I got really desperate and started deleting OST files and even the nck nickname files.

    The solution is an update to ISA 2004 (Of all things).

    This occurs because Remote procedure call (RPC) data is blocked by a computer that is running Microsoft Internet and Acceleration (ISA) Server 2004 or ISA Server 2000 (My SBS 2003 server). When you enable the RPC filter in ISA Server (Again ... SBS), the RPC filter enforces strict compliance with a subset of the RPC protocol that is used by Microsoft Exchange Server MAPI communications. Unfortunately the RPC filter in ISA Server is incompatible with the changes to the RPC protocol in Windows Server 2003 SP1 and in this case SP2.

    Take a look at KB article 897716 and download the ISA std patch (If you are using SBS) here.

    Send feedback about this particular blog
    Read Feedback from others

    11 December 2007 - Mickyj.com

    End blog for: 11 December 2007

    Vista, Control panels and printers
    I want my printers
    I have a problem. I hope a reader out there can solve it for me. I have a tendency to want to lock users out of their control panel. I am talking about company machines, not home users. I want to stop users messing with their system, changing settings and uninstalling the wrong things. I have done this since policies were available on networks using Poledit and not the Active directory tools. It is very successful for me. I get less people tweaking and more people working. This worked fine in Windows 9x, fine in 2000 and XP. Now I have Vista.

    I can certainly block users access to everything in control panel using policies but I want the users to be able to get to the printers tool. It seems the printers tool is unavailable when the control panel is blocked. Under XP if you blocked the control panel, printers and faxes was still available on the start menu. Under Vista, the printers menu option (Which I add to Vista) vanishes.

    With my policies I have three options. Block control panel, block certain items in control panel or only allow certain items. This would be perfect if I knew what the name of the printer applet was. It turns out it is harder than this. It is a Shell file and not a CPL file. I can find the shell extension running href="http://www.nirsoft.net/utils/shexview.html">Shexview but have can I add this or deny everything but this in a policy?

    If someone has an Idea, let me know.

    For those new to the control panel, there is a registry key on the system which tells control.exe what to show in control panel. These are files with extension cpl or they run through Rundll32.dll.

    It is possible to run Control Panel applets from the command line by just typing control "applet name"

    There are some instances when the .cpl file represents more than one control panel applet when you need to pass a parameter of which applet to run, below is a short list

  • srvmgr.cpl - use services, devices or server
  • main.cpl - Fonts, Mouse, Printers or Keyboard
  • mmsys.cpl - Sounds or Multimedia

    e.g. "control main.cpl printers" will run the printer control panel applet

    You can also associate the .cpl extension with control.exe, which means you only need to type the applet name. This is accomplished using the command line "assoc" and "ftype" commands

    assoc .cpl=ControlFile
    ftype ControlFile=control.exe %1 %*

    You can now just enter the command and it will run (be sure to include the .cpl extension).

    Here are the general Windows XP Pro Control Panel applets:
    System Properties = sysdm.cpl
    Network Connections = ncpa.cpl
    ODBC Administrator = odbccp32.cpl
    Display Properties = desk.cpl
    Add or remove programs = appwiz.cpl
    Internet Properties = Inetcpl.cpl
    Game Controllers = joy.cpl
    Phone and modem Options = telephon.cpl
    Time and Date Properties = timedate.cpl
    Region and Language Options = intl.cpl
    Power Options = powercfg.cpl
    Mouse Properties = main.cpl
    Accessibility Options = access.cpl
    Add Hardware Wizard = hdwwiz.cpl
    Sound and Audio Devices = mmsys.cpl
    User Accounts = nusrmgr.cpl
    Speech Properties = sapi.cpl

    On Vista I have:

    It should be noted that, as with most other things in the Windows OS, there is more than one way to launch an explorer shell extension. Rundll32.exe can be used to spawn explorer shell extensions, such as:

    Add Printer Dialog:
    RUNDLL32 SHELL32.DLL,SHHelpShortcuts_RunDLL AddPrinter

    Connect to Printer Dialog:
    RUNDLL32 WINSPOOL.DRV,ConnectToPrinterDlg

    Swap Mouse Buttons:
    RUNDLL32 USER32.DLL,SwapMouseButton

    Map Network Drive Dialog:
    RUNDLL32 SHELL32.DLL,SHHelpShortcuts_RunDLL Connect

    Disconnect Network Drive Dialog:
    RUNDLL32 SHELL32.DLL,SHHelpShortcuts_RunDLL Disconnect

    Rundll32.exe can also be used to open the Control Panel, or specific Control Panel Applets:
    Control Panel Applet:
    RUNDLL32 SHELL32.DLL,SHHelpShortcuts_RunDLL

    Accessibility Options Control Panel Applet:
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL access.cpl

    Add Hardware Wizard Control Panel Applet:
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL hdwwiz.cpl

    Add Remove Programs Control Panel Applet:
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL appwiz.cpl

    Automatic Updates Control Panel Applet:
    RUNDLL32 SHELL32.DLL,SHHelpShortcuts_RunDLL wuaucpl.cpl

    Date and Time Properties Control Panel Applet:
    RUNDLL32 SHELL32.DLL,SHHelpShortcuts_RunDLL timedate.cpl

    Display Properties Control Panel Applet:
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL desk.cpl

    Mouse Properties Control Panel Applet:
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL main.cpl

    Network Connections Control Panel Applet:
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL ncpa.cpl

    Network Setup Wizard Control Panel Applet:
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL netsetup.cpl

    ODBC Data Source Administrator Control Panel Applet:
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL odbccp32.cpl

    Phone and Modem Options Control Panel Applet:
    RUNDLL32 SHELL32.DLL,SHHelpShortcuts_RunDLL telephon.cpl

    Power Options Properties Control Panel Applet:
    RUNDLL32 SHELL32.DLL,SHHelpShortcuts_RunDLL powercfg.cpl

    Printers and Faxes Control Panel Applet:
    RUNDLL32 SHELL32.DLL,SHHelpShortcuts_RunDLL PrintersFolder

    Regional Options Control Panel Applet:
    RUNDLL32 SHELL32.DLL,SHHelpShortcuts_RunDLL intl.cpl

    Sound and Audio Devices Control Panel Applet:
    RUNDLL32 SHELL32.DLL,SHHelpShortcuts_RunDLL mmsys.cpl

