12 August 2008

How to Sequence Adobe Acrobat Reader 9.0

If you try to sequence Adobe Acrobat Reader 9 (I’ve tried to do this in SoftGrid 4.5 RC) you will get a error and inside error report you will find “Code: 0×0000000000000000” and a lot of other, not very usefull information about this error.

Full Story At Source, App-V.ca


09 August 2008

Join App-V.ca

Last week I launched a brand new website dedicated to Virtualization Technologies and related technologies like System Center Virtual Machine Manager and Windows Server 2008 Core Installation, VMWare and Microsoft Application Virtualization, formerly known as SoftGrid Application. The website’s main-page contains news and blogposts that I collect from all over the Internet. I’m planing to implement there Download and Video sections where you will find related downloads and Videos.

This website called: App-V.ca

So if you are planning, piloting or deploying any Virtualization Technologies please join now!

Please join App-V.ca and ask to become news-poster. Contact me admin at admininfo.ca
And, PLEASE promote my new endeavor, App-V.ca by spreading the word!

02 July 2008

"Outlook Anywhere" and problems with IPv6 in Windows Server 2008

It's not a secret, that IPv6 has some "issues". When I've been in Seattle, at last MVP summit, a lot of IT professionals said that, and all of them recommended to disable IPv6 on Windows 2008 or / and Vista machines. Kevin Reeuwijk from "Innovative Technology Weblog" posted a very good article; Outlook Anywhere is ‘broken’ on IPv6 in Windows Server 2008.
So, if you run Exchange 2007 on Windows Server 2008 and want to use Outlook Anywhere (aka RPC over HTTP) you probably get a problem. It would not work if the RPC-over-HTTP Proxy and the Exchange Mailbox installed on the same Windows 2008 Server.
To make the long story short, simply unselect IPv6 from the properties of your NIC AND (it's very important) make a changes to the HOSTS file. Simply open up your hosts file and make the following changes:
  • Comment out the line “:::1 localhost”
  • Add the following two lines:
This will resolve all queries for your computer’s name to its IPv4 address, effectively disabling the use of IPv6 for self-communication. You can confirm that this works by doing a “telnet localhost 6004″.


21 April 2008

CoreConfigurator - Graphic Management Tool for Windows Server 2008 Core

The default management for Windows Server 2008 Core is the command line. Yes, the main powerful of Windows Server Core becomes available when using such an approach, but sometimes it's not so user friendly. This is why I've been asking so many times if exist anything more graphic :). Yes, one of the first recommendations to work and manage Windows 2008 Server Core is to use MMC from a remote machine, but MMC cannot do everything. Of course to allow work with remote tools this tool should be allowed passage through the firewall packages Server Core. In addition, this is for many more difficult than editing the registry. :) Therefore, I would like to have a simple graphical tool for configuring local system. The task of developing such an interface is complicated by that the Server Core has a limited set of graphics API, this is a reason why so beautiful MMC doesn't work on it.

So, if Microsoft has not established such utilities anybody else did this. Look at the utility CoreConfigurator developed by Guy Teverovsky, MVP from Israel.

This is what it can:
  • Product Activation Product Activation
  • Configuration of display resolution Configuration of display resolution
  • Clock and time zone configuration Clock and time zone configuration
  • Remote Desktop configuration Remote Desktop configuration
  • Management of local user accounts (creation, deletion, group membership, passwords) Management of local user accounts (creation, deletion, group membership, passwords)
  • Firewall configuration Firewall configuration
  • WinRM configuration WinRM configuration
  • IP configuration IP configuration
  • Computer name and domain/workgroup membership Computer name and domain / workgroup membership
  • Installation of Server Core features/roles Installation of Server Core features / roles
To setup this utility use MSI package and then run the CoreConfigurator. exe file. The following interface will appear.

