Rapid Networks Technotes blog
Use PowerShell to get
computer serial number.
Tuesday,
December 3, 2024
The simple Command Prompt entry I used to use for this function
has been deprecated (thank you, Microsoft!) so now, in the most recent
versions of Windows 11,
> wmic bios get
serialnumber no longer works. But here is the replacement
PowerShell command:
get-ciminstance win32_bios | format-list serialnumber
How to set Windows 10/11 to
automatically log in at boot.
Saturday,
October 5, 2024
Open the Registry editor
Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon
- create the StringValue key AutoAdminLogon, set value to 1
- create the StringValue key DefaultUserName, set value to username
- create the StringValue key Defaultpassword, set value to password
Use Powershell to find and
delete all empty subdirectories.
Saturday,
October 5, 2024
(gci -recurse -attributes Directory).fullname | foreach { if
((gci $_).count -eq 0) {Remove-Item -Path "$_" -Force}}
It makes you confirm the deletion of all subdirectories, which it says
have files or folders in them, even though they definitely do not. But
it's pretty easy to just hit <enter> a bunch of times to confirm
the deletion.
How to set configure time
sync on Windows AD Server.
Friday,
January 19, 2024
Annoyingly, there is no GUI method for this, but you can use
Powershell:
Set-ItemProperty -Path
"HKLM:\SYSTEM\CurrentControlSet\Services\w32time\Parameters" -Name
"NtpServer" -Value "time.google.com,0x8"
Set-ItemProperty -Path
"HKLM:\SYSTEM\CurrentControlSet\Services\w32time\Parameters" -Name
"Type" -Value "NTP"
Restart-Service w32Time
w32tm /resync
w32tm /query /source
w32tm /query /status
How to set interface IP on
Cisco CBS350 switches.
Friday,
January 19, 2024
Annoyingly, it's not possible to set the management IP address
using the GUI. Instructions to set it using SSH are on Cisco's
website,
here.
How to reset local account
passwords Windows 10/11.
Friday,
January 5, 2024
If you can access the Windows System32 folder, you can rename
the utilman.exe then copy the cmd.exe as utilman.exe. Then boot, click
the "acessibility" icon, which will launch the command prompt, from
which you can simply reset the account passwords. Details
here.
Emergency shut down for
Windows
Wednesday,
December 27, 2023
Today, I had to shut down a whole bunch of servers due to a
power outage. The UPSes to which they were connected were already
significantly drained. I was able to get some of the servers shut
down, but a couple (naturally) thought this would be a terrific time
to install a whole bunch of updates, and so they crashed while in the
middle of updating. I researched emergency shutdown options that will
enable us to shut down servers and override the option to install
updates. Apparently it can be done with the following command-line
command:
shutdown -s -t 0 -f
Cisco CBS switches: How to set
management interface IP
Sunday,
December 16, 2023
For some reason, Cisco still hasn't fixed the problem in these
switches that does not allow the management IP address to be set with
the GUI. First you have to go in under security, TCP/IP Services, and
enable SSH. Then you have to SSH in and use
these commands to
set the IP address.
M365 in 2023: How to whitelist,
enable/disable MFA and enable forwarding to external addresses
Saturday,
July 22, 2023
MS keeps changing how to accomplish tasks in the M365 Admin tools. For
all three of these tasks, you need to be signed in to the tenant
directly (delegated admin won't work).
How to whitelist in 2023
- Exchange admin center
- mail flow --> rules --> add transport rule
- in rule settings, specify domain name, "do the following" modify the
message properties to set the spam confidence level to -1
- be sure to enable the rule
How to enable/disable MFA
- Azure/Entra admin center
- users --> all users --> per-user MFA (on top toolbar,
which may be under . . . if the toolbar isn't long enough to
display it)
- that will bring up the old familiar page listing all user accounts,
showing their MFA status, and allowing you - to change that status
How to enable forwarding to external email addresses
- Security (aka Defender) admin center
- Email & collaboration > Policies & rules > Threat
policies > Anti-spam policies
- click on Anti-spam outbound policy (Default), click button "edit
protection settings"
- under Forwarding rules, Automatic forwarding rules, set to On -
Forwarding is enabled
- click save, close
How to decrypt drive with
Bitlocker using Powershell,
or obtain recovery key
Saturday,
July 22, 2023
Many computers running Windows 11 Home now come from the factory with
Bitlocker enabled, and the drives encrypted. This is exceptionally
annoying, because the Home version of 11 doesn't officially support
Bitlocker, which means there are no GUI tools to manage it. If you
need to do anything with the drive (clone it, etc) you have to decrypt
the drive and disable Bitlocker using Powershell. Here's how it's
done:
- open Powershell as admin
- (verify status) manage-bde -status
- (decrypt and disable for specific drive letter) manage-bde -off C:
- (verify status) manage-bde -status
- once encryption reaches 0%, exit
To obtain the Bitlocker recovery key:
- in Powershell, type: manage-bde -protectors -get C:
How to enable and use Microsoft
365 Online Archive
Thursday,
May 25, 2023
It's pretty easy to enable Online Archive, if the user has a
subscription that enables it. Instructions can be found
here,
along with helpful info about Online Archives. The instructions boil
down to, open up the settings for the user account in the
Exchange
web admin, go to the "
Others" tab,
click on "
Manage mailbox archive"
and
enable the Online Archive.
If you need more space than the 50GB that comes with Business Standard
license, or 100GB that comes with the E3 license, you can enable the
"auto-expanding online archive" which is only available with E3 or
higher, which automatically allows the online archive to grow up to
1500GB. Instructions on how to enable that (Powershell only) are
here.
Simply enabling it doesn't make the archive policy take effect
immediately, however. Apparently the archive process only runs once
every seven days. If you need it to run immediately,
this web page
has instructions for connecting to the tenant using Powershell, and
starting the "
ManagedFolderAssistant,"
which will kick the process off immediately.
How to turn off SIP ALG on a
Fortinet Fortigate firewall
Monday,
May 8, 2023
1. Log on to your FortiGates console
2. Type
config system
session-helper and press enter
3. Type
show
4. Find the entry which shows
set
name sip and note the ID (its usually 13)
5. Type
delete 13
(or the number shown on your firewall) and then end
6. Type
config system
settings
7. Type
set
default-voip-alg-mode kernel-helper-based and
then
end
8. Type
config voip profile
then
edit default
9. Type
config sip then
set status disable
10. Type
end then
end
11. Reboot the firewall
Enable DKIM in M365
Friday,
February 3, 2023
Sign
in to M365 Defender (aka Security) portal using an
account in the tenant (our delegated admin account will not work).
Go to Email &
Collaboration > Policies & Rules > Threat Policies
> Email Authentication then double click on DKIM.
Fix LogMeIn problem with screen
blanking when in remote session.
Monday,
December 26, 2022
This
seems
to be a frequent problem with LMI installs. The user connects to
the computer remotely, clicks the button to blank the screens of
the host PC, and it doesn't work. The problem seems to be related
to the DPMS driver that LMI installs. I found this page from LogMeIn support, and this much better one from a user.
It boils down to executing the following command in an
admin-priviliged PowerShell window:
Get-CimInstance Win32_SystemDriver -Filter "name='radpms'" | Invoke-CimMethod -MethodName Delete -Verbose
After
that, reboot, try the screen blanking again, and it should work.
Fix Windows Defender Security
Dashboard on upgraded Windows 11 PCs.
Saturday,
May 14, 2022
Most
of
the PCs I've upgraded from Windows 10 to 11 recently have all had
this problem. When I have tried to open the Windows Defender
Security Dashboard, I've gotten this strange little pop-up that
says: "You'll need a new app to open this Windowsdefender link."
Of course, the message is incorrect, becasue the Defender app is
installed and running perfectly normally, but it's unable to open
because something is glitched. Luckily - there's an easy fix. Run
PowerShell as admin, and enter this command: Get-AppxPackage
Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage
Microsoft remote server
administration tools
Monday,
April 4, 2022
This
is the tools package required to allow users to run
AD U&C directly on their own PCs, without needing to remote in
to the AD server.
How to use a local account
during initial setup of Windows 11 Home
** also, how to complete
initial setup without an Internet connection
Thursday,
November 11, 2021
This
is annoying as shit, but here goes - I got this from this web page.
- Go through inital setup until you get to the "Let's connect you
to a network" screen.
- Press Shift + F10 to open command prompt window
- Type taskmgr, hit enter
-
Go through list of running tasks until you find "Network
Connection Flow"
- End that task
That
will
skip you right past the "Let's connect you to a network" screen,
and you can complete the setup normally, without the onerous
requirement of signing in to a Microsoft account!
**Alternate option** As of 08-2023, the procedure listed above no
longer works, as best I can determine, because there's no longer a
process called "Network Connection Flow." So instead, follow these
steps:
-
Go through inital setup until you get to the "Let's connect you to
a network" screen.
- Press Shift + F10 to open command prompt window
- type oobe \bypassnro
- the computer is supposed to restart, and as you go through the
setup process next time, you will now have the option for "I don't
have Internet"
How to connect Synology NAS to
Azure Active Directory
Thursday,
August 12, 2021
Here's
a link to instructions on Synology's website.
Definitions of some DHCP
options
Thursday,
August 12, 2021
DHCP
Option 66 is provisioning server IP address (as for VOIP phone)
DHCP
Option 132 is VLAN number (used for VOIP phones, especially
Yealink)
How to configure SSIDs for
Fortinet FortiAPs.
