Welcome to Mickyj.com SBS/SMB RSS feed

iPhone's getting hacked ?

Mickyj — 9 Aug 2010 16:03:35 GMT

	Downloaded PIM data... 100% nice day you have Keywords: iPhone, PIM, exploit Today I have seen a large number of iPhones with variations of the below message It would appear that they have been hacked. I have called Telstra and Apple and logged support calls. It seems I was the first to report this so ... I have nothing to google to help solve it :) The phones involved are not jailbroken nor have suspicious apps on them. Basically the phone appears to get an SMS (The SMS tone sounds). The message pops up "Downloaded PIM data... 30%" this then jumps to "Downloaded PIM data... 100% nice day you have" The words exxpploit or exxxploit appear before the download text. It would appear from talking to Apple, an SMS triggers a complete dump of the contacts, calendar and email to the 3G network. Some of the phones I saw with this were on Exchange servers so client contacts from Outlook are now being sucked off the phones. At the moment, I have no idea how to stop this happening.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 9 August 2010 - Mickyj.com

Dell = Malware ?

Mickyj — 23 Jul 2010 16:03:35 GMT

	Dell are shipping hardware Malware ? Keywords: Dell, Firmware, Malware, w32.spybot.worm "The worm was discovered in flash storage on the motherboard during Dell testing. The malware does not reside in the firmware," Hmmm What's this all about ? Dell made the world aware of a issue and has contacted affected customers. The issue affects a limited number of replacement motherboards in four servers - PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410 - and only potentially manifests itself when a customer has a specific configuration and is not running current antivirus software. This issue does not affect systems as shipped from the Dell factory and is limited to replacement parts only. Dell has removed all impacted motherboards from its service supply chain and new shipping replacement stock does not contain the malware. For more information and a link to the original Forum post check out this link.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 23 July 2010 - Mickyj.com

SBS 7

Mickyj — 21 Jul 2010 16:03:35 GMT

	Time marches on ... Welcome SBS 7 Keywords: SBS, Cloud, Aurora, BPOS, Vail SBS 7 is not far away. Do you want to know more or join the Beta? Curious about the tags for this blog? Take a look at this page
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 21 July 2010 - Mickyj.com

Fighting with my Nemesis

Mickyj — 28 Jun 2010 16:03:35 GMT

	IT war Keywords: WMI, SQL, Security, Permissions Every now and then, an IT issue comes along that takes ages to solve. You ask all your peers for ideas, crawl the internet, end up digging in the Windows registry and Dcom settings. When I get an issue like this, it quickly consumes me and becomes my nemesis. I just solved my current issue and slayed my nemesis. I have a SQL client end program that connects to it's database on the internet and it will not work. I have opened all the ports on the router for SQL and still it produces the same fault. The fault seems to be generic to these kinds of applications but it just so happens, in my instance, it is a realtors program called Multiarray. I am sure the solution here will suit many other similar applications. When you install the application and type in the internet address for the SQL server, you get back "Exception from HRESULT: 0�80070005 (E_ACCESSDENIED)". After talking with the developer, and research, I concluded the fault was with WMI. I checked all the normal things (like checking the WMI and RPC service was started). The final answer was to add the Service and Local Service to the local Administrators group of the workstation and reboot. So how did I solve this? I used two tools to prove it was WMI, WMIDiag.vbs from Microsoft and wmitester. Following the wmitester results (Which gave me access denied to WMI) I got the following error in wmidiag (WBEM_UNKNOWN) This error code is external to WMI. 0x80070005 - (WBEM_UNKNOWN) This error code is external to WMI running "net helpmsg 8007" as recommended by WMIDiag gave me The file replication service cannot satisfy the request because the user has insufficient privileges. Also referring to http://uma-itblog.blogspot.com/2010/02/wmi-test-fails-with-error-0x80070005.html I located http://support.microsoft.com/kb/909444 and ran WINMGMT.EXE /CLEARADAP WINMGMT.EXE /RESYNCPERF echo y\| cacls %windir%\registration /G everyone:R system:F administrators:F echo y\| cacls %windir%\registration\*.clb /G everyone:R system:F administrators:F I also checked local security policies using gpedit.msc, computer configuration, windows settings, local policies, user rights assignment and check the membership for "Bypass Traverse Checking" (It must include everyone) and services was allowed access to "Impersonate a client after authentication" Then I found I could not run gpresult at the comment prompt and msinfo32.exe failed to collect data. I looked in Computer Management->Services and Applications->WMI Control. When I right clicked on WMI Control and went to its properties I saw that there was access denied on Win32_Processor and Win32_Operating System. Upon searching around I ran into a post where it said to add Local Service and Service to the Administrator group. Once I did this and rebooted, everything worked. Here's something else odd about this issue. It only happens on PC's joined to one of my clients SBS 2003 domains via the SBS connectcomputer wizard. If the machines are peer-peer with a DHCP address from the server and can get out of the gateway, everything works. If you join the domain using the old method "Right click My Computer, properties, network, change details for domain membership" then the problem does not occur. If you use http://domain/connectcomputer it does occur. The issue is machine based as after joining the domain, logging on as local administrator does not fix the problem. Changing the PC's in the AD OU's does not fix the problems. Turning policies off and on does not fix the problem. It all comes down to the connectcomputer wizard.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 28 June 2010 - Mickyj.com

Opening Tiff files ?

Mickyj — 26 Jun 2010 16:03:35 GMT

	Outlook 2007 on Remote Destop servers (2008 R2) Keywords: Outlook, 2008 r2, Tiff, Desktop Expeariance We built a new terminal server / Remote desktop server. After setting them up and building their Outlook profiles, we found out that they could not open and print tiff files. They were getting "picture printing is not available without the desktop experience feature". I found that associating Tif files with OIS (Office Imaging system) I could get the image up however only page one of a many page, multipage Tiff file. OIS is only able to read page one (By design). so I made a bad pick to view and print Tiff files. I also found that if users were not local administrators on the terminal server, they can't associate the program with the Tiff files and when they click file - print, nothing happens. Interesting. If I can help it, I do not want to put additional burden on my terminal server.The desktop experience is not for very tight RDP connections on small internet pipes. Desktop Experience Remote Desktop Connection (RDC) 6.0 and RDC 6.1 reproduce the desktop that exists on the remote computer on the user�s client computer. To make the remote computer look and feel more like the user's local Windows Vista desktop experience, you can install the Desktop Experience feature on your Windows Server 2008 terminal server. Desktop Experience installs features of Windows Vista, such as Windows Media® Player 11, desktop themes, and photo management. To install Desktop Experience on your terminal server Open Server Manager. Click Start, point to Administrative Tools, and then click Server Manager. Under Features Summary, click Add features. On the Select Features page, select the Desktop Experience check box, and then click Next. On the Confirm Installation Selections page, verify that the Desktop Experience feature will be installed, and then click Install. On the Installation Results page, you are prompted to restart the server to finish the installation process. Click Close, and then click Yes to restart the server. After the server restarts, confirm that Desktop Experience is installed. Start Server Manager. Under Features Summary, confirm that Desktop Experience is listed as installed. The other options for my client are to save the file to the desktop and double click and open it from there. I have read others have installed the Desktop Experience and had issues with Mail profiles and speed. In the end, I found a Tiff multi viewer that works very well.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 26 June 2010 - Mickyj.com

