|
|
Set the default email client across your network
When I first started doing the groundwork for this article I incorrectly assumed that the default mail client was a setting that each user could change in Windows.
What I mean is - I thought if 'USER A' logged in, set the default email client...then 'USER B' could login to their account and set their own default email client.
After testing many different ways I have found that it does not work this way at all.
If you are not an administrator, windows will gladly let you go into the internet settings under the control panel - and make the change:
Unfortunately it does not give you an error. If you go back into the settings, it will have reverted back to the original default email client.
This is because the setting is located in the HKEY_LOCAL_MACHINE hive of the registry, and there is no corresponding HKEY_CURRENT_USER entry. If you create one on your own, windows will simply ignore it.
Here is the key for setting the default email client:
HKEY_LOCAL_MACHINE\Software\Clients\Mail
If you drop down to this in the registry, you can see that the 'default' value on the right is what sets the default email client.
Now, obviously the email client must exist for you to set it. The behavior of windows is undefined if you set it to something that is nonexistent. In other words it might cause some applications to do crazy stuff when trying to access email (If you set it to a client you have not installed on the machine already).
The first step in setting it across our network is to figure out how to set it from the command line. This part is easy. We can use the "REG" command. If you don't know about it, the REG command allows you to update the registry from the command line. It has been built into windows since XP, and can be added to 2000 by installing the Windows 2000 Resource Kit.
Using the REG command, we create a simple script that looks like this:
reg add HKLM\Software\Clients\Mail /ve /f /d "Microsoft Outlook"
If you are wondering about the command line options -
/ve - this tells it to set the (Default) value for this key
/f - Don't prompt us, just set it
/d - Following this argument is the data we want to set
In our example we update the machine's default email client to Microsoft Outlook. You could just as easily set it to Outlook Express.
The big question now is how can I update when most of my users are not an administrator?
Group Policy is our friend.
I am going to open the group policy for my collection of machines I want to update, and drill down to
Computer Configuration -> Windows Settings -> Scripts
This is important. Make sure you do this under Computer Configuration not User Configuration. Otherwise it will be run in the context of the user, and it will fail if they are not an administrator.
When you select it, you will see Startup, and Shutdown on the right. Double click startup. When the properties window shows up, click on Add.
This will open a window that allows you to type the name of the script, and parameters. Click on browse - this will bring you directly where the computer scripts default to. I suggest you create your computer configuration login script right here. Do it by right clicking and creating a new text file. Rename it to logon.bat. Edit it, and paste in the code I showed you above. Now save it....and select it.
Click OK on all of your open windows, and in about 15 minutes your computers should refresh their policy. The next time you reboot the default email client will be updated across your network.
Posted By: Steve Wiseman on Tuesday, October 30, 2007
Check out our utilities for windows
Enable Windows XP File Sharing from the command line
Windows File and Printer sharing is used for a wide variety of services in windows. If it is disabled, you can't do many things remotely...such as:
-Access the admin$ share
-Stop and start services
-Access the registry
-Shutdown, Logoff, or Reboot
Also, without it - our product Remote Control LAN edition cannot connect to a host with windows file and printer sharing disabled. Originally we had a guide that walked you through the process of enabling it.
It is not as simple as you think. There are a few parts to the process, such as turning off a feature called "Simple File Sharing", and making sure the ports were opened in the firewall.
We created a utility that was only linked from within the user manual of LAN edition. It was called the XP SP2 Enabler
It worked great for almost a year. Suddenly in the last few months we started to get complaints that it wasn't working. I decided we needed to pull it off the website, fix it, and put it back up.
I figured it would only take a few hours...maybe a day. A few hours turned into a few days...a few days into a few weeks...well we should have put something up letting people know that it was taken off the website.
We finally have finished a totally new version, and have determined that the method we were using previously, worked, but was broken by a newer patch. After lots of testing are ready to release a new version.
Currently it is only for the command line. We will make a visual interface later, after this gets out of beta.
The reason why we made it a command line program was because many of our utilities needed file and printer sharing enabled. If you downloaded our Remote USB disaber - you probably did not want to walk around to all 150 of your machines to turn on file and printer sharing...just so you could remotely disable USB drives.
Without any more of my blabering here is the download link:
http://www.intelliadmin.com/FPEnabler.exe
You can simply call it like this from the command line:
FPEnabler.exe -enable
To undo the changes you can call it again:
FPEnabler.exe -disable
What does it do? It enables file and printer sharing, disables simple file sharing, and opens the ports needed for file and printer sharing.