Sunday, August 1, 2021
For
whatever reason, I find this process incredibly non-intuitive! So
here are the key steps:
- You must first create the SSID(s) using traffic mode "Bridge"
- Then edit the default FortiAP profile, change the SSIDs of both
radios to manual and then add the SSIDs you want them to use.
- Also, in the SSID settingm you may want to disable broadcast
suppression, if the Fortigate is not the DHCP server.
How to configure OpenVPN server
on Cisco RV160, using self-signed certificate.
Thursday,
July 1, 2021
Cisco
RV160
and 160w routers have the ability to act as OpenVPN endpoints,
which is great, but it's not at all obvious how to configure them
without purchasing an SSL certificate. This set of instructions from Cisco shows how to
do that. By the way, one thing the instructions don't mention is
that when you're looking for the new self-signed CA in the list,
it'll be at the very bottom.
Bluetooth mouse going to sleep
any time it stops moving.
Tuesday,
May 25, 2021
I
got a new laptop, and I got a new Microsoft Bluetooth mouse for
it. It connected easily enough, but when I started using it, I
noticed that after any slight pause, the mouse (or the Bt radio,
or something) seemed to fall asleep whenever I wasn't actively
moving the mouse cursor. So there would be a brief delay where I
first had to move the mouse to wake everything up, and only then
could I resume normal mousing. It was INCREDIBLY annoying. I
finally found a setting that would fix it. Under the "Power Plan"
in the Control Panel, you click on "Change Advanced Power
settings." That dialog box has an option called "USB Settings" and
beneath it, "USB selective suspend setting." Disabling that option
fixes this annoying behavior.
But naturally, there was a problem. When I looked in the Advanced
power settings, there was no "USB Settings." I had to take the
advice of this web page to edit the registry to force
Windows 10 to show me the missing settings.
FortiAPs not coming back online
after upgrading firewalls to OS 7.
Monday,
April 19, 2021
FortiOS
7
by default will disable support for older devices using less
secure encryption methods. This means that some APs, including the
221Es that we commonly use, won't be allowed to come back online
after an upgrade. To re-enable them, follow the steps laid out in
this support document.
How to view/clear status for
users flagged as "risky" by MS Entra (formerly Azure AD).
Friday,
April 16, 2021
This
is
new to me, but Azure AD evidently has some reasons for which it
will flag certain user accounts as "risky." The only bad effect of
this I have seen so far is one user not being allowed to access
SharePoint hosted on another companies tenant account. To find the
list of "risky" users, sign in to Entra, then
go to Protection, then Security Center, and see "Risky Users." It also lists
"Risky sign-ins, and Risk detections. When you view the list of
risky users, you can confirm that flag, or clear it.
How to deactivate MFA method on
M365.
Friday,
April 16, 2021
If
a
user can no longer use a specific phone number to authenticate, or
if for any other reason, you need to deactivate a MFA method, you
need to log in with an authorized account to access Azure AD, and
follow the steps in this document, which will also prep the
Azure AD account to configure a new MFA method.
Several fixes for Outlook
repeatedly asking for M365 credentials; also for Outlook not
asking at all.
Sunday,
October 4, 2020
These
types of problems just keep cropping up. So here are some
suggested methods for troubleshooting.
- Run Credential Manager (inWindows Control Panel), and if your
account is listed ensure that it's correct.
If not correct, fix it.
If correct, try deleting it,
reboot and log into Outlook.
- Logging-in into Web Outlook might sometimes show an existing problem
such as the need to change the password.
- Start Outlook in safe mode by running Outlook.exe /safe and enter
the ids if asked.
- Unlink the Microsoft Account from Outlook
- Disable Modern Authentication in regedit:
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity,
create a DWORD item named
EnableADAL
and set it to zero.
Under the same registry key, create a DWORD item named
DisableADALatopWAMOverride
and set it to 1.
See
Microsoft article.
How to access Microsoft 365 App
passwords.
Wednesday,
August 19, 2020
For
some
reason, Microsoft keeps moving this arround, and they will
probably continue to do so, but at least for today, here is how
you can access M365 app passwords:
- sign in to M365
- click your initials in the top right of the page
- select My Account
- click on Settings & Privacy on the left
- click on Privacy on the right side of that page
- click on the new option, "Office Apps" that now shows up on the
left side
- click on Security & Privacy on the left
- click on Additional Security Verification on the right
- click on "create and manage app passwords"
It's completely ridiculous that it takes this many steps to get to
something so basic!
Alternatively, here is the web page directly.
Instructions for configuring
Fortinet firewalls for dual-WAN failover.
Tuesday,
June 16, 2020
The
old-style help article is here, and the new "cookbook recipe" is here.
Fortinet SSL-VPNs have 8-hour
timeouts by default. It's easy to change that to either up to
3 days, or zero, which disables the timeout entirely.
Tuesday,
June 16, 2020
The
brief article is here, but the command and syntax is:
In
config vpn ssl settings
set auth-timeout <auth_seconds>
The default time setting is 28,800 (8 hours). The value can be
set in the range 10 to 259,200 seconds (3 days).
A value of 0 can be used to indicate no timeout.
How to enable Fortinet SSL-VPN
users to access subnets on the other side of IPSEC
site-to-site VPN tunnels.
Friday,
May 1, 2020
There's
a great "cookbook" article here, explaining exactly how to accomplish
this.
Fortinet Virtual Domains.
Saturday,
April 18, 2020
For
some
reason, Fortinet firewalls are unable to add more than 27 VPN
users unless you enable virtual Domains on that firewall. Here's
an article with an overview of what Virtual Domains are. Here's
one that shows how to enable them, and another that shows
how to update the maximum allowed number of VPN users.
The thing that I don't understand is taht you don't need to split
the users between virtual domains - once you have enabled virtual
domains, you can simply increase the total number of users to
whatever number you like.
Windows Group Policy help.
Saturday,
April 18, 2020
Seems
like I can never remember where inside the ginormous Group Policy
Editor to find Drive Mappings, so here's a link for that.
Also, the command to force a PC to update the Group Policy is
GPUPDATE /FORCE
How to enable MFA for Office
365 tenant.
Wednesday,
March 4, 2020
There's
a
couple of steps involved in enabling MFA for O365, and it's not
always easy to find the relevent documentation. So here they are:
Step 1: Connect powershell to your O365 tenant.
Step 2: Enable Modern Authentication.
Step 3: Enable MFA.
And then if users need guidance for how to use the Microsoft
Authenticator app with O365, there's a helpful page here that explains.
Trick to get Fujitsu scanner
working with ScandAll Pro and Windows 10.
Tuesday,
February 11, 2020
The
Fujitsu
fi-series of sheet-fed scanners are great, but their website and
documentation leave a lot to be desired. For Windows 10, they have
a new TWAIN driver, called PaperStream IP. It isn't even listed on
the drivers page with the scanners, you have to go here to get it. Then, if you are using their
ScandAll Pro software (which must be version 2.0 or higher to
function with Windows 10), you MUST use the 32-bit version of the
PaperStream IP TWAIN driver, regardless of the bitness of the OS.
Also, you can't just download the ScandAll Pro software - you have
to have the original CD that shipped with the scanner, and install
that and then upgrade it to the latest version.
Steps required to remove an
offline file sync partnership that can't be removed.
Monday,
February 10, 2020
The
little
built-in Windows utility "offline files" and sync center can come
in handy, but if the server share you are syncing goes away (as
with a file server upgrade, for example), there's no easy way to
remove that sync partnership. Luckily, someone posted these steps that get the job done.
Handy web page from Dell,
helping to determine what Dell soundbars are compatible with
what Dell monitors.
Tuesday,
January 28, 2020
Web
page here.
Stop adware pop-ups originating
from Chrome that are not extensions.
Monday,
January 20, 2020
I've
seen
this a few times in the past, but I just came across the fix for
it. I had a client's PC that was generating troubleshome adware
pop-ups, but I was unable to find the source. It turned out to be
not an executable that was running, nor an installed malicious
extension, but a simple "notification" that the user had been
tricked into accepting. The problem is, there is no easy way to
find the list of accepted or allowed notifications within Chrome.
You have to simply know the correct URL to enter, which is chrome://settings/content/notifications
Once there, simply block or remove the malicious notifications
from the list.
Fix eternal "device setup in
progress" status on printers in Windows 10.
Thursday,
November 7, 2019
Over
the
past two weeks I have come across several PCs that weren't able to
print or have new printers installed on them. All of them showed
"device setup in progress" as the status of the new printer
object. Finally today I found this website that explains the cause, and
provides a fix.
The problem is caused when Windows tries to download a custom
printer icon from some Microsoft server. If that server is not
available, the printer install process just stops forever. You
would think Microsoft would have built in a simple time-out, so
that if the OS isn't able to download the icon in a reasonable
amount of time, it would simply complete installing the printer
without the icon, which is functionally utterly supurfluous. But
no, Microsoft simply assumed that their server would avways be
available, that the process would always work flawlessly, and
didn't bother to create a timeout.
Luckily, there's a simple registry entry that can fix the problem:
Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device
Metadata
And
edit the key named: PreventDeviceMetadataFromNetwork
Set
the value to 1, reboot the PC,
and the problem will vanish!
How to determine the version of
Windows 10
on a USB install disk.
Tuesday,
November 5, 2019
With
all
of the different versions of Windows 10, it's tough to keep track
of what version is on a USB installer disk. Here's how you find
out.
1. Mount the USB drive on your computer, note the drive letter
2. Open an elevated command prompt
3. Enter this command string (and substitute your drive letter for
the K):
dism
/Get-WimInfo /WimFile:K:\sources\Boot.wim /index:1
4.