Storage error in content conversion

Mickyj — 24 Jun 2010 16:03:35 GMT

	Outlook sending emails through Exchange 2007 Keywords: Exchange 2007, Outlook, attachments, embedded, registry,mime types Exchange 2007 bouncing back emails with "storage error in content conversion" Diagnostic information for administrators: Generating server: severname enduseremail@address #550 5.6.0 M2MCVT.StorageError; storage error in content conversion ## It turns out that if you install a program on your workstation that modifies a file type in the registry under hkey_classes_root, it causes Exchange to get confused about what sort of data is embedded in your emails. In the case of this clients issue, they installed some camera software that modified type Jpeg. A simple regedit fixed the issue. In the registry key for type .jpe, .jpeg, .jfif and .Jpg the Content type was jpgfile. Changing this back to the default of image/jpeg fixed the issue. We worked this out after working out every email sent external to the site,that contained the image in his email signature, bounced back.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 24 June 2010 - Mickyj.com

Windows 2008 R2, I can't turn off ESC ?

Mickyj — 23 Jun 2010 16:03:35 GMT

	ESC mode does not seem to turn off for users on my server Keywords: Remote, Terminal, IE, ESC On my Windows 2008 R2 Remote desktop/Terminal server, I have logged on as various users and as the Administrator, turned off the Internet Explorer ESC mode for users and the administrator (Enhanced Security). This basically turns off ESC for the administrator and then everyone that is not the administrator however, users still have it turned on and cannot surf. It seems it all comes down to when you turn ESC off. You need to do it before you start logging users on. If they already have profiles, they are stuck with ESC on. (Basically, once your users have these settings in their profile, the only way to remove it is to either Delete the profile and let it re-create again from a fixed profile or execute the fix shown here). On server 2003, you can remove the ESC mode from add/remove. In 2008 you can't. Here is a fix, a simple batch file. REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f Rundll32 iesetup.dll,IEHardenUser Rundll32 iesetup.dll,IEHardenAdmin Rundll32 iesetup.dll,IEHardenMachineNow REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" /V "IEHarden" /t REG_DWORD /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents" /v "iehardenadmin" /t REG_DWORD /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents" /v "iehardenuser" /t REG_DWORD /d 0 /f REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /f /va REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /f /va
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 23 June 2010 - Mickyj.com

LaserJet 5 on Terminal server/Remote Desktop server

Mickyj — 22 Jun 2010 16:03:35 GMT

	Microsoft do not support LaserJet 5 ??? Keywords: Updates, HP, LaserJet, 2008 server I have a Terminal server/Remote Desktop server and a remote user has a LaserJet 4 or 5. Windows server 2008 R2 no longer includes drivers for these printers and HP lists the printer drives as being a part of Windows server. What do you do? If you attach the printer locally to the server, the driver will install. How can you populate the server with the driver ready for remote desktop users when the printer is 3 hours flight away? Open the printer wizard, look through the printer list, click the "Windows update" button and let it download the new printer list and suddenly the missing HP printer drivers are back. For IA64 and AMD, check out the Windows offline updates http://catalog.update.microsoft.com/v7/site/Home.aspx
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 22 June 2010 - Mickyj.com

Compile error in hidden module: uifunctions

Mickyj — 21 Jun 2010 16:03:35 GMT

	Word 2007 compile error in hidden module Keywords: Nitro PDF, Word, Addin, Outlook Opening Word or using Word as an editor in Outlook causes "Compile error in hidden module: uifunctions" It also happens when you select a signature in Outlook. it was a problem with Nitro PDF. This error is caused in some cases by older addins still hanging about when you update Nitro PDF Pro. To Fix this simply uninstall completely using the Nitro Clean Up Utility and then install 5.3.3.6. http://www.nitropdf.com/professional/support/resources/nitro_cleanup.zip (Be aware Trend Micro see this as a virus). If you need more assistance head to the Nitro Support Webpage: http://www.nitropdf.com/professional/support/index.asp
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 21 June 2010 - Mickyj.com

Windows 2008 R2 x64 Subnet access fails

Mickyj — 20 Jun 2010 16:03:35 GMT

	Cannot access Remote Desktop server from other subnets Keywords: Subnet, Route, Terminal, Remote I have a Windows 2008 R2 x64 server acting as a terminal server/Remote Desktop server, only computers (XP/Vista/W2003) from the same subnet (10.0.0.x/255.255.255.0) can establish an RDP connection! Other users from branch offices over hardware VPN's from different subnets cannot connect. My final solution was to add persistent routes at the terminal server to the remote subnets. E.G router add -p 10.0.1.X mask 255.255.255.0 10.0.0.254 router add -p 10.0.2.X mask 255.255.255.0 10.0.0.254 router add -p 10.0.3.X mask 255.255.255.0 10.0.0.254 (10.0.0.254 is the gateway). All fixed. Reading other comments on the internet and reading the following post (http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/2429ff4d-0211-44a9-9361-6208d92ac3ca) talking about the RDP and firewall on W2008 servers blocks connections from other subnets to prevent attacks 'Man In the Middle' got me confused and I headed down the wrong track.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 20 June 2010 - Mickyj.com

Jeff Middleton's in Town !

Mickyj — 19 Jun 2010 16:03:35 GMT

	Microsoft SMB Community Event - Adelaide Keywords: SMB, SBS, Swing, Jeff Middleton Jeff Middleton, will explain the opportunity to provide predictable and profitable SBS 2008 migration deployments. You will come away with an understanding of infrastructure transition with SBS 2008, or any NT/200x historical platform to adopt Windows 2003/2008 (R2) platforms, as well as any combination of Exchange 2000, 2003, 2007 or 2010. Jeff embraces methodology designed for you to prepared a completed server in advance, maintain the domain, and yet your original domain and server is not modified, the production is not down for construction, and the IT Pro can take your weekends off! To register for the event, please click here - http://events.constantcontact.com/register/event?oeidk=a07e2wv7ya2a2a44672 Where: Microsoft Auditorium, Level 2, 91 King William Street Adelaide, South Australia, Australia When: 22 June 2010 Time: 6:00 pm 9:30 pm
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 19 June 2010 - Mickyj.com

My download is blocked

Mickyj — 14 Jun 2010 16:03:35 GMT

	Can't install an application on a Terminal server Keywords: Terminal Server, Remote Desktop, Blocked I tried to install an application on a Terminal server/Remote Desktop server. I did it using the Terminal server provided installation tool in the control panel and was simply told that I did not have Administrative privledges. I was logged on as the administrator. By right clicking the executable, I found the message .. "This file came from another computer and might be locked to help protect this computer", Checking the check box in the properties screen now allows me to install the file.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 14 June 2010 - Mickyj.com

Consolidation ?