    Sun Java Control Panel Applet:
    RUNDLL32 SHELL32.DLL,SHHelpShortcuts_RunDLL jpicpl32.cpl

    System Control Panel Applet:
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL sysdm.cpl

    User Accounts Control Panel Applet:
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL nusrmgr.cpl

    Windows Firewall Control Panel Applet:
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL firewall.cpl

    Windows Security Center Control Panel Applet:
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL wscui.cpl

    The Syntax for rundll32.exe is:
    “RUNDLL32.EXE dllname,entrypoint optional-arguments”

    Suppose one wanted to launch the Display Properties Control Panel, but wanted it to open directly to a specific tab, instead of the default (left most tab). This can be accomplished via:

    Display Properties Control Panel (Desktop Tab):
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL desk.cpl,,0

    Display Properties Control Panel (Screen Saver Tab):
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL desk.cpl,,1

    Display Properties Control Panel (Appearance Tab):
    RUNDLL32.EXE SHELL32.DLL,Control_RunDLL desk.cpl,,2

    You can find a lot more detail on Wikipedia.

    Send feedback about this particular blog
    Read Feedback from others

    9 December 2007 - Mickyj.com

  • End blog for: 9 December 2007

    Musings as Christmas approches
    Microsoft Response Point
    Microsoft recently announced Microsoft Response Point with an on-line launch at http://www.microsoft.com/responsepoint
    Small-business owners can now purchase an affordable and easy-to-use phone system designed specifically for their needs.Response Point helps deliver software-based solutions that support standard and voice over Internet protocol (VoIP) telephony that customers can easily manage, modify and expand.

    Locations of value-added resellers can be found at http://www.microsoft.com/responsepoint/default.aspx.

    Windows Essential Business Server
    Windows Essential Business Server (formerly code named Centro).
    This is almost starting to look like what I used to call BackOffice which was prominent from the mid-1990s to November of 2001 in the Microsoft SMB space. The idea back then and today is to have a multiple server solution for companies just above the small business space (up to 300 users).

    "Windows Essential Business Server is an integrated server infrastructure solution designed for the unique needs of mid-sized organizations, combining the technologies of Windows Server 2008, Exchange Server 2007, Forefront Security for Exchange, System Center Essentials, the next version of ISA Server and SQL Server 2008 into an "all-in-one" solution. It will include a Standard and Premium Edition. Windows Essential Business Server will provide a single Client Access License for all included products and offers new technologies which simplify license management. Within the administration console, IT professionals can easily ascertain how many licenses they have, who the licenses are assigned to and - when an employee leaves the company - easily re-assign licenses

    The difference between standard and premium edition: Premium includes SQL Server 2008.

    Backup Exec in the limelight
    Symantec Backup Exec 11d for Windows Servers revisions 6235 and 7170 Central Administration Server Option (CASO) - Communication issues occur after November 4th, 2007
    The issue that has arisen will cause a loss of communication between the Central Administration Server (CAS) and Managed Media Servers (MMS) due a disruption in the date/time stamp dependency in the CASO communications model. please visit this reference document.

    beta program for the Centro and Cougar
    There is opportunity for you to be involved in the beta program for the Centro and Cougar server products being released by Microsoft next year. Cougar is the codename for the next release of SBS and Centro is the codename for Windows Essential Business Server (see http://www.vladville.com/2007/11/centro-gets-a-name-windows-essential-business-server.html)

    If you can devote technical and time resources to this beta process please drop me a line so I can put your name forward to Microsoft. There are limited spaces. You need to be able to devote a 64-bit server to the Cougar test and 3 servers to the Centro test.

    Time to sweat again.
    I am a January MVP (2008). This means I am up for review with Microsoft. Whatever happens, this site and the community aspects of it will continue. I will still blog, I will still speak at conferences etc and I still have my network of friends at Microsoft. My title just changes. I do sweat about the review and renewal process as being an MVP provides me with resources I do not normally have. A part of these resources is the access I have to the wider MVP community. It would feel like I was loosing my family if I was not rewarded. So I sweat and hope Microsoft believe I contribute to the community and hope, they ask me to remain an MVP.

    Star wars ASCII
    I loved this. If you drop to a command prompt and telnet to this address, you will see Star wars re enact in ASCII for you. If you have IPv6, you can see it in colour.

    telnet to towel.blinkenlights.nl (On the standard telnet port 23)

    CSM 3.6 for SMB, workstations slow to logon
    You may see 1 or 2 computers in a network with CSM 3.6 installed that will take abnormally long to start up and be VERY slow for some time after it's booted up. From Wayne Small's investigations he has seen large amounts of disk activity and the TSC.EXE (Trend System Cleaner) running hard on CPU. Take a look at his blog here

    SBS 2003 R2 Wsus console can not be displayed.
    This happened after an update was issued with double quotes in the update title. It also affected SBS reports. I've done this on about 5 sites, and it's resolved the issue. Here are the step-by-step instructions that got this working:

  • Open a command prompt.
  • Type the following at the prompt and hit Enter:
  • Type the following lines at the prompt and press Enter after each one:
  • use SUSDB
  • Update tbPrecomputedCategoryLocalizedProperty
  • Set Title = Replace(Title, '"', '')
  • Where Title like '%"%'
  • go

    [note that in the Set Title line, the characters are single-quote, double-quote, single-quote following Title and two single-quotes before the close parenthesis; also, in the Where Title line, the characters are single-quote, percent, double-quote, percent, single-quote] After you enter the "go" line, you should get a response that tells you how many rows were affected.
  • Type the following lines at the prompt and press Enter after each one:
  • Update tbPreComputedLocalizedProperty
  • Set Title = Replace(Title, '"', '')
  • Where Title like '%"%'
  • go

    [note that the Set Title and Where Title lines are exactly the same as the first set of commands you entered] After you enter the "go" line, you should get a response that tells you how many rows were affected. It may take a little longer for this one to process.
  • Type "quit" and press Enter to get out of OSQL. Once you finish this, you should be able to go back into the Update Services node of Server Management and click Refresh to bring up the WSUS status again.

    This is NOT a permanent fix and could well break again if Microsoft issues another update that includes double-quotes in the update title.

    How to redirect from initial Config page for IE7
    Do you use SBS AD policies to redirect your users default page to the intranet (Companyweb)?
    Do you also use ISA to block the users from using MSN?

    With IE7, it needs to configure some basic settings and needs to redirect to a Microsoft page on MSN.com and if you do these two things, the user constantly gets told access denied when they try and surf the internet.