It is still beta, so please send us an email on how well it works for you.
Posted By: Steve Wiseman on Tuesday, October 30, 2007
Check out our utilities for windows
More on backing up Auto Complete URLs in IE
I got a an email from Ivan at www.cybexmag.com in response to this article.
Hi Steve,
Another useful Reg Key is the following:
HKEY_CURRENT_USER\Software\Microsoft\Ftp\Accounts
This key holds all the FTP accounts used if you accessed an FTP via Internet Explorer.
I decided to check it out, and sure enough...if you backup Auto-Complete as I described in the previous article:
Those two FTP accounts you see in the screen shot *will* show up, but the username and password information will be missing. For example, if I visit my account, at IntelliAdmin...it is missing the username field. If I had told IE to save it, the password would have been missing too.
After I included the key Ivan mentioned above, the account usernames and passwords were remembered.
It is another item you can add to your toolbox when moving a user to a new machine.
Posted By: Steve Wiseman on Sunday, October 28, 2007
Check out our utilities for windows
Generate a report of installed drivers
I came across this built-in command that works under XP, 2003, and Vista.
From the command line you can type:
driverquery
And it will immediately come back with a complete list of drivers
Better yet, the program is loaded with options. If we look at the help screen for it:
Parameter List:
/S system Specifies the remote system to connect to.
/U [domain\]user Specifies the user context
under which the command should execute.
/P [password] Specify the Password for the given
user context. Prompts for input if omitted.
/FO format Specifies the type of output to display.
Valid values to be passed with the
switch are "TABLE", "LIST", "CSV".
/NH Specifies that the "Column Header"
should not be displayed in the
screen output. Valid for "TABLE"
and "CSV" format only.
/V Displays detailed information. Not valid
for signed drivers.
/SI Provides information about signed drivers.
/? Displays this Help/Usage.
We can see that it is possible to query a computer remotely. I was going to build a simple program to do this for me...but is already built in!
My purpose was that I wanted to create a report of drivers on computers across my network. To accomplish this, it required two batch files.
I first created a batch file that looks like this:
@echo ===========================================
@echo Driver Report for Computer: %1
@echo ===========================================
@driverquery /s %1 /u intelliadmin\administrator /p [Password Removed]
@echo
Lets save that as DriverReport.bat
The script will run a driver query against a remote computer with the specified username and password...and will output to the command line a nicely formatted report. The computer name will be provided as the first command line parameter (That is what %1 is for)
Also - if you notice - you will need to put your password as cleartext in this batch file...so make sure you delete it when done.
Now, we need to create another batch file that will actually generate the report. Here is my first crack at it:
@del Report.txt
@DriverReport.bat Computer1 >> Report.txt
@DriverReport.bat Computer2 >> Report.txt
@DriverReport.bat Computer3 >> Report.txt
@DriverReport.bat Computer4 >> Report.txt
@DriverReport.bat Computer5 >> Report.txt
@DriverReport.bat Computer6 >> Report.txt
It deletes any report we created before, and then generates a report for each system...then takes the output and appends it to Report.txt
Simply fill out the batch file with your computer names. You could probably throw together a vb script that would populate it for you.
Lets save that last script as GenerateReport.bat
Now when you call it (GenerateReport.bat), Report.txt will contain a complete driver list for the computers you include.
Just make sure you put both batch files in the same folder - and be careful with your admin password. Don't leave it laying around on your network in that first batch file.
Posted By: Steve Wiseman on Friday, October 26, 2007
Check out our utilities for windows
Adobe finally releases fix for reader flaw
Adobe has released a fix for the flaw I wrote about a few weeks ago.
The patch fixes a bug that exposed Windows XP users to attackers sending PDF files containing viruses and maleware. If you search across the net, you will find that numerous exploits are running in the wild.
Here is the short version from Adobe on the issue:
Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.......it is recommended that affected users update to Adobe Reader 8.1.1 or Acrobat 8.1.1. Adobe will be providing an update to Adobe Reader 7.0.9 and Acrobat 7.0.9 at a later date. Adobe Reader 6.X and Acrobat 6.X are not vulnerable to this issue.
So you see, you need to upgrade to 8, if you have version 7...since they don't have an update yet and they probably never will.
I feel that Adobe is getting very complacent. This is not the first vulnerability like this...it is one of many. It seems like every 6 months there is a new one. At this time I see having Acrobat reader on my network a serious security issue, and I no longer allow it.