Mickyj — 8 Jun 2010 16:03:35 GMT

	Who owns who ? Keywords: Symantrec, Sonicwall, McAfee What's going on? Everyone is buying out everyone. Symantec to Acquire PGP and GuardianEdge McAfee Acquires Trust Digital Symantec to Acquire VeriSign's Authentication and Identity Business SonicWall directors accept $717M acquisition offer from Thoma Bravo, LLC And many more. Looks like May/June is the time of the year to buy someone out.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 8 June 2010 - Mickyj.com

How to Convert a running server to a Virtual Machine

Mickyj — 5 Jun 2010 16:03:35 GMT

	Convert a live machine to a vhd Keywords: HyperV, Virtual PC, vhd, Disk2vhd Using Disk2vhd from Microsoft you can create an image for a Virtual PC or if the partition is less than 127 Gb, for Virtual PC. http://technet.microsoft.com/en-us/sysinternals/ee656415.aspx
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 5 June 2010 - Mickyj.com

How to Convert a Physical Hard Drive to a Virtual Machine

Mickyj — 5 Jun 2010 11:44:30 GMT

	Convert an offline machine/disk to a vhd Keywords: HyperV, Virtual PC, vhd, winimage Download and install WinImage from http://www.winimage.com/. WinImage is free for 30 days after which there is a small $30 charge. Attach the physical hard drive to the computer on which you loaded WinImage. You can do this either by plugging it directly into the motherboard via an empty SATA or IDE port, or you can use a USB adapter such as this one from eBay, which is by far the easier method. Start WinImage. (If you are running Windows Vista or Windows 7, make sure you run the WinImage (Administrator)mode which can be found under the WinImage folder under All Programs) Winthin WinImage, click the Disk menu item and then select "Creating Virtual Hard Disk Image from physical drive" Make sure the "Include non removable hard disk(s)" box is checked, and then select the hard drive that you would like to make an image of. You can either make a fixed size or dynamically expanding hard disk. I would recommend the dynamically expanding option. Click OK. Select a location to store the .vhd file, and click Save. Be sure you have enough disk space. WinImage will now begin converting the hard drive to a .vhd file. This process could take an hour or more depending on the size of your hard drive.(Virtual PC canot open a partition bigger than 127Gb so keep this in the back of your mind). When the process is complete the .vhd file is ready to be opened with Microsoft Virtual PC If all goes to plan, it will boot into Windows and you won�t have any problem at all. If so you can ignore the rest of the steps and start using it. It is more likely Windows XP will lockup or freeze while booting. In this case, read the following. Usually, the problem is the drivers that Windows is trying to load on startup. You now need your Windows XP cd. Start the Virtual PC, and in the CD menu, select Use Physical Drive. In the file menu select Reset. Press any key when you see the "Press any key to boot from CD" message. Once setup had loaded, type "R" which will load the Recovery Console. Enter the number of the windows installation you want to log onto. Most often its 1. Enter the administrator password if you have one, otherwise hit enter. At the command prompt, type "CD System32" , hit enter. Then type "expand D:\i386\HALACPI.DL_" , hit enter again. Finally, type "copy HALACPI.DLL HAL.DLL", and hit enter. Type Y for yes on the overwrite file confirmation message. (*cd drive letter may vary) Reboot the Virtual Machine. If everything works the way its supposed to you should see it boot into Windows. Likely, you will have to reactivate Windows before it will allow you to actually log on.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 4 June 2010 - Mickyj.com

Multiple PccNTMon process

Mickyj — 3 May 2010 11:36:35 GMT

	Limiting PCCNTMon on a terminal server/Remote Desktop server Keywords: PCCNTMon, RDP Many instances of the PccNTMon (Worryfree, Officescan) process can be created in the memory where the Trend Micro Agent is installed. This happens when you access the computer from a terminal session. To fix this: 1. Open the Registry Editor (regedit.exe). Important: Always create a backup before modifying the registry. Incorrect registry changes may cause serious issues. Should this occur, restore it by referring to the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe. 2. Add the following to the client registry: Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc. Name: RCS Type: REG_DWORD Data: 202 (in decimal format)
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 2 June 2010 - Mickyj.com

MYOB Partner products

Mickyj — 30 May 2010 16:03:35 GMT

	MYOB Partners who need multiple products installed (On Windows 7) Keywords: MYOBAO, Accountright, Premier, Business Basics, Accounting connect Over the last 2 weeks I have been installing alot of MYOB products. I found out installing MYOB AO 12.5.1 on a Windows 7 machine and then installing Myob Accountright 19 breaks the PDF printer in MYOB AO (PDF preview). Reinstalling MYOBAO fixes the printer but breaks the BAS feature in Accountright (Premier). Doing a recovery instrall of Accountright seems to fix the Bas feature. Installing Accounting connect 3 and an old copy of Business basics 1 seems to have not yet done any damage.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 31 May 2010 - Mickyj.com

MYOB AO Can't lodge

Mickyj — 27 May 2010 16:03:35 GMT

	Unable to lodge tax return Keywords: MYOBAO, Date Date conversion Ddmmccyy Date8 error. When you try to lodge, it tells you the persons DOB is incorrect and not in the correct format. The only solution is to contact MYOB for a patch file. This is for MYOB AO 12.5.1
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 27 May 2010 - Mickyj.com

Desktop SQL client cannot access server SQL server data

Mickyj — 25 May 2010 16:03:35 GMT

	My SQL clients can't see SQL Express on SBS Server 2008 Keywords: SQL, SQL Express, SQL client, Port, Firewall SQL app can not access the SQL Express instance on my SBS server. I installed the SQL native client to confirm the client app was not at fault. It would seem at the server, to make the client attach, not only do we need to modify the SQL instance surface to answer via TCP/IP, we need to make changes to the server firewall. I allowed SQL Udp/Tcp 1434 in the firewall and each and every SQL service executable. C:\Program Files \Microsoft SQL Server\MSSQL.1\bin\sqlsvr.exe C:\Program Files \Microsoft SQL Server\MSSQL.2\bin\sqlsvr.exe C:\Program Files \Microsoft SQL Server\MSSQL.3\bin\sqlsvr.exe
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 25 May 2010 - Mickyj.com

MYOB AO Diary error

Mickyj — 20 May 2010 16:03:35 GMT

	Clicking Diary causes a system crash Keywords: MYOBAO, Diary It seems lately, I have been working with MYOB AO more and more lately :) When a client of mine clicks on the Diary icon, it crashes with a Hresult error. It turns out the fix, like many solutions with MYOB in Windows Vista and Windows 7, is to turn off UAC. Solved !
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 20 May 2010 - Mickyj.com

Security threat ?

