Archive - Windows RSS Feed

Provisioning Windows Mobile phones

October 15, 2010 in Windows with 2 Comments

Similar to the previous post regarding provisioning iPhones for Exchange servers, the same can be done with Windows Mobile (though I don’t yet know how this will changes with Windows 7 Mobile).  I haven’t found a nice utility to do this, so your relegated to hand coding a .xml file, but it’s no biggie.

If your situation is similar to mine, you have many remote users with mobile phones.  There are times when they need to replace the phone while traveling or something else happens that requires resetting up the phone to connect to your mail server.  We require our self-signed certificate to be installed on the phone, coupled with needing to know all the settings it can be frustrating to help setup a phone, over a phone.

Continue Reading…

Removing Windows XP from a Windows 7 dual boot system

April 27, 2010 in Windows with 0 Comments

I’ve made the switch to Windows 7 on one of my machines.  It’s time to wrap my head around this new beast.  I installed Win7 x64 on a second hard drive and was dual booting the system for some of the tools I needed.

Now that Windows XP mode is up and running and documents were transferred, I decided it was time for XP to go, cutting the cord.  Unfortunately it’s not as easy as just removing the hard drive and calling it good, though the process isn’t all that hard. NOTE: Do at your own risk; I’m not responsible for damage.

  1. Start the machine in Windows XP
  2. Show hidden files and folders if they aren’t already and copy the “boot” folder and the bootmgr file to the Win7 drive.
  3. Shut the machine down, remove the XP drive and boot off the Win7 DVD
  4. Enter the System Recovery mode after the machine boots and click “Next” to enter the Recovery Toolbox
  5. Click “Command Prompt” and type: 
      "bootrec /fixmbr"
      "bootrec /fixboot"
  6. Reboot into Windows 7 and open a command prompt. Run the following command to remove the other second boot option: 
      "BCDEdit /delete {ntldr} /f"

More information if you installed on a second partition can be found at: http://blogs.techrepublic.com.com/window-on-windows/?p=1751&tag=leftCol;post-1306

Fixing HP’s Credential Manager

September 18, 2009 in Windows with 0 Comments

First of all, I neither support or condone the use of HP’s credential manager.  It’s fine in theory, but the amount of times I’ve had to fix something with it is getting ridiculous.  The latest issue occurred when the user logged into Windows using credential manager, the user had to swipe their finger again to log into credential manager to get the passwords to work.

To fix the issue of having to log into credential manager twice, rather than once, you need to find which part has is corrupt.

  1. Open HP ProtectTools Security Manager
  2. Click ProtectTools in the left hand column and then “Backup and Restore”
  3. Follow the prompts to make a backup of the current identity.
  4. Click “Credential Manager” after the backup is complete and click “My Identity”.  Then click “Clear Identity for this Account”  NOTE: Make sure you have a backup first
  5. Create a new identity.
  6. Log out and log back in to see if credential manager also logs in.  If it does, continue on.
  7. You can then restore the backup from the same spot you backed it up.  At the last window where you can pick which parts to restore.  Restore the SSO piece and it will most likely fail again.
  8. Now the fun part comes in finding which application entry in SSO is causing it to break.  In my case, after removing the ActiveSync entry and another one it worked.  Do step 6 after each entry removal to find when it starts working again.  I started by looking for entry’s that were applications other than web pages.

Or, you can just go to add remove programs and remove credential manager.

Fixing Microsoft’s Remote Assistance…

September 10, 2009 in Windows with 0 Comments

So a few posts ago I described how to setup the “Offer Remote Assistance” feature for a domain.  It’s been working just fine, until yesterday.  When trying to connect to a specific computer in our network a “Message: You do not have access to logon to this session” message would pop up.  It was usually followed by an EventID: 5270 in the event logs.

After much searching and trying various stabs at the solution, one was finally found.  For some reason, still unknown to me, one single registry entry was different that broke Remote Assistance on the computer.  On the computer that isn’t working, check out HKLM\SYSTEM\CurrentControl Set\Control\Terminal Server\fInHelpMode On the broke computer, it was set to 1, where working computers was set to 0.