    Here's a way around this

    On the users workstation, click "Start" go to "Run" and type the following into the Open box:
    Click OK.
  • Using the left hand pane, navigate as follows:
    User Configuration
    Administrative Templates
    Windows Components
    Internet Explorer
  • In the right-hand side pane double-click on Prevent performance of First Run Customize settings
  • Change the setting for Prevent performance of First Run Customize settings to Enabled and use the drop-down box to select Go directly to home page
  • Click OK and close Group Policy
  • Restart Internet Explorer 7

    Error message when trying to add delegate access to an Outlook calendar with Office 2003 SP3
    The Delegates settings were not saved correctly.
    Unable to activate send-on-behalf-of list.
    You do not have sufficient permission to perform this operation on this object.

    In order to resolve this you need to give Write Personal Information permission to the SELF account on the user who is trying to add the delegate. To do this, follow these steps
  • Connect/logon to your mail server/AD server.
  • Open Active Directory Users and Computers, and then click Advanced Features if it is not already selected on the View menu.
  • Expand your domain, and then locate the user’s Organisational Unit (OU).
  • In the right pane, right-click the user who is experiencing the delegate issue, and then click Properties.
  • Click the Security tab, locate the SELF account, and then click Write Personal Information .
  • Make sure the Write permissions check box is selected, and then click OK.

    I want to host a subdomain and server in my SBS DNS structure ... how ?
    To do this we are going to delegate a subdomain, create a zone and then some A records. In DNS, a sub domain is a portion of a domain that you've delegated to another DNS zone. We are going to do this for "mickyjdomain.local" to host a "mickyjsubdomain" domain. We will then set that domain to have an A record called "mickyjserver" for mickyjserver.mickyjsubdomain.mickyjdomain.local

    To delegate a subdomain, you must create the delegation on the server hosting the parent domain. For example, to delegate mickyjsubdomain.mickyjdomain.local, the server hosting the mickyjdomain.local zone must include a delegation for the mickyjsubdomain.

    Windows 2003 Server makes it easy to delegate a subdomain.
    Open the DNS console, right-click the host domain, and choose "New Delegation" to start the "New Delegation Wizard".
    Click Next, specify the subdomain name (mickyjsubdomain), and click Next.
    Click Add, add the host name of the server that will host the subdomain (mickyjservername.mickyjdomain.local) , click Resolve, and click OK. As needed, set up secondary servers to act as backups for the server acting as the primary for the delegated domain - Click Next, and click Finish to create the delegation.
    This process delegates the subdomain, but there are no records in its target zone.

    On the first server that will host records for the subdomain (mickyjserver.mickyjdomain.local) ,create a new zone (such as mickyjsubdomain.mickyjdomain.local), and create the necessary DNS records for the zone (A record - mickyjserver - IP address). Repeat the process on other servers, or configure another server as a secondary for the zone.

    Send feedback about this particular blog
    Read Feedback from others

    4 December 2007 - Mickyj.com

  • End blog for: 4 December 2007

    Sensis have removed the exploit
    Sensis remove the offending Ad's
    I have it from a close source that the Sensis team have removed the offending Flash Advertisement from their servers and various websites (See yesterdays blog). To play it safe, clear your internet cache (temporary files) before visiting any Sensis websites.

    Send feedback about this particular blog
    Read Feedback from others

    15 November 2007 - Mickyj.com

    End blog for: 15 November 2007

    Malware and on another note, Congratulations
    Hacked by Whitepages
    On Monday a co worker of mine looked up some details on Whitepages.com.au and saw his computer get hijacked. We thought no more of it until yesterday.

    A Microsoft MVP (Sandi) reported an exploit in one of the flash advertisement files on whitepages.com.au. The advertisement will try and hijack your web browser and install Malware.

    I would suggest for security reasons that this and other sites not be used for a few days. As this is a Sensis site there it no reason why this will not be found on yellowpages, whereis etc.

    This just goes to show that you can not 100% trust any website.

    If you are interested, please see her blog on this here.
    Sandi is now working out the redirect and how to deal with it and that should be on the blog as soon as possible. So please keep an eye on her blog for new information etc.

    Congratulations to Wayne Small
    I have been a little sick and out of it so my apologies to Wayne for missing this one.

    CRN Australia - The first ever CRN Channel Champion awards went to Wayne Small at reseller Correct Solutions and Michael Costigan at distributor Avnet.

    Personally knowing Wayne, he deserves the recognition. He tirelessly works in the Microsoft Small Business community from running email and news groups to organising functions and contributing to the next instalment of the Small Business Server through Beta testing etc.

    Well done Wayne. I wish I could have been there when you got the award.

    AMD Barcelona Roadshow
    It was great to catch up with Michael (AMD) and Mark (Microsoft) at the recent Adelaide AMD event.

    Whilst the Adelaide crowd was large in number, it was small in manners and I was surprised I could hear any of the presenation over the crowd. Regardless, it was great to catch up with so many people and talk about what is happening in our parket space. (If anyone reading this feels guilty about the chit chat at the event and lack of attention given to the presenters then don't worry about it. You likely were not the one who won the trip for two to Barcelona so Karma got you).

    Send feedback about this particular blog
    Read Feedback from others

    14 November 2007 - Mickyj.com

    End blog for: 14 November 2007

    Trend changes product lineup
    Product End-of-Life Announcement:
    Standalone Anti-Spyware for SMB 3.x

    Trend Micro has made a decision to discontinue the standalone version of Anti-Spyware for SMB 3.x effective October 31, 2007

    Send feedback about this particular blog
    Read Feedback from others

    October 28 2007 - Mickyj.com

    End blog for: October 28 2007

    Events coming up and just passed
    Microsoft's Unified Communications
    The Microsoft's Unified Communications launch events are about to take place right across the country. Launch events will be held in Sydney and Melbourne and TechNet events will also be underway in other capital cities.