Mickyj — 18 May 2010 16:03:35 GMT

	Numerous logon failures Keywords: Remote logon failure At work we had 5 client servers overnight report the IP 69.162.127.82 (1,284 times for each client) for remote logon attempt as "Admin" (Recorded in the SBS report). Source port for the logon was 1759. This IP belongs to reverse.lstn.net which is really http://www.limestonenetworks.com/ They have an application which monitors servers, which might be hitting the servers by mistake however, it could also be one of their users being malicious. Anyone else seen this ?
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 18 May 2010 - Mickyj.com

MYOB Accountants Office indexing issue

Mickyj — 14 May 2010 16:03:35 GMT

	Corrupted Indexes Keywords: MYOB, SMB2, Windows7, SBS 2008, Indexes, cdx I have a client that constantly needs to delete the MYOB AO 12.5.1 cdx files to force the product into a reindex due to data corruption. The original symptoms include contact notes corrupting and opening Debtors brought MYOB AO to it's knees. The client previously had SBS 2003 and Windows XP Pro workstations without any issues. This issue has arisen since we put in an SBS 2008 server and Windows 7 workstations. All new hardware (HP ML 350 Server, HP workstations, HP procurve switches and a SonicWALL router). We have bypassed MYOBAO with the Trend Worryfree antivirus, turned off Volume Shadow Copy and Symantec Backup System recovery snapshots during working hours. MYOB Support have suggested applying Microsoft KB's 950836 & 951037. We have done this (Except 950836 is for Vista) and still the issues are happening. Does anyone else have these issues ? Please let me know. I am tempted to turn SMB2.0 off ......
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 14 May 2010 - Mickyj.com

MYOB crashing when you change display settings

Mickyj — 11 May 2010 16:03:35 GMT

	Personalising windows breaks MYOB Premier Keywords: dpi, MYOB When you personalise Windows 7 and change the DPI away from 96dpi, MYOB crashes. This is a well known issue which has been around since MYOB was first made. A pity. I have a few clients who need the bumped dpi so that they can read the writing :) ... Just set the dpi back to 96dpi.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 12 May 2010 - Mickyj.com

MYOB Officelink OLE automation error

Mickyj — 10 May 2010 16:03:35 GMT

	Sending reports to Excel fails Keywords: Excel, OLE, MYOB Hmm, on a clients machine, looks like the OLE DLL files have failed to register. Here are the commands to fix this: C:\Premier19\drvxl32.exe /register C:\Premier19\drvwd32.exe /register Further information is available at http://myobanswers.com/faq/en/Troubleshooting_OfficeLink
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 10 May 2010 - Mickyj.com

Error 1327. Invalid Drive X.

Mickyj — 7 May 2010 16:03:35 GMT

	I can't uninstall program XYZ Keywords: Uninstall, 1327, MYOB Trying to uninstall an old copy of MYOB, I get the error "Error 1327. Invalid Drive X". The uninstaller fails and simply put, I am going nowhere. I looked into the issue and could not find a solution online. I found some ideas at the following link and many more links like it. (This issue is unlikely to be a MYOB issue and more likely a generic program uninstaller error. My Solution might work for other products) The clue for me is the way MYOB installs. It uses your "My Documents" as a pointer or "variable" during the install. My "My Documents" points to a network drive on my server. It is mapped and appears under "Computer" as a valid drive letter and I can open it however, the uninstall will not continue. I know from past experience, MYOB has issues locating network drives when Vista UAC is turned on. Thinking out loud, I jumped to the conclusion the MYOB uninstaller is not seeing the drive correctly. I repointed my "My Documents" back to my Physical C:\ drive and tried the uninstall again ... It wants to work correctly. WooHoo. Here's an issue, I edited a group policy to be able to do this. If one of the normal users without access to the server has the same issue, what can I do ? The PC local administrator has a local "My Documents". I simply logged off and back on as the local Administrator and tried to uninstall. It worked perfectly. Awesome !
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 7 May 2010 - Mickyj.com

How can I allow Pop3 Access to my Exchange 2007 server ?

Mickyj — 5 May 2010 16:03:35 GMT

	..... It was so easy and just worked in Exchange 2003 ... Keywords: Microsoft, Exchange, PowerShell, POP3 First note, the Administrator built-in account cannot used with pop3 and imap. Second note, enable the POP3 service. Unlike previous versions of Exchange, default login type for pop3 and imap is SecureLogin Using TLS. You can change it to PlainText using the PowerShell commend Set-PoPSettings -LoginType:1 To make sure that login type has changed use get-popsettings and get-imapsettings Now restart pop3 service. For those who use the GUI 1, go into the Exchange Management Console 2, expand the Server Configuration node 3, go to Client_Access:POP3_and_IMAP:POP3 4, open the Properties page for this item 5, go to Authentication:Logon_Method By default, this property is set to Secure_Logon, of course. You need to change it to Plain_Text in order for most POP3 email clients to work. Now test it.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 5 May 2010 - Mickyj.com

How can I access Companyweb as a filesystem ?

Mickyj — 3 May 2010 16:03:35 GMT

	Can I access WSS from a mapped drive? Keywords: WSS, Microsoft, SharePoint, Team Services, Webdav From the command prompt you can use WebDav *net use http://companyweb/** This provides a drive letter mapped to your CompanyWeb. This could also be done in XP using Network places.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 3 May 2010 - Mickyj.com

Adobe PDF threat

Mickyj — 1 May 2010 16:03:35 GMT

	Spam attack tries to compromise computer systems in APAC Keywords: Adobe, TrendLabs "TrendLabs has detected a spam attack today that spreads as an email that tricks recipients into opening a malicious PDF file, which in tandem with an embedded VBScript may penetrate a victim�s computer and drop so-called WORM and rootkit components. The WORM component spreads through computer devices that are detected by infected systems and will automatically execute an autorun,inf file as soon as a user activates an infected device. In addition, the malware deploys a stealth technique by using a rootkit component to prevent itself from being discovered. The main payload of this attack is an URL to establish a connection to a malicious website that may enable cyber-criminals to gather information and to further compromise an infected system. Remediation TrendLabs has successfully blocked the URL that establishes the connection and performs a cleanup of the remnants of the attack by using the Trend Micro™ endpoint solutions. Involved Malware in this Attack TROJ_PIDIEF.ZAC; VBS_EMOTI.A; WORM_EMOTI.A; RTKT_EMOTI.A "
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 1 May 2010 - Mickyj.com

Forefront antivirus product causing confusion

Mickyj — 30 Apr 2010 16:03:35 GMT

	Forefront is messing with my mail Keywords: Forefront, Microsoft, Security, Virus, detection, false FILE QUARANTINED The original contents of this file have been replaced with this message because of its characteristics. File name: 'testfile.xlsx' Virus name: 'UnwritableCompressedFile' The official reason for this error is: "The UnwritableCompressedFile event is triggered when an OpenXML file (a container file) has a piece removed or that needs to be updated by Forefront. Unlike a zip file, Forefront cannot write back to the OpenXML container file and isolate the specific contained file while keeping the original OpenXML container file in tact. OpenXML files are much more complex than zip files. If a contained file within the OpenXML file needs to be updated/removed by Forefront the original OpenXML file cannot be written to and kept in tact, therefore you see the "UnwritableCompressed" event and the entire container file is removed." The Fix.... 1. In the Forefront Server Security Administrator on your SBS server and select Filtering 2. Select Transport Scan Job 3. Create a File name filter for .xls 4. Select File Type OPENXML - OPENXML file type 5. Select Action: Skip: detect only 6. click Save Repeat steps 3 to 6 for .docx and *.pptx
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 1 May 2010 - Mickyj.com

Happy Birthday to me !!!