I suggest using alternatives, such as:
1. FoxIt Reader - Lots of features
2. Sumatra Reader - Very small exe...and very fast
If you must use Adobe Acrobat reader, I would update to 8.1.1 as soon as possible.
Posted By: Steve Wiseman on Wednesday, October 24, 2007
Check out our utilities for windows
Terminal Server has reached maximum connections - Never again
I have a few different servers I remote into all the time using Microsoft Remote Desktop. One of the big problems I have is that I use a wireless phone to connect, and often the Remote Desktop session is lost in mid stream.
After a few reconnects, and lost connections you will get this error message from Windows:
That can be a big problem if you need to get on right away, and no one is near the machine to disconnect your orphaned sessions.
Today I got tired of it, and decided to see what my options were. From my research the best way to solve this is to limit each user to only one session. That way, when I attempt to reconnect it will simply disconnect any active or inactive session and give it back to me.
To do this you need to get to the Terminal Services Configuration. You can do this by clicking on start, then Administrative Tools, and then Terminal Services Configuration
If you are running Windows XP, and not 2003 server, you may need to drop to a command line and type tscc.msc to launch this program.
Once you have it open, click on the left item named "Server Settings". On the right you will see a few options for the server:
We are interested in the option that says "Restrict User to one session". Double click on it, and check the item that says "Restrict each user to one session"
After you reboot, you will no longer have to worry about too many connections to your terminal server (From the same account).
Posted By: Steve Wiseman on Wednesday, October 24, 2007
Check out our utilities for windows
Backup auto complete URLs in Internet Explorer
When I move a user to a new machine I like to move everything. Yes it sounds obvious. But I like to get down to that last detail, that others seem to pass off as unimportant.
For example, I explained a few weeks ago on how to backup and restore the auto complete data in Outlook. In that vein I would like to show you how to do the same with Internet Explorer.
I am amazed (When I didn't move this stuff over) how many times users wanted to know where their 'bookmarks' were. Yes, you guessed it - their bookmarks were the auto complete URLs. When I start to explain that those aren't their bookmarks...well the eyes glaze over.
To get to the auto complete data, you will need to open regedit. Drill down to this key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLS
If you select it, you will see a complete list of all the auto complete URLs on the right.
Now that it is selected, click on the file menu and export the key. Save the exported key on a flash drive, or a network share. It needs to be put somewhere you can get to it on the other system
Once on the new computer, you can simply open regedit and import the key. Next time you restart Internet Explorer it will have the original auto complete URLs.
Posted By: Steve Wiseman on Monday, October 22, 2007
Check out our utilities for windows
Recover deleted items in Outlook
One of the things I like about Exchange is its ability to retain messages - even after you delete them.
One way you really can be a hero in IT is to restore that very important message your boss "Stored" in deleted items (See note at bottom)...and then accidentally emptied the folder.
Worse yet, is the person that comes to you much later - realizes that they really need an email they deleted two weeks ago.
Within Exchange 2003, there is an automatic 7 day retention of deleted items. I suggest changing this to 30 - and it doesn't require a lot more space for your average user.
You can do this by opening the Microsoft Exchange system manager, and drilling down to the mailbox store. Right click and go to properties.
A window will pop up. Move over to the limits tab.
See the part I highlighted? Change it to a time frame that is appropriate for your network. Keep in mind it will take up space as if that amount of time had past without deleting anything. So please be careful if your are running at the edge of your space requirements.
Now. You have updated the time...user calls and says "Oops I deleted a message...can you get it back?" How do you get it back?
Get on the users machine, open Outlook. Select the deleted items folder on the left. Then click on tools, and move down to the "Recover Deleted Items" menu item
When you select it, a window will popup with a complete list of deleted items you can recover
Now here comes the part that you will only learn from experience. If you are running Outlook 2003 Pre SP1 - cached mode will prevent it from working at all.
This means if after the fact, after the item was deleted you discover you had cached mode turned on, and SP1 was not...you have lost the messages.
I learned this the hard way when I thought I could save the day, only to find out the messages were hosed by a bug with cached mode in the original release in Outlook 2003.
So the lesson is, make sure you either disable cache mode, or install the latest service pack for office, and message recovery will work beautifully.
It sure beats pulling out tapes from the safety deposit box every time someone deletes an important message.
