Tuesday, December 18, 2012

HP Folio doesn’t get any Windows OEM-Key

I searched and I searched. Under the laptop, under the battery in the bios but the key was nowhere to be found. Finally I gave up and called HP support, they gotta know I figured. Not so, the guy I talked was totally clueless to why I needed that. It’s not delivered anymore with new laptops he tells me.

HP takes full responsiblity for the delivered image he says. Well, if I don’t wan’t to spend another 2 hours cleaning out all the HP-crap that is jammed into the poor machine then? If I don’t want to use recoveryimages, I want to deploy from my MDT.

Well I appearently don’t need them anymore. Hmm, we’ll see….

Friday, December 14, 2012

Autologin to Windows 8

Good for democomputers or bigscreen-computers. This only works if the computers isn’t member of domain. Otherwise “Users must enter….” isn’t visible.

  • Hit run /> netplwiz
  • Uncheck “Users must enter a username….”
  • Autologon problably only works if there only is one user account.




Thursday, December 13, 2012

Recommended for you popup

Had this malwareinfection recently. User a get a ad in lower left corner of Internet Explorer.  Funny thing is, when installing firefox instead, the issue was the same!


  • Ad shows i lower left corner, can be using Flash or not.image
  • Sometimes clicking a link redirects to a completly different page.


  • Malwarebytes found malware, cleaned out. Kept coming back. Ran it and rebooted 3 times. Quick and Full. No fix seemed to do any good.
  • Ran Roguekiller, did nothing for the problem.
  • Controlled unknown processes with ProcessExplorer
  • Checked all Internet Explorer addins using Sysinternals autoruns

I finally found that the Hosts file had been tampered with. Those sneaky bastards had put the extra lines in the bottom end of the host-file. No edits could be done. Took ownership, removed write-protection with attrib but still I couldn’t edit the file.

The Fix

I ran Microsoft FixIt50267, which is supposed to reset the hosts-file, but this didn’t work either. Finally created a new host-file with the standard content and copied over the orginal location. This solved the problem. No more malware-ads while surfing.

Final thoughts

The following lines were added to the hosts-file www.google-analytics.com. ad-emea.doubleclick.net. www.statcounter.com. connect.facebook.net. www.google-analytics.com. ad-emea.doubleclick.net. www.statcounter.com. connect.facebook.net.

What they probably do is redirect “real ads” to malwareads-servers instead. The tricky part is that this isn’t something the malwarescanners, autoruns or proccessexplorer will pick up. Since is isn’t malware causing it. Just a few extra lines in the hosts-file.





Tuesday, December 04, 2012

Upgrade to IE8 forces Enhanced Security for all Terminal Server users

Major headache.

Scenario: Users on Server 2003 R2 SP2 Terminal Server experience crashes in Internet Explorer. In an effort to kill these problems the browser is upgraded to IE8. This is done while the users are logged on, in past situations this hasn’t been any problems. Changes doesn’t push through until server is rebooted. Not so this time.

30 minutes after IE is upgraded users call in and report that they can’t mark formfields in IE. For example they can’t input text in google searchfield. Strange I think. Probably some locked files, easy done we’ll reboot the server. And yes, this issue disappeared. But instead Internet Enhanced Security is now enforced for all Terminal Server users and they don’t want to allow every single page they're gonna visit. How did this happen? IEES is disabled, both for users and admins in Windows Components.

1.5hours later we finally solved it, but it wasn’t a pretty solution.

Tried and did not succeed :

  • Change IEHarden = 0 in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ZoneMap]
  • Changed GPO to lower security settings


Deployed DisableIIEES.bat through GPO. Cudos to BrentgMS for the solution. Link to orginal below.

----------------------- DisableIEES.bat -----------------------------


REM  IEHarden Removal Project
REM  HasVersionInfo: Yes
REM  Author: Axelr
REM  Productname: Remove IE Enhanced Security
REM  Comments: Helps remove the IE Enhanced Security Component of Windows 2003 and 2008(including R2)
REM  IEHarden Removal Project End
::Related Article
::933991 Standard users cannot turn off the Internet Explorer Enhanced Security feature on a Windows Server 2003-based terminal server

:: Rem out if you like to Backup the registry keys
::REG EXPORT "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" "%TEMP%.HKEY_LOCAL_MACHINE.SOFTWARE.Microsoft.Active Setup.Installed Components.A509B1A7-37EF-4b3f-8CFC-4F3A74704073.reg"
::REG EXPORT "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" "%TEMP%.HKEY_LOCAL_MACHINE.SOFTWARE.Microsoft.Active Setup.Installed Components.A509B1A8-37EF-4b3f-8CFC-4F3A74704073.reg"

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f

::Removing line below as it is not needed for Windows 2003 scenarios. You may need to enable it for Windows 2008 scenarios
::Rundll32 iesetup.dll,IEHardenLMSettings
Rundll32 iesetup.dll,IEHardenUser
Rundll32 iesetup.dll,IEHardenAdmin
Rundll32 iesetup.dll,IEHardenMachineNow

::This apply to Windows 2003 Servers
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents" /v "iehardenadmin" /f /va
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents" /v "iehardenuser" /f /va

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents" /v "iehardenadmin" /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents" /v "iehardenuser" /t REG_DWORD /d 0 /f

::REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /f /va
::REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /f /va

:: Optional to remove warning on first IE Run and set home page to blank. remove the :: from lines below
:: 32-bit HKCU Keys
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "First Home Page" /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Default_Page_URL" /t REG_SZ /d "about:blank" /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t REG_SZ /d "about:blank" /f
:: This will disable a warning the user may get regarding Protected Mode being disable for intranet, which is the default.
:: See article http://social.technet.microsoft.com/Forums/lv-LV/winserverTS/thread/34719084-5bdb-4590-9ebf-e190e8784ec7
:: Intranet Protected mode is disable. Warning should not appear and this key will disable the warning
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "NoProtectedModeBanner" /t REG_DWORD /d 1 /f

:: Removing Terminal Server Shadowing x86 32bit
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" /v "IEHarden" /f
::  Removing Terminal Server Shadowing Wow6432Node
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" /v "IEHarden" /f


Se link from msdn below for original blogpost for the issue





Friday, November 23, 2012

Bootmgr not found after imagex deployment

Issue with deployment of Windows 8 wim with imagex deployment.