    Adelaide will have TechNet Thursday 22nd November. For more information see http://go.microsoft.com/?linkid=7629122

    Trend Micro invite you to the 2007 SMB Security Summit in sydney.
    Featuring some of the world's most respected SMB security experts, the Security Summit will address a comprehensive range of issues on SMB security to help you provide the right security solution for your customer(s). These include:

  • Understanding the latest security threats - They will brief you on current and emerging security issues so you better understand the threat horizon facing you and your customer(s).
  • Understanding security from your customer's perspective - They will explain what your customer(s) really need so you can tailor an appropriate security solution for each.
  • Understanding security from an SMB IT resellers perspective - They will inform you how offering security solutions to your customer(s) can result in a profitable business. We also provide you helpful tips from individuals that are currently doing so.
  • Understanding security from a technical implementation perspective - Learn how to efficiently implement security solutions and audit the results for effectiveness.
  • Learn how to support customers remotely - Learn how to support your customer(s) from a remote location and learn useful "tips" from individuals that are currently doing so.

    In addition, you can ask the security experts direct questions that pertain to any of the topics covered at our Question and Answer session.
    November 23rd, 2007 - The Menzies Sydney Hotel (2 - 14 Carrington Street, Sydney, NSW) at 8:30am to 5:30pm.
    Attendance at the 2007 SMB Security Summit is FREE, so don't miss out! For more information on the event, venue, the panel of security experts or to register directly, please click Click here

    Bill Hunt (deceased).
    It is with sadness that I received word of the passing of Bill Hunt, a Chicago SBSer. I know he will be missed.

    Get your Second Shot to pass your Microsoft Exam - FREE!
    For a limited time, you can get a free, second shot at any IT professional, developer, or Microsoft Dynamics certification exam. Just register for this offer before your first exam, and you will get two chances to pass. But this offer won't last forever. Click here

    ProLiant and tc Series Servers - How do I Calculate the BTU (British Thermal Units) of a Server?
    Due to excssive heat and cooling calculations, here is a question that seems to pop up from time to time.
    How do I calculate the BTU (British Thermal Units) of a server?
    Simple, Apply the rule: BTU = Volts X Amps X 3.41
    Example: If a server's maximum input current is 9 amps at 120 volts, the heat generated would be: 120V X 9A X 3.41 = 3682.8 BTUs

    Server can't count ?
    I have recently come across an Intel, Acer and HP serve, all of which can't count. They have more ram than the operating system sees.

    I have an 8 sim slot HPML370G4. Ram is in the first 6 slots. The Bios detects 4 gb ram but Windows 2003 tells me it has 3 gb. The ram is in Pairs, in order from bank 0, 2 x 512, 2x 512, 2 x 1gb. One of the 1 gb sims (slot 6) does not appear to be detecting or used in Windows. I tried rearranging the ram, the 2 x 1 gb in the first slots, and then I have 3.5 gb ram in Windows. Again, slot 6 is not detecting (Gone from a 1gb sim to 512 mb sim) . Whatever is in slot 6 does not show up in Windows. The HP bios tells me 4 gb. When I change ram, the HP Bios detects the change and correctly tells me what sim is in what slot. What is happening ?

    This is a known issue. You need to enable PAE to have all the memory available.
    "Not All Physical Memory May Be Reported By The Operating System On Certain HP ProLiant Servers"
    Take a look here and and here.

    Things to lust over this month
    Samsung 1 cm thick 40" Full HD LCD TV
    How is this for those who don't want their display to take up too much space, its only 1 cm in thickness! read about it here.

    Toshiba R500 - Worlds lightest and thinnest notebook
    The R500 comes in 2 models a 120GB HDD or 64GB solid state drive. The 64GB SSD version boasts up to 12.5 hours battery life!

    Send feedback about this particular blog
    Read Feedback from others

    27 October 2007 - Mickyj.com

  • End blog for: 27 October 2007

    Catching up on the weekend
    Pod casts for SMB Nation 2007 - Microsoft Conference Centre in Redmond
    To attend the Podcast of four selected sessions, you will need to REGISTER for the specific sessions of your choice.
    Please note: registrations close fast for this kind of event

  • Session 1A: KEYNOTE Eric Ligman, Microsoft US Senior Manager Small Business Community Engagement
  • Session 2A: Tcat - Certification Secrets Test Taking Tips
  • Session 5B: Larry Schulze - Getting the Right People on the Bus - HR Topics that Matter
  • Session 6B: *Dana Epp** -* Mitigating Business Risk in a Remotely Accessible World

    A microcode reliability update is available that improves the reliability of systems that use Intel processors
    There is an update available for Intel Core 2 Duo mobile processor.units. This is for
  • Desktop: Intel Core 2 Duo desktop processor, Intel Core 2 Quad desktop processor, and Intel Core 2 Extreme processor.
  • Server: Intel Xeon processors 3000, 3200, 5100, and 5300 series.

    You can find it here

    Windows XP will be with us for longer than expected (In the OEM channel) read more
    You can find it here

    Are you interested in the Adelaide MSDN Connect meetings? Yesterdays event has been and gone.
    They are held in the SA Innovation Centre , Level 2, Westpac House, King William Street, Adelaide . (Formerly Santos house).
    If you want to attend the next one please look at my events list

    Windows Vista UI design spoof video
    Making spoof videos would definitely top the list of talents by Microsoft employees. Here’s a dated but rare video staring the infamous MSX design team who worked on the Windows Codename Longhorn project.

    Farewell Lorna Farrar, Small Business Partner Marketing Manager
    Thankyou for your support to the Australian Small Business Specialist community. Lorna is now off to Seattle, Redmond.

    World Clock
    Are you interested to see how many cars are being made? The earths core temperature? Here is the ultimate world clock.

    LAN1 Wireless Seminar
    If you are lucky enough to live in these locations, here is the schedule
  • Tuesday 16th October, Sydney
  • Thursday 18th October, Melbourne
  • Tuesday 23rd October, Brisbane
  • Thursday 25th October, Perth

    Me, I am in Adelaide and miss out again :(

    Get the facts on the latest technological developments from leading industry professionals at the Lan 1 Wireless Networking Night. Over an informal dinner they will introduce the latest products and technologies essential for shaping the future of wireless business growth.

  • Wireless networking in large areas
  • Mesh, WiMAX, Motorola Canopy, licensed point to point
  • Indoor wide area wireless networking
  • The digital home - in-home wireless streaming on-demand
  • Broadband Over Power - the new way to wire up old buildings

    Sounds like a great night!

