Rapid Networks Technotes blog

Fix for Outlook not displaying images in emails.
     Wednesday, November 15, 2017

The first thing to try, obviously, is to go into Trust Center Settings and uncheck "Don't download pictures automatically . . ." in the Automatic Download section.
But if that doesn't work, the next thing to try is moving the Internet Explorer Temporary Internet Files folder. Open Internet Options from Control Panel or IE, and on the General tab, Browsing History section, click the settings button, and then the Move Folder . . . button. You'll have to log out and back in, and that should fix the problem.

 Reset a password in Windows 10 using a flash boot disk.
     Friday, May 5, 2017

Just follow the steps here.

  How to set a reliable time source on a Windows 2016 Server.
     Monday, May 1, 2017

W32tm /config /update /manualpeerlist:pool.ntp.org /syncfromflags:manual
W32tm /resync

If you want to, you can create a batch script with that second command, and set it to run every 4 hours or so, indefinitely. That will keep the server in sync forever (or until someone changes the password for the account you are using to run the scheduled task).

 How to repair Windows 10 broken start menu and missing Edge.
     Monday, March 7, 2016

I recently had a user whose Start menu broke in Windows 10. Every time she clicked it, she got a dialog box that stated "Critical Error - Your Start menu isn't working. We'll try to fix it the next time you sign in." The only option on the dialog box  was a button to sign out. But signing out or restarting never fixed it. Some people online reported that starting in Safe Mode, shutting down then going back into regular mode fixed it, but not for this particular user. Here are a couple of other methods to try. Eventually we discovered that uninstalling the Dropbox application fixed the problem. But then we noticed that her Edge browser was missing. So we had to follow the steps on this web page to reinstall it.

 How to repair Windows 8 boot process for installs using UEFI BIOS.
     Tuesday, February 16, 2016

For machines that somehow have their boot files damaged, there are plenty of instructions online explaining how to repair them. But they all refer to a c:\boot folder. I ran into a laptop which didn't have that folder at all. Turns out that is a sign that the OS is booting from a UEFI BIOS, and there is a separate (very similar, but a bit longer) list of steps for how to repair those types of Windows installs. The best one I found here. The steps go like this - after booting using Windows 8 boot media, and getting into a command prompt:

  • diskpart (opens Disk Partitioning tool)
  • select disk 0
  • list volume (please note the number of the volume that has no drive letter assigned and has FAT32 listed in Fs column, usually the only FAT32 volume/partition)
  • select volume <the number of 100-500 MB FAT32 volume with no drive letter, or with label ESP, EFI or SYSTEM>
  • assign letter=Z: (gives drive letter Z: to EFI System Partition)
  • exit (closes Disk Partitioning tool)
  • cd /d Z:\EFI\Microsoft\Boot\ (changes current folder in Command Prompt window)
  • attrib Z:\EFI\Microsoft\Boot\BCD -h -r -s (removes hidden, read-only and system attributes from BCD folder)
  • ren Z:\EFI\Microsoft\Boot\BCD BCD.old (renames BCD folder to BCD.old)
  • bootrec /rebuildbcd (retries the rebuild)

Now, in the Add installation to boot list line, type A and press ENTER. The new BCD is ready, close Command Prompt and restart your computer.

 How to Activate Windows 10, when it doesn't do so automatically after an upgrade.
     Monday, February 1, 2016

For some reason, I had an upgraded copy of Windows 10 fail to activate. The fix was to run SLUI 3from the Run box, which allowed me to re-enter the Windows 7 product key. Once entered Windows 10 was able to activate itself successfully.

 Effective method for deleting and removing pesky files and folders that refuse to be deleted.
     Sunday, January 31, 2016

This is a great one.
First, open a Command window, and go to the directory containing the file or folder that won't delete.
Next, use dir/x to display the file or folder's 8.3/DOS style name.
Finally, delete it using del or rd and the 8.3 file/folder name.

Extremely simple, but it has worked for me every time I have tried it.

 Simplest method yet for configuring Autodiscover with Exchange 2010/2013.
     Saturday, January 16, 2016

This is by far the easiest method I have yet found for configuring Autodiscover. Not only is it incredibly easy, it also avoids having to use SAN (Subject Alternate Name) SSL certificates. Basically, just create a SRV record for the domain, pointing to the apropriate server. Awesome article.

If you need to update a DNS server for a domain where the email is hosted on Office365, the SRV record needs to point to autodiscover.outlook.com. At least, that is the best I've been able to find.

Here is another web page that discusses multiple methods, including two that are particularly helpful.

One is a method for placing an autodiscover.xml file on a PC, and configuring the registry to tell Outlook to look at that file to enable autodiscover. This is helpful when you have no access to a domain's DNS servers, or file structure of their website.

The second is instructions for placing that same XML file into an autodiscover subdirectory of the website.

 How to fix it when users are unable to launch Windows Update because it has been disabled by the network administrator.
     Thursday, January 14, 2016

This is caused by some domain-level policies. I've mostly seen it on Windows SBS servers. Anyway, here's a great article on how to get around it.

 Enable Bitlocker in Windows 8 on a machine without a TPM.
     Thursday, January 14, 2016

Microsoft Bitlocker encryption is a terrific way to achieve whole-disk encryption, though it is only available on Professional-level operating systems. Another problem is that by default, it can only be activated on systems with a TPM chip. Luckily, there is a simple registry entry or Group Policy entry that will enable it even without the TPM. Here's the article with the details.

 Outlook may suddenly start only in Safe Mode.
     Thursday, January 14, 2016

This problem started in early December, 2015, and is caused by a Microsoft Windows Update - KB3114409. You can fix it either by uninstalling the KB, or by creating a registry entry that disables Safe Mode fo Outlook entirely. Here is a very good article, explaining the registry key.

 How to uninstall LogMeIn on a Mac.
     Thursday, January 14, 2016

Regular Uninstall  -  Manual uninstall

 Outlook suddenly starts returning search results starting with the oldest emails first.
Thursday, January 14, 2016

One user had this problem, and then it reoccurred a few months later. Suddenly when they were searching from the search box in Outlook 2010 (on a Windows 7 Pro laptop), their search results were listed from the oldest email in their folder first. Because of this, searches were taking a very long time to complete, since the emails they were looking for were usually the most recent, not the oldest.

