Create a shortcut to lock Windows

March 8th, 2010

This one is very simple. I wanted to duplicate the “Lock Screen” applet in Ubuntu in Windows, and thankfully it doesn’t take much.

  1. Create a new shortcut by right-clicking in the “free” space on your Desktop (or elsewhere, such as the Quick Launch folder in Windows Explorer) and select New | Shortcut.
  2. For the “Location” field enter: %windir%\system32\rundll32.exe user32.dll, LockWorkStation
  3. Hit Next and then type whatever you like for a name; “Lock” seems appropriate.

Bingo bango boom. Done. Try it out.

Tags:
Posted in Uncategorized | No Comments »

VMware Server on a Domain Controller (DC)

November 3rd, 2009

You may be wondering if it’s a bright idea to install VMware Server on a Windows domain controller (DC). People may have told you it isn’t a great idea…and it isn’t. But the last time I checked most small businesses don’t have a coffer full of gold lying around, so sometimes us IT folk have to compromise and work with what we’ve got–more often than not a single server (often a DC) or at most two or three (personally I never recommend a single server setup, but there are plenty of them out there).

So…given maybe one or two servers, it’s going to be difficult to get everything running smoothly without a little virtual machine (VM) magic. Sorry folks–installing just about anything other than the built-in roles on a Windows server is opening up the possibility of conflicts, so let’s minimize that probability by installing only one third-party software that’s been hammered on by millions of companies: VMware Server. I think we’ll take our chances.

So what do we need to do to make things with VMware smoother? A few things:

  • Evaluate and upgrade the hardware if necessary. Hopefully a $100 of RAM won’t be a hard sell. I wouldn’t recommend anything less than 4GB on a Windows Server 2008 box with one (1) VM, 6GB for two (2) VM’s, etc. It’s worth noting if you’re running Windows Server 2003 in the VM (or Linux) you can probably get away with halving those figures.
  • If you’re running a domain controller as a VM never pause or take a snapshot of it. Active Directory (AD) depends on servers being able to increment sequence numbers (USN’s) to keep things in sync. If the VM is reverted to an old snapshot the USN’s will get out of sync, and you’ll start noticing differences in the AD database. Needless to say that’s not good.
  • You should disable any NAT or host-only interfaces in VMware and only use bridging. Multi-homed DC’s (more than one network card) are a no-no, something that is well documented around the Net. Just make sure all the VM’s are configured accordingly. Your architecture might include host-to-guest communication over a private subnet–but I’ve found that most small business setups aren’t quite that “complicated”. VMware bridged connections use an existing network interface and don’t create new ones like the NAT and host-only options do. In a nutshell a DC will register all of its NIC’s in DNS even if you tell it not to (via TCP/IP | DNS properties page). If one of those registered NIC’s is unaccessible to the primary subnet (the one to which all the domain-joined workstations are attached) then you’ll start noticing timeouts in your DNS and AD queries. Depending on the number of registered NIC’s, DNS timeout configuration, network speed and other variables you may not notice any immediate problem, however there will most definitely be intermitent slowdowns with file sharing, login and password changes, along with various other issues specific to the environment.

In short just be careful when configuring and administering the host environment and you should have a smooth VMware/DC experience.

Tags: , , ,
Posted in Uncategorized | No Comments »

A service pack fails to apply to Microsoft SQL Server with error 0×7358, 0×80070534 or “No account mapping”

October 23rd, 2009

Assumes:

  • Microsoft SQL Server 2005
  • Microsoft Windows XP, Micrsoft Windows Server 2003

Fix:

  1. Reboot or otherwise restart the SQL Server service. A failed update will generally leave the service stopped or in an unpredictable state.
  2. In Microsoft SQL Server Management Studio (or similar) execute the following:
     