    IE7 for 64 bit
    The latest news from the IE7 Product team, Microsoft continues to take steps to help make consumers safer online by making the Internet Explorer 7 web browser more accessible to all Windows XPSP2, x64 Server and Windows Server 2003 users. Beginning October 4th, 2007, Microsoft will make available a new IE7 build, the IE7 Installation and Availability update (IAU) for Windows XPSP2, x64 Server and Windows Server 2003. With this update, IE7 now installs without WGA validation, offering a streamlined First Run Experience and includes some minor enhancements to the browser and tour.
    The updated IE7 will be available on the Windows Download Centre (DLC) and the IE site at http://www.microsoft.com/windows/ie/default.mspx in 8 initial languages. Additional languages will be added as they become available.

    Don't miss AMD’s highly anticipated launch of the Quad Core Opteron processor!
    AMD’s Road to Barcelona Cocktail Event will take place during October and early November 2007 (Australia), it will bring together elite industry professionals including AMD’s key strategic partners.

    The AMD64 platform is the platinum standard for 64-bit computing, winning over 160 industry awards since it was introduced in 2003. AMD Opteron processors have brought enhanced performance and lower power consumption to enterprise data-centre deployments. AMD’s upcoming third-generation AMD Opteron processors, developed under the codename Barcelona, have been designed to set the next standard. Put simply, the Quad Core Opteron processor Barcelona will be the best x86 processor for enterprise deployments.

    As one of AMD’s most significant launches to date, the Road to Barcelona, will provide networking and a learning platform for Quad Core Opteron technology to the IT and executive community’s across all industries and states.

    It’s also a great opportunity to engage and meet key vendorand distribution partners who will showcase their latest products.

    3Com and H3C
    3Com has made the strategic decision to be acquired by affiliates of Bain Capital, one of the largest and most respected private equity firms in the world, for $2.2 billion in cash. In addition to giving their shareholders a significant 44 percent premium on the share price at the close of the market on September 27, they believe that this acquisition is in the best interest of their customers, partners and employees.

    View the full details in the newsletter:

    McAfee night in Adelaide
    Adelaide 9 October Adelaide Convention Centre, North Terrace
    Attend this seminar and product launch to learn how to increase your operational efficiency. Watch a demonstration of the new McAfee products which combine threat protection and compliance technologies with security risk management solutions. Find out how you can use Security Risk Management to reduce your organisation's risk exposure and improve the return on your security investment.

    How safe is Hamachi ?
    In the wrong hands or poorly configured, it is likely to be a real security risk. Hamachi is a centrally-managed zero-configuration virtual private network (VPN) freeware application capable of establishing direct links between computers that are behind NAT firewalls without requiring reconfiguration (in most cases); in other words, it establishes a connection over the Internet, to create conditions very similar to that as if the computers were physically connected. It punches holes through firewalls and links you up to a buffy list like MSN messenger, except it is linking VPNs and giving people access to you. As mentioned, poorly configured this could be a time bomb. If you are using it, and it is configured correctly, then I am sure it is a great product.

    Mickyj.com is on the air with a Amateur Foundation Radio licence
    Whilst unconfirmed, I have requested VK5FQDN (Fully Qualified Domain Name - how geeky is that !) and will be available on Amateur bands in South Australia or via Echo link and internet based radio.

    Want to know more about Windows Server 2008?
    Join this web cast as Microsoft provides a broad overview of Windows Server 2008, discuss the associated technologies, and describe the latest product features.

    Send feedback about this particular blog
    Read Feedback from others

    6 October 2007 - Mickyj.com

  • End blog for: 6 October 2007

    SMB security event sydney Australia

    SMB Security Summit
    In conjunction with Trend Micro, SBS MVP Wayne Small, is pleased to announce the first SMB Security Summit to be held in Australia on Friday, November 23rd, 2007 in Sydney. The event will feature a number of top SMB Security consultants from around the world as we come together to discuss the challenges of designing, selling and implementing security solutions for our SMB customers. Attendance for this event is free of charge thanks to the support of Trend Micro

    For those travelling from outside of Sydney, they have been able to secure discounted accommodation with the venue also. Details on the website below. For more information and to register please check http://events.sbsfaq.com
    Please note that spaces are limited to the first 100 people to register and will automatically close once registration is full.

    Spam / Virus alert
    Emails from someone "@softup.com" with links to http://bazratner.com/WindowsUpdate.exe and with the subject "Microsoft Security Bulletin" are appearing everywhere.

    The body has a changing Microsoft Security Bulletin number e.g. MS06-465 and refers to a Cumulative Security Update for Internet Explorer (or other) with another random number at the end(e.g. 582885) are flooding our inboxes.

    These are hoaxes, please delete.

    Send feedback about this particular blog
    Read Feedback from others

    26 September 2007 - Mickyj.com

    End blog for: 26 September 2007

    Weekend Musings
    Clear your cache!
    I have heard from a few regular visitors to my website that the old links are coming up. Please clear your internet cache. As regular readers will know, my ISP changed DNS domains on me and now all my links have had to be rebuilt.

    Journey on the other side - Using technology together
    Bear with me, this is a story of exploration ending with a nifty data recovery software for Macintosh partitions.

    Recently one of my colleagues was great enough to gift me an old iMac. I have always wanted one to tinker with as the lines between computer genres blur. This is an old 400 MHz version with Mac OS 10.2 and Classic 9.1

    I wanted to know as much as I could about this beast, really just so I can help people with iMac's in the field. The unit has 128 MB ram. I pulled 256 MB SDRAM PC 100 out of an old PC and it worked fine. I have an Apple AirPort Card Adapter for slot-loading G3 iMacs but no Airport PCMCIA card (One is coming from eBay very soon). I wanted to upgrade the OS to 10.3 Panther) and increase the hard drive capacity. I selected Panther as it came on CD disks. This unit does not have DVD. (Maybe a future upgrade). I pulled out the 10 Gb Apple (Maxtor) drive which was a master Pata (IDE) drive.

    I put in a 30 Gb IDE drive out of an old PC and a further 256 MB PC100 SDRAM. The system did not boot. The system made the normal iMac start-up notice but did not get any further. I worked out pulling some ram out allowed it to boot but then it hung. I discovered I needed to press and hold "c" to boot from CD. This did not work. I then tried "Command"+"Option" +"Shift"+"Del" to get the boot menu. Nothing. As this was a Windows USB keyboard I used "Windows Key"+"Alt" +"Shift"+"Del" but nothing worked. I also tried clearing the pram ("Command"+"Option"+"P"+"R").

    Links to information about these options are here:
  • Startup keys
  • Windows key mappings
    I then found changing ram allowed me to boot. Apparently playing with the ram resets the Pram.