It took me a while to pin this down, but basically, if Windows 7 search feature is not functioing properly, Outlook reverts to its own built-in search, which has this unfortunate behavior. In this case, the Indexing Service had become disabled, and I had to go into the list of Windows Components and reactivate it. Once that was done, restarting Outlook returned it to its previous search behavior. BTW, the other component of WIndows 7 search is simply called Windows Search.

 Microsoft Office 2016 can't co-exist with 2013 products.
Monday, October 19, 2015

Microsoft has helpfully made everyone's life more difficult by making Office 2016 utterly unable to co-exist on the same machine as any 2013 versions of any stand-alone Office product - such as Project 2013. They are addressing this by providing free upgrades of the stand-alone products to their 2016 versions. The full explanation is here.

Basically, you need to go to the Microsoft Answer Desk website, log in, click Contact Us, then Accounts and Billing, which will open a new window where you can enter your phone number, and someone from India will call you back. After you  explain the problem to them, they will de-activate the 2013 version of the product from your account, and send you an email where you can click a link to redeem a free copy of the 2016 product.

 Cloning a disk (as from a HDD to an SDD) causes Quickbooks to fail.
Tuesday, August 18, 2015

For some reason, cloning a HDD will crash Quickbooks. The error it typically throws is Error 3371, status code 11118. Luckily, there is an easy fix. Just find and delete the EntitlementDataStore.ecml file, located in c:\ProgramData\Intuit\Entitlement Client\v<your version number>

Then  start QB, and it will run normally - though you will have to re-register it, so you'll need the key codes.
Thanks to this article at ComputingonDemand.com

 Why nobody uses email encryption.
Friday, July 3, 2015

Interesting article on How-To Geek. Boils down to "it's a difficult pain in the a**."

 "Get Windows 10" system tray icon. What is it, where does it come from, when does it not appear, and how to remove it.
Thursday, June 11, 2015

Excellent article discussing all aspects of the "Get Windows 10" icon on How to Geek.

 Tightening security/encryption methods for RDP on Windows Servers.
Tuesday, May 12, 2015

Turns out there is a fairly gaping security hole in the default security settings of RDP. It's fixable by using SSL encryption using a self-generated or purchased SSL certificate.
This helpful page explains the origins of the problem, as well as how to fix it on 2003 and 2008 servers.
2012 servers, of course, are a somewhat different story. if they are DCs, you can just use the RDS  Session Host configuration tool, but if they are not, the tool is MIA, and you  have to either edit the registry or use a Group Policy (gpedit.msc). Either way, this page explains the changes that need to be made.  That page is actually a reference for Server 2008 R2, but it seems to work for Server 2012 as well.

 How to swap between Public and Private networks in Windows 8.1.
Wednesday, March 18, 2015

In Windows 7, you could go into the "Network and Sharing Center," and the network type was helpfully linked. You could just click on it and choose what type of network you were actually conencted to, if it was showing the wrong thing. as much as I like Windows 8, it no longer has that link. Instead, you have to go to Change PC settings, in the Modern style control panel-ish area, and from there, choose Network, and then click on the network you are connected to. Once there, you can set "Find Devices and Content" to "On" for private networks, or "Off" for public networks.

Check out this page for more detailed instructions.

 Windows BCD-related boot errors in Windows 7 or 8.
Tuesday, March 10, 2015

In the Windows world, BCD does not mean Buoyancy Control Device. It means Boot Configuration Data. It replaces the venerable boot.ini file of Windows versions past. If the BCD gets corrupted, it is usually fairly easy to repair, but it requires booting from Windows installer boot media, getting into the command prompt, and running a few simple commands. This page lays out the process pretty clearly, including the exact syntax of the necessary commands. In case you need assistance navigating to the Advanced Startup Options in Windows 8 or 8.1, this page lays out that process.

 Intuit Sync Manager is NOT a backup application!
Tuesday, March 10, 2015

As this page clearly states, the Intuit sync program keeps a copy of the Quickbooks company file up to date on Intuit's servers. But this is only so that third-party or web-based programs can access it. It is NOT possible to restore your company file from the copy on Intuit's servers. Therefore, you cannot rely on this app for backing up your company file.

 Windows 8 install media - easy download
Friday, March 6, 2015

Microsoft finally has an easy downloader tool for ISO images of current versions of Windows. How convenient!

 How to export mailboxes from Exchange 2010 (ExMerge doesn't work anymore)
Wednesday, January 28, 2015

Good old ExMerge won't work on Exchange 2010. Instead, use the PowerShell Cmdlet New-MailboxExportRequest, as detailed on this web page.

 A tool for determining which public DNS server has the best performance
Thursday, January 22, 2015

The tool is called NameBench. It would only be needed in some very specific circumstances, but if you are in those circumstances, it could be just what you need.

 Windows 8/8.1 Modern apps fail to run
Thursday, December 11, 2014

I just encountered this - whenever I ran a Modern App, it would just appear minimized to  an icon on the taskbar in the Desktop mode. Here is the fix: (For me, the key step was C)

A.) Fixing the app store:
Open registry editor typing regedit.exe from a command line.

Browse to the registry key at HKEY_CURRENT_USER\Software\Classes\Local Settings\software\microsoft\windows\currentversion\appmodel\repository\packages.

Right click on the “packages” key and bring up the “Permissions” tab.

Click the “Advanced” button located at the bottom right corner.

Check to see the account name that shows up as the “Owner” (this is the first line of text on the “advanced security settings” dialog for the “packages” key). It should say “SYSTEM”.  (For me this showed the built-in local Administrators group)
If it is any other account, click on the “Change” button next to it.

Type SYSTEM in the “select user” dialog. If “Multiple Names Found” window comes up, select the row for “SYSTEM”.

Click OK to the dialogs and close them all.

Run from admin command prompt:     Powershell -ExecutionPolicy Unrestricted Add-AppxPackage -DisableDevelopmentMode -Register $Env:SystemRoot\WinStore\AppxManifest.xml

B.) Fixing all modern apps:
Run from admin PowerShell:
((Get-ChildItem "HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications") | Get-ItemProperty).Path | Add-AppxPackage -Register -DisableDevelopmentMode
    * When I ran this the black X persisted until after the next step and reboot.  But trying to start an app gives me a new message and a link to the store.