Applied image like below from WinPE

    1. Diskpart
    2. Select disk 0
    3. Clean
    4. Create partition primary
    5. Select partition 1
    6. Active
    7. Format quick
    8. Assign letter=c
    9. Exit
    10. Imagex /apply h:\lab\windows8.wim 1 c:

Afterwards system wouldn’t boot, giving error about bootmgr not found. Checked files and everything disk had been imaged correctly. Had to do the following to get the system to start:

  1. bootsect /nt60 c:
  2. bcdboot c:\windows

Strange, but short on time so this solution works for now.

Friday, November 16, 2012

Outlook disconnects ballon messages

On some customers Remote Desktop Servers (Terminal Servers) these messages just keep showing up. Though everything is working as it should, there’s just something with the way these messages update their status on TS-environment.

So to keep users from getting panic from these messages you can easily disable these by right clicking on Outlook in the activity field and uncheck Show Network Connectivity Changes image

This doesn’t work very well on a TS-environment. So to solve this we push out a registrychange through Group Policy Preferences. In example below we are using Outlook 2007, therefore Office\12.0 . For 2010 use \14.0\.


  1. Add Registry Item
  2. HKEY_Current_User
  3. Software\Microsoft\Office\12.0\Outlook\Display Types\Balloons
  4. Value: NetConn = 0






Problems running applications using older dotnet framework on W8

When trying to download dotnet 3.5 automaticly the download fails. Oddly enough, using an previous offline package installer for dotnet3.5 this package also tells me that it needs the dotnet package.

Chew on that for a minute. The actual install package for dotnet 3.5 requires some older version of dotnet (that is included in this dotnet3.5 package) to installa on Windows 8.

Anyways, if you have a W8-disc you can use solution below.

Solution: This is using a w8 installationsdisc or image.

  1. From elevated cmd
  2. /> dism /online /enable-feature /featurename:netfx3 /all /limitaccess /source:x:\sources\sxs

Where x:\ is your mountpoint or discdrive.

/all enables all parent features of dotnet

/limitaccess prevents dism from contacting Windows Update

/source specifies location of files.



Wednesday, November 14, 2012

Can I disable it? WinHTTP Web Proxy Auto….

Yes you can. This service takes away the user or network admin responsibility of knowing your proxies and allows the computer to autosense this settings from the network. In controlled situations where you know of all the services running on the network, you can safely disable this service.

Might even be a good security practice, for this service could be a gateway to man-in-middle attacks if not kept tabs on.

If there is a forefront server on the network you should probably leave it be, if these settings isn’t pushed out through policies.



Monday, November 12, 2012

Windows 8 PDF Reader

Lovely idea MS. Really.

However, after 3 months of using W8 I have finally caved and installed Adobe Acrobat Reader. The reasons are these:

  1. I can’t have two pdf documents side-by-side.
  2. No outlook 2010 integration. Can’t view pdf directly from email, which is quite handy most of the time. Though perhabs more insecure.
  3. I can’t use snippet tool with Winpdf. Though I suspect this has more to do with WinRT, than the actual program.
  4. I can’t go to specific page
  5. Search leaves much to ask for.

Sometimes I need to compare documents or at least copy serials and knick-knacks from the pdf. So above points are dealbreakers for me. And most likely for many other users.

Wednesday, October 31, 2012

Office365 problems

Customer reported issues with their Office365 exchange today.
I actually had to call the supportline to get the status address for the services. Not that this helped. As it was with the Admin Dashboard all services where greenlighted. When I turned to the office365 forums the tune was another. When i posted my sorrows I got feedback from Russia, Sweden, Germany and Norway. Probable cause is the storm Sandy which has caused some havoc in the Big Apple central network node. Maybe the atlantic cable, though you would think this wouldnt happen since we got our own datacenters here in Europe.
Anyways here are some good statuspages that proved difficult to find.
Check speed to MS Services : http://speedtest.emea.microsoftonline.com/
Status of services: http://Status.mange.microsoft.com
Create ticket: http://Manage.microsoft.com/getsupport
Supportnumbers for Sweden: 020-160 58 99 (they try real hard to hide these)

Update  121101.0938
Services started to function again around 1600-1700  GMT+1 yesterday.
Still no updates on the status pages above though, which I find disconcerting. Whats the point of a uptime chart if MS only updates it when they feel like it?
Link to post for the issue : http://community.office365.com/en-us/forums/160/t/74129.aspx

Tuesday, October 23, 2012

Error when creating user

Problem: Get error when trying to create a new user in Server 2008 AD.

Keywords: Active Directory Domain Services Windows cannot set the password for the admin because: Error 0x800708c5


kind of cryptic isn’t it?

Solution: Password wasn’t complex enough. Added a big letter and it worked fine. Still not the best errormessage.