*Note: Yes, I actually had a user that stored their important messages in the deleted items folder. They had no idea that it purged mail after sometime and were really surprised when their important messages were gone.
Posted By: Steve Wiseman on Monday, October 22, 2007
Check out our utilities for windows
The admin$ share explained
Over the past few years I have received many emails asking what the admin$ share is used for, and what are the security implications when using it.
This share has been present in all of the "NT" versions of windows. This means Windows NT 3.1, 3.5, 4.0, 2000, XP, 2003 and Vista.
The share is part of a few that are automatically created in windows. Another is c$. Why do they end with a $ ? This is used to tell windows to hide the share. For example, if I browse to my desktop from my laptop over the network...this is what I see: (I clicked start, then run and typed \\laptopsw - the name of the laptop)
Now looking at that you would think that the only share available on that system is "Users".
Not true. We can browse to our hidden share by typing the full path into Explorer:
If you look carefully you will notice that the admin$ share simply points to the C:\Windows folder.
So what is this for? And why did Microsoft put this into Windows?
Specifically it is used to deploy software remotely. If you have ever 'pushed' software to a computer across your network, then you have used the admin$ share.
When software is pushed, it uses this share to upload the file.
Here is how it works.
1. You connect to the remote machine's admin$ share. If you have local administrator rights, then you connect right away - otherwise you are prompted for a username and password.
2. You copy over a file, or files to the remote machine. To execute remotely, one of those files must be a service.
3. The service that was copied in step 2 is installed, and started.
4. Now your software has been pushed.
Obviously the admin$ share could be used for many other things. Anything that can be set in windows by changing a file in c:\windows can be updated in this way. Or more nefariously a virus could use this share to propagate across your network.
In earlier versions of windows, the admin$ share was wide open. There were numerous vulnerabilities in NT 4, and 2000 that gave it a bad name. Mostly it was not an implementation issue, but an issue with the local administrator password. Many administrators simply left it blank!
Zoom back to today, and we are in a totally different environment. Microsoft has locked down file sharing significantly. A few rules are now in place that can keep the admin share, and all file sharing from working properly.
Here are some of the new restrictions (Mostly on XP SP2 and higher) on file sharing:
1. Windows will not allow connections using accounts that have no password. It simply will keep asking you for the password as if you entered it incorrectly.
2. The hostname must be correct. For example, the hostname of the machine is LAPTOPSW, and you create a host entry pointing to the same ip called MYLAPTOP. Now if I attempt to browse to the machine using that new hostname...I will be denied access.
3. In a similar situation to number 2, if I try to use the IP address, I will be denied access. It will simply keep asking for the username and password as if I typed it wrong.
In addition to those new rules, Microsoft ships Windows XP with a feature called "Simple File Sharing" (Turned on by default)
Simple file sharing should be called "Broken insecure file sharing". When this feature is turned on you have no admin share - and that is a good thing. Why? Because all other shares have no security and no passwords. No choice.
This is burned into XP Home, no way to turn it off.
So step 1 to getting the admin share working properly under XP SP2, is to disable simple file sharing. I have an article on the subject if you are interested.
An additional roadblock is the firewall built into XP. By default it disables all access to file and printer sharing. This needs to be turned back on if you want to access the admin share. The article I linked above shows you how to do that too.
Still, I can feel your concern. Why turn all this stuff back on when MS thinks it is a big security hole?
To give you a choice. If you are not aware of it, then the default is to lock down. This is a good thing. The risks are:
1. Blank passwords, or simple passwords. Any password that could be easily guessed by a virus roaming your network would be bad. Pick hard to guess passwords for your administrator accounts. I have seen viruses that have 10,000 of the most common passwords built into them so they can try to get in that way.
2. Direct internet access. If your computers are safe behind a firewall, then you can feel safe in the fact that only other local computers can access your share. If your computer is going to be directly connected to the internet I would never allow traffic for file and printer sharing.
3. Make sure you have adequate anti-virus installed. Since your attack surface has been reduced (You only need to worry about machines you know on your network, and not the entire net)...A good anti-virus on every machines is the best defense against viruses propagating using the admin share.
4. Limits on the administrator account. Very few people should have, and should login as a domain administrator. The less that do, the smaller the chance that the admin share can be used for bad purposes.
So if you know the risks, properly secure your computers, and use some common sense - you can enable the admin share, and enjoy the benefits of using it.