C.) Fixing 3rd party apps:
Delete the regkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\[UserSID] 
          You can find your SID by going to an elevated command prompt and typing
                        wmic useraccount get name,sid

D.) Restart.  After a reboot the apps still showed the black X for a minute or so, but it soon cleared up on its own and all apps seemed to be working again.  I was also able to update the apps from the app store once signing in with a Microsoft account.  Finally, I am again able to get into PC Settings.

 Windows Update fails with Error 80072EFD
Thursday, November 20, 2014

Apparently there are many reasons why WU might fail with this error, but one cause is that WU is configured to get its updates via WSUS. To fix that:

1. Click Start > Run > type “regedit” without the quotes, and accept the UAC prompt to continue
2. Navigate to HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate
3. Look at the keys in that folder, if they look something like this:
     If those entries are listed under that folder, backup then delete the WindowsUpdate folder
          A. Right-click on the folder and select “export” to save.
          B. Delete the “WindowsUpdate” key from the registry at
4. Restart the Windows Update service. (located in Start > Run > type “services.msc” without quotes)

 Links to download all versions of Internet Explorer
Friday, November 14, 2014

It's downright impossible to find a simple link to IE 10 when Microsoft is flogging IE 11. Luckily, these folks made a comprehensive download page, with links to all versions of IE.

 Configuring Windows for Quickbooks multi-user
Wednesday, October 22, 2014

Here are some links to documentation on Intuit's website with instructions on configuring Windows for QB multi-user.

     - Configuration oveview 
     -  Firewall settings

 Exchange 2010 OWA email attachment size issues
Wednesday, September 24, 2014

By default, Exchange sets a size limit for emails (and so really for attachments, since emails without attachments are of negligible size) of 20 MB. That is set for all users, regardless of how they are accessing their mailboxes (Outlook, smartphone, tablet, OWA). I have always just removed the limitation entirely. But I've been puzzled for years about why servers configured like that still had persistent 5 MB limits for users accessing their mailboxes through OWA.

And I finally discovered the answer. Evidently, OWA can't handle the unlimited size setting, and defaults to 5 MB. The fix is to just set an arbitrarily large file size (100 MB, 200 MB, etc), and OWA will handle it correctly.

Unfortunately, solving that problem just revealed a new one. For computers where Silverlight is installed, there is a known bug in Silverlight/OWA that prevents users from attaching files larger than 25 MB to emails. This is totally independent of any server-side settings. I have tested this, and verified the limitation. I have not tested from a PC without Silverlight, but evidently in that case, the server-side setting prevails, allowing attachments of much larger than 25 MB.

 Easy hack to reset local passwords on Win7 and Win8
Sunday, August 10, 2014

Story here, more explanation to follow.

 User's shortcuts to server dissappearing from desktop
Tuesday, August 5, 2014

I had a user who had a bunch of shortcuts leading to network drive locations. Periodically (every couple of weeks), these icons would dissappear. When I looked into it, I found that Windows 7 and 8 include something called  "System maintenance Troubleshooter" which automatically performs such unimportant tasks as:
     - deleting broken shortcuts (when there are 4 or more broken ones on the desktop)
     - frees up disk space by deleting logs older than 1 month
     - sets the system time by synchronizing with a time source
     - deletes any icons on the desktop that have been unused for 3 months
     - runs checkdisk

To stop this thing from running, open the control panel, and type trouble into the search box. Then click the Troubleshooting link.  Click the Change Settings link on the left, and set Computer Maintenance to "Off" click OK at the bottom, and good riddance!

 How to remove disconnected mailboxes from Exchange 2010
Monday, July 21, 2014

Microsoft thoughtfully removed the purge command from the GUI. Instructions here. Microsoft's instructions here.

 Don't forget to enable Outlook Anywhere in new Exchange installs.
Monday, July 21, 2014

Turns out Outlook Anywhere is different from RPC over HTTP, and it is (bizarrely), not enabled by default. It's simple to enable it, but you have to remember to do so. Instructions here.

 Problem where Outlook 2013 would not connect to Exchange server
Monday, July 21, 2014

Ran into this problem where Outlook 2013 suddenly refused to connect to an Exchange 2010 server. The fix I finally found was to revert office to a previous version. Since Office 2013 uses the new click-to-run, the procedure was unfamiliar. Here it is. Also, here is a list of the versions of Office 2013 click-to-run.

 I recently found this handy list of MS Exchange versions
Monday, July 21, 2014

Exchange Versions, Builds and Dates

 Java apps blocked from running in Internet Explorer - "Application Blocked by Security Settings"
Wednesday, June 18, 2014

If you ever see this prompt, it is extremely difficult to know exactly what is blocking the app from running, and where you would go to change the setting to enable it to run.

If you look in the IE settings, and add the website to the list of trusted sites, and loosen every possible restriction, the error will still come up.

As it turns out, it is coming from Java itself, and to fix the problem, you need to go into the Java control panel, to the security tab, and change the setting down to  medium. Then you will still get a lot of prompts with security warnings, but at least you will be able to choose to allow the app to run.

Here is the explanation from Java.com.

 Exchange bug enables users to continue using their email account for up to 6 hours after their password is changed to deny them access.
Monday, June 2, 2014

I just learned about this bug, when the network administrator at one of my clients changed the password of an employee who was being let go. Despite the password change, that user continued to have full access to her mailbox, and sent several irate emails. We were totally perplexed, until we found this article, that explains what had happened.

The upshot is that it affects all recent versions of Exchange (2003, 2007, 2010), and the best or only way to ensure that a user is disconnected is to open a command window, and run IISReset immediately after changing the user's password.

 Fascinating article about "Tech support scammers." Beware of sponsored search results that look like they are listing support numbers for well-know software companies.
Thursday, May 22, 2014

Inside the US government's war on tech support scammers - on Ars Technica.