Wednesday, October 17, 2012

Microsoft License Calculator

Overview over what licenses you get for each compency as a Microsoft Partner

Tuesday, October 16, 2012

Firefox and Sharepoint authentication

I like sharepoint, and I like firefox. The two don’t like each other.

To get rid of pesky authentication everytime we login to sharepoint with firefox do as follows:

  1. In firefox address field: about:config
  2. Find network.automatic-ntlm-auth.trusted-uris
  3. Edit field and add all sharepoint addresses you want to remember password for. Seperate addresses with ,

Note that this assumes that you’ve actually saved the credentials for the site earlier, via Internet Explorer or Credentials Manager.



Wednesday, October 10, 2012

Multiple dnsregistrations for multihomed servers

Sometimes I have more than one NIC on a server. I have my reasons for this.

This can give issues with the wrong address responding in the network. For example a user trying to reach the fileserver suddenly get answers from the fileservers other NIC, which isn’t even on the same subnet. Of course this results in a timeout until the users computer figure out that the other address for the fileserver actually works.

This is because the fileserver in this instance, have two addresses registered in the DNS.

When I remove the other, wrong address from the DNS, it’s back in an hour or so. Since all NICs are registered when netlogon service restart every hour or so.

To rid us of this annoyance and let us have our multihomed machines in solitude :

1. Disable Register this connection’s addresses in DNS

2. Disable NetBios over TCP/IP

3. Disable DNS-listening on specific interface

Tuesday, October 09, 2012

Outlook autocompletes my name

Outlook per standard is autocompleting my name when I'm composing emails. Very good feature for some, but I feel it lacks personality when I always finish my emails with my full name. If I want to be formal I have the signatur for that.

The culprit in Outlook 2010 is Quick Parts and the Autotextfunction.

To disableimage

  1. Open new mail
  2. Ribbon Insert
  3. Text>Quick Parts>AutoText>Organize and Delete
  4. Pick the building block to remove, usually “Firstname Surname”
  5. Delete
  6. Done.


To verify, start writing your name and use F3 after 3-4 letters to force autocomplete to activate. It should result in nothing.



Tuesday, October 02, 2012

Outlook delays when pasting from webpages

To get rid of delays when Outlooks formatting gnomes kick in

  1. Outlook>File>Option
  2. Mail>Editor Options > Advanced
  3. Area “Cut,copy and paste”
  4. Change pasting from other programs to merge formatting




Wednesday, September 26, 2012

Add network folder to Windows Library

If you want to add a network folder to your Windows 8 libraries you’re usually presented with a dialogue telling you that the folder needs to indexed.

This is the workaround.

1. Create folder on disk. For example : c:\images

2. Delete folder

3. CTRL+Q to search. cmd as admin.

4. mklink /d c:\image \\server\images

5. Done.

Now all images are easily accessed from your windows libraries. Plus they get indexed.

Conditional filtering on Sharepoint Lists

To do conditional filtering on one or several Sharepoint 2010 lists

1. Create a new page.
2. Insert Web parts Sharepoint List Filter or Text Filter
3. Insert webpart for one or more lists
4. On Text Filter webpart, choose Edit
5. Choose Connections>Send Filter Values to “ListName”
6. Configure Connection > Choose column (Consumer Field Name) to filter against.
7. Save
imageimage8. Enter value in Text Filter webpart to filter.
The Sharepoint List Filter webpart can be used if you have a list where you can retrieve a column which can want to filter by. There’s a built in limitation in the Sharepoint list view for 100items. This can circumvented in some yet unknown way.
Requires full Sharepoint 2010 Enterprise Server.

Monday, September 24, 2012

VPN Setup for Server 2008 R2

It’s good to have access to the home network occasionally. This is purely for my own convenience

This is how to setup Server 2008 R2

1. Install role “Network policy and Access services”

2. Select role services “Routing and Remote Access”>Remote Access Services |Routing

3. Configure and Enable Routing and Remote Access from node

4. Choose Custom Configuration

5. Choose “VPN Access”

6. Finish and Start Service.

7. Add static address pool to the IPv4 tab on the Routing and remote access.


Now for the firewall ports must be opened: PPTP:1723 TCP 47 GRE . L2TP over IPSEC: 1701, TCP 500 UDP .

These ports are opened auto in Windows Firewall. For the physical firewall, in this case a Juniper Netscreen 5GT do following.

    • set service CustomPPTP group “other” 47 src 2048-2048 dst 2048-2048
    • set service CustomPPTP + tcp src 0-65535 dst 1723-1723
    • set vip multi-port
    • Save and reboot firewall.
    • set interface ethernet3 vip 2048 CustomPPTP mylocalserverIP (This might be a bit flaky and can be set from the gui instead).
    • set policy from untrust to trust “any” “VIP::1” CustomPPTP permit



Friday, September 21, 2012

Macbook != Cisco


Macbook Pros and Macbook Air suddenly couldn’t connect to the wireless network at a company I manage. The users claimed it worked perfectly at home and at hotels and such. All Windows, ipads and iphones worked without hitches. This issue occurs both on a secure and a non-secure SSID that passed through the same AP (Cisco Aironet 1240AG Series Access Point).


When connecting to the network from a Mac of version OSX 10.6.8,10.7.4 or 10.8.1 it didn’t work or it barely worked. Usually connection couldn’t even be established. Instead ending with a Connection reached maximum timeout message. Other times the connection established but lost all lot of pings and internet access usually didn’t work.  I tried all the usually mac troubleshooting issues that have been reported with Lion. recreated network zone, changed encryption methods. Updated OSX. Called Macsupport (big waste of time, they’re really homeuser oriented).   I setup a different AP of brand Zyxel but the issue persisted. It was all a big headach and really enforced my distaste for Macbooks overall.