Note the version (example: 10.0.17763)
5. Go to this web page, which lists all of the versions by
name and number.
Problem with very large
mailboxes in Outlook 2019 & 365.
Monday,
September 16, 2019
I
just encountered this problem with a user with a 73 GB mailbox. We
had previously increased the size his mailbox was allowed to grow
to, by changing his Office 365 subscription. But Outlook 2019
& 365 still have a default (and possibly hard-coded) limit of
50 GB. Even worse - Outlook doesn't throw any errors or
warnings when the OST file hits this size - it just stops
downloading emails.
I found this aticle that claims to have a registry
key that overrides the limit, but when I looked in the registry,
the OST key where it says to create the new entries didn't exist.
I created it, but I have yet to discover if the setings actually
took effect.
My interim solution was to limit the OST file size by only syncing
three years of emails, rather than everything.
Bug in Cisco SGx50 switches -
unable to use GUI to set static IP of switch.
Wednesday,
September 11, 2019
Just
came
across this while trying to set a static IP on a brand new SG250
for management purposes. Highly annoying, but luckily I found this article on the Cisco website explaining
the problem and providing a work-around.
Interesting & annoying VPN
glitch with Windows 10 ver 1903.
Thursday,
August 29, 2019
Some
users
began reporting that they are unable to connect to a RRAS VPN. It
happened simultaneously for a bunch of users, and we happened to
notice that all of their laptops had recently upgraded to 1903. It
turned out not to be a networkng issue, but simply that the VPN
client is unable to raise a dialog box asking for credentials when
invoked from the system tray. If the users go into setting, then
to Networking, then to VPN, and click conenct on the VPN listed
there, it works fine.
But that is a lot of clicks to ask someone to do every time they
want to connect/disconnect their VPN. I discovered a better way.
If you create a desktop shortcut to rasphone.exe, it brings up a
nice simple window that enables the user to connect/disconnect
VPNs. Beautiful solution - problem solved!
Cool method to confirm what
user account a PC is using to attach to a network device
(server, NAS).
Sunday,
August 24, 2019
C:> wmic netuse where
localname="Z:" get username /value
I've
also been using this command to get the serial number of a PC:
C:> wmic bios get serialnumber
Excellent article from the WSJ,
pointing out that most people don't need Internet conenctions
faster than 100 Mbps.
Friday,
August 23, 2019
Article
Link
New Wifi numerical designations.
Friday,
May 10, 2019
Nifty free tool to tweak
security settings in IIS.
Sunday,
January
27, 2019
Nartac
Software provides a free tool called IIS Crypto that enables easy setting of a
host of security features on IIS.
Problem with HPE servers
erroneously reporting "overheated" hard drives.
Thursday,
September
6, 2018
I
ran into this with a Proliant ML110 Gen10 server, with a SFF drive
bay. I used Seagate "Firecuda" 2.5" 2 TB hybrid drives. They
functioned just fine, but the HPE BIOS sees two of them (why only
two, rather than all three?) as reporting overheated status. So it
runs the case fan at full blast, all the time. I searched
everywhere looking for an explanation or a fix, until I found this web page that explains the problem, and
tracks the affected drives. There's no fix, but at least I
understand the problem clearly, and know that there is nothing to
be done - either accept the loud fans, or buy much more expensive
drives.
Enable Windows Hello on
Domain-joined PCs.
Thursday,
August
2, 2018
For
some
reason, the option to enable Windows Hello is greyed-out and
unavailable on domain-joined PCs. To re-enable it, go to the
following location in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
and
add the following key: AllowDomainPINLogon DWORD 00000001
How
to remove User Profiles in Windows 10.
Thursday,
April
19, 2018
Run
sysdm.cpl, go to the Advanced tab, click Settings in the User
Profiles section.
Rebuild
malfunctioning Start Menu in Windows 10.
Thursday,
April
12, 2018
There
are
several different ways the Start Menu can get messed up in Widows
10. One fix is to reload all of the Windows 10 Apps. Open a
PowerShell window with elevated priviliges, and enter this
command:
Get-AppXPackage
-AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode
-Register "$($_.InstallLocation)\AppXManifest.xml"}
SMB1
disabled in Windows 10 Fall Creators Update/Build 1709.
Monday,
December
18, 2017
If
a
copier or printer is unable to send scanned files to a network
share on a Windows 10 PC, it could be that it is using SMB1, which
is no longer available. This change is discussed in this
document from Microsoft. The change also afects Windows
Server 2016. Luckily, it's fairly easy to re-enable SMB1. Just
follow the instructions here. Skip over the first part
of the article, which explains how to disable SMB2 and SMB3.
Fix
for
Outlook not displaying images in emails.
Wednesday,
November
15, 2017
The
first
thing to try, obviously, is to go into Trust Center Settings and
uncheck "Don't download pictures automatically . . ." in the
Automatic Download section.
But if that doesn't work, the next thing to try is moving the
Internet Explorer Temporary Internet Files folder. Open Internet
Options from Control Panel or IE, and on the General tab,
Browsing History section, click the settings button, and then
the Move Folder . . . button. You'll have to log out and back
in, and that should fix the problem.
Reset
a
password in Windows 10 using a flash boot disk.
Friday,
May
5, 2017
Just
follow
the steps here. Alternatively, spend about $30 for
either PC Unlocker, or Windows Password Unlocker.
How
to
set a reliable time source on a Windows 2016 Server.
Monday,
May
1, 2017
W32tm /config /update /manualpeerlist:pool.ntp.org
/syncfromflags:manual
then
W32tm /resync
If you want to, you can create a batch script with that second
command, and set it to run every 4 hours or so, indefinitely. That
will keep the server in sync forever (or until someone changes the
password for the account you are using to run the scheduled task).
How
to
repair Windows 10 broken start menu and missing Edge.
Monday,
March
7, 2016
I
recently had a user whose Start menu broke in Windows 10. Every time
she clicked it, she got a dialog box that stated "Critical Error -
Your Start menu isn't working. We'll try to fix it the next time you
sign in." The only option on the dialog box was a button to
sign out. But signing out or restarting never fixed it. Some people
online reported that starting in Safe Mode, shutting down then going
back into regular mode fixed it, but not for this particular user. Here
are
a couple of other methods to try. Eventually we
discovered that uninstalling the Dropbox application fixed the
problem. But then we noticed that her Edge browser was missing. So
we had to follow the steps on this
web
page to reinstall it.
How to repair
Windows 8 boot process for installs using UEFI BIOS.
Tuesday,
February 16,
2016
For
machines
that somehow have their boot files damaged, there are plenty of
instructions online explaining how to repair them. But they all
refer to a c:\boot folder. I ran into a laptop which didn't have
that folder at all. Turns out that is a sign that the OS is booting
from a UEFI BIOS, and there is a separate (very similar, but a bit
longer) list of steps for how to repair those types of Windows
installs. The best one I found here.
The steps go like this - after booting using Windows 8 boot media,
and getting into a command prompt:
- diskpart (opens Disk
Partitioning tool)
- select
disk
0
- list
volume (please
note
the number of the volume that has no drive letter assigned and
has FAT32 listed in Fs column, usually the
only FAT32 volume/partition)
- select
volume <the
number
of 100-500 MB FAT32 volume with no drive letter, or with label
ESP, EFI or SYSTEM>
- assign
letter=Z: (gives
drive
letter Z: to EFI System Partition)
- exit (closes Disk
Partitioning tool)
- cd
/d
Z:\EFI\Microsoft\Boot\ (changes
current
folder in Command Prompt window)
- attrib
Z:\EFI\Microsoft\Boot\BCD
-h -r -s (removes hidden, read-only and system
attributes from BCD folder)
- ren
Z:\EFI\Microsoft\Boot\BCD
BCD.old (renames BCD folder
to BCD.old)
- bootrec
/rebuildbcd (retries the rebuild)
Now, in the Add
installation to boot list line,
type A and press ENTER.
The new BCD is ready, close Command Prompt and restart your
computer.
How to Activate
Windows 10, when it doesn't do so automatically after an
upgrade.
Monday,
February 1,
2016
For
some
reason, I had an upgraded copy of Windows 10 fail to activate. The
fix was to run SLUI
3from
the
Run box, which allowed me to re-enter the Windows 7 product key.
Once entered Windows 10 was able to activate itself successfully.
Effective method for
deleting
and removing pesky files and folders that refuse to be
deleted.
Sunday,
January
31, 2016
This
is
a great one.
First,
open a
Command window, and go to the directory containing the file or
folder that won't delete.
Next,
use dir/x to display the file or
folder's 8.3/DOS style name.
Finally,
delete
it using del or rd and the 8.3 file/folder name.
Extremely
simple,
but it has worked for me every time I have tried it.
Simplest method
yet for configuring Autodiscover with Exchange 2010/2013.
Saturday,
January
16, 2016
This
is
by far the easiest method I have yet found for configuring
Autodiscover. Not only is it incredibly easy, it also avoids having
to use SAN (Subject Alternate Name) SSL certificates. Basically,
just create a SRV record for the domain, pointing to the apropriate
server. Awesome article.
If
you
need to update a DNS server for a domain where the email is hosted
on Office365, the SRV record needs to point to autodiscover.outlook.com.
At least, that is the best I've been able to find.
Here
is
another web
page that discusses multiple
methods, including two that are particularly helpful.