 LenovoEMC Storage Manager (discovery.exe) software floods network, causes lag, dropped packets, complete network connectivity failure.
Wednesday, May 7, 2014

Evidently, Lenovo laptops now come preloaded with network discovery software for LenovoEMC(formerly Iomega) NAS devices – called Storage Manager. The executable is discovery.exe. Even if you don’t activate this software, it floods huge amounts of broadcast traffic whenever connected to a network. By huge amounts, I mean at least 2.5 MB/sec. Evidently, it is just horrible coding, and all it is doing is searching for NAS boxes, though evidently it is searching every possible IP address.

Here is a link to a brief, understated mention on Lenovo’s support site.
Here is a link to a much better page, with many people chiming in that this has caused problems for them, and a couple of more detailed explanations and flames.

The fix is just to uninstall the application, which won’t cause any problems for you unless you actually need to search your network for an Iomega/LenovoEMC NAS.

 When Microsoft Security Essentials (MSE) won't run properly or reinstall following a virus
Monday, April 7, 2014

Some of the fake "antivirus" apps that take over your computer mimic MSE, and put entries in the registry that redirect the real executables to evil executables. Even after you remove the virus, you need to go in and delete those redirects, as explained in this article.

The short version is:

  1. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Image File Execution Options
  2. Look at each subkey, they have the names of exe files. If the key contains the value Debugger, it means the particular .exe file is being redirected
  3. Delete the entire key for the .exe

 Free User Profile Migration utility
Sunday, April 6, 2014

Check out the free User Profile Wizards from Forensit.


 Windows Update Checker utility (KUC)
Sunday, April 6, 2014

Komm's Update Checker checks, verifies, generates reports, and installs Windows Updates.


 Office 365 Unlicensed Product error (red banner at top of window)
Monday, February 24, 2014

Office 365 has its own peculiarities, and one that I just encountered is this "Unlicensed Product error." As with most problems, the solution is laughably simple, but finding the fix is difficult.

Thanks to techwiki for this fix:

After a period of time (Sometimes a password change sets it off) Your user might get the error (Unlicensed Product) in the banner when opening an Office product like Word or Outlook.

There are two different fixes, one for Office 2010 & another for Office 2013.
You need to open a command prompt (I would elevate) and run the following.

Office 2010
32bit: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\OSAUI.exe /F
64bit: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\OSAUI.exe /F”

Office 2013:
You need to go to one of these locations first and then run the script below
32bit: C:\Program Files\Microsoft Office\Office 15\
64bit: C:\Program Files (x86)\Microsoft Office\Office15\
Now run: cscript OSPP.vbs /act

This should bring up an activation window which should show “Successful” after completing.

Also, here is a link to an MS Technet article with all the other command-line switches for the OSPP.vbs script.


 Set authoritative Internet time sources on Windows Server 2012
Tuesday, February 11, 2014

For whatever reason, Microsoft decided that with Server 2012, we can no longer use the simple NET TIME /setsntp:servername command that we used to use on Server 2003 and 2008. The manual steps are now pretty cumbersome. Luckily, Microsoft has made available a "Fix it for me" tool that you can easily download and run on Server 2012 installations that can set NTP servers to enable Internet time synchronization. I recommend pool.ntp.org or time.windows.com or tock.usno.navy.mil as time sources.

MS KB 816042 How to configure an authoritative time source for Windows Servers.

Also (for 2008 servers) you can use the W32tm command line utility. Here is the full syntax.

If all else fails, you can use this Windows time sync utility.

How to defeat laggy video on YouTube (also works for imdb trailers)
Tuesday, December 17, 2013

It's difficult to say when I started noticing it, but perhaps in 2010 or so, YouTube videos, especially high-resolution videos, stopped playing smoothly, despite my high-speed Internet connection. I finally got annoyed enough to do a little research, and found many others online complaining about the same phenomenon. Luckily, it seems that there is an easy fix. Just block out two IP ranges from your PC or network, and YouTube resumes playing smoothly. It worked like a charm for me.

The two ranges are: (aka subnet mask  and
                          (aka subnet mask

 How to copy autocomplete data in Outlook 2010
Thursday, September 5, 2013

Outlook 2010 changed how and where it stores the email autocomplete list, compared to previous versions of Outlook. I had read that it stores that data inside the PST file, but it quickly became evident that is not the case. Actually, it stores it in a file located in


 the file name starts with Stream_Autocomplete and ends with .dat

In a new profile, or on a new PC, you need to send at least one email, and then close Outlook for a new autocomplete file to be created. You can then copy in the old autocomplete file, and rename it to match the new file (after renaming the new file first, of course).

 Group Policy and Security Policy editors
Monday, August 12, 2013

For some reason, I can never seem to remember the names of the Windows consoles that enable you to edit the Local Group Policy and the Local Security Policy. They are gpedit.msc and secpol.msc, respectively.

Change or disable Windows 8 hideous "Log Off" screen
Sunday, July 21, 2013

Ah yes, yet another totally unnecessary, complicated annoyance with Windows 8.

So Win 8 has a lock screen that can be set per user in the "Modern" control panel/settings app. Unfortunately, that does not change the "Log Off" screen that is displayed when a user logs off. By default, it displays a hideous green, blue and yellow drawing of Seattle. And they simply left out any method for changing it!! Finally they issued a patch that enables admins to change the picture via the Group Policy Editor (which is an annoying way to have to change a simple setting), but - and here's the fun part - Windwos 8 (Home) doesn't include the Group Policy Editor!! So the best that can be done for Windows 8 is to disable the lock screen in the registry, which also disables the log out screen. Here's the steps:

Windows 8 (Home)

Launch REGEDIT, and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization (create the Personalization key if it doesn't exist).

Click Personalization in the left-hand pane. Right-click in the right-hand pane, select New > DWORD Value, and give it the name NoLockScreen.

Double-click your new NoLockScreen value, set it to 1, click OK, and when you next reboot it the lock screen will have gone. If you decide to restore it for some reason, set NoLockScreen to 0 or delete it entirely.

Windows 8 Pro, Ultimate or Enterprise



 If you have one Exchange server, and you are using Outlook anywhere,  Outlook will complain when the public SSL certificate doesn't match the internal server name.
Thursday, April 11, 2013

There's a very good article here. It is discussing the problem on an Exchange 2007 server. You don't need to execute all the same commands for a 2010 server, but the ones you do need will succeed, and the ones you don't need will harmlessly fail.