Mickyj — 27 Apr 2010 16:03:35 GMT

	Mickyj gets grey hairs! Keywords: Birthday Today is my birthday. WooHoo ! Just had to mention it in my Blog :)
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 27 April 2010 - Mickyj.com

Xerox document centre 350

Mickyj — 25 Apr 2010 16:03:35 GMT

	Working with Vista and Windows 7 Keywords: Vista, Windows7, Xerox, offline I have to hook a network Xerox up to talk to some Windows 7 machines. All the drivers made by Xerox for this printer stop at Windows XP. Trying other versions of various drivers cause the workstation to tell me the printer is offline. Xerox has some software as a part of their driver that will actually hit the printer before sending a job to the printer shared on the server. As this piece of the puzzle is missing, I can't print. What I have done is setup a Windows XP PC as a print server with the correct Xerox drivers. It prints fine every time. I have then setup the drivers on the Windows 7 Machines as HP 2200 PCL printers (Post Script does not work). Working with various printer drivers in the HP range I have the workstations printing to 2 out of the three trays and duplexing. I see many people have trouble with the Xerox document centre 350 and Vista so hopefully someone else out there will try this and get back to me with the best HP driver to use :)
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 25 April 2010 - Mickyj.com

CHM in Windows 7

Mickyj — 19 Apr 2010 16:03:35 GMT

	Windows 7 and help files Keywords: CHM, help, Windows7 Recently I had the need to upgrade a clients site from Windows XP on SBS 2003 to Windows 7 clients on an SBS 2008 server. They were running a specialist application which was not so much installed but rather, the executable files and support libraries sat on a network share that the client PC's could see and access. They would run a shortcut to the main executable and live in that environment. Since installing Windows 7, when they use this application (Which is Windows 7 compatible) and click help or press F1, they get an error. The help file will appear, but instead of the topic text you will see an error message "this page cannot be displayed". This is a new security feature that is not specific to Windows 7, this is just where I first noticed it. Microsoft released a security patch that makes it impossible to view CHM files that are stored on a network drive (as opposed to CHM files stored on your own computer). The security patch and its effects are fully described on Microsoft's web site at Kb 896358 If you trust all the computers on your LAN or intranet (and the people using them), you can lower the restrictions on the Local Intranet zone to allow CHM files to be displayed with the following steps: 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions If this registry subkey does not exist, create it. 3. Right-click the ItssRestrictions subkey, point to New, and then click DWORD Value. 4. Type MaxAllowedZone, and then press Enter. 5. Right-click the MaxAllowedZone value, and then click Modify. 6. In the Value data box, type 1, and then click OK. 7. Quit Registry Editor. If this solution does not work for you, please see Kb 896358 for alternatives.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 20 April 2010 - Mickyj.com

Repairing the network connection using command lines

Mickyj — 18 Apr 2010 16:03:35 GMT

	Stupid wireless card Keywords: refresh, network I have an MCE 2005 PC. It is connected via Wireless to my router and is just on the borderline for signal. Sometimes it will get 18mbit, sometimes nothing. I find that the card will often get a signal after I right click the network card in the task bar and repair the connection. (This is a Windows XP feature allowing you to repair a network connection. You can also go to the Network Connections options in Control panel (Control Panel / Network Connections), right click on the network connection you want and choose the repair option.) I want to automate this so that I can get my EPG guide down everyday. I want a batch file as a task, doing a command line version of a refresh. Here is what to do: netsh int ip reset c:\ network-connection.log c:\network-connection.log represents the address of the file in which the reporting will be stored The netsh int ip ...command allows you to reset the TCP/IP. With Windows XP Service Pack 2, you can use: netsh winsock reset catalog Resetting the socket which manages the TCP/IP. Now I can repair the connection just before downloading the EPG data.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 18 April 2010 - Mickyj.com

How to secure a connection to Windows 7

Mickyj — 17 Apr 2010 16:52:55 GMT

	Can Windows 7 be a VPN endpoint ? Keywords: Windows 7, VPN, end-point Yes it can. Why ? So that you can securely exchange files and do not need RDP, Logmein, VNC etc Here are the steps for configuring Incoming VPN Connection in Windows 7 First go to Control Panel and open Network and Sharing Center. Click on Change adapter settings. Press Alt+F and select New Incoming connection Put a check on who you'd like to give access to this computer or you can configure a new account by clicking on Add someone,after that click on Next. Select the protocols you want to enable for this connection. Click on Allow access. Make a note of the Computer name, IP etc as this will be used by the client to connect to this computer and after that Click on Close. You will also need to allow the VPN through your firewall and point the ports (1723) to this PC
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 17 April 2010 - Mickyj.com

Anyone else have a truck go through their lounge room ?

Mickyj — 16 Apr 2010 16:03:05 GMT

	Tremor/Quake in Adelaide Keywords: Adelaide, Tremor, quake My wife and I had a tiring week. We decided to watch the Matrix on DVD and Chill out a bit. She fell asleep, but I continued to watch. Just as the surround sound started to kick in and the scene where the helicopter exploded into the building sending a wave of glass along the building .. the house moved. She woke up, I fell off the couch. There was a loud rumbling noise for several seconds (And the house was cracking) and then .. nothing. No noises. The house had settled. Adelaide had a tremor. At 11:30 pm (ish) on the 16th we had a 3.8 on the Richter scale. Looking at the websites I could find nothing. I started tweeting in twitter and suddenly, everyone was talking about it. It was felt from Victor Harbour/Kangaroo Island, all the way to Kadina (200 kms away). The tall buildings in the city centre swayed and the stillness of the night was gone. If felt like a truck had been through my living room. The next day, it was labelled an Earth Quake. There have been many of late. Especially in the Pacific area. There were nine Earth Quakes today around the pacific rim, the Solomon's and Papua New Guinea. I guess living in the foothills of the Mount Lofty ranges, I was bound to feel one sooner or later (this was my first). Wiki on the Mount Lofty ranges I found the best place (And only place for quite a while) was http://forum.weatherzone.com.au/ubbthreads.php?ubb=showflat&Number=859258 for information. Tonight's tremor was strong by Adelaide's standards, but a previous earthquake in 1954 was 5.4 magnitude, occurred near the heart of the city and caused the equivalent of $6 million damage to property. In this quake, the epicentre was close to Mount Barker, 40 kilometres east of the capital, in the Adelaide Hills. It may have been a relatively deep earthquake therefore lessening the effects immediately above it on the surface. It has been suggested it was 15 kms deep. Maybe time to move but to where ? Looking on the news, I see the China earthquake, Chile and a bunch of others. If the quake does not get us .. maybe the tsunami's will ?
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 16 April 2010 - Mickyj.com