    I suspect the USB keyboard (HP Microsoft keyboard) is not compatible. Now the CD disks will not read. By trial and error I found laying the unit on it's side, allowed the disks to read (This made the CRT magnets play up a bit and the colour went a little strange). After Mac OS 10.3 was installed, I used an external USB pata connector to link up the old 10 Gb drive.

    There were some files I wanted to bring across. It appeared as a mounted drive and I could see the file system. I started transferring files and the unit locked up. I thought everything was well but the system just froze. Now when I look at the drive, the iMac will not read it. The disk utilities lock when I try and access it.

    Now comes the marvels of using technology together. I trialled Nucleus Kernel Macintosh. This software installs to your PC. (Yes, you need a PC). I plugged the drive in via the same external USB pata connector to link up the old drive to my PC. I installed the software (It was very easy to install and run) and explored the disk. The partition table is missing, the files are corrupted and yet this beauty seems to be able to recover all the data.

    From here, I copy the data directly to CD disks and reuse on the iMac or dump to a hard drive (It will appear as two files for each file, one file is the resource fork, the other the data fork) and will work as normal files on the iMac.

    The recommended transfer options were:
    1) Burn a CD of all the data and then mount the CD ROM in Apple Mac .
    2) Copy the data to any removable device and attach the device which is recognized by the Apple Mac, like Pen drive, USB drive etc.
    3) Data can be transferred to Apple Mac through network.
    I have not talked to Nucleus about doing a review on their software however, after using PC recovery software, this is by far the best recovery software I have seen. Thumbs up.

    From their sales blurb:
    Kernel Mac Data Recovery- Recover Mac Data, when the following problems or errors occurs:
  • Bad Sector in the disk
  • Corruption in partition table
  • Disk initialization
  • Master directory block or volume header corruption
  • Catalogue file corruption
  • Damage to the Extent files
  • Catalogue File's node corruption

    Kernel mac recovery software recovers your damaged files in minutes without any hindrances in your business continuity, When you place the order, you will receive an email with an activation key and download information immediately after ordering.

    Kernel Mac Recovery software recovers lost data in three easy steps:
  • Scans the crashed mac drive for lost data.
  • Navigate the directory tree for lost files and folders.
  • Saves lost files and folders to the safest location.

    Check it out at www.nucleustechnologies.com

    Why can't I access the administrative shares or remote administrative functions from a remote computer?
    Windows Vista prevents local administrators from using their administrator powers over the network. This results in the inability to remotely administer a computer using filesharing and tools that use similar technology (such as the computer manager MMC snap-in and the administrative shares, such as C$, IPC$, PRINT$).

    To allow administrators local to a computer to use their administrator logon when accessing the Vista computer remotely, follow these steps:

    Warning: Incorrect use of the Windows Registry Editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes. In cases where you're supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.

    Click start
    Type: regedit
    Press enter
    In the left, browse to the following folder: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Policies\system\
    Right-click a blank area in the right pane
    Click New
    Click DWORD Value
    Type: LocalAccountTokenFilterPolicy
    Double-click the item you just created
    Type 1 into the box
    Click OK
    Restart your computer

    Running System Restore from the command line is often the only way to get a system back up and running.
    If you find yourself with an unstable system, a machine without desktop access or GUI system restore access, sometimes this is what you need to do.
  • Restart your system
  • When the system first boots, type F8 to bring up the boot menu
  • Select the Safe Mode with Command Prompt option
  • Log-on as administrator if needed
  • At your command prompt type

    If this does not restore all your key files and get you working, usethe system file checker to restore files back to their originals
    sfc /scannow

    Can I delete the contents of spntlog under Trend Micro ServerProtect ?
    Sometimes in older versions of Server protect, this folder will fill up and take hundreds or mb's of space. To clear this,

    Do the following to renew the database file:
  • Stop the Spntsvc service
  • Delete the Spntlog.dbf and SpntLog.cdx
  • Restart the Spntsvc service

    All done ! My Dopod with WM6 has gone silent
    No notifications, no alerts, no appointments .. as silent as the grave. Why has my Windows Mobile device stopped talking to me? I have notifcations turned on and I have made no changes.

    Has your Pocket PC, WM5 or WM6 device ever sounded an alarm for no apparent reason? And then continued to sound the alarm even after you turned it off? Or have you ever set an alarm that never triggered?

    From time-to-time, the Pocket PC’s alarms and notifications get confised and if you call your devices support number, you’ll probably be advised to perform a full reset of your pocket to set things right.

    Alarms, notifications, and other internal time related processes are managed by the devices notification queue, so if your alarms and notifications stop working properly, the notification queue should be the first place you check. You may find some stray or erroneous notifications that are causing your problems.

    Sadly, I am not going to tell you how to clean your notification duplicates or corrupt entries up. There are tools out there (Sktools, Clearnotify, Memmaid and many more) but if you do not know what you are doing, I can't recommend you do it. If you make a mistake, you are doing the hard reset anyway. I am just here to tell you that it happens to allot of devices. It is not necessarily though any fault of yours that this occurred. There is the possibility that a device that goes to sleep during an Activesync can cause this but in general, it just happens to these devices. My recommendation is to do a full backup of your unit. That way you can get back up and running as fast as possible.

    From across the ditch
    Ian from New Zealand (Across the ditch only applies to Australia) has a problem with his SBS Premium SP2 with Symantec Client security Corp. (With mail security for exchange and SAV).

    Ian routinely gets:

    From: Server
    To: Ian
    Subject: Process (inetinfo.exe) Alert on Server
    Alert on Server at xx/09/2007
    The inetinfo.exe process is allocating more memory than usual. The following services are hosted by this process: IISAdmin, POP3SVC, RESVC, and SMTPSVC. For more detail, review the event logs for events related to these services. It may help to stop and then restart these services. You can disable this alert or change its threshold by using the Change Alert Notifications task in the Server Management Monitoring and Reporting taskpad.

    When he looks deeper under the health monitor statistics he sees
    Private Bytes inetinfo
    Current 2.58646e+008
    Min 5.031936e+007
    Max 2.718024e+008
    Average 2.58637e+008

    The top 5 Processes by memory usage shown by the server performance report are:
    store - 580 MB
    inetinfo - 219 MB
    sqlservr - 172 MB
    pc-app - 123 MB
    wspsrv - 113 MB

    Needless to say that this is not normal. This is a common problem with "inetinfo.exe" and exchanges "store.exe". The SBS team actually know about this one. We increased the monitoring threshold value.