Finally I turned my attention to the Cisco units and after som searching I found an issue that seemed but match mine.


Disable the client load balancing on the Cisco AP. On this particular modell I had to disable the whole Aironet Extension to get rid of the function. When this change was made on all AP. The issue vanished without a trace. Why haven’t Apple or Cisco fixed this I wonder?

  1. />configure terminal
  2. />interface dot11radio 0 (or 1 for 5Ghz if n is used)
  3. /> not dot11 extension aironet
  4. /> end
  5. /> copy running-config startup-config




http://www.macmaps.com/WIFI1048.html – all possible solutions to mac-wifi issues.

Wednesday, September 19, 2012

Windows 8–still no volume shortcut

Same plague as with previous version. No builtin method to raise or lower volume by keyboardcommands. Something I value since I need to be able to mute or lower volume when call comes in. Using the mouse isn’t effective.

So we still need to use same program as with Windows 7


Download it here :http://matt.malensek.net/software/3RVX_2.5.msi

Then to put it autostart for Windows 8, use path : C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Just copy the shortcut from above Programsfolder.
I usually prefers to change the shortcut-keys to WIN+F11 = Lower, WIN+F12 = Raise, WIN+F10 = Mute. This because the default key is WIN+Mousewheel Up/Down which kind defeats the purpose of a KEYBOARD-shortcut…



Friday, September 14, 2012

Windows 8 Refresh

A new feature of Windows 8 is the ability to refresh your computer. A built-in way to completly reinstall your os without having to do any actual work. The downside of this is that you have to reinstall all your custom applications.
That is unless you modify the refresh baseline!
To do this,
  1. Make sure your system is set up the way you like it, with Office and common tools etc.
  2. Run cmd in adminmode
  3. mkdir c:\Backup
  4. recimg –createimage c:\backup
  5. Wait, this might take a while
Now, the next time refresh is used in Windows, this is the image that will be used.

Thursday, September 13, 2012

IE10 and certificates

I’ve started using Windows 8 now. Some issues will appear.
This is one of them.
Websites that are using self-signed certificates or certificates shorter than 1024bits encryption cannot be accessed using Internet Explorer 10. Browser doesn’t allow it.
This is a workaround for the issue:
  1. From elevated cmd run : certutil -setreg chain\minRSAPubKeyBitLength 512
  2. Restart cert propagation service.
  3. Reload webpage.
This is probably going to be solved in MS patch in time for the real Windows 8 release in oktober.


If you for some reason gotten stuck with an windows.old folder on your system that is eating away at your precious bytes, this is clean way to get rid of them.

1. Run Disk Cleanup

2. Choose Clean up system files

3. Select Previous Windows installations

4. Ok

This method have to be more nice to the system rather than just deleting it.



Tuesday, September 11, 2012

Scheduled reboot of Juniper SSG5

To schedule a reboot of a firewall of model Juniper SSG5:

  1. 1. Make sure firewall have accurate time
  2. 2. Telnet or SSH to firewall
  3. 3. /> set timer mm/dd/yyyy hh:mm action reset



Wednesday, July 25, 2012

Custom Views in Server 2008 R2

Recently I had a request to create a logging system for usage on a server. A way to document how many times a machine is logged onto by a specific subset of users.
I though I would try out the custom views in Server 2008 R2 instead of making the quick and easy script at logon/logoff.
It turned out a bit more complicated than I anticipated so here it is, for documenting purposes.
1. Make sure logon events are audited in local security policy or domain policy.
2. Create a custom view from the Security Log
3. Choose tab XML and ‘Edit query manually’
4. My end result 
  <Query Id="0" Path="Security">
    <Select Path="Security">
    *[System[(EventID=4624 or EventID=4647)]]
    *[EventData[Data[@Name='TargetUserName'] and (Data = 'user1' or Data='user2')]]
The specific properties of the event you want to log can be found by viewing XML view on the relevant event. In my case the TargetUserName was the common unit for the relevant IDs.
The cool thing about custom events is that you can attach a task to the view, allowing a program or email to be sent every time something is logged.

Wednesday, July 18, 2012

Unable to load client print control

Firstly! No happy ending to this story.
Error is shown when users use print control in an external hosted application.
Still works to print, when first pushing abort and then running anyways.
Hosted application use a Microsoft SQL Server Report Viewer Control.
Users connect from Remote Desktop Server running Server 2008 R2 using Internet Explorer 9.
UAC is disabled, due to other 3rd party application that requires this.
Addin is loaded in Internet Explorer. Probable cause is rights issue.
Only reason it works anyways is because I logged in as administrator and ran the installation above. Problem is that this control tries to download every time user access the site, just in case there is a new version.
Registered rsclientprint.dll manually on adminlogin, and in user environment. No effect.
Removed files from Windows\Downloaded Program Files > Went back to not working at all. Copied back to allow users to print despite error message.
Registered rsclientprintx64.dll > No effect. Browser is probably running in x32 mode so the right components should be installing.
Tried to run website from Iexplore in 64bits mode > Site didn’t even work.
Set up GPO to allow server-users to autoinstall activex components > No effect.
Tried adding the user to Power Users to do the install > No effect.
Resolution: to be added….
Most of information on Internet points to the server hosting the webapplication needing to install Microsoft Report Viewer SP1 - http://www.microsoft.com/downloads/details.aspx?FamilyID=bb196d5d-76c2-4a0e-9458-267d22b6aac6&DisplayLang=en and Report Viewer Redistributable 2008 Service Pack 1 GDIPLUS.DLL Security Update
But since I don’t have control of the server and the company hosting the application isn’t very forthcoming I wanna solve on the clientside. This doesn’t seem to work though. So severals hours of trying to solve it has led me to take a timeout and await the company helpdesk. Annoying.