Posted By: Steve Wiseman on Friday, October 19, 2007
Check out our utilities for windows
More ideas for the 1 click shutdown
The one click shutdown article has gotten a lot of attention. A reader named John, has sent me a nice email with a few good tips in it...so I thought I would share it with you.
Here it is:
Hi,
Just wanted to see if you were aware of the fact that you can actually
make it a one click solution.
I ran across this 'quick shutdown' feature for Vista at another site,
but the process seems to be the same here as well, with one minor
difference.
In the shortcut, instead of using 00 as the time, the instructions said
to make it 01 - and also allowed for 2 different shortcuts, one for
shutdown (C:\Windows\System32\shutdown.exe -s -t 01) and one for reboot
(C:\Windows\System32\shutdown.exe -r -t 00). The instructions also call
for assigning it your own icons, which I did, so that my shortcuts use
the Vista Power button icon for the shutdown shortcut and the 'play'
icon for the reboot shortcut - it makes sense to me.
Finally, the instructions also say to move the shortcuts to the
quicklaunch toolbar - the benefit of doing this is that you get
automatic single-click usage. Even better, if you do it the way I did -
name one of the shortcuts "1 - {function}" and the other "2 -
{function}", where {function} is either reboot or shutdown, then they
will appear as the first 2 items in the quicklaunch toolbar. The
benefit of this is that now you can also, in Vista, use the [WINKEY] + #
hotkey to call up the shutdown process as well (in this case, [WINKEY]
+ 1 or 2, depending upon your choice). Of course, you may need to also
sort the quicklaunch toolbar by name *after* giving the two shortcuts
these unusual names.
I went searching to find where I could find the instructions that I used
before, but I cannot for the life of me. Suffice it to say that the
shutdown and reboot shortcuts are documented in many places, but the
addition to the quicklaunch toolbar was at a specific place, and the
naming scheme, using the numbers to always bring them to the front, was
my own addition.
Just thought you might want to know.
Enjoy.
Posted By: Steve Wiseman on Thursday, October 18, 2007
Check out our utilities for windows
Utiltity that shows you all startup programs
I just finished helping a friend remove some pretty bad spyware from his system. In addition to the usual removal tools - AdAware, and Spybot I found the Autoruns utility from Sysinternals to be very useful.
It is a comprehensive piece of software that will allow you to see every possible startup program in one place. It beats searching through the registry by hand.
Best of all it is totally free, and can be downloaded from Microsoft here:
http://download.sysinternals.com/Files/Autoruns.zip
More info about the utility can be found here:
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx
Posted By: Steve Wiseman on Tuesday, October 16, 2007
Check out our utilities for windows
Remove an email from all mailboxes in Microsoft Exchange
When I worked as an IT administrator at a large company I cringed when I saw a message like this float by:
Usually in the To field it was sent to "All Employees". A large number of attachments work fine when everyone is directly connected to Exchange on the LAN.
The problem arises when users on a slow link far across the WAN receive the same message, and they all start trying to look at the pictures at the same time.
Boom - the remote sites are all very slow, or totally down. All because everyone wants to see if they can catch someone doing something bad at the company party.
So when you see a message like this, and need to act fast - say remove that message from all mailboxes ASAP. How do you do it?
Strangely enough, this can be accomplished by using the ExMerge utility for Exchange.
It can be downloaded from here
I say strangely, because normally you would use this utility to move mailboxes to another exchange server. It is packed with features, and we can wield it to allow us to pull out specific messages.
To start you will need to create a new administrator account, and give it access to all mailboxes on the exchange server. I only suggest creating a new Administrator account because the standard administrator account has specific rights you would need to override. I would rather not tinker with these default settings.
Then you will want to login as the new administrator (On the Exchange server), download the ExMerge utility, and extract these files to C:\Program Files\Exchsrvr\bin folder.
Let me state, that before continuing - BACK UP YOUR EXCHANGE SERVER. A small mistake using this utility could wipe out all of your mailboxes (You could still recover...but who wants to take the chance?)
Now that your backup is finished, we can launch the utility. Look for the file named ExMege.exe in the C:\Program Files\Exchsrvr\Bin folder.
Click Next on the first page, and on the second we want to pick the "Two step procedure" and click next
On the next page we will select "Step 1"
On this page, fill out the host name of the Exchange server, the info below it is optional and will be automatically filled if you leave it blank. Click on the options button.