Also, reference the MS Technet article. The other link is mostly clearer, but they've got slightly garbled syntax in at least two cases.


 Enable opportunistic TLS encryption on Exchange 2010
Thursday, April 11, 2013

First, you need to have a public SSL server certificate installed on your mail server.

Then, using Exchange Management Console open and click on "Server Configuration." You will see an "Exchange Certificates" tab, listing all the SSL certificates available to that server. Assign the appropriate certificate all Exchange services (especially SMTP).

Next, click on "Hub Transport" under "Server Configuration." Go into the properties of your Internet Receive Connector, and on the "Authentication" tab, check "Transport Layer Security (TLS)"

That's it! To verify, telnet to port 25 of the server, type EHLO, and look for the line that says 250-STARTTLS. If you see that, your server will opportunistically use TLS!

Use netstat to list which executables are using what ports
Monday, April 1, 2013

Open a command window, type netstat -anob

Handy troubleshooting tool - view smtp server manual email submission process
Monday, April 1, 2013


Generate a list of mailboxes in Exchange 2010 sorted by size, and listing the size of each
Monday, April 1, 2013

Exchange 2010 doesn't have a GUI view where you can see the users listed with their mailbox size. Luckily you can make your own list using the Exchange Management Shell.

Get-MailboxDatabase "<insert database name>" | Get-MailboxStatistics | Sort totalitemsize -desc | ft displayname, totalitemsize, itemcount

You can always add > somefile.txt and import it into excel if you need to make something pretty for management.

Hide accounts from Windows 7 login screen
Monday, April 1, 2013

If you have a bunch of user accounts on a Windows 7 (or Vista) PC, they all display, very annoyingly, on the login screen. To hide some, or most, follow these steps:

1. Run regedit.
2. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
3. In the left panel, right click on Winlogon and lick New and click Key.
4. Type SpecialAccounts and press Enter.
5. In the left panel, right click on SpecialAccounts and click New and click Key.
6. Type UserList and press Enter.
7. In right panel of UserList, right click on a empty area and click New then click DWORD (32bit) Value.
8. Type in the name of the user account that you want to hide and press Enter. (eg: Everyday Account)
9. In the right panel, right click on the user account name and click Modify.
10. To hide the user account – Type 0 and click OK. (number zero not the letter). If you later want to unhide the account, you can do so by changing the value to 1 instead of zero.

 Find license keys to installed software
Monday, April 1, 2013

There are many tools that will help you retrieve the license keys you used to activate software installed in Windows. But the best I have found is License Crawler.

Encrypt email in Outlook
Wednesday, March 20, 2013

By installing a personal certificate (Microsoft calls it a "Digital ID"), it is possible to encrypt emails in Outlook. After installing your personal certificate, you also have to exchange certificates with anyone you want to exchange encrypted emails with. See the full instructions here. Personal certificates range from free (Comodo) to around $25 per year from most other vendors. Microsoft's list of vendors is here.

Configure DNS & Exchange for Outlook autodiscover process.
Saturday, March 16, 2013

Outlook can "autodiscover" the mail server name it is supposed to be connecting to, without the user having to enter that info, as long as both the DNS and the Exchange and IIS servers are properly configured. This article discusses all the options and configurations needed. It boils down to having an A record for autodiscover.domainname.com.

Grant or remove full-access permissions to a mailbox on Office 365.
Saturday, March 16, 2013

See the blog entry below for details on how to connect a PowerShell session to Office 365 hosted Exchange server, then read MS KB 2646504 for details and syntax.

Wondering how to securely and anonymously browse the web?
Friday, March 1, 2013

Use the TOR (The Onion Router) network to securely route your Internet traffic in untraceable ways.

 Use Gmail, and worry about the safety of your old emails?
Friday, March 1, 2013

Use the old program "Gmail Backup" to back it all up locally.

 Windows 8 tips
Friday, March 1, 2013

Windows 8 does not have a start menu. If you'd like to restore one, I recommend Stardock's $5Start8.

If you'd just like Windows 8 to start with the "Desktop" view, rather than the "Modern" Start screen, create a scheduled task. Set it to run "at log on" and set the action to "explorer"

Finally, if you're trying to figure out how to actually close a "Modern" app, just click it near the top and drag down all the way to the bottom of the screen. This "throw away" gesture will close the app.

Use AirPlay to/from a PC
Friday, March 1, 2013

Using Reflector software, you can mirror the display of your iPad or iPhone onto the screen of a PC. Using AirParrot, you can send whatever is on the display of your PC to an AppleTV.


 Two methods for copying iDevice data (music, etc) from the iDevice to a PC
Saturday, January 26, 2013

Here are two programs that enable you to copy your music & other files from an iPhone, iPad or iPod back onto a new or different computer, which you may want to do if for example your computer dies or you buy a new one. Evidently Apple thinks people never switch PCs.

 DiskAId (free)
 CopyTrans (about $20)


 VMware physical to virtual converter runs agonizingly slowly
Saturday, November 24, 2012

Version 5 of the Standalone Converter can run ridiculously slowly. Why? Because by default the Converter uses SSL encryption to encrypt all the data between the physical machine and the ESXi server. You can change that setting by editing an XML file and restarting the Converter Worker process.

Here are the steps:
     1. Open the converter-worker.xml configuration file. On a 2008 server, it is located in  C:\ProgramData\VMware\VMware vCenter Converter Standalone folder. On a 2003 server, it is located in C:\Documents and Settings\All Users\Application Data\VMware\VMware vCenter Converter Standalone\converter-worker.xml
     2. Set the key Config/nfc/useSsl to false. Save the configuration file. You can use notepad.
     3. Restart the VMware vCenter Converter Standalone Worker service

The webpage where I originally found this great tip is here.

Lenovo laptops choking on Windows Updates
Wednesday, November 7, 2012

For whatever reason, Lenovo ThinkPads seem to be choking on Microsoft KB 2647753, which is causing many other patches to fail to install. Just install that one all by itself. That should allow it to install properly, and then all the others will install okay.