Update 1.
After calling to the supplier with my grief it turned out that they indeed had recently updated their plattform and were experiencing some issues... Well at least I could turn over my hours of research into the problem to them, hoping this would speed up their own troubleshooting.
Another great link I found : http://social.msdn.microsoft.com/Forums/is/sqlreportingservices/thread/4af03654-31b1-44b3-8514-20a3c25bfd7c
This points toward the issue only happening in environements were the user isn't administrator.

Sunday, July 08, 2012

Xbmc + 1channel = score

imagine netflix posibilities with nocost plan. You have xmbc eden? Load up 1channel.bstrdsmkr-0.0.3 library and add the repository in xbmc and you can watch all the tvshows and movies on 1channel, without any commercials and popups. Thats is wicked! At least that what warner bros calls it…

Thursday, June 28, 2012

Powershell scripts for AD-deployments

Some usefull scripts for AD-deployment in server 2008 r2 with powershell.

To Create homefolders:

$dataSource=import-csv “users.csv”
Set-Location "d:\data\users"

foreach($dataRecord in $datasource) {
$name=$dataRecord.FirstName + ”.” + $dataRecord.LastName
New-Item $name -type directory

To create the users:

#Change here to correspond to your domainenvironment

#Set homedir if needed remove if dont

$dataSource=import-csv “users.csv”
foreach($dataRecord in $datasource) {
$cn=$dataRecord.FirstName + ” ” + $dataRecord.LastName

#check if lastname is empty.
if (!$dataRecord.LastName) {
$dataRecord.LastName=" "
else {
$sAMAccountName=$dataRecord.FirstName + “.” + $dataRecord.LastName


write-host "Creating user :"$sAMAccountName

$displayName=$sn + “ ” + $givenName

$userPrincipalName=$sAMAccountName + “@sb.local”
#remove below if homedrive isn't used.
write-host "User :"$sAMAccountName" created"

write-host "Users created"


Above script imports users from csv file looking like this:



Also to set permissions the following might work, i’ve already forgotten. anyways it might almost work with some modifications.


#script to give full control NTFS permissions on a directory to the domain user with the same name of that directory

#script settings

$domain = “contoso.local”

$root = “d:\data\users\”

#don’t edit below here
$folders = Get-ChildItem $root

ForEach ($folder in $folders)


$username = $domain+“\”+$folder

$permissions = Get-Acl $folder

$userpermissions = New-Object System.Security.AccessControl.FileSystemAccessRule($username,“FullControl”, “ContainerInherit, ObjectInherit”, “None”, “Allow”)

Set-Acl $folder $permissions

Write-Host “Set permissions on $folder for $username”


I don’t take cred for creating the scripts from scratch. I found them on the net, but was in a rush at the time so i didn’t note the address. They weren’t perfect to begin with, but i’ve modified them so they work for my purposes.

next step would be to add them to groups auto, but this is step is fairly painless in the gui so we’ll hold of on that for the time being.

Tuesday, June 26, 2012

RDS–Disable Office update settings

When first time users start their Office it’s nice to not have to specify how you want updates to be installed.

Especially on a Remote Desktop Server, where the user don’t have the permissions for it anyways.

To get rid of it

1. Download Office 2010 Administrative Templates

2. Create new GPO>Add Template for Office 2010

3. In Microsoft Office 2010 > Privacy > Trust Center > Enable (Disable Opt-in Wizard on first run)

4. Apply GPO to the user OU.



Monday, June 11, 2012

IE9 + Outlook 2003 = preview.js

Problem started when installing IE9 on a Remote Desktop Server running Server 2008 with Outlook 2003 installed. 2003 you say? Yes it’s a customer licens and they don’t want to upgrade.

Symptoms: Script error displayed when trying to print an email image

Solution 1:

Create a DWORD and name it "Force RTF Printing" (without the ") and give it the value 1 (hex).

This has to be done for all users, which isn’t optimal.

Solution 2:

Create Fonts catalog in %homedrive%\%homepath%\ In this case h:\Windows\Fonts

This solution seemed easier to automate so went with this.

Rolled out via GPO Preference for this particular RDServer. image


Don’t forget checkbox for “Run in logged-on users sec….”.





Friday, May 25, 2012

Upgrade Storage array on HP server

To upgrade a HP raid1 disk array with 2 disks of each 70 gb to bigger disks.

1. First make sure that the array is functioning and replicated.

2. Pull on 70gb disk. Insert a bigger one.

3. Wait for array to finish replicating disks.

4. Pull the second 70gb disk. Insert a bigger one.

5. Wait for array to finish replicating.

6. Open HP Array configuration utility.

7. Create a new logical diskspace on the free space.

All this done with all systems live on the hostserver!

Wednesday, May 23, 2012

Identify version of SQL Server installed

To identify version run query: select @@version

Or on older versions (pre2005) run query:

SELECT  SERVERPROPERTY('productversion'), SERVERPROPERTY ('productlevel'), SERVERPROPERTY ('edition')

And you get served with information layed out like below:

Microsoft SQL Server 2008 (RTM) - 10.0.1600.22 (Intel X86)
    Jul  9 2008 14:43:34
    Copyright (c) 1988-2008 Microsoft Corporation
    Enterprise Edition on Windows NT 5.2 <X86> (Build 3790: Service Pack 2)

Wednesday, May 16, 2012

Twitter lingo

Found a great site for getting the grip on all the twitter lingo floating around. Finally I know what the hell a retweet is about!