Just in case, it's not necessary to install CoreConfigurator, we can simply copy its files into the system. The result will be the same. The video settings look like this:

Setting "Show window content while dragging" may very markedly improve display window objects, if you work with the server via terminal connection. Please note that the setting affects only the current user. According to the picture, to change the time zone, the developer did not reinvent the wheel, and just call to standard timedate.cpl

Remote Desktop Options look like this:

All would be good, but in this version you still have to allow RDP connections in the firewall manually using netsh. Hopefully, in the next version this will be fixed. Management of local users and groups is done through the following windows.

Installation of Roles and Features became a more visual :

Instantly, functionality of firewall management is very limited, but at least he had already to incorporate all necessary rules for the remote control.

Configuring your network interfaces habitually looks fairly.

To set the activation key and Activate the OS is also very simple and all this done via GUI :)

In addition, let me show winrm interface, interface to rename computer and join it to domain:

It is understandable that CoreConfigurator is not officially supported by Microsoft. Many IT professionals probably have any doubts, whether to trust manufacturer of the software. As usual choice, set its server utility or not is up to you. :)

09 April 2008

How to Create File for a Desired File Size

Time to time I get the need to have some temp files of varying sizes. In Linux environment it's not a problem to do. And, in Windows environment it's not a problem anymore :).
I've used a "dd for windows". "dd for windows" could be downloded from official web site. I've created a very simple script, mkef.bat. Here is a syntax for using mkef.bat:


And now the content of mkef.bat:

@echo off
if {%1}=={} @Echo Please use the following syntax: mkef.bat filename size &goto :EOF
if {%2}=={} @Echo Please use the following syntax: mkef.bat filename size &goto :EOF
dd if=/dev/zero of=%1 bs=1024 count=%2

28 February 2008

What NAP is and how it works?

Yesterday was the first Windows 2008 event in Canada. The first event was in Toronto and had almost 3000 attendees. Twenty MVPs participated in Ask-The-Expert and I was one of them :). One of the commonly asked questions was question about “What NAP is and how it works?

So, I’d like to show what posted on TheLazyAdmin.com about NAP:
With the recent launch of Windows Server 2008 you are no doubt spending all your free time playing around with everything new. One thing you might be playing around with is Network Access Protection. There is a great document on getting a DHCP based NAP lab set up but one thing the document is missing is how to configure the NAP client in XP SP3. In Windows Vista you simply start the service then enable the client through the NAP Client Configuration MMC (napclcfg.msc) but XP SP3 does not include the MMC. So how does one configure the NAP Client without a Nap Client configuration tool? Netsh, that is how!

To enable the NAP Client on XP SP3 you need to do the following:

  1. Start –> Run –> Services.msc
  2. Change the Network Access Protection Agent service to start automatically
  3. Start the Network Access Protection Agent service
  4. Start –> Run –> CMD.exe
  5. Type netsh nap client set enforcement ID = ##### Admin = “Enable”
  6. Start –> Run –> GPEdit.msc
  7. Drill down to Computer Configuration | Administrative Templates | Windows Components | Security Center
  8. Enable the Security Center
  9. Start –> Run –> Services.msc
  10. Start the Security Center service

You will need to replace the ##### with the ID based on whichever enforcement method you are using. You can use the following IDs for the various enforcement methods:

  • DHCP = 79617
  • RAS = 79618
  • IPSec = 79619
  • TS Gateway = 79621
  • EAP = 79623

For more labs and information see:

Step-by-Step Guide: Demonstrate IPsec NAP Enforcement in a Test Lab

Step-by-Step Guide: Demonstrate 802.1X NAP Enforcement in a Test Lab

Step-by-Step Guide: Demonstrate VPN NAP Enforcement in a Test Lab

03 February 2008

Microsoft doesn’t recommend creating Vista ‘Lite’

As many of you know, it’s possible to create a “Lite” version of operating system by using well know program vLite. But, recently Microsoft said in an e-mail to CNET News.com:

“Microsoft does not recommend using any tool to strip out applications from Windows Vista prior to installing it on your system, as it may affect your ability to download future Windows updates and service packs, and may cause your system to become unstable,”

So, think twice before you creating Vista ‘Lite’ ;)


18 January 2008

SEP 11: virus definition folder takes too much disk space

For those who did not give up trying to deploy Symantec Endpoint Protection 11.