Clicking Windows Update to find additional printer drivers in Windows 7 returns "Windows was unable to get a list of devices from Windows Update. Please try again later."
Friday, November 2, 2012

Windows 7 includes a lot of printer drivers, but some, particularly older drivers, do not show up in the list. When you check on the manufacturer's websites, though, they indicate that the drivers are included in Windows 7. The solution is to click on the "Windows Update" link in the add printer driver dialog window, which should give a list of every possible driver. But sometimes, you just get a message indicating that Windows Update can't get the list." In that case, here is what you do.

- stop the Windows Update Service
- find the "Software Distribution" folder in the Windows folder
- rename or delete that folder
- start the Windows Update service
- click the "Windows Update" button in the printer driver dialog box

It may take some time (several minutes, or longer with a slow Internet connection), but that should result in the full list of printer drivers.

Sort Gmail emails by attachment size
Tuesday, October 30, 2012

Gmail provides a large mailbox, but it is not infinite, and all that space can get used up. The quickest way to free up space is to sort your emails based on attachment sizes, but there is no way to do that from within Gmail. Luckily, there is www.findbigmail.com, which provides just that service for you.

 Exchange 2010 new server configuration
Saturday, March 17, 2012 and Friday, August 31, 2012

Exchange 2010 is slick in many ways, but in many others, it feels unfinished to me. At the very least, the documentation from Microsoft either sucks, or is nearly nonexistent. Here's some help and tips:

Here are great step-by-step instructions for performing a swing migration from Exchange 2003 to 2010. http://www.petenetlive.com/KB/Article/0000234.htm

And here is a great high-level overview of upgrading from Exchange 2007 to 2010.

You can use Microsoft's Remote Connectivity Analyzer to test ActiveSync, OWA and other services.

Note that Domain Admin accounts do not work with ActiveSync!!

If you need to connect with an account that is a Domain Admin, first remove it from the Domain Admins group, then follow the instructions here to be sure that the account is properly inheriting permissions to enable it to use ActiveSync.

If inbound emails are not arriving, check the Default Receive Connector (Server Configuration, Hub Transport) and make sure that Anonymous Users is checked on the Permission Groups tab.

If you get a certificate warning message after you install a legitimate certificate with the external server name on it, you can follow the instructions in MS KB 940726 to resolve that.

If Outlook clients are prompting users to authenticate, check the following:

In Internet Information Services (IIS) Manager locate the Exchange virtual directories, if you are using Small Business Server 2008 these will be under the SBS Web Applications website, if your not using SBS then they will be under the Default Website.

The virtual Directories you are looking for are:


In turn highlight each of these virtual directories and double click the Authentication icon on the right hand side. Right click on Windows Authentication and select Advanced Settings. Place a check box in the box for Enable kernel-mode authentication. Do this for each virtual directory listed above.

Find sneaky virii
Monday, February 13, 2012

If you think a PC might harbor an active virus, but you can't find it, try running the command-line tool nestat -no. That will list all of the processes with unestablished connections. The one with the largest number is the likely culprit, and you can then kill it, based on it's PID. This works best when you get a TCPIP error #4226 in the System Event Log, as described in this Microsoft TechNet note.

Set up shared mailboxes in Office 365
Thursday, January 26, 2012

I really don't understand Microsoft's logic or reasoning behind this, but increasingly they are deliberately leaving their products unfinished, with no GUI for some features. One new one that I just came across is setting up shared mailboxes on Office 365 (aka Hosted Exchange). There is no way to use the web GUI to create one, you HAVE to use PowerShell. Fortunately, a kind person over at MSDN posted a blog entry helpfully showing precisely how to accomplish this.

Windows 7 error "The User Profile Service failed the logon"
Thursday, January 19, 2012

This is some weird new glitch that happens occasionally with Windows 7. Luckily, there are several fixes. Read MS KB 947215.

 Use DropBox with a mapped drive
Wednesday, January 11, 2012

Officially, it is not possible to use DropBox with a mapped drive, but if you follow these instructions, you can do it.

1) Choose a still available drive letter you would use to map to a network path. For example, we could refer to \\SERVER\SHARE with the drive letter H. Don’t enforce the mapping yet, just choose the drive letter for now. If the network path is already assigned to a drive letter (for example, H), unmap and choose that drive letter.

2) Assign H to a local formatted partition. You probably have to add a new disk to do this. If you have a virtual machine (VM) you would simply add another hard disk, let Windows rescan the available hard disks, make the disk online, initialize the disk, create a partition and format it. Then you assign H to the drive.

3) Start Dropbox and configure the new location, for example H:\.

4) Dropbox creates the folder “Dropbox” under H:\ and moves already available content to this new location.

5) Shut down Dropbox.

6) Move the Dropbox folder to your network path. Now we have \\SERVER\SHARE\Dropbox and beneath it the Dropbox content.

7) Make the disk offline. H doesn’t exist anymore now.

8) Map H to \\SERVER\SHARE.

9) Start Dropbox. Dropbox won’t check if H is a network drive anymore.

The thing is Dropbox only checks if the location is a network drive at the moment you change the location. Now you can use Dropbox with your network path!

I found the above instructions at:

Remove Outlook Add-Ins that no longer exist
Wednesday, January 4, 2012

If you remove or uninstall an app with an Outlook Add-In, it can leave behind the command to activate the Add-In when the user starts Outlook. Since Outlook can't find the DLL, it will throw an error. To fix this, simply delete extend.dat from the users profile. This works with Outlook 2007 on XP, but I haven't tested it with other versions.

Set boot-up number lock state in Windows registry
Wednesday, January 4, 2012

Sometimes laptops can have their numlocks set to "on" at boot, and this can cause problems for users trying to enter passwords since the integral numeric keypad will be activated. If you can't find a "numlock off at boot" setting in the BIOS, you can turn it off in the Registry.

Microsoft discusses this in their KB Article 154529, but the key info is below:

In the Registry, go to HKEY_USERS\.Default\Control Panel\Keyboard
Set InitialKeyboardIndicators from 2 to 0


 Windows Servers running RRAS list incorrect IP address in DNS server
Thursday, December 15, 2011

If a Windows Server is both an RRAS server, and an A/D DC running DNS, they can frequently list one of the IP addresses they use for RRAS in the DNS, rather than just their LAN IP. MS knowledgebase article 292822 explains how to prevent this from happening.