I first tried just setting the entry to 0, but it still didn’t work, so I removed the key and restarted the machine.  Working.

If your seeing this issue, hopefully this post will solve it quick.

Using “Offer Remote Assistance” for support

August 19, 2009 in Projects, Windows with 0 Comments

I would venture to guess that Microsoft’s “Remote Assistance” feature is rather underutilized; first, because it’s a pain to actually find, and walking a client or user through the request process is cumbersome too.  Remote Assistance actually works fairly well and alleviates the introduction of which ever flavor of VNC you choose.

We are in the beginning stages of rolling out a new ERP system that no longer uses Citrix, shadow sessions are out of the question now and deploying VNC wasn’t an option.  Enter “Offer Remote Assistance”.  By enabling a GPO settings, tech’s can now initiate the Remote Assistance session and the users just needs to accept it.

The setup is rather easy:

  1. Open Group Policy Management and create a new policy or edit an existing one
  2. Expand Computer Configuration > Administrative Templates > System and click on Remote Assistance
  3. Double click “Offer Remote Assistance” and choose enabled
  4. In the “Permit remote control of this computer” section, choose “Allow helpers to remotely control this computer”
  5. Click the “Show” button and add the users or groups that will be allowed to remotely connect.  You must use the domain\user or domain\group format.
  6. Close all the windows

The group policy is now setup.  Because getting to the “Offer Remote Assistance” section in Help and Support is also a pain, create a new shortcut on your desktop and give it the following path:

"hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US
/Remote%20Assistance/Escalation/Unsolicited/Unsolicitedrcui.htm"

Now when a user needs support, just double click on the shortcut and type their IP or computer name.  The user will be prompted asking for permission.

NOTE: This is really only good for users within your network.

Outlook quits opening .msg files from the desktop

June 23, 2009 in Windows with 0 Comments

Had an interesting issue today where all of a sudden Outlook quit opening .msg files off the users desktop.  Come to find out, the computer was missing the [HKEY_CLASSES_ROOT\msgfile] key.  Why?  I don’t know, but running a detect and repair fixed the issue.

Free .ISO mounting utility

June 17, 2009 in Windows with 0 Comments

I needed a quick and dirty way to mount an .ISO and .IMG file on Server 2003.  Microsoft provides a tool titled “Microsoft Virtual CD-ROM Control Panel”.  It is super easy to setup, no restart required, and does just the basics.

You can download it here.

Simply copy the VCdRom.sys into system32\drivers and run the VCdControlTool.exe.  There is a readme provided.  Neither I nor Microsoft provide any support for the tool.

Enjoy!

Windows Server 2003 – AutoAdminLogon

April 22, 2009 in Windows with 0 Comments

AutoAdminLogon is pretty handy for those instances where a computer or server must be logged in at all times with an interactive session.  Microsoft has documented a few changes that need to be done in the registry to enable this feature, http://support.microsoft.com/kb/324737


Please note, if your setting up AutoAdminLogon for a workstation or server, don’t forget to set the ‘DontDisplayLastUserName’ key to ’0′.  If it is non-existant or set to ’1′ the server will remember whoever was logged into the console last, over-riding the ‘DefaultUserName’ key that was set in the registry.  I’m not sure why Microsoft didn’t include this in their documentation, but it needs to be there.
For the servers that I’ve set this up on, I’ve also added a .bat file that will lock the screen after logging in.  Create a bat file and put the following in it.
rundll32.exe user32.dll, LockWorkStation

Put the bat file in the startup items folder.  Microsoft recommends you restart your server at that time to test it out.  If you don’t get the chance to restart it, make sure you test it out at some point.

Managing Internet Explorer Popup Blocker with GPO

April 9, 2009 in Windows with 0 Comments

Popup blocker sure can be a pain, especially when it interfere’s with valid work related stuff.  In a domain environment the list can be centrally managed (and locked down) if you please.