    To modify the monitoring configuration in Microsoft Windows Small Business Server 2003:

    Click Start, and then click Server Management.
    Expand Standard Management, and then click Monitoring and Reporting.
    Click Change Alert Notifications, and then click the Performance Counters tab in the Alert Notifications dialog box that appears.
    In the Name list, click inetinfo.exe private bytes STORE, and then click Edit.
    In the Change threshold to box, type a new threshold value that is greater than the current value and that does not trigger a Small Business Server 2003 critical alert.
    Click OK two times.

    This did little to stem the flow. Memory was hemreging in inetinfo.exe.

    We also checked the following list of items

    We also checked to make sure the Symantec antivirus is excluding the exchange mail DATABASE files.
    Scanning the database can cause store.exe and inetinfo.exe to have memory leaks, and can corrupt the databases.

    In the end, we stopped two services. One was the Symantec Exchange store scanner and the other was the Symantec antispam.
    Inetinfo.exe fell to 50 mb (From just over 200 mb). Ian is now going to tap Symantec on the shoulder.

    Good luck Ian

    Send feedback about this particular blog
    Read Feedback from others

    16 September 2007 - Mickyj.com

  • End blog for: 16 September 2007

    Changes to Mickyj.com
    Mickyj.com goes down
    Regretfully the ISP who houses mickyj.com changed it's domain name. It changed from a ".net.au" to a ".com.au" and elected to tell no one. It has not re registered the old one in DNS. As mickyj.com is a community site, it survives off free web space, cheap domain names etc. The domain name is housed elsewhere and points to this ISP for the pages to the site. As the site internally directly links to the real address (.net.au) images started to vanish, pages started to die, Google started linking to bogus links and the RSS feed stopped.

    If you have any direct links to the old pages stored on "members.dodo.net.au/~michaeljenkin" please update your favourites. This includes the old RSS feed. The path has changed to "members.dodo.com.au/~michaeljenkin".

    As this site has over 200 pages and well and truly over 2,000 entries linking to the ".net.au" address (within the java menu's and much more) I am still updating the code. Thankyou for your patience.

    Thankyou also to those of you who have offered mickyj.com free space elsewhere. I appreciate it and will look into it once the site is stable. As I get about 400 hits per month, from all over the world, this is my first priority.

    How does someone make over 2,000 text edits (global find/replace) to over 200 files quickly?
    "Text Workbench". This tool allows you to nominate a file, folder or selected files and make a text change. It has changed my website from ".net.au" to ".com.au" in about 20 minutes. Now I just have to go and check it is all correct, all works and re register everything with google etc.

    This Multi-purpose search and replace tool has full Unicode support and FTP. Text Workbench has saved me many hours of manual editing.

    It is a powerful unified solution for web masters, software and web developers, technical writers, office managers and anyone else who wants to search and replace text in many files quickly and easily.

    Take a further look here

    Send feedback about this particular blog
    Read Feedback from others

    15 September 2007 - Mickyj.com

    End blog for: 15 September 2007

    Major update to Spybot
    Spybot 1.5 released
    Finally, the long awaited update to Spybot. This has to be the best spyware remover and detecter ever. I keep this tool on my USB keys for when I visit clients sites with Malware. It is an absolute lifesaver. This month sees the new version released (1.5). This new version features a lot of improved detection mechanisms improved Operating System support (Windows Vista integration, restored support for Windows 95, more compatibility with Linux Wine, support for bootable Windows CDs) and improved browser support (e.g. for immunization).

    For the full list of new features refer Safer Networking

    To download and start using the program referthe various Download Mirrors.

    Now I just need to work out how to make it bootable.

    Send feedback about this particular blog
    Read Feedback from others

    9 September 2007 - Mickyj.com

    End blog for: 9 September 2007

    A week in the lift of an enthusiast
    Email is a wonderful form of support
    Most recently I have been helping adebola from Lagos in Nigeria.
    He has suffered from what I would see as the worst outcome from installing Windows 2003 SP2.
    After installing it, and the reboot, the machine would not boot up after attempting from HDD, CD and floppy.
    The Microsoft recovery console told him that there was no data on the drive. When he tried to use the SCSI drive as a slave in another machine, it told him it was empty.

    Adebola used handy recovery and getdataback to recover the systems data.
    This got the system operational but the Exchange EDB files would not mount, even into the recovery group.
    I recommended Adebola use Ontrack Power Controls to recover the mailboxes out to PST files and import them back into the users mailboxes. This worked except he then got the following errors in Outlook

    Your mailbox has been temporarily moved on Microsoft Exchange server. A temporary mailbox exists, but might not have all of your previous data. You can connect to the temporary mailbox or work offline with all of your old data. If you choose to work with your old data, you cannot send or receive e-mail messages."

    I asked Adebola to recreate the mail profiles which he has done and everything is back to normal.
    hopefully this will help anyone else who ends up in this situation.

    Rogue devices
    Just recently I was asked to come out and investigate a possible hacking attempt on a network. The only symptom was slow internet.
    I tried all the obvious things like stopping the email flow but looking at the router, it was still very busy. It was most notable at this site as it only has a 256 kbit internet connection and something was absorbing all the bandwidth.

    The switch was no help as the lights were all flashing and as this was the middle of the work day, I could not shutdown workstations to isolate activity.

    I can not use a packet sniffer on the network (Like Wireshark or etherial) as the client has a switch, not a hub. (I gave up carrying around hub's long ago). Un managed Switches can't expose you to the boradcast traffic etc.

    I took a look in the Microsoft ISA session manager. There was a specific IP address using lots of bandwidth. When I terminated the connection, it re connected immediately.
    Armed with this IP address, I looked in DNS and WINS. It matched a specific Laptop. I went to the laptop which was off and unplugged. Obviously something else was now using the IP.
    I opened the DHCP manager and looked for the IP. The IP was there with a weird name beside it. I now had something to work with.

    I recorded the MAC address and typed it into Coffers Mac address lookup tool to help locate the owner of the network card in a hope it would point to the culprit.
    It did. It identified the device as an Engin Sipura SPA VoIP Box . Now I knew someone was using VOIP. I traced each lead back at each desk and found the unit.

    The client had purchased it over a year ago to interface with their PABX and cordless handset device. They had not told anyone it existed and did not understand that it used internet for phone calls. They also did not realise a 256 kbit connection running an Email server and proxy, would not support a VOIP system. There is no QoS in place so the whole system came crashing down.