    EXEC sp_validatelogins
    GO
     
  3. This should generate a list of SIDs/accounts that are no longer present in Windows. If no accounts are listed then proceed with this procedure with caution. You might have run into another issue.
  4. Determine the current Windows group names of the SQL Server accounts (Start | Run | “lusrmgr.msc”). They will be in the form SQLServer2005*$CompName$Instance.
  5. Download/obtain PsGetSid from Sysinternals/Microsoft.
  6. Use PsGetSid to get the SID’s of these groups:
     
    psgetsid groupname
     
  7. In the Windows Registry navigate to HKLM\Software\Microsoft\Microsoft SQL Server\MSSQL.x\Setup, where “.x” is the instance of SQL Server with the issue (usually “.1″, for a single instance install).
  8. Note the data in the following values: SQLGroup, AGTGroup, FTSGroup, ASGroup. These keys map to the Windows groups like so:
      
    SQLServer2005MSSQLUser$CompName$Instance > SQLGroup
    SQLServer2005SQLAgentUser$CompName$Instance > AGTGroup
    SQLServer2005MSFTEUser$CompName$Instance > FTSGroup
    SQLServer2005???$CompName$Instance > ASGroup
  9. Replace all SID’s in the Registry that differ from the Windows groups (match up according to above table).
  10. Attempt to change the SQL Server service account through the SQL Server Configuration utility. If the change succeeds this fix most likely worked.
  11. Apply any service packs and/or updates.

Tags:
Posted in Uncategorized | No Comments »

Windows Vista / Windows 7 Activation Error 0×8007232B

October 12th, 2009

If you get this error while attempting to activate Windows…

Windows_NT_6.x_Activation_KMS_DNS_Error
…then re-enter your product key. That’s it.

You’re most likely using an enterprise copy of Windows Vista or Windows 7 (or Windows Server 2008 or R2) that’s set to activate using a KMS key, instead of a MAK key. A KMS key requires a license server on the network to activate against, which if you’re at home or in a smaller business one probably doesn’t exist. Re-entering the product key forces Windows to activate against the Microsoft server(s).

Tags: , ,
Posted in Uncategorized | No Comments »

Using a DNS alias (CNAME) to access file shares on a Windows host

July 29th, 2009

Most of the time it’s a good idea to assign each service its own DNS alias (CNAME) which points to the host the service is currently running on. This way if the service should need to be moved to another server, the DNS alias can simply be pointed to the new host. I might, for instance, map my clients to \\print01, even though the actual server is named zeus. Zeus might one day decide to take an extended nap and not boot, but I can easily install the printers on apollo, quickly change the DNS–and not have to change all 42 clients. Needless to say very beneficial.

Unfortunately for us Windows administrators the Server service (LanmanServer) that exposes all those wonderful file shares to the network doesn’t like DNS aliases much–by default.

Why this is–I have no idea for sure. One would guess there’s a security reason behind it, but I’d only be speculating.

Luckily there’s a documented workaround.

Simply change the following and then reboot:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters|DisableStrictNameChecking(DWORD):1

Once that change has been made you’ll be able to access those shares via the host name along with the alias now as well.

Tags: , , ,
Posted in Uncategorized | No Comments »

How to be kind to your fellow system administrators

May 28th, 2009
  1. Document procedures that are specific to the line-of-business applications in use.
  2. Do not document (but do reference) procedures that are outlined elsewhere (MSDN, publisher’s Web site, etc.).
  3. Log out of a server when you’re not going to be using it for a while. Do not leave important configuration steps half done.
  4. Automate processes that are redundant or lengthy to perform by hand. There’s nothing better than getting Windows installed without having to answer “Typical TCP/IP settings” and without the need to install update KBabcxyz.
  5. Ask questions to clarify a particular problem/oddity. e.g. Why is there only one virtual machine running on this server?
  6. Don’t assume that something is the way it is (read: not optimal) just because whoever did it is a moron. Many times cost dictates what can be done and more importantly what can’t be done.
    Note: Sometimes you are working with morons.
  7. Make yourself available during the work day and at a reasonable level otherwise. E-mail. Cell. Text. There’s no reason why a problem at work should be held up for hours/days because you were too inconsiderate or lazy to give a 30-second answer to a non-trivial question.
  8. Recognize when delegating a task to a co-worker is better than doing it yourself. If your co-worker is more efficient, experienced or excited to do a task give it to them. You are not always God’s gift to IT.
  9. Do not rush. Do not jump to make changes. No matter how urgent something is there’s a good chance you’ll make mistakes that your co-workers (or you) might have to clean up if you did things too fast, thereby cutting into the variable you were trying to minimize in the first place: time.
  10. Learn something new anytime you can and then teach it. Don’t become the bottleneck for information in your organization. It just makes you the forever go-to guy for everything.