Tuesday, May 08, 2012

Allow pdf documents to be opened directly in browser

In sharepoint 2010, the default pdf-documentbehaviour is to save to disk. A method that isn’t optimal.

To change this to open directly in browser:

On your sharepointserver.

1. Application Management> Manage web applications > [Your site] > General Settings

2. Change Browser File handling to Permissive


3. Reset IIS

Note that is is considered bad security practice by some, but in smaller user groups this is the only way to discourage users from saving documents locally.




Handy site to get icons

Visit http://www.iconfinder.com/ to satisfy all your icony needs. Remember the days when you had to create your own icons? Now we don’t need to!

Wednesday, May 02, 2012

Create quickerease job in Backup Exec 2012

To create a quick ereasejob
1. Register Backup Exec powershell modules in Windows.
notepad $profile.AllUserssCurrentHost , add import-module “\program files\symantec\backup exec\modules\bemcli\bemcli” Create document if it doesn’t already exist.
2. Allow signedScripts: />set-executionpolicy remotesigned
3. Create ereaseTape.ps1 . Add Line : get-betapedrivedevice "[YOURDEVICENAME]" |submit-beerasemediajob -confirm:$false
4. Create startScript.bat. Add line: powershell -file "\Script\ereaseTape.ps1"
5. Create Windows Scheduled Task to start startScript.bat whenever you want.
Now, I only do it like this because I haven’t found my way around the new and much more confusing be2012. But the Powershell capabilities are looking good.

Thursday, April 26, 2012

Backup Exec 2012

Exciting times! This time around Symantec actually has added a few features I’ve previously been missing!

In no particular order here are my favourites

  • Backup to virtual machine. With option to convert existing backupset to virtual machine. both vmware and hyper-v
  • Autoupdate for remote agents when central server is updated
  • Support for powershell commands
  • Simplefied disaster recovery. No longer the need to have exactly the right version of OS on disc when performing recovery
  • Improvements on the vwmare-agent, which provides the ability to redirect restore to newer hardware-versions. For example redirect to “Hardware Version 8”. Great for migrations hopefully!
  • Improvements on the exchangeagen, which provides ability to restore mailbox or public folder items into PST-files. This is a great one! This never worked well when you had to restore directly into the active exchangedatabase. Hopefully this will remove our need for third party software to do exactly this!
  • When backing up virtual disks, only used space is transferred. Goes for both hyper-v and Vmware.

On the negative side they seem to have overhauled the old system of using policies to create jobs, which I’ve been forcing everyone around me to use. It’s gonna be interesting to see if the new methods are scalable like before…

Wednesday, April 25, 2012

Remote Desktop Services in Workgroup mode

I had a case where a customer wanted to run RDS on singleserver. The idea was to run DC and TS on the same server to save hostingmoney. A bad practice and not really optimal to run on a virtual host with limited memory. The thought struck me if we could manage without the DC the system might run much smoother.

While googling for information a noticed that it was sparse with info for this scenario on the net. It did however work splendidly.

What you need to do

1. Install Server 2008 R2

2. Install server server role Remote Desktop Session Host and Remote Desktop Licensing

3. Configure Per User Licensing mode

4.  Add these policies to make life easier

Computer Configuration>Administrative Templates>Windows Components> Remote Desktop Services> Remote Desktop Session Host>Printer Redirection>Specify RD Session Host server fallback printer driver behavior> = default to PCL if not found

Computer Configuration>Windows Components>Remote Desktop Services>Remote Desktop Session Hos>Connections>Sets rules for remote control of Remote Desktop user sessions = enabled, with user permissions

5. Create users from Computer Management> Users and Computers and add these to Remote Desktop Users group.

For a single server environment this method might sometimes be justified, otherwise it’s a DC-environment that is recommended.

Tuesday, April 24, 2012

Don’t use time.windows.com

At a seminar I once learned that we shouldn’t use the default ntpserver time.windows.com. Which is preconfigured in all Windows installations. This server is apparently under quite a big load. I can imagine, seeing how usually people don’t look twice on this settings.
To change it, change time and date settings, choose Internet Time and change to a less travelled ntpserver. In sweden we can use one of the following:
            server 0.se.pool.ntp.org
    server 1.se.pool.ntp.org
    server 2.se.pool.ntp.org
    server 3.se.pool.ntp.org

The Internet Time tab won’t be visible if the computer is member of a domain. then this settings is being handled by the domain controller.

Great week for WinPhone and Windows

This week we got both Skype for WinPhone and much sought after upgrade for Skydrive!

Skype has been in the works for months! Now I can finally call people from my phone when Im at home in my mountain lair with incredible bad cellphone reception!

Also updated is the Skydrive services. New this time is a clientapplication which makes skydrive available through Windows Explorer, just like an ordinary folder. What’s nice with this is that you can also add your skydrive folders to your Windows Libraries. My Lumia 800 autouploads all taken pictures to my Skydrive, so taken pictures now magicly turns upp in my Windows Picturelibrary!

I’ve previously been trying to make this work through a myriad of third party applications and hacks but they can now all pass into the past. Good thing too, since they’ve got nothing on the MS Skydrive app! Im curious though, too if MS will merge Skydrive and Mesh in the future. Now they’re both active in the activity field and other than it looks a bit messy with all these extra icons it’s probably not very memory effective.