One
is
a method for placing an autodiscover.xml file on a PC, and
configuring the registry to tell Outlook to look at that file to
enable autodiscover. This is helpful when you have no access to a
domain's DNS servers, or file structure of their website.
The
second
is instructions for placing that same XML file into an autodiscover
subdirectory of the website.
How to fix it
when users are unable to launch Windows Update because it has
been disabled by the network administrator.
Thursday,
January
14, 2016
This
is
caused by some domain-level policies. I've mostly seen it on Windows
SBS servers. Anyway, here's a great article on how
to get around it.
Enable Bitlocker
in Windows 8 on a machine without a TPM.
Thursday,
January
14, 2016
Microsoft
Bitlocker
encryption is a terrific way to achieve whole-disk encryption,
though it is only available on Professional-level operating systems.
Another problem is that by default, it can only be activated on
systems with a TPM chip. Luckily, there is a simple registry entry
or Group Policy entry that will enable it even without the TPM. Here's
the
article with the details.
Outlook may
suddenly start only in Safe Mode.
Thursday,
January
14, 2016
This
problem
started in early December, 2015, and is caused by a Microsoft
Windows Update - KB3114409. You can fix it either by uninstalling
the KB, or by creating a registry entry that disables Safe Mode fo
Outlook entirely. Here is a very
good article, explaining the registry key.
How to uninstall
LogMeIn on a Mac.
Thursday,
January
14, 2016
Regular
Uninstall - Manual
uninstall
Outlook suddenly
starts returning search results starting with the oldest
emails first.
Thursday,
January
14, 2016
One
user
had this problem, and then it reoccurred a few months later.
Suddenly when they were searching from the search box in Outlook
2010 (on a Windows 7 Pro laptop), their search results were listed
from the oldest email in their folder first. Because of this,
searches were taking a very long time to complete, since the emails
they were looking for were usually the most recent, not the oldest.
It
took
me a while to pin this down, but basically, if Windows 7 search
feature is not functioing properly, Outlook reverts to its own
built-in search, which has this unfortunate behavior. In this case,
the Indexing Service had become disabled, and I had to go into the
list of Windows Components and reactivate it. Once that was done,
restarting Outlook returned it to its previous search behavior. BTW,
the other component of WIndows 7 search is simply called Windows
Search.
Microsoft Office
2016 can't co-exist with 2013 products.
Monday,
October
19, 2015
Microsoft
has
helpfully made everyone's life more difficult by making Office 2016
utterly unable to co-exist on the same machine as any 2013 versions
of any stand-alone Office product - such as Project 2013. They are
addressing this by providing free upgrades of the stand-alone
products to their 2016 versions. The full explanation is
here.
Basically, you need to go to the
Microsoft Answer
Desk website,
log in, click Contact Us, then Accounts and Billing, which will open
a new window where you can enter your phone number, and someone from
India will call you back. After you explain the problem to
them, they will de-activate the 2013 version of the product from
your account, and send you an email where you can click a link to
redeem a free copy of the 2016 product.
Cloning a disk
(as from a HDD to an SDD) causes Quickbooks to fail.
Tuesday,
August
18, 2015
For
some
reason, cloning a HDD will crash Quickbooks. The error it typically
throws is Error 3371, status code 11118. Luckily, there is an easy
fix. Just find and delete the EntitlementDataStore.ecml file,
located in c:\ProgramData\Intuit\Entitlement Client\v<your
version number>
Then
start
QB, and it will run normally - though you will have to re-register
it, so you'll need the key codes.
Thanks
to this
article at ComputingonDemand.com
Why nobody uses
email encryption.
Friday,
July
3, 2015
Interesting
article
on How-To
Geek.
Boils down to "it's a difficult pain in the a**."
"Get Windows 10"
system tray icon. What is it, where does it come from, when
does it not appear, and how to remove it.
Thursday,
June
11, 2015
Excellent
article
discussing all aspects of the "Get Windows 10" icon on How
to
Geek.
Tightening
security/encryption methods for RDP on Windows Servers.
Tuesday, May
12,
2015
Turns
out
there is a fairly gaping security hole in the default security
settings of RDP. It's fixable by using SSL encryption using a
self-generated or purchased SSL certificate.
This helpful
page explains the origins of
the problem, as well as how to fix it on 2003 and 2008 servers.
2012
servers,
of course, are a somewhat different story. if they are DCs, you
can just use the RDS Session Host configuration tool, but if
they are not, the tool is MIA, and you have to either edit the
registry or use a Group Policy (gpedit.msc). Either way, this
page explains the changes
that need to be made. That page is actually a reference for
Server 2008 R2, but it seems to work for Server 2012 as well.
How to swap
between Public and Private networks in Windows 8.1.
Wednesday, March
18,
2015
In
Windows
7, you could go into the "Network and Sharing Center," and the
network type was helpfully linked. You could just click on it and
choose what type of network you were actually conencted to, if it
was showing the wrong thing. as much as I like Windows 8, it no
longer has that link. Instead, you have to go to Change PC
settings, in the Modern style control panel-ish area, and from
there, choose Network, and then click on the network you are
connected to. Once there, you can set "Find Devices and Content" to
"On" for private networks, or "Off" for public networks.
Check
out this
page for more detailed
instructions.
Windows
BCD-related boot errors in Windows 7 or 8.
Tuesday, March
10,
2015
In
the
Windows world, BCD does not mean Buoyancy Control Device. It means
Boot Configuration Data. It replaces the venerable boot.ini file of
Windows versions past. If the BCD gets corrupted, it is usually
fairly easy to repair, but it requires booting from Windows
installer boot media, getting into the command prompt, and running a
few simple commands. This
page lays out the process
pretty clearly, including the exact syntax of the necessary
commands. In case you need assistance navigating to the Advanced
Startup Options in Windows 8 or 8.1, this page lays out that
process.
Intuit Sync
Manager is NOT a backup application!
Tuesday, March
10,
2015
As this
page clearly states, the
Intuit sync program keeps a copy of the Quickbooks company file up
to date on Intuit's servers. But this is only so that third-party or
web-based programs can access it. It is NOT possible to restore your
company file from the copy on Intuit's servers. Therefore, you
cannot rely on this app for backing up your company file.
Windows 8 install
media - easy download
Friday,
March
6, 2015
Microsoft
finally
has an easy
downloader
tool for ISO images of
current versions of Windows. How convenient!
How to export
mailboxes from Exchange 2010 (ExMerge doesn't work anymore)
Wednesday,
January
28, 2015
Good
old
ExMerge won't work on Exchange 2010. Instead, use the PowerShell
Cmdlet New-MailboxExportRequest, as detailed on this
web
page.
A tool for
determining which public DNS server has the best performance
Thursday,
January
22, 2015
The
tool
is called NameBench.
It would only be needed in some very specific circumstances, but if
you are in those circumstances, it could be just what you need.
Windows 8/8.1
Modern apps fail to run
Thursday,
December
11, 2014
I
just encountered this - whenever I ran a Modern App, it would just
appear minimized to an icon on the taskbar in the Desktop
mode. Here is the fix: (For me, the key step was C)
A.) Fixing the app store:
Open
registry
editor typing regedit.exe from a command line.
Browse
to
the registry key at HKEY_CURRENT_USER\Software\Classes\Local
Settings\software\microsoft\windows\currentversion\appmodel\repository\packages.
Right
click
on the packages key and bring up the Permissions tab.
Click
the
Advanced button located at the bottom right corner.
Check
to
see the account name that shows up as the Owner (this is the first
line of text on the advanced security settings dialog for the
packages key). It should say SYSTEM. (For me this showed
the built-in local Administrators group)
If
it
is any other account, click on the Change button next to it.
Type
SYSTEM
in the select user dialog. If Multiple Names Found window comes
up, select the row for SYSTEM.
Click
OK
to the dialogs and close them all.
Run
from
admin command prompt: Powershell
-ExecutionPolicy
Unrestricted Add-AppxPackage -DisableDevelopmentMode -Register
$Env:SystemRoot\WinStore\AppxManifest.xml
B.) Fixing all modern apps:
Run
from
admin PowerShell:
((Get-ChildItem
"HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications")
|
Get-ItemProperty).Path | Add-AppxPackage -Register
-DisableDevelopmentMode
*
When I ran this the black X persisted until after the next step and
reboot. But trying to start an app gives me a new message and
a link to the store.
C.) Fixing 3rd party apps:
Delete
the
regkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\[UserSID]
You
can find your SID by going to an elevated command prompt and typing
wmic
useraccount get name,sid
D.) Restart. After a
reboot the apps still showed the black X for a minute or so, but it
soon cleared up on its own and all apps seemed to be working
again. I was also able to update the apps from the app store
once signing in with a Microsoft account. Finally, I am again
able to get into PC Settings.
Windows Update
fails with Error 80072EFD
Thursday, November
20,
2014
Apparently
there
are many reasons why WU might fail with this error, but one cause is
that WU is configured to get its updates via WSUS. To fix that:
1.
Click
Start > Run > type regedit without the quotes, and accept
the UAC prompt to continue
2.
Navigate
to HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate
3.
Look
at the keys in that folder, if they look something like this:
WUServer=http://srv_name:8530
WUStatusServer=http://srv_name:8530
If those entries are listed under that folder, backup then
delete the WindowsUpdate folder
A. Right-click on the folder and select
export to save.
B. Delete the WindowsUpdate key from the
registry at
HKLM\Software\Policies\Microsoft\Windows.
4.