On client computers you might notice that virus definition folder (by default it is located in C:\Program Files\Common Files\Symantec Shared\VirusDefs) takes up large amounts of disk space. In my case - more than 5 Gb. When you open VirusDefs folder you can see a lot of temporary folders called tmpXXXX.tmp, where XXXX are hexadecimal characters.

The cause of the problem is that virus definitions may be corrupted.

To solve this issue, follow the steps below:

1. Stop the Symantec Management Client service:

  • Start -> Run
  • Type "smc –stop" (without qoutes) and click OK

2. Stop the Symantec Endpoint protection Service in services snap-in

3. Go to "Virusdefs" folder. Delete all ".tmp" files and folders AND any numbered folders (such as "20070820.048", "20080115.021" etc.)

4. Install new definitions manually using the Intelligent Updater:

  • Follow this link: http://www.symantec.com/avcenter/defs.download.html
  • Select the language and for the product, select Symantec Endpoint Protection
  • Click "Download Updates" button
  • Select the correct file to download for Symantec Endpoint Protection 11 depending on whether it is for 32-bit or 64-bit OS
  • Click the ".exe" file specified for Symantec Endpoint Protection 11, download to your hard drive and run it

5. Start the Symantec Endpoint Protection Service

6. Start the Symantec Management Client service:

  • Start -> Run
  • Type "smc –start" (without qoutes) and click OK
Source: http://youradmin.blogspot.com/

16 January 2008

Internet Explorer 7 (IE7) deployment - New white paper

Microsoft just released a new version of their IE7 deployment paper. The document has 156 pages. IE7 deployment can get tricky. Try to read this document before deployment, if you haven’t done it yet. It might be a useful reference if you run into problems.

09 January 2008

Things that Virtual PC needs to be run as Administrator for...

For the most part Virtual PC is able to happily run when you are using a non-administrative user account and everything will work. There are - however - a couple of things that will not work correctly unless Virtual PC is run under an Administrative account:

  1. Using ping (or other ICMP based tools) over shared networking.

    In order to create ICMP packets (as opposed to standard TCP/IP packets) that appear to originate from the virtual machine when using shared networking - we need to access Windows APIs that are restricted to only being accessed by administrators.

    The reason why these APIs are restricted is that there are a number of known ICMP based network attacks that malicious software could try to utilized on your computer.

    The impact of this is that you will simply be unable to ping other computers from a virtual machine. Note that this does not affect virtual machines that are using a direct connection to the physical network adapter.

  2. Using or converting linked virtual hard disks.

    Linked virtual hard disks require us to open a handle to the raw physical disk object (and bypass the Windows file system). As this mechanism could also be used to bypass file system security it is restricted to administrative processes only.

    If Virtual PC is not running as an administrative process you will be unable to create linked virtual hard disks, convert linked virtual hard disks or boot virtual machines with linked virtual hard disks connected to them.

  3. Accessing copy protected CDs.

    Virtual PC attempts to access the physical CD by using a handle to the raw disk (like with linked virtual hard disks) but if that fails it will fall back to using the Windows file APIs to access the CD.

    The Windows file APIs work fine for accessing normal data off of CDs - but is unable to provide the information necessary to support the use of copy protected CDs inside of virtual machines.

    If Virtual PC is not running as an administrative process access to normal CDs will function correctly - as will data access to copy protected CDs - however any software that attempts to check the authenticity of a copy protected CD will fail.

  4. Configuring the Virtual PC security options.

    Configuring the Virtual PC security options requires that we change registry keys stored in the Local Machine registry hive. The values are stored here so that non-administrative users cannot undo security settings changes made by an administrative user.

    If Virtual PC is not running as an administrative process the settings on this options page will be disabled.

Now remember that under Windows Vista Virtual PC will be running as a non-administrative process even if you are using an administrative account. To get these features to work under Vista you need to right click on the Virtual PC icon in the start menu and select 'Run as administrator' (with the exception of the Virtual PC security options where we will prompt you to give administrative approval if you are not running as administrator).