Check your iPhone Data usage with Telstra

Mickyj — 15 Apr 2010 16:03:34 GMT

	Am I using up all my data quota? Keywords: Telstra, Data I receive an SMS from Telstra (Australia). "You are 80% over your data quota for the month". So I freak and check out how far along into this, my first month, I am. This is day 8. Apparently I have downloaded 600 MB of an allowed 700 MB. This is huge. I know I have visited the App store on my new iPhone but I downloaded almost all my data through iTunes. I started reading posts on Whirlpool. Heaps of people are talking about the iPhone being permanently on the 3G network and constantly shifting data about. This is nothing like my WM iMate. I used that phone as a Modem for a scout troop for 1 weekend. We used it for Internet IRC chat. We used 60 MB over the whole weekend, and surfed a little. My iMate had a 1 Gb limit and I rarely used over 200 Mb per month. What's the deal ? I use my phone over Activesync with my Exchange server so I am not about to sever ties with 3G ! If you use Activesync and push features, a constant data connection is kept alive, to enable the "push" services to work. I give up. I have turned all my push apps off. Now here is how you can check your iPhone data usage 1. Make sure you're connected over 3G (not WiFi) 2. Click Settings -> Phone -> Telstra Services -> Bigpond Mobile for iPhone [Web browser should open to the generic Bigpond mobile landing pad] 3. Scroll down click "My Account" 4. Click "Data Usage Snapshot" 5. Click "Mobile Data Usage" You should see a graph of the current billing cycle. You can also ... SMS the word "USE" to phone number 176 and you get a SMS back with your usage. Finally .. you can also .... View My Data Usage (via the Internet) for your mobile service(s), you are required to add them to My Data Usage database. To add/delete a mobile number: 1. Log onto the https://es.telstra.com/MyDataUsage/ using your Telstra.com Username and Password. If you do not have Telstra.com account, you will need to create an account (Join Telstra.com option) 2. Click on the "Setup" tab. 3. To add a mobile number: In the "Add a new Mobile number" field, enter the mobile number to be added and then click on the button. If you make a mistake, click on the button. A PIN number will be sent via SMS to the mobile number you are registering. Enter the PIN number onto the website and click "submit" Once the PIN is confirmed you will see the message "You have successfully added your mobile number 614xx xxxxxx"
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 15 April 2010 - Mickyj.com

My love - hate relationship with my iPhone

Mickyj — 14 Apr 2010 16:02:46 GMT

	Looking for the perfect phone Keywords: iPhone, WM, iMate, Windows Mobile, 3Gs, Like, dislikes, compare My struggles with the i-Mate Ultimate 9502 Phone are well documented amongst my blogs.. Especially if you refer to 28 June 2008 I have had everything from the phone crashing when I take a photo through to complete chaos when I try and take a call and it ignores me. I found Windows Mobile (WM) slow on this device, slower than my old Dopod. In answer to this, came some "cooked" ROMs for the latest HTC touch and HD2. WM6.5 for HTC Touch Pro2 seemed to provide a better solution. Along came my iPhone. I instantly fell in love with the freebies on the App store. I loved playing Bluetooth games with iPod touch and other iPhones. I loved how quick it was and lack of memory leaks. The camera is snappy and just works. There are live rendering tools for manipulating photos and playing with video. Suddenly I feel I have lost nothing and gained lots with my move to an iPhone. I have downloaded registry editors, file explorers, GPS tools and games for the WM phones. I had it running "The need for Speed" and "Tomb Raider". It doubled as my TV remote, my 3G modem. I had antivirus on it, word and excel files. It was my life and I was tweaking it to within an inch of it's life. Now, I feel like I am having an affair. The iPhone has my affection. I found many places in WM to hide settings and many things to tweak. I can't find the same rabbit warren of settings on the iPhone. There is very little to tweak. Maybe that is why it works ? I love full browser rendering, Java compatibility, full HTML email and Activesync. I love the tilt and movement sensors in the phone and finally a voice control that actually works. Why would I ever leave this device back to my imate or an new HTC ? Perhaps the iPhones nasty data usage? I have had to turn all push technologies off. I love that Twitter, eBuddy and Twitter can keep me in the loop. I love that Trapster can tell me when I am approaching a speed camera in my car but seriously ... I am eating through my Telstra data pack. Then there is Cut and Past (Or lack there of). Sure, it has a rough cut and paste system but I can't get used to it. I am used to cutting something from an SMS, into an email or browser on my WM. I enjoy mid sentence or mid word selection with a stylus on my WM phone. Then there is the Tethering. I found Bluetooth to a laptop tethering quite painless except ... nuisance popups saying I need to install new hardware device drivers on my laptop. Even wit the latest iTunes. Then I find I can't USB tether without iTunes installed. I am often using my phone as a modem in the IT field. Suddenly I have lost a resource as I need to install iTunes everywhere. Then there are the crashes. Yes, the mighty iPhone crashes. I have had three now. One when it was Virgin and clean. I simply changed my email signature. The phone's screen went all messy, then black. Then the Apple logo came up and then the system went through a soft reboot. I know it was not a hard reboot as it did not request my Sim pin number. Now lets look at the battery life. Dead by lunch time. This is the 3Gs. I have Bluetooth turned on 24x7 as I am always hopping in and out of the car. WiFi off, push all off. I make a few calls and then ... the phone looses power. I did far more on the WM phone and it lasted he day. Then there is the signal strength. It does not seem to be as good as the WM phones I have had, with the same carrier. Then there is the Microphone, where people tell me that they can't hear me. Finally, how do I put my own tune in the phone as a ring tone?, how to I yank photos of files from the phone ? The WM phone appeared as a disk drive in Windows and I could drag and drop things to and from it. now I have to use iTunes and then I have to hack about to put my own ring tone in. I do not have direct access to my files. I have to Sync and then somehow extract photos. I do love my iPhone and I think it will be staying however, why can't someone invent a phone with the great things from WM and the great things from iPhone? Maybe Android ?
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 14 April 2010 - Mickyj.com

Why I wish my garage door hinge was made by Hewlett Packard

Mickyj — 13 Apr 2010 21:18:21 GMT

	Why a Carepaq should never be overlooked Keywords: HP, Server, Carepaq Do you wish you had some form of warranty protection you could renew and keep running ? I do. I came home tonight to a broken garage door hinge, a door dangling across my path and another hit to the wallet. Don't you wish in a situation like this you could make one phone call, quote a number, let someone else come and fix it, no additional cost to you and the parts are reserved just for you in the case of failure ? Well you can with a Hewlett Packard server. When you buy a HP server, make sure you do not stay with the standard warranty. It is a good three year warranty but it is a server. It runs your business. Can you afford for it to be down for 8 hours with a promise of parts coming overnight? I always recommend a 4 hour response and prefer 24x7 or at least a 5 day a week (weekdays) by 8 hour Carepaq. HP will get back to you within 4 hours, reserve spares for you and work on your server for free to bring it back up. Now here's the really cool part. What happens at three years ? We all know servers start to age and can fail. Well, HP send you a letter to offer for you to extend your Carepaq. This is awesome. I have a few servers out there that are about 10 years old, still going and still under a Carepaq. You only need to loose one hard disk, a power supply or RAID controller and the Carepaq has paid for itself. As the server pushes beyond 4 years you need some form of protection. HP looks after you. Here's some even bigger news, if you have fitted a HP backup unit or additional HP item's (After your initial purchase) if it is within the server, it is covered under the same Carepaq. If you are on a Carepaq and it is about to expire, do yourself a huge favour and reregister in the Carepaq system and pay your money. It is money well spent. Now I need to go and buy a new hinge .. Grrr.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 13 April 2010 - Mickyj.com