Open Group Policy Management:
  • Add a new GPO or edit an existing one
  • Drill down to User Configuration\Administrative Templates\Windows Components\Internet Explorer NOTE: You can browse to either Computer Configuration or User Configuration depending on how you want to enforce the policy
  • Open the ‘Pop-up Allow List’, enable the policy and add your list of sites.
If you want to lock down the list so users can’t add or remove objects, Enable the ‘Turn off Managing Pop-up Allow List’

The “Create Local Users and Do Other Stuff Too” script

August 26, 2008 in scripts, Windows with 3 Comments

This script does a lot in one fowl swoop.

1. It creates a new local user on the machine, unless the user already exists of course
2. Renames the local ‘Administrator’ account to another name
3. Changes the renamed ‘Administrator’ account’s password
4. Creates a file in ‘c:\windows’ so the script won’t run on the next startup
5. Adds a domain group to a local computer group

You can change the names/passwords accordingly. I put the things that need to be changed in italics. It works well in a .vbs script and used as a startup GPO to deploy it. The script will check for the file it created in c:\windows, if it doesn’t find it, it won’t run.

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objNFSO = CreateObject("Scripting.FileSystemObject")

If objFSO.FileExists("C:\Windows\accountchanged.txt") Then
WScript.Quit
End if

If objFSO.FileExists("C:\winnt\system.ini") Then
WScript.Quit
End if

' Get's the computer name
set objNetwork=createobject("wscript.network")
 strComputer=objNetwork.computername

'Loads the administrators group
set objGroup=GetObject("WinNT://" & strComputer & "/Administrators,group")

' Run the Load method
Load

' Encapsulates the processing of this script
Sub Load()

' Create the users
CreateUser "PUT_USERNAME_HERE","PUT_PASSWORD_HERE","PUT_GROUP_HERE", "Local admin account"
' MsgBox "Complete!"

End Sub

' Create the local user
Sub CreateUser(userName, password, group, description)
' Check to see if the user exists; if so, then skip
If NOT CheckIfUserExists(userName) Then
Set objComputer = GetObject("WinNT://" & strComputer & "")
Set objUser = objComputer.Create("user", userName)
objUser.SetPassword password
objUser.FullName = userName
objUser.Description = description
objUser.Put "UserFlags", 65600  ' Sets Password Never Expires to TRUE
                                ' and sets User Can't Change Password to TRUE
objUser.SetInfo
objGroup.Add(objUser.ADsPath)
Else
' MsgBox userName & " already exists!"
End If
End Sub

' Check to see if user exists
Function CheckIfUserExists(userName)
Set objComputer = GetObject("WinNT://" & strComputer & "")
objComputer.Filter = Array("user")
intFound = 0

For Each User In objComputer
If lcase(User.Name) = lcase(userName) Then
intFound = 1  
End If   
Next

If intFound = 1 Then
CheckIfUserExists = True
Else
CheckIfUserExists = False
End If
End Function

'Rename Administrator account
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colAccounts = objWMIService.ExecQuery _
("Select * From Win32_UserAccount Where LocalAccount = True And Name = 'Administrator'")

For Each objAccount in colAccounts
objAccount.Rename "PUT_NEW_USERNAME_HERE"
Next

' Change new username's password
Set objUser = GetObject("WinNT://" & strComputer & "/PUT_NEW_USERNAME_HERE,user")
objUser.SetPassword "PUT_PASSWORD_HERE"
objUser.SetInfo

' Add DOMAIN GROUP to local Administrators group
set objAdmins = GetObject("WinNT://" & strComputer & "/Administrators,group")
Set objGroup1 = GetObject("WinNT://DOMAIN/DOMAIN_GROUP")

if not objAdmins.ismember(objGroup1.adspath) then
 objAdmins.add objGroup1.adspath
end if

' Create check file
Set objOutFile = objFSO.OpenTextFile("C:\Windows\accountchanged.txt", 8, True)
objOutFile.WriteLine("Completed " & Date)
objOutFile.Close

 

Download the file here: CreateUser

Page 1 of 212»