Once the options window appears, go to the "Import Procedure" Tab. Change it to "Archive Data to Target Store". Here is were we need to be careful. If we only made this change and then busted out of here and started our ExMege it would export all messages from all mailboxes and delete from the server. Yep I did it once. The part that will save you is that it does copy all of the data to a PST file (For each user) that you can merge back into the Exchange store.
Since we don't want our users screaming at us, and we simply want to remove a specific message - lets add some rules and move on over to the message details tab.
I know that most of my users do not send around images, so I am safe by picking the filename of one of the attachments in the email. You will need to make a careful decision on what would be the best match.
Now that we have a rule in place for what we want to remove, we can click OK. Click Next, and it will do some queries against the exchange server. Eventually it will come back with a list of users. Select the users you want to run this rule against.
The next page will ask you about your locale. Pick the appropriate option. Next page will ask you where you want your PSTs stored.
For each mailbox that you run this rule against, it will create a PST with the deleted messages inside of it. Pick a location that can handle the entire size of your store. Why? Because for some reason it will make the PST the same size of the original mailbox - even if only one message is copied out. These are only temporary, and can be used to reverse the process if we made a mistake. Once you are sure things went properly you can safely delete the PST files generated.
Click Next. Look at this page carefully.
It is your last chance to stop what you are doing. No big red lights, no big sign saying "YOU MIGHT HOSE YOUR EXCHANGE SERVER...STOP NOW!!!" But this is it. If you are ready to make the change click next.
Before you know it, all of the mailboxes are updated.
You can check out the PST output folder to see what was deleted. Simply launch outlook, and load one PST at a time to get an idea of what was removed.
Now, before the folks in marketing could open the party pictures you have averted a small disaster.
Posted By: Steve Wiseman on Monday, October 15, 2007
Check out our utilities for windows
Error in registry for extension "Exchange Extensions;?"
Yes it is a strange error message. After removing McAfee Anti-Virus from one of my machines I kept getting this each time I launched Outlook:
I thought I could stop the error by going into advanced options and disable the old McAfee extensions. Unfortunately - nothing from McAfee was there
After doing some searching over at MS I found this KB article:
http://support.microsoft.com/kb/823633
The short version is:
Drill down to this registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\Client\Extensions
The delete the value named "Exchange Extensions"
Then launch Outlook again. Now the errors are gone, and Outlook will recreate the key.
I also realized that this bug was fixed in SP1 of Outlook 2003, so I promptly upgraded it so I would not have it happen again.
Lastly, it seems that the removal of McAfee was only coincidental - According to the MS fix these are the steps you can take to reproduce the error:
1. Send an e-mail message to a recipient by using the following method:
Right-click an object, point to Send To, and then click Mail Recipient.
2. Wait 24 hours or more.
3. Send a second e-mail message to a recipient by using the method that is described in step 1.
I had already upgraded to SP1, so I couldn't try it out and see if this really was the problem, either way I am glad it was an easy fix.
Posted By: Steve Wiseman on Sunday, October 14, 2007
Check out our utilities for windows
Map ISO files to a drive
ISO files are images of physical CD and DVD ROMS. You can use to burn them to disk. Microsoft now distributes many of their DVD, and CD ROMs from their website in this format.
Many times you just want to pull a few files off the ISO without burning it to physical media. Microsoft has a little known tool for doing this.
You can download it from here
It is not the most user friendly application, but it is free, and it works well. Let me walk you through mapping an ISO file.
The name of the program is the Windows XP Virtual CD Control panel. Download the file, and extract to the folder you want to run it from.
If you want to map an image file, simply launch the program called VcdControlTool.exe
The first thing we need to do is install a driver. When the program is launched, click on the "Driver Control" button.
We need to install the driver, so click on the only button that is enabled - "Install Driver"
It will open a file browse dialog. It should default to the same folder you installed all the other files for this program....if not you will need to browse back to it and select VCdRom.sys
Once you have selected the driver, the "Start" button will be enabled. Click on it. Now click OK.
We need to add a drive before mounting the ISO. Click "Add Drive" and a drive letter will show up in the window.
Finally we can map the iso by clicking on the mount button. It will allow you to select an ISO to mount. Select your ISO, and click OK.
You will be presented with special mount options. You may need to check these if you are having trouble mounting an ISO. Usually when I first try to mount an ISO I leave them all unchecked. If I run into trouble, then I experiment and try each option.
Once you have mounted the ISO, it will look just like a standard CDROM. If we browse to My Computer and look...
Now I have access to my ISO file, without ever burning it to a disk.