Tags:
Posted in Uncategorized | No Comments »

An Easy Way to Explore and Transfer Files on a Windows Mobile 5/6 Device from Ubuntu 8.10

March 28th, 2009

Just to make something clear, this method of enabling file exploring/transfer is intended to be as simple as possible. I’m sure newer builds of OpenSync, SynCE and the various other packages would produce better results–after spending a day or more trying to get them to work. This method does not require compiling or the addition of repositories. It uses the packages that come with Ubuntu.

Our goal is to get the GNOME VFS URI “synce:///” to work. Nothing more, nothing less. Luckily for us, VFS is deprecated in Nautilus (read: it doesn’t work), so we’ll use another completely out-of-the-blue application called GPE File Manager to browse via VFS.

General notes:

  • This works with Ubuntu 8.10 (Intrepid). I have no idea whether this works in any other release.
  • Turn off the “password lock” feature in Windows Mobile; it causes problems.
  • Make sure “Enable advanced network functionality” is enabled on your Windows Mobile device (under ActiveSync settings).
  • Some of the packages listed below are probably unnecessary for browsing files. You can use them for syncing the device.
  • Don’t confuse GNOME VFS with the Kernel’s VFS. Two different beasts.
  • This post assumes you know how to install packages and run commands. No hand holding.
  • You will need to have “Universe” enabled in package sources.

Install the following packages:

  • multisync
  • multisync-tools
  • odccm
  • opensync-plugin-file
  • opensync-plugin-synce
  • synce-gnomevfs
  • synce-hal
  • synce-multisync-plugin
  • synce-sync-engine
  • synce-trayicon
  • gpe-filemanager

Run (in this order):

  • synce-sync-engine
  • synce-trayicon

Connect the Windows Mobile device to the computer. Ensure that the SynCE Tray Icon…err…icon indicates connectivity.

Open the GPE File Manager (“gpe-filemanager”) and browse to “synce:///”. You should see the files on your device.

Very nice!

Tags: , ,
Posted in Uncategorized | No Comments »

Verizon FiOS: Router not getting an IP address

February 18th, 2009

Poor you. All you want to do is switch out your home router. But you’ve got Verizon FiOS, so there’s a good chance that the replacement router isn’t going to get an external IP address.

Here’s the deal.

You should have manually released the DHCP lease (on the outgoing router) and hoped that the little shit would communicate its success of doing so thereby allowing you to quickly unplug the power…all before the router renews the lease on you

Yeah…lovely.

There’s a good chance you’re going to need to call Verizon (hopefully you’ve planned the router swap during off peak hours) and tell them to “break the lease on the backend”…but don’t actually tell them that. Be dumb.

Also, don’t mention that you’re not using their “wonderful” ActionTec router. That’s a no-no.

Tags: , , , , ,
Posted in Uncategorized | No Comments »

Video: “Amazing Bird Fishes Like A Human”

February 7th, 2009

Tags: , , , ,
Posted in WTFrig | No Comments »

Toggle Full Screen in Terminal Services Client (GNOME)

November 12th, 2008

Wondering how to minimize your full screen instance of Terminal Services Client (under GNOME) without disconnecting?

Ctrl+Alt+Enter

Yeah…I’ve been wondering for a while too. Don’t feel bad.

Tags: , ,
Posted in Uncategorized | No Comments »

« Older Entries