Restart
the Windows Update service. (located in Start > Run > type
services.msc without quotes)
Links to download
all versions of Internet Explorer
Friday,
November
14, 2014
It's
downright
impossible to find a simple link to IE 10 when Microsoft is flogging
IE 11. Luckily, these
folks made a comprehensive
download page, with links to all versions of IE.
Configuring
Windows
for Quickbooks multi-user
Wednesday,
October
22, 2014
Here
are
some links to documentation on Intuit's website with instructions on
configuring Windows for QB multi-user.
- Configuration
oveview
- Firewall
settings
Exchange 2010 OWA
email attachment size issues
Wednesday,
September
24, 2014
By
default,
Exchange sets a size limit for emails (and so really for
attachments, since emails without attachments are of negligible
size) of 20 MB. That is set for all users, regardless of how they
are accessing their mailboxes (Outlook, smartphone, tablet, OWA). I
have always just removed the limitation entirely. But I've been
puzzled for years about why servers configured like that still had
persistent 5 MB limits for users accessing their mailboxes through
OWA.
And
I
finally discovered the answer. Evidently, OWA can't handle the
unlimited size setting, and defaults to 5 MB. The fix is to just set
an arbitrarily large file size (100 MB, 200 MB, etc), and OWA will
handle it correctly.
Unfortunately,
solving
that problem just revealed a new one. For computers where
Silverlight is installed, there is a known bug in Silverlight/OWA
that prevents users from attaching files larger than 25 MB to
emails. This is totally independent of any server-side settings. I
have tested this, and verified the limitation. I have not tested
from a PC without Silverlight, but evidently in that case, the
server-side setting prevails, allowing attachments of much larger
than 25 MB.
Easy hack to
reset local passwords on Win7 and Win8
Sunday,
August
10, 2014
Story here,
more explanation to follow.
User's shortcuts
to server dissappearing from desktop
Tuesday,
August
5, 2014
I
had a user who had a bunch of shortcuts leading to network drive
locations. Periodically (every couple of weeks), these icons would
dissappear. When I looked into it, I found that Windows 7 and 8
include something called "System maintenance Troubleshooter"
which automatically performs such unimportant tasks as:
- deleting broken shortcuts (when there are 4 or more broken
ones on the desktop)
- frees up disk space by deleting logs older than 1 month
- sets the system time by synchronizing with a time source
- deletes any icons on the desktop that have been unused for 3
months
- runs checkdisk
To
stop
this thing from running, open the control panel, and type trouble
into the search box. Then click the Troubleshooting link.
Click the Change Settings link on the left, and set Computer
Maintenance to "Off" click OK at the bottom, and good riddance!
How to remove
disconnected mailboxes from Exchange 2010
Monday,
July
21, 2014
Microsoft
thoughtfully
removed the purge command from the GUI. Instructions
here.
Microsoft's instructions here.
Don't forget to
enable Outlook Anywhere in new Exchange installs.
Monday,
July
21, 2014
Turns
out
Outlook Anywhere is different from RPC over HTTP, and it is
(bizarrely), not enabled by default. It's simple to enable it, but
you have to remember to do so. Instructions here.
Problem where
Outlook 2013 would not connect to Exchange server
Monday,
July
21, 2014
Ran
into
this problem where Outlook 2013 suddenly refused to connect to an
Exchange 2010 server. The fix I finally found was to revert office
to a previous version. Since Office 2013 uses the new click-to-run,
the procedure was unfamiliar. Here
it
is.
Also, here is a list
of
the versions of Office 2013
click-to-run.
I recently found
this handy list of MS Exchange versions
Monday,
July
21, 2014
Exchange
Versions,
Builds and Dates
Java apps blocked
from running in Internet Explorer - "Application Blocked by
Security Settings"
Wednesday,
June
18, 2014
If
you
ever see this prompt, it is extremely difficult to know exactly what
is blocking the app from running, and where you would go to change
the setting to enable it to run.
If
you
look in the IE settings, and add the website to the list of trusted
sites, and loosen every possible restriction, the error will still
come up.
As
it
turns out, it is coming from Java itself, and to fix the problem,
you need to go into the Java control panel, to the security tab, and
change the setting down to medium. Then you will still get a
lot of prompts with security warnings, but at least you will be able
to choose to allow the app to run.
Here
is
the explanation from Java.com.
Exchange bug
enables users to continue using their email account for up to
6 hours after their password is changed to deny them access.
Monday,
June
2, 2014
I
just learned about this bug, when the network administrator at one
of my clients changed the password of an employee who was being let
go. Despite the password change, that user continued to have full
access to her mailbox, and sent several irate emails. We were
totally perplexed, until we found this article,
that explains what had happened.
The upshot is that it affects all recent versions of Exchange (2003,
2007, 2010), and the best or only way to ensure that a user is
disconnected is to open a command window, and run IISReset
immediately after changing the user's password.
Fascinating
article about "Tech support scammers." Beware of sponsored
search results that look like they are listing support numbers
for well-know software companies.
Thursday,
May
22, 2014
Inside
the
US government's war on tech support scammers - on Ars Technica.
LenovoEMC Storage Manager
(discovery.exe) software floods network, causes lag, dropped
packets, complete network connectivity failure.
Wednesday,
May
7, 2014
Evidently,
Lenovo
laptops now come preloaded with network discovery software for LenovoEMC(formerly
Iomega)
NAS devices called Storage Manager. The executable is
discovery.exe. Even if you dont activate this software, it floods
huge amounts of broadcast traffic whenever connected to a network.
By huge amounts, I mean at least 2.5 MB/sec. Evidently, it is just
horrible coding, and all it is doing is searching for NAS boxes,
though evidently it is searching every possible IP address.
Here
is
a link to a brief,
understated mention on Lenovos support site.
Here is a link to
a
much better page, with many people chiming in that this has caused
problems for them, and a couple of more detailed explanations and
flames.
The
fix
is just to uninstall the application, which wont cause any problems
for you unless you actually need to search your network for an
Iomega/LenovoEMC NAS.
When
Microsoft
Security Essentials (MSE) won't run properly or reinstall
following a virus
Monday, April 7, 2014
Some
of
the fake "antivirus" apps that take over your computer mimic MSE,
and put entries in the registry that redirect the real executables
to evil executables. Even after you remove the virus, you need to go
in and delete those redirects, as explained in this article.
The
short
version is:
- Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\Current
Version\Image File Execution Options
- Look
at
each subkey, they have the names of exe files. If the key
contains the value Debugger,
it means the particular .exe file is being redirected
- Delete
the
entire key for the .exe
Free User Profile Migration utility
Sunday, April 6, 2014
Check
out
the free User
Profile Wizards from
Forensit.
Windows Update Checker utility (KUC)
Sunday, April 6, 2014
Komm's
Update Checker checks,
verifies,
generates reports, and installs Windows Updates.
Office 365 Unlicensed Product error (red banner
at top of window)
Monday, February 24, 2014
Office
365
has its own peculiarities, and one that I just encountered is this
"Unlicensed Product error." As with most problems, the solution is
laughably simple, but finding the fix is difficult.
Thanks
to techwiki for
this
fix:
After a period of time (Sometimes a password change sets
it off) Your user might get the error (Unlicensed Product) in the
banner when opening an Office product like Word or Outlook.
There are two different fixes, one for Office 2010 & another
for Office 2013.
You need to open a command prompt (I would elevate) and run the
following.
Office 2010
32bit: C:\Program Files\Common Files\Microsoft
Shared\OFFICE14\OSAUI.exe /F
64bit: C:\Program Files (x86)\Common Files\Microsoft
Shared\OFFICE14\OSAUI.exe /F
Office 2013:
You need to go to one of these locations first and then run the
script below
32bit: C:\Program Files\Microsoft Office\Office 15\
64bit: C:\Program Files (x86)\Microsoft Office\Office15\
Now run: cscript OSPP.vbs /act
This should bring up an activation window which should show
Successful after completing.
Also, here is a link to
an MS Technet article with all the other command-line switches for
the OSPP.vbs script.
Set authoritative Internet time sources on
Windows Server 2012
Tuesday, February 11, 2014
For
whatever
reason, Microsoft decided that with Server 2012, we can no longer
use the simple NET
TIME
/setsntp:servername command
that
we used to use on Server 2003 and 2008. The manual steps are now
pretty cumbersome. Luckily, Microsoft has made available a "Fix it
for me" tool that you can easily download and run on Server 2012
installations that can set NTP servers to enable Internet time
synchronization. I recommend pool.ntp.org or time.windows.com or
tock.usno.navy.mil as time sources.
MS KB 816042 How
to configure an authoritative time source for Windows Servers.
Also
(for
2008 servers) you can use the W32tm command
line
utility. Here
is the full syntax.
If
all
else fails, you can use this Windows
time
sync utility.
How to defeat laggy video on YouTube (also
works
for imdb trailers)
Tuesday, December 17, 2013
It's
difficult
to say when I started noticing it, but perhaps in 2010 or so,
YouTube videos, especially high-resolution videos, stopped playing
smoothly, despite my high-speed Internet connection. I finally got
annoyed enough to do a little research, and found many others online
complaining about the same phenomenon. Luckily, it seems that there
is an easy fix. Just block out two IP ranges from your PC or
network, and YouTube resumes playing smoothly. It worked like a
charm for me.