A few last things to note:
1. You don't need to keep this application open after mounting the ISO. It will stay mounted until you unmount it.
2. If you reboot your system, you will need to remount the drive again
Posted By: Steve Wiseman on Thursday, October 11, 2007
Check out our utilities for windows
Microsoft Updates IE 7
Microsoft has released an update for IE 7. The big news - it no longer requires Windows Validation. This means you can install it even if MS detects your copy of windows is not genuine.
I downloaded it to see if there were any other differences. You can do the same by just downloading the latest copy from Microsoft. If you already have IE 7 installed it will simply update it.
One change I noticed right away...can you see it?
Here is the original IE 7:
Here is the latest IE 7
THEY TURNED THE MENU BACK ON!
Damn. I wonder how many nasty emails they got about that one. What made them think getting rid of the menu was a good idea? I always found myself cursing because I had to use the keyboard to force the menu to appear.
Eventually after getting 100s of emails about it, and finding the registry key for it, we released an IE 7 tweaking tool that could turn it back on.
I am glad MS woke up and started listening to customers....maybe there still is hope for Vista :)
Update: I guess there is no hope for Vista. According to some of my readers, the update is for the XP version of IE 7 only.
Posted By: Steve Wiseman on Wednesday, October 10, 2007
Check out our utilities for windows
Adobe Reader flaw confirmed
The latest flaws in Acrobat reader have been annoying at best, and very dangerous to your network at worst.
A few weeks back a security researcher claimed that he found a flaw that was in just about every version of Acrobat Reader that would allow him to take control of a PC.
Petko Petkov, a U.K.-based researcher who found the flaw claimed in a blog posting two weeks ago:
"Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box - Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page that embeds one."
Adobe finally awoke from their slumber and confirmed the bug. Their fix is amusing. Since the flaw exploits the use of the mailto: url link, they walk you through instructions on how to remove / disable the mailto link!
So that means you no longer can click on an email link and have it launch your email. I think I don't want to completely break my browser while they take their time finding a fix.
I have a better idea. Get rid of Acrobat off your network, and use a third party reader like foxit (http://www.foxitsoftware.com/)
Posted By: Steve Wiseman on Tuesday, October 09, 2007
Check out our utilities for windows
Deploy Office 2007 compatibility pack via GPO
After I wrote about the Office compatibility pack, a reader asked this question:
I just saw your post on the compatibility pack. This seems like an ideal thing we can use here, but I can’t seem to locate the msi file so I can push it through the domain
After doing some experimentation and using the sysinternals tool filemon...I discovered that it extracts the contents of the compatibility pack into this folder:
Then you can simply copy the entire contents of this folder, and put it on a public share.
Then deploy O12Conv.msi to your computers using GPO...and if you don't know how to do that, then check out my last article about it.
Posted By: Steve Wiseman on Monday, October 08, 2007
Check out our utilities for windows
Deploy applications via group policy
Many administrators are always looking for easier ways to deploy applications across their network. I find it amazing the number of times I have spoken with other Windows Admins, and they have never used the package deployment features of group policy.
It works well, and I am going to walk you through a simple application deployment.
Start out by getting on your domain controller. Open up Active directory Users and Computers.
Determine what computers will get the package. You could send it out to the entire domain, or you could put a group of computers in an Organizational Unit and only push it out to them.
In our little example here I will push it out to the entire domain. We need to right click on on the domain, and go to properties. The properties window will popup and then we move over to the group policy tab.
Click on edit.
Drill down to computer configuration, then Software Settings, and then Software installation
Now before we continue, we need to think about where our installation package will be located. You need to put it on a public share that all computers under the group policy can get to.
For this test run I created a simple share that had read access for all users and put it on the domain controller.
The second point is all deployed packages must be MSI files*. If the application you want to deploy does not have a MSI installer, then it cannot be pushed out via group policy (There are still ways to do this...but that is another article)
In the past, this requirement limited GPO application pushes to only MS products like Office, but these days many vendors include a MSI file with their setup.
So we copy the MSI file to the public share, and now we can get back to setting up our package.
Right click on the "Software Installation" option and go to New, and then package.
It will now prompt you to select the MSI installer. Make sure you select it via the public share you have created, not via the local file folders. This is because Windows will use this exact path when pushing out to the machines.
Once you have selected a MSI file it will ask you if you want to pick the "Assigned", or the "Advanced" application deployment. For most cases you can simply pick the "Assigned" deployment.