 Function keys on Lenovo ThinkPad & ThinkCentre Edge keyboards
Thursday, December 15, 2011

For whatever reason, Lenovo has chosen to have the default behavior of the function keys on their recent "Edge" computers not be function keys. The default behavior is that you have to hit a Fn button in order for them to be Function keys.

To fix this on the desktops, run the "Lenovo Slim USB keyboard" app from the start menu, and check the function keys box. If you are using that keyboard on another PC, you can download the control software from here.

To fix the problem on laptops, reboot, get into the BIOS (hit enter very quickly, as soon as you see the BIOS logo screen), and change the function keys behavior in the BIOS.

 Syntax to connect Macs to Windows Servers
Thursday, December 7, 2011

In Finder, choose "Connect to server" and use the following syntax:


The full article from Apple's knowledgebase is here.


 Online CRM Solutions

     Saturday, October 22, 2011

   Zoho Office


 How to determine what account is being used to relay spam through an Exchange Server 2003
Thursday, May 12, 2011

If mail relay occurs from an account on an Exchange computer that is not configured as an open mail relay - determine whether an account on your Exchange computer sends authenticated relayed mail. To do this, follow these steps:

  1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
  2. In Exchange System Manager, right-click Your_Exchange_Server_Name, and then click Properties.
  3. Click the Diagnostic Logging tab.
  4. In the Services list, click MSExchange Transport.
  5. In the Categories list, click SMTP Protocol, and then click Maximum in the Logging level area. (Actually, it's Authentication that you need to set to the Maximum logging level).
  6. Click Apply, click OK, and then quit Exchange System Manager.
  7. Click Start, point to Programs, point to Administrative Tools, and then click Services.
  8. Right-click Simple Mail Transport Protocol (SMTP), and then click Restart.
  9. Click Start, point to Programs, point to Administrative Tools, and then click Event Viewer.
  10. In Event Viewer, search the Application log for event 1708. Event 1708 indicates that the account authenticates with the Exchange computer to send relayed mail.

 Enterprise Activation on BlackBerry OS 6
Wednesday, October 20, 2010

RIM moved the location of Enterprise Activation in their new OS (thank you, RIM). It used to be in Options >  Advanced Options > Enterprise Activation.

The new location is Options > Device > Advanced System Settings > Enterprise Activation.


 Blackberry Enterprise Server (BES) Dispatcher service stops running
Friday, October 8, 2010

The BES Dispatcher service stopper running, and upon attempting to start it, it failed with "service-specific error 5613."

It turned out that the problem had been caused because another process had started using a port (5096) that the BES service requires to run properly. In my case, it was the Exchange Information Store server (store.exe). The fix is to add that port to the list of reserved ports in the Windows registry.

The Blackberry Knowledgebase article discussing the problem, and the fix is (KB04797). And the Microsoft KB article with instructions for adding an IP port exclusion is (KB812873).


 Copying and editing the Outlook "Nickname Cache"
Thursday, October 7, 2010

The Outlook nickname cache is the file that keeps all of the email addresses that have been used in Outlook. In my opinion, it is a badly misnamed feature. I have been amazed at the number of people who have few or no contacts in their Outlook contacts folder, and instead rely exclusively on the "nickname cache" feature as a list of all of their contacts emails addresses. When moving to a new PC, people always want to take this with them. It took me a very long time to track this down, because of the odd name, but I finally did.

The location of the file is in:

drive:\Documents and Settings\user name\Application Data\Microsoft\Outlook\outlook profile name.nk2

Note that the file name is based on the Outlook profile name, NOT the user profile name.

With the help of the free Nk2View utility, you can edit the list, and even export it.

To clear or reset the cache, just rename or delete the .nk2 file (with Outlook closed, of course).

Finally, if you don’t want outlook to suggest names for you, you can turn this feature off.

 In Outlook:

  • Go to Tools, then Options
  • From the Options tab, choose the E-mail options button
  • Click Advanced E-mail options
  • Uncheck “Suggest names while completing To, Cc, and Bcc fields.

In Outlook 2010, Microsoft has changed the way the "nickname cache" works. The cache is no longer stored in the .nk2 files, but instead somewhere mysterious inside Outlook 2010.

Microsoft has helpfully provided KB article #980542, which explains how to import .nk2 files into the new nickname cache in 2010.

 MS SyncToy scheduling problem
Tuesday, June 2, 2009

Check out this web page for the solution.

Just in case it gets taken down or moved, here is the fix:

While validating the source of the error code "0x1", I stumbled upon the solution of the problem. 
My computer is part of a computer network domain and I belong to the Network Administrators Group.

"SyncToy Help" states that you must have administrative privileges in order to install the application, specially if you don't have the Microsoft Sync Framework. Since I have administrator privileges I installed Synctoy with my user profile and on the scheduler task I had the "Run As" Field As the local Administrator.

It turns out that if you install SyncToy with a profile that is not Administrator:

1) You must use that same profile in the "Run As" Field on the Task Tab, as in "YourDomain\yourprofilename"
2) also, you have to mark the "Run only if logged on" checkbox.
3) Remember to set your password also.

The scheduler is now running the SyncToyCmd correctly.

For more information on scheduler issues see http://support.microsoft.com/default.aspx/kb/308558

Windows Vista anti disk-thrashing measures
Wednesday, December 17, 2008

On many systems, Windows Vista has the annoying tendency to access the hard drive for very long periods, at times when XP would not normally be doing so. This behavior accounts for a large portion of Vista's legendary sluggishness. Fortunately, there are some concrete steps you can take to prevent this behavior. Here are those steps, in my preferred order

- disable SuperFetch service
- disable automatic defrags
- disable indexing service
- disable shadow copy service
- disable system restore* (If possible, leave this service enabled, as it can definitely be useful.)

 Windows XP looses .EXE file association
     Thursday, June 26, 2008

Recently I had a PC with a strange problem. After removing some spyware/virii, it would no longer allow any .exe files to execute. Simply renaming them to .com often fixed the problem, but that wasn't a real fix. I did some web searches, and despite not finding any reference to this problem on Microsoft's website, eventually found this web site, which contains registry files that fix file associations for a variety of file extensions.

 PC Decrapifier
     Monday, June 16, 2008

No kidding - that's really the name of this nifty utility. It removes all the useless, bloated garbage that is typically preinstalled on many new PCs.