As of now my mesh is eating up:

MSOSync.exe 4MB, WLSync.exe 23MB, MOE.exe 47MB. Totalt 74MB.

Skydrive.exe 10MB .

Hmm, they could probably trim the Mesh-services a bit I think, though Skydrive most likely only connects to online webservices and doesn’t “think”. Hopefully this will all sort itself out in Windows 8.

Here’s MS promovideo of the new skydrive:

SkyDriveVideo.mp4 , can also be viewed on blog below, since this link probably doesn’t work…



Saturday, April 21, 2012

Can’t delete folder because thumbs.db is in use

To get rid of the annoying “Can’t delete folder because thumbs.db is in use” error, do the following

1. Open gpedit.msc

2. In User Configuration>Administrative Templates>Windows Components>Windows Explorer

3. Enable “Turn off the caching of thumbnails in hidden thumbs.db files” .

Now, you loose some functionality doing this, by the error is far to annoying to keep.

Friday, April 20, 2012

Great tool for cleaning up on Terminal Servers

Got to use ICSweep today to clean out user tempfiles on a Terminal Server. Very effective. In my case server was loosing all diskspace due to a printer spooler gone awry. Lost 4GB in 3 minutes… a bit distressing…
Check out site below for details

Thursday, April 19, 2012

Error while accessing datasheet-view in SP2010

Some of our customers have run into a problem while trying to access datasheet view of a list when using Office 2010 64bits version.
A common solution to this is to install the 2007 Office System Driver: Data Connectivity Components (x32).
Link to download: http://www.microsoft.com/downloads/en/details.aspx?familyid=7554F536-8C28-4598-9B72-EF94E038C891&displaylang=en
Link to MS information: http://support.microsoft.com/kb/2266203
Technorati-taggar: ,

Official site for feature requests on Windows Phone


Had some trouble finding this earlier so im putting it here.

Wednesday, April 18, 2012

Lumia diagnostics

cool diagnostic tool on the Lumia. Push ##634## to start it.

Good for verifying that all hardware is ok.

DaRT–crash analyzing tool, among other things

DaRT is a nifty tool that should be in every Windows-technicians portfolio.
You need to have access to Microsoft Desktop Optimization Pack to aquire this tool, but this is usually available to Volym Licensing subscribers.

It’s an official Microsoft Tool and it can scan an offline OS and among other things do the following:
- Scan for Virusinfections
- check BSOD-dumps
- restore deleted files
- crack forgotten local passwords
- browse harddrive and mount USB-drive and copy files from localdrive to usb
- repair disc-volumes
- perform dod-standard Disc Wipe
- manage and add drivers
- Check integrity of systemcritical files.
- Access and edit registry

Steps to create ERD disc.
 1. Install ERD Commander Boot Media Wizard.
 2. Mount a iso with Windows 7 or Server 2008 R2. Note that some tools only work if the image on which it is based on is the same as the target system.
           a. Some of these tools are Hotfixa Uninstall, SFC Scan, Computer Management, Event Viewer,  Locksmith.
3. Choose which tools should be included. Something like locksmith might be something you left out in this disc, if it is intended to be distributed in some form.
4. Update Sweeper definitions.
5. Add drivers if needed.
6. Add additional files if you have some tool you want to include.
7. Specify location
8. Create iso.
9. Burn created ISO.

Monday, April 16, 2012

Color coding list view

I had a situation where a customer wanted different row-colors in the list view depending on certain values.
This could be solved using conditional formatting and a custom view.
To create a conditional formating on a list.
I had a situation where a customer wanted different row-colors in the list view depending on certain values.
This could be solved using conditional formatting and a custom view.
To create a conditional formating on a list.
1. Create a custom view in Sharepoint Designer
2. Create a Conditional format by marking a field, and pick it from Options ribbon.
3. Select Format Row and pick field name and choose conditions
4. In Style, choose category Background and Background-color
5. Save
Very handy for situations where certain conditions need to be highlighted given certain circumstances.

Friday, April 13, 2012

Second hacked website this week…

A few strange sites out there right now. These have a tendency to show up in google results and redirects you to site where “Windows Antivirus 2012” is trying to “scan” your computer. Complete scam obviously, didn’t even bother to change the gui depending on the visiting browser so everything looks like XP. It seems that sites that are infected have Wordpress and Joomla 1.5 in common. A few sources on the web indicates that this is a result of poorly managed .htaccess file or a vulnability in an old module of “Advanced Module Manager”. Anyways just ESC and close the page to be rid of it. To be safe just close the whole browser and start a new session.

A good site to check if a site is has any issues is http://sitecheck.sucuri.net/ .

Also here are a few dumps of the infected website



Some malware tries to force itself on you aswell, just close it.image

The google results are also a bit weird, the subinformation is a bit dodgy…


In conclusion, keep your site updated!



After using Nokia Lumia 800 for 3 months…

I still enjoy it! Though none else seems to belive it’s possible to be satisfied with another phone than the iPhone I beg to differ. I previously had a iPhone4 but in the end the phone was pretty slow when doing basicly everything. The camera was still the worst part, taking forever to open the shutter and things like that. This is Lumias biggest strength! It so fast when navigating, which is what I and other businessusers mostly do.

But still here are a few issues that I find rather annoying with the Lumia, small issues but still.

- Pictures or attachements in emails often doesn’t download. and the button to download these is to small and far down.