That is all there is to it. Your package is sitting in the group policy
Now, any machine that falls under that group policy will silently receive the package.
*GPO also supports MST, and MSP files
Posted By: Steve Wiseman on Sunday, October 07, 2007
Check out our utilities for windows
Get the Office 2007 Compatibilty pack
Weather you like it or not, Office 2007 is slowly starting to creep into corporate networks around you. The biggest problem with this change is the totally different file format.
A while back we released a command line utility, and added a feature to our Network Administrator product that could force your users to save in the old format. That way if you have not totally upgraded all of your network yet, you can still open office documents with the older versions. Better yet you won't get helpdesk calls asking why no one outside the company can read their documents.
The problem I see now is companies that have decided to wait, are now getting more and more documents emailed to them in the new format. To solve this problem, Microsoft has released the Office 2007 Compatibility pack.
It works with Office 2000, XP, and 2003. It allows you to open and save documents in the new format.
I have installed it on computers around the office here, and it works quite well. I recommend it.
Get it from Microsoft here
Posted By: Steve Wiseman on Thursday, October 04, 2007
Check out our utilities for windows
Limit Automatic login for Windows XP, 2003, and Vista
The automatic login feature of windows is nice. It can be used for that machine you don't need to lock down - or when deploying a system image that will reboot a few times during setup.
If you are not familiar with the automatic login feature, it allows you to tell windows to automatically login with a specific username, password, and domain name. A while back I wrote an article about it, and a free utility to set it up. Please be sure to note, that your password will be stored in the registry unencrypted.
There are times when you only want to have windows login automatically a specific number of times. A good example of this would be when deploying a system image. The imaged system boots. It automatically logs in as administrator, performs a task, and then reboots. So it would be perfect if you could tell windows to automatically login once, and the next time start asking for a username and password again.
I didn't realize this was actually possible to do until browsing through the documentation for the WinLogon key. There is a value named "AutoLogonCount" It specifies the number of reboots windows should listen to the AutoLogon registry settings.
The value is located under this key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
To set it, you simply need to open regedit. Browse to the above location, and create a new DWORD value named AutoLogonCount. Set it to the number of times you want AutoLogon to work - and then reboot.
After thinking about it I decided this would be a perfect edition to our free utility. So I have updated it to include this feature:
If you either set it yourself in the registry, or use our program - please remember that the automatic login feature requires that the password sit in the registry unencrypted.
To get the utility, simply download it from here - And remember. As always we have no spyware, viruses, or adware - only freeware goodness.
Posted By: Steve Wiseman on Thursday, October 04, 2007
Check out our utilities for windows
Fake windows patches via google
I ran across this last week while helping a bank determine what Windows patch broke one of their internal applications. This meant I was manually installing different patches one by one (Including SP2 for XP) - and looking for them on Google. In one of my searches I came across this search result:
Now looking at the highlighted result...can you see anything wrong with it? No, I can't either.
Now look at the page you get to when clicking on the link:
Now obviously I do not need SP2 for IE 5.5. Still...this is is bad. Why? Looks like a MS page right?
Look at the URL at the top of the browser:
Ugg. After some more poking around it looks like thesource.ofallevil.com has an exact mirror of the MS website. I have not tested any of the executables for viruses, or spyware - but for some reason I don't think they have good intentions in mind for you or your network.
I have stopped searching for MS patches on Google, and started looking for them directly on the MS website. I suggest you do the same.
Posted By: Steve Wiseman on Tuesday, October 02, 2007
Check out our utilities for windows
New Zealand Windows 95/98/ME DST Update
I continue to be surprised by the number of people still using Windows 95/98/ME. I asked people earlier to let us know if they were interested in a 9x patch (For New Zealand), and we have gotten so much email we have had a hard time answering it all.
Your wish has been answered and we have released a new 9x patch that includes New Zealand.
We were looking for many ways to automatically refresh the DST tables, but all of them have their flaws - They simply bring up the date and time window instead of refreshing.
So you will need to do this by hand. It is simple to do.
1. Apply the patch
2. Open your date and time by double clicking on the time in the corner
3. Click OK on the date and time window
Now your system is updated.
Also this patch can be called with the /qinstall and /quinstall command line arguments.
Here is the download link:
http://www.intelliadmin.com/DaylightSavingFix98.exe
Posted By: Steve Wiseman on Monday, October 01, 2007
Check out our utilities for windows
|
 |