The
two
ranges are: 173.194.55.0/24 (aka subnet mask 255.255.255.0)
and
206.111.0.0/16
(aka subnet mask 255.255.0.0)
How to copy autocomplete data in Outlook 2010
Thursday, September 5, 2013
Outlook
2010
changed how and where it stores the email autocomplete list,
compared to previous versions of Outlook. I had read that it stores
that data inside the PST file, but it quickly became evident that is
not the case. Actually, it stores it in a file located in
C:\Users\%username%\AppData\Local\Microsoft\Outlook\RoamCache
the
file
name starts with Stream_Autocomplete and ends with .dat
In
a
new profile, or on a new PC, you need to send at least one email,
and then close Outlook for a new autocomplete file to be created.
You can then copy in the old autocomplete file, and rename it to
match the new file (after renaming the new file first, of course).
Group Policy and Security Policy editors
Monday, August 12, 2013
For
some
reason, I can never seem to remember the names of the Windows
consoles that enable you to edit the Local Group Policy and the
Local Security Policy. They are gpedit.msc and secpol.msc,
respectively.
Change or disable Windows 8 hideous
"Log Off" screen
Sunday, July 21, 2013
Ah
yes,
yet another totally unnecessary, complicated annoyance with Windows
8.
So Win 8 has a lock screen that can be set per user in the "Modern"
control panel/settings app. Unfortunately, that does not change the
"Log Off" screen that is displayed when a user logs off. By default,
it displays a hideous green, blue and yellow drawing of Seattle. And
they simply left out any method for changing it!! Finally they
issued a patch that enables admins to change the picture via the
Group Policy Editor (which is an annoying way to have to change a
simple setting), but - and here's the fun part - Windwos 8 (Home)
doesn't include the Group Policy Editor!! So the best that can be
done for Windows 8 is to disable the lock screen in the registry,
which also disables the log out screen. Here's the steps:
Windows 8 (Home)
Launch
REGEDIT,
and browse to
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization
(create the Personalization key if it doesn't exist).
Click Personalization in the left-hand pane. Right-click in the
right-hand pane, select New > DWORD Value, and give it the name
NoLockScreen.
Double-click your new NoLockScreen value, set it to 1, click OK, and
when you next reboot it the lock screen will have gone. If you
decide to restore it for some reason, set NoLockScreen to 0 or
delete it entirely.
Windows 8 Pro, Ultimate or Enterprise
http://support.microsoft.com/kb/2787100/en-us
If you have one Exchange server, and you are
using Outlook anywhere, Outlook will complain when the
public SSL certificate doesn't match the internal server name.
Thursday, April 11, 2013
There's
a
very good article here. It is discussing the
problem on an Exchange 2007 server. You don't need to execute all
the same commands for a 2010 server, but the ones you do need will
succeed, and the ones you don't need will harmlessly fail.
Also,
reference
the MS Technet
article. The other link is mostly clearer, but they've got
slightly garbled syntax in at least two cases.
Enable opportunistic TLS encryption on Exchange
2010
Thursday, April 11, 2013
First,
you
need to have a public SSL server certificate installed on your mail
server.
Then, using Exchange Management Console open and click on "Server
Configuration." You will see an "Exchange Certificates" tab, listing
all the SSL certificates available to that server. Assign the
appropriate certificate all Exchange services (especially SMTP).
Next,
click
on "Hub Transport" under "Server Configuration." Go into the
properties of your Internet Receive Connector, and on the
"Authentication" tab, check "Transport Layer Security (TLS)"
That's
it!
To verify, telnet to port 25 of the server, type EHLO, and look for
the line that says 250-STARTTLS. If you see that, your server will
opportunistically use TLS!
Use netstat to list which executables
are using what ports
Monday, April 1, 2013
Open
a
command window, type netstat -anob
Handy troubleshooting tool - view smtp
server manual email submission process
Monday, April 1, 2013
https://www.wormly.com/test_smtp_server
Generate a list of mailboxes in
Exchange 2010 sorted by size, and listing the size of each
Monday, April 1, 2013
Exchange
2010
doesn't have a GUI view where you can see the users listed with
their mailbox size. Luckily you can make your own list using the
Exchange Management Shell.
Get-MailboxDatabase "<insert database name>" |
Get-MailboxStatistics | Sort totalitemsize -desc | ft displayname,
totalitemsize, itemcount
You can always add > somefile.txt and import it into excel if you
need to make something pretty for management.
Hide accounts from Windows 7 login
screen
Monday, April 1, 2013
If
you
have a bunch of user accounts on a Windows 7 (or Vista) PC, they all
display, very annoyingly, on the login screen. To hide some, or
most, follow these steps:
1. Run regedit.
2. Go to
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
3. In the left panel, right click on Winlogon and lick New and
click Key.
4. Type SpecialAccounts and press Enter.
5. In the left panel, right click on SpecialAccounts and click New
and click Key.
6. Type UserList and press Enter.
7. In right panel of UserList, right click on a empty area and
click New then click DWORD (32bit) Value.
8. Type in the name of the user account that you want to hide and
press Enter. (eg: Everyday Account)
9. In the right panel, right click on the user account name and
click Modify.
10. To hide the user account Type 0 and click OK. (number zero
not the letter). If you later want to unhide the account, you can
do so by changing the value to 1 instead of zero.
Find license keys to installed software
Monday, April 1, 2013
There
are
many tools that will help you retrieve the license keys you used to
activate software installed in Windows. But the best I have found is License Crawler.
Encrypt email in Outlook
Wednesday, March 20, 2013
By
installing
a personal certificate (Microsoft calls it a "Digital ID"), it is
possible to encrypt emails in Outlook. After installing your
personal certificate, you also have to exchange certificates with
anyone you want to exchange encrypted emails with. See the full
instructions here. Personal certificates
range from free (Comodo) to around $25 per
year from most other vendors. Microsoft's list of vendors is here.
Configure DNS & Exchange for
Outlook autodiscover process.
Saturday, March 16, 2013
Outlook
can
"autodiscover" the mail server name it is supposed to be connecting
to, without the user having to enter that info, as long as both the
DNS and the Exchange and IIS servers are properly configured. This article discusses
all
the options and configurations needed. It boils down to having an A
record for autodiscover.domainname.com.
Grant or remove full-access permissions
to a mailbox on Office 365.
Saturday, March 16, 2013
See
the
blog entry below for details on how to connect a PowerShell session
to Office 365 hosted Exchange server, then read MS KB
2646504 for
details and syntax.
Wondering how to securely and
anonymously browse the web?
Friday, March 1, 2013
Use
the
TOR (The
Onion Router) network to securely route your Internet traffic
in untraceable ways.
Use Gmail, and worry about the safety of your
old emails?
Friday, March 1, 2013
Use
the
old program "Gmail Backup" to back it all
up locally.
Windows 8 tips
Friday, March 1, 2013
Windows
8
does not have a start menu. If you'd like to restore one, I
recommend Stardock's $5Start8.
If
you'd
just like Windows 8 to start with the "Desktop" view, rather than
the "Modern" Start screen, create a scheduled task. Set it to run
"at log on" and set the action to "explorer"
Finally,
if
you're trying to figure out how to actually close a "Modern" app,
just click it near the top and drag down all the way to the bottom
of the screen. This "throw away" gesture will close the app.
Use AirPlay to/from a PC
Friday, March 1, 2013
Using Reflector software,
you
can mirror the display of your iPad or iPhone onto the screen of a
PC. Using AirParrot,
you can send whatever is on the display of your PC to an AppleTV.
Two methods for copying iDevice data (music,
etc) from the iDevice to a PC
Saturday, January 26, 2013
Here
are
two programs that enable you to copy your music & other files
from an iPhone, iPad or iPod back onto a new or different computer,
which you may want to do if for example your computer dies or you
buy a new one. Evidently Apple thinks people never switch PCs.
DiskAId (free)
CopyTrans (about $20)
VMware physical to virtual converter runs
agonizingly slowly
Saturday, November 24, 2012
Version
5
of the Standalone Converter can run ridiculously slowly. Why?
Because by default the Converter uses SSL encryption to encrypt all
the data between the physical machine and the ESXi server. You can
change that setting by editing an XML file and restarting the
Converter Worker process.
Here are the steps:
1. Open the converter-worker.xml
configuration file. On a 2008 server, it is located in
C:\ProgramData\VMware\VMware vCenter Converter Standalone folder. On
a 2003 server, it is located in C:\Documents and Settings\All
Users\Application Data\VMware\VMware vCenter Converter
Standalone\converter-worker.xml
2. Set the key Config/nfc/useSsl to false.
Save the configuration file. You can use notepad.
3. Restart the VMware vCenter Converter
Standalone Worker service
The webpage where I originally found this
great tip is here.
Lenovo laptops choking on Windows
Updates
Wednesday, November 7, 2012
For
whatever
reason, Lenovo ThinkPads seem to be choking on Microsoft KB 2647753,
which is causing many other patches to fail to install. Just install
that one all by itself. That should allow it to install properly,
and then all the others will install okay.
Clicking Windows Update to find
additional printer drivers in Windows 7 returns "Windows was
unable to get a list of devices from Windows Update. Please try
again later."
Friday, November 2, 2012
Windows
7
includes a lot of printer drivers, but some, particularly older
drivers, do not show up in the list. When you check on the
manufacturer's websites, though, they indicate that the drivers are
included in Windows 7. The solution is to click on the "Windows
Update" link in the add printer driver dialog window, which should
give a list of every possible driver. But sometimes, you just get a
message indicating that Windows Update can't get the list." In that
case, here is what you do.
-
stop the Windows Update Service
- find the "Software Distribution" folder in the Windows folder
- rename or delete that folder
- start the Windows Update service
- click the "Windows Update" button in the printer driver dialog box
It
may
take some time (several minutes, or longer with a slow Internet
connection), but that should result in the full list of printer
drivers.