Download it here!


 Office 2007 causes spell-checker problems for Outlook Express
     Tuesday, March 25, 2008

Apparently, a lot of people have found that following the install of MS Office 2007, they are left with a French version of the Outlook Express spellchecker. MS has no real fix, so it looks like the simplest thing to do is to download this free spell-check ad-on.


 How to search for files within date ranges in Vista
     Friday, February 29, 2008

Here is a helpful Vista tip.


 RDP printers
     Monday, July 30, 2007

When connecting to servers, if the port name is something other than LPT, USB, or COM, the printer does not get created on the server.

A simple registry hack fixes this, as explained in MS Knowledgebase article 302361.

Microsoft's new Shadow Copy feature is really cool, but if you want to be able to actually see the copies, you need to install the Shadow Copy Client. To save time searching, you can download it from Microsoft using this link.


 Office 2007 compatibility
     Wednesday, June 13, 2007

For compatibility with Office 2007, you can download the MS Office compatibility pack for Office 20003, 2002 (aka XP) and 2000.

Also, you may want to read Microsoft's warnings and prerequisites in KB article 924074.


 Adobe Acrobat alternative
     Wednesday, April 18, 2007

Acrobat Reader just keeps getting bigger, slower, and more bloated with each new release.

If you are ready for a smaller, quicker, lightweight, free PDF reader, you can now use Foxit Reader from Foxit Software.


It seems like with each and every new release of Quicktime, Apple has been trying to reach new heights in user annoyance. Things like - every time the Quicktime player pops up, it asks you if you want to buy some pay version of Quicktime - like anybody actually wants to do that. And it ask you EVERY single time.

Then, more recently, it has become difficult to download just Quicktime without also downloading iTunes. Well, now there is an alternative. The folks over at free-codecs.com have an alternative. It uses all the Quicktime codecs, plus an old version of the MS Media Player.

Get it here.


Mojopac.com has an inexpensive ($49.99) program that allows you to install nearly any program onto a USB storage device (flash memory drive, hard drive, iPod, etc) and then connect that device to any computer, and run the application on that PC! How cool is that? They've got a 30-day free trial, too, so you can see if it will work with your programs.

Two free remote access / screen sharing apps I have recently become aware of:

Log Me In Free - similar to GoToMyPC
CrossLoop - supposedly similar to Webex, though I have yet to try it.
Cool IT Systems has an expensive ($199) system called the Eliminator CPU cooler that provides drop-in water cooling for your new system. Not cheap, but very cool, and quiet.


 Spyware Warrior website tracks fake anti-spyware
     Saturday, April 07, 2007

As you may know, there are loads of spyware applications out there masquerading as anti-spyware. I find it particularly distasteful when a**holes take advantage of clueless users by foisting this junky or malicious software on people.

If in doubt, check the list at www.spywarewarrior.com


 Disable annoying Vista User Account Control
     Monday, February 26, 2007

The Mac "Security" ad is accurate, the new User Account Control feature of Vista is poorly-conceived, and ultimately so annoying as to be completely useless.

Here's a link to the MS Technet site where they tell you how to disable it.
Try NetInfo, from Tsarfin Computing. It's got a network scanner, and shows all the network connections of the PC on which it is installed, as well as ping, traceroute, whois, nslookup, and other useful tools.


If you want to enable a designated user to manage Active Directory user objects, but don't want them to be logging onto a server, you need to download and install the Windows Server Administrative Tools Pack - which I thought was too damn hard to find. So here's a link to the Windows Server 2003 SP1 version of the ATP.


 Streaming video from a USB webcam
     Monday, February 19, 2007

The easiest way to make video available on the internet is by using a webcam with a built-in web server. At work, we sell Axis webcams, but for home users, or people who want to do this on the cheap, the best free solution I have found for getting video to stream accross the web from a USB-connected webcam is the VLC media player/server, available from VideoLan.org.


 Daylight Savings time changes and Microsoft OSs
     Friday, January 12, 2007

This year, the dates for Daylight Saving Time have changed. Of course, the dates are hard-coded into Windows. Microsoft has been kind enough to update XP and Server 2003 to account for the new dates, but they have not patched 2000 (or older OSs) similarly.

Visit the MS Daylight Savings Time Support Center, and get a 3rd party patch for Windows 2K.

Thanks to Chad for the link.


 Free online backup
     Monday, December 11, 2006

Recently reviewed in PC Magazine, which gave it an Editors Choice award.

Mozy Backup - free for up to 2 GB, $4.95 per month for up to 30 GB. Now that's a deal!
Here's the link to the original article on Macrumors.com

But here's the key info:

*Windows Server 2003 Authentication

By default Windows Server 2003 will try to encrypt everything sent to and from it. With this enabled you will not be able to log in to the share from the Mac.

To fix this there are a couple of things you need to do.
First; open up regedit (Start > Run > "regedit" {return}), and navigate to HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ LanManServer \ Parameter \ RequireSecuritySignature, and set its value to "0".

Second, if the server is also a Domain Controller; you need to open the DC's Security Policy (Administrative Tools > Domain Controller Security Policy). Navigate to Local Policies > Security Options, and disable "Microsoft network server: Digitally sign communications (always)" & "Microsoft network server: Digitally sign communications (if client agrees)".

Reboot the sever, and you should be good to go.


     Thursday, December 07, 2006

From PC Magazine:

Bluetie.com allows up to 20 mailboxes free, including using custom domain names, calendar sharing, and file sharing. For more than 20, you have to pay, but it's still pretty hard to beat.

 Boot the unbootable
     Thursday, December 07, 2006

From Bill Machrone's Nov 29 article in PC Magazine:

Use the Ultimate Boot CD or Bart's Preinstalled Environment to access PCs that won't boot, are infested with viruses, or spyware. UBCD is Linux-based, while BartPE uses Windows. Both will (should) allow access to NTFS partitions, allow you to run anitvirus scans, spyware removal, direct registry editing, etc.


 WSUS for Windows Updates
     Thursday, December 07, 2006

Per Mike West of WestMark Consulting:

He recommends using Microsoft Windows Server Update Services (WSUS) for custom-windows updates, and for tracking windows update status on your PCs.