Getting performance out of HyperV

Mickyj — 12 Apr 2010 21:18:39 GMT

	Building a pass-through drive Keywords: Sata, Sas, RAID I have been playing with HyperV for some time now. I have tried numerous operating systems and different hard drive setups. I have been reading up on the recommendations of others for BizTalk and SQL servers. They have been recommending as many drive spindles as possible for images to be hosted on and where possible, pass-through drives and SAN's/iSCSI for databases. I have also found over compensating for ram within HyperV Childs creates massive pagefile's and these sit in the VM's and can make servers run slow. So what do I do to get speed ? Firstly lets set the Scene. I have a Hewlett Packard (HP) ML 350 G6 with 24 G ram, 6x SAS 15k hard disks in a hardware RAID 5. My test application is MySQL with an Apache front end and a specific report I know I can run and time accurately . This application is huge and will support about 50 - 60 people. So I told the HyperV session to have loads of ram (Expecting it to be a little like SQL which will takes as much ram as you can give it). 9 Gb of ram creates a 13 Gb page file and as it turned out, it was completely unneeded. Task manager shows the MySQL database to take 400 mb of ram when it was under stress. So I cut the ram back to 4 Gb. The other item to note, the more ram you give to a child, the more ram the parent needs to manage it so 4 Gb was perfect for my purposes. Now I tried the test, first with the VM on a RAID 5. The benchmark I have to compare is 6 minutes. This is being compared with a Quad care physical server with a local install of Linux, MySQL and Apache. The test failed as it took 30 minutes. (With minimal users on the system). Now, I leave the VM on the RAID5, stick in a Sata drive and used it as a Pass-Through drive with the database in it. Running the report takes 6 minutes. Put some other users into the system and now it goes back to a 30 minute report. I expected this with Sata, not good under multi-access stress. Now I put in 2x SAS 10k drives, RAID 0 stripe, and setup as a pass-through. The report takes 3mins 45 seconds. Now I get others to get into the system, the report pushes to 5 mins 40 seconds. I then built a 3x SAS 10k drive stripe. It does the report in 3 minutes 55 seconds. It is taking longer with more spindles. I then made a 3x disk RAID5. The report took 7 minutes. Under load it took 9 minutes. Looks like a 2 disk stripe with 15k Sas drives will give me the speed I need.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 12 April 2010 - Mickyj.com

New Malware for Torrent users to watch out for

Mickyj — 7 Apr 2010 21:18:10 GMT

	Stupid Malware, yet again Keywords: Malware, torrent Here's a new one. The latest to hit torrent users is a popup that looks so serious, people are freaking out. If you see this at work, you had better find out how it got there as this popup indicates someone is doing the wrong thing. It is being spread via bittorrent � not something you should use in a corporate environment. I was going to post the popup here, but luckily someone has already posted is so here's their image and a link to their page
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 7 April 2010 - Mickyj.com

XP Internet Security 2010 is a rogue security program

Mickyj — 6 Apr 2010 21:19:56 GMT

	Stupid Malware again Keywords: Malware, Internet Security 2010, Avs.exe, Regedit I have had a number of clients recently who have somehow downloaded the XP Internet Security 2010. Problem is, they cleaned it up with some form of Malware cleaner that killed their ability to run Exe files. This includes right clicking My Computer (Which runs Rundll.exe). XP Internet Security 2010 is a rogue security program that reports false threats and displays fake security alerts to make you think that your computer is infected. This Malware is distributed through the use of Trojans that usually come from fake online anti-malware scanners or misleading video websites. I usually kill this with task manager under C:\Documents and Settings\Username\Application Data\avs.exe Then use the following to repair the exe file issue. Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\Software\Classes\.exe] [-HKEY_CURRENT_USER\Software\Classes\secfile] [-HKEY_CLASSES_ROOT\secfile] [-HKEY_CLASSES_ROOT\.exe\shell\open\command] [HKEY_CLASSES_ROOT\.exe] @="exefile" "Content Type"="application/x-msdownload"
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 6 April 2010 - Mickyj.com

Auto-response to external (Internet) addresses with Exchange 2007 and Outlook 2007

Mickyj — 3 Apr 2010 21:19:22 GMT

	Emails to a public folder, rule not working Keywords: Public Folder, External email, Folder Assistant, Exchange 2007 Recently I was asked to setup an email address attached to a Public Folder that would be used for responding to Helpdesk requests. I was instructed to make any emails received by this account to receive an auto-response. I set up a mail enabled public folder called Helpdesk giving the folder the appropriate email address. Next, using the public folder Folder Assistant I created a rule to be applied to all messages that were received or posted to this folder. (Found in the Properties of the public folder). I created the rule by checking the "Reply with" box under the "perform these actions" section of the folder assistant. Next, in order to create my auto-response template I chose the "Template" button next to the "Reply with" checkbox to bring up a blank email message. You do not need to put anything in the TO:, BCC:, or other fields unless you want to. After you are done typing out the email and attaching a logo you can save the message template and click OK to close the windows. As I am an external party and need to be alerted when an email is sent to the Helpdesk, it was rather embarrassing when none of the auto-responses were working to external addresses. I tried forwarding to the administrator and forwarding that to me and settings myself up as a contact in the Active Directory. The actual fix is to go into the Exchange Management Console - Organization Configuration - Hub Transport - Remote Domains - open Default and go to Format of original message sent as attachment to journal report: and make sure the "Allow Automatic Replies" is enabled. This will allow the auto-response messages to reach the external senders. If you do enable this, all other public folders can now send out emails as well so be ... careful.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 3 April 2010 - Mickyj.com

552 MS-Office file containing VBA macros found inside of the email

Mickyj — 2 Apr 2010 21:16:05 GMT

	Emails keep getting blocked Keywords: Sonicwall, VBA I have a new server, just gone in. We have Exchange 2007, Trend Micro Worryfree and Sonicwall Antispam on their Sonicwall Applicance. The client is trying to receive emails ith Excel XLS files attached. They keep getting bounced back with "552 MS-Office file containing VBA macros found inside of the email". Having already used PowerShell to whitelist the sender and allowing all xls files through Trend Micro, we stil could not work out what the blockage was. It turns out it was the SonicWall. Sonicwall Firewall, under Security Services, under Gateway Antivirus, under global Settings, SMTP settings, restrict transfter of MS-Office type files containing macros VBA5 and above. If this is checked you will get this error.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 2 April 2010 - Mickyj.com

Congratulations Boon !