Sort Gmail emails by attachment size
Tuesday, October 30, 2012
Gmail
provides
a large mailbox, but it is not infinite, and all that space can get
used up. The quickest way to free up space is to sort your emails
based on attachment sizes, but there is no way to do that from
within Gmail. Luckily, there is www.findbigmail.com,
which provides just that service for you.
Exchange 2010 new server configuration
Saturday, March 17, 2012 and Friday, August 31, 2012
Exchange
2010
is slick in many ways, but in many others, it feels unfinished to
me. At the very least, the documentation from Microsoft either
sucks, or is nearly nonexistent. Here's some help and tips:
Here
are
great step-by-step instructions for performing a swing migration
from Exchange 2003 to 2010. http://www.petenetlive.com/KB/Article/0000234.htm
And here is
a great high-level overview of upgrading from Exchange 2007 to 2010.
You
can
use Microsoft's Remote
Connectivity Analyzer to
test ActiveSync, OWA and other services.
Note
that Domain
Admin accounts do not work with ActiveSync!!
If
you
need to connect with an account that is a Domain Admin, first remove
it from the Domain Admins group, then follow the instructions here to
be sure that the account is properly inheriting permissions to
enable it to use ActiveSync.
If
inbound
emails are not arriving, check the Default Receive Connector (Server
Configuration, Hub Transport) and make sure that Anonymous Users is
checked on the Permission Groups tab.
If
you
get a certificate warning message after you install a legitimate
certificate with the external server name on it, you can follow the
instructions in MS
KB 940726 to
resolve that.
If
Outlook
clients are prompting users to authenticate, check the following:
In
Internet
Information Services (IIS) Manager locate the Exchange virtual
directories, if you are using Small Business Server 2008 these will
be under the SBS Web Applications website, if your not using SBS
then they will be under the Default Website.
The virtual Directories you are looking for are:
Autodiscover
EWS
RPC
OAB
In turn highlight each of these virtual directories and double click
the Authentication icon on the right hand side. Right click on
Windows Authentication and select Advanced Settings. Place a check
box in the box for Enable kernel-mode authentication. Do this for
each virtual directory listed above.
Find sneaky virii
Monday, February 13, 2012
If
you
think a PC might harbor an active virus, but you can't find it, try
running the command-line tool nestat -no. That will list all of the
processes with unestablished connections. The one with the largest
number is the likely culprit, and you can then kill it, based on
it's PID. This works best when you get a TCPIP error #4226 in the
System Event Log, as described in this Microsoft TechNet note.
Set up shared mailboxes in Office 365
Thursday, January 26, 2012
I
really don't understand Microsoft's logic or reasoning behind this,
but increasingly they are deliberately leaving their products
unfinished, with no GUI for some features. One new one that I just
came across is setting up shared mailboxes on Office 365 (aka Hosted
Exchange). There is no way to use the web GUI to create one, you
HAVE to use PowerShell. Fortunately, a kind person over at MSDN
posted a blog entry helpfully showing
precisely how to accomplish this.
Windows 7 error "The User Profile
Service failed the logon"
Thursday, January 19, 2012
This
is
some weird new glitch that happens occasionally with Windows 7.
Luckily, there are several fixes. Read MS
KB 947215.
Use DropBox with a mapped drive
Wednesday, January 11, 2012
Officially,
it
is not possible to use DropBox with a mapped drive, but if you
follow these instructions, you can do it.
1) Choose
a
still available drive letter you would use to map to a network path.
For example, we could refer to \\SERVER\SHARE with the drive letter
H. Dont enforce the mapping yet, just choose the drive letter for
now. If the network path is already assigned to a drive letter (for
example, H), unmap and choose that drive letter.
2) Assign
H
to a local formatted partition. You probably have to add a new disk
to do this. If you have a virtual machine (VM) you would simply add
another hard disk, let Windows rescan the available hard disks, make
the disk online, initialize the disk, create a partition and format
it. Then you assign H to the drive.
3) Start
Dropbox
and configure the new location, for example H:\.
4) Dropbox
creates
the folder Dropbox under H:\ and moves already available content
to this new location.
5) Shut
down
Dropbox.
6) Move
the
Dropbox folder to your network path. Now we have
\\SERVER\SHARE\Dropbox and beneath it the Dropbox content.
7) Make
the
disk offline. H doesnt exist anymore now.
8) Map
H
to \\SERVER\SHARE.
9) Start
Dropbox.
Dropbox wont check if H is a network drive anymore.
The thing is Dropbox only checks if the location is a network drive
at the moment you change the location. Now you can use Dropbox with
your network path!
I found the above instructions at:
http://windoh-pedro.blogspot.com/2011/07/how-to-use-network-path-for-dropbox.html
Remove Outlook Add-Ins that no longer
exist
Wednesday, January 4, 2012
If
you
remove or uninstall an app with an Outlook Add-In, it can leave
behind the command to activate the Add-In when the user starts
Outlook. Since Outlook can't find the DLL, it will throw an error.
To fix this, simply delete extend.dat from the users profile. This
works with Outlook 2007 on XP, but I haven't tested it with other
versions.
Set boot-up number lock state in
Windows registry
Wednesday, January 4, 2012
Sometimes
laptops
can have their numlocks set to "on" at boot, and this can cause
problems for users trying to enter passwords since the integral
numeric keypad will be activated. If you can't find a "numlock off
at boot" setting in the BIOS, you can turn it off in the Registry.
Microsoft
discusses
this in their KB
Article 154529, but the key info is below:
In
the
Registry, go to HKEY_USERS\.Default\Control Panel\Keyboard
Set InitialKeyboardIndicators from 2 to 0
Windows Servers running RRAS list incorrect IP
address in DNS server
Thursday, December 15, 2011
If
a
Windows Server is both an RRAS server, and an A/D DC running DNS,
they can frequently list one of the IP addresses they use for RRAS
in the DNS, rather than just their LAN IP. MS knowledgebase article 292822 explains
how
to prevent this from happening.
Function keys on Lenovo ThinkPad &
ThinkCentre Edge keyboards
Thursday, December 15, 2011
For
whatever
reason, Lenovo has chosen to have the default behavior of the
function keys on their recent "Edge" computers not be function keys. The
default behavior is that you have to hit a Fn button in order for
them to be Function keys.
To
fix
this on the desktops, run the "Lenovo Slim USB keyboard" app from
the start menu, and check the function keys box. If you are using
that keyboard on another PC, you can download the control software
from here.
To
fix
the problem on laptops, reboot, get into the BIOS (hit enter very
quickly, as soon as you see the BIOS logo screen), and change the
function keys behavior in the BIOS.
Syntax to connect Macs to Windows Servers
Thursday, December 7, 2011
In
Finder,
choose "Connect to server" and use the following syntax:
smb://ServerName/ShareName
The
full
article from Apple's knowledgebase is here.
Online CRM Solutions
Saturday, October 22, 2011
How to determine what account is being used to
relay spam through an Exchange Server 2003
Thursday, May 12, 2011
If mail relay occurs from an account on an Exchange computer that is
not configured as an open mail relay - determine whether an account
on your Exchange computer sends authenticated relayed mail. To do
this, follow these steps:
- Click Start,
point to Programs,
point to Microsoft
Exchange, and then click System Manager.
- In Exchange System Manager, right-click Your_Exchange_Server_Name,
and then click Properties.
- Click the Diagnostic Logging tab.
- In the Services list, click MSExchange Transport.
- In the Categories list, click SMTP Protocol, and then click Maximum in
the Logging
level area. (Actually, it's Authentication that you need to
set to the Maximum logging level).
- Click Apply,
click OK,
and then quit Exchange System Manager.
- Click Start,
point to Programs,
point to Administrative
Tools, and then click Services.
- Right-click Simple Mail Transport Protocol (SMTP),
and then click Restart.
- Click Start,
point to Programs,
point to Administrative
Tools, and then click Event Viewer.
- In Event Viewer, search the Application log for event 1708.
Event 1708 indicates that the account authenticates with the
Exchange computer to send relayed mail.
Enterprise Activation on BlackBerry OS 6
Wednesday, October 20, 2010
RIM moved the
location of Enterprise Activation in their new OS (thank you,
RIM). It used to be in Options > Advanced Options >
Enterprise Activation.
The new location is Options > Device > Advanced System
Settings > Enterprise Activation.
Blackberry Enterprise Server (BES) Dispatcher
service stops running
Friday, October 8, 2010
The BES
Dispatcher service stopper running, and upon attempting to start
it, it failed with "service-specific error 5613."
It turned out that the problem had been caused because another
process had started using a port (5096) that the BES service
requires to run properly. In my case, it was the Exchange
Information Store server (store.exe). The fix is to add that port
to the list of reserved ports in the Windows registry.
The Blackberry Knowledgebase article discussing the problem, and
the fix is (KB04797). And the
Microsoft KB article with instructions for adding an IP port
exclusion is (KB812873).
Copying and editing the Outlook "Nickname Cache"
Thursday, October 7, 2010
The Outlook
nickname cache is the file that keeps all of the email addresses
that have been used in Outlook. In my opinion, it is a badly
misnamed feature. I have been amazed at the number of people who
have few or no contacts in their Outlook contacts folder, and
instead rely exclusively on the "nickname cache" feature as a list
of all of their contacts emails addresses. When moving to a new
PC, people always want to take this with them. It took me a very
long time to track this down, because of the odd name, but I
finally did.