    This might seem like a tale of woe then victory. I am actually posting it to help others in this situation. I have a laptop at the site where someone had statically assigned the same IP as the VOIP box confusing the matter. Thankfully I had the engin's mac address and it helped crack the case. If you are faced with something like this, remember to use all the tools at your disposal.

    One USB Flash device in the Wrong Hands... and Your Firewall is Useless
    iPods, USB flash disks, Phones and much more can now be up to 8 Gb+. If someone has a laptop and an Express card slot, they can get the SSD devices up to 64 Gb. Are people on your network allowed full open access to your companies data files?
    Not only can viruses, worms and Trojans get into the corporate network this way, but valuable data can leave the company in huge quantities. There are now programs out there to use policy to lock down storage media devices. I fear the time has come to start looking seriously at the data we are trying to protect. Read more here

    Outlook nickname editor
    Ever accidentally sent an email to an incorrectly spelt email and then have Outlook always remember it ? Very annoying. There have been paid for solutions to remove single entries out of the nk2 files but now, here is a free one from nirsoft. The free software warrior on the internet. Definitely worth the look on their website

    Even more on "The system detected a possible attempt to compromise security."
    This has proven to be a very hard problem to easily solve. I found that a lot of advice on EventID.Net is very helpful. here is the link

    Locked out by Microsoft update ?
    "Windows cannot access the specified device path or file. You may not have the appropriate permissions the access them.
    Aghhh, on a clients pc, clicking anything produces this error.

    Not even My Computer, "cmd" or "eventvwr" work. I can't run Adobe reader or in fact anything. All I get is this painful message. My next move is a reboot into safe mode. Unfortunately .... not going to happen. This is a Dell computer with a Wireless/Bluetooth USB keyboard. The Bios obviously does not have USB legacy keyboard turned on and I can't enter the Bios. I scrounged around for a PS/2 keyboard but guess what ... This dell has no legacy support. There are no PS/2, serial or parallel ports on the back. Just video, power, audio and USB.

    I rebooted the PC, I tried to log on as the administrator. I can't, the account has been disabled for some reason. I log in as a working username. I pull up task manager and discover, I can access File - New Task and run items. Start - Run still does not work. From my reduced state, I typed in "control". I went into Control panel and intuitively remove the last 5 Microsoft updates. I rebooted and the problem is fixed.

    If you get a similar issue:

    "Windows cannot access the specified device path or file. You may not have the appropriate permissions the access them.
    try removing the latest updates on the machine. I suspected the updates as the Antivirus was running and seemed intact. Nothing new had been added except a handful of updates. If anyone else ends up with a Dell in this mess, god help you.

    Can't edit word or excel files from my SharePoint intranet?
    When I open a file from the document library, it opens fine. When I try and save it back I get
  • the folder is no longer available the web server is busy please try again later SharePoint
  • Documents in this folder are not available. The folder may have been moved or deleted, or network problems may be preventing a connection to the server. The URL is not valid. Please check your typing. http://companyweb/Shared Documents/file.doc can not be accessed.
  • The file may not exist or may be in use or the web server is temporarily busy. There has been a network or file permission error. The network connection may be lost. (http://companyweb/Shared Docume...)

    After much research on the issue, I simply bypassed the server (companyweb) on the local proxy settings in IE. All fixed.

    Here are some other comments on this one.

    Send feedback about this particular blog
    Read Feedback from others

    8 September 2007 - Mickyj.com

  • End blog for: 8 September 2007

    More on "The system detected a possible attempt to compromise security."
    Popular post about the workstation and compromised security
    Yesterdays post seems to have hit a note and was very popular. Whilst I do not have access the the server at the moment, to pull every link out of the IE history and give you more links to more solutions for this issue, I do have one in particular that was very thorough.

    I want Windows Picture and Fax Viewer
    I installed a Jpeg editing software application and now when I go to use the default Microsoft Windows Picture and Fax Viewer, it is not there. I get the new program and I don't want this to happen. How do I fix it ?

    You need to modify the "jpegfile" file type. To check that, simply run this command from a command prompt.
    FTYPE jpegfile
    It should show up like this:
    jpegfile=rundll32.exe C:\WINDOWS\System32\shimgvw.dll,ImageView_Fullscreen %1
    If it has been modified to run some other application, then you can restore it simply by issuing the command FTYPE with that full line above after it, as in:
    FTYPE jpegfile=rundll32.exe C:\WINDOWS\System32\shimgvw.dll,ImageView_Fullscreen %1
    For more technical details, use these two commands:

    You can also do this within the GUI (I know some people who excel in the GUI). In an Explorer windows, go to tools, folder options, File types. Find and check jpegfile

    Joe's Outlook is not working
    This is for Joe. He woke this morning to find he could not get into Outlook 2000. He kept getting "This program has caused an illegal protection error" and then wants to notify Microsoft. He has an urgent message he needs to get to. He tried the Outlook 2000 repair option but now the illegal error happens more frequently and in a loop. I got him into Outlook to get his important email using the /safe command line parameter. The parameters are listed on Microsofts support website

    Command-Line switch Purpose
    /CleanFreeBusy Cleans and regenerates free/busy information.
    /Cleanfinders Removes saved searches from the Exchange Server store.
    /CleanReminders Cleans and regenerates reminders.
    /CleanView Restores default views.
    /CheckClient Prompt for default manager of e-mail, news, and contacts
    /Recycle Starts Outlook using an existing Outlook window, if one exists.
    /ResetFolders Restores missing folders for the default delivery location.
    /ResetOutlookBar Rebuilds the Outlook Bar.
    /Nopreview Turns off the Preview Pane and removes the option from the View Menu.
    /CleanSchedPlus Deletes all Schedule+ data (free/busy, permissions, and .CAL file) from the server and allows the free/busy information from the Outlook Calendar to be used and viewed by all Schedule+ 1.0 users.
    /Safe Launches Outlook without extensions, preview pane or toolbar customization.

    Send feedback about this particular blog
    Read Feedback from others

    26 August 2007 - Mickyj.com

    End blog for: 26 August 2007


     New additional blog (Added August 2011). Mickyj Mindspill at msmvps.com







         ( )

    View Previous posts before 26 August 2007





                                                                 This page was written and designed by Michael Jenkin 2011 ©



    Don't forget the other blogs etc