Mickyj — 1 Apr 2010 21:16:05 GMT

	New Australian MVP Keywords: SBS, MVP, Microsoft Welcome to the MVP program Boon Tee. To arguably the best group within the MVP fold. The SBS MVP team. I wish you well and know you will do excellent things. Big thanks to Mariette for nominating him.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 1 April 2010 - Mickyj.com

Fare thee well EBS 2008, we hardley knew ye !

Mickyj — 8 Mar 2010 11:52:21 GMT

EBS 2008 is dead. Long live EBS (Or should that be SBS)
Keywords: EBS, Microsoft, 2008, Discontinued

The rise and now fall of Microsoft Essential Business Server. The axe has fallen and EBS 2008 is now out cold, in the street, homeless. I am shocked but what can we do?

Send feedback about this particular blog
Read Feedback from others

Refer to the Mickyj Hardware blog or the Malware blog.
If you prefer to Twitter, look here

8 March 2010 - Mickyj.com

Not downloading Offline address book files. A server (URL) could not be located.

Mickyj — 30 Jan 2010 11:52:21 GMT

	Outlook Send/Receive causes an error Keywords: oultook, exchange, offline, address books Outlook is telling me it did not do a successfull ssend receive with Exchange. It logs an error into the Sync Issues subfolder. After much digging about, I found that there are many solutions on the internet. Again for me, Exchange Rollup 9 fixed the issue (As per yesterdays blog). There are many other solutions so I thought I would post my links to those I found with good credible solutions. Ms Exchange Forums Petri pages 123 Together support
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 30 January 2010 - Mickyj.com

Outlook 2007 on SBS 2008, authentication popup; revisited

Mickyj — 26 Jan 2010 11:48:52 GMT

	Password popup solution Keywords: Outlook, Autodiscovery, exchange, password Back on the 23rd December 2009 I commented on a password popup issue I had with outlook 2007 on Exchaneg 2007. It looks like Exchange 2008 Rollup 9 fixes this issue once installed. If anyone else gets this issue, give it a try.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 26 January 2010 - Mickyj.com

SBS 2008 changing user details in the wizard

Mickyj — 25 Jan 2010 11:41:54 GMT

	It causes an error ? Keywords: SBS 2008, Wizard, user On more than one occasion, I have had to change a setting for a user in SBS 2008. It might be to give them remote web workplace access or some other role. Upon trying to apply and exit the wizard I get the error "Invalid E-Mail alias", "This e-mail aliias already exists. Type a different e-mail alias". I was not changing their existing e-mail alias so I have no idea why the alias was ok when I opened the wizard but by the end it was not acceptable ? My quick and dirty solution was to give the person another Alias and then open the Exchange management tool and change the Alias back. All back to normal but .. this is weird.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 25 January 2010 - Mickyj.com

IE6 Security Alert !

Mickyj — 23 Jan 2010 14:37:06 GMT

	Vulnerability in IE6 now has a patch ! Keywords: China, Google, hack, vulnerability, out of band, patch, IE6, Microsoft IE6 Security Alert ! Upgrade to IE8, turn on Autoupdate's or manually install the following patch. Protect yourself from the vulnerability that allowed Chinease hackers to hack Google and others. Microsoft Security Bulletin MS10-002 - Critical
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 23 January 2010 - Mickyj.com

Hide Drives in My Computer

Mickyj — 7 Jan 2010 13:28:44 GMT

	Hide drive Access (As opposed to blocking access) Keywords: Hide, drive letters This is the last policy to help my friend block children from causing chaos (Refer the last two days of blogs) This setting allows you to control which drives are visible in My Computer and Explorer. It is possible to hide all drives or just selected ones. Open your registry and find or create the key below. The "NoDrives" value uses a 32-bit word to define local and network drive visibility for each logical drive in the computer. The lower 26 bits of the 32-bit word correspond to drive letters A through Z. Drives are visible when set to 0 and hidden when set to 1. If your not happy working in Hex, add these decimal numbers to hide the drive(s): A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L: 2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144, T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z: 33554432, ALL: 67108863 For example to hide drive A and drive D, you would add 1 (A) + 8 (D) which means the value should be set to "9". To disable all the drives set the value to "67108863". Restart Windows for the change to take effect. (Default) REG_SZ (value not set) NoDrives REG_DWORD 0x03ffffff (67108863) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\... Registry Settings User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] Value Name: NoDrives Data Type: REG_DWORD (DWORD Value) To hide just drive C:, use a value of 4.
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 7 January 2010 - Mickyj.com

Hide Control Panel, Printer and Network Settings

Mickyj — 6 Jan 2010 13:24:38 GMT

	Lock down by denying access! Keywords: Policy, block, Control Panel, non domain Following on from yesterday, today lets block the control panel. This restriction removes the Control Panel, Printers and Network Connection settings from the Start menu. If the Taskbar settings are also hidden it causes the Settings menu to be completely removed. Open your registry and find the key below. Create a new DWORD value, or modify the existing value, called 'NoSetFolders' and edit the value according to the settings below. Exit your registry, you may need to restart or log out of Windows for the change to take effect. (Default) REG_SZ (value not set) NoSetFolders REG_DWORD 0x00000001 (1) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\... Registry Settings User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] Value Name: NoSetFolders Data Type: REG_DWORD (DWORD Value) Value Data: (0 = disabled, 1 = enabled) Note: This tweak may also disable the Windows Explorer hotkey shortcut (Windows + E).
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 6 January 2010 - Mickyj.com

How can I hide a user from the Welcome Screen in Windows XP?

Mickyj — 5 Jan 2010 11:14:24 GMT

	Hidding logon users Keywords: Policy, regedit, users, logon, non domain I have a client who looks after a parent with wayward children. They log onto the home PC, install things and generally cause issues. The client is used to a Domain controlller running Active Directory and Group polcies. They need to start thinking local policies and registry editing. The client wants to block access to control panel, hide drive C: and hide the parents logon account at the Welcome screen. Lets start with the Welcome screen and in tomorrows blog, move to the control panel etc. Open Registry Editor. In Registry Editor, navigate to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList Create the following entry: Username: REG_DWORD (Where Username is the username of the user you want to hide from the Welcome Screen). Assign a value of 0. Close Registry Editor. Reboot. This will prevent the user from showing up on the welcome screen. You will need to press CTRL-ALT-DEL twice at the logon screen to get the domain logon style box to be able to logon to the account you've hidden. Adding a username and setting the value to 1 will cause that user, such as Administrator, to show up on the Welcome screen as well. (The Administrator is hidden by default)
	Send feedback about this particular blog Read Feedback from others Refer to the Mickyj Hardware blog or the Malware blog. If you prefer to Twitter, look here 5 January 2010 - Mickyj.com