The location of the file
is in:
drive:\Documents
and
Settings\user name\Application
Data\Microsoft\Outlook\outlook
profile
name.nk2
Note that the file name
is based on the Outlook profile name, NOT the user profile name.
With the help of the free Nk2View utility,
you
can edit the list, and even export it.
To clear or reset the
cache, just rename or delete the .nk2 file (with Outlook closed,
of course).
Finally, if you dont want outlook to suggest names for you, you
can turn this feature off.
In Outlook:
- Go to Tools, then
Options
- From the Options
tab, choose the E-mail options button
- Click Advanced
E-mail options
- Uncheck Suggest
names while completing To, Cc, and Bcc fields.
In Outlook 2010,
Microsoft has changed the way the "nickname cache" works. The
cache is no longer stored in the .nk2 files, but instead somewhere
mysterious inside Outlook 2010.
Microsoft has helpfully
provided KB
article #980542, which explains how to import .nk2 files
into the new nickname cache in 2010.
MS SyncToy scheduling problem
Tuesday, June 2, 2009
Check
out this web
page
for the solution.
Just in case it gets taken down or moved, here is the fix:
While
validating the source of the error code "0x1", I stumbled upon the
solution of the problem.
My computer is part of a computer
network domain and I belong to the Network Administrators Group.
"SyncToy Help" states
that you must have administrative privileges in order to install
the application, specially if you don't have the Microsoft Sync
Framework. Since I have administrator privileges I installed
Synctoy with my user profile and on the scheduler task I had the
"Run As" Field As the local Administrator.
It turns out that if
you install SyncToy with a profile that is not Administrator:
1) You must use that
same profile in the "Run As" Field on the Task Tab, as in
"YourDomain\yourprofilename"
2) also, you have to mark the "Run only if logged on" checkbox.
3) Remember to set your password also.
The scheduler is now
running the SyncToyCmd correctly.
For more information
on scheduler issues see http://support.microsoft.com/default.aspx/kb/308558
Windows Vista anti disk-thrashing
measures
Wednesday, December 17, 2008
On many systems, Windows Vista has the annoying
tendency to access the hard drive for very long periods, at times
when XP would not normally be doing so. This behavior accounts for a
large portion of Vista's legendary sluggishness. Fortunately, there
are some concrete steps you can take to prevent this behavior. Here
are those steps, in my preferred order
- disable SuperFetch service
- disable automatic defrags
- disable indexing service
- disable shadow copy service
- disable system restore* (If possible, leave this service enabled,
as it can definitely be useful.)
Windows XP looses .EXE file association
Thursday, June
26, 2008
Recently I had a PC with a strange problem. After removing
some spyware/virii, it would no longer allow any .exe files to
execute. Simply renaming them to .com often fixed the problem,
but that wasn't a real fix. I did some web searches, and despite
not finding any reference to this problem on Microsoft's
website, eventually found
this web site, which
contains registry files that fix file associations for a variety
of file extensions.
PC Decrapifier
Monday,
June 16, 2008
No kidding - that's really the name of this nifty
utility. It removes all the useless, bloated garbage that is
typically preinstalled on many new PCs.
Download it
here!
Office 2007 causes
spell-checker problems for Outlook Express
Tuesday, March 25, 2008
Apparently, a lot of people have found that following the
install of MS Office 2007, they are left with a French
version of the Outlook Express spellchecker. MS has no real
fix, so it looks like the simplest thing to do is to
download
this free
spell-check ad-on.
How to search for files
within date ranges in Vista
Friday, February 29, 2008
Here is
a helpful Vista tip.
RDP printers
Monday, July 30, 2007
When connecting to servers, if the port name is
something other than LPT, USB, or COM, the printer
does not get created on the server.
A simple registry hack fixes this, as explained in
MS Knowledgebase
article 302361.
Microsoft's new Shadow Copy feature is really cool,
but if you want to be able to actually see the copies,
you need to install the Shadow Copy Client. To save
time searching, you can download it from Microsoft
using
this link.
Office 2007 compatibility
Wednesday, June 13, 2007
For compatibility with Office 2007, you can download
the
MS Office
compatibility pack for
Office
20003, 2002 (aka XP) and 2000.
Also, you may want to read Microsoft's warnings and
prerequisites in KB article
924074.
Adobe Acrobat alternative
Wednesday, April 18, 2007
Acrobat Reader just keeps getting bigger, slower, and
more bloated with each new release.
If you are ready for a smaller, quicker, lightweight, free
PDF reader, you can now use Foxit Reader from
Foxit
Software.
It seems like with each and every new release of
Quicktime, Apple has been trying to reach new heights in
user annoyance. Things like - every time the Quicktime
player pops up, it asks you if you want to buy some pay
version of Quicktime - like anybody actually wants to do
that. And it ask you EVERY single time.
Then, more recently, it has become difficult to download
just Quicktime without also downloading iTunes. Well, now
there is an alternative. The folks over at
free-codecs.com have an
alternative. It uses all the Quicktime codecs, plus an old
version of the MS Media Player.
Get it here.
Mojopac.com has an
inexpensive ($49.99) program that allows you to install
nearly any program onto a USB storage device (flash
memory drive, hard drive, iPod, etc) and then connect
that device to any computer, and run the application on
that PC! How cool is that? They've got a 30-day free
trial, too, so you can see if it will work with your
programs.
Two free remote access / screen sharing apps I have
recently become aware of:
Log Me In Free - similar to
GoToMyPC
CrossLoop - supposedly
similar to
Webex,
though I have yet to try it.
Cool
IT Systems has
an
expensive ($199) system called the Eliminator CPU cooler
that provides drop-in water cooling for your new system.
Not cheap, but very cool, and quiet.
Spyware Warrior website
tracks fake anti-spyware
Saturday, April 07, 2007
As you may know, there are loads of spyware
applications out there masquerading as anti-spyware. I
find it particularly distasteful when a**holes take
advantage of clueless users by foisting this junky or
malicious software on people.
If in doubt, check the list at
www.spywarewarrior.com
Disable annoying Vista User Account
Control
Monday,
February 26, 2007
The
Mac
"Security" ad is
accurate,
the new User Account Control feature of Vista is
poorly-conceived, and ultimately so annoying as to be
completely useless.
Here's a link to the MS Technet site where they tell you
how to disable it.
Try
NetInfo,
from Tsarfin Computing. It's got a network scanner, and
shows all the network connections of the PC on which it is
installed, as well as ping, traceroute, whois, nslookup,
and other useful tools.
If you want to enable a designated user to manage
Active Directory user objects, but don't want them to be
logging onto a server, you need to download and install
the Windows Server Administrative Tools Pack - which I
thought was too damn hard to find. So here's a
link to
the Windows Server 2003 SP1 version of the ATP.
Streaming video from a
USB webcam
Monday, February 19, 2007
The easiest way to make video available on the internet
is by using a webcam with a built-in web server. At work,
we sell
Axis webcams, but
for home users, or people who want to do this on the
cheap, the best free solution I have found for getting
video to stream accross the web from a USB-connected
webcam is the
VLC
media player/server, available from
VideoLan.org.
Daylight Savings time
changes and Microsoft OSs
Friday, January 12, 2007
This
year,
the dates for Daylight Saving Time have changed. Of
course, the dates are hard-coded into Windows. Microsoft
has been kind enough to update XP and Server 2003 to
account for the new dates, but they have not patched 2000
(or older OSs) similarly.
Visit the MS Daylight
Savings Time Support Center, and get a 3rd party patch for Windows
2K.
Thanks to Chad for
the link.
Free online backup
Monday, December 11, 2006
Recently reviewed in PC Magazine, which gave it an
Editors Choice award.
Mozy
Backup -
free for up to 2 GB, $4.95 per month for up to 30 GB. Now
that's a deal!
Here's the link to the
original article on
Macrumors.com
But here's the key info:
*Windows Server 2003
Authentication
By default Windows Server 2003 will try to encrypt
everything sent to and from it. With this enabled you will
not be able to log in to the share from the Mac.
To fix this there are a couple of things you need to do.
First; open up regedit (Start > Run > "regedit"
{return}), and navigate to HKEY_LOCAL_MACHINE \ System \
CurrentControlSet \ Services \ LanManServer \ Parameter \
RequireSecuritySignature, and set its value to "0".
Second, if the server is also a Domain Controller; you
need to open the DC's Security Policy (Administrative
Tools > Domain Controller Security Policy). Navigate to
Local Policies > Security Options, and disable
"Microsoft network server: Digitally sign communications
(always)" & "Microsoft network server: Digitally sign
communications (if client agrees)".
Reboot the sever, and you should be good to go.
Bluetie.com
Thursday, December 07, 2006
From PC Magazine:
Bluetie.com allows up to
20 mailboxes free, including using custom domain names,
calendar sharing, and file sharing. For more than 20, you
have to pay, but it's still pretty hard to beat.
Boot the unbootable
Thursday, December 07, 2006
From Bill Machrone's Nov 29
article in
PC Magazine:
Use the
Ultimate
Boot CD or
Bart's Preinstalled
Environment to
access
PCs that won't boot, are infested with viruses, or
spyware. UBCD is Linux-based, while BartPE uses Windows.
Both will (should) allow access to NTFS partitions, allow
you to run anitvirus scans, spyware removal, direct
registry editing, etc.
WSUS for Windows Updates
Thursday, December 07, 2006
Per Mike West of
WestMark
Consulting:
He recommends using Microsoft
Windows Server Update
Services (WSUS)
for
custom-windows updates, and for tracking windows update
status on your PCs.