- When using self-signed certificates on your Exchangeserver there isn’t a easy way to install these. On the iphone you just needed to accept the selfsigned cert and eveything was golden. On the Windows Mobile 6.1 you could just copy and install the cert to the phone memory. But on the latest WinPhone I had to send the certificate to my Gmail and open the Gmail from the Lumia to be able to install the cert. From OWA the .cer was blocked. I understand the security issue here, but it shouldn’t be this hard to install a cert when it is allowed on the server!

- The phone reboots to easily. It’s happend on more than one occasion that I accidently rebooted the phone because I leaned towards something so the powerbutton got pressed for too long. It should be required to make a screen gesture before it restarts. For some reason the screen shows that you have to drag the screen downwards to restart, but if you keep pressing that power button it restarts anyways. Bad design call!

- Where is Internet Sharing? We're waiting and why do they get in Hong Kong but not in Sweden? Whats the hold up?

All these are things that should be fixable through software updates. So get to it!

Thursday, April 12, 2012

Number of apps is increasing…

Current numbers for Windows Phone Marketplace

Wednesday, April 11, 2012

Updates for Nokia Lumia 800

Nokias own site for keeping tabs on when software updates are comming. This varies depending on the country and operator it would seem. This seems to be the one to look at, since Microsofts own Winphone Update site doesn’t seem to apply to Nokia for some reason.


Wednesday, March 28, 2012

How to create custom buttons i Sharepoint 2010

To create custom buttons in the ribbon menues

1. Open Sharepoint Designer, open the relevant list

2. Choose Custom Actions from the Custom Actions ribbon image

3. Choose Display Form Ribbon to create a button i the Display Form.

3.1 Set a name

3.2 Choose which workflow to start or a url

3.3 Under Button Image give siteadress to a buttonicon.

3.4. In the field for Ribbon Location the string Manage can be exchanged for another ribbongroup. For example Action. This way we can control where our button is displayed. With the help of Sequence numbering the order in which they’re shown can be controlled aswell.



Tuesday, March 27, 2012

Annoying liveupdate error in backup exec 2010 R3

This error was showing when I tried to run liveupdate image

I solved by doing the following:

1) Open the command prompt and browse to the following directory C:\Program Files\Symantec\Backup Exec\

2) Run BeUpdateOps.exe -AddBE -OptOut

3) Run LiveUpdate

Done! Second time this error occurs, but maybe sp2 will have solved it…



Wednesday, March 21, 2012

Create a task-list with mailto-function

To create a tasklist with ability to receive mail the following steps were required.
1.Create a list based on Task, for example weeklymeeting
2. Create a list based on Announcements, for example incomming
3. In the list incomming, activate mailto support (Communications>Incomming e-mail settings>Allow list to receive e-mail)
4. In list incomming, create an associated workflow in SPD. Make it autostart when item is created.
5. Edit workflow to Create Item in weeklymeeting, copy relevant fields like Name and Body to new fields in weeklymeeting from incomming.  Then Delete item in CurrentItem.

Tuesday, March 20, 2012

Can’t get workflow to start when mailing to list

I just had major problem with getting a workflow to start when mailing to a sharepoint 2010 list. I found this solution to the problem. Not really obvious so im putting it here.
Error description: When mailing to announcement or document library list, a workflow configured to start when new item is created, doesn’t start. When creating item manually in list the workflow kicks off without any problems.
Solution: On the sharepoint server. Check if mailto list is enabled
/> stsadm -o getproperty -pn declarativeworkflowautostartonemailenabled
if this is returned: <Property Exist=”No” />
or <Property Exist="Yes" Value="fales" />
Then run /> stsadm -o setproperty -pn declarativeworkflowautostartonemailenabled -pv true
It will take a few seconds but after this the workflow starts when mail is received to the list.

Wednesday, February 22, 2012

Sharepoint alert user when case is assigned

To set your own alertsystem to notify user when they are assigned a case.
1. Set up a securitygroup in Sharepoint where you add your users. You need to configure their emails in sharepoint user config. Your sharepointserver also need to be able to send emails. Aka you’ve already setup your smtp.
2. In your sharepointlist, choose Create a workflow in Sharepoint Designer.
3. If CurrentItem:Assigned is not empty e-mail CurrentItem:Assigned
To make this fly the assigned column need to be of type Person or Group and only allow selection from Sharepointgroup you’ve previously created.
In Sharepoint Designer you can now edit Start Options for the workflow to start automatically when an items is changed or created.
You can also design the email which is sent to the user to contain basically anything from the current item.

Friday, February 17, 2012

Free up more space

If you’re aching for more space on your server or workstation, use this command to remove all uninstallfiles related to servicepack1 on Windows Server 2008 R2 and Windows 7.

dism /online /cleanup-image /spsuperseded /hidesp 

For an offline WIM-image,

dism /image:wimfile.wim /Cleanup-Image / spsuperseded /hidesp.

/hidesp option removes SP1 from the “Installed Updates” section of Programs and Features, to ensure that users do not try to uninstall the service pack.

After doing this maneuver on a Server 2008 R2 my winsxs went from 12.12GB down to 6.82GB. Not a real true value though since winsxs contains mostly softlinks, but still an indication.



Friday, February 10, 2012

Find that missing driver

A nice resource to have is the ability to grab the device id of a missing hardware driver and get the correct softwaredriver in return.

Get the hardware device-ID. Copy the last line of values, for example \\USB\VID_08FF&PID_2580 for the struggling fingerprintreader.

Goto catalogue.microsoft.com, and input the deviceid. Put the device in your basket and download. This will get you a cab-file, which you can extract using 7Zip. Then just update your missing driver and point the search to your newly extracted folder.